zulip/zephyr/forms.py

from django import forms
from django.core import validators
from django.core.exceptions import ValidationError
from django.contrib.auth.models import User
from django.utils.safestring import mark_safe
from django.contrib.auth.forms import SetPasswordForm

from humbug import settings
from zephyr.models import Realm
from zephyr.lib.actions import do_change_password

def is_unique(value):
    try:
        User.objects.get(email__iexact=value)
        raise ValidationError(u'%s is already registered' % value)
    except User.DoesNotExist:
        pass

def is_active(value):
    try:
        if User.objects.get(email=value).is_active:
            raise ValidationError(u'%s is already active' % value)
    except User.DoesNotExist:
        pass

SIGNUP_STRING = '<a href="http://get.humbughq.com/">Sign up</a> to find out when Humbug is ready for you.'

def has_valid_realm(value):
    try:
        Realm.objects.get(domain=value.split("@")[-1])
    except Realm.DoesNotExist:
        raise ValidationError(mark_safe(u'Registration is not currently available for your domain. ' + SIGNUP_STRING))

def isnt_mit(value):
    if "@mit.edu" in value:
        raise ValidationError(mark_safe(u'Humbug for MIT is by invitation only. ' + SIGNUP_STRING))

class RegistrationForm(forms.Form):
    full_name = forms.CharField(max_length=100)
    password = forms.CharField(widget=forms.PasswordInput, max_length=100)
    terms = forms.BooleanField(required=True)

class ToSForm(forms.Form):
    full_name = forms.CharField(max_length=100)
    terms = forms.BooleanField(required=True)

class HomepageForm(forms.Form):
    if settings.ALLOW_REGISTER:
        email = forms.EmailField()
    else:
        validators = [has_valid_realm, isnt_mit, is_active]
        email = forms.EmailField(validators=validators)

class LoggingSetPasswordForm(SetPasswordForm):
    def save(self, commit=True):
        do_change_password(self.user, self.cleaned_data['new_password1'],
                           log=True, commit=commit)
        return self.user
Initial Django commit: basic account, zephyr stream, narrowing, etc. (imported from commit 3cd40521171a4020c19021eda0d20ee9f802af41) 2012-08-28 18:44:51 +02:00			`from django import forms`
Add a custom validator to ensure email uniqueness, include ommitted fields. Previously no check was performed to ensure that the same email wasn't used to register twice. Here we add a validator to perform that check. We also noted that the domain field was omitted, but checked by a client of this class. Therefore, we add it directly. (imported from commit 1411bf0adeb3cd048278376b059a26a0da4c54df) 2012-09-26 20:08:39 +02:00			`from django.core import validators`
			`from django.core.exceptions import ValidationError`
			`from django.contrib.auth.models import User`
Always allow registration if attempting to register for a non-MIT realm. (imported from commit 00489ab74c376a4ffb23ad661699ef31c6c06818) 2012-11-21 21:14:55 +01:00			`from django.utils.safestring import mark_safe`
Log password change events via the password reset feature. (imported from commit bbec7074229e8779c81d439d4eef373b5dac9fa7) 2012-12-13 21:08:07 +01:00			`from django.contrib.auth.forms import SetPasswordForm`
Always allow registration if attempting to register for a non-MIT realm. (imported from commit 00489ab74c376a4ffb23ad661699ef31c6c06818) 2012-11-21 21:14:55 +01:00
			`from humbug import settings`
Move action functions from models.py to zephyr/lib/actions.py. (imported from commit 9d577dd53ce7d4c9faf6cc8a56129d684a50811b) 2013-01-10 22:01:33 +01:00			`from zephyr.models import Realm`
			`from zephyr.lib.actions import do_change_password`
Add a custom validator to ensure email uniqueness, include ommitted fields. Previously no check was performed to ensure that the same email wasn't used to register twice. Here we add a validator to perform that check. We also noted that the domain field was omitted, but checked by a client of this class. Therefore, we add it directly. (imported from commit 1411bf0adeb3cd048278376b059a26a0da4c54df) 2012-09-26 20:08:39 +02:00
			`def is_unique(value):`
			`try:`
Prevent users from creating an account that differs only in case from an existing one Fixes #177 (imported from commit 96c6b4c207c920ec94b5fdd69b2937a88669fa93) 2012-12-04 19:56:34 +01:00			`User.objects.get(email__iexact=value)`
Add a custom validator to ensure email uniqueness, include ommitted fields. Previously no check was performed to ensure that the same email wasn't used to register twice. Here we add a validator to perform that check. We also noted that the domain field was omitted, but checked by a client of this class. Therefore, we add it directly. (imported from commit 1411bf0adeb3cd048278376b059a26a0da4c54df) 2012-09-26 20:08:39 +02:00			`raise ValidationError(u'%s is already registered' % value)`
			`except User.DoesNotExist:`
			`pass`

Implement MIT signups. Here we introduce a new manage.py command, activate_mit, which takes a number of usernames and sends out emails to the users with instructions on how to activate their accounts. (imported from commit f14401b55f915698e83ff27b86434f53e64685f3) 2012-10-29 19:08:18 +01:00			`def is_active(value):`
			`try:`
			`if User.objects.get(email=value).is_active:`
			`raise ValidationError(u'%s is already active' % value)`
			`except User.DoesNotExist:`
			`pass`

Always allow registration if attempting to register for a non-MIT realm. (imported from commit 00489ab74c376a4ffb23ad661699ef31c6c06818) 2012-11-21 21:14:55 +01:00			`SIGNUP_STRING = '<a href="http://get.humbughq.com/">Sign up</a> to find out when Humbug is ready for you.'`

			`def has_valid_realm(value):`
			`try:`
			`Realm.objects.get(domain=value.split("@")[-1])`
			`except Realm.DoesNotExist:`
			`raise ValidationError(mark_safe(u'Registration is not currently available for your domain. ' + SIGNUP_STRING))`

			`def isnt_mit(value):`
			`if "@mit.edu" in value:`
			`raise ValidationError(mark_safe(u'Humbug for MIT is by invitation only. ' + SIGNUP_STRING))`

Initial Django commit: basic account, zephyr stream, narrowing, etc. (imported from commit 3cd40521171a4020c19021eda0d20ee9f802af41) 2012-08-28 18:44:51 +02:00			`class RegistrationForm(forms.Form):`
[schema] Collect and display names and e-mail addresses. (imported from commit aa6bceb05fcd5b456c03288cbfed65b14050fe88) 2012-09-11 19:20:01 +02:00			`full_name = forms.CharField(max_length=100)`
Don't show the user's password when registering. (imported from commit 9268c07560de744abdedf11b8d39cd8045baeff9) 2012-09-05 16:20:39 +02:00			`password = forms.CharField(widget=forms.PasswordInput, max_length=100)`
Add an "I agree to the terms of use" checkbox inside signup workflow. (imported from commit 6d3320e71e189f4577da464fade9c8f7f5838f78) 2012-10-25 21:04:46 +02:00			`terms = forms.BooleanField(required=True)`
Implement confirmation for new user signups. We add a few templates for django-confirmation. We define a "PreregistrationForm" which is validated by accounts_home, which then generates a confirmation object and emails the user. This required creating a new table for a PreregistrationUser with an email and status (confirmed) field. The register function now no longer accepts a "email" field in the form and deals only with confirmation IDs to determine the email used to sign up a user. (imported from commit 4fcde04530aa7ad4de84579668daee7290b424ac) 2012-09-28 22:47:05 +02:00
Add alternative terms acceptance workflow. This view lives at /accounts/accept_terms, and (after getting an acceptance from the user) sends an email to all@ documenting the acceptance. (imported from commit 8f64286ab02887fd6544fa274b2967f6499b6dbc) 2013-01-08 23:26:40 +01:00			`class ToSForm(forms.Form):`
			`full_name = forms.CharField(max_length=100)`
			`terms = forms.BooleanField(required=True)`

Implement confirmation for new user signups. We add a few templates for django-confirmation. We define a "PreregistrationForm" which is validated by accounts_home, which then generates a confirmation object and emails the user. This required creating a new table for a PreregistrationUser with an email and status (confirmed) field. The register function now no longer accepts a "email" field in the form and deals only with confirmation IDs to determine the email used to sign up a user. (imported from commit 4fcde04530aa7ad4de84579668daee7290b424ac) 2012-09-28 22:47:05 +02:00			`class HomepageForm(forms.Form):`
Always allow registration if attempting to register for a non-MIT realm. (imported from commit 00489ab74c376a4ffb23ad661699ef31c6c06818) 2012-11-21 21:14:55 +01:00			`if settings.ALLOW_REGISTER:`
Check whether users are active, not whether they are nonunique. Previously we checked and bailed when there was a user registered with an email address, regardless of active status. This meant that MIT users who had inactive accounts autocreated had issues where they would be confusingly told they were signed up even though they had never taken any action on our site directly. Now we instead check whether there are any current active user accounts with that email address, and proceed with generating an activation link if the user lacks a corresponding active account. Security implications of this commit come into play if we start implementing removing users ability to sign in as deactivation. Since we lack a user removal story here, this isn't terribly concerning yet and we'll revist this code when we decide to add such functionality in the future. This resolves trac #581 and #631. (imported from commit c3fb93ce065e63e19b41f63c1f27891b93b75f86) 2013-02-11 19:37:31 +01:00			`email = forms.EmailField()`
Always allow registration if attempting to register for a non-MIT realm. (imported from commit 00489ab74c376a4ffb23ad661699ef31c6c06818) 2012-11-21 21:14:55 +01:00			`else:`
Check whether users are active, not whether they are nonunique. Previously we checked and bailed when there was a user registered with an email address, regardless of active status. This meant that MIT users who had inactive accounts autocreated had issues where they would be confusingly told they were signed up even though they had never taken any action on our site directly. Now we instead check whether there are any current active user accounts with that email address, and proceed with generating an activation link if the user lacks a corresponding active account. Security implications of this commit come into play if we start implementing removing users ability to sign in as deactivation. Since we lack a user removal story here, this isn't terribly concerning yet and we'll revist this code when we decide to add such functionality in the future. This resolves trac #581 and #631. (imported from commit c3fb93ce065e63e19b41f63c1f27891b93b75f86) 2013-02-11 19:37:31 +01:00			`validators = [has_valid_realm, isnt_mit, is_active]`
			`email = forms.EmailField(validators=validators)`
Log password change events via the password reset feature. (imported from commit bbec7074229e8779c81d439d4eef373b5dac9fa7) 2012-12-13 21:08:07 +01:00
			`class LoggingSetPasswordForm(SetPasswordForm):`
			`def save(self, commit=True):`
			`do_change_password(self.user, self.cleaned_data['new_password1'],`
			`log=True, commit=commit)`
			`return self.user`