Unvalidate e-mail when the user changes it, but the user still active

2020-04-05 04:37:29 +02:00 · 2020-04-05 04:37:29 +02:00 · 0f77b9df9a
parent 26281af673
commit 0f77b9df9a
3 changed files with 36 additions and 18 deletions
--- a/apps/member/models.py
+++ b/apps/member/models.py
@ -7,8 +7,13 @@ from django.conf import settings
 from django.contrib.auth.models import User
 from django.core.exceptions import ValidationError
 from django.db import models
+from django.template import loader
 from django.urls import reverse, reverse_lazy
+from django.utils.encoding import force_bytes
+from django.utils.http import urlsafe_base64_encode
 from django.utils.translation import gettext_lazy as _
+
+from member.tokens import account_activation_token
 from note.models import MembershipTransaction


@ -62,6 +67,19 @@ class Profile(models.Model):
    def get_absolute_url(self):
        return reverse('user_detail', args=(self.pk,))

+    def send_email_validation_link(self):
+        subject = "Activate your Note Kfet account"
+        message = loader.render_to_string('registration/account_activation_email.html',
+                                          {
+                                              'user': self.user,
+                                              'domain': "nk20.ynerant.fr",
+                                              'site_name': "La Note Kfet",
+                                              'protocol': 'https',
+                                              'token': account_activation_token.make_token(self.user),
+                                              'uid': urlsafe_base64_encode(force_bytes(self.user.pk)).decode('UTF-8'),
+                                          })
+        self.user.email_user(subject, message)
+

 class Club(models.Model):
    """
--- a/apps/member/views.py
+++ b/apps/member/views.py
@ -9,16 +9,13 @@ from django.conf import settings
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.contrib.auth.models import User
 from django.contrib.auth.views import LoginView
-from django.contrib.sites.shortcuts import get_current_site
 from django.core.exceptions import ValidationError
 from django.db.models import Q
 from django.forms import HiddenInput
 from django.shortcuts import redirect, resolve_url
-from django.template import loader
 from django.urls import reverse_lazy
 from django.utils.decorators import method_decorator
-from django.utils.encoding import force_bytes
-from django.utils.http import urlsafe_base64_decode, urlsafe_base64_encode
+from django.utils.http import urlsafe_base64_decode
 from django.utils.translation import gettext_lazy as _
 from django.views.decorators.csrf import csrf_protect
 from django.views.generic import CreateView, DetailView, UpdateView, TemplateView
@ -49,11 +46,11 @@ class CustomLoginView(LoginView):

 class UserCreateView(CreateView):
    """
-    Une vue pour inscrire un utilisateur et lui créer un profile
+    Une vue pour inscrire un utilisateur et lui créer un profil
    """

    form_class = SignUpForm
-    success_url = reverse_lazy('login')
+    success_url = reverse_lazy('member:login')
    template_name = 'member/signup.html'
    second_form = ProfileForm

@ -77,18 +74,9 @@ class UserCreateView(CreateView):
        user.profile = profile_form.save(commit=False)
        user.save()
        user.profile.save()
-        site = get_current_site(self.request)
-        subject = "Activate your {} account".format(site.name)
-        message = loader.render_to_string('registration/account_activation_email.html',
-                                          {
-                                              'user': user,
-                                              'domain': site.domain,
-                                              'site_name': "La Note Kfet",
-                                              'protocol': 'https',
-                                              'token': account_activation_token.make_token(user),
-                                              'uid': urlsafe_base64_encode(force_bytes(user.pk)).decode('UTF-8'),
-                                          })
-        user.email_user(subject, message)
+
+        user.profile.send_email_validation_link()
+
        return super().form_valid(form)


@ -195,11 +183,18 @@ class UserUpdateView(ProtectQuerysetMixin, LoginRequiredMixin, UpdateView):
                if similar.exists():
                    similar.delete()

+            olduser = User.objects.get(pk=form.instance.pk)
+
            user = form.save(commit=False)
            profile = profile_form.save(commit=False)
            profile.user = user
            profile.save()
            user.save()
+
+            if olduser.email != user.email:
+                user.profile.email_confirmed = False
+                user.profile.send_email_validation_link()
+
        return super().form_valid(form)

    def get_success_url(self, **kwargs):
--- a/templates/base.html
+++ b/templates/base.html
@ -138,6 +138,11 @@ SPDX-License-Identifier: GPL-3.0-or-later
        </div>
    </nav>
    <div class="container-fluid my-3" style="max-width: 1600px;">
+        {% if not user.profile.email_confirmed %}
+            <div class="alert alert-warning">
+                {% trans "Your e-mail address is not validated. Please check your mail inbox and click on the validation link." %}
+            </div>
+        {% endif %}
        {% block contenttitle %}<h1>{{ title }}</h1>{% endblock %}
        <div id="messages"></div>
        {% block content %}