Produits Entr'ouvert » Authentic 2

from .forms import modelform_factory, BaseUserForm

    A2_REGISTRATION_URLCONF = Setting(default='authentic2.registration_backend.urls',

                definition='Root urlconf for the /accounts endpoints'),

    A2_REGISTRATION_FORM_CLASS = Setting(default='authentic2.registration_backend.forms.RegistrationForm',

                definition='Default registration form'),

    A2_REGISTRATION_COMPLETION_FORM_CLASS = Setting(default='authentic2.registration_backend.forms.RegistrationCompletionForm',

                definition='Default registration completion form'),

    A2_REGISTRATION_SET_PASSWORD_FORM_CLASS = Setting(default='authentic2.registration_backend.forms.SetPasswordForm',

                definition='Default set password form'),

    A2_REGISTRATION_CHANGE_PASSWORD_FORM_CLASS = Setting(default='authentic2.registration_backend.forms.PasswordChangeForm',

                definition='Default change password form'),

from . import views, app_settings, utils, constants, forms

        form = forms.AuthenticationForm(request=request, data=data)

#

# Copyright (C) 2010-2019 Entr'ouvert

#

# This program is free software: you can redistribute it and/or modify it

# under the terms of the GNU Affero General Public License as published

# by the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU Affero General Public License for more details.

#

# You should have received a copy of the GNU Affero General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import math

from django import forms

from django.forms.models import modelform_factory as django_modelform_factory

from django.utils.translation import ugettext_lazy as _

from django.contrib.auth import REDIRECT_FIELD_NAME, forms as auth_forms

from django.utils import html

from django.contrib.auth import authenticate

from django_rbac.utils import get_ou_model

from authentic2.utils import lazy_label

from authentic2.compat import get_user_model

from authentic2.forms.fields import PasswordField

from .. import app_settings

from ..exponential_retry_timeout import ExponentialRetryTimeout

OU = get_ou_model()

class EmailChangeFormNoPassword(forms.Form):

    email = forms.EmailField(label=_('New email'))

    def __init__(self, user, *args, **kwargs):

        self.user = user

        super(EmailChangeFormNoPassword, self).__init__(*args, **kwargs)

class EmailChangeForm(EmailChangeFormNoPassword):

    password = forms.CharField(label=_("Password"),

                               widget=forms.PasswordInput)

    def clean_email(self):

        email = self.cleaned_data['email']

        if email == self.user.email:

            raise forms.ValidationError(_('This is already your email address.'))

        return email

    def clean_password(self):

        password = self.cleaned_data["password"]

        if not self.user.check_password(password):

            raise forms.ValidationError(

                _('Incorrect password.'),

                code='password_incorrect',

            )

        return password

class NextUrlFormMixin(forms.Form):

    next_url = forms.CharField(widget=forms.HiddenInput(), required=False)

    def __init__(self, *args, **kwargs):

        from authentic2.middleware import StoreRequestMiddleware

        next_url = kwargs.pop('next_url', None)

        request = StoreRequestMiddleware.get_request()

        if not next_url and request:

            next_url = request.GET.get(REDIRECT_FIELD_NAME)

        super(NextUrlFormMixin, self).__init__(*args, **kwargs)

        if next_url:

            self.fields['next_url'].initial = next_url

class BaseUserForm(forms.ModelForm):

    error_messages = {

        'duplicate_username': _("A user with that username already exists."),

    }

    def __init__(self, *args, **kwargs):

        from authentic2 import models

        self.attributes = models.Attribute.objects.all()

        initial = kwargs.setdefault('initial', {})

        if kwargs.get('instance'):

            instance = kwargs['instance']

            for av in models.AttributeValue.objects.with_owner(instance):

                if av.attribute.name in self.declared_fields:

                    if av.verified:

                        self.declared_fields[av.attribute.name].widget.attrs['readonly'] = 'readonly'

                    initial[av.attribute.name] = av.to_python()

        super(BaseUserForm, self).__init__(*args, **kwargs)

    def clean(self):

        from authentic2 import models

        # make sure verified fields are not modified

        for av in models.AttributeValue.objects.with_owner(

                self.instance).filter(verified=True):

            self.cleaned_data[av.attribute.name] = av.to_python()

        super(BaseUserForm, self).clean()

    def save_attributes(self):

        # only save non verified attributes here

        verified_attributes = set(

            self.instance.attribute_values.filter(verified=True).values_list('attribute__name', flat=True)

        )

        for attribute in self.attributes:

            name = attribute.name

            if name in self.fields and name not in verified_attributes:

                value = self.cleaned_data[name]

                setattr(self.instance.attributes, name, value)

    def save(self, commit=True):

        result = super(BaseUserForm, self).save(commit=commit)

        if commit:

            self.save_attributes()

        else:

            old = self.save_m2m

            def save_m2m(*args, **kwargs):

                old(*args, **kwargs)

                self.save_attributes()

            self.save_m2m = save_m2m

        return result

class EditProfileForm(NextUrlFormMixin, BaseUserForm):

    pass

def modelform_factory(model, **kwargs):

    '''Build a modelform for the given model,

       For the user model also add attribute based fields.

    '''

    from authentic2 import models

    form = kwargs.pop('form', None)

    fields = kwargs.get('fields') or []

    required = list(kwargs.pop('required', []) or [])

    d = {}

    # KV attributes are only supported for the user model currently

    modelform = None

    if issubclass(model, get_user_model()):

        if not form:

            form = BaseUserForm

        attributes = models.Attribute.objects.all()

        for attribute in attributes:

            if attribute.name not in fields:

                continue

            d[attribute.name] = attribute.get_form_field()

        for field in app_settings.A2_REQUIRED_FIELDS:

            if field not in required:

                required.append(field)

    if not form or not hasattr(form, 'Meta'):

        meta_d = {'model': model, 'fields': '__all__'}

        meta = type('Meta', (), meta_d)

        d['Meta'] = meta

    if not form:  # fallback

        form = forms.ModelForm

    modelform = None

    if required:

        def __init__(self, *args, **kwargs):

            super(modelform, self).__init__(*args, **kwargs)

            for field in required:

                if field in self.fields:

                    self.fields[field].required = True

        d['__init__'] = __init__

    modelform = type(model.__name__ + 'ModelForm', (form,), d)

    kwargs['form'] = modelform

    modelform.required_css_class = 'form-field-required'

    return django_modelform_factory(model, **kwargs)

class AuthenticationForm(auth_forms.AuthenticationForm):

    password = PasswordField(label=_('Password'))

    remember_me = forms.BooleanField(

        initial=False,

        required=False,

        label=_('Remember me'),

        help_text=_('Do not ask for authentication next time'))

    ou = forms.ModelChoiceField(

        label=lazy_label(_('Organizational unit'), lambda: app_settings.A2_LOGIN_FORM_OU_SELECTOR_LABEL),

        required=True,

        queryset=OU.objects.all())

    def __init__(self, *args, **kwargs):

        super(AuthenticationForm, self).__init__(*args, **kwargs)

        self.exponential_backoff = ExponentialRetryTimeout(

            key_prefix='login-exp-backoff-',

            duration=app_settings.A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_DURATION,

            factor=app_settings.A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_FACTOR)

        if not app_settings.A2_USER_REMEMBER_ME:

            del self.fields['remember_me']

        if not app_settings.A2_LOGIN_FORM_OU_SELECTOR:

            del self.fields['ou']

        if self.request:

            self.remote_addr = self.request.META['REMOTE_ADDR']

        else:

            self.remote_addr = '0.0.0.0'

    def exp_backoff_keys(self):

        return self.cleaned_data['username'], self.remote_addr

    def clean(self):

        username = self.cleaned_data.get('username')

        password = self.cleaned_data.get('password')

        keys = None

        if username and password:

            keys = self.exp_backoff_keys()

            seconds_to_wait = self.exponential_backoff.seconds_to_wait(*keys)

            if seconds_to_wait > app_settings.A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_MIN_DURATION:

                seconds_to_wait -= app_settings.A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_MIN_DURATION

                msg = _('You made too many login errors recently, you must '

                        'wait <span class="js-seconds-until">%s</span> seconds '

                        'to try again.')

                msg = msg % int(math.ceil(seconds_to_wait))

                msg = html.mark_safe(msg)

                raise forms.ValidationError(msg)

        try:

            self.clean_authenticate()

        except Exception:

            if keys:

                self.exponential_backoff.failure(*keys)

            raise

        else:

            if keys:

                self.exponential_backoff.success(*keys)

        return self.cleaned_data

    def clean_authenticate(self):

        # copied from django.contrib.auth.forms.AuthenticationForm to add support for ou selector

        username = self.cleaned_data.get('username')

        password = self.cleaned_data.get('password')

        ou = self.cleaned_data.get('ou')

        if username is not None and password:

            self.user_cache = authenticate(username=username, password=password, ou=ou, request=self.request)

            if self.user_cache is None:

                raise forms.ValidationError(

                    self.error_messages['invalid_login'],

                    code='invalid_login',

                    params={'username': self.username_field.verbose_name},

                )

            else:

                self.confirm_login_allowed(self.user_cache)

        return self.cleaned_data

    @property

    def media(self):

        media = super(AuthenticationForm, self).media

        media.add_js(['authentic2/js/js_seconds_until.js'])

        if app_settings.A2_LOGIN_FORM_OU_SELECTOR:

            media.add_js(['authentic2/js/ou_selector.js'])

        return media

class SiteImportForm(forms.Form):

    site_json = forms.FileField(label=_('Site Export File'))

import copy

from collections import OrderedDict

from django.conf import settings

from django.forms import ModelForm, Form, CharField, PasswordInput, EmailField

from django.db.models.fields import FieldDoesNotExist

from django.forms.utils import ErrorList

from django.contrib.auth import forms as auth_forms, get_user_model, REDIRECT_FIELD_NAME

from django.core.mail import send_mail

from django.core import signing

from django.template import RequestContext

from django.template.loader import render_to_string

from django.core.urlresolvers import reverse

from django.core.validators import RegexValidator

from authentic2.forms.fields import PasswordField, NewPasswordField, CheckPasswordField

from .. import app_settings, compat, forms, utils, validators, models, middleware, hooks

class RegistrationCompletionFormNoPassword(forms.BaseUserForm):

                User = get_user_model()

                User = get_user_model()

class PasswordResetMixin(Form):

    '''Remove all password reset object for the current user when password is

       successfully changed.'''

    def save(self, commit=True):

        ret = super(PasswordResetMixin, self).save(commit=commit)

        if commit:

            models.PasswordReset.objects.filter(user=self.user).delete()

        else:

            old_save = self.user.save

            def save(*args, **kwargs):

                ret = old_save(*args, **kwargs)

                models.PasswordReset.objects.filter(user=self.user).delete()

                return ret

            self.user.save = save

        return ret

class NotifyOfPasswordChange(object):

    def save(self, commit=True):

        user = super(NotifyOfPasswordChange, self).save(commit=commit)

        if user.email:

            ctx = {

                'user': user,

                'password': self.cleaned_data['new_password1'],

            }

            utils.send_templated_mail(user, "authentic2/password_change", ctx)

        return user

class SetPasswordForm(NotifyOfPasswordChange, PasswordResetMixin, auth_forms.SetPasswordForm):

    new_password1 = NewPasswordField(label=_("New password"))

    new_password2 = CheckPasswordField(label=_("New password confirmation"))

    def clean_new_password1(self):

        new_password1 = self.cleaned_data.get('new_password1')

        if new_password1 and self.user.check_password(new_password1):

            raise ValidationError(_('New password must differ from old password'))

        return new_password1

class PasswordChangeForm(NotifyOfPasswordChange, forms.NextUrlFormMixin, PasswordResetMixin,

                         auth_forms.PasswordChangeForm):

    old_password = PasswordField(label=_('Old password'))

    new_password1 = NewPasswordField(label=_('New password'))

    new_password2 = CheckPasswordField(label=_("New password confirmation"))

    def clean_new_password1(self):

        new_password1 = self.cleaned_data.get('new_password1')

        old_password = self.cleaned_data.get('old_password')

        if new_password1 and new_password1 == old_password:

            raise ValidationError(_('New password must differ from old password'))

        return new_password1

# make old_password the first field

PasswordChangeForm.base_fields = OrderedDict(

    [(k, PasswordChangeForm.base_fields[k])

    for k in ['old_password', 'new_password1', 'new_password2']] +

    [(k, PasswordChangeForm.base_fields[k])

    for k in PasswordChangeForm.base_fields if k not in ['old_password', 'new_password1',

                                                         'new_password2']]

)

class DeleteAccountForm(Form):

    password = CharField(widget=PasswordInput, label=_("Password"))

    def __init__(self, *args, **kwargs):

        self.user = kwargs.pop('user')

        super(DeleteAccountForm, self).__init__(*args, **kwargs)

    def clean_password(self):

        password = self.cleaned_data.get('password')

        if password and not self.user.check_password(password):

            raise ValidationError(ugettext('Password is invalid'))

        return password

from authentic2.forms import BaseUserForm

from authentic2.forms import modelform_factory, SiteImportForm

from . import app_settings, utils

    form_class = SiteImportForm

from django.utils.safestring import mark_safe

import logging

from django import forms

from django.utils.translation import ugettext as _

from django.contrib.auth import get_user_model

from .backends import get_user_queryset

from .utils import send_password_reset_mail

from . import hooks, app_settings

logger = logging.getLogger(__name__)

class PasswordResetForm(forms.Form):

    next_url = forms.CharField(widget=forms.HiddenInput, required=False)

    email = forms.EmailField(

        label=_("Email"), max_length=254)

    def save(self):

        """

        Generates a one-use only link for resetting password and sends to the

        user.

        """

        email = self.cleaned_data["email"].strip()

        users = get_user_queryset()

        active_users = users.filter(email__iexact=email, is_active=True)

        for user in active_users:

            # we don't set the password to a random string, as some users should not have

            # a password

            set_random_password = (user.has_usable_password()

                                   and app_settings.A2_SET_RANDOM_PASSWORD_ON_RESET)

            send_password_reset_mail(user, set_random_password=set_random_password,

                                     next_url=self.cleaned_data.get('next_url'))

        if not active_users:

            logger.info(u'password reset requests for "%s", no user found')

        hooks.call_hooks('event', name='password-reset', email=email, users=active_users)

from django.conf.urls import url

from django.contrib.auth import views as auth_views, REDIRECT_FIELD_NAME

from django.contrib.auth.decorators import login_required

from django.core.urlresolvers import reverse

from django.http import HttpResponseRedirect

from django.contrib import messages

from django.utils.translation import ugettext as _

from django.views.decorators.debug import sensitive_post_parameters

from authentic2.utils import import_module_or_class, redirect, user_can_change_password

from . import app_settings, decorators, profile_views, hooks

from .views import (logged_in, edit_profile, email_change, email_change_verify, profile)

SET_PASSWORD_FORM_CLASS = import_module_or_class(

        app_settings.A2_REGISTRATION_SET_PASSWORD_FORM_CLASS)

CHANGE_PASSWORD_FORM_CLASS = import_module_or_class(

        app_settings.A2_REGISTRATION_CHANGE_PASSWORD_FORM_CLASS)

@sensitive_post_parameters()

@login_required

@decorators.setting_enabled('A2_REGISTRATION_CAN_CHANGE_PASSWORD')

def password_change_view(request, *args, **kwargs):

    post_change_redirect = kwargs.pop('post_change_redirect', None)

    if 'next_url' in request.POST and request.POST['next_url']:

        post_change_redirect = request.POST['next_url']

    elif REDIRECT_FIELD_NAME in request.GET:

        post_change_redirect = request.GET[REDIRECT_FIELD_NAME]

    elif post_change_redirect is None:

        post_change_redirect = reverse('account_management')

    if not user_can_change_password(request=request):

        messages.warning(request, _('Password change is forbidden'))

        return redirect(request, post_change_redirect)

    if 'cancel' in request.POST:

        return redirect(request, post_change_redirect)

    kwargs['post_change_redirect'] = post_change_redirect

    extra_context = kwargs.setdefault('extra_context', {})

    extra_context['view'] = password_change_view

    extra_context[REDIRECT_FIELD_NAME] = post_change_redirect

    if not request.user.has_usable_password():

        kwargs['password_change_form'] = SET_PASSWORD_FORM_CLASS

    response = auth_views.password_change(request, *args, **kwargs)

    if isinstance(response, HttpResponseRedirect):

        hooks.call_hooks('event', name='change-password', user=request.user, request=request)

        messages.info(request, _('Password changed'))

    return response

password_change_view.title = _('Password Change')

password_change_view.do_not_call_in_templates = True

urlpatterns = [

    url(r'^logged-in/$', logged_in, name='logged-in'),

    url(r'^edit/$', edit_profile, name='profile_edit'),

    url(r'^edit/(?P<scope>[-\w]+)/$', edit_profile, name='profile_edit_with_scope'),

    url(r'^change-email/$', email_change, name='email-change'),

    url(r'^change-email/verify/$', email_change_verify,

        name='email-change-verify'),

    url(r'^$', profile, name='account_management'),

    url(r'^password/change/$',

        password_change_view,

        {'password_change_form': CHANGE_PASSWORD_FORM_CLASS},

        name='password_change'),

    url(r'^password/change/done/$',

        auth_views.password_change_done,

        name='password_change_done'),

    # Password reset

    url(r'^password/reset/confirm/(?P<uidb64>[0-9A-Za-z_\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$',

        profile_views.password_reset_confirm,

        name='password_reset_confirm'),

    url(r'^password/reset/$',

        profile_views.password_reset,

        name='password_reset'),

    # Legacy 

    url(r'^password/change/$',

        password_change_view,

        {'password_change_form': CHANGE_PASSWORD_FORM_CLASS},

        name='auth_password_change'),

    url(r'^password/change/done/$',

        auth_views.password_change_done,

        name='auth_password_change_done'),

    url(r'^password/reset/confirm/(?P<uidb36>[0-9A-Za-z_\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$',

        auth_views.password_reset_confirm,

        {'set_password_form': SET_PASSWORD_FORM_CLASS},

        name='auth_password_reset_confirm'),

    url(r'^password/reset/$',

        auth_views.password_reset,

        name='auth_password_reset'),

    url(r'^password/reset/complete/$',

        auth_views.password_reset_complete,

        name='auth_password_reset_complete'),

    url(r'^password/reset/done/$',

        auth_views.password_reset_done,

        name='auth_password_reset_done'),

    url(r'^switch-back/$', profile_views.switch_back, name='a2-switch-back'),

]

import logging

from django.views.generic import FormView

from django.contrib import messages

from django.contrib.auth import get_user_model, REDIRECT_FIELD_NAME, authenticate

from django.http import Http404

from django.utils.translation import ugettext as _

from django.utils.http import urlsafe_base64_decode

from .compat import default_token_generator

from .registration_backend.forms import SetPasswordForm

from . import app_settings, cbv, profile_forms, utils, hooks

class PasswordResetView(cbv.NextURLViewMixin, FormView):

    '''Ask for an email and send a password reset link by mail'''

    form_class = profile_forms.PasswordResetForm

    title = _('Password Reset')

    def get_template_names(self):

        return [

            'authentic2/password_reset_form.html',

            'registration/password_reset_form.html',

        ]

    def get_form_kwargs(self, **kwargs):

        kwargs = super(PasswordResetView, self).get_form_kwargs(**kwargs)

        initial = kwargs.setdefault('initial', {})

        initial['next_url'] = self.request.GET.get(REDIRECT_FIELD_NAME, '')

        return kwargs

    def get_context_data(self, **kwargs):

        ctx = super(PasswordResetView, self).get_context_data(**kwargs)

        if app_settings.A2_USER_CAN_RESET_PASSWORD is False:

            raise Http404('Password reset is not allowed.')

        ctx['title'] = _('Password reset')

        return ctx

    def form_valid(self, form):

        form.save()

        # return to next URL

        messages.info(self.request, _('If your email address exists in our '

                                      'database, you will receive an email '

                                      'containing instructions to reset '

                                      'your password'))

        return super(PasswordResetView, self).form_valid(form)

password_reset = PasswordResetView.as_view()

class PasswordResetConfirmView(cbv.RedirectToNextURLViewMixin, FormView):

    '''Validate password reset link, show a set password form and login

       the user.

    '''

    form_class = SetPasswordForm

    title = _('Password Reset')

    def get_template_names(self):

        return [

            'registration/password_reset_confirm.html',

            'authentic2/password_reset_confirm.html',

        ]

    def dispatch(self, request, *args, **kwargs):

        validlink = True

        uidb64 = kwargs['uidb64']

        self.token = token = kwargs['token']

        UserModel = get_user_model()

        # checked by URLconf

        assert uidb64 is not None and token is not None

        try:

            uid = urlsafe_base64_decode(uidb64)

            # use authenticate to eventually get an LDAPUser

            self.user = authenticate(user=UserModel._default_manager.get(pk=uid))

        except (TypeError, ValueError, OverflowError,

                UserModel.DoesNotExist):

            validlink = False

            messages.warning(request, _('User not found'))

        if validlink and not default_token_generator.check_token(self.user, token):

            validlink = False

            messages.warning(request, _('You reset password link is invalid '

                                        'or has expired'))

        if not validlink:

            return utils.redirect(request, self.get_success_url())

        can_reset_password = utils.get_user_flag(user=self.user,

                                                 name='can_reset_password',

                                                 default=self.user.has_usable_password())

        if not can_reset_password:

            messages.warning(request, _('It\'s not possible to reset your password. Please '

                                        'contact an administrator.'))

            return utils.redirect(request, self.get_success_url())

        return super(PasswordResetConfirmView, self).dispatch(request, *args,

                                                              **kwargs)

    def get_context_data(self, **kwargs):

        ctx = super(PasswordResetConfirmView, self).get_context_data(**kwargs)

        # compatibility with existing templates !

        ctx['title'] = _('Enter new password')

        ctx['validlink'] = True

        return ctx

    def get_form_kwargs(self):

        kwargs = super(PasswordResetConfirmView, self).get_form_kwargs()

        kwargs['user'] = self.user

        return kwargs

    def form_valid(self, form):

        # Changing password by mail validate the email

        form.user.email_verified = True

        form.save()

        hooks.call_hooks('event', name='password-reset-confirm', user=form.user, token=self.token,

                         form=form)

        logging.getLogger(__name__).info(u'user %s resetted its password with '

                                         'token %r...', self.user,

                                         self.token[:9])

        return self.finish()

    def finish(self):

        return utils.simulate_authentication(self.request, self.user, 'email')

password_reset_confirm = PasswordResetConfirmView.as_view()

def switch_back(request):

    return utils.switch_back(request)

from django.conf.urls import url

from django.views.generic.base import TemplateView

from django.contrib.auth.decorators import login_required

from .views import RegistrationView, registration_completion, DeleteView, registration_complete

urlpatterns = [

    url(r'^activate/(?P<registration_token>[\w: -]+)/$',

        registration_completion, name='registration_activate'),

    url(r'^register/$',

        RegistrationView.as_view(),

        name='registration_register'),

    url(r'^register/complete/$',

        registration_complete,

        name='registration_complete'),

    url(r'^register/closed/$',

        TemplateView.as_view(template_name='registration/registration_closed.html'),

        name='registration_disallowed'),

    url(r'^delete/$',

        login_required(DeleteView.as_view()),

        name='delete_account'),

]

import collections

import logging

import random

from django.conf import settings

from django.shortcuts import get_object_or_404

from django.utils.translation import ugettext as _

from django.utils.http import urlquote

from django.contrib import messages

from django.contrib.auth import REDIRECT_FIELD_NAME

from django.core import signing

from django.views.generic.base import TemplateView

from django.views.generic.edit import FormView, CreateView

from django.contrib.auth import get_user_model

from django.forms import CharField, Form

from django.core.urlresolvers import reverse_lazy

from django.http import Http404, HttpResponseBadRequest

from authentic2.utils import (import_module_or_class, redirect, make_url, get_fields_and_labels,

                              simulate_authentication)

from authentic2.a2_rbac.utils import get_default_ou

from authentic2 import hooks

from django_rbac.utils import get_ou_model

from .. import models, app_settings, compat, cbv, forms, validators, utils, constants

from .forms import RegistrationCompletionForm, DeleteAccountForm

from .forms import RegistrationCompletionFormNoPassword

from authentic2.a2_rbac.models import OrganizationalUnit

logger = logging.getLogger(__name__)

User = compat.get_user_model()

def valid_token(method):

    def f(request, *args, **kwargs):

        try:

            request.token = signing.loads(kwargs['registration_token'].replace(' ', ''),

                                          max_age=settings.ACCOUNT_ACTIVATION_DAYS * 3600 * 24)

        except signing.SignatureExpired:

            messages.warning(request, _('Your activation key is expired'))

            return redirect(request, 'registration_register')

        except signing.BadSignature:

            messages.warning(request, _('Activation failed'))

            return redirect(request, 'registration_register')

        return method(request, *args, **kwargs)

    return f

class BaseRegistrationView(FormView):

    form_class = import_module_or_class(app_settings.A2_REGISTRATION_FORM_CLASS)

    template_name = 'registration/registration_form.html'

    title = _('Registration')

    def dispatch(self, request, *args, **kwargs):

        if not getattr(settings, 'REGISTRATION_OPEN', True):

            raise Http404('Registration is not open.')

        self.token = {}

        self.ou = get_default_ou()

        # load pre-filled values

        if request.GET.get('token'):

            try:

                self.token = signing.loads(

                    request.GET.get('token'),

                    max_age=settings.ACCOUNT_ACTIVATION_DAYS * 3600 * 24)

            except (TypeError, ValueError, signing.BadSignature) as e:

                logger.warning(u'registration_view: invalid token: %s', e)

                return HttpResponseBadRequest('invalid token', content_type='text/plain')

            if 'ou' in self.token:

                self.ou = OrganizationalUnit.objects.get(pk=self.token['ou'])

        self.next_url = self.token.pop(REDIRECT_FIELD_NAME, utils.select_next_url(request, None))

        return super(BaseRegistrationView, self).dispatch(request, *args, **kwargs)

    def form_valid(self, form):

        email = form.cleaned_data.pop('email')

        for field in form.cleaned_data:

            self.token[field] = form.cleaned_data[field]

        # propagate service to the registration completion view

        if constants.SERVICE_FIELD_NAME in self.request.GET:

            self.token[constants.SERVICE_FIELD_NAME] = \

                self.request.GET[constants.SERVICE_FIELD_NAME]

        self.token.pop(REDIRECT_FIELD_NAME, None)

        self.token.pop('email', None)

        utils.send_registration_mail(self.request, email, next_url=self.next_url,

                                     ou=self.ou, **self.token)

        self.request.session['registered_email'] = email

        return redirect(self.request, 'registration_complete', params={REDIRECT_FIELD_NAME: self.next_url})

    def get_context_data(self, **kwargs):

        context = super(BaseRegistrationView, self).get_context_data(**kwargs)

        parameters = {'request': self.request,

                      'context': context}

        blocks = [utils.get_authenticator_method(authenticator, 'registration', parameters)

                  for authenticator in utils.get_backends('AUTH_FRONTENDS')]

        context['frontends'] = collections.OrderedDict((block['id'], block)

                                                       for block in blocks if block)

        return context

class RegistrationView(cbv.ValidateCSRFMixin, BaseRegistrationView):

    pass

class RegistrationCompletionView(CreateView):

    model = get_user_model()

    success_url = 'auth_homepage'

    def get_template_names(self):

        if self.users and not 'create' in self.request.GET:

            return ['registration/registration_completion_choose.html']

        else:

            return ['registration/registration_completion_form.html']

    def get_success_url(self):

        try:

            redirect_url, next_field = app_settings.A2_REGISTRATION_REDIRECT

        except Exception:

            redirect_url = app_settings.A2_REGISTRATION_REDIRECT

            next_field = REDIRECT_FIELD_NAME

        if self.token and self.token.get(REDIRECT_FIELD_NAME):

            url = self.token[REDIRECT_FIELD_NAME]

            if redirect_url:

                url = make_url(redirect_url, params={next_field: url})

        else:

            if redirect_url:

                url = redirect_url

            else:

                url = make_url(self.success_url)

        return url

    def dispatch(self, request, *args, **kwargs):

        self.token = request.token

        self.authentication_method = self.token.get('authentication_method', 'email')

        self.email = request.token['email']

        if 'ou' in self.token:

            self.ou = OrganizationalUnit.objects.get(pk=self.token['ou'])

        else:

            self.ou = get_default_ou()

        self.users = User.objects.filter(email__iexact=self.email) \

            .order_by('date_joined')

        if self.ou:

            self.users = self.users.filter(ou=self.ou)

        self.email_is_unique = app_settings.A2_EMAIL_IS_UNIQUE \

            or app_settings.A2_REGISTRATION_EMAIL_IS_UNIQUE

        if self.ou:

            self.email_is_unique |= self.ou.email_is_unique

        self.init_fields_labels_and_help_texts()

        # if registration is done during an SSO add the service to the registration event

        self.service = self.token.get(constants.SERVICE_FIELD_NAME)

        return super(RegistrationCompletionView, self) \

            .dispatch(request, *args, **kwargs)

    def init_fields_labels_and_help_texts(self):

        attributes = models.Attribute.objects.filter(

            asked_on_registration=True)

        default_fields = attributes.values_list('name', flat=True)

        required_fields = models.Attribute.objects.filter(required=True) \

            .values_list('name', flat=True)

        fields, labels = get_fields_and_labels(

            app_settings.A2_REGISTRATION_FIELDS,

            default_fields,

            app_settings.A2_REGISTRATION_REQUIRED_FIELDS,

            app_settings.A2_REQUIRED_FIELDS,

            models.Attribute.objects.filter(required=True).values_list('name', flat=True))

        help_texts = {}

        if app_settings.A2_REGISTRATION_FORM_USERNAME_LABEL:

            labels['username'] = app_settings.A2_REGISTRATION_FORM_USERNAME_LABEL

        if app_settings.A2_REGISTRATION_FORM_USERNAME_HELP_TEXT:

            help_texts['username'] = \

                app_settings.A2_REGISTRATION_FORM_USERNAME_HELP_TEXT

        required = list(app_settings.A2_REGISTRATION_REQUIRED_FIELDS) + \

            list(required_fields)

        if 'email' in fields:

            fields.remove('email')

        for field in self.token.get('skip_fields') or []:

            if field in fields:

                fields.remove(field)

        self.fields = fields

        self.labels = labels

        self.required = required

        self.help_texts = help_texts

    def get_form_class(self):

        if not self.token.get('valid_email', True):

            self.fields.append('email')

            self.required.append('email')

        form_class = RegistrationCompletionForm

        if self.token.get('no_password', False):

            form_class = RegistrationCompletionFormNoPassword

        form_class = forms.modelform_factory(self.model,

                                             form=form_class,

                                             fields=self.fields,

                                             labels=self.labels,

                                             required=self.required,

                                             help_texts=self.help_texts)

        if 'username' in self.fields and app_settings.A2_REGISTRATION_FORM_USERNAME_REGEX:

            # Keep existing field label and help_text

            old_field = form_class.base_fields['username']

            field = CharField(

                max_length=256,

                label=old_field.label,

                help_text=old_field.help_text,

                validators=[validators.UsernameValidator()])

            form_class = type('RegistrationForm', (form_class,), {'username': field})

        return form_class

    def get_form_kwargs(self, **kwargs):

        '''Initialize mail from token'''

        kwargs = super(RegistrationCompletionView, self).get_form_kwargs(**kwargs)

        if 'ou' in self.token:

            OU = get_ou_model()

            ou = get_object_or_404(OU, id=self.token['ou'])

        else:

            ou = get_default_ou()