datatracker/ietf/ietfauth/views.py

# Portions Copyright (C) 2009 Nokia Corporation and/or its subsidiary(-ies).
# All rights reserved. Contact: Pasi Eronen <pasi.eronen@nokia.com>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
#  * Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#
#  * Redistributions in binary form must reproduce the above
#    copyright notice, this list of conditions and the following
#    disclaimer in the documentation and/or other materials provided
#    with the distribution.
#
#  * Neither the name of the Nokia Corporation and/or its
#    subsidiary(-ies) nor the names of its contributors may be used
#    to endorse or promote products derived from this software
#    without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

# Copyright The IETF Trust 2007, All Rights Reserved

from datetime import datetime as DateTime, timedelta as TimeDelta

from django.conf import settings
from django.http import Http404  #, HttpResponse, HttpResponseRedirect
from django.shortcuts import render, redirect, get_object_or_404
#from django.contrib.auth import REDIRECT_FIELD_NAME, authenticate, login
from django.contrib.auth.decorators import login_required
#from django.utils.http import urlquote
import django.core.signing
from django.contrib.sites.models import Site
from django.contrib.auth.models import User

import debug                            # pyflakes:ignore

from ietf.group.models import Role
from ietf.ietfauth.forms import RegistrationForm, PasswordForm, ResetPasswordForm, TestEmailForm, WhitelistForm
from ietf.ietfauth.forms import get_person_form, RoleEmailForm, NewEmailForm
from ietf.ietfauth.htpasswd import update_htpasswd_file
from ietf.ietfauth.utils import role_required
from ietf.mailinglists.models import Subscribed, Whitelisted
from ietf.person.models import Person, Email, Alias
from ietf.utils.mail import send_mail

def index(request):
    return render(request, 'registration/index.html')

# def url_login(request, user, passwd):
#     user = authenticate(username=user, password=passwd)
#     redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, '')
#     if user is not None:
#         if user.is_active:
#             login(request, user)
#             return HttpResponseRedirect('/accounts/loggedin/?%s=%s' % (REDIRECT_FIELD_NAME, urlquote(redirect_to)))
#     return HttpResponse("Not authenticated?", status=500)

# @login_required
# def ietf_login(request):
#     if not request.user.is_authenticated():
#         return HttpResponse("Not authenticated?", status=500)
# 
#     redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, '')
#     request.session.set_test_cookie()
#     return HttpResponseRedirect('/accounts/loggedin/?%s=%s' % (REDIRECT_FIELD_NAME, urlquote(redirect_to)))

# def ietf_loggedin(request):
#     if not request.session.test_cookie_worked():
#         return HttpResponse("You need to enable cookies")
#     request.session.delete_test_cookie()
#     redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, '')
#     if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
#         redirect_to = settings.LOGIN_REDIRECT_URL
#     return HttpResponseRedirect(redirect_to)

def create_account(request):
    to_email = None

    if request.method == 'POST':
        form = RegistrationForm(request.POST)
        if form.is_valid():
            to_email = form.cleaned_data['email'] # This will be lowercase if form.is_valid()
            existing = Subscribed.objects.filter(email=to_email).first()
            ok_to_create = ( Whitelisted.objects.filter(email=to_email).exists()
                or existing and (existing.time + TimeDelta(seconds=settings.LIST_ACCOUNT_DELAY)) < DateTime.now() )
            if ok_to_create:
                auth = django.core.signing.dumps(to_email, salt="create_account")

                domain = Site.objects.get_current().domain
                subject = 'Confirm registration at %s' % domain
                from_email = settings.DEFAULT_FROM_EMAIL

                send_mail(request, to_email, from_email, subject, 'registration/creation_email.txt', {
                    'domain': domain,
                    'auth': auth,
                    'username': to_email,
                    'expire': settings.DAYS_TO_EXPIRE_REGISTRATION_LINK,
                })
            else:
                return render(request, 'registration/manual.html', { 'account_request_email': settings.ACCOUNT_REQUEST_EMAIL })
    else:
        form = RegistrationForm()

    return render(request, 'registration/create.html', {
        'form': form,
        'to_email': to_email,
    })

def confirm_account(request, auth):
    try:
        email = django.core.signing.loads(auth, salt="create_account", max_age=settings.DAYS_TO_EXPIRE_REGISTRATION_LINK * 24 * 60 * 60)
    except django.core.signing.BadSignature:
        raise Http404("Invalid or expired auth")

    if User.objects.filter(username=email).exists():
        return redirect(profile)

    success = False
    if request.method == 'POST':
        form = PasswordForm(request.POST)
        if form.is_valid():
            password = form.cleaned_data["password"]

            user = User.objects.create(username=email, email=email)
            user.set_password(password)
            user.save()
            # password is also stored in htpasswd file
            update_htpasswd_file(email, password)

            # make sure the rest of the person infrastructure is
            # well-connected
            email_obj = Email.objects.filter(address=email).first()

            person = None
            if email_obj and email_obj.person:
                person = email_obj.person

            if not person:
                person = Person.objects.create(user=user,
                                               name=email,
                                               ascii=email)
            if not email_obj:
                email_obj = Email.objects.create(address=email, person=person)
            else:
                if not email_obj.person:
                    email_obj.person = person
                    email_obj.save()

            person.user = user
            person.save()

            success = True
    else:
        form = PasswordForm()

    return render(request, 'registration/confirm_account.html', {
        'form': form,
        'email': email,
        'success': success,
    })

@login_required
def profile(request):
    roles = []
    person = None

    try:
        person = request.user.person
    except Person.DoesNotExist:
        return render(request, 'registration/missing_person.html')

    roles = Role.objects.filter(person=person, group__state='active').order_by('name__name', 'group__name')
    emails = Email.objects.filter(person=person).order_by('-active','-time')
    new_email_forms = []

    if request.method == 'POST':
        person_form = get_person_form(request.POST, instance=person)
        for r in roles:
            r.email_form = RoleEmailForm(r, request.POST, prefix="role_%s" % r.pk)

        for e in request.POST.getlist("new_email", []):
            new_email_forms.append(NewEmailForm({ "new_email": e }))

        forms_valid = [person_form.is_valid()] + [r.email_form.is_valid() for r in roles] + [f.is_valid() for f in new_email_forms]

        email_confirmations = []

        if all(forms_valid):
            updated_person = person_form.save()

            for f in new_email_forms:
                to_email = f.cleaned_data["new_email"]
                if not to_email:
                    continue

                email_confirmations.append(to_email)

                auth = django.core.signing.dumps([person.user.username, to_email], salt="add_email")

                domain = Site.objects.get_current().domain
                subject = u'Confirm email address for %s' % person.name
                from_email = settings.DEFAULT_FROM_EMAIL

                send_mail(request, to_email, from_email, subject, 'registration/add_email_email.txt', {
                    'domain': domain,
                    'auth': auth,
                    'email': to_email,
                    'person': person,
                    'expire': settings.DAYS_TO_EXPIRE_REGISTRATION_LINK,
                })
                

            for r in roles:
                e = r.email_form.cleaned_data["email"]
                if r.email_id != e.pk:
                    r.email = e
                    r.save()

            active_emails = request.POST.getlist("active_emails", [])
            for email in emails:
                email.active = email.pk in active_emails
                email.save()

            # Make sure the alias table contains any new and/or old names.
            existing_aliases = set(Alias.objects.filter(person=person).values_list("name", flat=True))
            curr_names = set(x for x in [updated_person.name, updated_person.ascii, updated_person.ascii_short, updated_person.plain_name(), ] if x)
            new_aliases = curr_names - existing_aliases
            for name in new_aliases:
                Alias.objects.create(person=updated_person, name=name)

            return render(request, 'registration/confirm_profile_update.html', {
                'email_confirmations': email_confirmations,
            })
    else:
        for r in roles:
            r.email_form = RoleEmailForm(r, prefix="role_%s" % r.pk)

        person_form = get_person_form(instance=person)

    return render(request, 'registration/edit_profile.html', {
        'user': request.user,
        'person': person,
        'person_form': person_form,
        'roles': roles,
        'emails': emails,
        'new_email_forms': new_email_forms,
    })

def confirm_new_email(request, auth):
    try:
        username, email = django.core.signing.loads(auth, salt="add_email", max_age=settings.DAYS_TO_EXPIRE_REGISTRATION_LINK * 24 * 60 * 60)
    except django.core.signing.BadSignature:
        raise Http404("Invalid or expired auth")

    person = get_object_or_404(Person, user__username=username)

    # do another round of validation since the situation may have
    # changed since submitting the request
    form = NewEmailForm({ "new_email": email })
    can_confirm = form.is_valid() and email
    new_email_obj = None
    if request.method == 'POST' and can_confirm and request.POST.get("action") == "confirm":
        new_email_obj = Email.objects.create(address=email, person=person)

    return render(request, 'registration/confirm_new_email.html', {
        'username': username,
        'email': email,
        'can_confirm': can_confirm,
        'form': form,
        'new_email_obj': new_email_obj,
    })

def password_reset(request):
    success = False
    if request.method == 'POST':
        form = ResetPasswordForm(request.POST)
        if form.is_valid():
            username = form.cleaned_data['username']

            auth = django.core.signing.dumps(username, salt="password_reset")

            domain = Site.objects.get_current().domain
            subject = 'Confirm password reset at %s' % domain
            from_email = settings.DEFAULT_FROM_EMAIL
            to_email = username # form validation makes sure that this is an email address

            send_mail(request, to_email, from_email, subject, 'registration/password_reset_email.txt', {
                'domain': domain,
                'auth': auth,
                'username': username,
                'expire': settings.DAYS_TO_EXPIRE_REGISTRATION_LINK,
            })

            success = True
    else:
        form = ResetPasswordForm()
    return render(request, 'registration/password_reset.html', {
        'form': form,
        'success': success,
    })


def confirm_password_reset(request, auth):
    try:
        username = django.core.signing.loads(auth, salt="password_reset", max_age=settings.DAYS_TO_EXPIRE_REGISTRATION_LINK * 24 * 60 * 60)
    except django.core.signing.BadSignature:
        raise Http404("Invalid or expired auth")

    user = get_object_or_404(User, username=username)

    success = False
    if request.method == 'POST':
        form = PasswordForm(request.POST)
        if form.is_valid():
            password = form.cleaned_data["password"]

            user.set_password(password)
            user.save()
            # password is also stored in htpasswd file
            update_htpasswd_file(user.username, password)

            success = True
    else:
        form = PasswordForm()

    return render(request, 'registration/change_password.html', {
        'form': form,
        'username': username,
        'success': success,
    })

def test_email(request):
    """Set email address to which email generated in the system will be sent."""
    if settings.SERVER_MODE == "production":
        raise Http404

    # Note that the cookie set here is only used when running in
    # "test" mode, normally you run the server in "development" mode,
    # in which case email is sent out as usual; for development, you
    # can easily start a little email debug server with Python, see
    # the instructions in utils/mail.py.

    cookie = None

    if request.method == "POST":
        form = TestEmailForm(request.POST)
        if form.is_valid():
            cookie = form.cleaned_data['email']
    else:
        form = TestEmailForm(initial=dict(email=request.COOKIES.get('testmailcc')))

    r = render(request, 'ietfauth/testemail.html', {
        "form": form,
        "cookie": cookie if cookie != None else request.COOKIES.get("testmailcc", "")
    })

    if cookie != None:
        r.set_cookie("testmailcc", cookie)

    return r

@role_required('Secretariat')
def add_account_whitelist(request):
    success = False
    if request.method == 'POST':
        form = WhitelistForm(request.POST)
        if form.is_valid():
            email = form.cleaned_data['email']
            entry = Whitelisted(email=email, by=request.user.person)
            entry.save()
            success = True
    else:
        form = WhitelistForm()

    return render(request, 'ietfauth/whitelist_form.html', {
        'form': form,
        'success': success,
    })