X-Git-Url: https://git.openstreetmap.org./osqa.git/blobdiff_plain/522d4762eb1aaba30d4de9275dbea9b83e3e7227..2444d6ffd7995be782615589fb1d5aef2c8277ce:/forum/views/auth.py?ds=sidebyside diff --git a/forum/views/auth.py b/forum/views/auth.py index 75095a6..ad4785d 100644 --- a/forum/views/auth.py +++ b/forum/views/auth.py @@ -7,7 +7,8 @@ from forum.http_responses import HttpResponseUnauthorized from django.utils.safestring import mark_safe from django.utils.translation import ugettext as _ from django.utils.http import urlquote_plus -from django.contrib.auth.decorators import login_required +from forum.views.decorators import login_required +from forum.modules import decorate from django.contrib.auth import login, logout from django.http import get_host from forum.actions import SuspendAction @@ -20,7 +21,7 @@ import logging from forum.forms import SimpleRegistrationForm, SimpleEmailSubscribeForm, \ TemporaryLoginRequestForm, ChangePasswordForm, SetPasswordForm -from forum.utils.mail import send_email, send_template_email +from forum.utils.mail import send_template_email from forum.authentication.base import InvalidAuthentication from forum.authentication import AUTH_PROVIDERS @@ -30,6 +31,9 @@ from forum.actions import UserJoinsAction def signin_page(request): request.session['on_signin_url'] = request.META.get('HTTP_REFERER', '/') + + if reverse('auth_signin') == request.session['on_signin_url'].replace(settings.APP_URL, ''): + request.session['on_signin_url'] = reverse('index') all_providers = [provider.context for provider in AUTH_PROVIDERS.values()] @@ -257,6 +261,11 @@ def temp_signin(request, user, code): user = get_object_or_404(User, id=user) if (ValidationHash.objects.validate(code, user, 'templogin', [user.id])): + + # If the user requests temp_signin he must have forgotten his password. So we mark it as unusable. + user.set_unusable_password() + user.save() + return login_and_forward(request, user, reverse('user_authsettings', kwargs={'id': user.id}), _( "You are logged in with a temporary access key, please take the time to fix your issue with authentication." @@ -270,9 +279,12 @@ def send_validation_email(request): else: try: hash = ValidationHash.objects.get(user=request.user, type='email') - if hash.expiration < datetime.datetime.now(): - hash.delete() - return send_validation_email(request) + hash.delete() + + # If we were able to get a previous validation hash we should raise an + # Exception immediately. Otherwise new validation hash will not be created + # and users will not receive the desired e-mail vaidation link. + raise Exception("Validation has already been sent") except: hash = ValidationHash.objects.create_new(request.user, 'email', [request.user.email]) @@ -288,11 +300,10 @@ def validate_email(request, user, code): if (ValidationHash.objects.validate(code, user, 'email', [user.email])): user.email_isvalid = True user.save() - return login_and_forward(request, user, None, _("Thank you, your email is now validated.")) + return login_and_forward(request, user, reverse('index'), _("Thank you, your email is now validated.")) else: - raise Http404() + return render_to_response('auth/mail_already_validated.html', { 'user' : user }, RequestContext(request)) -@login_required def auth_settings(request, id): user_ = get_object_or_404(User, id=id) @@ -346,6 +357,7 @@ def auth_settings(request, id): 'form': form, 'has_password': user_.has_usable_password(), 'auth_keys': auth_keys_list, + 'allow_local_auth': AUTH_PROVIDERS.get('local', None), }, context_instance=RequestContext(request)) def remove_external_provider(request, id): @@ -403,7 +415,7 @@ def forward_suspended_user(request, user, show_private_msg=True): request.user.message_set.create(message) return HttpResponseRedirect(reverse('index')) -@login_required +@decorate.withfn(login_required) def signout(request): logout(request) - return HttpResponseRedirect(reverse('index')) \ No newline at end of file + return HttpResponseRedirect(reverse('index'))