Commit Graph

29 Commits

Author SHA1 Message Date
rht dd1920c811 confirmation: Use python 3 syntax for typing. 2017-11-04 19:59:41 -07:00
Rishi Gupta fdbe36644e confirmation: Add confirmation_type to get_object_from_key.
This change:

* Prevents weird potential attacks like taking a valid confirmation link
  (say an unsubscribe link), and putting it into the URL of a multiuse
  invite link. I don't know of any such attacks one could do right now, but
  reasoning about it is complicated.

* Makes the code easier to read, and in the case of confirmation/views.py,
  exposes something that needed refactoring anyway (USER_REGISTRATION and
  INVITATION should have different endpoints, and both of those endpoints
  should be in zerver/views/registration, not this file).
2017-11-03 15:33:16 -07:00
Vishnu Ks 6551640c67 confirmation: Use ConfirmationKeyException in get_object_from_key.
Fixes #5739.
2017-07-25 18:44:30 -07:00
Rishi Gupta 3b97262647 confirmation: Liberate confirm from ConfirmationManager. 2017-07-17 23:18:47 -07:00
Rishi Gupta a44d8f7b01 confirmation/views: Restructure code for clarity. 2017-07-07 18:56:14 -07:00
Rishi Gupta cf6aefb37a confirmation/views: Remove confirmation_key.lower().
I'm not sure why this line is here. It's a part of the original third party
confirmation library that we copied into the project.
2017-07-07 18:56:14 -07:00
Rishi Gupta ac5e6a9b8a confirmation/views: Remove buggy behavior for expired confirmation links.
Previously, an expired preregistrationuser link would still be passed on to
/accounts/register (via the confirm_preregistrationuser.html template), just
with the PreregistrationUser.status not set to 1.

But accounts_register never checks prereg_user.status, and hence processes
the user as if the link had been confirmed.

With this commit, expired confirmation links never get past the confirmation
code.
2017-07-07 18:56:14 -07:00
Rishi Gupta 834be2d7cb confirmation/views: Split ctx to emphasize template use of variables.
In particular, confirm_preregistrationuser.html does not use confirmed!
2017-07-07 18:53:00 -07:00
Rishi Gupta bffc7f97a5 confirmation/views: Emphasize that only prereg user uses this path. 2017-07-07 18:53:00 -07:00
Rishi Gupta 8ba0fafa3f confirmation/views: Remove unused variables from template context. 2017-07-07 07:46:31 -04:00
Rishi Gupta 15b967fc3e emails: Move support_email into a common context. 2017-06-10 01:25:44 -07:00
Rishi Gupta 056489c247 emails: Move verbose_support_offers into a common context.
Server settings should just be added to the context in build_email, so that
the individual email pathways (and later, the email testing framework)
doesn't have to worry about it.
2017-06-10 01:16:03 -07:00
Umair Khan 4442703011 jinja2: No need for custom render_to_response.
Django 1.10 has changed the implementation of this function to
match our custom implementation; in addition to this, we prefer
render().

Fixes #1914 via #4093.
2017-03-17 13:57:34 -07:00
Umair Khan da012ee51b confirmation: Change render_to_response to render.
Related to #4093
2017-03-17 13:52:59 -07:00
Umair Khan e2f29054a4 Check type before sending confirmation email.
We can only send confirmation email with PreregistrationUser and
Confirmation objects.
2016-09-12 11:00:15 +05:00
Tim Abbott 3ea4cbb5c3 settings: Extract settings.VERBOSE_SUPPORT_OFFERS. 2016-07-19 15:28:41 -07:00
Tim Abbott eb71173be3 lint: Fix warnings under confirmation/. 2016-06-20 08:19:54 -07:00
Max a6e60419c4 Add types to confirmation/views.py and zerver/tornadoviews.py 2016-06-03 11:26:30 -07:00
Umair Khan 5359e6b0d4 Convert Zulip to use Jinja2 templates.
This results in a substantial performance improvement for all of
Zulip's backend templates.

Changes in templates:
- Change `block.super` to `super()`.
- Remove `load` tag because Jinja2 doesn't support it.
- Use `minified_js()|safe` instead of `{% minified_js %}`.
- Use `compressed_css()|safe` instead of `{% compressed_css %}`.
- `forloop.first` -> `loop.first`.
- Use `{{ csrf_input }}` instead of `{% csrf_token %}`.
- Use `{# ... #}` instead of `{% comment %}`.
- Use `url()` instead of `{% url %}`.
- Use `_()` instead of `{% trans %}` because in Jinja `trans` is a block tag.
- Use `{% trans %}` instead of `{% blocktrans %}`.
- Use `{% raw %}` instead of `{% verbatim %}`.

Changes in tools:
- Check for `trans` block in `check-templates` instead of `blocktrans`

Changes in backend:
- Create custom `render_to_response` function which takes `request` objects
  instead of `RequestContext` object. There are two reasons to do this:
    1. `RequestContext` is not compatible with Jinja2
    2. `RequestContext` in `render_to_response` is deprecated.
- Add Jinja2 related support files in zproject/jinja2 directory. It
  includes a custom backend and a template renderer, compressors for js
  and css and Jinja2 environment handler.
- Enable `slugify` and `pluralize` filters in Jinja2 environment.

Fixes #620.
2016-05-09 09:55:18 -07:00
David Roe 3f7cb34b00 enterprise => voyager
(imported from commit 04be792bb480d5e5db1c91d296d1000cf1682571)
2015-08-21 10:33:35 -07:00
David Roe edf7e732a2 ENTERPRISE => VOYAGER.
(imported from commit 4f8080b9f506a87ca40bef32e39de5218cba916a)
2015-08-21 10:33:35 -07:00
Reid Barton 5ea3bf85de Django 1.8 compatibility: module_name -> model_name
(imported from commit 38ee96c9a8da5b3abfce8ba47f85dd7d59bcb599)
2015-08-20 23:15:44 -07:00
acrefoot daffe049ad Don't use hardcoded noreply@zulip.com, zulip@zulip.com, or https://zulip.com
(imported from commit 1132553b63ae23ebcca746f0f65205b97bfee7dc)
2013-11-15 21:31:37 -05:00
Luke Faraone 00e72cd97d Switch url parameter to full_name from service-specific gafyd_name
(imported from commit 21541da29d2846cfd912d19b73e239e96606f9e5)
2013-11-05 16:17:06 -05:00
Zev Benjamin 80702ccaa0 Add metrics variables to the template context via a context processor
Wrapping render_to_response never actually worked correctly.  On the
login page, mixpanel_token would be missing, but we wouldn't get an
error because it is surrounded by double quotes, which meant that it
was still valid Javascript.

(imported from commit 820ee42fab8f679983e5a3a4309a2feaf690f20f)
2013-06-18 17:07:36 -04:00
Zev Benjamin ae9be7298d Wrap render_to_response
(imported from commit d23aa3e5ad4c5243e83df098953ea4b1f7b3c294)
2013-05-21 17:56:49 -04:00
Luke Faraone c044282af5 [third]: Accept and pass along gafyd_name parameters to confirmation templates.
This allows us to keep a record of the user's name as returned by Google
Apps authentication.

(imported from commit cbfe383a51b480400b8f0e5f40c725562ffc6a66)
2013-04-24 12:03:41 -07:00
Luke Faraone 5531f188c7 Include confirmation key in context object.
This way our templates can reference the confirmation key later.

(imported from commit 4d57e1309386f2236829b6fdf4e4ad43c5b125c8)
2012-10-01 10:45:58 -04:00
Luke Faraone b801b50c26 Include third-party django-confirmation library.
Taken from http://code.google.com/p/django-confirmation/.

Code is under the BSD 3-clause license.

(imported from commit cfb5a511097fe14fba7f1bcea62dfa25cfb58622)
2012-10-01 10:45:57 -04:00