def teacher_edit_account(request): teacher = request.user.userprofile.teacher backup_tokens = 0 # For teachers using 2FA, find out how many backup tokens they have if default_device(request.user): try: backup_tokens = request.user.staticdevice_set.all()[0].token_set.count() except Exception: backup_tokens = 0 if request.method == "POST": form = TeacherEditAccountForm(request.user, request.POST) if form.is_valid(): data = form.cleaned_data changing_email = False # check not default value for CharField if data["password"] != "": teacher.user.user.set_password(data["password"]) teacher.user.user.save() update_session_auth_hash(request, form.user) teacher.title = data["title"] teacher.user.user.first_name = data["first_name"] teacher.user.user.last_name = data["last_name"] new_email = data["email"] if new_email != "" and new_email != teacher.user.user.email: # new email to set and verify changing_email = True send_verification_email(request, teacher.user, new_email) teacher.save() teacher.user.user.save() if changing_email: logout(request) messages.success( request, "Your account details have been successfully changed. Your email will be changed once you have verified it, until then you can still log in with your old email.", ) return render( request, "portal/email_verification_needed.html", {"userprofile": teacher.user, "email": new_email} ) messages.success(request, "Your account details have been successfully changed.") return HttpResponseRedirect(reverse_lazy("teacher_home")) else: form = TeacherEditAccountForm( request.user, initial={ "title": teacher.title, "first_name": teacher.user.user.first_name, "last_name": teacher.user.user.last_name, "school": teacher.school, }, ) return render(request, "portal/teach/teacher_edit_account.html", {"form": form, "backup_tokens": backup_tokens})
def teacher_edit_account(request): teacher = request.user.userprofile.teacher backup_tokens = 0 # For teachers using 2FA, find out how many backup tokens they have if using_two_factor(request.user): try: backup_tokens = request.user.staticdevice_set.all()[0].token_set.count() except Exception: backup_tokens = 0 if request.method == 'POST': form = TeacherEditAccountForm(request.user, request.POST) if form.is_valid(): data = form.cleaned_data changing_email = False # check not default value for CharField if (data['password'] != ''): teacher.user.user.set_password(data['password']) teacher.user.user.save() update_session_auth_hash(request, form.user) teacher.title = data['title'] teacher.user.user.first_name = data['first_name'] teacher.user.user.last_name = data['last_name'] new_email = data['email'] if new_email != '' and new_email != teacher.user.user.email: # new email to set and verify changing_email = True send_verification_email(request, teacher.user.user, new_email) teacher.save() teacher.user.user.save() if changing_email: logout(request) messages.success(request, 'Your account details have been successfully changed. Your email will be changed once you have verified it, until then you can still log in with your old email.') return render(request, 'portal/email_verification_needed.html', {'userprofile': teacher.user, 'email': new_email}) messages.success(request, 'Your account details have been successfully changed.') return HttpResponseRedirect(reverse_lazy('teacher_home')) else: form = TeacherEditAccountForm(request.user, initial={ 'title': teacher.title, 'first_name': teacher.user.user.first_name, 'last_name': teacher.user.user.last_name, 'school': teacher.school, }) return render(request, 'portal/teach/teacher_edit_account.html', {'form': form, 'backup_tokens': backup_tokens})
def teacher_dismiss_students(request, access_code): klass = get_object_or_404(Class, access_code=access_code) # check user is authorised to deal with class if request.user.userprofile.teacher != klass.teacher: raise Http404 # get student objects for students to be deleted, confirming they are in the class student_ids = json.loads(request.POST.get("transfer_students", "[]")) students = [get_object_or_404(Student, id=i, class_field=klass) for i in student_ids] TeacherDismissStudentsFormSet = formset_factory( wraps(TeacherDismissStudentsForm)(partial(TeacherDismissStudentsForm)), extra=0, formset=BaseTeacherDismissStudentsFormSet, ) if request.method == "POST" and "submit_dismiss" in request.POST: formset = TeacherDismissStudentsFormSet(request.POST) if formset.is_valid(): for data in formset.cleaned_data: student = get_object_or_404( Student, class_field=klass, user__user__first_name__iexact=data["orig_name"] ) student.class_field = None student.user.awaiting_email_verification = True student.user.user.first_name = data["name"] student.user.user.username = data["name"] student.user.user.email = data["email"] student.save() student.user.save() student.user.user.save() send_verification_email(request, student.user) messages.success(request, "The students have been removed successfully from the class.") return HttpResponseRedirect(reverse_lazy("teacher_class", kwargs={"access_code": access_code})) else: initial_data = [ { "orig_name": student.user.user.first_name, "name": generate_new_student_name(student.user.user.first_name), "email": "", } for student in students ] formset = TeacherDismissStudentsFormSet(initial=initial_data) return render( request, "portal/teach/teacher_dismiss_students.html", {"formset": formset, "class": klass, "students": students}, )
def student_edit_account(request): student = request.user.userprofile.student if request.method == 'POST': form = StudentEditAccountForm(request.user, request.POST) if form.is_valid(): data = form.cleaned_data changing_email = False # check not default value for CharField if (data['password'] != ''): student.user.user.set_password(data['password']) student.user.user.save() update_session_auth_hash(request, form.user) # allow individual students to update more if not student.class_field: new_email = data['email'] if new_email != '' and new_email != student.user.user.email: # new email to set and verify changing_email = True send_verification_email(request, student.user, new_email) student.user.user.first_name = data['name'] # save all tables student.save() student.user.user.save() messages.success( request, 'Your account details have been changed successfully.') if changing_email: logout(request) return render(request, 'portal/email_verification_needed.html', { 'userprofile': student.user, 'email': new_email }) return HttpResponseRedirect(reverse_lazy('student_details')) else: form = StudentEditAccountForm( request.user, initial={'name': student.user.user.first_name}) return render(request, 'portal/play/student_edit_account.html', {'form': form})
def teacher_dismiss_students(request, access_code): klass = get_object_or_404(Class, access_code=access_code) # check user is authorised to deal with class if request.user.userprofile.teacher != klass.teacher: raise Http404 # get student objects for students to be deleted, confirming they are in the class student_ids = json.loads(request.POST.get('transfer_students', '[]')) students = [get_object_or_404(Student, id=i, class_field=klass) for i in student_ids] TeacherDismissStudentsFormSet = formset_factory(wraps(TeacherDismissStudentsForm)(partial(TeacherDismissStudentsForm)), extra=0, formset=BaseTeacherDismissStudentsFormSet) if request.method == 'POST' and 'submit_dismiss' in request.POST: formset = TeacherDismissStudentsFormSet(request.POST) if formset.is_valid(): for data in formset.cleaned_data: student = get_object_or_404(Student, class_field=klass, user__user__first_name__iexact=data['orig_name']) student.class_field = None student.user.awaiting_email_verification = True student.user.user.first_name = data['name'] student.user.user.username = data['name'] student.user.user.email = data['email'] student.save() student.user.save() student.user.user.save() send_verification_email(request, student.user) messages.success(request, 'The students have been removed successfully from the class.') return HttpResponseRedirect(reverse_lazy('teacher_class', kwargs={'access_code': access_code })) else: initial_data = [{'orig_name' : student.user.user.first_name, 'name' : generate_new_student_name(student.user.user.first_name), 'email' : '', } for student in students] formset = TeacherDismissStudentsFormSet(initial=initial_data) return render(request, 'portal/teach/teacher_dismiss_students.html', { 'formset': formset, 'class': klass, 'students': students, })
def student_edit_account(request): student = request.user.userprofile.student if request.method == 'POST': form = StudentEditAccountForm(request.user, request.POST) if form.is_valid(): data = form.cleaned_data changing_email=False # check not default value for CharField if (data['password'] != ''): student.user.user.set_password(data['password']) student.user.user.save() update_session_auth_hash(request, form.user) # allow individual students to update more if not student.class_field: new_email = data['email'] if new_email != '' and new_email != student.user.user.email: # new email to set and verify changing_email=True send_verification_email(request, student.user, new_email) student.user.user.first_name = data['name'] # save all tables student.save() student.user.user.save() messages.success(request, 'Your account details have been changed successfully.') if changing_email: logout(request) return render(request, 'portal/email_verification_needed.html', { 'userprofile': student.user, 'email': new_email }) return HttpResponseRedirect(reverse_lazy('student_details')) else: form = StudentEditAccountForm(request.user, initial={ 'name': student.user.user.first_name}) return render(request, 'portal/play/student_edit_account.html', { 'form': form })
def teach(request): invalid_form = False limits = getattr(request, 'limits', {'ip': [0], 'email': [0]}) captcha_limit = 5 using_captcha = (limits['ip'][0] > captcha_limit or limits['email'][0] > captcha_limit) should_use_captcha = (limits['ip'][0] >= captcha_limit or limits['email'][0] >= captcha_limit) LoginFormWithCaptcha = partial( create_form_subclass_with_recaptcha(TeacherLoginForm, recaptcha_client), request) InputLoginForm = LoginFormWithCaptcha if using_captcha else TeacherLoginForm OutputLoginForm = LoginFormWithCaptcha if should_use_captcha else TeacherLoginForm login_form = OutputLoginForm(prefix='login') signup_form = TeacherSignupForm(prefix='signup') if request.method == 'POST': if 'login' in request.POST: login_form = InputLoginForm(request.POST, prefix='login') if login_form.is_valid(): userProfile = login_form.user.userprofile if userProfile.awaiting_email_verification: send_verification_email(request, userProfile) return render(request, 'portal/email_verification_needed.html', {'userprofile': userProfile}) login(request, login_form.user) if using_two_factor(request.user): return render( request, 'portal/2FA_redirect.html', { 'form': AuthenticationForm(), 'username': request.user.username, 'password': login_form.cleaned_data['password'], }) else: link = reverse('two_factor:profile') messages.info(request, ( "You are not currently set up with two-factor authentication. " + "Use your phone or tablet to enhance your account's security. " + "Click <a href='" + link + "'>here</a> to find out more and " + "set it up or go to your account page at any time."), extra_tags='safe') next_url = request.GET.get('next', None) if next_url: return HttpResponseRedirect(next_url) return HttpResponseRedirect(reverse_lazy('teacher_home')) else: login_form = OutputLoginForm(request.POST, prefix='login') invalid_form = True if 'signup' in request.POST: signup_form = TeacherSignupForm(request.POST, prefix='signup') if signup_form.is_valid(): data = signup_form.cleaned_data teacher = Teacher.objects.factory( title=data['title'], first_name=data['first_name'], last_name=data['last_name'], email=data['email'], password=data['password']) send_verification_email(request, teacher.user) return render(request, 'portal/email_verification_needed.html', {'userprofile': teacher.user}) logged_in_as_teacher = hasattr(request.user, 'userprofile') and \ hasattr(request.user.userprofile, 'teacher') and \ (request.user.is_verified() or not using_two_factor(request.user)) res = render( request, 'portal/teach.html', { 'login_form': login_form, 'signup_form': signup_form, 'logged_in_as_teacher': logged_in_as_teacher, }) res.count = invalid_form return res
def play(request): invalid_form = False limits = getattr(request, 'limits', {'ip': [0], 'name': [0]}) ip_captcha_limit = 30 name_captcha_limit = 5 using_captcha = (limits['ip'][0] > ip_captcha_limit or limits['name'][0] >= name_captcha_limit) should_use_captcha = (limits['ip'][0] >= ip_captcha_limit or limits['name'][0] >= name_captcha_limit) StudentLoginFormWithCaptcha = partial( create_form_subclass_with_recaptcha(StudentLoginForm, recaptcha_client), request) InputStudentLoginForm = StudentLoginFormWithCaptcha if using_captcha else StudentLoginForm OutputStudentLoginForm = StudentLoginFormWithCaptcha if should_use_captcha else StudentLoginForm IndependentStudentLoginFormWithCaptcha = partial( create_form_subclass_with_recaptcha(IndependentStudentLoginForm, recaptcha_client), request) InputIndependentStudentLoginForm = IndependentStudentLoginFormWithCaptcha if using_captcha else IndependentStudentLoginForm OutputIndependentStudentLoginForm = IndependentStudentLoginFormWithCaptcha if should_use_captcha else IndependentStudentLoginForm school_login_form = OutputStudentLoginForm(prefix='login') independent_student_login_form = IndependentStudentLoginForm( prefix='independent_student') signup_form = StudentSignupForm(prefix='signup') independent_student_view = False signup_view = False if request.method == 'POST': if 'school_login' in request.POST: school_login_form = InputStudentLoginForm(request.POST, prefix='login') if school_login_form.is_valid(): login(request, school_login_form.user) next_url = request.GET.get('next', None) if next_url: return HttpResponseRedirect(next_url) return HttpResponseRedirect(reverse_lazy('student_details')) else: school_login_form = OutputStudentLoginForm(request.POST, prefix='login') invalid_form = True elif 'independent_student_login' in request.POST: independent_student_login_form = InputIndependentStudentLoginForm( request.POST, prefix='independent_student') if independent_student_login_form.is_valid(): userProfile = independent_student_login_form.user.userprofile if userProfile.awaiting_email_verification: send_verification_email(request, userProfile) return render(request, 'portal/email_verification_needed.html', {'userprofile': userProfile}) login(request, independent_student_login_form.user) next_url = request.GET.get('next', None) if next_url: return HttpResponseRedirect(next_url) return HttpResponseRedirect(reverse_lazy('student_details')) else: independent_student_view = True independent_student_login_form = OutputIndependentStudentLoginForm( request.POST, prefix='independent_student') school_login_form = StudentLoginForm(prefix='login') invalid_form = True elif 'signup' in request.POST: signup_form = StudentSignupForm(request.POST, prefix='signup') if signup_form.is_valid(): data = signup_form.cleaned_data student = Student.objects.independentStudentFactory( username=data['username'], name=data['name'], email=data['email'], password=data['password']) email_supplied = (data['email'] != '') if (email_supplied): send_verification_email(request, student.user) return render(request, 'portal/email_verification_needed.html', {'userprofile': student.user}) else: auth_user = authenticate(username=data['username'], password=data['password']) login(request, auth_user) return render(request, 'portal/play/student_details.html') else: signup_view = True res = render( request, 'portal/play.html', { 'school_login_form': school_login_form, 'independent_student_login_form': independent_student_login_form, 'signup_form': signup_form, 'independent_student_view': independent_student_view, 'signup_view': signup_view, }) res.count = invalid_form return res
def teach(request): invalid_form = False limits = getattr(request, 'limits', {'ip': [0], 'email': [0]}) captcha_limit = 5 using_captcha = (limits['ip'][0] > captcha_limit or limits['email'][0] > captcha_limit) should_use_captcha = (limits['ip'][0] >= captcha_limit or limits['email'][0] >= captcha_limit) LoginFormWithCaptcha = partial( create_form_subclass_with_recaptcha(TeacherLoginForm, recaptcha_client), request) InputLoginForm = LoginFormWithCaptcha if using_captcha else TeacherLoginForm OutputLoginForm = LoginFormWithCaptcha if should_use_captcha else TeacherLoginForm login_form = OutputLoginForm(prefix='login') signup_form = TeacherSignupForm(prefix='signup') if request.method == 'POST': if 'login' in request.POST: login_form = InputLoginForm(request.POST, prefix='login') if login_form.is_valid(): userProfile = login_form.user.userprofile if userProfile.awaiting_email_verification: send_verification_email(request, userProfile) return render(request, 'portal/email_verification_needed.html', {'userprofile': userProfile}) login(request, login_form.user) if default_device(request.user): return render(request, 'portal/2FA_redirect.html', { 'form': AuthenticationForm(), 'username': request.user.username, 'password': login_form.cleaned_data['password'], }) else: link = reverse('two_factor:profile') messages.info( request, ("You are not currently set up with two-factor authentication. " + "Use your phone or tablet to enhance your account's security. " + "Click <a href='" + link + "'>here</a> to find out more and " + "set it up or go to your account page at any time."), extra_tags='safe') next_url = request.GET.get('next', None) if next_url: return HttpResponseRedirect(next_url) return HttpResponseRedirect(reverse_lazy('teacher_home')) else: login_form = OutputLoginForm(request.POST, prefix='login') invalid_form = True if 'signup' in request.POST: signup_form = TeacherSignupForm(request.POST, prefix='signup') if signup_form.is_valid(): data = signup_form.cleaned_data teacher = Teacher.objects.factory( title=data['title'], first_name=data['first_name'], last_name=data['last_name'], email=data['email'], password=data['password']) send_verification_email(request, teacher.user) return render(request, 'portal/email_verification_needed.html', {'userprofile': teacher.user}) logged_in_as_teacher = hasattr(request.user, 'userprofile') and \ hasattr(request.user.userprofile, 'teacher') and \ (request.user.is_verified() or not default_device(request.user)) res = render(request, 'portal/teach.html', { 'login_form': login_form, 'signup_form': signup_form, 'logged_in_as_teacher': logged_in_as_teacher, }) res.count = invalid_form return res
def play(request): invalid_form = False limits = getattr(request, 'limits', {'ip': [0], 'name': [0]}) ip_captcha_limit = 30 name_captcha_limit = 5 using_captcha = (limits['ip'][0] > ip_captcha_limit or limits['name'][0] >= name_captcha_limit) should_use_captcha = (limits['ip'][0] >= ip_captcha_limit or limits['name'][0] >= name_captcha_limit) StudentLoginFormWithCaptcha = partial( create_form_subclass_with_recaptcha(StudentLoginForm, recaptcha_client), request) InputStudentLoginForm = StudentLoginFormWithCaptcha if using_captcha else StudentLoginForm OutputStudentLoginForm = StudentLoginFormWithCaptcha if should_use_captcha else StudentLoginForm IndependentStudentLoginFormWithCaptcha = partial( create_form_subclass_with_recaptcha(IndependentStudentLoginForm, recaptcha_client), request) InputIndependentStudentLoginForm = IndependentStudentLoginFormWithCaptcha if using_captcha else IndependentStudentLoginForm OutputIndependentStudentLoginForm = IndependentStudentLoginFormWithCaptcha if should_use_captcha else IndependentStudentLoginForm school_login_form = OutputStudentLoginForm(prefix='login') independent_student_login_form = IndependentStudentLoginForm(prefix='independent_student') signup_form = StudentSignupForm(prefix='signup') independent_student_view = False signup_view = False if request.method == 'POST': if 'school_login' in request.POST: school_login_form = InputStudentLoginForm(request.POST, prefix='login') if school_login_form.is_valid(): login(request, school_login_form.user) next_url = request.GET.get('next', None) if next_url: return HttpResponseRedirect(next_url) return HttpResponseRedirect(reverse_lazy('student_details')) else: school_login_form = OutputStudentLoginForm(request.POST, prefix='login') invalid_form = True elif 'independent_student_login' in request.POST: independent_student_login_form = InputIndependentStudentLoginForm(request.POST, prefix='independent_student') if independent_student_login_form.is_valid(): userProfile = independent_student_login_form.user.userprofile if userProfile.awaiting_email_verification: send_verification_email(request, userProfile) return render(request, 'portal/email_verification_needed.html', {'userprofile': userProfile}) login(request, independent_student_login_form.user) next_url = request.GET.get('next', None) if next_url: return HttpResponseRedirect(next_url) return HttpResponseRedirect(reverse_lazy('student_details')) else: independent_student_view = True independent_student_login_form = OutputIndependentStudentLoginForm(request.POST, prefix='independent_student') school_login_form = StudentLoginForm(prefix='login') invalid_form = True elif 'signup' in request.POST: signup_form = StudentSignupForm(request.POST, prefix='signup') if signup_form.is_valid(): data = signup_form.cleaned_data student = Student.objects.independentStudentFactory( username=data['username'], name=data['name'], email=data['email'], password=data['password']) email_supplied = (data['email'] != '') if (email_supplied): send_verification_email(request, student.user) return render(request, 'portal/email_verification_needed.html', {'userprofile': student.user}) else: auth_user = authenticate(username=data['username'], password=data['password']) login(request, auth_user) return render(request, 'portal/play/student_details.html') else: signup_view = True res = render(request, 'portal/play.html', { 'school_login_form': school_login_form, 'independent_student_login_form': independent_student_login_form, 'signup_form': signup_form, 'independent_student_view': independent_student_view, 'signup_view': signup_view, }) res.count = invalid_form return res
def teacher_edit_account(request): teacher = request.user.userprofile.teacher backup_tokens = 0 # For teachers using 2FA, find out how many backup tokens they have if using_two_factor(request.user): try: backup_tokens = request.user.staticdevice_set.all( )[0].token_set.count() except Exception: backup_tokens = 0 if request.method == 'POST': form = TeacherEditAccountForm(request.user, request.POST) if form.is_valid(): data = form.cleaned_data changing_email = False # check not default value for CharField if (data['password'] != ''): teacher.user.user.set_password(data['password']) teacher.user.user.save() update_session_auth_hash(request, form.user) teacher.title = data['title'] teacher.user.user.first_name = data['first_name'] teacher.user.user.last_name = data['last_name'] new_email = data['email'] if new_email != '' and new_email != teacher.user.user.email: # new email to set and verify changing_email = True send_verification_email(request, teacher.user, new_email) teacher.save() teacher.user.user.save() if changing_email: logout(request) messages.success( request, 'Your account details have been successfully changed. Your email will be changed once you have verified it, until then you can still log in with your old email.' ) return render(request, 'portal/email_verification_needed.html', { 'userprofile': teacher.user, 'email': new_email }) messages.success( request, 'Your account details have been successfully changed.') return HttpResponseRedirect(reverse_lazy('teacher_home')) else: form = TeacherEditAccountForm(request.user, initial={ 'title': teacher.title, 'first_name': teacher.user.user.first_name, 'last_name': teacher.user.user.last_name, 'school': teacher.school, }) return render(request, 'portal/teach/teacher_edit_account.html', { 'form': form, 'backup_tokens': backup_tokens })
def teacher_dismiss_students(request, access_code): klass = get_object_or_404(Class, access_code=access_code) # check user is authorised to deal with class if request.user.userprofile.teacher != klass.teacher: raise Http404 # get student objects for students to be deleted, confirming they are in the class student_ids = json.loads(request.POST.get('transfer_students', '[]')) students = [ get_object_or_404(Student, id=i, class_field=klass) for i in student_ids ] TeacherDismissStudentsFormSet = formset_factory( wraps(TeacherDismissStudentsForm)(partial(TeacherDismissStudentsForm)), extra=0, formset=BaseTeacherDismissStudentsFormSet) if request.method == 'POST' and 'submit_dismiss' in request.POST: formset = TeacherDismissStudentsFormSet(request.POST) if formset.is_valid(): for data in formset.cleaned_data: student = get_object_or_404( Student, class_field=klass, user__user__first_name__iexact=data['orig_name']) student.class_field = None student.user.awaiting_email_verification = True student.user.user.first_name = data['name'] student.user.user.username = data['name'] student.user.user.email = data['email'] student.save() student.user.save() student.user.user.save() send_verification_email(request, student.user) messages.success( request, 'The students have been removed successfully from the class.') return HttpResponseRedirect( reverse_lazy('teacher_class', kwargs={'access_code': access_code})) else: initial_data = [{ 'orig_name': student.user.user.first_name, 'name': generate_new_student_name(student.user.user.first_name), 'email': '', } for student in students] formset = TeacherDismissStudentsFormSet(initial=initial_data) return render(request, 'portal/teach/teacher_dismiss_students.html', { 'formset': formset, 'class': klass, 'students': students, })