annotate gpp/accounts/forms.py @ 472:7c3816d76c6c

Implement rate limiting on registration and login for #224.
author Brian Neal <bgneal@gmail.com>
date Thu, 25 Aug 2011 02:23:55 +0000
parents 69d0306a6fe7
children b137a0966e4b
rev   line source
gremmie@1 1 """forms for the accounts application"""
gremmie@1 2
bgneal@74 3 import logging
bgneal@74 4
gremmie@1 5 from django import forms
gremmie@1 6 from django.contrib.auth.models import User
gremmie@1 7 from django.core.urlresolvers import reverse
gremmie@1 8 from django.template.loader import render_to_string
gremmie@1 9 from django.contrib.sites.models import Site
bgneal@6 10 from django.conf import settings
gremmie@1 11
gremmie@1 12 from core.functions import send_mail
gremmie@1 13 from accounts.models import PendingUser
gremmie@1 14 from accounts.models import IllegalUsername
gremmie@1 15 from accounts.models import IllegalEmail
bgneal@472 16 from antispam.rate_limit import block_ip
gremmie@1 17
gremmie@1 18
gremmie@1 19 class RegisterForm(forms.Form):
bgneal@74 20 """Form used to register with the website"""
bgneal@346 21 username = forms.RegexField(max_length=30, regex=r'^\w+$',
bgneal@155 22 error_messages={
bgneal@347 23 'invalid': 'Your username must be 30 characters or less and '
bgneal@155 24 'contain only letters, numbers and underscores.'})
bgneal@74 25 email = forms.EmailField()
bgneal@346 26 password1 = forms.CharField(label="Password", widget=forms.PasswordInput)
bgneal@346 27 password2 = forms.CharField(label="Password confirmation", widget=forms.PasswordInput)
bgneal@316 28 agree_age = forms.BooleanField(required=True,
bgneal@155 29 label='I certify that I am over the age of 13',
bgneal@155 30 error_messages={
bgneal@347 31 'required': 'Sorry, but you must be over the age of 13 to '
bgneal@155 32 'register at our site.',
bgneal@155 33 })
bgneal@316 34 agree_tos = forms.BooleanField(required=True,
bgneal@155 35 label='I agree to the Terms of Service',
bgneal@155 36 error_messages={
bgneal@155 37 'required': 'You have not agreed to our Terms of Service.',
bgneal@155 38 })
bgneal@155 39 agree_privacy = forms.BooleanField(required=True,
bgneal@155 40 label='I agree to the Privacy Policy',
bgneal@155 41 error_messages={
bgneal@155 42 'required': 'You have not agreed to our Privacy Policy.',
bgneal@155 43 })
bgneal@346 44 question1 = forms.CharField(label="What number appears in the site name?")
bgneal@347 45 question2 = forms.CharField(label='', required=False,
bgneal@347 46 widget=forms.TextInput(attrs={'style': 'display: none;'}))
gremmie@1 47
bgneal@74 48 def __init__(self, *args, **kwargs):
bgneal@74 49 self.ip = kwargs.pop('ip', '?')
bgneal@74 50 super(RegisterForm, self).__init__(*args, **kwargs)
bgneal@74 51
bgneal@74 52 def clean_username(self):
bgneal@74 53 username = self.cleaned_data['username']
bgneal@74 54 try:
bgneal@74 55 User.objects.get(username = username)
bgneal@74 56 except User.DoesNotExist:
gremmie@1 57 try:
bgneal@74 58 PendingUser.objects.get(username = username)
bgneal@74 59 except PendingUser.DoesNotExist:
bgneal@74 60 try:
bgneal@74 61 IllegalUsername.objects.get(username = username)
bgneal@74 62 except IllegalUsername.DoesNotExist:
bgneal@74 63 return username
bgneal@74 64 self._validation_error("That username is not allowed.", username)
bgneal@74 65 self._validation_error("A pending user with that username already exists.", username)
bgneal@74 66 self._validation_error("A user with that username already exists.", username)
gremmie@1 67
bgneal@74 68 def clean_email(self):
bgneal@74 69 email = self.cleaned_data['email']
bgneal@74 70 try:
bgneal@74 71 User.objects.get(email = email)
bgneal@74 72 except User.DoesNotExist:
gremmie@1 73 try:
bgneal@74 74 PendingUser.objects.get(email = email)
bgneal@74 75 except PendingUser.DoesNotExist:
bgneal@74 76 try:
bgneal@74 77 IllegalEmail.objects.get(email = email)
bgneal@74 78 except IllegalEmail.DoesNotExist:
bgneal@74 79 return email
bgneal@74 80 self._validation_error("That email address is not allowed.", email)
bgneal@74 81 self._validation_error("A pending user with that email address already exists.", email)
bgneal@74 82 self._validation_error("A user with that email address already exists.", email)
gremmie@1 83
bgneal@74 84 def clean_password2(self):
bgneal@74 85 password1 = self.cleaned_data.get("password1", "")
bgneal@74 86 password2 = self.cleaned_data["password2"]
bgneal@74 87 if password1 != password2:
bgneal@74 88 self._validation_error("The two password fields didn't match.")
bgneal@155 89 if len(password1) < 6:
bgneal@155 90 self._validation_error("Please choose a password of 6 characters or more.")
bgneal@74 91 return password2
gremmie@1 92
bgneal@346 93 def clean_question1(self):
bgneal@346 94 answer = self.cleaned_data.get('question1')
bgneal@346 95 success = False
bgneal@346 96 if answer:
bgneal@346 97 try:
bgneal@346 98 val = int(answer)
bgneal@346 99 except ValueError:
bgneal@346 100 pass
bgneal@346 101 else:
bgneal@346 102 success = val == 101
bgneal@346 103 if not success:
bgneal@346 104 self._validation_error("Incorrect answer to our anti-spam question.", answer)
bgneal@346 105 return answer
bgneal@346 106
bgneal@347 107 def clean_question2(self):
bgneal@347 108 """
bgneal@347 109 Honeypot field should be empty.
bgneal@347 110 """
bgneal@347 111 answer = self.cleaned_data.get('question2')
bgneal@347 112 if answer:
bgneal@472 113 block_ip(self.ip)
bgneal@347 114 self._validation_error('Wrong answer #2: %s' % answer)
bgneal@347 115 return answer
bgneal@347 116
bgneal@74 117 def save(self):
bgneal@74 118 pending_user = PendingUser.objects.create_pending_user(self.cleaned_data['username'],
bgneal@74 119 self.cleaned_data['email'],
bgneal@74 120 self.cleaned_data['password1'])
gremmie@1 121
bgneal@74 122 # Send the confirmation email
gremmie@1 123
bgneal@74 124 site = Site.objects.get_current()
bgneal@74 125 admin_email = settings.ADMINS[0][1]
gremmie@1 126
bgneal@316 127 activation_link = 'http://%s%s' % (site.domain, reverse('accounts.views.register_confirm',
bgneal@74 128 kwargs = {'username' : pending_user.username, 'key' : pending_user.key}))
gremmie@1 129
bgneal@74 130 msg = render_to_string('accounts/registration_email.txt',
bgneal@74 131 {
bgneal@74 132 'site_name' : site.name,
bgneal@74 133 'site_domain' : site.domain,
bgneal@74 134 'user_email' : pending_user.email,
bgneal@74 135 'activation_link' : activation_link,
bgneal@74 136 'username' : pending_user.username,
bgneal@74 137 'admin_email' : admin_email,
bgneal@74 138 })
gremmie@1 139
bgneal@74 140 subject = 'Registration Confirmation for ' + site.name
bgneal@252 141 send_mail(subject, msg, admin_email, [self.cleaned_data['email']],
bgneal@252 142 expedite=True)
bgneal@316 143 logging.info('Accounts/registration conf. email sent to %s for user %s; IP = %s',
bgneal@316 144 self.cleaned_data['email'], pending_user.username, self.ip)
gremmie@1 145
bgneal@74 146 return pending_user
gremmie@1 147
bgneal@74 148 def _validation_error(self, msg, param=None):
bgneal@316 149 logging.error('Accounts/registration [%s]: %s (%s)', self.ip, msg, param)
bgneal@74 150 raise forms.ValidationError(msg)