zulip/confirmation/models.py

# -*- coding: utf-8 -*-

# Copyright: (c) 2008, Jarek Zgoda <jarek.zgoda@gmail.com>

__revision__ = '$Id: models.py 28 2009-10-22 15:03:02Z jarek.zgoda $'

import datetime

from django.db import models
from django.core.urlresolvers import reverse
from django.conf import settings
from django.contrib.sites.models import Site
from django.contrib.contenttypes.models import ContentType
from django.contrib.contenttypes.fields import GenericForeignKey
from django.http import HttpRequest, HttpResponse
from django.shortcuts import render
from django.utils.timezone import now as timezone_now

from zerver.lib.send_email import send_email
from zerver.lib.utils import generate_random_token
from zerver.models import PreregistrationUser, EmailChangeStatus, MultiuseInvite
from random import SystemRandom
import string
from typing import Any, Dict, Optional, Text, Union

class ConfirmationKeyException(Exception):
    WRONG_LENGTH = 1
    EXPIRED = 2
    DOES_NOT_EXIST = 3

    def __init__(self, error_type):
        # type: (int) -> None
        super(ConfirmationKeyException, self).__init__()
        self.error_type = error_type

def render_confirmation_key_error(request, exception):
    # type: (HttpRequest, ConfirmationKeyException) -> HttpResponse
    if exception.error_type == ConfirmationKeyException.WRONG_LENGTH:
        return render(request, 'confirmation/link_malformed.html')
    if exception.error_type == ConfirmationKeyException.EXPIRED:
        return render(request, 'confirmation/link_expired.html')
    return render(request, 'confirmation/link_does_not_exist.html')

def generate_key():
    # type: () -> str
    generator = SystemRandom()
    # 24 characters * 5 bits of entropy/character = 120 bits of entropy
    return ''.join(generator.choice(string.ascii_lowercase + string.digits) for _ in range(24))

def get_object_from_key(confirmation_key):
    # type: (str) -> Union[MultiuseInvite, PreregistrationUser, EmailChangeStatus]
    # Confirmation keys used to be 40 characters
    if len(confirmation_key) not in (24, 40):
        raise ConfirmationKeyException(ConfirmationKeyException.WRONG_LENGTH)
    try:
        confirmation = Confirmation.objects.get(confirmation_key=confirmation_key)
    except Confirmation.DoesNotExist:
        raise ConfirmationKeyException(ConfirmationKeyException.DOES_NOT_EXIST)

    time_elapsed = timezone_now() - confirmation.date_sent
    if time_elapsed.total_seconds() > _properties[confirmation.type].validity_in_days * 24 * 3600:
        raise ConfirmationKeyException(ConfirmationKeyException.EXPIRED)

    obj = confirmation.content_object
    if hasattr(obj, "status"):
        obj.status = getattr(settings, 'STATUS_ACTIVE', 1)
        obj.save(update_fields=['status'])
    return obj

def create_confirmation_link(obj, host, confirmation_type, url_args=None):
    # type: (Union[ContentType, int], str, int, Optional[Dict[str, str]]) -> str
    key = generate_key()
    Confirmation.objects.create(content_object=obj, date_sent=timezone_now(), confirmation_key=key,
                                type=confirmation_type)
    return confirmation_url(key, host, confirmation_type, url_args)

def confirmation_url(confirmation_key, host, confirmation_type, url_args=None):
    # type: (str, str, int, Optional[Dict[str, str]]) -> str
    if url_args is None:
        url_args = {}
    url_args['confirmation_key'] = confirmation_key
    return '%s%s%s' % (settings.EXTERNAL_URI_SCHEME, host,
                       reverse(_properties[confirmation_type].url_name, kwargs=url_args))

class Confirmation(models.Model):
    content_type = models.ForeignKey(ContentType)
    object_id = models.PositiveIntegerField()  # type: int
    content_object = GenericForeignKey('content_type', 'object_id')
    date_sent = models.DateTimeField()  # type: datetime.datetime
    confirmation_key = models.CharField(max_length=40)  # type: str

    # The following list is the set of valid types
    USER_REGISTRATION = 1
    INVITATION = 2
    EMAIL_CHANGE = 3
    UNSUBSCRIBE = 4
    SERVER_REGISTRATION = 5
    MULTIUSE_INVITE = 6
    type = models.PositiveSmallIntegerField()  # type: int

    def __unicode__(self):
        # type: () -> Text
        return '<Confirmation: %s>' % (self.content_object,)

class ConfirmationType(object):
    def __init__(self, url_name, validity_in_days=settings.CONFIRMATION_LINK_DEFAULT_VALIDITY_DAYS):
        # type: (str, int) -> None
        self.url_name = url_name
        self.validity_in_days = validity_in_days

_properties = {
    Confirmation.USER_REGISTRATION: ConfirmationType('confirmation.views.confirm'),
    Confirmation.INVITATION: ConfirmationType('confirmation.views.confirm',
                                              validity_in_days=settings.INVITATION_LINK_VALIDITY_DAYS),
    Confirmation.EMAIL_CHANGE: ConfirmationType('zerver.views.user_settings.confirm_email_change'),
    Confirmation.UNSUBSCRIBE: ConfirmationType('zerver.views.unsubscribe.email_unsubscribe',
                                               validity_in_days=1000000),  # should never expire
    Confirmation.MULTIUSE_INVITE: ConfirmationType('zerver.views.registration.accounts_home_from_multiuse_invite',
                                                   validity_in_days=settings.INVITATION_LINK_VALIDITY_DAYS)
}

# Conirmation pathways for which there is no content_object that we need to
# keep track of.

def check_key_is_valid(creation_key):
    # type: (Text) -> bool
    if not RealmCreationKey.objects.filter(creation_key=creation_key).exists():
        return False
    days_sofar = (timezone_now() - RealmCreationKey.objects.get(creation_key=creation_key).date_created).days
    # Realm creation link expires after settings.REALM_CREATION_LINK_VALIDITY_DAYS
    if days_sofar <= settings.REALM_CREATION_LINK_VALIDITY_DAYS:
        return True
    return False

def generate_realm_creation_url():
    # type: () -> Text
    key = generate_key()
    RealmCreationKey.objects.create(creation_key=key, date_created=timezone_now())
    return u'%s%s%s' % (settings.EXTERNAL_URI_SCHEME,
                        settings.EXTERNAL_HOST,
                        reverse('zerver.views.create_realm',
                                kwargs={'creation_key': key}))

class RealmCreationKey(models.Model):
    creation_key = models.CharField('activation key', max_length=40)
    date_created = models.DateTimeField('created', default=timezone_now)
Include third-party django-confirmation library. Taken from http://code.google.com/p/django-confirmation/. Code is under the BSD 3-clause license. (imported from commit cfb5a511097fe14fba7f1bcea62dfa25cfb58622) 2012-09-28 22:29:48 +02:00			`# -- coding: utf-8 --`

			`# Copyright: (c) 2008, Jarek Zgoda <jarek.zgoda@gmail.com>`

			`__revision__ = '$Id: models.py 28 2009-10-22 15:03:02Z jarek.zgoda $'`

confirmation: Remove ConfirmationManager. Also adds Confirmation.type, and cleans up the rest of Confirmation to look more like the model definitions in zerver. In the migration, all existing confirmations adopt the type USER_REGISTRATION, to be conservative. In a few commits, different confirmation types will have different validity periods, and USER_REGISTRATION will have the shortest default. 2017-07-08 06:25:05 +02:00			`import datetime`
Include third-party django-confirmation library. Taken from http://code.google.com/p/django-confirmation/. Code is under the BSD 3-clause license. (imported from commit cfb5a511097fe14fba7f1bcea62dfa25cfb58622) 2012-09-28 22:29:48 +02:00
			`from django.db import models`
			`from django.core.urlresolvers import reverse`
			`from django.conf import settings`
			`from django.contrib.sites.models import Site`
			`from django.contrib.contenttypes.models import ContentType`
Django 1.10: Remove generic module 2016-10-10 14:52:01 +02:00			`from django.contrib.contenttypes.fields import GenericForeignKey`
confirmation: Create render_confirmation_key_error function. 2017-07-22 00:25:41 +02:00			`from django.http import HttpRequest, HttpResponse`
			`from django.shortcuts import render`
Replace timezone.now with timezone_now. 2017-04-15 04:03:56 +02:00			`from django.utils.timezone import now as timezone_now`
Include third-party django-confirmation library. Taken from http://code.google.com/p/django-confirmation/. Code is under the BSD 3-clause license. (imported from commit cfb5a511097fe14fba7f1bcea62dfa25cfb58622) 2012-09-28 22:29:48 +02:00
Add a send_email function that takes a template_prefix and context. This commit replaces all uses of django.core.mail.send_mail with send_email, other than in the password reset flow, since that code looks like it is just a patch to Django's password reset code. The send_email function is in a new file, since putting it in zerver.lib.notifications would create an import loop with confirmation.models. send_future_email will soon be moved into email.py as well. 2017-05-02 01:15:58 +02:00			`from zerver.lib.send_email import send_email`
Move to a common random token generation function instead of several one-offs. (imported from commit 3217de5384088deff68fbffc6bd481c045a76817) 2013-08-08 16:50:58 +02:00			`from zerver.lib.utils import generate_random_token`
models: Create MultiuseInvite model. 2017-08-10 22:27:57 +02:00			`from zerver.models import PreregistrationUser, EmailChangeStatus, MultiuseInvite`
confirmation: Change confirmation keys to have length 24. 2017-07-11 20:52:27 +02:00			`from random import SystemRandom`
			`import string`
mypy: Added Dict, List and Set imports. Fixed mypy errors associated with the upgrade. 2017-03-03 19:01:52 +01:00			`from typing import Any, Dict, Optional, Text, Union`
Include third-party django-confirmation library. Taken from http://code.google.com/p/django-confirmation/. Code is under the BSD 3-clause license. (imported from commit cfb5a511097fe14fba7f1bcea62dfa25cfb58622) 2012-09-28 22:29:48 +02:00
confirmation: Create ConfirmationKeyException class. 2017-07-22 00:24:42 +02:00			`class ConfirmationKeyException(Exception):`
			`WRONG_LENGTH = 1`
			`EXPIRED = 2`
			`DOES_NOT_EXIST = 3`

			`def __init__(self, error_type):`
			`# type: (int) -> None`
confirmation: Fix arguments to super(). This and the last half-dozen commits were identified by lgtm. 2017-08-25 18:49:42 +02:00			`super(ConfirmationKeyException, self).__init__()`
confirmation: Create ConfirmationKeyException class. 2017-07-22 00:24:42 +02:00			`self.error_type = error_type`

confirmation: Create render_confirmation_key_error function. 2017-07-22 00:25:41 +02:00			`def render_confirmation_key_error(request, exception):`
			`# type: (HttpRequest, ConfirmationKeyException) -> HttpResponse`
			`if exception.error_type == ConfirmationKeyException.WRONG_LENGTH:`
			`return render(request, 'confirmation/link_malformed.html')`
			`if exception.error_type == ConfirmationKeyException.EXPIRED:`
			`return render(request, 'confirmation/link_expired.html')`
			`return render(request, 'confirmation/link_does_not_exist.html')`

[third] Factor out activation key generation / url creation (imported from commit 18358e29e13f025ec640b0b166e168b4fb3cd94c) 2013-02-28 20:07:04 +01:00			`def generate_key():`
utils: Cast generate_random_token to str. Having this be Text is forcing various URLs, emails, etc to be type annotated as Text. 2017-07-08 02:46:51 +02:00			`# type: () -> str`
confirmation: Change confirmation keys to have length 24. 2017-07-11 20:52:27 +02:00			`generator = SystemRandom()`
			`# 24 characters * 5 bits of entropy/character = 120 bits of entropy`
			`return ''.join(generator.choice(string.ascii_lowercase + string.digits) for _ in range(24))`
[third] Factor out activation key generation / url creation (imported from commit 18358e29e13f025ec640b0b166e168b4fb3cd94c) 2013-02-28 20:07:04 +01:00
confirmation: Liberate confirm from ConfirmationManager. 2017-07-08 04:18:58 +02:00			`def get_object_from_key(confirmation_key):`
models: Create MultiuseInvite model. 2017-08-10 22:27:57 +02:00			`# type: (str) -> Union[MultiuseInvite, PreregistrationUser, EmailChangeStatus]`
confirmation: Use ConfirmationKeyException in get_object_from_key. Fixes #5739. 2017-07-22 00:27:45 +02:00			`# Confirmation keys used to be 40 characters`
			`if len(confirmation_key) not in (24, 40):`
			`raise ConfirmationKeyException(ConfirmationKeyException.WRONG_LENGTH)`
confirmation: Remove B16_RE. The Django ORM protects itself (i.e. we don't have to check that confirmation_key isn't malicious/mal-formed before passing it to get()). 2017-07-08 06:36:39 +02:00			`try:`
			`confirmation = Confirmation.objects.get(confirmation_key=confirmation_key)`
			`except Confirmation.DoesNotExist:`
confirmation: Use ConfirmationKeyException in get_object_from_key. Fixes #5739. 2017-07-22 00:27:45 +02:00			`raise ConfirmationKeyException(ConfirmationKeyException.DOES_NOT_EXIST)`
confirmation: Remove B16_RE. The Django ORM protects itself (i.e. we don't have to check that confirmation_key isn't malicious/mal-formed before passing it to get()). 2017-07-08 06:36:39 +02:00
			`time_elapsed = timezone_now() - confirmation.date_sent`
confirmation: Add validity_in_days to _properties. Also renames settings.EMAIL_CONFIRMATION_DAYS to CONFIRMATION_LINK_DEFAULT_VALIDITY_DAYS, and adds a new setting for invitation links. 2017-07-08 06:50:57 +02:00			`if time_elapsed.total_seconds() > _properties[confirmation.type].validity_in_days * 24 * 3600:`
confirmation: Use ConfirmationKeyException in get_object_from_key. Fixes #5739. 2017-07-22 00:27:45 +02:00			`raise ConfirmationKeyException(ConfirmationKeyException.EXPIRED)`
confirmation: Remove B16_RE. The Django ORM protects itself (i.e. we don't have to check that confirmation_key isn't malicious/mal-formed before passing it to get()). 2017-07-08 06:36:39 +02:00
			`obj = confirmation.content_object`
models: Create MultiuseInvite model. 2017-08-10 22:27:57 +02:00			`if hasattr(obj, "status"):`
			`obj.status = getattr(settings, 'STATUS_ACTIVE', 1)`
			`obj.save(update_fields=['status'])`
confirmation: Remove B16_RE. The Django ORM protects itself (i.e. we don't have to check that confirmation_key isn't malicious/mal-formed before passing it to get()). 2017-07-08 06:36:39 +02:00			`return obj`
confirmation: Liberate confirm from ConfirmationManager. 2017-07-08 04:18:58 +02:00
notifications: Use create_confirmation_link for unsubscription. 2017-07-08 08:43:25 +02:00			`def create_confirmation_link(obj, host, confirmation_type, url_args=None):`
			`# type: (Union[ContentType, int], str, int, Optional[Dict[str, str]]) -> str`
confirmation: Liberate get_link_for_object from ConfirmationManager. 2017-07-08 04:38:13 +02:00			`key = generate_key()`
confirmation: Remove ConfirmationManager. Also adds Confirmation.type, and cleans up the rest of Confirmation to look more like the model definitions in zerver. In the migration, all existing confirmations adopt the type USER_REGISTRATION, to be conservative. In a few commits, different confirmation types will have different validity periods, and USER_REGISTRATION will have the shortest default. 2017-07-08 06:25:05 +02:00			`Confirmation.objects.create(content_object=obj, date_sent=timezone_now(), confirmation_key=key,`
			`type=confirmation_type)`
notifications: Use create_confirmation_link for unsubscription. 2017-07-08 08:43:25 +02:00			`return confirmation_url(key, host, confirmation_type, url_args)`
confirmation: Liberate get_link_for_object from ConfirmationManager. 2017-07-08 04:38:13 +02:00
notifications: Use create_confirmation_link for unsubscription. 2017-07-08 08:43:25 +02:00			`def confirmation_url(confirmation_key, host, confirmation_type, url_args=None):`
			`# type: (str, str, int, Optional[Dict[str, str]]) -> str`
			`if url_args is None:`
			`url_args = {}`
			`url_args['confirmation_key'] = confirmation_key`
			`return '%s%s%s' % (settings.EXTERNAL_URI_SCHEME, host,`
			`reverse(_properties[confirmation_type].url_name, kwargs=url_args))`
Get email activation url through a function. This allows us to override the activation url function in the derived class; this can be used to change the view which handles the confirmation. 2017-01-17 11:11:51 +01:00
Include third-party django-confirmation library. Taken from http://code.google.com/p/django-confirmation/. Code is under the BSD 3-clause license. (imported from commit cfb5a511097fe14fba7f1bcea62dfa25cfb58622) 2012-09-28 22:29:48 +02:00			`class Confirmation(models.Model):`
			`content_type = models.ForeignKey(ContentType)`
confirmation: Remove ConfirmationManager. Also adds Confirmation.type, and cleans up the rest of Confirmation to look more like the model definitions in zerver. In the migration, all existing confirmations adopt the type USER_REGISTRATION, to be conservative. In a few commits, different confirmation types will have different validity periods, and USER_REGISTRATION will have the shortest default. 2017-07-08 06:25:05 +02:00			`object_id = models.PositiveIntegerField() # type: int`
Django 1.10: Remove generic module 2016-10-10 14:52:01 +02:00			`content_object = GenericForeignKey('content_type', 'object_id')`
confirmation: Remove ConfirmationManager. Also adds Confirmation.type, and cleans up the rest of Confirmation to look more like the model definitions in zerver. In the migration, all existing confirmations adopt the type USER_REGISTRATION, to be conservative. In a few commits, different confirmation types will have different validity periods, and USER_REGISTRATION will have the shortest default. 2017-07-08 06:25:05 +02:00			`date_sent = models.DateTimeField() # type: datetime.datetime`
			`confirmation_key = models.CharField(max_length=40) # type: str`
Include third-party django-confirmation library. Taken from http://code.google.com/p/django-confirmation/. Code is under the BSD 3-clause license. (imported from commit cfb5a511097fe14fba7f1bcea62dfa25cfb58622) 2012-09-28 22:29:48 +02:00
confirmation: Remove ConfirmationManager. Also adds Confirmation.type, and cleans up the rest of Confirmation to look more like the model definitions in zerver. In the migration, all existing confirmations adopt the type USER_REGISTRATION, to be conservative. In a few commits, different confirmation types will have different validity periods, and USER_REGISTRATION will have the shortest default. 2017-07-08 06:25:05 +02:00			`# The following list is the set of valid types`
confirmation: Liberate get_link_for_object from ConfirmationManager. 2017-07-08 04:38:13 +02:00			`USER_REGISTRATION = 1`
			`INVITATION = 2`
			`EMAIL_CHANGE = 3`
			`UNSUBSCRIBE = 4`
			`SERVER_REGISTRATION = 5`
backend: Add support for multiuse user invite link. 2017-08-10 22:34:17 +02:00			`MULTIUSE_INVITE = 6`
confirmation: Remove ConfirmationManager. Also adds Confirmation.type, and cleans up the rest of Confirmation to look more like the model definitions in zerver. In the migration, all existing confirmations adopt the type USER_REGISTRATION, to be conservative. In a few commits, different confirmation types will have different validity periods, and USER_REGISTRATION will have the shortest default. 2017-07-08 06:25:05 +02:00			`type = models.PositiveSmallIntegerField() # type: int`
Include third-party django-confirmation library. Taken from http://code.google.com/p/django-confirmation/. Code is under the BSD 3-clause license. (imported from commit cfb5a511097fe14fba7f1bcea62dfa25cfb58622) 2012-09-28 22:29:48 +02:00
			`def __unicode__(self):`
mypy: Change six.text_type to typing.Text in confirmation/models.py. Example commit for GCI. 2016-11-23 05:21:41 +01:00			`# type: () -> Text`
confirmation: Remove ConfirmationManager. Also adds Confirmation.type, and cleans up the rest of Confirmation to look more like the model definitions in zerver. In the migration, all existing confirmations adopt the type USER_REGISTRATION, to be conservative. In a few commits, different confirmation types will have different validity periods, and USER_REGISTRATION will have the shortest default. 2017-07-08 06:25:05 +02:00			`return '<Confirmation: %s>' % (self.content_object,)`
change-email: Implement confirmation flow. This adds to Zulip support for a user changing their own email address. It's backed by a huge amount of work by Steve Howell on making email changes actually work from a UI perspective. Fixes #734. 2017-01-20 12:27:38 +01:00
confirmation: Liberate get_link_for_object from ConfirmationManager. 2017-07-08 04:38:13 +02:00			`class ConfirmationType(object):`
confirmation: Add validity_in_days to _properties. Also renames settings.EMAIL_CONFIRMATION_DAYS to CONFIRMATION_LINK_DEFAULT_VALIDITY_DAYS, and adds a new setting for invitation links. 2017-07-08 06:50:57 +02:00			`def __init__(self, url_name, validity_in_days=settings.CONFIRMATION_LINK_DEFAULT_VALIDITY_DAYS):`
			`# type: (str, int) -> None`
confirmation: Liberate get_link_for_object from ConfirmationManager. 2017-07-08 04:38:13 +02:00			`self.url_name = url_name`
confirmation: Add validity_in_days to _properties. Also renames settings.EMAIL_CONFIRMATION_DAYS to CONFIRMATION_LINK_DEFAULT_VALIDITY_DAYS, and adds a new setting for invitation links. 2017-07-08 06:50:57 +02:00			`self.validity_in_days = validity_in_days`
confirmation: Liberate get_link_for_object from ConfirmationManager. 2017-07-08 04:38:13 +02:00
			`_properties = {`
			`Confirmation.USER_REGISTRATION: ConfirmationType('confirmation.views.confirm'),`
confirmation: Add validity_in_days to _properties. Also renames settings.EMAIL_CONFIRMATION_DAYS to CONFIRMATION_LINK_DEFAULT_VALIDITY_DAYS, and adds a new setting for invitation links. 2017-07-08 06:50:57 +02:00			`Confirmation.INVITATION: ConfirmationType('confirmation.views.confirm',`
			`validity_in_days=settings.INVITATION_LINK_VALIDITY_DAYS),`
confirmation: Liberate get_link_for_object from ConfirmationManager. 2017-07-08 04:38:13 +02:00			`Confirmation.EMAIL_CHANGE: ConfirmationType('zerver.views.user_settings.confirm_email_change'),`
notifications: Use create_confirmation_link for unsubscription. 2017-07-08 08:43:25 +02:00			`Confirmation.UNSUBSCRIBE: ConfirmationType('zerver.views.unsubscribe.email_unsubscribe',`
			`validity_in_days=1000000), # should never expire`
backend: Add support for multiuse user invite link. 2017-08-10 22:34:17 +02:00			`Confirmation.MULTIUSE_INVITE: ConfirmationType('zerver.views.registration.accounts_home_from_multiuse_invite',`
			`validity_in_days=settings.INVITATION_LINK_VALIDITY_DAYS)`
confirmation: Liberate get_link_for_object from ConfirmationManager. 2017-07-08 04:38:13 +02:00			`}`

confirmation/models: Collect realm creation code into a single section. 2017-07-06 06:59:17 +02:00			`# Conirmation pathways for which there is no content_object that we need to`
			`# keep track of.`

			`def check_key_is_valid(creation_key):`
			`# type: (Text) -> bool`
			`if not RealmCreationKey.objects.filter(creation_key=creation_key).exists():`
			`return False`
			`days_sofar = (timezone_now() - RealmCreationKey.objects.get(creation_key=creation_key).date_created).days`
			`# Realm creation link expires after settings.REALM_CREATION_LINK_VALIDITY_DAYS`
			`if days_sofar <= settings.REALM_CREATION_LINK_VALIDITY_DAYS:`
			`return True`
			`return False`

			`def generate_realm_creation_url():`
			`# type: () -> Text`
			`key = generate_key()`
			`RealmCreationKey.objects.create(creation_key=key, date_created=timezone_now())`
			`return u'%s%s%s' % (settings.EXTERNAL_URI_SCHEME,`
			`settings.EXTERNAL_HOST,`
			`reverse('zerver.views.create_realm',`
			`kwargs={'creation_key': key}))`

Unique link generator for realm creation. 2016-06-22 21:16:02 +02:00			`class RealmCreationKey(models.Model):`
confirmation: Remove i18n from confirmation models. These make sense to be tagged for translation if one is using the Django admin UI, which we're not. As it was, they just wasted a bit of time for our translators. 2017-03-09 09:11:43 +01:00			`creation_key = models.CharField('activation key', max_length=40)`
Replace timezone.now with timezone_now. 2017-04-15 04:03:56 +02:00			`date_created = models.DateTimeField('created', default=timezone_now)`