annotate gpp/accounts/views.py @ 503:2c2df8545112

Changed the lockout time on logins to 2 minutes.
author Brian Neal <bgneal@gmail.com>
date Sat, 03 Dec 2011 15:07:01 +0000
parents 886cc99e8406
children
rev   line source
bgneal@500 1 """
bgneal@500 2 Views for the accounts application.
gremmie@1 3
bgneal@500 4 """
gremmie@1 5 import datetime
bgneal@74 6 import logging
bgneal@74 7
gremmie@1 8 from django.shortcuts import render_to_response
gremmie@1 9 from django.template import RequestContext
bgneal@500 10 from django.template.loader import render_to_string
bgneal@259 11 from django.contrib.auth.models import User
bgneal@500 12 from django.http import HttpResponse, HttpResponseRedirect
gremmie@1 13 from django.core.urlresolvers import reverse
bgneal@6 14 from django.conf import settings
bgneal@500 15 from django.contrib.auth.forms import AuthenticationForm
bgneal@500 16 from django.contrib.auth import login
bgneal@500 17 from django.utils import simplejson
gremmie@1 18
gremmie@1 19 from accounts.models import PendingUser
gremmie@1 20 from accounts.forms import RegisterForm
bgneal@347 21 from accounts import create_new_user
bgneal@472 22 from antispam.decorators import rate_limit
gremmie@1 23
gremmie@1 24
gremmie@1 25 #######################################################################
gremmie@1 26
bgneal@472 27 @rate_limit(count=10, interval=datetime.timedelta(minutes=1))
gremmie@1 28 def register(request):
bgneal@74 29 if request.user.is_authenticated():
bgneal@74 30 return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
gremmie@1 31
bgneal@74 32 if request.method == 'POST':
bgneal@74 33 form = RegisterForm(request.POST, ip=request.META.get('REMOTE_ADDR', '?'))
bgneal@74 34 if form.is_valid():
bgneal@74 35 form.save()
bgneal@74 36 return HttpResponseRedirect(reverse('accounts.views.register_thanks'))
bgneal@74 37 else:
bgneal@74 38 form = RegisterForm()
gremmie@1 39
bgneal@74 40 return render_to_response('accounts/register.html', {
bgneal@74 41 'form': form,
bgneal@74 42 },
bgneal@74 43 context_instance = RequestContext(request))
gremmie@1 44
gremmie@1 45 #######################################################################
gremmie@1 46
gremmie@1 47 def register_thanks(request):
bgneal@74 48 if request.user.is_authenticated():
bgneal@74 49 return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
gremmie@1 50
bgneal@74 51 return render_to_response('accounts/register_thanks.html',
bgneal@74 52 context_instance = RequestContext(request))
gremmie@1 53
gremmie@1 54 #######################################################################
gremmie@1 55
gremmie@1 56 def register_confirm(request, username, key):
bgneal@74 57 if request.user.is_authenticated():
bgneal@74 58 return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
bgneal@316 59
bgneal@74 60 # purge expired users
gremmie@1 61
bgneal@74 62 PendingUser.objects.purge_expired()
gremmie@1 63
bgneal@74 64 ip = request.META.get('REMOTE_ADDR', '?')
bgneal@74 65 try:
bgneal@74 66 pending_user = PendingUser.objects.get(username = username)
bgneal@74 67 except PendingUser.DoesNotExist:
bgneal@316 68 logging.error('Accounts register_confirm [%s]: user does not exist: %s', ip, username)
bgneal@74 69 return render_to_response('accounts/register_failure.html', {
bgneal@74 70 'username': username,
bgneal@74 71 },
bgneal@74 72 context_instance = RequestContext(request))
gremmie@1 73
bgneal@74 74 if pending_user.key != key:
bgneal@316 75 logging.error('Accounts register_confirm [%s]: key error: %s', ip, username)
bgneal@74 76 return render_to_response('accounts/register_failure.html', {
bgneal@74 77 'username': username,
bgneal@74 78 },
bgneal@74 79 context_instance = RequestContext(request))
gremmie@1 80
bgneal@347 81 create_new_user(pending_user, ip)
gremmie@1 82
bgneal@74 83 return render_to_response('accounts/register_success.html', {
bgneal@74 84 'username': username,
bgneal@74 85 },
bgneal@74 86 context_instance = RequestContext(request))
bgneal@500 87
bgneal@500 88 #######################################################################
bgneal@500 89
bgneal@503 90 @rate_limit(count=10, interval=datetime.timedelta(minutes=1),
bgneal@503 91 lockout=datetime.timedelta(minutes=2))
bgneal@500 92 def login_ajax(request):
bgneal@500 93 """
bgneal@500 94 This view function handles a login via AJAX.
bgneal@500 95
bgneal@500 96 """
bgneal@500 97 if not request.is_ajax():
bgneal@500 98 return HttpResponseRedirect(reverse('accounts-login'))
bgneal@500 99
bgneal@500 100 response = {
bgneal@500 101 'success': False,
bgneal@500 102 'error': '',
bgneal@500 103 'navbar_html': ''
bgneal@500 104 }
bgneal@500 105
bgneal@500 106 if request.method == "POST":
bgneal@500 107 form = AuthenticationForm(data=request.POST)
bgneal@500 108 if form.is_valid():
bgneal@500 109 login(request, form.get_user())
bgneal@500 110 response['success'] = True
bgneal@500 111 response['navbar_html'] = render_to_string('navbar.html',
bgneal@500 112 {'user': request.user}, RequestContext(request))
bgneal@500 113 else:
bgneal@500 114 response['error'] = 'Invalid username or password'
bgneal@500 115
bgneal@500 116 return HttpResponse(simplejson.dumps(response),
bgneal@500 117 content_type='application/json')