EbookFoundation
/
regluit
mirror of https://github.com/EbookFoundation/regluit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix same email bug 

This bug [#63071834] was caused by a bug in Registration 1.0, which
fires the account_activated signal twice. There's already a pull
request fixing this bug.

In reviewing this handler, I realized that all the other reg code is in
library_auth, so I moved the same_email code there. I also decided that
the utility of attaching to the old email address was insufficient to
over come the risk of people stealing accounts by messing with social
auth.
pull/1/head
eric 2013-12-30 11:49:04 -05:00
parent 073e9664c0
commit af8fe05c54
3 changed files with 24 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
core/signals.py
View File

@ -11,7 +11,6 @@ from tastypie.models import create_api_key
django imports django imports
""" """
import django.dispatch import django.dispatch
import registration.signals
from django.conf import settings from django.conf import settings
from django.contrib.auth.models import User from django.contrib.auth.models import User
@ -67,26 +66,6 @@ post_save.connect(create_user_objects, sender=User)
# create API key for new User # create API key for new User
post_save.connect(create_api_key, sender=User) post_save.connect(create_api_key, sender=User)
def handle_same_email_account(sender, user, **kwargs):
logger.info('checking %s' % user.username)
old_users=User.objects.exclude(id=user.id).filter(email=user.email)
for old_user in old_users:
# decide why there's a previous user with this email
if not old_user.is_active:
# never activated
old_user.delete()
elif old_user.date_joined < user.date_joined:
# attach to old account
old_user.username=user.username
old_user.password=user.password
user.delete()
old_user.save()
user=old_user
else:
# shouldn't happen; don't want to delete the user in case the user is being used for something
old_user.email= '%s.unglue.it'% old_user.email
registration.signals.user_activated.connect(handle_same_email_account)
# create notification types (using django-notification) -- tie to syncdb # create notification types (using django-notification) -- tie to syncdb

1
libraryauth/__init__.py
View File

@ -0,0 +1 @@
from . import signals

23
libraryauth/signals.py Normal file
View File

@ -0,0 +1,23 @@
import logging
import registration.signals
from django.contrib.auth.models import User
from django.dispatch import receiver
logger = logging.getLogger(__name__)
@receiver(registration.signals.user_activated)
def handle_same_email_account(sender, user, **kwargs):
logger.info('checking %s' % user.username)
old_users=User.objects.exclude(id=user.id).filter(email=user.email)
for old_user in old_users:
# decide why there's a previous user with this email
if not old_user.is_active:
# never activated
old_user.delete()
elif old_user.date_joined < user.date_joined:
# relax
pass
else:
# shouldn't happen; don't want to delete the user in case the user is being used for something
old_user.email= '%s.unglue.it'% old_user.email