Commit Graph

142 Commits

Author SHA1 Message Date
Greg Price 84d66d9b7e confirmation: Remove broken install instructions.
These instructions haven't worked since shortly after we
vendored this third-party code in 2012, when we deleted its
`setup.py` in a1b72f9d0.  All they can do is cause confusion,
so delete them.
2017-08-09 14:03:07 -07:00
Vishnu Ks 6551640c67 confirmation: Use ConfirmationKeyException in get_object_from_key.
Fixes #5739.
2017-07-25 18:44:30 -07:00
Vishnu Ks 65ad72a674 confirmation: Create render_confirmation_key_error function. 2017-07-25 18:42:50 -07:00
Vishnu Ks b0ed7915a9 confirmation: Create ConfirmationKeyException class. 2017-07-25 18:42:50 -07:00
Rishi Gupta 394f85eb76 confirmation: Change confirmation keys to have length 24. 2017-07-17 23:18:47 -07:00
Rishi Gupta 35ddec0310 notifications: Use create_confirmation_link for unsubscription. 2017-07-17 23:18:47 -07:00
Rishi Gupta a249822ff5 confirmation: Add validity_in_days to _properties.
Also renames settings.EMAIL_CONFIRMATION_DAYS to
CONFIRMATION_LINK_DEFAULT_VALIDITY_DAYS, and adds a new setting for
invitation links.
2017-07-17 23:18:47 -07:00
Rishi Gupta d689d37a75 confirmation: Remove B16_RE.
The Django ORM protects itself (i.e. we don't have to check that
confirmation_key isn't malicious/mal-formed before passing it to get()).
2017-07-17 23:18:47 -07:00
Rishi Gupta 5d168c90f9 confirmation: Remove ConfirmationManager.
Also adds Confirmation.type, and cleans up the rest of Confirmation to look
more like the model definitions in zerver.

In the migration, all existing confirmations adopt the type
USER_REGISTRATION, to be conservative. In a few commits, different
confirmation types will have different validity periods, and
USER_REGISTRATION will have the shortest default.
2017-07-17 23:18:47 -07:00
Rishi Gupta 0f4b71b766 confirmation: Liberate get_link_for_object from ConfirmationManager. 2017-07-17 23:18:47 -07:00
Rishi Gupta 3b97262647 confirmation: Liberate confirm from ConfirmationManager. 2017-07-17 23:18:47 -07:00
Rishi Gupta 3bc74113ad utils: Cast generate_random_token to str.
Having this be Text is forcing various URLs, emails, etc to be type
annotated as Text.
2017-07-17 23:18:47 -07:00
Rishi Gupta a44d8f7b01 confirmation/views: Restructure code for clarity. 2017-07-07 18:56:14 -07:00
Rishi Gupta cf6aefb37a confirmation/views: Remove confirmation_key.lower().
I'm not sure why this line is here. It's a part of the original third party
confirmation library that we copied into the project.
2017-07-07 18:56:14 -07:00
Rishi Gupta ac5e6a9b8a confirmation/views: Remove buggy behavior for expired confirmation links.
Previously, an expired preregistrationuser link would still be passed on to
/accounts/register (via the confirm_preregistrationuser.html template), just
with the PreregistrationUser.status not set to 1.

But accounts_register never checks prereg_user.status, and hence processes
the user as if the link had been confirmed.

With this commit, expired confirmation links never get past the confirmation
code.
2017-07-07 18:56:14 -07:00
Rishi Gupta 834be2d7cb confirmation/views: Split ctx to emphasize template use of variables.
In particular, confirm_preregistrationuser.html does not use confirmed!
2017-07-07 18:53:00 -07:00
Rishi Gupta bffc7f97a5 confirmation/views: Emphasize that only prereg user uses this path. 2017-07-07 18:53:00 -07:00
Rishi Gupta 11c2b76275 confirmation: Remove util.get_status_field and settings.STATUS_FIELDS.
Unnecessarily general for our needs.
2017-07-07 18:53:00 -07:00
Rishi Gupta 7cef3d95ee confirmation: Add url_pattern_name to simplify subclassing Confirmation. 2017-07-07 18:53:00 -07:00
Rishi Gupta 8fed9eeb75 confirmation: Make host a required argument in get_link_for_object.
Removes some lines of test from test_email_change.py. The relevant code path
was never utilized by the code itself, just by the tests.
2017-07-07 18:53:00 -07:00
Rishi Gupta 07a3bb4d35 confirmation: Remove get_link_validity_in_days.
This commit removes the ability to configure different validity durations
for different types of confirmation links. I don't think the extra
configurability was worth the extra complexity, either for the user trying
to understand the settings, or for the developer trying to understand the
code.

The commit replaces all confirmation validity duration settings with a
single setting, settings.EMAIL_CONFIRMATION_DAYS.

The only setting it removes is settings.EMAIL_CHANGE_CONFIRMATION_DAYS,
which was introduced in 5bf83f9 and never advertised in prod_settings.py.
2017-07-07 07:46:31 -04:00
Rishi Gupta 8ba0fafa3f confirmation/views: Remove unused variables from template context. 2017-07-07 07:46:31 -04:00
Rishi Gupta c1a768f5be confirmation/models: Collect realm creation code into a single section. 2017-07-07 07:46:31 -04:00
Umair Khan 9a9ee99129 confirmation: Add on_delete in foreign keys.
on_delete will be a required arg for ForeignKey in Django 2.0. Set it
to models.CASCADE on models and in existing migrations if you want to
maintain the current default behavior.
See https://docs.djangoproject.com/en/1.11/ref/models/fields/#django.db.models.ForeignKey.on_delete
2017-06-13 15:13:55 -07:00
Rishi Gupta f8bab945d8 confirmation: Remove generate_activation_url.
Wasn't being used outside the file, the URL is specific to
ConfirmationManager, and it makes
EmailChangeConfirmationManager.get_activation_url more obviously parallel
to ConfirmationManager.get_activation_url.
2017-06-12 23:02:28 -07:00
Rishi Gupta 1f77a0cdee confirmation: Remove Confirmation.objects.send_confirmation.
I think it makes sense to wrest the email sending from confirmation, now
that we have a clean email-sending interface in send_email. A few other
reasons:
* send_confirmation is get_link_for_object followed by send_email, but those
  two functions have no arguments in common.
* Sending email through confirmation obfuscates the context dict, and is a
  relatively complicated piece of the codebase anyone trying to deal with
  the email system has to understand.
* The three emails previously being sent through confirmation don't have
  that much in common, other than that they happen to have a confirmation
  link in them.

The .split('/')[-1] in registration.py is a hack, but a hack used several
places in the codebase, so maybe one day get_link_for_object will also
return the confirmation_key.
2017-06-12 23:02:28 -07:00
Rishi Gupta e30211a524 confirmation: Remove custom_body argument from send_confirmation. 2017-06-12 23:02:28 -07:00
Rishi Gupta 9def5bdea1 confirmation: Remove unused context variables from send_confirmation. 2017-06-12 23:02:28 -07:00
Rishi Gupta 15b967fc3e emails: Move support_email into a common context. 2017-06-10 01:25:44 -07:00
Rishi Gupta 056489c247 emails: Move verbose_support_offers into a common context.
Server settings should just be added to the context in build_email, so that
the individual email pathways (and later, the email testing framework)
doesn't have to worry about it.
2017-06-10 01:16:03 -07:00
Aditya Bansal c7a0f26846 pep8: Add compliance with rule E261 to confirmation/settings.py. 2017-05-07 23:21:50 -07:00
Rishi Gupta 925ee8c0f1 Add a send_email function that takes a template_prefix and context.
This commit replaces all uses of django.core.mail.send_mail with send_email,
other than in the password reset flow, since that code looks like it is just
a patch to Django's password reset code.

The send_email function is in a new file, since putting it in
zerver.lib.notifications would create an import loop with confirmation.models.

send_future_email will soon be moved into email.py as well.
2017-05-05 14:20:32 -07:00
Rishi Gupta 30ba989c95 confirmation: Use render_to_string in send_confirmation.
No change in behavior; render_to_string(template, context) is a shortcut for
get_template(template).render(context). render_to_string is the function we
use to render email templates in the rest of the codebase.
2017-05-03 20:54:39 -07:00
Rishi Gupta 04fb86fff7 confirmation: Remove newline replacement from email subjects.
I think it's fine to trust that we won't mess this up. I assume this is here
because it was copied from similar code in Django (e.g. see our code from
the password_reset flow), rather than because it was a problem in our
subject templates.
2017-05-03 20:54:39 -07:00
Rishi Gupta 6fd3426e92 confirmation: Replace *_template_path arguments with template_prefix.
Relies on the fact that all the email template names now follow the same
pattern.

Note that there was some template_prefix-like computation being done in
send_confirmation (conditioned on obj.realm.is_zephyr_mirror_realm); that
computation is now being done in the callers.
2017-05-03 20:44:57 -07:00
Rishi Gupta 965c9160ad confirmation: Remove references to confirmation_email.* templates.
These look like they were intended to be generic, fallback templates for the
confirmation flow, but were never written.
2017-05-03 19:34:58 -07:00
hackerkid b2504084ab Replace timezone.now with timezone_now. 2017-04-16 12:28:56 -07:00
Umair Khan 4442703011 jinja2: No need for custom render_to_response.
Django 1.10 has changed the implementation of this function to
match our custom implementation; in addition to this, we prefer
render().

Fixes #1914 via #4093.
2017-03-17 13:57:34 -07:00
Umair Khan da012ee51b confirmation: Change render_to_response to render.
Related to #4093
2017-03-17 13:52:59 -07:00
Tim Abbott aacef438bc confirmation: Remove i18n from confirmation models.
These make sense to be tagged for translation if one is using the
Django admin UI, which we're not.  As it was, they just wasted a bit
of time for our translators.
2017-03-09 00:37:45 -08:00
Raghav Jajodia a3a03bd6a5 mypy: Added Dict, List and Set imports.
Fixed mypy errors associated with the upgrade.
2017-03-04 14:33:44 -08:00
Rishi Gupta 15d60fa7ed Change now() to timezone.now() throughout codebase.
Change `from django.utils.timezone import now` to
`from django.utils import timezone`.

This is both because now() is ambiguous (could be datetime.datetime.now),
and more importantly to make it easier to write a lint rule against
datetime.datetime.now().
2017-02-28 16:03:37 -08:00
Umair Khan 5bf83f9e0a change-email: Implement confirmation flow.
This adds to Zulip support for a user changing their own email
address.

It's backed by a huge amount of work by Steve Howell on making email
changes actually work from a UI perspective.

Fixes #734.
2017-02-23 03:15:17 -08:00
Ayush Jain 455c1919fc Add customizable invite-new-user text.
This makes life a lot easier for people inviting users to a new Zulip
organization, since they can give some form of context now.

Modified by tabbott to clean up CSS, backend code flow, and improve
the formatting of the emails.

Fixes: #1409.
2017-02-21 22:35:01 -08:00
Robert Hönig 6ee845d027 Add html versions of the invite and signup mails
This commit adds html versions of the invite and signup mails and renames
the existing .txt files to the preferred file extensions '.subject', '.html'
and '.txt'. The html versions of the mails are being sent along with the
text-only versions by the 'send_confirmation' function.
This fixes #3134.
2017-02-11 17:08:57 -08:00
Umair Khan f4b242e707 Add time validation for email confirmations.
Adds a function which returns the number of days for which
a confirmation link will remain valid. This function can be
overridden by derived classes to provide a different value.
2017-02-07 18:43:26 -08:00
Rohith Asrk a1b0e35792 Remove use of mailer.send_mail from all files.
This was just copied from some third-party projects.

Fixes #3153.
2017-01-19 16:28:29 -08:00
Umair Khan 61b2a1c158 Get email activation url through a function.
This allows us to override the activation url function
in the derived class; this can be used to change the
view which handles the confirmation.
2017-01-17 15:49:34 -08:00
nikolay abc2ff4a06 pep8: Fix many rule E128 violations.
[Tweaked by tabbott to adjust some approaches used in wrapping]
2016-12-03 13:33:31 -08:00
Umair Khan ea688620b3 Django 1.10: Remove cleanupconfirmation management command.
According to this ece9d64d34 commit, the
confirmations are never deleted.
2016-11-26 15:04:20 -08:00
Rishi Gupta fdae58f96b mypy: Change six.text_type to typing.Text in confirmation/models.py.
Example commit for GCI.
2016-11-25 13:55:38 -08:00
Umair Khan b1d740afaa Django 1.10: Remove generic module 2016-11-04 10:06:00 -07:00
Umair Khan 3f7f79f4b5 Annotate confirmation/models.py. 2016-09-12 08:10:48 -07:00
Umair Khan e2f29054a4 Check type before sending confirmation email.
We can only send confirmation email with PreregistrationUser and
Confirmation objects.
2016-09-12 11:00:15 +05:00
Tim Abbott 06580ca76e Annotate confirmation/util.py. 2016-09-11 17:09:27 -07:00
Rishi Gupta 64179b2fd2 confirmation: Use realm host in activation URLs.
This is preparation for merging the subdomains feature.
2016-08-18 20:12:36 -07:00
Tim Abbott df525ad1c5 Remove old MitUser model and related code.
The MitUser model caused a constant series of little problems for
users with mit.edu email addresses trying to sign up for different
Zulip servers.

The new implementation just uses conditionals on the realm object when
selecting the confirmation template to use.
2016-07-26 20:30:12 -07:00
Tim Abbott 3ea4cbb5c3 settings: Extract settings.VERBOSE_SUPPORT_OFFERS. 2016-07-19 15:28:41 -07:00
Vishnu Ks 1cbd39b768 Unique link generator for realm creation. 2016-06-30 15:52:41 -07:00
Tim Abbott eb71173be3 lint: Fix warnings under confirmation/. 2016-06-20 08:19:54 -07:00
Tim Abbott a1a27b1789 Annotate most Zulip management commands. 2016-06-04 10:12:06 -07:00
Max a6e60419c4 Add types to confirmation/views.py and zerver/tornadoviews.py 2016-06-03 11:26:30 -07:00
Tim Abbott 624258750c confirmation: Fix trailing whitespace. 2016-05-09 16:49:33 -07:00
Umair Khan 5359e6b0d4 Convert Zulip to use Jinja2 templates.
This results in a substantial performance improvement for all of
Zulip's backend templates.

Changes in templates:
- Change `block.super` to `super()`.
- Remove `load` tag because Jinja2 doesn't support it.
- Use `minified_js()|safe` instead of `{% minified_js %}`.
- Use `compressed_css()|safe` instead of `{% compressed_css %}`.
- `forloop.first` -> `loop.first`.
- Use `{{ csrf_input }}` instead of `{% csrf_token %}`.
- Use `{# ... #}` instead of `{% comment %}`.
- Use `url()` instead of `{% url %}`.
- Use `_()` instead of `{% trans %}` because in Jinja `trans` is a block tag.
- Use `{% trans %}` instead of `{% blocktrans %}`.
- Use `{% raw %}` instead of `{% verbatim %}`.

Changes in tools:
- Check for `trans` block in `check-templates` instead of `blocktrans`

Changes in backend:
- Create custom `render_to_response` function which takes `request` objects
  instead of `RequestContext` object. There are two reasons to do this:
    1. `RequestContext` is not compatible with Jinja2
    2. `RequestContext` in `render_to_response` is deprecated.
- Add Jinja2 related support files in zproject/jinja2 directory. It
  includes a custom backend and a template renderer, compressors for js
  and css and Jinja2 environment handler.
- Enable `slugify` and `pluralize` filters in Jinja2 environment.

Fixes #620.
2016-05-09 09:55:18 -07:00
Tim Abbott a1b306f9ce Finish purging 'fromt typing import *' from Zulip codebase. 2016-04-07 14:11:21 -07:00
Tim Abbott 2d2282ada8 Add PEP-484 type annotations to confirmation/. 2016-04-03 15:40:23 -07:00
Tim Abbott f6f8f1fe36 Use new-style classes consistently for Python 3 support.
Also add the fixer for this to our list of fixers we check.
2015-11-04 08:01:52 -08:00
David Roe 3f7cb34b00 enterprise => voyager
(imported from commit 04be792bb480d5e5db1c91d296d1000cf1682571)
2015-08-21 10:33:35 -07:00
David Roe edf7e732a2 ENTERPRISE => VOYAGER.
(imported from commit 4f8080b9f506a87ca40bef32e39de5218cba916a)
2015-08-21 10:33:35 -07:00
Reid Barton 5ea3bf85de Django 1.8 compatibility: module_name -> model_name
(imported from commit 38ee96c9a8da5b3abfce8ba47f85dd7d59bcb599)
2015-08-20 23:15:44 -07:00
Reid Barton 599742536b Switch from South to native Django migrations
This commit loses some indexes, unique constraints etc. that were
manually added by the old migrations. I plan to add them to a new
migration in a subsequent commit.

(imported from commit 4bcbf06080a7ad94788ac368385eac34b54623ce)
2015-08-20 23:01:26 -07:00
David Roe e61de3e052 Fix invitation e-mail to use http:// in non-deployed case.
(imported from commit af68962c078036ce0fe4f37feaec6b43766b3059)
2015-08-18 20:17:48 -07:00
Jason Michalski 0ea54a043e Use settings.EXTERNAL_HOST when sending activation emails
Activation emails were using django's sites framework which always has
the domain set to zulip.com.

(imported from commit b81eae96e1a75b64dd93970760b869f3271ce88c)
2014-07-03 12:28:29 -04:00
acrefoot daffe049ad Don't use hardcoded noreply@zulip.com, zulip@zulip.com, or https://zulip.com
(imported from commit 1132553b63ae23ebcca746f0f65205b97bfee7dc)
2013-11-15 21:31:37 -05:00
Luke Faraone 00e72cd97d Switch url parameter to full_name from service-specific gafyd_name
(imported from commit 21541da29d2846cfd912d19b73e239e96606f9e5)
2013-11-05 16:17:06 -05:00
Jessica McKellar 3f8dfc7b9b Move to a common random token generation function instead of several one-offs.
(imported from commit 3217de5384088deff68fbffc6bd481c045a76817)
2013-08-09 14:59:26 -04:00
Zev Benjamin 80702ccaa0 Add metrics variables to the template context via a context processor
Wrapping render_to_response never actually worked correctly.  On the
login page, mixpanel_token would be missing, but we wouldn't get an
error because it is surrounded by double quotes, which meant that it
was still valid Javascript.

(imported from commit 820ee42fab8f679983e5a3a4309a2feaf690f20f)
2013-06-18 17:07:36 -04:00
Zev Benjamin ae9be7298d Wrap render_to_response
(imported from commit d23aa3e5ad4c5243e83df098953ea4b1f7b3c294)
2013-05-21 17:56:49 -04:00
Luke Faraone c044282af5 [third]: Accept and pass along gafyd_name parameters to confirmation templates.
This allows us to keep a record of the user's name as returned by Google
Apps authentication.

(imported from commit cbfe383a51b480400b8f0e5f40c725562ffc6a66)
2013-04-24 12:03:41 -07:00
Luke Faraone 40ad84b363 Introduce script to bulk-create activation URIs.
(imported from commit 12435d8f0d48833f52a699c0d8a0c9ec0750e6af)
2013-02-28 14:34:18 -05:00
Luke Faraone 8309e0f001 [third] Factor out activation key generation / url creation
(imported from commit 18358e29e13f025ec640b0b166e168b4fb3cd94c)
2013-02-28 14:34:18 -05:00
Luke Faraone 3fb1889835 confirmation: Make send_confirmation accept custom templates and context.
(imported from commit 08f19a48f229029f68832868bc48a2ac160e85e7)
2013-01-14 10:25:26 -05:00
Luke Faraone 3e7d036fca Include autogenerated initial migrations for South.
(imported from commit d1eda0d61ebe8a9d471670133589a1cf8058a802)
2013-01-08 18:14:39 -05:00
Keegan McAllister bc2e7d77eb confirmation: Use timezone-aware datetime object
django.utils.timezone.now returns an aware datetime object because USE_TZ =
True.

Fixes #80.

(imported from commit c60f491fe00a98626ecced94fc3ea1f71f939a38)
2012-11-07 18:50:26 -05:00
Keegan McAllister 5ed13e9079 Remove inactive Django admin code
These can only cause trouble.

(imported from commit 1def3234675c12461e9fc8b71c6b9e1b107edd1d)
2012-10-29 13:56:09 -04:00
Keegan McAllister 238533500a confirmation: Increase entropy of confirmation_key
I am pretty sure there's no point to using a hash at all.  But until I hear
back from the author, let's at least make sure we put as much entropy into the
hash as we expect to get out of it.

(imported from commit 51a231adeab014cc1af8cb67e89baf06e0a1f593)
2012-10-29 12:02:13 -04:00
Keegan McAllister dcdb8ddc05 Remove confirmation/urls.py
We have our routing for the confirmation view.

(imported from commit 90cc09792e15350a97933f6567d6bb6fa13e94e4)
2012-10-29 11:04:25 -04:00
Keegan McAllister f55c8a4397 confirmation: Use HTTPS in email link
(imported from commit 5bf74ba45c7d09495caa7ecfbf3af6bd80311b9e)
2012-10-29 11:04:25 -04:00
Keegan McAllister a1b72f9d05 Remove confirmation/setup.py
This is just for install.  The less code we have in our repo, the better.

(imported from commit d1da643d0a68ed73a1d2303e9f24215f7d2a24a7)
2012-10-29 11:04:25 -04:00
Luke Faraone ece9d64d34 Remove expiry; confirmations should never expire.
(imported from commit 093d8fa266c0ceeaff8c15257194d23a1ce90b61)
2012-10-01 10:45:58 -04:00
Luke Faraone 5531f188c7 Include confirmation key in context object.
This way our templates can reference the confirmation key later.

(imported from commit 4d57e1309386f2236829b6fdf4e4ad43c5b125c8)
2012-10-01 10:45:58 -04:00
Luke Faraone b801b50c26 Include third-party django-confirmation library.
Taken from http://code.google.com/p/django-confirmation/.

Code is under the BSD 3-clause license.

(imported from commit cfb5a511097fe14fba7f1bcea62dfa25cfb58622)
2012-10-01 10:45:57 -04:00