From 85029cb322fde6984b75c8c6dca229b977f6dda9 Mon Sep 17 00:00:00 2001
From: Jorran de Wit <jorrandewit@outlook.com>
Date: Tue, 10 Oct 2017 15:35:45 +0200
Subject: [PATCH] Give explicit activation suggestion if needed on login
---
scipost/forms.py | 18 ++++++++++++++++++
scipost/views.py | 15 +++++++--------
2 files changed, 25 insertions(+), 8 deletions(-)
diff --git a/scipost/forms.py b/scipost/forms.py
index 50e6a5557..614c14f44 100644
--- a/scipost/forms.py
+++ b/scipost/forms.py
@@ -6,6 +6,7 @@ from django.contrib.auth.models import User, Group
from django.contrib.auth.password_validation import validate_password
from django.core.exceptions import ValidationError
from django.core.urlresolvers import reverse_lazy
+from django.db.models import Q
from django.utils import timezone
from django.utils.dates import MONTHS
from django.utils.http import is_safe_url
@@ -327,6 +328,22 @@ class AuthenticationForm(forms.Form):
password = forms.CharField(label='Password', widget=forms.PasswordInput())
next = forms.CharField(widget=forms.HiddenInput(), required=False)
+ def user_is_inactive(self):
+ """
+ Check if the User is active but only if the password is valid, to prevent any
+ possible clue (?) of the password.
+ """
+ username = self.cleaned_data['username']
+ password = self.cleaned_data['password']
+ try:
+ _user = User.objects.get(Q(email=username) | Q(username=username))
+ return _user.check_password(password) and not _user.is_active
+ except:
+ return False
+
+ def can_resend_activation_mail(self):
+ return True
+
def authenticate(self):
"""
Authenticate will return an valid User if credentials are correct.
@@ -338,6 +355,7 @@ class AuthenticationForm(forms.Form):
if user:
return user
+ # Try to use the email address for convenience
try:
_user = User.objects.get(email=username)
return authenticate(username=_user.username, password=password)
diff --git a/scipost/views.py b/scipost/views.py
index b6c67e329..c1db09245 100644
--- a/scipost/views.py
+++ b/scipost/views.py
@@ -210,7 +210,7 @@ def request_new_activation_link(request, contributor_id, key):
context = {
'ack_header': 'We have emailed you a new activation link.',
'ack_message': ('Please acknowledge it within its 48 hours validity '
- 'window if you want us to proceed with vetting your registraion.'),
+ 'window if you want us to proceed with vetting your registration.'),
}
return render(request, 'scipost/acknowledgement.html', context)
context = {'contributor': contributor}
@@ -643,16 +643,15 @@ def login_view(request):
user = form.authenticate()
if user is not None:
if is_registered(user):
- # This check seems redundant, however do not remove.
- if user.is_active:
- login(request, user)
- redirect_to = form.get_redirect_url(request)
- return redirect(redirect_to)
- else:
- form.add_error(None, 'Your account is disabled.')
+ login(request, user)
+ redirect_to = form.get_redirect_url(request)
+ return redirect(redirect_to)
else:
form.add_error(None, ('Your account has not yet been vetted. '
'(our admins will verify your credentials very soon)'))
+ elif form.user_is_inactive():
+ form.add_error(None, ('Your account is not yet activated. '
+ 'Please first activate your account.'))
else:
form.add_error(None, 'Invalid username/password.')
context = {'form': form}
--
GitLab