git.ithinksw.org / philo.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fixed login redirects
[philo.git] / contrib / waldo / models.py
diff --git a/contrib/waldo/models.py b/contrib/waldo/models.py
index 4f0cd8c..65cba9e 100644 (file)
--- a/contrib/waldo/models.py
+++ b/contrib/waldo/models.py
@@ -81,7 +81,7 @@ class LoginMultiView(MultiView):
                        if host != request.get_host():
                                referrer = None
                        else:
                        if host != request.get_host():
                                referrer = None
                        else:
-                               redirect = ''.join(referrer[2:])
+                               redirect = '%s?%s' % (referrer[2], referrer[4])
                
                if referrer is None:
                        redirect = node.get_absolute_url()
                
                if referrer is None:
                        redirect = node.get_absolute_url()
@@ -107,6 +107,9 @@ class LoginMultiView(MultiView):
                """
                Displays the login form for the given HttpRequest.
                """
                """
                Displays the login form for the given HttpRequest.
                """
+               if request.user.is_authenticated():
+                       return HttpResponseRedirect(node.get_absolute_url())
+               
                context = self.get_context(extra_context)
                
                from django.contrib.auth.models import User
                context = self.get_context(extra_context)
                
                from django.contrib.auth.models import User
@@ -177,11 +180,14 @@ class LoginMultiView(MultiView):
                send_mail(subject, message, from_email, [email])
        
        def password_reset(self, request, node=None, extra_context=None, token_generator=password_token_generator):
                send_mail(subject, message, from_email, [email])
        
        def password_reset(self, request, node=None, extra_context=None, token_generator=password_token_generator):
+               if request.user.is_authenticated():
+                       return HttpResponseRedirect(node.get_absolute_url())
+               
                if request.method == 'POST':
                        form = PasswordResetForm(request.POST)
                        if form.is_valid():
                if request.method == 'POST':
                        form = PasswordResetForm(request.POST)
                        if form.is_valid():
+                               current_site = Site.objects.get_current()
                                for user in form.users_cache:
                                for user in form.users_cache:
-                                       current_site = Site.objects.get_current()
                                        token = token_generator.make_token(user)
                                        link = 'http://%s/%s/%s/' % (current_site.domain, node.get_absolute_url().strip('/'), reverse('password_reset_confirm', urlconf=self, kwargs={'uidb36': int_to_base36(user.id), 'token': token}).strip('/'))
                                        context = {
                                        token = token_generator.make_token(user)
                                        link = 'http://%s/%s/%s/' % (current_site.domain, node.get_absolute_url().strip('/'), reverse('password_reset_confirm', urlconf=self, kwargs={'uidb36': int_to_base36(user.id), 'token': token}).strip('/'))
                                        context = {
@@ -257,7 +263,7 @@ class LoginMultiView(MultiView):
                                }
                                self.send_confirmation_email('Confirm account creation at %s' % current_site.name, user.email, self.register_confirmation_email, context)
                                messages.add_message(request, messages.SUCCESS, 'An email has been sent to %s with details on activating your account.' % user.email, fail_silently=True)
                                }
                                self.send_confirmation_email('Confirm account creation at %s' % current_site.name, user.email, self.register_confirmation_email, context)
                                messages.add_message(request, messages.SUCCESS, 'An email has been sent to %s with details on activating your account.' % user.email, fail_silently=True)
-                               return HttpResponseRedirect('')
+                               return HttpResponseRedirect(node.get_absolute_url())
                else:
                        form = RegistrationForm()
                
                else:
                        form = RegistrationForm()
                
@@ -307,7 +313,8 @@ class AccountMultiView(LoginMultiView):
        to include in the account, and fields from the account profile to use in
        the account.
        """
        to include in the account, and fields from the account profile to use in
        the account.
        """
-       manage_account_page = models.ForeignKey(Page, related_name='%(app_label)s_%(class)s_manage_account_page')
+       manage_account_page = models.ForeignKey(Page, related_name='%(app_label)s_%(class)s_manage_account_related')
+       email_change_confirmation_email = models.ForeignKey(Page, related_name='%(app_label)s_%(class)s_email_change_confirmation_email_related')
        user_fields = ['first_name', 'last_name', 'email']
        required_user_fields = user_fields
        account_profile = None
        user_fields = ['first_name', 'last_name', 'email']
        required_user_fields = user_fields
        account_profile = None
@@ -317,7 +324,8 @@ class AccountMultiView(LoginMultiView):
        def urlpatterns(self):
                urlpatterns = super(AccountMultiView, self).urlpatterns
                urlpatterns += patterns('',
        def urlpatterns(self):
                urlpatterns = super(AccountMultiView, self).urlpatterns
                urlpatterns += patterns('',
-                       url(r'^account/$', self.login_required(self.account_view), name='account')
+                       url(r'^account/$', self.login_required(self.account_view), name='account'),
+                       url(r'^account/email/(?P<uidb36>\w+)/(?P<email>[\w.]+[+][\w.]+)/(?P<token>[^/]+)/$', self.email_change_confirm, name='email_change_confirm')
                )
                return urlpatterns
        
                )
                return urlpatterns
        
@@ -348,14 +356,33 @@ class AccountMultiView(LoginMultiView):
                
                return form_instances
        
                
                return form_instances
        
-       def account_view(self, request, node=None, extra_context=None):
+       def account_view(self, request, node=None, extra_context=None, token_generator=email_token_generator, *args, **kwargs):
                if request.method == 'POST':
                        form_instances = self.get_account_form_instances(request.user, request.POST)
                if request.method == 'POST':
                        form_instances = self.get_account_form_instances(request.user, request.POST)
+                       current_email = request.user.email
                        
                        for form in form_instances:
                                if not form.is_valid():
                                        break
                        else:
                        
                        for form in form_instances:
                                if not form.is_valid():
                                        break
                        else:
+                               # When the user_form is validated, it changes the model instance, i.e. request.user, in place.
+                               email = request.user.email
+                               if current_email != email:
+                                       
+                                       request.user.email = current_email
+                                       
+                                       for form in form_instances:
+                                               form.cleaned_data.pop('email', None)
+                                       
+                                       current_site = Site.objects.get_current()
+                                       token = token_generator.make_token(request.user, email)
+                                       link = 'http://%s/%s/%s/' % (current_site.domain, node.get_absolute_url().strip('/'), reverse('email_change_confirm', urlconf=self, kwargs={'uidb36': int_to_base36(request.user.id), 'email': email.replace('@', '+'), 'token': token}).strip('/'))
+                                       context = {
+                                               'link': link
+                                       }
+                                       self.send_confirmation_email('Confirm account email change at %s' % current_site.domain, email, self.email_change_confirmation_email, context)
+                                       messages.add_message(request, messages.SUCCESS, "An email has be sent to %s to confirm the email change." % email)
+                                       
                                for form in form_instances:
                                        form.save()
                                messages.add_message(request, messages.SUCCESS, "Account information saved.", fail_silently=True)
                                for form in form_instances:
                                        form.save()
                                messages.add_message(request, messages.SUCCESS, "Account information saved.", fail_silently=True)
@@ -386,7 +413,8 @@ class AccountMultiView(LoginMultiView):
        def account_required(self, view):
                def inner(request, *args, **kwargs):
                        if not self.has_valid_account(request.user):
        def account_required(self, view):
                def inner(request, *args, **kwargs):
                        if not self.has_valid_account(request.user):
-                               messages.add_message(request, messages.ERROR, "You need to add some account information before you can post listings.", fail_silently=True)
+                               if not request.method == "POST":
+                                       messages.add_message(request, messages.ERROR, "You need to add some account information before you can access this page.", fail_silently=True)
                                return self.account_view(request, *args, **kwargs)
                        return view(request, *args, **kwargs)
                
                                return self.account_view(request, *args, **kwargs)
                        return view(request, *args, **kwargs)
                
@@ -397,5 +425,32 @@ class AccountMultiView(LoginMultiView):
                messages.add_message(request, messages.INFO, 'Welcome! Please fill in some more information.', fail_silently=True)
                return HttpResponseRedirect('/%s/%s/' % (node.get_absolute_url().strip('/'), reverse('account', urlconf=self).strip('/')))
        
                messages.add_message(request, messages.INFO, 'Welcome! Please fill in some more information.', fail_silently=True)
                return HttpResponseRedirect('/%s/%s/' % (node.get_absolute_url().strip('/'), reverse('account', urlconf=self).strip('/')))
        
+       def email_change_confirm(self, request, node=None, extra_context=None, uidb36=None, token=None, email=None, token_generator=email_token_generator):
+               """
+               Checks that a given hash in an email change link is valid. If so, changes the email and redirects to the account page.
+               """
+               assert uidb36 is not None and token is not None and email is not None
+               
+               try:
+                       uid_int = base36_to_int(uidb36)
+               except:
+                       raise Http404
+               
+               user = get_object_or_404(User, id=uid_int)
+               
+               email = '@'.join(email.rsplit('+', 1))
+               
+               if email == user.email:
+                       # Then short-circuit.
+                       raise Http404
+               
+               if token_generator.check_token(user, email, token):
+                       user.email = email
+                       user.save()
+                       messages.add_message(request, messages.SUCCESS, 'Email changed successfully.')
+                       return HttpResponseRedirect('/%s/%s/' % (node.get_absolute_url().strip('/'), reverse('account', urlconf=self).strip('/')))
+               
+               raise Http404
+       
        class Meta:
                abstract = True
\ No newline at end of file
        class Meta:
                abstract = True
\ No newline at end of file
Foundation for web content management systems using Django.