Newer
Older
Piotr Mitros
committed
import json
Piotr Mitros
committed
import random
import string
Piotr Mitros
committed
from django.conf import settings
from django.contrib.auth import logout, authenticate, login
from django.contrib.auth.forms import PasswordResetForm
Piotr Mitros
committed
from django.contrib.auth.models import User
from django.contrib.auth.decorators import login_required
from django.core.validators import validate_email, validate_slug, ValidationError
Calen Pennington
committed
from django.db import IntegrityError
Piotr Mitros
committed
from django.shortcuts import redirect
Piotr Mitros
committed
from mitxmako.shortcuts import render_to_response, render_to_string
Matthew Mongeau
committed
from django.core.urlresolvers import reverse
from django_future.csrf import ensure_csrf_cookie
Matthew Mongeau
committed
from models import Registration, UserProfile, PendingNameChange, PendingEmailChange, CourseEnrollment
log = logging.getLogger("mitx.student")
csrf_token = context.get('csrf_token', '')
if csrf_token == 'NOTPROVIDED':
return ''
return u'<div style="display:none"><input type="hidden" name="csrfmiddlewaretoken" value="%s" /></div>' % (csrf_token)
@ensure_csrf_cookie
''' Redirects to main page -- info page if user authenticated, or marketing if not
'''
if settings.COURSEWARE_ENABLED and request.user.is_authenticated():
return redirect(reverse('dashboard'))
return render_to_response('index.html', {'courses' : settings.COURSES,
'csrf': csrf_token })
Matthew Mongeau
committed
csrf_token = csrf(request)['csrf_token']
user = request.user
enrollments = CourseEnrollment.objects.filter(user=user)
courses = [settings.COURSES_BY_ID[enrollment.course_id] for enrollment in enrollments]
context = { 'csrf': csrf_token, 'courses': courses }
return render_to_response('dashboard.html', context)
# Need different levels of logging
@ensure_csrf_cookie
''' AJAX request to log in the user. '''
if 'email' not in request.POST or 'password' not in request.POST:
'error': 'Invalid login'})) # TODO: User error message
email = request.POST['email']
password = request.POST['password']
user = User.objects.get(email=email)
log.warning("Login failed - Unknown user email: {0}".format(email))
username = user.username
user = authenticate(username=username, password=password)
log.warning("Login failed - password for {0} is invalid".format(email))
try:
login(request, user)
if request.POST['remember'] == 'true':
request.session.set_expiry(None) # or change to 604800 for 7 days
log.debug("Setting user session to never expire")
else:
request.session.set_expiry(0)
except Exception as e:
log.critical("Login failed - Could not create session. Is memcached running?")
log.exception(e)
log.info("Login success - {0} ({1})".format(username, email))
return HttpResponse(json.dumps({'success':True}))
log.warning("Login failed - Account not active for user {0}".format(username))
@ensure_csrf_cookie
''' HTTP request to log out the user. Redirects to marketing page'''
Calen Pennington
committed
@login_required
@ensure_csrf_cookie
def change_setting(request):
''' JSON call to change a profile setting: Right now, location and language
'''
up = UserProfile.objects.get(user=request.user) #request.user.profile_cache
if 'location' in request.POST:
up.location=request.POST['location']
if 'language' in request.POST:
up.language=request.POST['language']
up.save()
'language':up.language,
'location':up.location,}))
@ensure_csrf_cookie
Bridger Maxwell
committed
def create_account(request, post_override=None):
Bridger Maxwell
committed
post_vars = post_override if post_override else request.POST
# Confirm we have a properly formed request
for a in ['username', 'email', 'password', 'location', 'language', 'name']:
Bridger Maxwell
committed
if a not in post_vars:
js['value']="Error (401 {field}). E-mail us.".format(field=a)
return HttpResponse(json.dumps(js))
Bridger Maxwell
committed
if post_vars['honor_code']!=u'true':
js['value']="To enroll, you must follow the honor code.".format(field=a)
return HttpResponse(json.dumps(js))
Bridger Maxwell
committed
if post_vars['terms_of_service']!=u'true':
js['value']="You must accept the terms of service.".format(field=a)
return HttpResponse(json.dumps(js))
# Confirm appropriate fields are there.
# TODO: Check e-mail format is correct.
# TODO: Confirm e-mail is not from a generic domain (mailinator, etc.)? Not sure if
for a in ['username', 'email', 'name', 'password', 'terms_of_service', 'honor_code']:
Bridger Maxwell
committed
if len(post_vars[a])<2:
error_str = {'username' : 'Username of length 2 or greater',
'email' : 'Properly formatted e-mail',
'name' : 'Your legal name ',
'password': 'Valid password ',
'terms_of_service': 'Accepting Terms of Service',
'honor_code': 'Agreeing to the Honor Code'}
js['value']="{field} is required.".format(field=error_str[a])
Bridger Maxwell
committed
validate_email(post_vars['email'])
js['value']="Valid e-mail is required.".format(field=a)
return HttpResponse(json.dumps(js))
try:
Bridger Maxwell
committed
validate_slug(post_vars['username'])
js['value']="Username should only consist of A-Z and 0-9.".format(field=a)
return HttpResponse(json.dumps(js))
Bridger Maxwell
committed
u=User(username=post_vars['username'],
email=post_vars['email'],
Bridger Maxwell
committed
u.set_password(post_vars['password'])
# TODO: Rearrange so that if part of the process fails, the whole process fails.
# Right now, we can have e.g. no registration e-mail sent out and a zombie account
Calen Pennington
committed
try:
u.save()
except IntegrityError:
# Figure out the cause of the integrity error
if len(User.objects.filter(username=post_vars['username']))>0:
js['value']="An account with this username already exists."
return HttpResponse(json.dumps(js))
if len(User.objects.filter(email=post_vars['email']))>0:
js['value']="An account with this e-mail already exists."
return HttpResponse(json.dumps(js))
Calen Pennington
committed
raise
Calen Pennington
committed
Bridger Maxwell
committed
up.name=post_vars['name']
up.language=post_vars['language']
up.location=post_vars['location']
Bridger Maxwell
committed
d={'name':post_vars['name'],
Piotr Mitros
committed
'key':r.activation_key}
subject = render_to_string('emails/activation_email_subject.txt',d)
# Email subject *must not* contain newlines
subject = ''.join(subject.splitlines())
message = render_to_string('emails/activation_email.txt',d)
if not settings.GENERATE_RANDOM_USER_CREDENTIALS:
res=u.email_user(subject, message, settings.DEFAULT_FROM_EMAIL)
js['value']='Could not send activation e-mail.'
'value':render_to_string('registration/reg_complete.html', {'email':post_vars['email'],
return HttpResponse(json.dumps(js), mimetype="application/json")
Bridger Maxwell
committed
def create_random_account(create_account_function):
Bridger Maxwell
committed
def id_generator(size=6, chars=string.ascii_uppercase + string.ascii_lowercase + string.digits):
return ''.join(random.choice(chars) for x in range(size))
Bridger Maxwell
committed
def inner_create_random_account(request):
post_override= {'username' : "random_" + id_generator(),
'email' : id_generator(size=10, chars=string.ascii_lowercase) + "_dummy_test@mitx.mit.edu",
Bridger Maxwell
committed
'password' : id_generator(),
'location' : id_generator(size=5, chars=string.ascii_uppercase),
'language' : id_generator(size=5, chars=string.ascii_uppercase) + "ish",
'name' : id_generator(size=5, chars=string.ascii_lowercase) + " " + id_generator(size=7, chars=string.ascii_lowercase),
'honor_code' : u'true',
'terms_of_service' : u'true',}
Bridger Maxwell
committed
return create_account_function(request, post_override = post_override)
Bridger Maxwell
committed
return inner_create_random_account
if settings.GENERATE_RANDOM_USER_CREDENTIALS:
create_account = create_random_account(create_account)
@ensure_csrf_cookie
''' When link in activation e-mail is clicked
'''
r=Registration.objects.filter(activation_key=key)
if len(r)==1:
if not r[0].user.is_active:
r[0].activate()
resp = render_to_response("activation_complete.html",{'csrf':csrf(request)['csrf_token']})
return resp
resp = render_to_response("activation_active.html",{'csrf':csrf(request)['csrf_token']})
return render_to_response("activation_invalid.html",{'csrf':csrf(request)['csrf_token']})
return HttpResponse("Unknown error. Please e-mail us to let us know how it happened.")
@ensure_csrf_cookie
def password_reset(request):
''' Attempts to send a password reset e-mail. '''
if request.method != "POST":
raise Http404
form = PasswordResetForm(request.POST)
if form.is_valid():
form.save( use_https = request.is_secure(),
from_email = settings.DEFAULT_FROM_EMAIL,
return HttpResponse(json.dumps({'success':True,
'value': render_to_string('registration/password_reset_done.html', {})}))
else:
return HttpResponse(json.dumps({'success':False,
'error': 'Invalid e-mail'}))
@ensure_csrf_cookie
def reactivation_email(request):
''' Send an e-mail to reactivate a deactivated account, or to
user = User.objects.get(email = 'email')
return HttpResponse(json.dumps({'success':False,
'error': 'No inactive user with this e-mail exists'}))
if user.is_active:
return HttpResponse(json.dumps({'success':False,
'error': 'User is already active'}))
reg = Registration.objects.get(user = user)
reg.register(user)
d={'name':UserProfile.get(user = user).name,
Piotr Mitros
committed
'key':r.activation_key}
subject = render_to_string('reactivation_email_subject.txt',d)
subject = ''.join(subject.splitlines())
message = render_to_string('reactivation_email.txt',d)
res=u.email_user(subject, message, settings.DEFAULT_FROM_EMAIL)
return HttpResponse(json.dumps({'success':True}))
@ensure_csrf_cookie
def change_email_request(request):
''' AJAX call from the profile page. User wants a new e-mail.
'''
## Make sure it checks for existing e-mail conflicts
if not request.user.is_authenticated:
raise Http404
user = request.user
if not user.check_password(request.POST['password']):
return HttpResponse(json.dumps({'success':False,
'error':'Invalid password'}))
new_email = request.POST['new_email']
try:
validate_email(new_email)
except ValidationError:
return HttpResponse(json.dumps({'success':False,
'error':'Valid e-mail address required.'}))
if len(User.objects.filter(email = new_email)) != 0:
## CRITICAL TODO: Handle case sensitivity for e-mails
return HttpResponse(json.dumps({'success':False,
'error':'An account with this e-mail already exists.'}))
pec_list = PendingEmailChange.objects.filter(user = request.user)
pec = PendingEmailChange()
pec.user = user
else :
pec = pec_list[0]
pec.new_email = request.POST['new_email']
pec.activation_key = uuid.uuid4().hex
pec.save()
return HttpResponse(json.dumps({'success':False,
'error':'Old email is the same as the new email.'}))
d = {'key':pec.activation_key,
'old_email' : user.email,
subject = render_to_string('emails/email_change_subject.txt',d)
subject = ''.join(subject.splitlines())
message = render_to_string('emails/email_change.txt',d)
res=send_mail(subject, message, settings.DEFAULT_FROM_EMAIL, [pec.new_email])
return HttpResponse(json.dumps({'success':True}))
def confirm_email_change(request, key):
''' User requested a new e-mail. This is called when the activation
link is clicked. We confirm with the old e-mail, and update
'''
try:
pec=PendingEmailChange.objects.get(activation_key=key)
return render_to_response("invalid_email_key.html", {})
Piotr Mitros
committed
'new_email' : pec.new_email}
if len(User.objects.filter(email = pec.new_email)) != 0:
return render_to_response("email_exists.html", d)
subject = render_to_string('emails/email_change_subject.txt',d)
subject = ''.join(subject.splitlines())
message = render_to_string('emails/confirm_email_change.txt',d)
up = UserProfile.objects.get( user = user )
meta = up.get_meta()
if 'old_emails' not in meta:
meta['old_emails'] = []
meta['old_emails'].append([user.email, datetime.datetime.now().isoformat()])
up.set_meta(meta)
up.save()
user.email = pec.new_email
user.save()
pec.delete()
user.email_user(subject, message, settings.DEFAULT_FROM_EMAIL)
return render_to_response("email_change_successful.html", d)
@ensure_csrf_cookie
def change_name_request(request):
if not request.user.is_authenticated:
raise Http404
pnc = PendingNameChange.objects.get(user = request.user)
pnc = PendingNameChange()
pnc.user = request.user
pnc.new_name = request.POST['new_name']
pnc.rationale = request.POST['rationale']
return HttpResponse(json.dumps({'success':False,'error':'Name required'}))
return HttpResponse(json.dumps({'success':False,'error':'Rationale required'}))
return HttpResponse(json.dumps({'success':True}))
def pending_name_changes(request):
''' Web page which allows staff to approve or reject name changes. '''
if not request.user.is_staff:
raise Http404
changes = list(PendingNameChange.objects.all())
js = {'students' : [{'new_name': c.new_name,
'rationale':c.rationale,
'old_name':UserProfile.objects.get(user=c.user).name,
'email':c.user.email,
'uid':c.user.id,
'cid':c.id} for c in changes]}
return render_to_response('name_changes.html', js)
def reject_name_change(request):
''' JSON: Name change process. Course staff clicks 'reject' on a given name change '''
if not request.user.is_staff:
raise Http404
pnc = PendingNameChange.objects.get(id = int(request.POST['id']))
except PendingNameChange.DoesNotExist:
return HttpResponse(json.dumps({'success':False, 'error':'Invalid ID'}))
return HttpResponse(json.dumps({'success':True}))
def accept_name_change(request):
''' JSON: Name change process. Course staff clicks 'accept' on a given name change '''
if not request.user.is_staff:
raise Http404
pnc = PendingNameChange.objects.get(id = int(request.POST['id']))
except PendingNameChange.DoesNotExist:
return HttpResponse(json.dumps({'success':False, 'error':'Invalid ID'}))
u = pnc.user
up = UserProfile.objects.get(user=u)
# Save old name
meta = up.get_meta()
if 'old_names' not in meta:
meta['old_names'] = []
meta['old_names'].append([up.name, pnc.rationale, datetime.datetime.now().isoformat()])
up.set_meta(meta)
up.name = pnc.new_name
return HttpResponse(json.dumps({'success':True}))
@ensure_csrf_cookie
def course_info(request):
# This is the advertising page for a student to look at the course before signing up
course = settings.COURSES_BY_ID[course_id]
return render_to_response('portal/course_about.html', {'csrf': csrf_token, 'course': course })
def about(request):
return render_to_response('about.html', None)
def jobs(request):
return render_to_response('jobs.html', None)
Matthew Mongeau
committed
def help(request):
return render_to_response('help.html', None)
Matthew Mongeau
committed
@ensure_csrf_cookie
def enroll(request, course_id):
course = settings.COURSES_BY_ID[course_id]
user = request.user
enrollment = CourseEnrollment(user=user,
course_id=course_id)
enrollment.save()
return redirect(reverse('dashboard'))