Skip to content
Snippets Groups Projects
Commit 73e90a6b authored by Dorian Lesbre's avatar Dorian Lesbre
Browse files

Added email verification to account creation

parent a57d77d5
No related branches found
No related tags found
No related merge requests found
......@@ -9,9 +9,9 @@ admin.site.unregister(Group)
@admin.register(EmailUser)
class EmailUserAdmin(admin.ModelAdmin):
"""option d'affichage des activités dans la vue django admin"""
list_display = ("email", "last_name", "first_name", "is_superuser")
list_filter = ("is_superuser",)
list_editable = ("is_superuser",)
list_display = ("email", "last_name", "first_name", "is_superuser", "is_active", "email_confirmed",)
list_filter = ("is_superuser","is_active", "email_confirmed",)
list_editable = ("is_superuser","is_active")
fields = ("email", "last_name", "first_name", "is_superuser",
("date_joined", "last_login",),
)
......
......@@ -34,6 +34,7 @@ class EmailUser(AbstractUser):
email = models.EmailField('adresse email', unique=True)
first_name = models.CharField('prénom', max_length=100)
last_name = models.CharField("nom", max_length=100)
email_confirmed = models.BooleanField("Email vérifié", default=False)
USERNAME_FIELD = 'email'
REQUIRED_FIELDS = ("last_name", "first_name",)
......
from django.urls import include, path
import django.contrib.auth.views as dj_auth_views
from accounts.views import create_account, logout_view
from accounts.views import logout_view, ActivateAccountView, CreateAccountView
app_name = "accounts"
urlpatterns = [
path("login/", dj_auth_views.LoginView.as_view(), name="login"),
path("logout/", logout_view, name="logout"),
path("create/", create_account, name="create")
path("create/", CreateAccountView.as_view(), name="create"),
path('activate/<uidb64>/<token>/', ActivateAccountView.as_view(), name='activate'),
]
from django.conf import settings
from django.contrib import messages
from django.contrib.auth import authenticate, login, logout
from django.contrib.auth.decorators import login_required
from django.contrib.sites.shortcuts import get_current_site
from django.http import Http404
from django.utils.encoding import force_bytes, force_text
from django.utils.http import urlsafe_base64_encode, urlsafe_base64_decode
from django.urls import reverse
from django.template.loader import render_to_string
from django.views.generic import RedirectView, View
from django.shortcuts import render, redirect
from accounts.forms import CreateAccountForm
from accounts.models import EmailUser
from accounts.tokens import email_token_generator
from site_settings.models import SiteSettings
@login_required
def logout_view(request):
......@@ -12,25 +22,78 @@ def logout_view(request):
logout(request)
return redirect("home")
def create_account(request):
"""Vue pour l'inscription"""
if not settings.REGISTRATION_USER_CREATION_OPEN:
raise Http404("La création de compte n'est pas ouverte actuellement")
if request.method == 'POST':
form = CreateAccountForm(request.POST)
if form.is_valid():
user = form.save()
user.refresh_from_db()
# load the profile instance created by the signal
user.save()
raw_password = form.cleaned_data.get('password1')
# login user after signing up
user = authenticate(email=user.email, password=raw_password)
login(request, user)
# redirect user to home page
return redirect('home')
else:
form = CreateAccountForm()
return render(request, 'registration/create_account.html', {'form': form})
class CreateAccountView(View):
"""Vue pour la creation de compte"""
form_class = CreateAccountForm
template_name = 'registration/create_account.html'
@staticmethod
def check_creation_allowed():
"""Vérifie que la création de compte est authorisée
Renvoie un 404 si ce n'est pas le cas"""
settings = SiteSettings.load()
if not settings.registrations_open:
raise Http404("La création de compte n'est pas ouverte actuellement")
def get(self, request, *args, **kwargs):
"""handle get requests"""
self.check_creation_allowed()
form = self.form_class()
return render(request, self.template_name, {'form': form})
def post(self, request, *args, **kwargs):
"""handle post requests"""
self.check_creation_allowed()
form = self.form_class(request.POST)
if not form.is_valid():
return render(request, self.template_name, {'form': form})
user = form.save()
user.is_active = False # can't login until email validation
user.email_confirmed = False
current_site = get_current_site(request)
subject = 'Activation de votre compte Interludes'
message = render_to_string('registration/activation_email.html', {
'user': user,
'domain': current_site.domain,
'uid': urlsafe_base64_encode(force_bytes(user.pk)),
'token': email_token_generator.make_token(user),
})
user.email_user(subject, message)
user.save()
messages.success(request, ('Please Confirm your email to complete registration.'))
return redirect('accounts:login')
class ActivateAccountView(RedirectView):
permanent = False
def get_redirect_url(self, uidb64, token, *args, **kwargs):
try:
uid = urlsafe_base64_decode(uidb64).decode()
user = EmailUser.objects.get(pk=uid)
except (TypeError, ValueError, OverflowError, EmailUser.DoesNotExist):
messages.error(
self.request,
"Le lien de confirmation d'adresse mail ne correspond à aucun·e "
"utilisateur·ice inscrit·e",
)
return reverse("home")
if not email_token_generator.check_token(user, token):
messages.error(
self.request,
"Le lien de confirmation d'adresse mail est invalide ou déjà utilisé",
)
return reverse("home")
user.is_active = True
user.email_confirmed = True
user.save()
login(self.request, user)
messages.info(self.request, "Votre adresse email a bien été confirmée.")
return reverse("home")
......@@ -62,6 +62,14 @@
</nav>
<main>
{% if messages %}
<ul class="messages">
{% for message in messages %}
<li{% if message.tags %} class="{{ message.tags }}"{% endif %}>{{ message }}</li>
{% endfor %}
</ul>
{% endif %}
{% block "content" %}
{% endblock %}
</main>
......
......@@ -25,6 +25,8 @@ SECRET_KEY = 'tx$xi%n!8cghirp377zb)gd24g#=&w*ik(bx2h(i8ji0_&9_5l'
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True
ADMINS = [("respos", "respointerludes2021@ens.psl.eu"),]
ALLOWED_HOSTS = []
......@@ -136,3 +138,7 @@ LOGIN_REDIRECT_URL = 'home'
REGISTRATION_USER_CREATION_OPEN = True
# Blocks event inscription
REGISTRATION_EVENT_INSCRIPTIONS_OPEN = True
# This will display email in Console.
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment