Registraion function with captcha working

7 files changed, 102 insertions, 59 deletions

diff --git a/users/admin.py b/users/admin.py
index 49d40cef..f5116502 100644
--- a/users/admin.py
+++ b/users/admin.py
@@ -1,7 +1,6 @@
 from django.contrib import admin
 
 # Register your models here.
-from .models import UserProfile, CaptchaStore
+from .models import UserProfile
 
 admin.site.register(UserProfile)
-admin.site.register(CaptchaStore)
diff --git a/users/forms.py b/users/forms.py
new file mode 100644
index 00000000..de13fe27
--- /dev/null
+++ b/users/forms.py
@@ -0,0 +1,67 @@
+# Registration form
+
+from django import forms
+from django.contrib.auth.models import User
+from users.models import UserProfile
+from django.core.mail import send_mail
+from django.conf import settings
+from django.template.loader import render_to_string
+from django.utils.html import strip_tags
+from django.utils.encoding import force_bytes
+from django.utils.http import urlsafe_base64_encode
+from .tokens import account_activation_token
+
+class RegisterForm(forms.Form):
+    username = forms.CharField(label='Username', max_length=30)
+    email = forms.EmailField(label='Email')
+    password1 = forms.CharField(label='Password', widget=forms.PasswordInput)
+    password2 = forms.CharField(label='Password (again)', widget=forms.PasswordInput)
+    captcha = forms.CharField(label='Captcha', max_length=6)
+    expected_captcha = None
+
+    def __init__(self, *args, **kwargs):
+        if 'expected_captcha' in kwargs:
+            self.expected_captcha = kwargs.pop('expected_captcha')
+        super().__init__(*args, **kwargs)
+
+    def clean(self):
+        cleaned_data = super().clean()
+        password1 = cleaned_data.get('password1')
+        password2 = cleaned_data.get('password2')
+        captcha = cleaned_data.get('captcha')
+        if password1 and password2:
+            if password1 != password2:
+                raise forms.ValidationError('Passwords do not match.')
+        if str.lower(captcha) != str.lower(self.expected_captcha):
+            raise forms.ValidationError('Captcha does not match.')
+        if User.objects.filter(username=cleaned_data.get('username')).exists():
+            raise forms.ValidationError('Username already exists.')
+        if User.objects.filter(email=cleaned_data.get('email')).exists():
+            raise forms.ValidationError('Email already exists.')
+        return cleaned_data
+
+    def save(self, request):
+        user = User.objects.create_user(
+            username=self.cleaned_data.get('username'),
+            email=self.cleaned_data.get('email'),
+            password=self.cleaned_data.get('password1'),
+        )
+        user.save()
+        user_profile = UserProfile.objects.create(user=user)
+        user_profile.save()
+
+        # Send verification email
+        subject = 'Verify your email address'
+        message = render_to_string('verification_email.html', {
+            'user': user.username if user.first_name is None else user.first_name,
+            'site_name': 'That Computer Scientist',
+            'uid': urlsafe_base64_encode(force_bytes(user.pk)),
+            'token': account_activation_token.make_token(user),
+            'protocol': 'https://' if request.is_secure() else 'http://',
+            'domain': request.get_host(),
+        })
+        message = strip_tags(message)
+        send_mail(subject, message, 'That Computer Scientist <' + settings.EMAIL_HOST_USER + '>', [user.email], fail_silently=False)
+
+        return user
+
diff --git a/users/migrations/0009_delete_captchastore.py b/users/migrations/0009_delete_captchastore.py
new file mode 100644
index 00000000..dbde60c8
--- /dev/null
+++ b/users/migrations/0009_delete_captchastore.py
@@ -0,0 +1,16 @@
+# Generated by Django 4.1.4 on 2022-12-28 12:41
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("users", "0008_remove_userprofile_gravatar_email_and_more"),
+    ]
+
+    operations = [
+        migrations.DeleteModel(
+            name="CaptchaStore",
+        ),
+    ]
diff --git a/users/models.py b/users/models.py
index 746814ef..1b97e871 100644
--- a/users/models.py
+++ b/users/models.py
@@ -16,11 +16,4 @@ class UserProfile(models.Model):
 
     def __str__(self):
         return self.user.username
-        
-class CaptchaStore(models.Model):
-    captcha_string = models.CharField(max_length=6)
-    csrf_token = models.CharField(max_length=100)
-    created_at = models.DateTimeField(auto_now_add=True)
 
-    def __str__(self):
-        return self.captcha_string
diff --git a/users/tokens.py b/users/tokens.py
index c127fa45..77bd4e88 100644
--- a/users/tokens.py
+++ b/users/tokens.py
@@ -3,6 +3,9 @@ import os
 from django.contrib.auth.tokens import PasswordResetTokenGenerator
 from dotenv import load_dotenv
 from six import text_type
+from Crypto.Cipher import AES
+
+load_dotenv()
 
 class AccountActivationTokenGenerator(PasswordResetTokenGenerator):
     def _make_hash_value(self, user, timestamp):
@@ -20,4 +23,17 @@ class EmailChangeTokenGenerator():
         auth_string = os.getenv('AUTHORIZATION_STRING')
         return cryptocode.decrypt(token, auth_string)
 
+class CaptchaTokenGenerator():
+    def encrypt(self, captcha_string):
+        auth_string = os.getenv('AUTHORIZATION_STRING')
+        key = auth_string.encode('utf-8')[0:16]
+        cipher = AES.new(key, AES.MODE_CFB, key)
+        return cipher.encrypt(captcha_string.encode('utf-8')).hex()
+
+    def decrypt(self, token):
+        auth_string = os.getenv('AUTHORIZATION_STRING')
+        key = auth_string.encode('utf-8')[0:16]
+        cipher = AES.new(key, AES.MODE_CFB, key)
+        return cipher.decrypt(bytes.fromhex(token)).decode('utf-8')
+
 account_activation_token = AccountActivationTokenGenerator()
diff --git a/users/urls.py b/users/urls.py
index 220f57f3..02a7e302 100644
--- a/users/urls.py
+++ b/users/urls.py
@@ -12,7 +12,6 @@ urlpatterns = [
     path('/verifyemail/<uidb64>/<token>', views.verify_email, name='verifyemail'),
     path('/sendchangeuseremail', views.send_change_user_email, name='sendchangeuseremail'),
     path('/changeemail/<uidb64>/<token>', views.change_email, name='changeemail'),
-    path('/register', views.register, name='register'),
 ]
 
 # Configure Admin Site
diff --git a/users/views.py b/users/views.py
index 7857bbe7..05d379ff 100644
--- a/users/views.py
+++ b/users/views.py
@@ -1,8 +1,8 @@
 from django.http import HttpResponseRedirect
-from django.shortcuts import render, redirect
+from django.shortcuts import redirect
 from django.contrib.auth import authenticate, login, logout, update_session_auth_hash
 from django.contrib import messages
-from .models import UserProfile, CaptchaStore
+from .models import UserProfile
 from django.contrib.auth.models import User
 from django.core.mail import send_mail
 from django.conf import settings
@@ -13,7 +13,6 @@ from django.utils.http import urlsafe_base64_encode
 from django.contrib.sites.shortcuts import get_current_site
 from .tokens import account_activation_token, EmailChangeTokenGenerator
 from django.utils.http import urlsafe_base64_decode
-import django.contrib.auth.password_validation as validators
 
 # Create your views here.
 def login_user(request):
@@ -195,49 +194,3 @@ def change_email(request, uidb64, token):
     else:
         messages.error(request, 'The verification link is invalid!')
         return redirect('blog:home')
-
-
-def register(request):
-    if request.method == 'POST':
-        username = request.POST['username']
-        email = request.POST['email']
-        password = request.POST['password']
-        confirm_password = request.POST['password2']
-        captcha = request.POST['captcha']
-        csrf_token = request.META.get('CSRF_COOKIE')
-        current_captcha = CaptchaStore.objects.get(csrf_token=csrf_token).captcha_string
-        if str(captcha).lower() != str(current_captcha).lower():
-            messages.error(request, 'Captcha is incorrect!', extra_tags='captchaError')
-            return HttpResponseRedirect(request.META.get('HTTP_REFERER') + '?u={}&e={}'.format(username, email))
-        if password != confirm_password:
-            messages.error(request, 'Passwords do not match!', extra_tags='password2Error')
-            return HttpResponseRedirect(request.META.get('HTTP_REFERER') + '?u={}&e={}'.format(username, email))
-        if User.objects.filter(username=username).exists():
-            messages.error(request, 'Username is already in use!', extra_tags='usernameError')
-            return HttpResponseRedirect(request.META.get('HTTP_REFERER') + '?e={}'.format(email))
-        if User.objects.filter(email=email).exists():
-            messages.error(request, 'Email is already in use!', extra_tags='emailError')
-            return HttpResponseRedirect(request.META.get('HTTP_REFERER') + '?u={}'.format(username))
-        try:
-            validators.validate_password(password=password)
-        except Exception as e:
-            messages.error(request, e, extra_tags='passwordError')
-            return HttpResponseRedirect(request.META.get('HTTP_REFERER') + '?u={}&e={}'.format(username, email))
-        user = User.objects.create_user(username=username, email=email, password=password)
-        user.save()
-        user_profile = UserProfile(user=user)
-        user_profile.save()
-        # Send verification email
-        subject = 'Verify your email address'
-        message = render_to_string('verification_email.html', {
-            'user': user.username if user.first_name is None else user.first_name,
-            'site_name': 'That Computer Scientist',
-            'uid': urlsafe_base64_encode(force_bytes(user.pk)),
-            'token': account_activation_token.make_token(user),
-            'protocol': 'https://' if request.is_secure() else 'http://',
-            'domain': get_current_site(request).domain,
-        })
-        message = strip_tags(message)
-        send_mail(subject, message, 'That Computer Scientist <' + settings.EMAIL_HOST_USER + '>', [email])
-        messages.success(request, 'Account was created! Please check your email to verify your account.', extra_tags='accountCreated')
-        return redirect('blog:register')