nielsperetzke
/
healthchecks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 32 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
988 Commits
2 Branches
15 MiB
Tree: 14f504bd22
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '14f504bd22'
${ noResults }
healthchecks/hc/accounts/views.py

468 lines
14 KiB
Raw Normal View History

Adding an option to send daily or hourly reminders if any check is down. Fixes #48
7 years ago
Initial commit
10 years ago
REGISTRATION_OPEN setting. superuser accounts by default have team access enabled. Fixes #97 and #113
8 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Organize imports using isort.
9 years ago
logout, unified login
10 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Initial commit
10 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Test cases for adding project, removing project and leaving project.
6 years ago
Adding an option to send daily or hourly reminders if any check is down. Fixes #48
7 years ago
Fix after-login redirects to "Check Details" and other pages.
6 years ago
Report unsubscribe link works with POST. Include "X-Bounce-Url" header in report emails.
6 years ago
"Close Account" section in Settings page. Fixes #95
8 years ago
Rate limit login-with-password attempts.
6 years ago
Users can update their email addresses. Fixes #105
7 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Rate limit login-with-password attempts.
6 years ago
Project model. cc: #183
6 years ago
Rate limiting for the "Log In" emails
6 years ago
"Close Account" section in Settings page. Fixes #95
8 years ago
Initial commit
10 years ago
Fix after-login redirects to "Check Details" and other pages.
6 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Initial commit
10 years ago
Don't create default projects for invited users.
6 years ago
logout, unified login
10 years ago
Store the one time login token in profile so user.password can be used for regular passwords.
9 years ago
logout, unified login
10 years ago
Account creation
10 years ago
Don't create default projects for invited users.
6 years ago
Project model. cc: #183
6 years ago
REGISTRATION_OPEN setting. superuser accounts by default have team access enabled. Fixes #97 and #113
8 years ago
Project model. cc: #183
6 years ago
Team Access, test cleanup
9 years ago
Demo checks shown on welcome page are not saved to database. User's first check is created when creating the user.
7 years ago
Better welcome page.
10 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Fix after-login redirects to "Check Details" and other pages.
6 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
If user has a single project, _redirect_after_login redirects to it.
6 years ago
"My Projects" page.
6 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Improved layout & style, fixed hamburger menu in login page.
6 years ago
Rate limit login-with-password attempts.
6 years ago
Improved layout & style, fixed hamburger menu in login page.
6 years ago
Initial commit
10 years ago
Improved layout & style, fixed hamburger menu in login page.
6 years ago
Rate limit login-with-password attempts.
6 years ago
Improved layout & style, fixed hamburger menu in login page.
6 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Improved layout & style, fixed hamburger menu in login page.
6 years ago
Rate limit login-with-password attempts.
6 years ago
Improved layout & style, fixed hamburger menu in login page.
6 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Rate limiting for the "Log In" emails
6 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Rate limit login-with-password attempts.
6 years ago
Rate limiting for the "Log In" emails
6 years ago
Separate sign up and login forms.
6 years ago
Initial commit
10 years ago
check token redirect to login on bad token
9 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Improved layout & style, fixed hamburger menu in login page.
6 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Improved layout & style, fixed hamburger menu in login page.
6 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Initial commit
10 years ago
logout, unified login
10 years ago
Separate sign up and login forms.
6 years ago
Initial commit
10 years ago
Users can update their email addresses. Fixes #105
7 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Login works, stubbed out canary index page
10 years ago
Django 1.10
8 years ago
redirect already logged in user
9 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
redirect already logged in user
9 years ago
A work around for email servers that open our one-time login links.
8 years ago
More content in docs section
9 years ago
A work around for email servers that open our one-time login links.
8 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
A work around for email servers that open our one-time login links.
8 years ago
Login works, stubbed out canary index page
10 years ago
A work around for email servers that open our one-time login links.
8 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Cleanup in hc.accounts.views
7 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Users can update their email addresses. Fixes #105
7 years ago
Users can create and remove Projects -- WIP
6 years ago
Users can update their email addresses. Fixes #105
7 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Users can update their email addresses. Fixes #105
7 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Users can update their email addresses. Fixes #105
7 years ago
Users can create and remove Projects -- WIP
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Users can create and remove Projects -- WIP
6 years ago
"My Projects" page.
6 years ago
Users can create and remove Projects -- WIP
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Users can create and remove Projects -- WIP
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Drop Profile.api_key and Profile.api_key_readonly (both are stored with Project now)
6 years ago
Prepare for the removal of Profile.api_key
6 years ago
Project model. cc: #183
6 years ago
Add read-only API key support
6 years ago
Users can update their email addresses. Fixes #105
7 years ago
Add read-only API key support
6 years ago
Prepare for the removal of Profile.api_key
6 years ago
Project model. cc: #183
6 years ago
Add read-only API key support
6 years ago
Users can update their email addresses. Fixes #105
7 years ago
Add read-only API key support
6 years ago
Team access WIP
9 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Access rights checks for team access stuff in profile page.
9 years ago
Team access WIP
9 years ago
Rate limit team invites to 20/day
6 years ago
Team access WIP
9 years ago
Don't create default projects for invited users.
6 years ago
Team access WIP
9 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Users can update their email addresses. Fixes #105
7 years ago
Team access WIP
9 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Team access WIP
9 years ago
Check membership before removing project member.
6 years ago
Team access WIP
9 years ago
Project model. cc: #183
6 years ago
Tests for team access.
9 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Tests for team access.
9 years ago
Check membership before removing project member.
6 years ago
Users can update their email addresses. Fixes #105
7 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Team Access, test cleanup
9 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Project model. cc: #183
6 years ago
Show overall project status in the top navigation menu and in the "Select Project" page. cc: #183
6 years ago
Split "Account Settings" page into subpages.
8 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Split "Account Settings" page into subpages.
8 years ago
Cleanup in hc.accounts.views
7 years ago
Split "Account Settings" page into subpages.
8 years ago
Nicer "your settings have been updated" message.
7 years ago
Split "Account Settings" page into subpages.
8 years ago
Adding an option to send daily or hourly reminders if any check is down. Fixes #48
7 years ago
Split "Account Settings" page into subpages.
8 years ago
Nicer "your settings have been updated" message.
7 years ago
Split "Account Settings" page into subpages.
8 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Cleanup in hc.accounts.views
7 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Cleanup in hc.accounts.views
7 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Support for "Add to Slack" button
8 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
First stab at API, POST /api/v1/checks
9 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Users can update their email addresses. Fixes #105
7 years ago
Cleanup in hc.accounts.views
7 years ago
Users can update their email addresses. Fixes #105
7 years ago
Cleanup in hc.accounts.views
7 years ago
Users can update their email addresses. Fixes #105
7 years ago
Report unsubscribe link works with POST. Include "X-Bounce-Url" header in report emails.
6 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Remove obsolete signature checking code in accounts.views.unsubscribe_reports
7 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
A workaround for some email agents automatically opening "Unsubscribe" links
6 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Cleanup in hc.accounts.views
7 years ago
Clear out `Profile.next_report_date` and `Profile.next_nag_date` when unsubscribing from reports.
7 years ago
Adding an option to send daily or hourly reminders if any check is down. Fixes #48
7 years ago
Clear out `Profile.next_report_date` and `Profile.next_nag_date` when unsubscribing from reports.
7 years ago
Cleanup in hc.accounts.views
7 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Team Access, test cleanup
9 years ago
"Close Account" section in Settings page. Fixes #95
8 years ago
Adding on_delete keywords, more to come.
8 years ago
"Close Account" section in Settings page. Fixes #95
8 years ago
Users can create and remove Projects -- WIP
6 years ago
Test cases for adding project, removing project and leaving project.
6 years ago
Users can create and remove Projects -- WIP
6 years ago
Test cases for adding project, removing project and leaving project.
6 years ago
 
  1. from datetime import timedelta as td
  2. import uuid
  3. 

  4. from django.conf import settings
  5. from django.contrib import messages
  6. from django.contrib.auth import login as auth_login
  7. from django.contrib.auth import logout as auth_logout
  8. from django.contrib.auth import authenticate
  9. from django.contrib.auth.decorators import login_required
  10. from django.contrib.auth.models import User
  11. from django.core import signing
  12. from django.http import (HttpResponseForbidden, HttpResponseBadRequest,
  13.                          HttpResponseNotFound)
  14. from django.shortcuts import get_object_or_404, redirect, render
  15. from django.utils.timezone import now
  16. from django.urls import resolve, Resolver404
  17. from django.views.decorators.csrf import csrf_exempt
  18. from django.views.decorators.http import require_POST
  19. from hc.accounts.forms import (ChangeEmailForm, PasswordLoginForm,
  20.                                InviteTeamMemberForm, RemoveTeamMemberForm,
  21.                                ReportSettingsForm, SetPasswordForm,
  22.                                ProjectNameForm, AvailableEmailForm,
  23.                                EmailLoginForm)
  24. from hc.accounts.models import Profile, Project, Member
  25. from hc.api.models import Channel, Check, TokenBucket
  26. from hc.payments.models import Subscription
  27. 

  28. NEXT_WHITELIST = ("hc-checks",
  29.                   "hc-details",
  30.                   "hc-log",
  31.                   "hc-channels",
  32.                   "hc-add-slack",
  33.                   "hc-add-pushover")
  34. 

  35. 

  36. def _is_whitelisted(path):
  37.     try:
  38.         match = resolve(path)
  39.     except Resolver404:
  40.         return False
  41. 

  42.     return match.url_name in NEXT_WHITELIST
  43. 

  44. 

  45. def _make_user(email, with_project=True):
  46.     username = str(uuid.uuid4())[:30]
  47.     user = User(username=username, email=email)
  48.     user.set_unusable_password()
  49.     user.save()
  50. 

  51.     project = None
  52.     if with_project:
  53.         project = Project(owner=user)
  54.         project.badge_key = user.username
  55.         project.save()
  56. 

  57.         check = Check(project=project)
  58.         check.name = "My First Check"
  59.         check.save()
  60. 

  61.         channel = Channel(project=project)
  62.         channel.kind = "email"
  63.         channel.value = email
  64.         channel.email_verified = True
  65.         channel.save()
  66. 

  67.         channel.checks.add(check)
  68. 

  69.     # Ensure a profile gets created
  70.     profile = Profile.objects.for_user(user)
  71.     profile.current_project = project
  72.     profile.save()
  73. 

  74.     return user
  75. 

  76. 

  77. def _redirect_after_login(request):
  78.     """ Redirect to the URL indicated in ?next= query parameter. """
  79. 

  80.     redirect_url = request.GET.get("next")
  81.     if _is_whitelisted(redirect_url):
  82.         return redirect(redirect_url)
  83. 

  84.     if request.user.project_set.count() == 1:
  85.         project = request.user.project_set.first()
  86.         return redirect("hc-checks", project.code)
  87. 

  88.     return redirect("hc-index")
  89. 

  90. 

  91. def login(request):
  92.     form = PasswordLoginForm()
  93.     magic_form = EmailLoginForm()
  94. 

  95.     if request.method == 'POST':
  96.         if request.POST.get("action") == "login":
  97.             form = PasswordLoginForm(request.POST)
  98.             if form.is_valid():
  99.                 auth_login(request, form.user)
  100.                 return _redirect_after_login(request)
  101. 

  102.         else:
  103.             magic_form = EmailLoginForm(request.POST)
  104.             if magic_form.is_valid():
  105.                 redirect_url = request.GET.get("next")
  106.                 if not _is_whitelisted(redirect_url):
  107.                     redirect_url = None
  108. 

  109.                 profile = Profile.objects.for_user(magic_form.user)
  110.                 profile.send_instant_login_link(redirect_url=redirect_url)
  111.                 return redirect("hc-login-link-sent")
  112. 

  113.     bad_link = request.session.pop("bad_link", None)
  114.     ctx = {
  115.         "page": "login",
  116.         "form": form,
  117.         "magic_form": magic_form,
  118.         "bad_link": bad_link
  119.     }
  120.     return render(request, "accounts/login.html", ctx)
  121. 

  122. 

  123. def logout(request):
  124.     auth_logout(request)
  125.     return redirect("hc-index")
  126. 

  127. 

  128. @require_POST
  129. def signup(request):
  130.     if not settings.REGISTRATION_OPEN:
  131.         return HttpResponseForbidden()
  132. 

  133.     ctx = {}
  134.     form = AvailableEmailForm(request.POST)
  135.     if form.is_valid():
  136.         email = form.cleaned_data["identity"]
  137.         user = _make_user(email)
  138.         profile = Profile.objects.for_user(user)
  139.         profile.send_instant_login_link()
  140.         ctx["created"] = True
  141.     else:
  142.         ctx = {"form": form}
  143. 

  144.     return render(request, "accounts/signup_result.html", ctx)
  145. 

  146. 

  147. def login_link_sent(request):
  148.     return render(request, "accounts/login_link_sent.html")
  149. 

  150. 

  151. def link_sent(request):
  152.     return render(request, "accounts/link_sent.html")
  153. 

  154. 

  155. def check_token(request, username, token):
  156.     if request.user.is_authenticated and request.user.username == username:
  157.         # User is already logged in
  158.         return _redirect_after_login(request)
  159. 

  160.     # Some email servers open links in emails to check for malicious content.
  161.     # To work around this, we sign user in if the method is POST.
  162.     #
  163.     # If the method is GET, we instead serve a HTML form and a piece
  164.     # of Javascript to automatically submit it.
  165. 

  166.     if request.method == "POST":
  167.         user = authenticate(username=username, token=token)
  168.         if user is not None and user.is_active:
  169.             user.profile.token = ""
  170.             user.profile.save()
  171.             auth_login(request, user)
  172. 

  173.             return _redirect_after_login(request)
  174. 

  175.         request.session["bad_link"] = True
  176.         return redirect("hc-login")
  177. 

  178.     return render(request, "accounts/check_token_submit.html")
  179. 

  180. 

  181. @login_required
  182. def profile(request):
  183.     profile = request.profile
  184. 

  185.     ctx = {
  186.         "page": "profile",
  187.         "profile": profile,
  188.         "my_projects_status": "default"
  189.     }
  190. 

  191.     if request.method == "POST":
  192.         if "change_email" in request.POST:
  193.             profile.send_change_email_link()
  194.             return redirect("hc-link-sent")
  195.         elif "set_password" in request.POST:
  196.             profile.send_set_password_link()
  197.             return redirect("hc-link-sent")
  198.         elif "leave_project" in request.POST:
  199.             code = request.POST["code"]
  200.             try:
  201.                 project = Project.objects.get(code=code,
  202.                                               member__user=request.user)
  203.             except Project.DoesNotExist:
  204.                 return HttpResponseBadRequest()
  205. 

  206.             if profile.current_project == project:
  207.                 profile.current_project = None
  208.                 profile.save()
  209. 

  210.             Member.objects.filter(project=project, user=request.user).delete()
  211. 

  212.             ctx["left_project"] = project
  213.             ctx["my_projects_status"] = "info"
  214. 

  215.     # Retrieve projects right before rendering the template--
  216.     # The list of the projects might have *just* changed
  217.     ctx["projects"] = list(profile.projects())
  218.     return render(request, "accounts/profile.html", ctx)
  219. 

  220. 

  221. @login_required
  222. @require_POST
  223. def add_project(request):
  224.     form = ProjectNameForm(request.POST)
  225.     if not form.is_valid():
  226.         return HttpResponseBadRequest()
  227. 

  228.     project = Project(owner=request.user)
  229.     project.code = project.badge_key = str(uuid.uuid4())
  230.     project.name = form.cleaned_data["name"]
  231.     project.save()
  232. 

  233.     return redirect("hc-checks", project.code)
  234. 

  235. 

  236. @login_required
  237. def project(request, code):
  238.     if request.user.is_superuser:
  239.         q = Project.objects
  240.     else:
  241.         q = request.profile.projects()
  242. 

  243.     try:
  244.         project = q.get(code=code)
  245.     except Project.DoesNotExist:
  246.         return HttpResponseNotFound()
  247. 

  248.     is_owner = project.owner_id == request.user.id
  249.     ctx = {
  250.         "page": "project",
  251.         "project": project,
  252.         "is_owner": is_owner,
  253.         "show_api_keys": "show_api_keys" in request.GET,
  254.         "project_name_status": "default",
  255.         "api_status": "default",
  256.         "team_status": "default"
  257.     }
  258. 

  259.     if request.method == "POST":
  260.         if "create_api_keys" in request.POST:
  261.             project.set_api_keys()
  262.             project.save()
  263. 

  264.             ctx["show_api_keys"] = True
  265.             ctx["api_keys_created"] = True
  266.             ctx["api_status"] = "success"
  267.         elif "revoke_api_keys" in request.POST:
  268.             project.api_key = ""
  269.             project.api_key_readonly = ""
  270.             project.save()
  271. 

  272.             ctx["api_keys_revoked"] = True
  273.             ctx["api_status"] = "info"
  274.         elif "show_api_keys" in request.POST:
  275.             ctx["show_api_keys"] = True
  276.         elif "invite_team_member" in request.POST:
  277.             if not is_owner or not project.can_invite():
  278.                 return HttpResponseForbidden()
  279. 

  280.             form = InviteTeamMemberForm(request.POST)
  281.             if form.is_valid():
  282.                 if not TokenBucket.authorize_invite(request.user):
  283.                     return render(request, "try_later.html")
  284. 

  285.                 email = form.cleaned_data["email"]
  286.                 try:
  287.                     user = User.objects.get(email=email)
  288.                 except User.DoesNotExist:
  289.                     user = _make_user(email, with_project=False)
  290. 

  291.                 project.invite(user)
  292.                 ctx["team_member_invited"] = email
  293.                 ctx["team_status"] = "success"
  294. 

  295.         elif "remove_team_member" in request.POST:
  296.             if not is_owner:
  297.                 return HttpResponseForbidden()
  298. 

  299.             form = RemoveTeamMemberForm(request.POST)
  300.             if form.is_valid():
  301.                 q = User.objects
  302.                 q = q.filter(email=form.cleaned_data["email"])
  303.                 q = q.filter(memberships__project=project)
  304.                 farewell_user = q.first()
  305.                 if farewell_user is None:
  306.                     return HttpResponseBadRequest()
  307. 

  308.                 farewell_user.profile.current_project = None
  309.                 farewell_user.profile.save()
  310. 

  311.                 Member.objects.filter(project=project,
  312.                                       user=farewell_user).delete()
  313. 

  314.                 ctx["team_member_removed"] = form.cleaned_data["email"]
  315.                 ctx["team_status"] = "info"
  316.         elif "set_project_name" in request.POST:
  317.             form = ProjectNameForm(request.POST)
  318.             if form.is_valid():
  319.                 project.name = form.cleaned_data["name"]
  320.                 project.save()
  321. 

  322.                 if request.profile.current_project == project:
  323.                     request.profile.current_project.name = project.name
  324. 

  325.                 ctx["project_name_updated"] = True
  326.                 ctx["project_name_status"] = "success"
  327. 

  328.     # Count members right before rendering the template, in case
  329.     # we just invited or removed someone
  330.     ctx["num_members"] = project.member_set.count()
  331.     return render(request, "accounts/project.html", ctx)
  332. 

  333. 

  334. @login_required
  335. def notifications(request):
  336.     profile = request.profile
  337. 

  338.     ctx = {
  339.         "status": "default",
  340.         "page": "profile",
  341.         "profile": profile
  342.     }
  343. 

  344.     if request.method == "POST":
  345.         form = ReportSettingsForm(request.POST)
  346.         if form.is_valid():
  347.             if profile.reports_allowed != form.cleaned_data["reports_allowed"]:
  348.                 profile.reports_allowed = form.cleaned_data["reports_allowed"]
  349.                 if profile.reports_allowed:
  350.                     profile.next_report_date = now() + td(days=30)
  351.                 else:
  352.                     profile.next_report_date = None
  353. 

  354.             if profile.nag_period != form.cleaned_data["nag_period"]:
  355.                 # Set the new nag period
  356.                 profile.nag_period = form.cleaned_data["nag_period"]
  357.                 # and schedule next_nag_date:
  358.                 if profile.nag_period:
  359.                     profile.next_nag_date = now() + profile.nag_period
  360.                 else:
  361.                     profile.next_nag_date = None
  362. 

  363.             profile.save()
  364.             ctx["status"] = "info"
  365. 

  366.     return render(request, "accounts/notifications.html", ctx)
  367. 

  368. 

  369. @login_required
  370. def set_password(request, token):
  371.     if not request.profile.check_token(token, "set-password"):
  372.         return HttpResponseBadRequest()
  373. 

  374.     if request.method == "POST":
  375.         form = SetPasswordForm(request.POST)
  376.         if form.is_valid():
  377.             password = form.cleaned_data["password"]
  378.             request.user.set_password(password)
  379.             request.user.save()
  380. 

  381.             request.profile.token = ""
  382.             request.profile.save()
  383. 

  384.             # Setting a password logs the user out, so here we
  385.             # log them back in.
  386.             u = authenticate(username=request.user.email, password=password)
  387.             auth_login(request, u)
  388. 

  389.             messages.success(request, "Your password has been set!")
  390.             return redirect("hc-profile")
  391. 

  392.     return render(request, "accounts/set_password.html", {})
  393. 

  394. 

  395. @login_required
  396. def change_email(request, token):
  397.     if not request.profile.check_token(token, "change-email"):
  398.         return HttpResponseBadRequest()
  399. 

  400.     if request.method == "POST":
  401.         form = ChangeEmailForm(request.POST)
  402.         if form.is_valid():
  403.             request.user.email = form.cleaned_data["email"]
  404.             request.user.set_unusable_password()
  405.             request.user.save()
  406. 

  407.             request.profile.token = ""
  408.             request.profile.save()
  409. 

  410.             return redirect("hc-change-email-done")
  411.     else:
  412.         form = ChangeEmailForm()
  413. 

  414.     return render(request, "accounts/change_email.html", {"form": form})
  415. 

  416. 

  417. def change_email_done(request):
  418.     return render(request, "accounts/change_email_done.html")
  419. 

  420. 

  421. @csrf_exempt
  422. def unsubscribe_reports(request, username):
  423.     signer = signing.TimestampSigner(salt="reports")
  424.     try:
  425.         username = signer.unsign(username)
  426.     except signing.BadSignature:
  427.         return render(request, "bad_link.html")
  428. 

  429.     # Some email servers open links in emails to check for malicious content.
  430.     # To work around this, we serve a form that auto-submits with JS.
  431.     if "ask" in request.GET and request.method != "POST":
  432.         return render(request, "accounts/unsubscribe_submit.html")
  433. 

  434.     user = User.objects.get(username=username)
  435.     profile = Profile.objects.for_user(user)
  436.     profile.reports_allowed = False
  437.     profile.next_report_date = None
  438.     profile.nag_period = td()
  439.     profile.next_nag_date = None
  440.     profile.save()
  441. 

  442.     return render(request, "accounts/unsubscribed.html")
  443. 

  444. 

  445. @require_POST
  446. @login_required
  447. def close(request):
  448.     user = request.user
  449. 

  450.     # Subscription needs to be canceled before it is deleted:
  451.     sub = Subscription.objects.filter(user=user).first()
  452.     if sub:
  453.         sub.cancel()
  454. 

  455.     user.delete()
  456. 

  457.     # Deleting user also deletes its profile, checks, channels etc.
  458. 

  459.     request.session.flush()
  460.     return redirect("hc-index")
  461. 

  462. 

  463. @require_POST
  464. @login_required
  465. def remove_project(request, code):
  466.     project = get_object_or_404(Project, code=code, owner=request.user)
  467.     project.delete()
  468.     return redirect("hc-index")