2 files changed, 30 insertions, 20 deletions

diff --git a/core/views/user_registration.py b/core/views/user_registration.py
index fc2aace..8741d7b 100644
--- a/core/views/user_registration.py
+++ b/core/views/user_registration.py
@@ -15,6 +15,8 @@ from troggle.core.utils import (
     add_commit,

     is_identified_user

     )

+from troggle.core.views.auth import expologout

+

 """

 This is the new individual user login registration, instead of everyone signing

 in as "expo". This will be useful for the kanban expo organisation tool.

@@ -133,14 +135,35 @@ def register(request, url_username=None):
     similar to the "expo" user

     (with cavey:beery password) but specific to an individual.

     

+    We only allow this to be done ONCE for each user-id.

+    

     """

     warning = ""

     initial_values={"visible-passwords": "True"}

  

     logged_in = (identified_login := is_identified_user(request.user))

     if logged_in:

-        return re_register_email(request)

-         

+        # logged in as a known real person with a USer logon

+        return re_register_email(request) # discarding url_username 

+    

+    if not request.user.is_anonymous:    

+        # logged in as expo or expoadmin, so logout invisibly before we do anything

+        expologout(request) # returns a response, which we discard

+        

+    if url_username: # if provided in URL

+        if Person.objects.filter(slug=url_username).count() != 1:

+            # not an old expoer, so redirect to the other form

+            print(Person.objects.filter(slug=url_username).count())

+            return HttpResponseRedirect("/accounts/newregister/")

+

+        initial_values.update({"username": url_username})

+        form = register_form(initial=initial_values)

+        form.fields["username"].widget.attrs["readonly"]="readonly"

+    else:

+        form = register_form(initial=initial_values)

+    

+ 

+

     if request.method == "POST":

         form = register_form(request.POST)

         if form.is_valid():

@@ -152,7 +175,7 @@ def register(request, url_username=None):
             if len(expoers) != 0:            

                 # this is a password re-set, not a new registration. So we need to check it is the same person.

                 form_user = expoers[0]

-                if current_user != form_user:

+                if request.user != form_user:

                     print(f"## UNAUTHORIZED Password reset ## {request.user} {form_user}")

                     # return render(request, "login/register.html", {"form": form, "unauthorized": True}) 

             # create User in the system and refresh stored encrypted user list and git commit it:   

@@ -161,15 +184,7 @@ def register(request, url_username=None):
             # to do, login automatically, and redirect to control panel ?

             return HttpResponseRedirect("/accounts/login/")

     else: # GET

-        if url_username: # if provided in URL

-            if not request.user.is_anonymous:

-                warning = f"WARNING - you are logged-in as someone else '{request.user}'. You must logout and login again as '{url_username}' "

-            print(f"REGISTER: {warning}")

-            initial_values.update({"username": url_username})        

-        elif request.user:

-            initial_values.update({"username": request.user.username})

-            

-    form = register_form(initial=initial_values)

+        pass

     return render(request, "login/register.html", {"form": form, "warning": warning, "logged_in": logged_in})    

 

 

diff --git a/templates/login/register.html b/templates/login/register.html
index e35f793..e832ade 100644
--- a/templates/login/register.html
+++ b/templates/login/register.html
@@ -40,21 +40,16 @@ li {color:red}
 <h2>{% if newuser %}
 New User Registration <br />for someone who has never attended Expo
 {% else %}
-User Registration - for a personal login to Troggle
+User Registration - for a personal login to Troggle by a known caver
 {%endif %}</h2>
 <!--using template login/register.html -->
 </div>
 <!-- This is really TWO forms, depending on whether the 'new_user' is set or not.
 
-ALSO it behaves differently if a usernaem is specified int he URL
-ALSO it behaves differently if there is an expo-valid logged-on User
+ALSO it behaves differently if a username is specified in the URL, when username becomes readonly
+
 -->
 <h3>Register your email address</h3>
-{% if unauthorized %}
-<span style="color:red">
-UNAUTHORIZED attempt to change password or email address. <br />
-You are not logged in as the user you are attempting to re-register.
-</span>{% endif %}
 
 {% if newuser %}
 <p>You need to register before you can fill out the 'signup' form to request to attend Expo.