From 098b185a5a079621b68cc84754b355ec07a7e2f5 Mon Sep 17 00:00:00 2001 From: eric Date: Mon, 16 Dec 2013 15:11:25 -0500 Subject: [PATCH 1/7] turn off mailchimp checking for tests --- core/models.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/core/models.py b/core/models.py index 2670ed15..2d87e5b8 100755 --- a/core/models.py +++ b/core/models.py @@ -1679,6 +1679,9 @@ class UserProfile(models.Model): @property def on_ml(self): + if "@example.org" in self.user.email: + # use @example.org email addresses for testing! + return False try: return settings.MAILCHIMP_NEWS_ID in pm.listsForEmail(email_address=self.user.email) except MailChimpException, e: @@ -1700,6 +1703,9 @@ class UserProfile(models.Model): return False def ml_unsubscribe(self): + if "@example.org" in self.user.email: + # use @example.org email addresses for testing! + return True try: return pm.listUnsubscribe(id=settings.MAILCHIMP_NEWS_ID, email_address=self.user.email) except Exception, e: From 913030a1122319fa7f871f581313c3fc01f365ce Mon Sep 17 00:00:00 2001 From: eric Date: Mon, 16 Dec 2013 15:12:46 -0500 Subject: [PATCH 2/7] update to registration 1.0 --- requirements_versioned.pip | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements_versioned.pip b/requirements_versioned.pip index f7974667..20bd7268 100644 --- a/requirements_versioned.pip +++ b/requirements_versioned.pip @@ -26,7 +26,7 @@ django-maintenancemode==0.10 django-nose-selenium==0.7.3 #django-notification==0.2 git+git://github.com/aladagemre/django-notification.git@2927346f4c513a217ac8ad076e494dd1adbf70e1 -django-registration==0.8 +django-registration==1.0 django-selectable==0.7.0 django-smtp-ssl==1.0 django-social-auth==0.7.20 From 5874455d0d0a3caf217df3c2181370ea7b5070dc Mon Sep 17 00:00:00 2001 From: eric Date: Mon, 16 Dec 2013 15:14:28 -0500 Subject: [PATCH 3/7] add disposable email checker --- libraryauth/emailcheck/__init__.py | 5 + libraryauth/emailcheck/data.py | 709 +++++++++++++++++++++++++++++ 2 files changed, 714 insertions(+) create mode 100644 libraryauth/emailcheck/__init__.py create mode 100644 libraryauth/emailcheck/data.py diff --git a/libraryauth/emailcheck/__init__.py b/libraryauth/emailcheck/__init__.py new file mode 100644 index 00000000..1ef6db5d --- /dev/null +++ b/libraryauth/emailcheck/__init__.py @@ -0,0 +1,5 @@ +from .data import blacklist + +def is_disposable(email_address): + email_domain = email_address.lower().rsplit('@')[-1] + return email_domain in blacklist \ No newline at end of file diff --git a/libraryauth/emailcheck/data.py b/libraryauth/emailcheck/data.py new file mode 100644 index 00000000..a0b841e1 --- /dev/null +++ b/libraryauth/emailcheck/data.py @@ -0,0 +1,709 @@ +blacklist = frozenset([ +'0-mail.com', +'0815.ru', +'0845.ru', +'0clickemail.com', +'0wnd.net', +'0wnd.org', +'10minutemail.com', +'10minutemail.net', +'12houremail.com', +'12minutemail.com', +'163.com', +'1pad.de', +'20minutemail.com', +'2prong.com', +'30minutemail.com', +'3d-painting.com', +'4warding.com', +'4warding.net', +'4warding.org', +'60minutemail.com', +'675hosting.com', +'675hosting.net', +'675hosting.org', +'6url.com', +'75hosting.com', +'75hosting.net', +'75hosting.org', +'7tags.com', +'8127ep.com', +'9ox.net', +'a-bc.net', +'afrobacon.com', +'agedmail.com', +'ajaxapp.net', +'akapost.com', +'akerd.com', +'ama-trade.de', +'ama-trans.de', +'amilegit.com', +'amiri.net', +'amiriindustries.com', +'ano-mail.net', +'anon-mail.de', +'anonbox.net', +'anonmails.de', +'anonymbox.com', +'antichef.com', +'antichef.net', +'antireg.ru', +'antispam.de', +'antispam24.de', +'antispammail.de', +'armyspy.com', +'asdasd.ru', +'b2cmail.de', +'baxomale.ht.cx', +'beefmilk.com', +'binkmail.com', +'bio-muesli.info', +'bio-muesli.net', +'blackmarket.to', +'bobmail.info', +'bodhi.lawlita.com', +'bofthew.com', +'bootybay.de', +'br.mintemail.com', +'breakthru.com', +'brefmail.com', +'brennendesreich.de', +'broadbandninja.com', +'bsnow.net', +'bspamfree.org', +'buffemail.com', +'bugmenever.com', +'bugmenot.com', +'bumpymail.com', +'bund.us', +'byom.de', +'cam4you.cc', +'card.zp.ua', +'casualdx.com', +'cellurl.com', +'centermail.com', +'centermail.net', +'cheatmail.de', +'chogmail.com', +'choicemail1.com', +'consumerriot.com', +'cool.fr.nf', +'correo.blogos.net', +'cosmorph.com', +'courriel.fr.nf', +'courrieltemporaire.com', +'cubiclink.com', +'curryworld.de', +'cust.in', +'cuvox.de', +'dacoolest.com', +'dandikmail.com', +'dayrep.com', +'dbunker.com', +'deadaddress.com', +'deadspam.com', +'dealja.com', +'delikkt.de', +'despam.it', +'despammed.com', +'devnullmail.com', +'dfgh.net', +'digitalsanctuary.com', +'dingbone.com', +'discardmail.com', +'discardmail.de', +'disposableaddress.com', +'disposableemailaddresses:emailmiser.com', +'disposeamail.com', +'disposemail.com', +'dispostable.com', +'dm.w3internet.co.ukexample.com', +'dodgeit.com', +'dodgit.com', +'dodgit.org', +'donemail.ru', +'dontreg.com', +'dontsendmespam.de', +'dotman.de', +'dropcake.de', +'dudmail.com', +'dump-email.info', +'dumpandjunk.com', +'dumpmail.de', +'dumpyemail.com', +'duskmail.com', +'e4ward.com', +'easytrashmail.com', +'edv.to', +'einmalmail.de', +'einrot.com', +'eintagsmail.de', +'email60.com', +'emaildienst.de', +'emailgo.de', +'emailias.com', +'emailigo.de', +'emailinfive.com', +'emaillime.com', +'emailmiser.com', +'emailsensei.com', +'emailtemporanea.com', +'emailtemporanea.net', +'emailtemporario.com.br', +'emailto.de', +'emailwarden.com', +'emailx.at.hm', +'emailxfer.com', +'emz.net', +'enterto.com', +'ephemail.net', +'ero-tube.org', +'etranquil.com', +'etranquil.net', +'etranquil.org', +'explodemail.com', +'express.net.ua', +'eyepaste.com', +'fakedemail.com', +'fakeinbox.com', +'fakeinformation.com', +'fakemail.fr', +'fakemailgenerator.com', +'fansworldwide.de', +'fastacura.com', +'fastchevy.com', +'fastchrysler.com', +'fastkawasaki.com', +'fastmazda.com', +'fastmitsubishi.com', +'fastnissan.com', +'fastsubaru.com', +'fastsuzuki.com', +'fasttoyota.com', +'fastyamaha.com', +'film-blog.biz', +'filzmail.com', +'fivemail.de', +'fizmail.com', +'fly-ts.de', +'flyspam.com', +'fr33mail.info', +'frapmail.com', +'front14.org', +'fudgerub.com', +'fux0ringduh.com', +'fyii.de', +'garbagemail.org', +'garliclife.com', +'gehensiemirnichtaufdensack.de', +'geschent.biz', +'get1mail.com', +'get2mail.fr', +'getairmail.com', +'getmails.eu', +'getonemail.com', +'getonemail.net', +'ghosttexter.de', +'giantmail.de', +'girlsundertheinfluence.com', +'gishpuppy.com', +'gmal.com', +'gmial.com', +'gomail.in', +'gowikibooks.com', +'gowikicampus.com', +'gowikicars.com', +'gowikifilms.com', +'gowikigames.com', +'gowikimusic.com', +'gowikinetwork.com', +'gowikitravel.com', +'gowikitv.com', +'great-host.in', +'greensloth.com', +'gsrv.co.uk', +'guerillamail.biz', +'guerillamail.com', +'guerillamail.net', +'guerillamail.org', +'guerrillamail.biz', +'guerrillamail.com', +'guerrillamail.de', +'guerrillamail.info', +'guerrillamail.net', +'guerrillamail.org', +'guerrillamailblock.com', +'h.mintemail.com', +'h8s.org', +'haltospam.com', +'hat-geld.de', +'hatespam.org', +'hidemail.de', +'hmamail.com', +'hochsitze.com', +'hotmai.com', +'hotmial.com', +'hotpop.com', +'hulapla.de', +'humaility.com', +'ieatspam.eu', +'ieatspam.info', +'ieh-mail.de', +'ignoremail.com', +'ihateyoualot.info', +'iheartspam.org', +'ikbenspamvrij.nl', +'imails.info', +'inboxclean.com', +'inboxclean.org', +'inboxed.im', +'inboxed.pw', +'incognitomail.com', +'incognitomail.net', +'incognitomail.org', +'infocom.zp.ua', +'insorg-mail.info', +'instant-mail.de', +'ip6.li', +'ipoo.org', +'irish2me.com', +'is.af', +'iwi.net', +'jetable.com', +'jetable.fr.nf', +'jetable.net', +'jetable.org', +'jnxjn.com', +'junk.to', +'junk1e.com', +'kasmail.com', +'kaspop.com', +'keepmymail.com', +'killmail.com', +'killmail.net', +'kir.ch.tc', +'klassmaster.com', +'klassmaster.net', +'klzlk.com', +'kostenlosemailadresse.de', +'koszmail.pl', +'kulturbetrieb.info', +'kurzepost.de', +'lawlita.com', +'letthemeatspam.com', +'lhsdv.com', +'lifebyfood.com', +'link2mail.net', +'linuxmail.so', +'litedrop.com', +'llogin.ru', +'lol.ovpn.to', +'lolfreak.net', +'lookugly.com', +'lopl.co.cc', +'lortemail.dk', +'losemymail.com', +'lr78.com', +'luckymail.org', +'m21.cc', +'m4ilweb.info', +'maboard.com', +'mail-temporaire.fr', +'mail.by', +'mail.mezimages.net', +'mail.zp.ua', +'mail1a.de', +'mail21.cc', +'mail2rss.org', +'mail333.com', +'mail4trash.com', +'mailbidon.com', +'mailbiz.biz', +'mailblocks.com', +'mailcatch.com', +'mailde.de', +'mailde.info', +'maildrop.cc', +'maileater.com', +'maileimer.de', +'mailexpire.com', +'mailforspam.com', +'mailfreeonline.com', +'mailin8r.com', +'mailinater.com', +'mailinator.com', +'mailinator.net', +'mailinator2.com', +'mailincubator.com', +'mailita.tk', +'mailme.ir', +'mailme.lv', +'mailme24.com', +'mailmetrash.com', +'mailmoat.com', +'mailms.com', +'mailnator.com', +'mailnesia.com', +'mailnull.com', +'mailorg.org', +'mailscrap.com', +'mailseal.de', +'mailshell.com', +'mailsiphon.com', +'mailslite.com', +'mailtome.de', +'mailtrash.net', +'mailtv.net', +'mailtv.tv', +'mailzilla.com', +'mailzilla.org', +'makemetheking.com', +'malahov.de', +'mbx.cc', +'mega.zik.dj', +'meinspamschutz.de', +'meltmail.com', +'messagebeamer.de', +'mierdamail.com', +'ministry-of-silly-walks.de', +'mintemail.com', +'misterpinball.de', +'moburl.com', +'moncourrier.fr.nf', +'monemail.fr.nf', +'monmail.fr.nf', +'msa.minsmail.com', +'mt2009.com', +'mt2014.com', +'mx0.wwwnew.eu', +'mycard.net.ua', +'mycleaninbox.net', +'mypartyclip.de', +'myphantomemail.com', +'mysamp.de', +'myspaceinc.com', +'myspaceinc.net', +'myspaceinc.org', +'myspacepimpedup.com', +'myspamless.com', +'mytempmail.com', +'mytrashmail.com', +'nabuma.com', +'neomailbox.com', +'nepwk.com', +'nervmich.net', +'nervtmich.net', +'netmails.com', +'netmails.net', +'netzidiot.de', +'neverbox.com', +'nevermail.de', +'nincsmail.hu', +'no-spam.ws', +'nobugmail.com', +'nobulk.com', +'nobuma.com', +'noclickemail.com', +'nogmailspam.info', +'nomail.pw', +'nomail.xl.cx', +'nomail2me.com', +'nomorespamemails.com', +'nospam.ze.tc', +'nospam4.us', +'nospamfor.us', +'nospammail.net', +'nospamthanks.info', +'notmailinator.com', +'nowmymail.com', +'nurfuerspam.de', +'nus.edu.sg', +'nwldx.com', +'objectmail.com', +'obobbo.com', +'odnorazovoe.ru', +'ohaaa.de', +'omail.pro', +'oneoffemail.com', +'oneoffmail.com', +'onewaymail.com', +'onlatedotcom.info', +'online.ms', +'oopi.org', +'ordinaryamerican.net', +'otherinbox.com', +'ourklips.com', +'outlawspam.com', +'ovpn.to', +'owlpic.com', +'pancakemail.com', +'pimpedupmyspace.com', +'pjjkp.com', +'plexolan.de', +'politikerclub.de', +'poofy.org', +'pookmail.com', +'powered.name', +'privacy.net', +'privatdemail.net', +'privy-mail.de', +'privymail.de', +'proxymail.eu', +'prtnx.com', +'punkass.com', +'put2.net', +'putthisinyourspamdatabase.com', +'quickinbox.com', +'rcpt.at', +'realtyalerts.ca', +'receiveee.com', +'recode.me', +'recursor.net', +'regbypass.com', +'regbypass.comsafe-mail.net', +'rejectmail.com', +'rhyta.com', +'rklips.com', +'rmqkr.net', +'rppkn.com', +'rtrtr.com', +'s0ny.net', +'safe-mail.net', +'safersignup.de', +'safetymail.info', +'safetypost.de', +'sandelf.de', +'saynotospams.com', +'schafmail.de', +'schmeissweg.tk', +'schrott-email.de', +'secmail.pw', +'secretemail.de', +'secure-mail.biz', +'secure-mail.cc', +'selfdestructingmail.com', +'sendspamhere.com', +'senseless-entertainment.com', +'server.ms', +'sharklasers.com', +'shieldemail.com', +'shiftmail.com', +'shitmail.me', +'shortmail.net', +'shut.name', +'shut.ws', +'sibmail.com', +'sinnlos-mail.de', +'skeefmail.com', +'sky-ts.de', +'slaskpost.se', +'slopsbox.com', +'smashmail.de', +'smellfear.com', +'snakemail.com', +'sneakemail.com', +'sneakmail.de', +'snkmail.com', +'sofimail.com', +'sofort-mail.de', +'sofortmail.de', +'sogetthis.com', +'soodonims.com', +'spam.la', +'spam.su', +'spam4.me', +'spamail.de', +'spamavert.com', +'spambob.com', +'spambob.net', +'spambob.org', +'spambog.com', +'spambog.de', +'spambog.ru', +'spambox.info', +'spambox.irishspringrealty.com', +'spambox.us', +'spamcannon.com', +'spamcannon.net', +'spamcero.com', +'spamcon.org', +'spamcorptastic.com', +'spamcowboy.com', +'spamcowboy.net', +'spamcowboy.org', +'spamday.com', +'spamex.com', +'spamfree.eu', +'spamfree24.com', +'spamfree24.de', +'spamfree24.eu', +'spamfree24.info', +'spamfree24.net', +'spamfree24.org', +'spamgourmet.com', +'spamgourmet.net', +'spamgourmet.org', +'spamherelots.com', +'spamhereplease.com', +'spamhole.com', +'spamify.com', +'spaminator.de', +'spamkill.info', +'spaml.com', +'spaml.de', +'spammotel.com', +'spamobox.com', +'spamoff.de', +'spamslicer.com', +'spamspot.com', +'spamthis.co.uk', +'spamthisplease.com', +'spamtrail.com', +'speed.1s.fr', +'spoofmail.de', +'squizzy.de', +'sry.li', +'stinkefinger.net', +'stuffmail.de', +'super-auswahl.de', +'supergreatmail.com', +'supermailer.jp', +'superstachel.de', +'suremail.info', +'tagyourself.com', +'teewars.org', +'teleworm.com', +'teleworm.us', +'temp-mail.org', +'temp-mail.ru', +'tempail.com', +'tempalias.com', +'tempe-mail.com', +'tempemail.biz', +'tempemail.co.za', +'tempemail.com', +'tempemail.net', +'tempinbox.co.uk', +'tempinbox.com', +'tempmail.eu', +'tempmail.it', +'tempmail2.com', +'tempmailer.com', +'tempmailer.de', +'tempomail.fr', +'temporarily.de', +'temporarioemail.com.br', +'temporaryemail.net', +'temporaryforwarding.com', +'temporaryinbox.com', +'temporarymailaddress.com', +'thanksnospam.info', +'thankyou2010.com', +'thc.st', +'thisisnotmyrealemail.com', +'thismail.net', +'throwawayemailaddress.com', +'tilien.com', +'tittbit.in', +'tmailinator.com', +'tokem.co', +'topranklist.de', +'tormail.org', +'tradermail.info', +'trash-amil.com', +'trash-mail.at', +'trash-mail.com', +'trash-mail.de', +'trash2009.com', +'trashdevil.com', +'trashdevil.de', +'trashemail.de', +'trashinbox.com', +'trashmail.at', +'trashmail.com', +'trashmail.de', +'trashmail.me', +'trashmail.net', +'trashmail.org', +'trashmail.ws', +'trashmailer.com', +'trashymail.com', +'trashymail.net', +'trialmail.de', +'trillianpro.com', +'turual.com', +'twinmail.de', +'tyldd.com', +'uggsrock.com', +'upliftnow.com', +'uplipht.com', +'us.af', +'venompen.com', +'veryrealemail.com', +'vidchart.com', +'viditag.com', +'viewcastmedia.com', +'viewcastmedia.net', +'viewcastmedia.org', +'vipmail.name', +'vipmail.pw', +'vpn.st', +'vsimcard.com', +'wasteland.rfc822.org', +'watch-harry-potter.com', +'watchfull.net', +'webm4il.info', +'weg-werf-email.de', +'wegwerf-email-adressen.de', +'wegwerf-email.de', +'wegwerf-email.net', +'wegwerf-emails.de', +'wegwerfadresse.de', +'wegwerfemail.com', +'wegwerfemail.de', +'wegwerfemail.net', +'wegwerfemail.org', +'wegwerfemailadresse.com', +'wegwerfmail.de', +'wegwerfmail.net', +'wegwerfmail.org', +'wetrainbayarea.com', +'wetrainbayarea.org', +'wh4f.org', +'whatpaas.com', +'whyspam.me', +'willhackforfood.biz', +'willselfdestruct.com', +'winemaven.info', +'wolfsmail.tk', +'writeme.us', +'wronghead.com', +'wuzup.net', +'wuzupmail.net', +'www.e4ward.com', +'www.gishpuppy.com', +'www.mailinator.com', +'wwwnew.eu', +'x.ip6.li', +'xagloo.com', +'xemaps.com', +'xents.com', +'xmaily.com', +'xoxy.net', +'yanet.me', +'yep.it', +'yogamaven.com', +'yopmail.com', +'yopmail.fr', +'yopmail.net', +'youmailr.com', +'ypmail.webarnak.fr.eu.org', +'yuurok.com', +'yxzx.net', +'z1p.biz', +'zehnminuten.de', +'zehnminutenmail.de', +'zippymail.info', +'zoaxe.com', +'zoemail.org', +]) \ No newline at end of file From 39bb68016ad3063a4aefc6bde7721345d795bb4a Mon Sep 17 00:00:00 2001 From: eric Date: Mon, 16 Dec 2013 15:15:47 -0500 Subject: [PATCH 4/7] custom registration form and view --- libraryauth/forms.py | 20 ++++++++++++++++++-- libraryauth/views.py | 10 +++++++--- 2 files changed, 25 insertions(+), 5 deletions(-) diff --git a/libraryauth/forms.py b/libraryauth/forms.py index 54df3d5d..c7c8cdda 100644 --- a/libraryauth/forms.py +++ b/libraryauth/forms.py @@ -1,10 +1,26 @@ +import logging from django import forms from django.contrib.auth.forms import AuthenticationForm from django.contrib.auth.models import User from django.utils.translation import ugettext_lazy as _ - +from registration.forms import RegistrationForm +from .emailcheck import is_disposable from .models import Library +logger = logging.getLogger(__name__) + +class RegistrationFormNoDisposableEmail(RegistrationForm): + def clean_email(self): + """ + Check the supplied email address against a list of known disposable + webmail domains. + """ + logger.info('cleaning email') + if is_disposable(self.cleaned_data['email']): + raise forms.ValidationError(_("Please supply a permanent email address.")) + return self.cleaned_data['email'] + + class AuthForm(AuthenticationForm): def __init__(self, request=None, *args, **kwargs): if request and request.method == 'GET': @@ -12,7 +28,7 @@ class AuthForm(AuthenticationForm): super(AuthForm, self).__init__(initial={"username":saved_un},*args, **kwargs) else: super(AuthForm, self).__init__(*args, **kwargs) - + class NewLibraryForm(forms.ModelForm): username = forms.RegexField( label=_("Library Username"), diff --git a/libraryauth/views.py b/libraryauth/views.py index 9d02610b..fe3657e0 100644 --- a/libraryauth/views.py +++ b/libraryauth/views.py @@ -8,10 +8,10 @@ from django.contrib.auth import load_backend from django.contrib.auth.decorators import login_required from django.http import HttpResponseRedirect from django.views.generic.edit import FormView, CreateView, UpdateView, SingleObjectMixin +from registration.backends.default.views import RegistrationView from . import backends - from .models import Library -from .forms import AuthForm, LibraryForm, NewLibraryForm +from .forms import AuthForm, LibraryForm, NewLibraryForm, RegistrationFormNoDisposableEmail logger = logging.getLogger(__name__) @@ -52,6 +52,7 @@ def superlogin(request, extra_context=None, **kwargs): request.session["add_wishlist"]=request.GET["add"] return login(request, extra_context=extra_context, authentication_form=AuthForm, **kwargs) + class Authenticator: request=None library=None @@ -225,4 +226,7 @@ def login_user(request, user): user.backend = backend break if hasattr(user, 'backend'): - return login_to_user(request, user) \ No newline at end of file + return login_to_user(request, user) + +class CustomRegistrationView(RegistrationView): + form_class = RegistrationFormNoDisposableEmail \ No newline at end of file From 9a47f953cf5802662b2c4743a67341b08b83a9ae Mon Sep 17 00:00:00 2001 From: eric Date: Mon, 16 Dec 2013 15:16:34 -0500 Subject: [PATCH 5/7] wire in custom registration and reorganize urls, add tests --- libraryauth/tests.py | 58 ++++++++++++++++++++++++++++++++++++++++++++ libraryauth/urls.py | 36 ++++++++++++++++++++++----- urls.py | 42 ++++++-------------------------- 3 files changed, 96 insertions(+), 40 deletions(-) create mode 100644 libraryauth/tests.py diff --git a/libraryauth/tests.py b/libraryauth/tests.py new file mode 100644 index 00000000..11950d4b --- /dev/null +++ b/libraryauth/tests.py @@ -0,0 +1,58 @@ +import unittest +from django.core.urlresolvers import reverse +from django.test import TestCase +from django.contrib.auth.models import User + +class TestLibraryAuth(TestCase): + def setUp(self): + pass + + + def test_pages(self): + resp = self.client.get(reverse('registration_register')) + self.assertEqual(200, resp.status_code) + + + def test_registration(self): + """ + LibraryAuth Registration creates a new inactive account and a new profile + with activation key, populates the correct account data and + sends an activation email. + + """ + resp = self.client.post(reverse('registration_register'), + data={'username': 'bob', + 'email': 'bob@example.com', + 'password1': 'secret', + 'password2': 'secret'}) + self.assertRedirects(resp, reverse('registration_complete')) + + new_user = User.objects.get(username='bob') + + self.failUnless(new_user.check_password('secret')) + self.assertEqual(new_user.email, 'bob@example.com') + + # New user must not be active. + self.failIf(new_user.is_active) + + def test_bad_registration(self): + """ + LibraryAuth Registration rejects. + + """ + resp = self.client.post(reverse('registration_register'), + data={'username': 'badbob', + 'email': 'bob@mailnesia.com', + 'password1': 'secret', + 'password2': 'secret'}) + self.assertTrue('Please supply a permanent email address' in resp.content) + + with self.assertRaises(User.DoesNotExist): + User.objects.get(username='badbob') + + def test_is_disposable(self): + from .emailcheck import is_disposable + self.assertFalse(is_disposable('eric@hellman.net')) + self.assertTrue(is_disposable('eric@mailnesia.com')) + + diff --git a/libraryauth/urls.py b/libraryauth/urls.py index 50b72583..6327b519 100644 --- a/libraryauth/urls.py +++ b/libraryauth/urls.py @@ -2,7 +2,8 @@ from django.conf.urls.defaults import * from django.core.urlresolvers import reverse from django.views.generic.simple import direct_to_template from django.contrib.auth.decorators import login_required -from . import views, models +from . import views, models, forms +from .views import superlogin, CustomRegistrationView urlpatterns = patterns( "", @@ -14,11 +15,34 @@ urlpatterns = patterns( url(r"^libraryauth/create/$", login_required(views.CreateLibraryView.as_view()), name="library_create"), url(r"^libraryauth/list/$", direct_to_template, { 'template':'libraryauth/list.html', - 'extra_context':{'libraries':models.Library.objects.filter(approved=True).order_by('name')} - }, name="library_list"), + 'extra_context':{'libraries':models.Library.objects.filter(approved=True).order_by('name'), + }}, name="library_list"), url(r"^libraryauth/unapproved/$", direct_to_template, { 'template':'libraryauth/list.html', - 'extra_context':{'libraries':models.Library.objects.filter(approved=False).order_by('name')} - }, name="new_libraries"), + 'extra_context':{'libraries':models.Library.objects.filter(approved=False).order_by('name'), + }}, name="new_libraries"), + url(r'^accounts/register/$', CustomRegistrationView.as_view(), name='registration_register'), url(r'^accounts/superlogin/$', views.superlogin, name='superlogin'), - ) + url(r"^accounts/superlogin/welcome/$", direct_to_template, + {'template': 'registration/welcome.html', + 'extra_context': {'suppress_search_box': True,} + }), + url(r'^accounts/login/pledge/$',superlogin, + {'template_name': 'registration/from_pledge.html'}), + url(r'^accounts/login/purchase/$',superlogin, + {'template_name': 'registration/from_purchase.html'}), + url(r'^accounts/login/add/$',superlogin, + {'template_name': 'registration/from_add.html'}), + url(r'^accounts/activate/complete/$',superlogin, + {'template_name': 'registration/activation_complete.html'}), + url(r'^accounts/login-error/$',superlogin, + {'template_name': 'registration/from_error.html'}), + url(r'^accounts/edit/$', 'regluit.frontend.views.edit_user'), + url(r"^accounts/login/welcome/$", direct_to_template, { + 'template': 'registration/welcome.html', + 'extra_context': {'suppress_search_box': True,} + }), + url(r'^socialauth/', include('social_auth.urls')), + url('accounts/', include('email_change.urls')), + url(r'^accounts/', include('registration.backends.default.urls')), +) diff --git a/urls.py b/urls.py index 36070db4..bc9f2b04 100755 --- a/urls.py +++ b/urls.py @@ -1,11 +1,8 @@ import notification.urls from django.conf.urls.defaults import * -from django.views.generic.simple import direct_to_template -from frontend.forms import ProfileForm from frontend.views import social_auth_reset_password -from libraryauth.views import superlogin from regluit.admin import admin_site from regluit.core.sitemaps import WorkSitemap, PublisherSitemap @@ -15,39 +12,16 @@ sitemaps = { } urlpatterns = patterns('', - url(r'^accounts/activate/complete/$',superlogin, - {'template_name': 'registration/activation_complete.html'}), - url(r'^accounts/login/pledge/$',superlogin, - {'template_name': 'registration/from_pledge.html'}), - url(r'^accounts/login/purchase/$',superlogin, - {'template_name': 'registration/from_purchase.html'}), - url(r'^accounts/login/add/$',superlogin, - {'template_name': 'registration/from_add.html'}), - url(r'^accounts/login-error/$',superlogin, - {'template_name': 'registration/from_error.html'}), - (r'^accounts/edit/$', 'regluit.frontend.views.edit_user'), - (r'^accounts/', include('registration.backends.default.urls')), - url('accounts/', include('email_change.urls')), - url(r"^accounts/login/welcome/$", direct_to_template, - {'template': 'registration/welcome.html', - 'extra_context': {'suppress_search_box': True,} - }), - url(r"^accounts/superlogin/welcome/$", direct_to_template, - {'template': 'registration/welcome.html', - 'extra_context': {'suppress_search_box': True,} - }), url(r'^socialauth/reset_password/$', social_auth_reset_password, name="social_auth_reset_password"), - (r'^socialauth/', include('social_auth.urls')), - (r'^api/', include('regluit.api.urls')), - (r'', include('regluit.frontend.urls')), - (r'', include('regluit.payment.urls')), - (r'', include('regluit.libraryauth.urls')), - (r'^selectable/', include('selectable.urls')), + url(r'^api/', include('regluit.api.urls')), + url(r'', include('regluit.frontend.urls')), + url(r'', include('regluit.payment.urls')), + url(r'', include('regluit.libraryauth.urls')), + url(r'^selectable/', include('selectable.urls')), url(r'^admin/', include(admin_site.urls)), - (r'^comments/', include('django.contrib.comments.urls')), - (r'^notification/', include(notification.urls)), - - (r'^ckeditor/', include('ckeditor.urls')), + url(r'^comments/', include('django.contrib.comments.urls')), + url(r'^notification/', include(notification.urls)), + url(r'^ckeditor/', include('ckeditor.urls')), ) urlpatterns += patterns('django.contrib.sitemaps.views', From b9c54ead8b6cb6d9df1e3bfd0aa4967841a2f019 Mon Sep 17 00:00:00 2001 From: eric Date: Mon, 16 Dec 2013 16:27:19 -0500 Subject: [PATCH 6/7] deny registration to robots that try to search for the registration page. --- frontend/views.py | 1 + libraryauth/views.py | 18 ++++++++++++++++-- 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/frontend/views.py b/frontend/views.py index 508e0cf2..a6477275 100755 --- a/frontend/views.py +++ b/frontend/views.py @@ -1919,6 +1919,7 @@ class ManageAccount(FormView): def search(request): q = request.GET.get('q', '') + request.session['q']=q page = int(request.GET.get('page', 1)) results = gluejar_search(q, user_ip=request.META['REMOTE_ADDR'], page=page) diff --git a/libraryauth/views.py b/libraryauth/views.py index fe3657e0..e361352f 100644 --- a/libraryauth/views.py +++ b/libraryauth/views.py @@ -227,6 +227,20 @@ def login_user(request, user): break if hasattr(user, 'backend'): return login_to_user(request, user) - + +robot_qs = { + 'user', + 'user/register', + 'node/add', + } + class CustomRegistrationView(RegistrationView): - form_class = RegistrationFormNoDisposableEmail \ No newline at end of file + form_class = RegistrationFormNoDisposableEmail + def form_valid(self, request, form): + q = request.session.get('q', False) + if q and q in robot_qs: + return self.render_to_response({'form':form}) + return super(CustomRegistrationView,self).form_valid(request, form) + + + \ No newline at end of file From 84d1410f1c620a5f642fcfc2084fffd0d172536a Mon Sep 17 00:00:00 2001 From: eric Date: Tue, 17 Dec 2013 00:19:56 -0500 Subject: [PATCH 7/7] in metrics, give better info on new users --- frontend/templates/metrics.html | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/frontend/templates/metrics.html b/frontend/templates/metrics.html index f25ad2a8..94d35ad2 100644 --- a/frontend/templates/metrics.html +++ b/frontend/templates/metrics.html @@ -1,4 +1,5 @@ {% extends "basedocumentation.html" %} +{% load humanize %} {% block title %} Metrics {% endblock %} {% block doccontent %} @@ -9,11 +10,15 @@
  • {{ users.today.count }} have registered today. {% if users.today.count %}They are
      {% for user in users.today %} -
    • {{user.username}}
      • +
    • {{user.username}} {% if user.is_active %} ( {{ user.wishlist.works.count }} wishes) {% if user.library %}{{user.library}}{% endif %}{% endif %}
      • {% endfor %}
    {% endif %}
    {{ wishlists.today.count }} of them have 1 or more items on a wishlist.
    • -
  • {{ users.yesterday.count }} registered yesterday. +
  • {{ users.yesterday.count }} registered yesterday.{% if users.today.count %}They are +
      {% for user in users.yesterday %} +
    • {{user.username}} {% if user.is_active %} ( {{ user.wishlist.works.count }} wishes) {% if user.library %}{{user.library}}{% endif %}{% endif %}
      • + {% endfor %}
    {% endif %} +
    {{ wishlists.yesterday.count }} of them have 1 or more items on a wishlist.
  • {{ users.days7.count }} have registered in the past 7 days. @@ -57,6 +62,8 @@
    How often have the works been listed?
      +
    • {{ works.wishedby100.count }} have been listed by more than 100 ungluers. +
    • {{ works.wishedby50.count }} have been listed by more than 50 ungluers.
    • {{ works.wishedby20.count }} have been listed by more than 20 ungluers.