diff options
Diffstat (limited to 'users')
| -rw-r--r-- | users/forms.py | 1 | ||||
| -rw-r--r-- | users/templates/email_change_verification_email.html | 2 | ||||
| -rw-r--r-- | users/tokens.py | 11 | ||||
| -rw-r--r-- | users/urls.py | 1 | ||||
| -rw-r--r-- | users/views.py | 55 |
5 files changed, 48 insertions, 22 deletions
diff --git a/users/forms.py b/users/forms.py index 5ef95543..8b02fef5 100644 --- a/users/forms.py +++ b/users/forms.py @@ -65,7 +65,6 @@ class RegisterForm(forms.Form): return user - class UpdateUserDetailsForm(forms.Form): first_name = forms.CharField(label='First name', max_length=30, required=False, widget=forms.TextInput(attrs={'placeholder': 'First name'})) last_name = forms.CharField(label='Last name', max_length=30, required=False, widget=forms.TextInput(attrs={'placeholder': 'Last name'})) diff --git a/users/templates/email_change_verification_email.html b/users/templates/email_change_verification_email.html index d016578b..a1347fbd 100644 --- a/users/templates/email_change_verification_email.html +++ b/users/templates/email_change_verification_email.html @@ -2,7 +2,7 @@ Hi {{ user }}, We received a request to change you email address on {{ site_name }}. To verify and change your email address, please click the link below. -{{ protocol }}{{ domain }}{% url 'users:changeemail' uidb64=uid token=token %} +{{ protocol }}{{ domain }}/users/changeemail/{{ uid }}/{{ token }}. Please ignore this email if you did not make this request. diff --git a/users/tokens.py b/users/tokens.py index 77bd4e88..1e481b3e 100644 --- a/users/tokens.py +++ b/users/tokens.py @@ -1,4 +1,3 @@ -import cryptocode import os from django.contrib.auth.tokens import PasswordResetTokenGenerator from dotenv import load_dotenv @@ -17,11 +16,17 @@ class AccountActivationTokenGenerator(PasswordResetTokenGenerator): class EmailChangeTokenGenerator(): def encrypt(self, email): auth_string = os.getenv('AUTHORIZATION_STRING') - return cryptocode.encrypt(email, auth_string) + key = auth_string.encode('utf-8')[0:16] + cipher = AES.new(key, AES.MODE_CFB, key) + return cipher.encrypt(email.encode('utf-8')).hex() + def decrypt(self, token): auth_string = os.getenv('AUTHORIZATION_STRING') - return cryptocode.decrypt(token, auth_string) + key = auth_string.encode('utf-8')[0:16] + cipher = AES.new(key, AES.MODE_CFB, key) + return cipher.decrypt(bytes.fromhex(token)).decode('utf-8') + class CaptchaTokenGenerator(): def encrypt(self, captcha_string): diff --git a/users/urls.py b/users/urls.py index 1450653e..b486edb5 100644 --- a/users/urls.py +++ b/users/urls.py @@ -13,6 +13,7 @@ urlpatterns = [ path('/sendchangeuseremail', views.send_change_user_email, name='sendchangeuseremail'), path('/changeemail/<uidb64>/<token>', views.change_email, name='changeemail'), path('updateavatar', views.update_avatar, name='updateavatar'), + path('/delete', views.delete_user, name='delete'), ] # Configure Admin Site diff --git a/users/views.py b/users/views.py index 64449f20..02f82902 100644 --- a/users/views.py +++ b/users/views.py @@ -55,16 +55,36 @@ def update_user(request): if form.is_valid(): form.save() messages.success(request, 'Profile was successfully updated!') - return redirect(reverse('blog:account') + '?tab=details') + return HttpResponseRedirect(request.META.get('HTTP_REFERER')) else: messages.error(request, 'Unable to update profile! Please try again later.') - return redirect(reverse('blog:account') + '?tab=details') + return HttpResponseRedirect(request.META.get('HTTP_REFERER')) else: - return redirect(reverse('blog:account') + '?tab=details') + return HttpResponseRedirect(request.META.get('HTTP_REFERER')) else: messages.error(request, 'You must be logged in to update your profile!') return redirect('blog:home') +def delete_user(request): + user = request.user + if user is not None: + if request.method == 'POST': + password = request.POST['password'] + if user.check_password(password): + # delete user, all comments, user profile details, and all posts + user.delete() + messages.success(request, 'Your account was successfully deleted!') + return redirect('blog:home') + else: + messages.error(request, 'Incorrect password!') + return HttpResponseRedirect(request.META.get('HTTP_REFERER')) + else: + messages.error(request, 'Unable to delete account! Please try again later.') + return HttpResponseRedirect(request.META.get('HTTP_REFERER')) + else: + messages.error(request, 'You must be logged in to delete your account!') + return redirect('blog:home') + def update_avatar(request): user = request.user if user is not None: @@ -73,10 +93,10 @@ def update_avatar(request): user_profile.avatar_url = request.POST['avatar'] user_profile.save() messages.success(request, 'Avatar was successfully updated!') - return redirect(reverse('blog:account') + '?tab=avatar') + return HttpResponseRedirect(request.META.get('HTTP_REFERER')) else: messages.error(request, 'Unable to update avatar! Please try again later.') - return redirect(reverse('blog:account') + '?tab=avatar') + return HttpResponseRedirect(request.META.get('HTTP_REFERER')) else: messages.error(request, 'You must be logged in to update your avatar!') return redirect('blog:home') @@ -95,13 +115,13 @@ def change_password(request): user.save() update_session_auth_hash(request, user) messages.success(request, 'Password was successfully changed!') - return redirect('blog:account') + return HttpResponseRedirect(request.META.get('HTTP_REFERER')) else: messages.error(request, 'The new password and confirmation password do not match!') - return redirect('blog:account') + return HttpResponseRedirect(request.META.get('HTTP_REFERER')) else: messages.error(request, 'Old password is incorrect!') - return redirect('blog:account') + return HttpResponseRedirect(request.META.get('HTTP_REFERER')) else: messages.error(request, 'Unable to change password! Please try again later.') return redirect('blog:home') @@ -118,8 +138,8 @@ def send_verification_email(request): 'site_name': 'That Computer Scientist', 'uid': urlsafe_base64_encode(force_bytes(user.pk)), 'token': account_activation_token.make_token(user), - 'protocol': 'https://' if request.is_secure() else 'http://', - 'domain': get_current_site(request).domain, + 'protocol': request.scheme + '://', + 'domain': request.get_host(), }) message = strip_tags(message) send_mail(subject, message, 'That Computer Scientist <' + settings.EMAIL_HOST_USER + '>', [user.email]) @@ -150,15 +170,16 @@ def send_change_user_email(request): user = request.user new_email = request.POST['email'] if user is not None: + # Check if the new and the old email are the same + if user.email == new_email: + messages.error(request, 'New email is the same as the old one!') + return HttpResponseRedirect(request.META.get('HTTP_REFERER')) + # check if email is already in use if User.objects.filter(email=new_email).exists(): messages.error(request, 'Email is already in use!') # Redirect to referrer return HttpResponseRedirect(request.META.get('HTTP_REFERER')) - # Check if the new and the old email are the same - if user.email == new_email: - messages.error(request, 'New email is the same as the old one!') - return HttpResponseRedirect(request.META.get('HTTP_REFERER')) # Send verification email subject = 'Verify your email address' message = render_to_string('email_change_verification_email.html', { @@ -166,8 +187,8 @@ def send_change_user_email(request): 'site_name': 'That Computer Scientist', 'uid': urlsafe_base64_encode(force_bytes(user.pk)), 'token': EmailChangeTokenGenerator().encrypt(new_email), - 'protocol': 'https://' if request.is_secure() else 'http://', - 'domain': get_current_site(request).domain, + 'protocol': request.scheme + '://', + 'domain': request.get_host(), }) message = strip_tags(message) send_mail(subject, message, 'That Computer Scientist <' + settings.EMAIL_HOST_USER + '>', [new_email]) @@ -188,7 +209,7 @@ def change_email(request, uidb64, token): user.email = new_email user.save() messages.success(request, 'Email was successfully changed!') - return redirect('blog:account') + return redirect(reverse('blog:account') + '?tab=email') else: messages.error(request, 'The verification link is invalid!') return redirect('blog:home') |