Commit Graph

24 Commits

Author SHA1 Message Date
Luke Faraone b9fe130107 Add a comment to emphasise why we shouldn't break the HomepageForm.
(imported from commit 1b4d59e0c868e8350d2a9eb46cdfdaed1f34e69f)
2013-04-24 12:03:42 -07:00
Luke Faraone 71a91197fa Enable absolute imports.
See PEP 328[1] for details. This feature was introduced in Python 2.5 and
will become mandatory in Python 3.

[1]: http://www.python.org/dev/peps/pep-0328

(imported from commit 7444eeba8a08d5f91b94c7921848f2274979bd76)
2013-04-23 09:51:17 -07:00
Tim Abbott 5dbe8b4c17 [manual] Authenticate using a user_profile as request.user.
When this is deployed to staging, we need to run

./manage.py logout_all_users --realm=humbughq.com

When this is deployed to prod, we need to run

./manage.py logout_all_users

(imported from commit d6c6ea4b1c347f3d9122742db23c7b67767a7349)
2013-04-02 12:07:08 -04:00
Tim Abbott 2fcbb31dcf Access the UserProfile's new is_active field rather than User's.
(imported from commit ed5bdaf3e3d6d20bfb741efdac48d30482ab9ef7)
2013-04-02 12:07:08 -04:00
Tim Abbott 198480ef99 Use get_user_profile_by_email more consistently.
The previous situation was bad for two reasons:

(1) It had a lot of copies of the code, some of them missing pieces:
  UserProfile.objects.get(user__email__iexact=foo)

This was in particular going to be inconvenient since we are dropping
the __user part of that.

(2) It didn't take advantage of our memcached caching.

(imported from commit 2325795f288a7cf306cdae191f5d3080aac0651a)
2013-03-29 16:18:38 -04:00
Tim Abbott 2223b60dc0 Switch functions like do_activate_user to accept UserProfiles.
Only a few of them took a User as an argument anyway.

This is preparatory work for merging the User and UserProfile models.

(imported from commit 65b2bd2453597531bcf135ccf24d2a4615cd0d2a)
2013-03-29 16:18:37 -04:00
Luke Faraone ea7005e8e3 Rename is_active to is_inactive.
The purpose of the validator is to ensure the user isn't active, so
let's correctly test for that here.

(imported from commit 772ddb901098f78750efab274405a10f36c49232)
2013-02-12 16:15:29 -05:00
Luke Faraone 54a19e9091 Check whether users are active, not whether they are nonunique.
Previously we checked and bailed when there was a user registered with
an email address, regardless of active status.

This meant that MIT users who had inactive accounts autocreated had
issues where they would be confusingly told they were signed up even
though they had never taken any action on our site directly.

Now we instead check whether there are any current *active* user
accounts with that email address, and proceed with generating an
activation link if the user lacks a corresponding active account.

Security implications of this commit come into play if we start
implementing removing users ability to sign in as deactivation. Since we
lack a user removal story here, this isn't terribly concerning yet and
we'll revist this code when we decide to add such functionality in the
future.

This resolves trac #581 and #631.

(imported from commit c3fb93ce065e63e19b41f63c1f27891b93b75f86)
2013-02-12 15:31:06 -05:00
Tim Abbott 1a82741650 Move action functions from models.py to zephyr/lib/actions.py.
(imported from commit 9d577dd53ce7d4c9faf6cc8a56129d684a50811b)
2013-01-11 16:11:03 -05:00
Luke Faraone c327446537 Add alternative terms acceptance workflow.
This view lives at /accounts/accept_terms, and (after getting an acceptance
from the user) sends an email to all@ documenting the acceptance.

(imported from commit 8f64286ab02887fd6544fa274b2967f6499b6dbc)
2013-01-08 17:48:42 -05:00
Tim Abbott e7b74060d2 Log password change events via the password reset feature.
(imported from commit bbec7074229e8779c81d439d4eef373b5dac9fa7)
2012-12-13 15:22:35 -05:00
Zev Benjamin a454417843 Prevent users from creating an account that differs only in case from an existing one
Fixes #177

(imported from commit 96c6b4c207c920ec94b5fdd69b2937a88669fa93)
2012-12-04 16:37:55 -05:00
Luke Faraone 724dce78e4 Always allow registration if attempting to register for a non-MIT realm.
(imported from commit 00489ab74c376a4ffb23ad661699ef31c6c06818)
2012-11-21 16:42:15 -05:00
Luke Faraone 5dad59e864 Implement MIT signups.
Here we introduce a new manage.py command, activate_mit, which takes a
number of usernames and sends out emails to the users with instructions on
how to activate their accounts.

(imported from commit f14401b55f915698e83ff27b86434f53e64685f3)
2012-10-29 16:59:37 -04:00
Waseem Daher c894bab738 Compute a user's realm from the verified email address, not a user-passed field.
(imported from commit 5c220a7b9e4b137b5c98b286e409004318565137)
2012-10-25 16:50:00 -04:00
Waseem Daher 29d94b60b6 Add an "I agree to the terms of use" checkbox inside signup workflow.
(imported from commit 6d3320e71e189f4577da464fade9c8f7f5838f78)
2012-10-25 16:05:28 -04:00
Luke Faraone 50dfbf7a1b Implement confirmation for new user signups.
We add a few templates for django-confirmation. We define a
"PreregistrationForm" which is validated by accounts_home, which then
generates a confirmation object and emails the user. This required creating
a new table for a PreregistrationUser with an email and status (confirmed)
field.

The register function now no longer accepts a "email" field in the form
and deals only with confirmation IDs to determine the email used to sign
up a user.

(imported from commit 4fcde04530aa7ad4de84579668daee7290b424ac)
2012-10-01 10:45:58 -04:00
Tim Abbott bdd6e23201 Remove unnecessary debugging print statement.
(imported from commit 252e82f54e481b6c874151f1179135c8bad08510)
2012-09-26 16:58:52 -04:00
Luke Faraone 57810d41ac Add a custom validator to ensure email uniqueness, include ommitted fields.
Previously no check was performed to ensure that the same email wasn't used
to register twice. Here we add a validator to perform that check.

We also noted that the domain field was omitted, but checked by a client of
this class. Therefore, we add it directly.

(imported from commit 1411bf0adeb3cd048278376b059a26a0da4c54df)
2012-09-26 16:42:10 -04:00
Luke Faraone ae6cfee818 Implement a new login redesign per Waseem. Be a little cute about it.
Split off some content previously placed into base back into index.html.
Move content previously localised in accounts_home to a new content_base
for use in the non-app version of the site.

We wrote up some copy and styled it according to taste.

In our new signup form, we no longer collect a short name and instead
extrapolate from the email.

(imported from commit cd734b13a4bda7f304129379524c4cc96b77b24b)
2012-09-26 16:42:10 -04:00
Tim Abbott ee8f28a084 Use email addresses as unique identifiers rather than usernames.
Note that this code still assumes one's email address (stripped of
domain) is unique.

(imported from commit e98f96601ad109811978fc00b1165e97d8f7b185)
2012-09-21 09:43:22 -04:00
Jessica McKellar bfdf2bef57 [schema] Collect and display names and e-mail addresses.
(imported from commit aa6bceb05fcd5b456c03288cbfed65b14050fe88)
2012-09-11 16:34:53 -04:00
Luke Faraone ebff1bc830 Don't show the user's password when registering.
(imported from commit 9268c07560de744abdedf11b8d39cd8045baeff9)
2012-09-05 10:20:39 -04:00
Jessica McKellar d90e8f6ec5 Initial Django commit: basic account, zephyr stream, narrowing, etc.
(imported from commit 3cd40521171a4020c19021eda0d20ee9f802af41)
2012-08-28 12:44:51 -04:00