search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
@allowed_methods to check for correct HTTP method
[mygpo.git] / mygpo / web / views / users.py
blob1ef577be6bf830202252dabbf33bb3477c7808ff
1 #
2 # This file is part of my.gpodder.org.
3 #
4 # my.gpodder.org is free software: you can redistribute it and/or modify it
5 # under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or (at your
7 # option) any later version.
8 #
9 # my.gpodder.org is distributed in the hope that it will be useful, but
10 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
12 # License for more details.
13 #
14 # You should have received a copy of the GNU Affero General Public License
15 # along with my.gpodder.org. If not, see <http://www.gnu.org/licenses/>.
16 #
17
18 from django.shortcuts import render_to_response
19 from django.http import HttpResponseRedirect
20 from django.contrib.auth import authenticate, login, logout
21 from django.contrib.auth.models import User
22 from django.contrib.auth.decorators import login_required
23 from django.template.defaultfilters import slugify
24 from django.template import RequestContext
25 from registration.views import activate, register
26 from mygpo.api.models import UserProfile
27 from mygpo.web.forms import RestorePasswordForm
28 from django.contrib.sites.models import Site
29 from django.conf import settings
30 from mygpo.decorators import requires_token, manual_gc, allowed_methods
31 from django.utils.translation import ugettext as _
32 import string
33 import random
34
35 from mygpo.constants import DEFAULT_LOGIN_REDIRECT
36
37 def login_user(request):
38 # Do not show login page for already-logged-in users
39 if request.user.is_authenticated():
40 return HttpResponseRedirect(DEFAULT_LOGIN_REDIRECT)
41
42 if 'user' not in request.POST or 'pwd' not in request.POST:
43 if request.GET.get('restore_password', False):
44 form = RestorePasswordForm()
45 else:
46 form = None
47
48 return render_to_response('login.html', {
49 'url': Site.objects.get_current(),
50 'next': request.GET.get('next', ''),
51 'restore_password_form': form,
52 }, context_instance=RequestContext(request))
53
54 username = request.POST['user']
55 password = request.POST['pwd']
56 user = authenticate(username=username, password=password)
57
58 if user is None:
59 return render_to_response('login.html', {
60 'error_message': _('Wrong username or password.'),
61 'next': request.POST.get('next', ''),
62 }, context_instance=RequestContext(request))
63
64 if not user.is_active:
65
66 p, c = UserProfile.objects.get_or_create(user=user)
67
68 if p.deleted:
69 return render_to_response('login.html', {
70 'error_message': _('You have deleted your account, but you can register again')
71 }, context_instance=RequestContext(request))
72
73 else:
74 return render_to_response('login.html', {
75 'error_message': _('Please activate your account first.'),
76 'activation_needed': True,
77 }, context_instance=RequestContext(request))
78
79 login(request, user)
80
81 try:
82 if user.get_profile().generated_id:
83 site = Site.objects.get_current()
84 return render_to_response('migrate.html', {
85 'url': site,
86 'username': user
87 }, context_instance=RequestContext(request))
88
89 except UserProfile.DoesNotExist:
90 profile, c = UserProfile.objects.get_or_create(user=user)
91
92 if 'next' in request.POST and request.POST['next'] and request.POST['next'] != '/login/':
93 return HttpResponseRedirect(request.POST['next'])
94
95 return HttpResponseRedirect(DEFAULT_LOGIN_REDIRECT)
96
97 @login_required
98 def migrate_user(request):
99 user = request.user
100 username = request.POST.get('username', user.username)
101
102 if username == '':
103 username = user.username
104
105 if user.username != username:
106 current_site = Site.objects.get_current()
107 if User.objects.filter(username__exact=username).count() > 0:
108 return render_to_response('migrate.html', {
109 'error_message': '%s is already taken' % username,
110 'url': current_site,
111 'username': user.username
112 }, context_instance=RequestContext(request))
113
114 if slugify(username) != username.lower():
115 return render_to_response('migrate.html', {
116 'error_message': '%s is not a valid username. Please use characters, numbers, underscore and dash only.' % username,
117 'url': current_site,
118 'username': user.username
119 }, context_instance=RequestContext(request))
120
121 else:
122 user.username = username
123 user.save()
124
125 user.get_profile().generated_id = 0
126 user.get_profile().save()
127
128 return HttpResponseRedirect('/')
129
130 def get_user(username, email):
131 if username:
132 return User.objects.get(username=username)
133 elif email:
134 return User.objects.get(email=email)
135 else:
136 raise User.DoesNotExist('neither username nor email provided')
137
138
139 @allowed_methods(['POST'])
140 def restore_password(request):
141 form = RestorePasswordForm(request.POST)
142 if not form.is_valid():
143 return HttpResponseRedirect('/login/')
144
145 try:
146 user = get_user(form.cleaned_data['username'], form.cleaned_data['email'])
147
148 except User.DoesNotExist:
149 error_message = _('User does not exist.')
150 return render_to_response('password_reset_failed.html', {
151 'error_message': error_message
152 }, context_instance=RequestContext(request))
153
154 site = Site.objects.get_current()
155 pwd = "".join(random.sample(string.letters+string.digits, 8))
156 subject = _('Reset password for your account on %s') % site
157 message = _('Here is your new password for your account %(username)s on %(site)s: %(password)s') % {'username': user.username, 'site': site, 'password': pwd}
158 user.email_user(subject, message, settings.DEFAULT_FROM_EMAIL)
159 user.set_password(pwd)
160 user.save()
161 return render_to_response('password_reset.html', context_instance=RequestContext(request))
162
163
164 @manual_gc
165 @allowed_methods(['GET', 'POST'])
166 def resend_activation(request):
167 error_message = ''
168
169 if request.method == 'GET':
170 form = ResendActivationForm()
171 return render_to_response('registration/resend_activation.html', {
172 'form': form,
173 }, context_instance=RequestContext(request))
174
175 site = Site.objects.get_current()
176 form = ResendActivationForm(request.POST)
177
178 try:
179 if not form.is_valid():
180 raise ValueError(_('Invalid Username entered'))
181
182 try:
183 user = get_user(form.cleaned_data['username'], form.cleaned_data['email'])
184 except User.DoesNotExist:
185 raise ValueError(_('User does not exist.'))
186
187 p, c = UserProfile.objects.get_or_create(user=user)
188 if p.deleted:
189 raise ValueError(_('You have deleted your account, but you can regster again.'))
190
191 try:
192 profile = RegistrationProfile.objects.get(user=user)
193 except RegistrationProfile.DoesNotExist:
194 profile = RegistrationProfile.objects.create_profile(user)
195
196 if profile.activation_key == RegistrationProfile.ACTIVATED:
197 user.is_active = True
198 user.save()
199 raise ValueError(_('Your account already has been activated. Go ahead and log in.'))
200
201 elif profile.activation_key_expired():
202 raise ValueError(_('Your activation key has expired. Please try another username, or retry with the same one tomorrow.'))
203
204 except ValueError, e:
205 return render_to_response('registration/resend_activation.html', {
206 'form': form,
207 'error_message' : e
208 }, context_instance=RequestContext(request))
209
210
211 try:
212 profile.send_activation_email(site)
213
214 except AttributeError:
215 #old versions of django-registration send registration mails from RegistrationManager
216 RegistrationProfile.objects.send_activation_email(profile, site)
217
218 return render_to_response('registration/resent_activation.html', context_instance=RequestContext(request))
219
gpodder.net is a webservice that connects podcast players