zulip/zephyr/forms.py

from django import forms
from django.core import validators
from django.core.exceptions import ValidationError
from django.utils.safestring import mark_safe
from django.contrib.auth.forms import SetPasswordForm

from humbug import settings
from zephyr.models import Realm, get_user_profile_by_email, UserProfile
from zephyr.lib.actions import do_change_password

def is_unique(value):
    try:
        get_user_profile_by_email(value)
        raise ValidationError(u'%s is already registered' % value)
    except UserProfile.DoesNotExist:
        pass

def is_inactive(value):
    try:
        if get_user_profile_by_email(value).is_active:
            raise ValidationError(u'%s is already active' % value)
    except UserProfile.DoesNotExist:
        pass

SIGNUP_STRING = '<a href="http://get.humbughq.com/">Sign up</a> to find out when Humbug is ready for you.'

def has_valid_realm(value):
    try:
        Realm.objects.get(domain=value.split("@")[-1])
    except Realm.DoesNotExist:
        raise ValidationError(mark_safe(u'Registration is not currently available for your domain. ' + SIGNUP_STRING))

def isnt_mit(value):
    if "@mit.edu" in value:
        raise ValidationError(mark_safe(u'Humbug for MIT is by invitation only. ' + SIGNUP_STRING))

class RegistrationForm(forms.Form):
    full_name = forms.CharField(max_length=100)
    password = forms.CharField(widget=forms.PasswordInput, max_length=100)
    terms = forms.BooleanField(required=True)

class ToSForm(forms.Form):
    full_name = forms.CharField(max_length=100)
    terms = forms.BooleanField(required=True)

class HomepageForm(forms.Form):
    if settings.ALLOW_REGISTER:
        email = forms.EmailField()
    else:
        validators = [has_valid_realm, isnt_mit, is_inactive]
        email = forms.EmailField(validators=validators)

class LoggingSetPasswordForm(SetPasswordForm):
    def save(self, commit=True):
        do_change_password(self.user, self.cleaned_data['new_password1'],
                           log=True, commit=commit)
        return self.user
Initial Django commit: basic account, zephyr stream, narrowing, etc. (imported from commit 3cd40521171a4020c19021eda0d20ee9f802af41) 2012-08-28 18:44:51 +02:00			`from django import forms`
Add a custom validator to ensure email uniqueness, include ommitted fields. Previously no check was performed to ensure that the same email wasn't used to register twice. Here we add a validator to perform that check. We also noted that the domain field was omitted, but checked by a client of this class. Therefore, we add it directly. (imported from commit 1411bf0adeb3cd048278376b059a26a0da4c54df) 2012-09-26 20:08:39 +02:00			`from django.core import validators`
			`from django.core.exceptions import ValidationError`
Always allow registration if attempting to register for a non-MIT realm. (imported from commit 00489ab74c376a4ffb23ad661699ef31c6c06818) 2012-11-21 21:14:55 +01:00			`from django.utils.safestring import mark_safe`
Log password change events via the password reset feature. (imported from commit bbec7074229e8779c81d439d4eef373b5dac9fa7) 2012-12-13 21:08:07 +01:00			`from django.contrib.auth.forms import SetPasswordForm`
Always allow registration if attempting to register for a non-MIT realm. (imported from commit 00489ab74c376a4ffb23ad661699ef31c6c06818) 2012-11-21 21:14:55 +01:00
			`from humbug import settings`
Use get_user_profile_by_email more consistently. The previous situation was bad for two reasons: (1) It had a lot of copies of the code, some of them missing pieces: UserProfile.objects.get(user__email__iexact=foo) This was in particular going to be inconvenient since we are dropping the __user part of that. (2) It didn't take advantage of our memcached caching. (imported from commit 2325795f288a7cf306cdae191f5d3080aac0651a) 2013-03-28 20:20:31 +01:00			`from zephyr.models import Realm, get_user_profile_by_email, UserProfile`
Move action functions from models.py to zephyr/lib/actions.py. (imported from commit 9d577dd53ce7d4c9faf6cc8a56129d684a50811b) 2013-01-10 22:01:33 +01:00			`from zephyr.lib.actions import do_change_password`
Add a custom validator to ensure email uniqueness, include ommitted fields. Previously no check was performed to ensure that the same email wasn't used to register twice. Here we add a validator to perform that check. We also noted that the domain field was omitted, but checked by a client of this class. Therefore, we add it directly. (imported from commit 1411bf0adeb3cd048278376b059a26a0da4c54df) 2012-09-26 20:08:39 +02:00
			`def is_unique(value):`
			`try:`
Use get_user_profile_by_email more consistently. The previous situation was bad for two reasons: (1) It had a lot of copies of the code, some of them missing pieces: UserProfile.objects.get(user__email__iexact=foo) This was in particular going to be inconvenient since we are dropping the __user part of that. (2) It didn't take advantage of our memcached caching. (imported from commit 2325795f288a7cf306cdae191f5d3080aac0651a) 2013-03-28 20:20:31 +01:00			`get_user_profile_by_email(value)`
Add a custom validator to ensure email uniqueness, include ommitted fields. Previously no check was performed to ensure that the same email wasn't used to register twice. Here we add a validator to perform that check. We also noted that the domain field was omitted, but checked by a client of this class. Therefore, we add it directly. (imported from commit 1411bf0adeb3cd048278376b059a26a0da4c54df) 2012-09-26 20:08:39 +02:00			`raise ValidationError(u'%s is already registered' % value)`
Use get_user_profile_by_email more consistently. The previous situation was bad for two reasons: (1) It had a lot of copies of the code, some of them missing pieces: UserProfile.objects.get(user__email__iexact=foo) This was in particular going to be inconvenient since we are dropping the __user part of that. (2) It didn't take advantage of our memcached caching. (imported from commit 2325795f288a7cf306cdae191f5d3080aac0651a) 2013-03-28 20:20:31 +01:00			`except UserProfile.DoesNotExist:`
Add a custom validator to ensure email uniqueness, include ommitted fields. Previously no check was performed to ensure that the same email wasn't used to register twice. Here we add a validator to perform that check. We also noted that the domain field was omitted, but checked by a client of this class. Therefore, we add it directly. (imported from commit 1411bf0adeb3cd048278376b059a26a0da4c54df) 2012-09-26 20:08:39 +02:00			`pass`

Rename is_active to is_inactive. The purpose of the validator is to ensure the user isn't active, so let's correctly test for that here. (imported from commit 772ddb901098f78750efab274405a10f36c49232) 2013-02-12 20:52:42 +01:00			`def is_inactive(value):`
Implement MIT signups. Here we introduce a new manage.py command, activate_mit, which takes a number of usernames and sends out emails to the users with instructions on how to activate their accounts. (imported from commit f14401b55f915698e83ff27b86434f53e64685f3) 2012-10-29 19:08:18 +01:00			`try:`
Access the UserProfile's new is_active field rather than User's. (imported from commit ed5bdaf3e3d6d20bfb741efdac48d30482ab9ef7) 2013-03-28 20:47:22 +01:00			`if get_user_profile_by_email(value).is_active:`
Implement MIT signups. Here we introduce a new manage.py command, activate_mit, which takes a number of usernames and sends out emails to the users with instructions on how to activate their accounts. (imported from commit f14401b55f915698e83ff27b86434f53e64685f3) 2012-10-29 19:08:18 +01:00			`raise ValidationError(u'%s is already active' % value)`
Use get_user_profile_by_email more consistently. The previous situation was bad for two reasons: (1) It had a lot of copies of the code, some of them missing pieces: UserProfile.objects.get(user__email__iexact=foo) This was in particular going to be inconvenient since we are dropping the __user part of that. (2) It didn't take advantage of our memcached caching. (imported from commit 2325795f288a7cf306cdae191f5d3080aac0651a) 2013-03-28 20:20:31 +01:00			`except UserProfile.DoesNotExist:`
Implement MIT signups. Here we introduce a new manage.py command, activate_mit, which takes a number of usernames and sends out emails to the users with instructions on how to activate their accounts. (imported from commit f14401b55f915698e83ff27b86434f53e64685f3) 2012-10-29 19:08:18 +01:00			`pass`

Always allow registration if attempting to register for a non-MIT realm. (imported from commit 00489ab74c376a4ffb23ad661699ef31c6c06818) 2012-11-21 21:14:55 +01:00			`SIGNUP_STRING = '<a href="http://get.humbughq.com/">Sign up</a> to find out when Humbug is ready for you.'`

			`def has_valid_realm(value):`
			`try:`
			`Realm.objects.get(domain=value.split("@")[-1])`
			`except Realm.DoesNotExist:`
			`raise ValidationError(mark_safe(u'Registration is not currently available for your domain. ' + SIGNUP_STRING))`

			`def isnt_mit(value):`
			`if "@mit.edu" in value:`
			`raise ValidationError(mark_safe(u'Humbug for MIT is by invitation only. ' + SIGNUP_STRING))`

Initial Django commit: basic account, zephyr stream, narrowing, etc. (imported from commit 3cd40521171a4020c19021eda0d20ee9f802af41) 2012-08-28 18:44:51 +02:00			`class RegistrationForm(forms.Form):`
[schema] Collect and display names and e-mail addresses. (imported from commit aa6bceb05fcd5b456c03288cbfed65b14050fe88) 2012-09-11 19:20:01 +02:00			`full_name = forms.CharField(max_length=100)`
Don't show the user's password when registering. (imported from commit 9268c07560de744abdedf11b8d39cd8045baeff9) 2012-09-05 16:20:39 +02:00			`password = forms.CharField(widget=forms.PasswordInput, max_length=100)`
Add an "I agree to the terms of use" checkbox inside signup workflow. (imported from commit 6d3320e71e189f4577da464fade9c8f7f5838f78) 2012-10-25 21:04:46 +02:00			`terms = forms.BooleanField(required=True)`
Implement confirmation for new user signups. We add a few templates for django-confirmation. We define a "PreregistrationForm" which is validated by accounts_home, which then generates a confirmation object and emails the user. This required creating a new table for a PreregistrationUser with an email and status (confirmed) field. The register function now no longer accepts a "email" field in the form and deals only with confirmation IDs to determine the email used to sign up a user. (imported from commit 4fcde04530aa7ad4de84579668daee7290b424ac) 2012-09-28 22:47:05 +02:00
Add alternative terms acceptance workflow. This view lives at /accounts/accept_terms, and (after getting an acceptance from the user) sends an email to all@ documenting the acceptance. (imported from commit 8f64286ab02887fd6544fa274b2967f6499b6dbc) 2013-01-08 23:26:40 +01:00			`class ToSForm(forms.Form):`
			`full_name = forms.CharField(max_length=100)`
			`terms = forms.BooleanField(required=True)`

Implement confirmation for new user signups. We add a few templates for django-confirmation. We define a "PreregistrationForm" which is validated by accounts_home, which then generates a confirmation object and emails the user. This required creating a new table for a PreregistrationUser with an email and status (confirmed) field. The register function now no longer accepts a "email" field in the form and deals only with confirmation IDs to determine the email used to sign up a user. (imported from commit 4fcde04530aa7ad4de84579668daee7290b424ac) 2012-09-28 22:47:05 +02:00			`class HomepageForm(forms.Form):`
Always allow registration if attempting to register for a non-MIT realm. (imported from commit 00489ab74c376a4ffb23ad661699ef31c6c06818) 2012-11-21 21:14:55 +01:00			`if settings.ALLOW_REGISTER:`
Check whether users are active, not whether they are nonunique. Previously we checked and bailed when there was a user registered with an email address, regardless of active status. This meant that MIT users who had inactive accounts autocreated had issues where they would be confusingly told they were signed up even though they had never taken any action on our site directly. Now we instead check whether there are any current active user accounts with that email address, and proceed with generating an activation link if the user lacks a corresponding active account. Security implications of this commit come into play if we start implementing removing users ability to sign in as deactivation. Since we lack a user removal story here, this isn't terribly concerning yet and we'll revist this code when we decide to add such functionality in the future. This resolves trac #581 and #631. (imported from commit c3fb93ce065e63e19b41f63c1f27891b93b75f86) 2013-02-11 19:37:31 +01:00			`email = forms.EmailField()`
Always allow registration if attempting to register for a non-MIT realm. (imported from commit 00489ab74c376a4ffb23ad661699ef31c6c06818) 2012-11-21 21:14:55 +01:00			`else:`
Rename is_active to is_inactive. The purpose of the validator is to ensure the user isn't active, so let's correctly test for that here. (imported from commit 772ddb901098f78750efab274405a10f36c49232) 2013-02-12 20:52:42 +01:00			`validators = [has_valid_realm, isnt_mit, is_inactive]`
Check whether users are active, not whether they are nonunique. Previously we checked and bailed when there was a user registered with an email address, regardless of active status. This meant that MIT users who had inactive accounts autocreated had issues where they would be confusingly told they were signed up even though they had never taken any action on our site directly. Now we instead check whether there are any current active user accounts with that email address, and proceed with generating an activation link if the user lacks a corresponding active account. Security implications of this commit come into play if we start implementing removing users ability to sign in as deactivation. Since we lack a user removal story here, this isn't terribly concerning yet and we'll revist this code when we decide to add such functionality in the future. This resolves trac #581 and #631. (imported from commit c3fb93ce065e63e19b41f63c1f27891b93b75f86) 2013-02-11 19:37:31 +01:00			`email = forms.EmailField(validators=validators)`
Log password change events via the password reset feature. (imported from commit bbec7074229e8779c81d439d4eef373b5dac9fa7) 2012-12-13 21:08:07 +01:00
			`class LoggingSetPasswordForm(SetPasswordForm):`
			`def save(self, commit=True):`
[manual] Authenticate using a user_profile as request.user. When this is deployed to staging, we need to run ./manage.py logout_all_users --realm=humbughq.com When this is deployed to prod, we need to run ./manage.py logout_all_users (imported from commit d6c6ea4b1c347f3d9122742db23c7b67767a7349) 2013-03-29 17:39:53 +01:00			`do_change_password(self.user, self.cleaned_data['new_password1'],`
Log password change events via the password reset feature. (imported from commit bbec7074229e8779c81d439d4eef373b5dac9fa7) 2012-12-13 21:08:07 +01:00			`log=True, commit=commit)`
			`return self.user`