Removed account creation/password changing functionality

- Legacy-Id: 1722

ietf/ietfauth/forms.py

@@ -1,40 +0,0 @@
-# Copyright The IETF Trust 2007, All Rights Reserved
-from django import newforms as forms
-from django.conf import settings
-import hmac, sha
-import time
-
-class EmailForm(forms.Form):
-    email = forms.EmailField()
-
-def email_hash(email, timestamp):
-    return hmac.new(settings.SECRET_KEY, "%d%s" % (timestamp, email), sha).hexdigest()
-
-class ChallengeForm(forms.Form):
-    email = forms.EmailField()
-    timestamp = forms.IntegerField()
-    hash = forms.CharField()
-    def clean_timestamp(self):
-	now = int(time.time())
-	timestamp = self.clean_data['timestamp']
-	if timestamp > now:
-	    raise forms.ValidationError, 'Timestamp in the future'
-	if timestamp < (now - 86400*settings.PASSWORD_DAYS):
-	    raise forms.ValidationError, 'Timestamp is too old'
-	return timestamp
-    def clean_hash(self):
-    	if self.clean_data['hash'] != email_hash(self.clean_data['email'], self.clean_data['timestamp']):
-	    raise forms.ValidationError, 'Hash is incorrect'
-	return self.clean_data['hash']
-
-class PWForm(forms.Form):
-    password = forms.CharField(label='Enter your desired password', widget=forms.PasswordInput())
-    repeat = forms.CharField(label='Re-enter the same password', widget=forms.PasswordInput())
-    def clean_repeat(self):
-	if self.clean_data['password'] != self.clean_data['repeat']:
-	    raise forms.ValidationError, 'Passwords do not match'
-
-# Field lengths from PersonOrOrgInfo
-class FirstLastForm(forms.Form):
-    first = forms.CharField(label='First Name', max_length=20, widget = forms.TextInput(attrs = {'size': 20}))
-    last = forms.CharField(label='Last Name', max_length=50, widget = forms.TextInput(attrs = {'size': 50}))

ietf/ietfauth/testurl.list

@@ -1,2 +1 @@
-302 /account/password_change/
 302 /account/profile/

ietf/ietfauth/urls.py

@@ -7,13 +7,8 @@ from ietf.my.views import my
 urlpatterns = patterns('django.contrib.auth.views',
 	(r'^login/$', 'login'),
 	(r'^logout/$', 'logout'),
-	(r'^password_change/$', 'password_change'),
-	(r'^password_change/done/$', 'password_change_done'),
 )
 urlpatterns += patterns('',
         (r'^$', 'django.views.generic.simple.direct_to_template', {'template': 'registration/account_info.html'}),
-	(r'^request/$', views.password_request),
-	(r'^return/$', views.password_return),
-	(r'^return/(?P<action>\w+)/$', 'django.views.generic.simple.direct_to_template', {'template': 'registration/action_done.html'}),
 	(r'^profile/$', my)
 )

ietf/ietfauth/views.py

@@ -1,101 +1,2 @@
 # Copyright The IETF Trust 2007, All Rights Reserved
-from django.conf import settings
-from django.shortcuts import render_to_response
-from django.template.context import RequestContext
-from django.http import HttpResponseRedirect
-from django.contrib.sites.models import Site
-from django.contrib.auth.models import User
-from ietf.idtracker.models import PersonOrOrgInfo
-from ietf.ietfauth.models import UserMap
-from ietf.ietfauth.forms import EmailForm, ChallengeForm, PWForm, FirstLastForm, email_hash
-from ietf.ietfauth.auth import set_password
-from ietf.utils.mail import send_mail
-from ietf.utils.users import create_user
-from ietf.utils.log import log
-import time
 
-def password_request(request):
-    if request.method == 'POST':
-	form = EmailForm(request.POST)
-	if form.is_valid():
-	    timestamp = int(time.time())
-	    email = form.clean_data['email']
-	    hash = email_hash(email, timestamp)
-	    site = Site.objects.get_current()
-	    context = {'timestamp': timestamp, 'email': email, 'hash': hash, 'days': settings.PASSWORD_DAYS, 'site': site}
-	    send_mail(request, email, None, 'IETF Datatracker Password',
-			'registration/password_email.txt', context, toUser=True)
-	    return render_to_response('registration/challenge_sent.html', context,
-			context_instance=RequestContext(request))
-    else:
-	form = EmailForm()
-    return render_to_response('registration/password_request.html', {'form': form},
-		context_instance=RequestContext(request))
-
-def password_return(request):
-    form = ChallengeForm(request.REQUEST)
-    if form.is_valid():
-	email = form.clean_data['email']
-	method = request.method
-	try:
-	    # Is there a django user?
-	    user = User.objects.get(email__iexact=email)
-	    try:
-		usermap = UserMap.objects.get(user=user)
-		person = usermap.person
-	    except UserMap.DoesNotExist:
-		person = None
-	except User.DoesNotExist:
-	    # Is there an IETF person, and a usermap to a django user,
-	    # e.g., the django user table has the wrong email address?
-	    user = None
-	    try:
-		person = PersonOrOrgInfo.objects.distinct().get(emailaddress__address__iexact=email)
-		try:
-		    usermap = UserMap.objects.get(person=person)
-		    user = usermap.user
-		except UserMap.DoesNotExist:
-		    pass
-	    except PersonOrOrgInfo.DoesNotExist:
-		person = None
-	if person is None:
-	    # If there's no IETF person, try creating one.
-	    if method == 'POST':
-		flform = FirstLastForm(request.POST)
-		if flform.is_valid():
-		    person = PersonOrOrgInfo( first_name=flform.clean_data['first'], last_name=flform.clean_data['last'], created_by='SelfSvc' )
-		    person.save()
-		    person.emailaddress_set.create( type='INET', priority=1, address=email, comment='Created with SelfService' )
-		    # fall through to "if user or person"
-		    # hack:
-		    # pretend to the fall-through form that we used GET.
-		    method = 'GET'
-	    else:
-		flform = FirstLastForm()
-		return render_to_response('registration/new_person_form.html', {'form': form, 'flform': flform},
-			context_instance=RequestContext(request))
-	if user or person:
-	    # form to get a password, either for reset or new user
-	    if method == 'POST':
-		pwform = PWForm(request.POST)
-		if pwform.is_valid():
-		    pw = pwform.clean_data['password']
-		    if user:
-			set_password(user, pw)
-			user.save()
-			return HttpResponseRedirect('changed/')
-		    else:
-			create_user(None, email, person, pw=pw)
-			return HttpResponseRedirect('created/')
-	    else:
-		pwform = PWForm()
-	    return render_to_response('registration/password_form.html', {'u': user, 'person': person, 'form': form, 'pwform': pwform},
-		    context_instance=RequestContext(request))
-	else:
-	    # We shouldn't get here.
-	    return render_to_response('registration/generic_failure.html', {},
-		    context_instance=RequestContext(request))
-    else:
-	log("bad challenge for %s: %s" % (form.data.get('email', '<None>'), form.errors.as_text().replace('\n', ' ').replace('   *', ':')))
-	return render_to_response('registration/bad_challenge.html', {'form': form, 'days': settings.PASSWORD_DAYS},
-		context_instance=RequestContext(request))

ietf/templates/registration/action_done.html

@@ -1,23 +0,0 @@
-{% extends "base.html" %}
-
-{% block title %}Success{% endblock %}
-
-{% block content %}
-<h1>Success</h1>
-
-<p>Your
-{% ifequal params.action "changed" %}
-password
-{% else %}
-account
-{% endifequal %}
-has been {{ params.action }}.  You can bask in the glow of your
-{% ifequal params.action "changed" %}
-changed password,
-{% else %}
-new account,
-{% endifequal %}
-or you can <a href="{% url django.contrib.auth.views.login %}">visit the
-login page</a> and exercise it.
-</p>
-{% endblock %}

ietf/templates/registration/bad_challenge.html

@@ -1,22 +0,0 @@
-{% extends "base.html" %}
-
-{% block title %}Bad Challenge{% endblock %}
-
-{% block content %}
-<h1>Bad Challenge</h1>
-
-<p>Sorry, the URL you used was incorrect.  Make sure that you copied it
-properly from the email you received.</p>
-
-{% comment %}
-if we feel like it, report the detailed error
-<table>
-<tr><th colspan="2">DEBUG</th></tr>
-{{ form }}
-</table>
-{% endcomment %}
-
-<p>Note that these URLs expire after {{ days }} days, so you may need
-to <a href="{% url ietf.ietfauth.views.password_request %}">request
-another one</a>.</p>
-{% endblock %}

ietf/templates/registration/challenge_sent.html

@@ -1,13 +0,0 @@
-{% extends "base.html" %}
-
-{% block title %}Challenge Sent{% endblock %}
-
-{% block content %}
-<h1>Challenge Sent</h1>
-
-<p>
-A URL has been sent to the email address that you provided.
-Wait for that message to arrive, then come back to the URL
-provided in the email to continue your requested operation.
-</p>
-{% endblock %}

ietf/templates/registration/new_person_form.html

@@ -1,18 +0,0 @@
-{% extends "base.html" %}
-
-{% block title %}New User Creation{% endblock %}
-
-{% block content %}
-Creating New IETF User
-<form action="" method="POST">
-{# keep the challenge token with the transaction #}
-{{ form.timestamp.as_hidden }}
-{{ form.email.as_hidden }}
-{{ form.hash.as_hidden }}
-<table>
-{{ flform }}
-</table>
-<input type="submit">
-</form>
-
-{% endblock %}

ietf/templates/registration/password_change_done.html

@@ -1,11 +0,0 @@
-{% extends "base.html" %}
-
-{% block title %}Password change successful{% endblock %}
-
-{% block content %}
-
-<h1>Password change successful</h1>
-
-<p>Your password was changed.</p>
-
-{% endblock %}

ietf/templates/registration/password_change_form.html

@@ -1,23 +0,0 @@
-{% extends "base.html" %}
-
-{% block title %}Password change{% endblock %}
-
-{% block content %}
-
-<h1>Password change</h1>
-
-<p>Please enter your old password, for security's sake, and then enter your new password twice so we can verify you typed it in correctly.</p>
-
-<form action="" method="post">
-
-{% if form.old_password.errors %}{{ form.old_password.html_error_list }}{% endif %}
-<p class="aligned wide"><label for="id_old_password">Old password:</label>{{ form.old_password }}</p>
-{% if form.new_password1.errors %}{{ form.new_password1.html_error_list }}{% endif %}
-<p class="aligned wide"><label for="id_new_password1">New password:</label>{{ form.new_password1 }}</p>
-{% if form.new_password2.errors %}{{ form.new_password2.html_error_list }}{% endif %}
-<p class="aligned wide"><label for="id_new_password2">Confirm password:</label>{{ form.new_password2 }}</p>
-
-<p><input type="submit" value="Change my password" /></p>
-</form>
-
-{% endblock %}

ietf/templates/registration/password_email.txt

@@ -1,9 +0,0 @@
-Hi,
-
-{% filter wordwrap:72 %}Someone gave this email address as theirs when requesting a password change or new account at {{ site.name }}.  If that was you, please visit this URL to continue the process:{% endfilter %}
-
-http://{{ site.domain }}{% url ietf.ietfauth.views.password_return %}?timestamp={{ timestamp }}&email={{ email|urlencode }}&hash={{ hash }}
-
-This link is valid for {{ days }} days.
-
-If that someone wasn't you, then you can ignore this email.

ietf/templates/registration/password_form.html

@@ -1,22 +0,0 @@
-{% extends "base.html" %}
-
-{% block title %}Password Entry{% endblock %}
-
-{% block content %}
-{% if u %}
-Resetting password for {{ u.username }} ({{ u.get_full_name|escape }}).
-{% else %}
-Creating new account for {{ person }}
-{% endif %}
-<form action="" method="POST">
-{# keep the challenge token with the transaction #}
-{{ form.timestamp.as_hidden }}
-{{ form.email.as_hidden }}
-{{ form.hash.as_hidden }}
-<table>
-{{ pwform }}
-</table>
-<input type="submit">
-</form>
-
-{% endblock %}

ietf/templates/registration/password_request.html

@@ -1,17 +0,0 @@
-{% extends "base.html" %}
-
-{% block title %}Password Request{% endblock %}
-
-{% block content %}
-<h1>Password Request</h1>
-
-<p>This form allows you to confirm that you own an email address,
-in order to change your password or register a new account.</p>
-
-<form action="" method="POST">
-<table>
-{{ form }}
-</table>
-<input type="submit">
-</form>
-{% endblock %}