import base64
|
|
import binascii
|
|
from datetime import timedelta as td
|
|
|
|
from django import forms
|
|
from django.core.exceptions import ValidationError
|
|
from django.contrib.auth import authenticate
|
|
from django.contrib.auth.models import User
|
|
from hc.accounts.models import REPORT_CHOICES
|
|
from hc.api.models import TokenBucket
|
|
import pytz
|
|
|
|
|
|
class LowercaseEmailField(forms.EmailField):
|
|
def clean(self, value):
|
|
value = super(LowercaseEmailField, self).clean(value)
|
|
return value.lower()
|
|
|
|
|
|
class Base64Field(forms.CharField):
|
|
def to_python(self, value):
|
|
if value is None:
|
|
return None
|
|
|
|
try:
|
|
return base64.b64decode(value.encode())
|
|
except binascii.Error:
|
|
raise ValidationError(message="Cannot decode base64")
|
|
|
|
|
|
class SignupForm(forms.Form):
|
|
# Call it "identity" instead of "email"
|
|
# to avoid some of the dumber bots
|
|
identity = LowercaseEmailField(
|
|
error_messages={"required": "Please enter your email address."}
|
|
)
|
|
tz = forms.CharField(required=False)
|
|
|
|
def clean_identity(self):
|
|
v = self.cleaned_data["identity"]
|
|
if len(v) > 254:
|
|
raise forms.ValidationError("Address is too long.")
|
|
|
|
if User.objects.filter(email=v).exists():
|
|
raise forms.ValidationError(
|
|
"An account with this email address already exists."
|
|
)
|
|
|
|
return v
|
|
|
|
def clean_tz(self):
|
|
# Declare tz as "clean" only if we can find it in pytz.all_timezones
|
|
if self.cleaned_data["tz"] in pytz.all_timezones:
|
|
return self.cleaned_data["tz"]
|
|
|
|
# Otherwise, return None, and *don't* throw a validation exception:
|
|
# If user's browser reports a timezone we don't recognize, we
|
|
# should ignore the timezone but still save the rest of the form.
|
|
|
|
|
|
class EmailLoginForm(forms.Form):
|
|
# Call it "identity" instead of "email"
|
|
# to avoid some of the dumber bots
|
|
identity = LowercaseEmailField()
|
|
|
|
def clean_identity(self):
|
|
v = self.cleaned_data["identity"]
|
|
if not TokenBucket.authorize_login_email(v):
|
|
raise forms.ValidationError("Too many attempts, please try later.")
|
|
|
|
try:
|
|
self.user = User.objects.get(email=v)
|
|
except User.DoesNotExist:
|
|
raise forms.ValidationError("Unknown email address.")
|
|
|
|
return v
|
|
|
|
|
|
class PasswordLoginForm(forms.Form):
|
|
email = LowercaseEmailField()
|
|
password = forms.CharField()
|
|
|
|
def clean(self):
|
|
username = self.cleaned_data.get("email")
|
|
password = self.cleaned_data.get("password")
|
|
|
|
if username and password:
|
|
if not TokenBucket.authorize_login_password(username):
|
|
raise forms.ValidationError("Too many attempts, please try later.")
|
|
|
|
self.user = authenticate(username=username, password=password)
|
|
if self.user is None or not self.user.is_active:
|
|
raise forms.ValidationError("Incorrect email or password.")
|
|
|
|
return self.cleaned_data
|
|
|
|
|
|
class ReportSettingsForm(forms.Form):
|
|
reports = forms.ChoiceField(choices=REPORT_CHOICES)
|
|
nag_period = forms.IntegerField(min_value=0, max_value=86400)
|
|
tz = forms.CharField()
|
|
|
|
def clean_nag_period(self):
|
|
seconds = self.cleaned_data["nag_period"]
|
|
|
|
if seconds not in (0, 3600, 86400):
|
|
raise forms.ValidationError("Bad nag_period: %d" % seconds)
|
|
|
|
return td(seconds=seconds)
|
|
|
|
def clean_tz(self):
|
|
# Declare tz as "clean" only if we can find it in pytz.all_timezones
|
|
if self.cleaned_data["tz"] in pytz.all_timezones:
|
|
return self.cleaned_data["tz"]
|
|
|
|
# Otherwise, return None, and *don't* throw a validation exception:
|
|
# If user's browser reports a timezone we don't recognize, we
|
|
# should ignore the timezone but still save the rest of the form.
|
|
|
|
|
|
class SetPasswordForm(forms.Form):
|
|
password = forms.CharField(min_length=8)
|
|
|
|
|
|
class ChangeEmailForm(forms.Form):
|
|
error_css_class = "has-error"
|
|
email = LowercaseEmailField()
|
|
|
|
def clean_email(self):
|
|
v = self.cleaned_data["email"]
|
|
if User.objects.filter(email=v).exists():
|
|
raise forms.ValidationError("%s is already registered" % v)
|
|
|
|
return v
|
|
|
|
|
|
class InviteTeamMemberForm(forms.Form):
|
|
email = LowercaseEmailField(max_length=254)
|
|
rw = forms.BooleanField(required=False)
|
|
|
|
|
|
class RemoveTeamMemberForm(forms.Form):
|
|
email = LowercaseEmailField()
|
|
|
|
|
|
class ProjectNameForm(forms.Form):
|
|
name = forms.CharField(max_length=60)
|
|
|
|
|
|
class TransferForm(forms.Form):
|
|
email = LowercaseEmailField()
|
|
|
|
|
|
class AddCredentialForm(forms.Form):
|
|
name = forms.CharField(max_length=100)
|
|
client_data_json = Base64Field()
|
|
attestation_object = Base64Field()
|
|
|
|
|
|
class WebAuthnForm(forms.Form):
|
|
credential_id = Base64Field()
|
|
client_data_json = Base64Field()
|
|
authenticator_data = Base64Field()
|
|
signature = Base64Field()
|