paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-06 06:53:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Check whether users are active, not whether they are nonunique.

Browse Source 
Previously we checked and bailed when there was a user registered with
an email address, regardless of active status.

This meant that MIT users who had inactive accounts autocreated had
issues where they would be confusingly told they were signed up even
though they had never taken any action on our site directly.

Now we instead check whether there are any current *active* user
accounts with that email address, and proceed with generating an
activation link if the user lacks a corresponding active account.

Security implications of this commit come into play if we start
implementing removing users ability to sign in as deactivation. Since we
lack a user removal story here, this isn't terribly concerning yet and
we'll revist this code when we decide to add such functionality in the
future.

This resolves trac #581 and #631.

(imported from commit c3fb93ce065e63e19b41f63c1f27891b93b75f86)
This commit is contained in:
Luke Faraone
2013-02-11 13:37:31 -05:00
parent 94ceac9980
commit 54a19e9091
2 changed files with 5 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
zephyr/forms.py
View File

@@ -35,10 +35,6 @@ def isnt_mit(value):
if "@mit.edu" in value: if "@mit.edu" in value:
raise ValidationError(mark_safe(u'Humbug for MIT is by invitation only. ' + SIGNUP_STRING)) raise ValidationError(mark_safe(u'Humbug for MIT is by invitation only. ' + SIGNUP_STRING))
class UniqueEmailField(forms.EmailField):
default_validators = [validators.validate_email, is_unique]
class RegistrationForm(forms.Form): class RegistrationForm(forms.Form):
full_name = forms.CharField(max_length=100) full_name = forms.CharField(max_length=100)
password = forms.CharField(widget=forms.PasswordInput, max_length=100) password = forms.CharField(widget=forms.PasswordInput, max_length=100)
@@ -50,10 +46,10 @@ class ToSForm(forms.Form):
class HomepageForm(forms.Form): class HomepageForm(forms.Form):
if settings.ALLOW_REGISTER: if settings.ALLOW_REGISTER:
email = UniqueEmailField() email = forms.EmailField()
else: else:
validators = UniqueEmailField.default_validators + [has_valid_realm, isnt_mit] validators = [has_valid_realm, isnt_mit, is_active]
email = UniqueEmailField(validators=validators) email = forms.EmailField(validators=validators)
class LoggingSetPasswordForm(SetPasswordForm): class LoggingSetPasswordForm(SetPasswordForm):
def save(self, commit=True): def save(self, commit=True):

3
zephyr/views.py
View File

@@ -355,7 +355,8 @@ def accounts_home(request):
return HttpResponseRedirect(reverse('send_confirm', kwargs={'email':user.email})) return HttpResponseRedirect(reverse('send_confirm', kwargs={'email':user.email}))
try: try:
email = request.POST['email'] email = request.POST['email']
is_unique(email) # Note: We don't check for uniqueness
is_active(email)
except ValidationError: except ValidationError:
return HttpResponseRedirect(reverse('django.contrib.auth.views.login') + '?email=' + urllib.quote_plus(email)) return HttpResponseRedirect(reverse('django.contrib.auth.views.login') + '?email=' + urllib.quote_plus(email))
else: else: