Implemented one-time login on account confirm.
authorStephen Burrows <stephen.r.burrows@gmail.com>
Wed, 11 Aug 2010 17:52:54 +0000 (13:52 -0400)
committerStephen Burrows <stephen.r.burrows@gmail.com>
Mon, 23 Aug 2010 13:43:55 +0000 (09:43 -0400)
contrib/waldo/models.py

index e33ba95..37e7a95 100644 (file)
@@ -199,14 +199,22 @@ class LoginMultiView(MultiView):
                user = get_object_or_404(User, id=uid_int)
                if default_token_generator.check_token(user, token):
                        user.is_active = True
                user = get_object_or_404(User, id=uid_int)
                if default_token_generator.check_token(user, token):
                        user.is_active = True
-                       user.save()
-                       messages.add_message(request, messages.SUCCESS, "Your account's been created! Go ahead and log in.")
+                       true_password = user.password
+                       try:
+                               user.set_password('temp_password')
+                               user.save()
+                               authenticated_user = authenticate(username=user.username, password='temp_password')
+                               login(request, authenticated_user)
+                       finally:
+                               # if anything goes wrong, ABSOLUTELY make sure that the true password is restored.
+                               user.password = true_password
+                               user.save()
                        return self.post_register_confirm_redirect(request, node)
                
                raise Http404
        
        def post_register_confirm_redirect(self, request, node):
                        return self.post_register_confirm_redirect(request, node)
                
                raise Http404
        
        def post_register_confirm_redirect(self, request, node):
-               return HttpResponseRedirect('/%s/%s/' % (node.get_absolute_url().strip('/'), reverse('login', urlconf=self).strip('/')))
+               return HttpResponseRedirect(node.get_absolute_url())
        
        class Meta:
                abstract = True
        
        class Meta:
                abstract = True
@@ -304,5 +312,9 @@ class AccountMultiView(LoginMultiView):
                inner = self.login_required(inner)
                return inner
        
                inner = self.login_required(inner)
                return inner
        
+       def post_register_confirm_redirect(self, request, node):
+               messages.add_message(request, messages.INFO, 'Welcome! Please fill in some more information.')
+               return HttpResponseRedirect('/%s/%s/' % (node.get_absolute_url().strip('/'), reverse('account', urlconf=self).strip('/')))
+       
        class Meta:
                abstract = True
\ No newline at end of file
        class Meta:
                abstract = True
\ No newline at end of file