|
|
- import uuid
-
- from django.conf import settings
- from django.contrib.auth import authenticate
- from django.contrib.auth import login as auth_login, logout as auth_logout
- from django.contrib.auth.models import User
- from django.core.urlresolvers import reverse
- from django.http import HttpResponseBadRequest
- from django.shortcuts import redirect, render
-
- from hc.accounts.forms import EmailForm
- from hc.api.models import Channel, Check
- from hc.lib.emails import send
-
-
- def _make_user(email):
- username = str(uuid.uuid4())[:30]
- user = User(username=username, email=email)
- user.save()
-
- channel = Channel()
- channel.user = user
- channel.kind = "email"
- channel.value = email
- channel.email_verified = True
- channel.save()
-
- return user
-
-
- def _associate_demo_check(request, user):
- if "welcome_code" in request.session:
- check = Check.objects.get(code=request.session["welcome_code"])
-
- # Only associate demo check if it doesn't have an owner already.
- if check.user is None:
- check.user = user
- check.save()
-
- check.assign_all_channels()
-
- del request.session["welcome_code"]
-
-
- def _send_login_link(user):
- token = str(uuid.uuid4())
- user.set_password(token)
- user.save()
-
- login_link = reverse("hc-check-token", args=[user.username, token])
- login_link = settings.SITE_ROOT + login_link
- ctx = {"login_link": login_link}
-
- send(user.email, "emails/login", ctx)
-
-
- def login(request):
- if request.method == 'POST':
- form = EmailForm(request.POST)
- if form.is_valid():
- email = form.cleaned_data["email"]
- try:
- user = User.objects.get(email=email)
- except User.DoesNotExist:
- user = _make_user(email)
- _associate_demo_check(request, user)
-
- # We don't want to reset passwords of staff users :-)
- if user.is_staff:
- return HttpResponseBadRequest()
-
- _send_login_link(user)
-
- return redirect("hc-login-link-sent")
-
- else:
- form = EmailForm()
-
- ctx = {"form": form}
- return render(request, "accounts/login.html", ctx)
-
-
- def logout(request):
- auth_logout(request)
- return redirect("hc-index")
-
-
- def login_link_sent(request):
- return render(request, "accounts/login_link_sent.html")
-
-
- def check_token(request, username, token):
- user = authenticate(username=username, password=token)
- if user is not None:
- if user.is_active:
- # This should get rid of "welcome_code" in session
- request.session.flush()
-
- user.set_unusable_password()
- user.save()
- auth_login(request, user)
-
- return redirect("hc-index")
-
- return render(request, "bad_link.html")
|