From bac65b58972ea6143d6e6a53e4d12543c8dd1c84 Mon Sep 17 00:00:00 2001 From: Philip Sargent Date: Mon, 27 Jan 2025 23:50:08 +0000 Subject: old user, first registration. cleaner --- core/views/user_registration.py | 37 +++++++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 14 deletions(-) (limited to 'core/views/user_registration.py') diff --git a/core/views/user_registration.py b/core/views/user_registration.py index 8741d7b..8af197d 100644 --- a/core/views/user_registration.py +++ b/core/views/user_registration.py @@ -162,30 +162,33 @@ def register(request, url_username=None): else: form = register_form(initial=initial_values) - - if request.method == "POST": form = register_form(request.POST) if form.is_valid(): - print("POST VALID") + print("POST VALID") # so now username and email fields are readonly un = form.cleaned_data["username"] pw= form.cleaned_data["password1"] email = form.cleaned_data["email"] expoers = User.objects.filter(username=un) - if len(expoers) != 0: - # this is a password re-set, not a new registration. So we need to check it is the same person. - form_user = expoers[0] - if request.user != form_user: - print(f"## UNAUTHORIZED Password reset ## {request.user} {form_user}") - # return render(request, "login/register.html", {"form": form, "unauthorized": True}) + # if this is LOGONABLE user and we are not logged on + # NOT just save the data ! Anyone could do that.. + # we are now in a state where password should only be re-set by email token + # but rather than redirect (off-putting) we just make the password fields read-only + if len(expoers) > 0: + form.fields["password1"].widget.attrs["readonly"]="readonly" + form.fields["password2"].widget.attrs["readonly"]="readonly" + # create User in the system and refresh stored encrypted user list and git commit it: updated_user = register_user(un, email, password=pw, pwhash=None) save_users(request, updated_user, email) # to do, login automatically, and redirect to control panel ? - return HttpResponseRedirect("/accounts/login/") + form.fields["username"].widget.attrs["readonly"]="readonly" + form.fields["email"].widget.attrs["readonly"]="readonly" + return render(request, "login/register.html", {"form": form, "email_stored": True}) + # return HttpResponseRedirect("/accounts/login/") else: # GET pass - return render(request, "login/register.html", {"form": form, "warning": warning, "logged_in": logged_in}) + return render(request, "login/register.html", {"form": form}) def save_users(request, updated_user, email="troggle@exposerver.expo"): @@ -350,7 +353,13 @@ class register_form(forms.Form): # not a model-form, just a form-form ) email = cleaned_data.get("email") users = User.objects.filter(email=email) - if len(users) != 0: + if len(users) > 1: raise ValidationError( - "Duplicate email address. Another registered user is already using this email address. Email addresses must be unique as that is how we reset forgotten passwords." - ) \ No newline at end of file + f"Duplicate email address. Another registered user {users} is already using this email address. Email addresses must be unique as that is how we reset forgotten passwords." + ) + if len(users) == 1: + if users[0].username != un: + raise ValidationError( + f"Duplicate email address. Another registered user '{users[0]}' is already using this email address. Email addresses must be unique as that is how we reset forgotten passwords." + ) + \ No newline at end of file -- cgit v1.2.3