def test_get_ip_ban(self):
"""get_ip_ban returns valid ban"""
nonexistent_ban = get_ip_ban('123.0.0.1')
self.assertIsNone(nonexistent_ban)
Ban.objects.create(
banned_value='124.0.0.1',
check_type=Ban.IP,
expires_on=timezone.now() - timedelta(days=7)
)
expired_ban = get_ip_ban('124.0.0.1')
self.assertIsNone(expired_ban)
Ban.objects.create(
banned_value='wrongtype',
check_type=Ban.EMAIL
)
wrong_type_ban = get_ip_ban('wrongtype')
self.assertIsNone(wrong_type_ban)
valid_ban = Ban.objects.create(
banned_value='125.0.0.*',
check_type=Ban.IP,
expires_on=timezone.now() + timedelta(days=7)
)
self.assertEqual(get_ip_ban('125.0.0.1').pk, valid_ban.pk)
def raise_if_ip_banned(self):
ban = get_ip_ban(self.request.user_ip, registration_only=True)
if ban:
if ban.user_message:
raise ValidationError(ban.user_message)
else:
raise ValidationError(_("New registrations from this IP address are not allowed."))
def validate(self, data):
request = self.context['request']
ban = get_ip_ban(request.user_ip, registration_only=True)
if ban:
if ban.user_message:
raise ValidationError(ban.user_message)
else:
raise ValidationError(
_("New registrations from this IP address are not allowed."
))
self._added_errors = {}
try:
self.full_clean_password(data)
except ValidationError as e:
self._added_errors['password'] = [e]
validators.validate_new_registration(request, self, data)
if self._added_errors:
# fail registration with additional errors
raise serializers.ValidationError(self._added_errors)
# run test for captcha
try:
captcha.test_request(self.context['request'])
except ValidationError as e:
raise serializers.ValidationError({'captcha': e.message})
return data
def test_ban_ip(self):
"""ban_ip utility bans IP address"""
ban = ban_ip('127.0.0.1', 'User reason', 'Staff reason')
self.assertEqual(ban.user_message, 'User reason')
self.assertEqual(ban.staff_message, 'Staff reason')
db_ban = get_ip_ban('127.0.0.1')
self.assertEqual(ban.pk, db_ban.pk)
def test_ban_ip(self):
"""ban_ip bans IP address"""
ban = ban_ip("127.0.0.1", "User reason", "Staff reason")
self.assertEqual(ban.user_message, "User reason")
self.assertEqual(ban.staff_message, "Staff reason")
db_ban = get_ip_ban("127.0.0.1")
self.assertEqual(ban.pk, db_ban.pk)
def test_ban_ip(self):
"""ban_ip bans IP address"""
ban = ban_ip('127.0.0.1', 'User reason', 'Staff reason')
self.assertEqual(ban.user_message, 'User reason')
self.assertEqual(ban.staff_message, 'Staff reason')
db_ban = get_ip_ban('127.0.0.1')
self.assertEqual(ban.pk, db_ban.pk)
def test_get_ip_ban(self):
"""get_ip_ban returns valid ban"""
nonexistent_ban = get_ip_ban("123.0.0.1")
self.assertIsNone(nonexistent_ban)
Ban.objects.create(banned_value="124.0.0.1", check_type=BAN_IP, expires_on=timezone.now() - timedelta(days=7))
expired_ban = get_ip_ban("124.0.0.1")
self.assertIsNone(expired_ban)
Ban.objects.create(banned_value="wrongtype", check_type=BAN_EMAIL)
wrong_type_ban = get_ip_ban("wrongtype")
self.assertIsNone(wrong_type_ban)
valid_ban = Ban.objects.create(
banned_value="125.0.0.*", check_type=BAN_IP, expires_on=timezone.now() + timedelta(days=7)
)
self.assertEqual(get_ip_ban("125.0.0.1").pk, valid_ban.pk)
def create_endpoint(request):
if settings.account_activation == 'closed':
raise PermissionDenied(_("New users registrations are currently closed."))
ban = get_ip_ban(request.user_ip, registration_only=True)
if ban:
raise Banned(ban)
serializer = RegisterUserSerializer(
data=request.data,
context={'request': request},
)
serializer.is_valid(raise_exception=True)
activation_kwargs = {}
if settings.account_activation == 'user':
activation_kwargs = {'requires_activation': UserModel.ACTIVATION_USER}
elif settings.account_activation == 'admin':
activation_kwargs = {'requires_activation': UserModel.ACTIVATION_ADMIN}
try:
new_user = UserModel.objects.create_user(
serializer.validated_data['username'],
serializer.validated_data['email'],
serializer.validated_data['password'],
joined_from_ip=request.user_ip,
set_default_avatar=True,
**activation_kwargs
)
except IntegrityError:
return Response(
{
'detail': _("Please try resubmitting the form."),
},
status=400,
)
send_welcome_email(request, new_user)
if not new_user.requires_activation == 'none':
authenticated_user = authenticate(
username=new_user.email,
password=serializer.validated_data['password'],
)
login(request, authenticated_user)
return Response(get_registration_result_json(new_user))
def clean(self):
cleaned_data = super(RegisterForm, self).clean()
ban = get_ip_ban(self.request.user_ip, registration_only=True)
if ban:
if ban.user_message:
raise ValidationError(ban.user_message)
else:
raise ValidationError(_("New registrations from this IP address are not allowed."))
try:
self.full_clean_password(cleaned_data)
except forms.ValidationError as e:
self.add_error('password', e)
validators.validate_new_registration(self.request, self, cleaned_data)
return cleaned_data
def clean(self):
cleaned_data = super(RegisterForm, self).clean()
ban = get_ip_ban(self.request.user_ip, registration_only=True)
if ban:
if ban.user_message:
raise ValidationError(ban.user_message)
else:
raise ValidationError(
_("New registrations from this IP address are not allowed."
))
try:
self.full_clean_password(cleaned_data)
except forms.ValidationError as e:
self.add_error('password', e)
validators.validate_new_registration(self.request, self, cleaned_data)
return cleaned_data
def test_get_ip_ban(self):
"""get_ip_ban returns valid ban"""
nonexistent_ban = get_ip_ban('123.0.0.1')
self.assertIsNone(nonexistent_ban)
Ban.objects.create(
banned_value='124.0.0.1',
check_type=Ban.IP,
expires_on=timezone.now() - timedelta(days=7),
)
expired_ban = get_ip_ban('124.0.0.1')
self.assertIsNone(expired_ban)
Ban.objects.create(
banned_value='wrongtype',
check_type=Ban.EMAIL,
)
wrong_type_ban = get_ip_ban('wrongtype')
self.assertIsNone(wrong_type_ban)
valid_ban = Ban.objects.create(
banned_value='125.0.0.*',
check_type=Ban.IP,
expires_on=timezone.now() + timedelta(days=7),
)
self.assertEqual(get_ip_ban('125.0.0.1').pk, valid_ban.pk)
regitration_ban = Ban.objects.create(
banned_value='188.*',
check_type=Ban.IP,
expires_on=timezone.now() + timedelta(days=7),
registration_only=True,
)
self.assertIsNone(get_ip_ban('188.12.12.41'))
self.assertEqual(get_ip_ban('188.12.12.41', True).pk, regitration_ban.pk)
def create_endpoint(request):
if settings.account_activation == 'closed':
raise PermissionDenied(_("New users registrations are currently closed."))
ban = get_ip_ban(request.user_ip, registration_only=True)
if ban:
raise Banned(ban)
serializer = RegisterUserSerializer(
data=request.data,
context={'request': request},
)
serializer.is_valid(raise_exception=True)
activation_kwargs = {}
if settings.account_activation == 'user':
activation_kwargs = {'requires_activation': UserModel.ACTIVATION_USER}
elif settings.account_activation == 'admin':
activation_kwargs = {'requires_activation': UserModel.ACTIVATION_ADMIN}
try:
new_user = UserModel.objects.create_user(
serializer.validated_data['username'],
serializer.validated_data['email'],
serializer.validated_data['password'],
joined_from_ip=request.user_ip,
set_default_avatar=True,
**activation_kwargs
)
except IntegrityError:
return Response(
{
'detail': _("Please try resubmitting the form."),
},
status=400,
)
mail_subject = _("Welcome on %(forum_name)s forums!")
mail_subject = mail_subject % {'forum_name': settings.forum_name}
if settings.account_activation == 'none':
authenticated_user = authenticate(
username=new_user.email,
password=serializer.validated_data['password'],
)
login(request, authenticated_user)
mail_user(request, new_user, mail_subject, 'misago/emails/register/complete')
return Response({
'activation': None,
'username': new_user.username,
'email': new_user.email
})
else:
activation_token = make_activation_token(new_user)
activation_by_admin = new_user.requires_activation_by_admin
activation_by_user = new_user.requires_activation_by_user
mail_user(
request, new_user, mail_subject, 'misago/emails/register/inactive', {
'activation_token': activation_token,
'activation_by_admin': activation_by_admin,
'activation_by_user': activation_by_user,
}
)
if activation_by_admin:
activation_method = 'admin'
else:
activation_method = 'user'
return Response({
'activation': activation_method,
'username': new_user.username,
'email': new_user.email
})
