fix same email bug

This bug [#63071834] was caused by a bug in Registration 1.0, which fires the account_activated signal twice. There's already a pull request fixing this bug. In reviewing this handler, I realized that all the other reg code is in library_auth, so I moved the same_email code there. I also decided that the utility of attaching to the old email address was insufficient to over come the risk of people stealing accounts by messing with social auth.
2013-12-30 11:49:04 -05:00 · 2013-12-30 11:49:04 -05:00 · af8fe05c54
parent 073e9664c0
commit af8fe05c54
3 changed files with 24 additions and 21 deletions
--- a/core/signals.py
+++ b/core/signals.py
@ -11,7 +11,6 @@ from tastypie.models import create_api_key
 django imports
 """
 import django.dispatch
-import registration.signals

 from django.conf import settings
 from django.contrib.auth.models import User
@ -67,26 +66,6 @@ post_save.connect(create_user_objects, sender=User)
 # create API key for new User
 post_save.connect(create_api_key, sender=User)

-def handle_same_email_account(sender, user, **kwargs):
-    logger.info('checking %s' % user.username)
-    old_users=User.objects.exclude(id=user.id).filter(email=user.email)
-    for old_user in old_users:
-        # decide why there's a previous user with this email
-        if not old_user.is_active:
-            # never activated
-            old_user.delete()
-        elif old_user.date_joined < user.date_joined:
-            # attach to old account 
-            old_user.username=user.username
-            old_user.password=user.password
-            user.delete()
-            old_user.save()
-            user=old_user
-        else: 
-            # shouldn't happen; don't want to delete the user in case the user is being used for something
-            old_user.email= '%s.unglue.it'% old_user.email
-            
-registration.signals.user_activated.connect(handle_same_email_account)

 # create notification types (using django-notification) -- tie to syncdb

--- a/libraryauth/init.py
+++ b/libraryauth/init.py
@ -0,0 +1 @@
+from . import signals
--- a/libraryauth/signals.py
+++ b/libraryauth/signals.py
@ -0,0 +1,23 @@
+import logging
+import registration.signals
+from django.contrib.auth.models import User
+from django.dispatch import receiver
+
+logger = logging.getLogger(__name__)
+
+@receiver(registration.signals.user_activated)
+def handle_same_email_account(sender, user, **kwargs):
+    logger.info('checking %s' % user.username)
+    old_users=User.objects.exclude(id=user.id).filter(email=user.email)
+    for old_user in old_users:
+        # decide why there's a previous user with this email
+        if not old_user.is_active:
+            # never activated
+            old_user.delete()
+        elif old_user.date_joined < user.date_joined:
+            # relax 
+            pass
+        else: 
+            # shouldn't happen; don't want to delete the user in case the user is being used for something
+            old_user.email= '%s.unglue.it'% old_user.email
+