nielsperetzke
/
healthchecks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 32 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1067 Commits
2 Branches
15 MiB
Tree: 31e5395d3a
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '31e5395d3a'
${ noResults }
healthchecks/hc/accounts/views.py

481 lines
15 KiB
Raw Normal View History

Adding an option to send daily or hourly reminders if any check is down. Fixes #48
7 years ago
Initial commit
10 years ago
REGISTRATION_OPEN setting. superuser accounts by default have team access enabled. Fixes #97 and #113
8 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Organize imports using isort.
9 years ago
logout, unified login
10 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Initial commit
10 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Source formatted with Black
6 years ago
Test cases for adding project, removing project and leaving project.
6 years ago
Adding an option to send daily or hourly reminders if any check is down. Fixes #48
7 years ago
Fix after-login redirects to "Check Details" and other pages.
6 years ago
Report unsubscribe link works with POST. Include "X-Bounce-Url" header in report emails.
6 years ago
"Close Account" section in Settings page. Fixes #95
8 years ago
Source formatted with Black
6 years ago
Project model. cc: #183
6 years ago
Rate limiting for the "Log In" emails
6 years ago
"Close Account" section in Settings page. Fixes #95
8 years ago
Initial commit
10 years ago
Source formatted with Black
6 years ago
Fix after-login redirects to "Check Details" and other pages.
6 years ago
Generate usernames as uuid3(const, email). Prevents multiple accts with the same email. Prevent double-clicking the submit button in signup form. Fixes #290
5 years ago
Fix after-login redirects to "Check Details" and other pages.
6 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Initial commit
10 years ago
Don't create default projects for invited users.
6 years ago
Generate usernames as uuid3(const, email). Prevents multiple accts with the same email. Prevent double-clicking the submit button in signup form. Fixes #290
5 years ago
logout, unified login
10 years ago
Store the one time login token in profile so user.password can be used for regular passwords.
9 years ago
logout, unified login
10 years ago
Account creation
10 years ago
Don't create default projects for invited users.
6 years ago
Project model. cc: #183
6 years ago
REGISTRATION_OPEN setting. superuser accounts by default have team access enabled. Fixes #97 and #113
8 years ago
Project model. cc: #183
6 years ago
Team Access, test cleanup
9 years ago
Demo checks shown on welcome page are not saved to database. User's first check is created when creating the user.
7 years ago
Better welcome page.
10 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Fix after-login redirects to "Check Details" and other pages.
6 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
If user has a single project, _redirect_after_login redirects to it.
6 years ago
"My Projects" page.
6 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Improved layout & style, fixed hamburger menu in login page.
6 years ago
Rate limit login-with-password attempts.
6 years ago
Improved layout & style, fixed hamburger menu in login page.
6 years ago
Source formatted with Black
6 years ago
Improved layout & style, fixed hamburger menu in login page.
6 years ago
Rate limit login-with-password attempts.
6 years ago
Improved layout & style, fixed hamburger menu in login page.
6 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Improved layout & style, fixed hamburger menu in login page.
6 years ago
Rate limit login-with-password attempts.
6 years ago
Improved layout & style, fixed hamburger menu in login page.
6 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Rate limiting for the "Log In" emails
6 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
Rate limit login-with-password attempts.
6 years ago
Rate limiting for the "Log In" emails
6 years ago
Prevent email clients from opening the one-time login links. Fixes #255
6 years ago
Initial commit
10 years ago
check token redirect to login on bad token
9 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Improved layout & style, fixed hamburger menu in login page.
6 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Improved layout & style, fixed hamburger menu in login page.
6 years ago
Source formatted with Black
6 years ago
Don't show the "Sign Up" link in the login page if registration is closed. Fixes #280
5 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Initial commit
10 years ago
logout, unified login
10 years ago
Separate sign up and login forms.
6 years ago
Initial commit
10 years ago
Users can update their email addresses. Fixes #105
7 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Login works, stubbed out canary index page
10 years ago
Django 1.10
8 years ago
redirect already logged in user
9 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
redirect already logged in user
9 years ago
A work around for email servers that open our one-time login links.
8 years ago
Prevent email clients from opening the one-time login links. Fixes #255
6 years ago
A work around for email servers that open our one-time login links.
8 years ago
More content in docs section
9 years ago
Prevent email clients from opening the one-time login links. Fixes #255
6 years ago
A work around for email servers that open our one-time login links.
8 years ago
Fix after-login redirects for users landing in the "Add Slack" page
6 years ago
A work around for email servers that open our one-time login links.
8 years ago
Login works, stubbed out canary index page
10 years ago
A work around for email servers that open our one-time login links.
8 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Cleanup in hc.accounts.views
7 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Source formatted with Black
6 years ago
Users can update their email addresses. Fixes #105
7 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Users can update their email addresses. Fixes #105
7 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Users can update their email addresses. Fixes #105
7 years ago
Users can create and remove Projects -- WIP
6 years ago
Source formatted with Black
6 years ago
Users can create and remove Projects -- WIP
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Users can create and remove Projects -- WIP
6 years ago
"My Projects" page.
6 years ago
Users can create and remove Projects -- WIP
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Users can create and remove Projects -- WIP
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Source formatted with Black
6 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Drop Profile.api_key and Profile.api_key_readonly (both are stored with Project now)
6 years ago
Prepare for the removal of Profile.api_key
6 years ago
Project model. cc: #183
6 years ago
Add read-only API key support
6 years ago
Users can update their email addresses. Fixes #105
7 years ago
Add read-only API key support
6 years ago
Prepare for the removal of Profile.api_key
6 years ago
Project model. cc: #183
6 years ago
Add read-only API key support
6 years ago
Users can update their email addresses. Fixes #105
7 years ago
Add read-only API key support
6 years ago
Team access WIP
9 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Access rights checks for team access stuff in profile page.
9 years ago
Team access WIP
9 years ago
Rate limit team invites to 20/day
6 years ago
Team access WIP
9 years ago
Don't create default projects for invited users.
6 years ago
Team access WIP
9 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Users can update their email addresses. Fixes #105
7 years ago
Team access WIP
9 years ago
Show "Badges" and "Settings" in top navigation. Fixes #234
6 years ago
Team access WIP
9 years ago
Check membership before removing project member.
6 years ago
Team access WIP
9 years ago
Project model. cc: #183
6 years ago
Tests for team access.
9 years ago
Source formatted with Black
6 years ago
Tests for team access.
9 years ago
Check membership before removing project member.
6 years ago
Users can update their email addresses. Fixes #105
7 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Team Access, test cleanup
9 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Project model. cc: #183
6 years ago
Show overall project status in the top navigation menu and in the "Select Project" page. cc: #183
6 years ago
Split "Account Settings" page into subpages.
8 years ago
Move project-specific settings to a new "Project Settings" page
6 years ago
Split "Account Settings" page into subpages.
8 years ago
Cleanup in hc.accounts.views
7 years ago
Split "Account Settings" page into subpages.
8 years ago
Source formatted with Black
6 years ago
Nicer "your settings have been updated" message.
7 years ago
Split "Account Settings" page into subpages.
8 years ago
Adding an option to send daily or hourly reminders if any check is down. Fixes #48
7 years ago
Split "Account Settings" page into subpages.
8 years ago
Nicer "your settings have been updated" message.
7 years ago
Split "Account Settings" page into subpages.
8 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Cleanup in hc.accounts.views
7 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Cleanup in hc.accounts.views
7 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Support for "Add to Slack" button
8 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
First stab at API, POST /api/v1/checks
9 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Users can update their email addresses. Fixes #105
7 years ago
Cleanup in hc.accounts.views
7 years ago
Users can update their email addresses. Fixes #105
7 years ago
Cleanup in hc.accounts.views
7 years ago
Users can update their email addresses. Fixes #105
7 years ago
Report unsubscribe link works with POST. Include "X-Bounce-Url" header in report emails.
6 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Remove obsolete signature checking code in accounts.views.unsubscribe_reports
7 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
A workaround for some email agents automatically opening "Unsubscribe" links
6 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Cleanup in hc.accounts.views
7 years ago
Clear out `Profile.next_report_date` and `Profile.next_nag_date` when unsubscribing from reports.
7 years ago
Adding an option to send daily or hourly reminders if any check is down. Fixes #48
7 years ago
Clear out `Profile.next_report_date` and `Profile.next_nag_date` when unsubscribing from reports.
7 years ago
Cleanup in hc.accounts.views
7 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Team Access, test cleanup
9 years ago
"Close Account" section in Settings page. Fixes #95
8 years ago
Delete customer from Braintree when closing account.
5 years ago
"Close Account" section in Settings page. Fixes #95
8 years ago
Adding on_delete keywords, more to come.
8 years ago
"Close Account" section in Settings page. Fixes #95
8 years ago
Users can create and remove Projects -- WIP
6 years ago
Test cases for adding project, removing project and leaving project.
6 years ago
Users can create and remove Projects -- WIP
6 years ago
Test cases for adding project, removing project and leaving project.
6 years ago
 
  1. from datetime import timedelta as td
  2. import uuid
  3. 

  4. from django.conf import settings
  5. from django.contrib import messages
  6. from django.contrib.auth import login as auth_login
  7. from django.contrib.auth import logout as auth_logout
  8. from django.contrib.auth import authenticate
  9. from django.contrib.auth.decorators import login_required
  10. from django.contrib.auth.models import User
  11. from django.core import signing
  12. from django.http import (
  13.     HttpResponseForbidden,
  14.     HttpResponseBadRequest,
  15.     HttpResponseNotFound,
  16. )
  17. from django.shortcuts import get_object_or_404, redirect, render
  18. from django.utils.timezone import now
  19. from django.urls import resolve, Resolver404
  20. from django.views.decorators.csrf import csrf_exempt
  21. from django.views.decorators.http import require_POST
  22. from hc.accounts.forms import (
  23.     ChangeEmailForm,
  24.     PasswordLoginForm,
  25.     InviteTeamMemberForm,
  26.     RemoveTeamMemberForm,
  27.     ReportSettingsForm,
  28.     SetPasswordForm,
  29.     ProjectNameForm,
  30.     AvailableEmailForm,
  31.     EmailLoginForm,
  32. )
  33. from hc.accounts.models import Profile, Project, Member
  34. from hc.api.models import Channel, Check, TokenBucket
  35. from hc.payments.models import Subscription
  36. 

  37. NEXT_WHITELIST = (
  38.     "hc-checks",
  39.     "hc-details",
  40.     "hc-log",
  41.     "hc-channels",
  42.     "hc-add-slack",
  43.     "hc-add-pushover",
  44. )
  45. 

  46. NAMESPACE_HC = uuid.UUID("2b25afdf-ce1a-4fa3-adf2-592e35f27fa9")
  47. 

  48. 

  49. def _is_whitelisted(path):
  50.     try:
  51.         match = resolve(path)
  52.     except Resolver404:
  53.         return False
  54. 

  55.     return match.url_name in NEXT_WHITELIST
  56. 

  57. 

  58. def _make_user(email, with_project=True):
  59.     # Generate username from email in a deterministic way.
  60.     # Since the database has an uniqueness constraint on username,
  61.     # this makes sure that emails also are unique.
  62.     username = str(uuid.uuid3(NAMESPACE_HC, email))
  63.     user = User(username=username, email=email)
  64.     user.set_unusable_password()
  65.     user.save()
  66. 

  67.     project = None
  68.     if with_project:
  69.         project = Project(owner=user)
  70.         project.badge_key = user.username
  71.         project.save()
  72. 

  73.         check = Check(project=project)
  74.         check.name = "My First Check"
  75.         check.save()
  76. 

  77.         channel = Channel(project=project)
  78.         channel.kind = "email"
  79.         channel.value = email
  80.         channel.email_verified = True
  81.         channel.save()
  82. 

  83.         channel.checks.add(check)
  84. 

  85.     # Ensure a profile gets created
  86.     profile = Profile.objects.for_user(user)
  87.     profile.current_project = project
  88.     profile.save()
  89. 

  90.     return user
  91. 

  92. 

  93. def _redirect_after_login(request):
  94.     """ Redirect to the URL indicated in ?next= query parameter. """
  95. 

  96.     redirect_url = request.GET.get("next")
  97.     if _is_whitelisted(redirect_url):
  98.         return redirect(redirect_url)
  99. 

  100.     if request.user.project_set.count() == 1:
  101.         project = request.user.project_set.first()
  102.         return redirect("hc-checks", project.code)
  103. 

  104.     return redirect("hc-index")
  105. 

  106. 

  107. def login(request):
  108.     form = PasswordLoginForm()
  109.     magic_form = EmailLoginForm()
  110. 

  111.     if request.method == "POST":
  112.         if request.POST.get("action") == "login":
  113.             form = PasswordLoginForm(request.POST)
  114.             if form.is_valid():
  115.                 auth_login(request, form.user)
  116.                 return _redirect_after_login(request)
  117. 

  118.         else:
  119.             magic_form = EmailLoginForm(request.POST)
  120.             if magic_form.is_valid():
  121.                 redirect_url = request.GET.get("next")
  122.                 if not _is_whitelisted(redirect_url):
  123.                     redirect_url = None
  124. 

  125.                 profile = Profile.objects.for_user(magic_form.user)
  126.                 profile.send_instant_login_link(redirect_url=redirect_url)
  127.                 response = redirect("hc-login-link-sent")
  128. 

  129.                 # check_token_submit looks for this cookie to decide if
  130.                 # it needs to do the extra POST step.
  131.                 response.set_cookie("auto-login", "1", max_age=300, httponly=True)
  132.                 return response
  133. 

  134.     bad_link = request.session.pop("bad_link", None)
  135.     ctx = {
  136.         "page": "login",
  137.         "form": form,
  138.         "magic_form": magic_form,
  139.         "bad_link": bad_link,
  140.         "registration_open": settings.REGISTRATION_OPEN,
  141.     }
  142.     return render(request, "accounts/login.html", ctx)
  143. 

  144. 

  145. def logout(request):
  146.     auth_logout(request)
  147.     return redirect("hc-index")
  148. 

  149. 

  150. @require_POST
  151. def signup(request):
  152.     if not settings.REGISTRATION_OPEN:
  153.         return HttpResponseForbidden()
  154. 

  155.     ctx = {}
  156.     form = AvailableEmailForm(request.POST)
  157.     if form.is_valid():
  158.         email = form.cleaned_data["identity"]
  159.         user = _make_user(email)
  160.         profile = Profile.objects.for_user(user)
  161.         profile.send_instant_login_link()
  162.         ctx["created"] = True
  163.     else:
  164.         ctx = {"form": form}
  165. 

  166.     return render(request, "accounts/signup_result.html", ctx)
  167. 

  168. 

  169. def login_link_sent(request):
  170.     return render(request, "accounts/login_link_sent.html")
  171. 

  172. 

  173. def link_sent(request):
  174.     return render(request, "accounts/link_sent.html")
  175. 

  176. 

  177. def check_token(request, username, token):
  178.     if request.user.is_authenticated and request.user.username == username:
  179.         # User is already logged in
  180.         return _redirect_after_login(request)
  181. 

  182.     # Some email servers open links in emails to check for malicious content.
  183.     # To work around this, we sign user in if the method is POST
  184.     # *or* if the browser presents a cookie we had set when sending the login link.
  185.     #
  186.     # If the method is GET, we instead serve a HTML form and a piece
  187.     # of Javascript to automatically submit it.
  188. 

  189.     if request.method == "POST" or "auto-login" in request.COOKIES:
  190.         user = authenticate(username=username, token=token)
  191.         if user is not None and user.is_active:
  192.             user.profile.token = ""
  193.             user.profile.save()
  194.             auth_login(request, user)
  195. 

  196.             return _redirect_after_login(request)
  197. 

  198.         request.session["bad_link"] = True
  199.         return redirect("hc-login")
  200. 

  201.     return render(request, "accounts/check_token_submit.html")
  202. 

  203. 

  204. @login_required
  205. def profile(request):
  206.     profile = request.profile
  207. 

  208.     ctx = {"page": "profile", "profile": profile, "my_projects_status": "default"}
  209. 

  210.     if request.method == "POST":
  211.         if "change_email" in request.POST:
  212.             profile.send_change_email_link()
  213.             return redirect("hc-link-sent")
  214.         elif "set_password" in request.POST:
  215.             profile.send_set_password_link()
  216.             return redirect("hc-link-sent")
  217.         elif "leave_project" in request.POST:
  218.             code = request.POST["code"]
  219.             try:
  220.                 project = Project.objects.get(code=code, member__user=request.user)
  221.             except Project.DoesNotExist:
  222.                 return HttpResponseBadRequest()
  223. 

  224.             if profile.current_project == project:
  225.                 profile.current_project = None
  226.                 profile.save()
  227. 

  228.             Member.objects.filter(project=project, user=request.user).delete()
  229. 

  230.             ctx["left_project"] = project
  231.             ctx["my_projects_status"] = "info"
  232. 

  233.     # Retrieve projects right before rendering the template--
  234.     # The list of the projects might have *just* changed
  235.     ctx["projects"] = list(profile.projects())
  236.     return render(request, "accounts/profile.html", ctx)
  237. 

  238. 

  239. @login_required
  240. @require_POST
  241. def add_project(request):
  242.     form = ProjectNameForm(request.POST)
  243.     if not form.is_valid():
  244.         return HttpResponseBadRequest()
  245. 

  246.     project = Project(owner=request.user)
  247.     project.code = project.badge_key = str(uuid.uuid4())
  248.     project.name = form.cleaned_data["name"]
  249.     project.save()
  250. 

  251.     return redirect("hc-checks", project.code)
  252. 

  253. 

  254. @login_required
  255. def project(request, code):
  256.     if request.user.is_superuser:
  257.         q = Project.objects
  258.     else:
  259.         q = request.profile.projects()
  260. 

  261.     try:
  262.         project = q.get(code=code)
  263.     except Project.DoesNotExist:
  264.         return HttpResponseNotFound()
  265. 

  266.     is_owner = project.owner_id == request.user.id
  267.     ctx = {
  268.         "page": "project",
  269.         "project": project,
  270.         "is_owner": is_owner,
  271.         "show_api_keys": "show_api_keys" in request.GET,
  272.         "project_name_status": "default",
  273.         "api_status": "default",
  274.         "team_status": "default",
  275.     }
  276. 

  277.     if request.method == "POST":
  278.         if "create_api_keys" in request.POST:
  279.             project.set_api_keys()
  280.             project.save()
  281. 

  282.             ctx["show_api_keys"] = True
  283.             ctx["api_keys_created"] = True
  284.             ctx["api_status"] = "success"
  285.         elif "revoke_api_keys" in request.POST:
  286.             project.api_key = ""
  287.             project.api_key_readonly = ""
  288.             project.save()
  289. 

  290.             ctx["api_keys_revoked"] = True
  291.             ctx["api_status"] = "info"
  292.         elif "show_api_keys" in request.POST:
  293.             ctx["show_api_keys"] = True
  294.         elif "invite_team_member" in request.POST:
  295.             if not is_owner or not project.can_invite():
  296.                 return HttpResponseForbidden()
  297. 

  298.             form = InviteTeamMemberForm(request.POST)
  299.             if form.is_valid():
  300.                 if not TokenBucket.authorize_invite(request.user):
  301.                     return render(request, "try_later.html")
  302. 

  303.                 email = form.cleaned_data["email"]
  304.                 try:
  305.                     user = User.objects.get(email=email)
  306.                 except User.DoesNotExist:
  307.                     user = _make_user(email, with_project=False)
  308. 

  309.                 project.invite(user)
  310.                 ctx["team_member_invited"] = email
  311.                 ctx["team_status"] = "success"
  312. 

  313.         elif "remove_team_member" in request.POST:
  314.             if not is_owner:
  315.                 return HttpResponseForbidden()
  316. 

  317.             form = RemoveTeamMemberForm(request.POST)
  318.             if form.is_valid():
  319.                 q = User.objects
  320.                 q = q.filter(email=form.cleaned_data["email"])
  321.                 q = q.filter(memberships__project=project)
  322.                 farewell_user = q.first()
  323.                 if farewell_user is None:
  324.                     return HttpResponseBadRequest()
  325. 

  326.                 farewell_user.profile.current_project = None
  327.                 farewell_user.profile.save()
  328. 

  329.                 Member.objects.filter(project=project, user=farewell_user).delete()
  330. 

  331.                 ctx["team_member_removed"] = form.cleaned_data["email"]
  332.                 ctx["team_status"] = "info"
  333.         elif "set_project_name" in request.POST:
  334.             form = ProjectNameForm(request.POST)
  335.             if form.is_valid():
  336.                 project.name = form.cleaned_data["name"]
  337.                 project.save()
  338. 

  339.                 if request.profile.current_project == project:
  340.                     request.profile.current_project.name = project.name
  341. 

  342.                 ctx["project_name_updated"] = True
  343.                 ctx["project_name_status"] = "success"
  344. 

  345.     # Count members right before rendering the template, in case
  346.     # we just invited or removed someone
  347.     ctx["num_members"] = project.member_set.count()
  348.     return render(request, "accounts/project.html", ctx)
  349. 

  350. 

  351. @login_required
  352. def notifications(request):
  353.     profile = request.profile
  354. 

  355.     ctx = {"status": "default", "page": "profile", "profile": profile}
  356. 

  357.     if request.method == "POST":
  358.         form = ReportSettingsForm(request.POST)
  359.         if form.is_valid():
  360.             if profile.reports_allowed != form.cleaned_data["reports_allowed"]:
  361.                 profile.reports_allowed = form.cleaned_data["reports_allowed"]
  362.                 if profile.reports_allowed:
  363.                     profile.next_report_date = now() + td(days=30)
  364.                 else:
  365.                     profile.next_report_date = None
  366. 

  367.             if profile.nag_period != form.cleaned_data["nag_period"]:
  368.                 # Set the new nag period
  369.                 profile.nag_period = form.cleaned_data["nag_period"]
  370.                 # and schedule next_nag_date:
  371.                 if profile.nag_period:
  372.                     profile.next_nag_date = now() + profile.nag_period
  373.                 else:
  374.                     profile.next_nag_date = None
  375. 

  376.             profile.save()
  377.             ctx["status"] = "info"
  378. 

  379.     return render(request, "accounts/notifications.html", ctx)
  380. 

  381. 

  382. @login_required
  383. def set_password(request, token):
  384.     if not request.profile.check_token(token, "set-password"):
  385.         return HttpResponseBadRequest()
  386. 

  387.     if request.method == "POST":
  388.         form = SetPasswordForm(request.POST)
  389.         if form.is_valid():
  390.             password = form.cleaned_data["password"]
  391.             request.user.set_password(password)
  392.             request.user.save()
  393. 

  394.             request.profile.token = ""
  395.             request.profile.save()
  396. 

  397.             # Setting a password logs the user out, so here we
  398.             # log them back in.
  399.             u = authenticate(username=request.user.email, password=password)
  400.             auth_login(request, u)
  401. 

  402.             messages.success(request, "Your password has been set!")
  403.             return redirect("hc-profile")
  404. 

  405.     return render(request, "accounts/set_password.html", {})
  406. 

  407. 

  408. @login_required
  409. def change_email(request, token):
  410.     if not request.profile.check_token(token, "change-email"):
  411.         return HttpResponseBadRequest()
  412. 

  413.     if request.method == "POST":
  414.         form = ChangeEmailForm(request.POST)
  415.         if form.is_valid():
  416.             request.user.email = form.cleaned_data["email"]
  417.             request.user.set_unusable_password()
  418.             request.user.save()
  419. 

  420.             request.profile.token = ""
  421.             request.profile.save()
  422. 

  423.             return redirect("hc-change-email-done")
  424.     else:
  425.         form = ChangeEmailForm()
  426. 

  427.     return render(request, "accounts/change_email.html", {"form": form})
  428. 

  429. 

  430. def change_email_done(request):
  431.     return render(request, "accounts/change_email_done.html")
  432. 

  433. 

  434. @csrf_exempt
  435. def unsubscribe_reports(request, username):
  436.     signer = signing.TimestampSigner(salt="reports")
  437.     try:
  438.         username = signer.unsign(username)
  439.     except signing.BadSignature:
  440.         return render(request, "bad_link.html")
  441. 

  442.     # Some email servers open links in emails to check for malicious content.
  443.     # To work around this, we serve a form that auto-submits with JS.
  444.     if "ask" in request.GET and request.method != "POST":
  445.         return render(request, "accounts/unsubscribe_submit.html")
  446. 

  447.     user = User.objects.get(username=username)
  448.     profile = Profile.objects.for_user(user)
  449.     profile.reports_allowed = False
  450.     profile.next_report_date = None
  451.     profile.nag_period = td()
  452.     profile.next_nag_date = None
  453.     profile.save()
  454. 

  455.     return render(request, "accounts/unsubscribed.html")
  456. 

  457. 

  458. @require_POST
  459. @login_required
  460. def close(request):
  461.     user = request.user
  462. 

  463.     # Subscription needs to be canceled before it is deleted:
  464.     sub = Subscription.objects.filter(user=user).first()
  465.     if sub:
  466.         sub.cancel(delete_customer=True)
  467. 

  468.     user.delete()
  469. 

  470.     # Deleting user also deletes its profile, checks, channels etc.
  471. 

  472.     request.session.flush()
  473.     return redirect("hc-index")
  474. 

  475. 

  476. @require_POST
  477. @login_required
  478. def remove_project(request, code):
  479.     project = get_object_or_404(Project, code=code, owner=request.user)
  480.     project.delete()
  481.     return redirect("hc-index")