old user, first registration. cleaner

1 files changed, 23 insertions, 14 deletions

diff --git a/core/views/user_registration.py b/core/views/user_registration.py
index 8741d7b..8af197d 100644
--- a/core/views/user_registration.py
+++ b/core/views/user_registration.py
@@ -162,30 +162,33 @@ def register(request, url_username=None):
     else:

         form = register_form(initial=initial_values)

     

- 

-

     if request.method == "POST":

         form = register_form(request.POST)

         if form.is_valid():

-            print("POST VALID")

+            print("POST VALID") # so now username and email fields are readonly

             un = form.cleaned_data["username"]

             pw= form.cleaned_data["password1"]

             email = form.cleaned_data["email"]

             expoers = User.objects.filter(username=un)

-            if len(expoers) != 0:            

-                # this is a password re-set, not a new registration. So we need to check it is the same person.

-                form_user = expoers[0]

-                if request.user != form_user:

-                    print(f"## UNAUTHORIZED Password reset ## {request.user} {form_user}")

-                    # return render(request, "login/register.html", {"form": form, "unauthorized": True}) 

+            # if this is LOGONABLE user and we are not logged on

+            # NOT just save the data ! Anyone could do  that..

+            # we are now in a state where password should only be re-set by email token

+            # but rather than redirect (off-putting) we just make the password fields read-only

+            if len(expoers) > 0:

+                form.fields["password1"].widget.attrs["readonly"]="readonly"

+                form.fields["password2"].widget.attrs["readonly"]="readonly"

+

             # create User in the system and refresh stored encrypted user list and git commit it:   

             updated_user = register_user(un, email, password=pw, pwhash=None)

             save_users(request, updated_user, email)

             # to do, login automatically, and redirect to control panel ?

-            return HttpResponseRedirect("/accounts/login/")

+            form.fields["username"].widget.attrs["readonly"]="readonly"

+            form.fields["email"].widget.attrs["readonly"]="readonly"

+            return render(request, "login/register.html", {"form": form, "email_stored": True}) 

+            # return HttpResponseRedirect("/accounts/login/")

     else: # GET

         pass

-    return render(request, "login/register.html", {"form": form, "warning": warning, "logged_in": logged_in})    

+    return render(request, "login/register.html", {"form": form})    

 

 

 def save_users(request, updated_user, email="troggle@exposerver.expo"):

@@ -350,7 +353,13 @@ class register_form(forms.Form):  # not a model-form, just a form-form
             ) 

         email = cleaned_data.get("email")

         users = User.objects.filter(email=email)

-        if len(users) != 0:

+        if len(users) > 1:

             raise ValidationError(

-                "Duplicate email address. Another registered user is already using this email address. Email addresses must be unique as that is how we reset forgotten passwords."

-            )              
\ No newline at end of file
+                f"Duplicate email address. Another registered user {users} is already using this email address. Email addresses must be unique as that is how we reset forgotten passwords."

+            )              

+        if len(users) == 1:

+            if users[0].username != un:

+                raise ValidationError(

+                    f"Duplicate email address. Another registered user '{users[0]}' is already using this email address. Email addresses must be unique as that is how we reset forgotten passwords."

+                    )

+                 
\ No newline at end of file