diff options
| author | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-01-30 12:28:44 +0000 |
|---|---|---|
| committer | Sam Thursfield <sam.thursfield@codethink.co.uk> | 2015-01-30 12:41:54 +0000 |
| commit | 3c719ffdc0b4dcb416a86d7e36eec9f7cd822c74 (patch) | |
| tree | 626c379869b971d60d17fca92fb20ec3fd581ed3 | |
| parent | e1eaf4dfc6c8d53b6543f628f4d35448643bfd11 (diff) | |
| download | infrastructure-3c719ffdc0b4dcb416a86d7e36eec9f7cd822c74.tar.gz | |
openid_provider: Require users to verify their email addresses
This was discussed in #baserock on 2015-01-30. We decided that since
email address is a part of a person's online identity, it is worth the
extra hassle of requiring users to verify their email address, to make
it harder for people to create a Baserock OpenID account that impersonates
another person.
Users cannot log in until they have activated their accounts by clicking
a link that's emailed to them. And they cannot use their OpenID unless
they are logged in.
6 files changed, 28 insertions, 26 deletions
diff --git a/baserock_openid_provider/baserock_openid_provider/settings.py b/baserock_openid_provider/baserock_openid_provider/settings.py index 51e0f94d..1ac1d147 100644 --- a/baserock_openid_provider/baserock_openid_provider/settings.py +++ b/baserock_openid_provider/baserock_openid_provider/settings.py @@ -161,3 +161,8 @@ DEFAULT_FROM_EMAIL = 'openid@baserock.org' EMAIL_HOST = 'localhost' EMAIL_PORT = 25 + + +# django-registration-redux settings + +ACCOUNT_ACTIVATION_DAYS = 3 diff --git a/baserock_openid_provider/baserock_openid_provider/signals.py b/baserock_openid_provider/baserock_openid_provider/signals.py index 53af7766..dc2a7f78 100644 --- a/baserock_openid_provider/baserock_openid_provider/signals.py +++ b/baserock_openid_provider/baserock_openid_provider/signals.py @@ -20,10 +20,7 @@ import registration.signals import logging -# This should watch 'registration.signals.user_activated' instead, if we ever -# decide to enable activation emails (i.e. if we switch from the 'simple' -# backend to the 'default' backend). -@receiver(registration.signals.user_registered) -def user_creation_handler(sender, user, request, **kwargs): +@receiver(registration.signals.user_activated) +def user_activation_handler(sender, user, request, **kwargs): logging.info('Creating OpenID for user %s' % (user.username)) user.openid_set.create(openid=user.username) diff --git a/baserock_openid_provider/baserock_openid_provider/urls.py b/baserock_openid_provider/baserock_openid_provider/urls.py index 2835388a..8af8ade5 100644 --- a/baserock_openid_provider/baserock_openid_provider/urls.py +++ b/baserock_openid_provider/baserock_openid_provider/urls.py @@ -6,7 +6,7 @@ from . import views urlpatterns = patterns('', url(r'^$', views.index, name='index'), - url(r'^accounts/', include('registration.backends.simple.urls')), + url(r'^accounts/', include('registration.backends.default.urls')), url(r'^admin/', include(admin.site.urls)), url(r'^openid/', include('openid_provider.urls')), ) diff --git a/baserock_openid_provider/baserock_openid_provider/views.py b/baserock_openid_provider/baserock_openid_provider/views.py index 3efaf923..14060902 100644 --- a/baserock_openid_provider/baserock_openid_provider/views.py +++ b/baserock_openid_provider/baserock_openid_provider/views.py @@ -14,7 +14,7 @@ # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -import registration.backends.simple.views +import registration.backends.default.views from registration import signals from registration.users import UserModel @@ -30,26 +30,25 @@ def index(request): return render(request, '../templates/index.html') -class RegistrationViewWithNames(registration.backends.simple.views.RegistrationView): +class RegistrationViewWithNames(registration.backends.default.views.RegistrationView): # Overrides the django-registration default view so that the extended form # including the full name gets used. form_class = forms.RegistrationFormWithNames def register(self, request, **cleaned_data): - # It's a shame that we have to override the whole class here. We could - # patch django-registration(-redux) to avoid the need. - username, email, password = cleaned_data['username'], cleaned_data['email'], cleaned_data['password1'] + # Calling the base class first means that we don't have to copy and + # paste the contents of the register() function, but it has the + # downside that we don't know the user's name when we send the + # activation email. + superclass = super(RegistrationViewWithNames, self) + user = superclass.register(request, **cleaned_data) + first_name, last_name = cleaned_data['first_name'], cleaned_data['last_name'] - UserModel().objects.create_user(username, email, password, - first_name=first_name, - last_name=last_name) + user.first_name = first_name + user.last_name = last_name + user.save() - new_user = authenticate(username=username, password=password) - login(request, new_user) - signals.user_registered.send(sender=self.__class__, - user=new_user, - request=request) - return new_user + return user -registration.backends.simple.views.RegistrationView = RegistrationViewWithNames +registration.backends.default.views.RegistrationView = RegistrationViewWithNames diff --git a/baserock_openid_provider/templates/registration/activation_complete.html b/baserock_openid_provider/templates/registration/activation_complete.html index aa93bcc3..a0a268ca 100644 --- a/baserock_openid_provider/templates/registration/activation_complete.html +++ b/baserock_openid_provider/templates/registration/activation_complete.html @@ -3,4 +3,8 @@ {% block content %} <p>{% trans "Your account is now activated." %}</p> + +<p>Your OpenID is: +<a href="http://openid.baserock.org/openid/{{ user.username }}/">http://openid.baserock.org/openid/{{ user.username }}/</a> +</p> {% endblock %} diff --git a/baserock_openid_provider/templates/registration/registration_complete.html b/baserock_openid_provider/templates/registration/registration_complete.html index 7e6670aa..9f525c32 100644 --- a/baserock_openid_provider/templates/registration/registration_complete.html +++ b/baserock_openid_provider/templates/registration/registration_complete.html @@ -2,9 +2,6 @@ {% load i18n %} {% block content %} -<p>You are now registered as {{ user.get_full_name }}.</p> - -<p>Your OpenID is: -<a href="http://openid.baserock.org/openid/{{ user.username }}/">http://openid.baserock.org/openid/{{ user.username }}/</a> -</p> +<p>You are now registered. An activation email has been sent to you with +a link that you will need to click to activate your account.</p> {% endblock %} |