From af8fe05c545d890c1eb105b6858c84f36fab1bc4 Mon Sep 17 00:00:00 2001 From: eric Date: Mon, 30 Dec 2013 11:49:04 -0500 Subject: [PATCH] fix same email bug This bug [#63071834] was caused by a bug in Registration 1.0, which fires the account_activated signal twice. There's already a pull request fixing this bug. In reviewing this handler, I realized that all the other reg code is in library_auth, so I moved the same_email code there. I also decided that the utility of attaching to the old email address was insufficient to over come the risk of people stealing accounts by messing with social auth. --- core/signals.py | 21 --------------------- libraryauth/__init__.py | 1 + libraryauth/signals.py | 23 +++++++++++++++++++++++ 3 files changed, 24 insertions(+), 21 deletions(-) create mode 100644 libraryauth/signals.py diff --git a/core/signals.py b/core/signals.py index 0d53765f..cfe947a1 100644 --- a/core/signals.py +++ b/core/signals.py @@ -11,7 +11,6 @@ from tastypie.models import create_api_key django imports """ import django.dispatch -import registration.signals from django.conf import settings from django.contrib.auth.models import User @@ -67,26 +66,6 @@ post_save.connect(create_user_objects, sender=User) # create API key for new User post_save.connect(create_api_key, sender=User) -def handle_same_email_account(sender, user, **kwargs): - logger.info('checking %s' % user.username) - old_users=User.objects.exclude(id=user.id).filter(email=user.email) - for old_user in old_users: - # decide why there's a previous user with this email - if not old_user.is_active: - # never activated - old_user.delete() - elif old_user.date_joined < user.date_joined: - # attach to old account - old_user.username=user.username - old_user.password=user.password - user.delete() - old_user.save() - user=old_user - else: - # shouldn't happen; don't want to delete the user in case the user is being used for something - old_user.email= '%s.unglue.it'% old_user.email - -registration.signals.user_activated.connect(handle_same_email_account) # create notification types (using django-notification) -- tie to syncdb diff --git a/libraryauth/__init__.py b/libraryauth/__init__.py index e69de29b..2d4b87bf 100644 --- a/libraryauth/__init__.py +++ b/libraryauth/__init__.py @@ -0,0 +1 @@ +from . import signals \ No newline at end of file diff --git a/libraryauth/signals.py b/libraryauth/signals.py new file mode 100644 index 00000000..e0b43bbf --- /dev/null +++ b/libraryauth/signals.py @@ -0,0 +1,23 @@ +import logging +import registration.signals +from django.contrib.auth.models import User +from django.dispatch import receiver + +logger = logging.getLogger(__name__) + +@receiver(registration.signals.user_activated) +def handle_same_email_account(sender, user, **kwargs): + logger.info('checking %s' % user.username) + old_users=User.objects.exclude(id=user.id).filter(email=user.email) + for old_user in old_users: + # decide why there's a previous user with this email + if not old_user.is_active: + # never activated + old_user.delete() + elif old_user.date_joined < user.date_joined: + # relax + pass + else: + # shouldn't happen; don't want to delete the user in case the user is being used for something + old_user.email= '%s.unglue.it'% old_user.email +