Enabled the check for existing account, disabled when we started using self-service http password reset, but hadn't started creating accounts yet. Refactored the two confirm*() methods in ietfauth/views.py; they need the same processing, only the templates to use differ.

levkowetz · levkowetz · commit 73f00aa92089 · 2012-07-04T05:12:20.000Z
- Legacy-Id: 4583
diff --git a/ietf/ietfauth/forms.py b/ietf/ietfauth/forms.py
@@ -44,8 +44,8 @@ def clean_email(self):
         email = self.cleaned_data.get('email', '')
         if not email:
             return email
-#         if User.objects.filter(username=email).count():
-#             raise forms.ValidationError(_('Email already in use'))
+        if User.objects.filter(username=email).count():
+            raise forms.ValidationError(_('An account with the email address you provided already exists.'))
         return email
 
 
@@ -80,7 +80,7 @@ class PasswordForm(forms.Form):
 
     def __init__(self, *args, **kwargs):
         self.username = kwargs.pop('username')
-        self.update_user = kwargs.pop('update_user', False)
+        self.update_user = User.objects.filter(username=self.username).count() > 0
         super(PasswordForm, self).__init__(*args, **kwargs)
 
     def clean_password2(self):
diff --git a/ietf/ietfauth/views.py b/ietf/ietfauth/views.py
@@ -114,8 +114,8 @@ def create_account(request):
                               context_instance=RequestContext(request))
 
 
-def confirm_account(request, username, date, realm, registration_hash):
-    valid = hashlib.md5('%s%s%s%s' % (settings.SECRET_KEY, date, username, realm)).hexdigest() == registration_hash
+def process_confirmation(request, username, date, realm, hash):
+    valid = hashlib.md5('%s%s%s%s' % (settings.SECRET_KEY, date, username, realm)).hexdigest() == hash
     if not valid:
         raise Http404
     request_date = datetime.date(int(date[:4]), int(date[4:6]), int(date[6:]))
@@ -125,11 +125,14 @@ def confirm_account(request, username, date, realm, registration_hash):
     if request.method == 'POST':
         form = PasswordForm(request.POST, username=username)
         if form.is_valid():
-            form.save()
-            # TODO: Add the user in the htdigest file
+            form.save()                 # Also updates the httpd password file
             success = True
     else:
         form = PasswordForm(username=username)
+    return form, username, success
+
+def confirm_account(request, username, date, realm, hash):
+    form, username, success = process_confirmation(request, username, date, realm, hash)
     return render_to_response('registration/confirm.html',
                               {'form': form, 'email': username, 'success': success},
                               context_instance=RequestContext(request))
@@ -151,19 +154,8 @@ def password_reset_view(request):
                               context_instance=RequestContext(request))
 
 
-def confirm_password_reset(request, username, date, realm, reset_hash):
-    valid = hashlib.md5('%s%s%s%s' % (settings.SECRET_KEY, date, username, realm)).hexdigest() == reset_hash
-    if not valid:
-        raise Http404
-    success = False
-    if request.method == 'POST':
-        form = PasswordForm(request.POST, update_user=True, username=username)
-        if form.is_valid():
-            form.save()
-            # TODO: Update the user in the htdigest file
-            success = True
-    else:
-        form = PasswordForm(username=username)
+def confirm_password_reset(request, username, date, realm, hash):
+    form, username, success = process_confirmation(request, username, date, realm, hash)
     return render_to_response('registration/change_password.html',
                               {'form': form,
                                'success': success,
