diff --git a/rowers/templates/acc_activate_email.html b/rowers/templates/acc_activate_email.html new file mode 100644 index 00000000..2c4f4e1e --- /dev/null +++ b/rowers/templates/acc_activate_email.html @@ -0,0 +1,7 @@ +{% autoescape off %} +Hi {{ user.username }}, +Please click on the link to confirm your registration, + +http://{{ domain }}{% url 'useractivate' uidb64=uid token=token %} +If you think, it's not you, then just ignore this email. +{% endautoescape %} diff --git a/rowers/tests/test_newusers.py b/rowers/tests/test_newusers.py index bdfae610..3c53115a 100644 --- a/rowers/tests/test_newusers.py +++ b/rowers/tests/test_newusers.py @@ -42,20 +42,38 @@ class NewUserRegistrationTest(TestCase): self.assertTrue(form.is_valid()) response = self.c.post('/rowers/register/', form_data, follow=True) + self.assertEqual(response.status_code,200) - self.assertRedirects(response, - expected_url='/rowers/me/gdpr-optin/?next=/rowers/list-workouts/', - status_code=302,target_status_code=200) + # set opt-in + user = User.objects.get(username='janderoeiert') + user.rower.gdpr_optin = True + user.set_password('aapindewei2') + user.is_active = True + user.save() + user.rower.save() + + login = self.c.login(username=user.username,password='aapindewei2') + self.assertTrue(login) - url = '/rowers/me/gdpr-optin-confirm/?next=/rowers/list-workouts/' + url = '/rowers/list-workouts/' response = self.c.get(url) + expected = '/rowers/me/gdpr-optin/?next=/rowers/list-workouts/' + self.assertRedirects(response, - expected_url='/rowers/list-workouts/', - status_code=302,target_status_code=200, - ) + expected_url=expected, + status_code=302,target_status_code=200) + + url = '/rowers/me/gdpr-optin-confirm/?next=/rowers/list-workouts/' + response = self.c.get(url) + + expected = '/rowers/list-workouts/' + self.assertRedirects(response, + expected_url=expected, + status_code=302,target_status_code=200) + url = '/rowers/exportallworkouts/' @@ -74,6 +92,8 @@ class NewUserRegistrationTest(TestCase): self.assertTrue(response.status_code,200) + + url = '/rowers/me/delete/' form_data = { diff --git a/rowers/tokens.py b/rowers/tokens.py new file mode 100644 index 00000000..e4d10f6e --- /dev/null +++ b/rowers/tokens.py @@ -0,0 +1,12 @@ +from django.contrib.auth.tokens import PasswordResetTokenGenerator +from django.utils import six + + +class AccountActivationTokenGenerator(PasswordResetTokenGenerator): + def _make_hash_value(self, user, timestamp): + return ( + six.text_type(user.pk) + six.text_type(timestamp) + + six.text_type(user.is_active) + ) + +account_activation_token = AccountActivationTokenGenerator() diff --git a/rowers/urls.py b/rowers/urls.py index 977c80c9..d92e3167 100644 --- a/rowers/urls.py +++ b/rowers/urls.py @@ -731,6 +731,7 @@ urlpatterns = [ re_path(r'^legal', TemplateView.as_view(template_name='legal.html'),name='legal'), re_path(r'^register/$',views.rower_register_view,name='rower_register_view'), re_path(r'^coachregister/$',views.freecoach_register_view,name='freecoach_register_view'), + path('activate///',views.useractivate, name='useractivate'), re_path(r'^register/thankyou/$', TemplateView.as_view(template_name='registerthankyou.html'), name='registerthankyou'), re_path(r'^workout/(?P\b[0-9A-Fa-f]+\b)/workflow/$',views.workout_workflow_view, name='workout_workflow_view'), diff --git a/rowers/views/paymentviews.py b/rowers/views/paymentviews.py index 30be9c80..8dd72317 100644 --- a/rowers/views/paymentviews.py +++ b/rowers/views/paymentviews.py @@ -4,6 +4,7 @@ from __future__ import print_function from __future__ import unicode_literals from rowers.views.statements import * +from django.core.mail import EmailMessage @csrf_exempt def braintree_webhook_view(request): @@ -711,6 +712,59 @@ def downgrade_completed_view(request): 'rower':r }) +from django.utils.encoding import force_bytes, force_text +from django.utils.http import urlsafe_base64_encode, urlsafe_base64_decode +from django.contrib.sites.shortcuts import get_current_site +from rowers.tokens import account_activation_token +# Email activation +def useractivate(request, uidb64, token): + try: + uid = force_text(urlsafe_base64_decode(uidb64)) + user = User.objects.get(id=uid) + except(TypeError, ValueError, OverflowError, User.DoesNotExist): + user = None + if user is not None and account_activation_token.check_token(user, token): + user.is_active = True + user.save() + # below is old + fullemail = user.first_name + " " + user.last_name + " " + "<" + user.email + ">" + subject = "Thank you for registering on rowsandall.com" + from_address = 'Sander Roosendaal ' + + d = {'first_name':user.first_name} + + template = 'registeremail.html' + if user.rower.rowerplan == 'freecoach': + template = 'coachregisteremail.html' + + send_template_email(from_address,[fullemail], + subject,'registeremail.html',d) + + + subject2 = "New User" + message2 = "New user registered.\n" + message2 += fullemail + "\n" + message2 += "User name: "+user.username + + if user.rower.rowerplan == 'freecoach': + subject2 = "New Free Coach User" + + + send_mail(subject2, message2, + 'Rowsandall Server ', + ['roosendaalsander@gmail.com']) + + + messages.info(request,'Thank you for your email confirmation. Now you can login to your account.') + url = '/login/' + if user.rower.rowerplan == 'freecoach': + url+='?next=/rowers/me/teams' + return HttpResponseRedirect(url) + else: + return HttpResponse('Activation link is invalid!') + + + # User registration def rower_register_view(request): @@ -736,6 +790,7 @@ def rower_register_view(request): theuser.first_name = first_name theuser.last_name = last_name theuser.email = email + theuser.is_active = False theuser.save() birthdate = birthdate.replace(tzinfo=None) @@ -766,26 +821,29 @@ def rower_register_view(request): w.save() # Create and send email - fullemail = first_name + " " + last_name + " " + "<" + email + ">" - subject = "Thank you for registering on rowsandall.com" - from_address = 'Sander Roosendaal ' - - d = {'first_name':theuser.first_name} - - send_template_email(from_address,[fullemail], - subject,'registeremail.html',d) + current_site = get_current_site(request) + mail_subject = 'Activate your account.' + d = { + 'user': theuser, + 'domain': current_site.domain, + 'uid': urlsafe_base64_encode(force_bytes(theuser.id)).decode(), + 'token': account_activation_token.make_token(theuser), + } + to_email = form.cleaned_data.get('email') + message = render_to_string('acc_activate_email.html', { + 'user': theuser, + 'domain': current_site.domain, + 'uid': urlsafe_base64_encode(force_bytes(theuser.id)).decode(), + 'token': account_activation_token.make_token(theuser), + }) + to_email = form.cleaned_data.get('email') + email = EmailMessage( + mail_subject, message, to=[to_email] + ) + email.send() + return HttpResponse('Please confirm your email address to complete the registration') - subject2 = "New User" - message2 = "New user registered.\n" - message2 += fullemail + "\n" - message2 += "User name: "+username - - send_mail(subject2, message2, - 'Rowsandall Server ', - ['roosendaalsander@gmail.com']) - - theuser = authenticate(username=username,password=password) login(request,theuser) return HttpResponseRedirect(nextpage) @@ -842,29 +900,28 @@ def freecoach_register_view(request): # create default favorite charts add_defaultfavorites(therower) - # Create and send email - fullemail = first_name + " " + last_name + " " + "<" + email + ">" - subject = "Thank you for registering on rowsandall.com" - from_address = 'Sander Roosendaal ' - - d = {'first_name':theuser.first_name} - - send_template_email(from_address,[fullemail], - subject,'coachregisteremail.html',d) - - - subject2 = "New Free Coach" - message2 = "New Free Coach registered.\n" - message2 += fullemail + "\n" - message2 += "User name: "+username - - send_mail(subject2, message2, - 'Rowsandall Server ', - ['roosendaalsander@gmail.com']) - - theuser = authenticate(username=username,password=password) - login(request,theuser) + current_site = get_current_site(request) + mail_subject = 'Activate your account.' + d = { + 'user': theuser, + 'domain': current_site.domain, + 'uid': urlsafe_base64_encode(force_bytes(theuser.id)).decode(), + 'token': account_activation_token.make_token(theuser), + } + to_email = form.cleaned_data.get('email') + message = render_to_string('acc_activate_email.html', { + 'user': theuser, + 'domain': current_site.domain, + 'uid': urlsafe_base64_encode(force_bytes(theuser.id)).decode(), + 'token': account_activation_token.make_token(theuser), + }) + to_email = form.cleaned_data.get('email') + email = EmailMessage( + mail_subject, message, to=[to_email] + ) + email.send() + return HttpResponse('Please confirm your email address to complete the registration') return HttpResponseRedirect(nextpage)