moviewyrm/bookwyrm/views/register.py

""" class views for login/register views """
from django.contrib.auth import login
from django.core.exceptions import PermissionDenied
from django.shortcuts import get_object_or_404, redirect
from django.template.response import TemplateResponse
from django.utils.decorators import method_decorator
from django.views import View
from django.views.decorators.http import require_POST
from django.views.decorators.debug import sensitive_variables, sensitive_post_parameters

from bookwyrm import emailing, forms, models
from bookwyrm.settings import DOMAIN


# pylint: disable=no-self-use
class Register(View):
    """register a user"""

    def get(self, request):  # pylint: disable=unused-argument
        """whether or not you're logged in, just go to the home view"""
        return redirect("/")

    @sensitive_variables("password")
    @method_decorator(sensitive_post_parameters("password"))
    def post(self, request):
        """join the server"""
        settings = models.SiteSettings.get()
        if not settings.allow_registration:
            invite_code = request.POST.get("invite_code")

            if not invite_code:
                raise PermissionDenied()

            invite = get_object_or_404(models.SiteInvite, code=invite_code)
            if not invite.valid():
                raise PermissionDenied()
        else:
            invite = None

        form = forms.RegisterForm(request.POST)
        errors = False
        if not form.is_valid():
            errors = True

        localname = form.data["localname"].strip()
        email = form.data["email"]
        password = form.data["password"]

        # make sure the email isn't blocked as spam
        email_domain = email.split("@")[-1]
        if models.EmailBlocklist.objects.filter(domain=email_domain).exists():
            # treat this like a successful registration, but don't do anything
            return redirect("confirm-email")

        # check localname and email uniqueness
        if models.User.objects.filter(localname=localname).first():
            form.errors["localname"] = ["User with this username already exists"]
            errors = True

        if errors:
            data = {
                "login_form": forms.LoginForm(),
                "register_form": form,
                "invite": invite,
                "valid": invite.valid() if invite else True,
            }
            if invite:
                return TemplateResponse(request, "invite.html", data)
            return TemplateResponse(request, "login.html", data)

        username = f"{localname}@{DOMAIN}"
        user = models.User.objects.create_user(
            username,
            email,
            password,
            localname=localname,
            local=True,
            deactivation_reason="pending" if settings.require_confirm_email else None,
            is_active=not settings.require_confirm_email,
        )
        if invite:
            invite.times_used += 1
            invite.invitees.add(user)
            invite.save()

        if settings.require_confirm_email:
            emailing.email_confirmation_email(user)
            return redirect("confirm-email")

        login(request, user)
        return redirect("get-started-profile")


class ConfirmEmailCode(View):
    """confirm email address"""

    def get(self, request, code):  # pylint: disable=unused-argument
        """you got the code! good work"""
        settings = models.SiteSettings.get()
        if request.user.is_authenticated or not settings.require_confirm_email:
            return redirect("/")

        # look up the user associated with this code
        try:
            user = models.User.objects.get(confirmation_code=code)
        except models.User.DoesNotExist:
            return TemplateResponse(
                request, "confirm_email/confirm_email.html", {"valid": False}
            )
        # update the user
        user.is_active = True
        user.deactivation_reason = None
        user.save(broadcast=False, update_fields=["is_active", "deactivation_reason"])
        # direct the user to log in
        return redirect("login", confirmed="confirmed")


class ConfirmEmail(View):
    """enter code to confirm email address"""

    def get(self, request):  # pylint: disable=unused-argument
        """you need a code! keep looking"""
        settings = models.SiteSettings.get()
        if request.user.is_authenticated or not settings.require_confirm_email:
            return redirect("/")

        return TemplateResponse(
            request, "confirm_email/confirm_email.html", {"valid": True}
        )

    def post(self, request):
        """same as clicking the link"""
        code = request.POST.get("code")
        return ConfirmEmailCode().get(request, code)


@require_POST
def resend_link(request):
    """resend confirmation link"""
    email = request.POST.get("email")
    user = get_object_or_404(models.User, email=email)
    emailing.email_confirmation_email(user)
    return TemplateResponse(
        request, "confirm_email/confirm_email.html", {"valid": True}
    )
Runs black 2021-03-08 16:49:10 +00:00			`""" class views for login/register views """`
Split authentication views into login and register 2021-09-07 20:11:44 +00:00			`from django.contrib.auth import login`
Adds registration view 2021-01-12 16:19:08 +00:00			`from django.core.exceptions import PermissionDenied`
			`from django.shortcuts import get_object_or_404, redirect`
Adds login class view 2021-01-12 16:08:43 +00:00			`from django.template.response import TemplateResponse`
Split out test files 2021-09-07 22:03:15 +00:00			`from django.utils.decorators import method_decorator`
Adds login class view 2021-01-12 16:08:43 +00:00			`from django.views import View`
Make sure passwords aren't exposed in error reporting 2021-09-07 20:21:40 +00:00			`from django.views.decorators.http import require_POST`
			`from django.views.decorators.debug import sensitive_variables, sensitive_post_parameters`
Adds login class view 2021-01-12 16:08:43 +00:00
Email confirmation email 2021-08-06 22:38:37 +00:00			`from bookwyrm import emailing, forms, models`
Confirm email views 2021-08-06 23:24:57 +00:00			`from bookwyrm.settings import DOMAIN`
Adds login class view 2021-01-12 16:08:43 +00:00

Confirm email views 2021-08-06 23:24:57 +00:00			`# pylint: disable=no-self-use`
Password reset and change password flows 2021-01-12 16:48:31 +00:00			`class Register(View):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""register a user"""`
Runs black 2021-03-08 16:49:10 +00:00
Handle get request to /register path 2021-09-18 22:08:02 +00:00			`def get(self, request): # pylint: disable=unused-argument`
			`"""whether or not you're logged in, just go to the home view"""`
			`return redirect("/")`

Make sure passwords aren't exposed in error reporting 2021-09-07 20:21:40 +00:00			`@sensitive_variables("password")`
Split out test files 2021-09-07 22:03:15 +00:00			`@method_decorator(sensitive_post_parameters("password"))`
Adds registration view 2021-01-12 16:19:08 +00:00			`def post(self, request):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""join the server"""`
Confirm email views 2021-08-06 23:24:57 +00:00			`settings = models.SiteSettings.get()`
			`if not settings.allow_registration:`
Runs black 2021-03-08 16:49:10 +00:00			`invite_code = request.POST.get("invite_code")`
Adds registration view 2021-01-12 16:19:08 +00:00
			`if not invite_code:`
Fixes syntax problem on http raises 2021-09-27 22:57:22 +00:00			`raise PermissionDenied()`
Adds registration view 2021-01-12 16:19:08 +00:00
			`invite = get_object_or_404(models.SiteInvite, code=invite_code)`
			`if not invite.valid():`
Fixes syntax problem on http raises 2021-09-27 22:57:22 +00:00			`raise PermissionDenied()`
Adds registration view 2021-01-12 16:19:08 +00:00			`else:`
			`invite = None`

			`form = forms.RegisterForm(request.POST)`
			`errors = False`
			`if not form.is_valid():`
			`errors = True`

Runs black 2021-03-08 16:49:10 +00:00			`localname = form.data["localname"].strip()`
			`email = form.data["email"]`
			`password = form.data["password"]`
Adds registration view 2021-01-12 16:19:08 +00:00
Prevent users from registering with blocked emails 2021-09-08 22:49:18 +00:00			`# make sure the email isn't blocked as spam`
			`email_domain = email.split("@")[-1]`
			`if models.EmailBlocklist.objects.filter(domain=email_domain).exists():`
			`# treat this like a successful registration, but don't do anything`
			`return redirect("confirm-email")`

Adds registration view 2021-01-12 16:19:08 +00:00			`# check localname and email uniqueness`
			`if models.User.objects.filter(localname=localname).first():`
Runs black 2021-03-08 16:49:10 +00:00			`form.errors["localname"] = ["User with this username already exists"]`
Adds registration view 2021-01-12 16:19:08 +00:00			`errors = True`

			`if errors:`
			`data = {`
Runs black 2021-03-08 16:49:10 +00:00			`"login_form": forms.LoginForm(),`
			`"register_form": form,`
			`"invite": invite,`
			`"valid": invite.valid() if invite else True,`
Adds registration view 2021-01-12 16:19:08 +00:00			`}`
			`if invite:`
Runs black 2021-03-08 16:49:10 +00:00			`return TemplateResponse(request, "invite.html", data)`
			`return TemplateResponse(request, "login.html", data)`
Adds registration view 2021-01-12 16:19:08 +00:00
Updating string format synatx part 2 2021-09-18 18:32:00 +00:00			`username = f"{localname}@{DOMAIN}"`
Adds registration view 2021-01-12 16:19:08 +00:00			`user = models.User.objects.create_user(`
Email confirmation email 2021-08-06 22:38:37 +00:00			`username,`
			`email,`
			`password,`
			`localname=localname,`
			`local=True,`
Confirm email views 2021-08-06 23:24:57 +00:00			`deactivation_reason="pending" if settings.require_confirm_email else None,`
			`is_active=not settings.require_confirm_email,`
Runs black 2021-03-08 16:49:10 +00:00			`)`
Adds registration view 2021-01-12 16:19:08 +00:00			`if invite:`
			`invite.times_used += 1`
Associate users with their invites 2021-04-02 00:19:29 +00:00			`invite.invitees.add(user)`
Adds registration view 2021-01-12 16:19:08 +00:00			`invite.save()`

Confirm email views 2021-08-06 23:24:57 +00:00			`if settings.require_confirm_email:`
Email confirmation email 2021-08-06 22:38:37 +00:00			`emailing.email_confirmation_email(user)`
			`return redirect("confirm-email")`

Adds registration view 2021-01-12 16:19:08 +00:00			`login(request, user)`
Changes the header copy 2021-04-01 19:46:38 +00:00			`return redirect("get-started-profile")`
Password reset and change password flows 2021-01-12 16:48:31 +00:00

Confirm email views 2021-08-06 23:24:57 +00:00			`class ConfirmEmailCode(View):`
			`"""confirm email address"""`

			`def get(self, request, code): # pylint: disable=unused-argument`
			`"""you got the code! good work"""`
			`settings = models.SiteSettings.get()`
			`if request.user.is_authenticated or not settings.require_confirm_email:`
			`return redirect("/")`

			`# look up the user associated with this code`
Confirmation templates 2021-08-07 00:23:44 +00:00			`try:`
			`user = models.User.objects.get(confirmation_code=code)`
			`except models.User.DoesNotExist:`
Resend links 2021-08-07 00:39:22 +00:00			`return TemplateResponse(`
			`request, "confirm_email/confirm_email.html", {"valid": False}`
			`)`
Confirm email views 2021-08-06 23:24:57 +00:00			`# update the user`
			`user.is_active = True`
			`user.deactivation_reason = None`
			`user.save(broadcast=False, update_fields=["is_active", "deactivation_reason"])`
			`# direct the user to log in`
			`return redirect("login", confirmed="confirmed")`
Confirmation templates 2021-08-07 00:23:44 +00:00

			`class ConfirmEmail(View):`
			`"""enter code to confirm email address"""`

			`def get(self, request): # pylint: disable=unused-argument`
			`"""you need a code! keep looking"""`
			`settings = models.SiteSettings.get()`
			`if request.user.is_authenticated or not settings.require_confirm_email:`
			`return redirect("/")`

Resend links 2021-08-07 00:39:22 +00:00			`return TemplateResponse(`
			`request, "confirm_email/confirm_email.html", {"valid": True}`
			`)`
Confirmation templates 2021-08-07 00:23:44 +00:00
			`def post(self, request):`
			`"""same as clicking the link"""`
			`code = request.POST.get("code")`
			`return ConfirmEmailCode().get(request, code)`
Resend links 2021-08-07 00:39:22 +00:00

			`@require_POST`
			`def resend_link(request):`
			`"""resend confirmation link"""`
			`email = request.POST.get("email")`
			`user = get_object_or_404(models.User, email=email)`
			`emailing.email_confirmation_email(user)`
			`return TemplateResponse(`
			`request, "confirm_email/confirm_email.html", {"valid": True}`
			`)`