X-Git-Url: https://git.openstreetmap.org./osqa.git/blobdiff_plain/3de45a52d2189bf50f4f243efaf470d47f07c070..13bee2f2e6aea2d936909861f3ab60bb09821a60:/forum/views/auth.py

diff --git a/forum/views/auth.py b/forum/views/auth.py
index 08013f9..f8eb897 100644
--- a/forum/views/auth.py
+++ b/forum/views/auth.py
@@ -7,7 +7,8 @@ from forum.http_responses import HttpResponseUnauthorized
 from django.utils.safestring import mark_safe
 from django.utils.translation import ugettext as _
 from django.utils.http import urlquote_plus
-from django.contrib.auth.decorators import login_required
+from forum.views.decorators import login_required
+from forum.modules import decorate
 from django.contrib.auth import login, logout
 from django.http import get_host
 from forum.actions import SuspendAction
@@ -26,10 +27,18 @@ from forum.authentication.base import InvalidAuthentication
 from forum.authentication import AUTH_PROVIDERS
 
 from forum.models import AuthKeyUserAssociation, ValidationHash, Question, Answer
-from forum.actions import UserJoinsAction
+from forum.actions import UserJoinsAction, EmailValidationAction
+from forum.models.action import ActionRepute
+
+from forum.settings import REP_GAIN_BY_EMAIL_VALIDATION
 
 def signin_page(request):
-    request.session['on_signin_url'] = request.META.get('HTTP_REFERER', '/')
+    referer = request.META.get('HTTP_REFERER', '/')
+
+    # If the referer is equal to the sign up page, e. g. if the previous login attempt was not successful we do not
+    # change the sign in URL. The user should go to the same page.
+    if not referer.replace(settings.APP_URL, '') == reverse('auth_signin'):
+        request.session['on_signin_url'] = referer
 
     all_providers = [provider.context for provider in AUTH_PROVIDERS.values()]
 
@@ -257,6 +266,11 @@ def temp_signin(request, user, code):
     user = get_object_or_404(User, id=user)
 
     if (ValidationHash.objects.validate(code, user, 'templogin', [user.id])):
+        
+        # If the user requests temp_signin he must have forgotten his password. So we mark it as unusable.
+        user.set_unusable_password()
+        user.save()
+        
         return login_and_forward(request, user, reverse('user_authsettings', kwargs={'id': user.id}),
                                  _(
                                          "You are logged in with a temporary access key, please take the time to fix your issue with authentication."
@@ -268,13 +282,15 @@ def send_validation_email(request):
     if not request.user.is_authenticated():
         return HttpResponseUnauthorized(request)
     else:
+        # We check if there are some old validation hashes. If there are -- we delete them.
         try:
             hash = ValidationHash.objects.get(user=request.user, type='email')
-            if hash.expiration < datetime.datetime.now():
-                hash.delete()
-                return send_validation_email(request)
+            hash.delete()
         except:
-            hash = ValidationHash.objects.create_new(request.user, 'email', [request.user.email])
+            pass
+
+        # We don't care if there are previous cashes in the database... In every case we have to create a new one
+        hash = ValidationHash.objects.create_new(request.user, 'email', [request.user.email])
 
         send_template_email([request.user], "auth/mail_validation.html", {'validation_code': hash})
         request.user.message_set.create(message=_("A message with an email validation link was just sent to your address."))
@@ -286,13 +302,17 @@ def validate_email(request, user, code):
     user = get_object_or_404(User, id=user)
 
     if (ValidationHash.objects.validate(code, user, 'email', [user.email])):
-        user.email_isvalid = True
-        user.save()
-        return login_and_forward(request, user, None, _("Thank you, your email is now validated."))
+        EmailValidationAction(user=user, ip=request.META['REMOTE_ADDR']).save()
+        if REP_GAIN_BY_EMAIL_VALIDATION > 0:
+            message = _("Thank you, your email is now validated and you've got %d points." % int(REP_GAIN_BY_EMAIL_VALIDATION))
+
+        else:
+            message = _("Thank you, your email is now validated.")
+
+        return login_and_forward(request, user, reverse('index'), message)
     else:
-        raise Http404()
+        return render_to_response('auth/mail_already_validated.html', { 'user' : user }, RequestContext(request))
 
-@login_required
 def auth_settings(request, id):
     user_ = get_object_or_404(User, id=id)
 
@@ -372,7 +392,7 @@ def login_and_forward(request, user, forward=None, message=None):
 
     if not forward:
         forward = request.session.get('on_signin_url', reverse('index'))
-        
+
     pending_data = request.session.get('pending_submission_data', None)
 
     if pending_data and (user.email_isvalid or pending_data['type'] not in settings.REQUIRE_EMAIL_VALIDATION_TO):
@@ -404,7 +424,7 @@ def forward_suspended_user(request, user, show_private_msg=True):
     request.user.message_set.create(message)
     return HttpResponseRedirect(reverse('index'))
 
-@login_required
+@decorate.withfn(login_required)
 def signout(request):
     logout(request)
-    return HttpResponseRedirect(reverse('index'))
\ No newline at end of file
+    return HttpResponseRedirect(reverse('index'))