fixed bugs - site access by time-based registration token should work

28914968 · frekk · a9002d1e · 28914968 · 28914968 · 28914968
Commit 28914968 authored Jan 24, 2019 by frekk
--- a/gms/memberdb/models.py
+++ b/gms/memberdb/models.py
 from django.db import models
 from django.db.models import F
 from django.core.validators import RegexValidator
+from django.core.management.utils import get_random_string

 from squarepay.dispense import get_item_price

@@ -131,7 +132,7 @@ class Member (IncAssocMember):
    phone_number    = models.CharField ('Phone number', max_length=20, blank=False, validators=[RegexValidator(regex='^\+?[0-9() -]+$')])
    is_student      = models.BooleanField ('Student', default=True, blank=True, help_text="Tick this box if you are a current student at a secondary or tertiary institution in WA")
    is_guild        = models.BooleanField ('UWA Guild member', default=True, blank=True)
-    id_number       = models.CharField ('Student email or Drivers License', max_length=255, blank=False, help_text="Student emails should end with '.edu.au' and drivers licences should be in the format '[WA]DL 1234567'")
+    id_number       = models.CharField ('Student email or Drivers License', max_length=255, blank=False, help_text="Student emails should end with '@student.*.edu.au' and drivers licences should be in the format '<AU state> 1234567'")
    member_updated  = models.DateTimeField ('Internal UCC info last updated', auto_now=True)
    login_token     = models.CharField ('Temporary access key', max_length=128, null=True, editable=False, default=make_token)


--- a/gms/memberdb/register.py
+++ b/gms/memberdb/register.py
@@ -60,8 +60,6 @@ class RegisterForm(MyModelForm):
        # now create a corresponding Membership (marked as pending / not accepted, mostly default values)
        ms = make_pending_membership(m)

-        # make a card payment thing as well
-
        if (commit):
            ms.save();
        return m, ms
@@ -97,8 +95,21 @@ class RegisterView(MyUpdateView):
    def form_valid(self, form):
        # save the member data and get the Member instance
        m, ms = form.save()
-        #messages.success(self.request, 'Your registration has been submitted.')
-        return
+        messages.success(self.request, 'Your registration has been submitted.')
+
+        # set the member session info
+        self.request.session['member_id'] = m.id
+        return thanks_view(self.request, m, ms)
+
+def thanks_view(request, member, ms):
+    """ display a thankyou page after registration is completed """
+    context = {
+        'member': member,
+        'ms': ms,
+        'login_url': reverse('memberdb:login_member', kwargs={'username': member.username, 'member_token': member.login_token}),
+    }
+    return render(request, 'thanks.html', context)
+

 class RenewView(LoginRequiredMixin, MyUpdateView):
    template_name = 'renew.html'

--- a/gms/memberdb/templates/base.html
+++ b/gms/memberdb/templates/base.html
@@ -23,18 +23,22 @@
        {% block navbar %}
        <nav>
            {% block branding %}
-            <a class="logo" title="UCC logo">
+            <a class="logo" title="UCCPortal homepage">
                <span></span>
            </a>
            {% endblock %}
            
            {# fancy automatic navbar thing from https://stackoverflow.com/questions/39639264 #}
            {% with url_name=request.resolver_match.url_name %}
-            {% if not request.user.is_authenticated %}
-            <a class="navtab {% if url_name == 'home' %}active{% endif %}" href="{% url "memberdb:home" %}">Login</a>
+            {% if request.member %}
+            <a class="navtab {% if url_name == 'home' %}active{% endif %}" href="{% url "memberdb:home" %}">Member home</a>
+            {% else %}
            <a class="navtab {% if url_name == 'register' %}active{% endif %}" href="{% url "memberdb:register" %}">Register</a>
+            {% endif %}
+
+            {% if not request.user.is_authenticated %}
+            <a class="navtab {% if url_name == 'login' %}active{% endif %}" href="{% url "memberdb:login" %}">Login</a>
            {% else %}
-            <a class="navtab {% if url_name == 'home' %}active{% endif %}" href="{% url "memberdb:home" %}">Member home</a>
            <a class="navtab {% if url_name == 'renew' %}active{% endif %}" href="{% url "memberdb:renew" %}">Renew membership</a>
            {% if request.user.is_staff %}
            <a class="navtab {% block adminactive %}{% endblock %}" href="{% url "admin:index" %}">Admin site</a>

--- a/gms/memberdb/templates/home.html
+++ b/gms/memberdb/templates/home.html
@@ -2,6 +2,7 @@
 {% block title %}UCC Member Home{% endblock %}
 {% block content_title %}
    <h1>Member home</h1>
+    <h3>Welcome, {{ request.member.first_name }} {{ request.member.last_name }} ({{ request.member.username }})</h3>
 {% endblock %}

 {% block tips %}
@@ -16,7 +17,7 @@ You can see and modify some of your membership and account details below.
 {% block extra_preform %}
 <div class="form-row readonly">
    <label for="id_username">Username:</label>
-    <span class="text" id="id_username">{{ request.user.username }}</span>
+    <span class="text" id="id_username">{{ object.username }}</span>
 </div>
 {% endblock %}

@@ -26,4 +27,4 @@ You can see and modify some of your membership and account details below.

 {% block action_url %}{% url 'memberdb:home' %}{% endblock %}

-{% block action_text %}Update details{% endblock %}
\ No newline at end of file
+{% block action_text %}Update details{% endblock %}
--- a/gms/memberdb/templates/login.html
+++ b/gms/memberdb/templates/login.html
@@ -37,7 +37,11 @@
    Would you like to login to a different account?
 {% else %}
    <b>Please enter your UCC username and password below.</b> <br><br>
+    {% if not request.member %}
    If you do not have a UCC account yet, please apply for a membership by going to the <a href="{% url 'memberdb:register' %}">registration page</a>.
+    {% else %}
+    It appears you have already registered. If you have not yet received your UCC login details, please <a href="https://www.ucc.asn.au/aboutucc/contact.ucc">contact us</a>.
+    {% endif %}
 {% endif %}
 </p>
 </div>
@@ -59,4 +63,4 @@
 </form>
 </div>

-{% endblock %}
\ No newline at end of file
+{% endblock %}
--- a/gms/memberdb/templates/thanks.html
+++ b/gms/memberdb/templates/thanks.html
-{% extends "register.html" %}
+{% extends "base.html" %}

-{% block content-title %}
+{% block content_title %}
 <h1>Thanks!</h1>
 {% endblock %}

 {% block tips %}
-<b>Your membership registration has been submitted.</b><br><br>
-Once it has been approved, you will receive an email with instructions to activate your account.
+<b>Thanks for registering</b><br><br>
+Once your registration has been approved, you will receive an email with instructions to activate your account.
 {% endblock %}

-{% block form %}
-{% if payment_url %}
-<div class="form-row readonly">
-    <a class="button" title="Pay online with card, using Square payments" href="{{ payment_url }}">Pay online now</a>
-</div>
-{% endif %}
+{% block content %}
+<h3>
+    Go to the <a href="{% url 'memberdb:home' %}">Member Home</a> page to see and edit some of your details.
+</h3>
+<p>
+    <b>You will continue to have access to this website during this browser session.</b> Alternatively, you can use <a href="{{ login_url }}">this link</a> to access your member details from anywhere for the next 7 days.
+</p>
+<p>
+    Once you receive your UCC login details, you will be able to login normally to access the site.
+</p>
 {% endblock %}
--- a/gms/memberdb/views.py
+++ b/gms/memberdb/views.py
-from datetime import date
+from datetime import date, timedelta
+
 from django.http import HttpResponse, HttpResponseRedirect, Http404
 from django.shortcuts import render
 from django.urls import reverse
@@ -7,6 +8,7 @@ from django.contrib import messages
 from django.views.generic.base import View
 from django.views.generic.edit import UpdateView
 from django.contrib.auth.mixins import AccessMixin
+from django.utils import timezone

 from .models import Member, IncAssocMember, Membership
 from .forms import MemberHomeForm
@@ -29,7 +31,7 @@ class MemberMiddleware:
        if request.user.is_authenticated:
            # get the username only when a user is logged in
            # note that request.user will still exist even when the user isn't logged in
-            request.member = Member.objects.filter(username__exact=self.request.user.username).first()
+            request.member = Member.objects.filter(username__exact=request.user.username).first()

            if request.member is not None:
                # clean the member's auth token because they now have a working login
@@ -89,7 +91,7 @@ class MemberHomeView(MemberAccessMixin, MyUpdateView):
    form_class = MemberHomeForm

    def get_object(self):
-        return Member.objects.filter(username__exact=self.request.user.username).first()
+        return self.request.member

    def get_context_data(self):
        d = super().get_context_data()
@@ -104,17 +106,20 @@ class MemberHomeView(MemberAccessMixin, MyUpdateView):
        messages.warning(self.request, 'Could not update user display name in AD. Please try again once this feature has been implemented.')

        # redisplay the page
-        return self.get(request, *args, **kwargs)
+        return self.get(self.request)

 class MemberTokenView(View):
    """ allow a user to login using a unique (secure) member token """
    def get(self, request, **kwargs):
-        if not ('member_token' in kwargs and 'username' in kwargs) or user.is_authenticated:
+        if not ('member_token' in kwargs and 'username' in kwargs) or request.user.is_authenticated:
            raise Http404()

-        # look up the member using exact match for token and username
-        member = Member.objects.get(token=kwargs['member_token'], username=kwargs['username'])
+        # look up the member using exact match for token and username, and registered < 7 days ago
+        week_ago = timezone.now() - timedelta(days=7)
+
+        member = Member.objects.get(login_token=kwargs['member_token'], username=kwargs['username'], created__gte=week_ago)
        if member is None:
            raise Http404()
+
        request.session['member_id'] = member.id
        return HttpResponseRedirect(reverse('memberdb:home'))