|
|
- import uuid
-
- from django.conf import settings
- from django.contrib.auth import authenticate, login as auth_login
- from django.contrib.auth.models import User
- from django.core.mail import send_mail
- from django.core.urlresolvers import reverse
- from django.http import HttpResponseBadRequest
- from django.shortcuts import redirect, render
-
- from hc.accounts.forms import EmailForm
-
-
- def create(request):
- assert request.method == "POST"
-
- form = EmailForm(request.POST)
- if form.is_valid():
- email = form.cleaned_data["email"]
-
- num_existing = User.objects.filter(email=email).count()
- if num_existing > 0:
- # FIXME be more polite about this
- return HttpResponseBadRequest()
-
- username = str(uuid.uuid4())[:30]
- temp_password = str(uuid.uuid4())
-
- user = User(username=username, email=email)
- user.set_password(temp_password)
- user.save()
-
- user = authenticate(username=username, password=temp_password)
- user.set_unusable_password()
- user.save()
-
- auth_login(request, user)
- return redirect("hc-checks")
-
- # FIXME do something nicer here
- return HttpResponseBadRequest()
-
-
- def login(request):
- if request.method == 'POST':
- form = EmailForm(request.POST)
- if form.is_valid():
- email = form.cleaned_data["email"].lower()
- user = User.objects.get(email=email)
-
- # We don't want to reset passwords of staff users :-)
- if user.is_staff:
- return HttpResponseBadRequest()
-
- token = str(uuid.uuid4())
- user.set_password(token)
- user.save()
-
- login_link = reverse("hc-check-token", args=[user.username, token])
- login_link = settings.SITE_ROOT + login_link
- body = "login link: %s" % login_link
-
- send_mail('Log In', body, '[email protected]', [email],
- fail_silently=False)
-
- return redirect("hc-login-link-sent")
-
- else:
- form = EmailForm()
-
- ctx = {"form": form}
- return render(request, "accounts/login.html", ctx)
-
-
- def login_link_sent(request):
- return render(request, "accounts/login_link_sent.html")
-
-
- def check_token(request, username, token):
- user = authenticate(username=username, password=token)
- if user is not None:
- if user.is_active:
- user.set_unusable_password()
- user.save()
- auth_login(request, user)
- return redirect("hc-checks")
-
- return render(request, "bad_link.html")
|
