Commit 28914968 authored by frekk's avatar frekk
Browse files

fixed bugs - site access by time-based registration token should work

parent a9002d1e
from django.db import models
from django.db.models import F
from django.core.validators import RegexValidator
from django.core.management.utils import get_random_string
from squarepay.dispense import get_item_price
......@@ -131,7 +132,7 @@ class Member (IncAssocMember):
phone_number = models.CharField ('Phone number', max_length=20, blank=False, validators=[RegexValidator(regex='^\+?[0-9() -]+$')])
is_student = models.BooleanField ('Student', default=True, blank=True, help_text="Tick this box if you are a current student at a secondary or tertiary institution in WA")
is_guild = models.BooleanField ('UWA Guild member', default=True, blank=True)
id_number = models.CharField ('Student email or Drivers License', max_length=255, blank=False, help_text="Student emails should end with '.edu.au' and drivers licences should be in the format '[WA]DL 1234567'")
id_number = models.CharField ('Student email or Drivers License', max_length=255, blank=False, help_text="Student emails should end with '@student.*.edu.au' and drivers licences should be in the format '<AU state> 1234567'")
member_updated = models.DateTimeField ('Internal UCC info last updated', auto_now=True)
login_token = models.CharField ('Temporary access key', max_length=128, null=True, editable=False, default=make_token)
......
......@@ -60,8 +60,6 @@ class RegisterForm(MyModelForm):
# now create a corresponding Membership (marked as pending / not accepted, mostly default values)
ms = make_pending_membership(m)
# make a card payment thing as well
if (commit):
ms.save();
return m, ms
......@@ -97,8 +95,21 @@ class RegisterView(MyUpdateView):
def form_valid(self, form):
# save the member data and get the Member instance
m, ms = form.save()
#messages.success(self.request, 'Your registration has been submitted.')
return
messages.success(self.request, 'Your registration has been submitted.')
# set the member session info
self.request.session['member_id'] = m.id
return thanks_view(self.request, m, ms)
def thanks_view(request, member, ms):
""" display a thankyou page after registration is completed """
context = {
'member': member,
'ms': ms,
'login_url': reverse('memberdb:login_member', kwargs={'username': member.username, 'member_token': member.login_token}),
}
return render(request, 'thanks.html', context)
class RenewView(LoginRequiredMixin, MyUpdateView):
template_name = 'renew.html'
......
......@@ -23,18 +23,22 @@
{% block navbar %}
<nav>
{% block branding %}
<a class="logo" title="UCC logo">
<a class="logo" title="UCCPortal homepage">
<span></span>
</a>
{% endblock %}
{# fancy automatic navbar thing from https://stackoverflow.com/questions/39639264 #}
{% with url_name=request.resolver_match.url_name %}
{% if not request.user.is_authenticated %}
<a class="navtab {% if url_name == 'home' %}active{% endif %}" href="{% url "memberdb:home" %}">Login</a>
{% if request.member %}
<a class="navtab {% if url_name == 'home' %}active{% endif %}" href="{% url "memberdb:home" %}">Member home</a>
{% else %}
<a class="navtab {% if url_name == 'register' %}active{% endif %}" href="{% url "memberdb:register" %}">Register</a>
{% endif %}
{% if not request.user.is_authenticated %}
<a class="navtab {% if url_name == 'login' %}active{% endif %}" href="{% url "memberdb:login" %}">Login</a>
{% else %}
<a class="navtab {% if url_name == 'home' %}active{% endif %}" href="{% url "memberdb:home" %}">Member home</a>
<a class="navtab {% if url_name == 'renew' %}active{% endif %}" href="{% url "memberdb:renew" %}">Renew membership</a>
{% if request.user.is_staff %}
<a class="navtab {% block adminactive %}{% endblock %}" href="{% url "admin:index" %}">Admin site</a>
......
......@@ -2,6 +2,7 @@
{% block title %}UCC Member Home{% endblock %}
{% block content_title %}
<h1>Member home</h1>
<h3>Welcome, {{ request.member.first_name }} {{ request.member.last_name }} ({{ request.member.username }})</h3>
{% endblock %}
{% block tips %}
......@@ -16,7 +17,7 @@ You can see and modify some of your membership and account details below.
{% block extra_preform %}
<div class="form-row readonly">
<label for="id_username">Username:</label>
<span class="text" id="id_username">{{ request.user.username }}</span>
<span class="text" id="id_username">{{ object.username }}</span>
</div>
{% endblock %}
......@@ -26,4 +27,4 @@ You can see and modify some of your membership and account details below.
{% block action_url %}{% url 'memberdb:home' %}{% endblock %}
{% block action_text %}Update details{% endblock %}
\ No newline at end of file
{% block action_text %}Update details{% endblock %}
......@@ -37,7 +37,11 @@
Would you like to login to a different account?
{% else %}
<b>Please enter your UCC username and password below.</b> <br><br>
{% if not request.member %}
If you do not have a UCC account yet, please apply for a membership by going to the <a href="{% url 'memberdb:register' %}">registration page</a>.
{% else %}
It appears you have already registered. If you have not yet received your UCC login details, please <a href="https://www.ucc.asn.au/aboutucc/contact.ucc">contact us</a>.
{% endif %}
{% endif %}
</p>
</div>
......@@ -59,4 +63,4 @@
</form>
</div>
{% endblock %}
\ No newline at end of file
{% endblock %}
{% extends "register.html" %}
{% extends "base.html" %}
{% block content-title %}
{% block content_title %}
<h1>Thanks!</h1>
{% endblock %}
{% block tips %}
<b>Your membership registration has been submitted.</b><br><br>
Once it has been approved, you will receive an email with instructions to activate your account.
<b>Thanks for registering</b><br><br>
Once your registration has been approved, you will receive an email with instructions to activate your account.
{% endblock %}
{% block form %}
{% if payment_url %}
<div class="form-row readonly">
<a class="button" title="Pay online with card, using Square payments" href="{{ payment_url }}">Pay online now</a>
</div>
{% endif %}
{% block content %}
<h3>
Go to the <a href="{% url 'memberdb:home' %}">Member Home</a> page to see and edit some of your details.
</h3>
<p>
<b>You will continue to have access to this website during this browser session.</b> Alternatively, you can use <a href="{{ login_url }}">this link</a> to access your member details from anywhere for the next 7 days.
</p>
<p>
Once you receive your UCC login details, you will be able to login normally to access the site.
</p>
{% endblock %}
from datetime import date
from datetime import date, timedelta
from django.http import HttpResponse, HttpResponseRedirect, Http404
from django.shortcuts import render
from django.urls import reverse
......@@ -7,6 +8,7 @@ from django.contrib import messages
from django.views.generic.base import View
from django.views.generic.edit import UpdateView
from django.contrib.auth.mixins import AccessMixin
from django.utils import timezone
from .models import Member, IncAssocMember, Membership
from .forms import MemberHomeForm
......@@ -29,7 +31,7 @@ class MemberMiddleware:
if request.user.is_authenticated:
# get the username only when a user is logged in
# note that request.user will still exist even when the user isn't logged in
request.member = Member.objects.filter(username__exact=self.request.user.username).first()
request.member = Member.objects.filter(username__exact=request.user.username).first()
if request.member is not None:
# clean the member's auth token because they now have a working login
......@@ -89,7 +91,7 @@ class MemberHomeView(MemberAccessMixin, MyUpdateView):
form_class = MemberHomeForm
def get_object(self):
return Member.objects.filter(username__exact=self.request.user.username).first()
return self.request.member
def get_context_data(self):
d = super().get_context_data()
......@@ -104,17 +106,20 @@ class MemberHomeView(MemberAccessMixin, MyUpdateView):
messages.warning(self.request, 'Could not update user display name in AD. Please try again once this feature has been implemented.')
# redisplay the page
return self.get(request, *args, **kwargs)
return self.get(self.request)
class MemberTokenView(View):
""" allow a user to login using a unique (secure) member token """
def get(self, request, **kwargs):
if not ('member_token' in kwargs and 'username' in kwargs) or user.is_authenticated:
if not ('member_token' in kwargs and 'username' in kwargs) or request.user.is_authenticated:
raise Http404()
# look up the member using exact match for token and username
member = Member.objects.get(token=kwargs['member_token'], username=kwargs['username'])
# look up the member using exact match for token and username, and registered < 7 days ago
week_ago = timezone.now() - timedelta(days=7)
member = Member.objects.get(login_token=kwargs['member_token'], username=kwargs['username'], created__gte=week_ago)
if member is None:
raise Http404()
request.session['member_id'] = member.id
return HttpResponseRedirect(reverse('memberdb:home'))
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment