diff options
Diffstat (limited to 'okupy')
-rw-r--r-- | okupy/accounts/models.py | 5 | ||||
-rw-r--r-- | okupy/accounts/views.py | 11 | ||||
-rw-r--r-- | okupy/tests/fixtures/queued_account.json | 3 | ||||
-rw-r--r-- | okupy/tests/integration/signup.py | 4 |
4 files changed, 10 insertions, 13 deletions
diff --git a/okupy/accounts/models.py b/okupy/accounts/models.py index fe1c44b..b9e8fb2 100644 --- a/okupy/accounts/models.py +++ b/okupy/accounts/models.py @@ -6,14 +6,15 @@ from ldapdb.models.fields import (CharField, IntegerField, ListField, FloatField, ACLField, DateField) import ldapdb.models +from ..common.models import EncryptedPKModel -class Queue(models.Model): + +class Queue(EncryptedPKModel): username = models.CharField(max_length=100, unique=True) password = models.CharField(max_length=30) first_name = models.CharField(max_length=100) last_name = models.CharField(max_length=100) email = models.EmailField(max_length=254, unique=True) - token = models.CharField(max_length=40) class LDAPUser(ldapdb.models.Model): diff --git a/okupy/accounts/views.py b/okupy/accounts/views.py index 2b1b240..41bd04c 100644 --- a/okupy/accounts/views.py +++ b/okupy/accounts/views.py @@ -184,7 +184,6 @@ def signup(request): last_name=signup_form.cleaned_data['last_name'], email=signup_form.cleaned_data['email'], password=signup_form.cleaned_data['password_origin'], - token=random_string(40), ) try: queued_user.save() @@ -197,7 +196,7 @@ def signup(request): send_mail( '%sAccount Activation' % settings.EMAIL_SUBJECT_PREFIX, 'To confirm your email address, please click the \ - following link:\n%s' % queued_user.token, + following link:\n%s' % queued_user.encrypted_id, '%s' % settings.SERVER_EMAIL, [signup_form.cleaned_data['email']] ) @@ -216,14 +215,12 @@ def signup(request): def activate(request, token): """ The page that users get to activate their accounts - It is in the form /activate/$TOKEN where the token is a 40 char string + It is in the form /activate/$TOKEN """ try: - if len(token) != 40: - raise OkupyError('Invalid URL') try: - queued_user = Queue.objects.get(token=token) - except Queue.DoesNotExist: + queued_user = Queue.objects.get(encrypted_id=token) + except (Queue.DoesNotExist, OverflowError, TypeError, ValueError): raise OkupyError('Invalid URL') except Exception as error: logger.critical(error, extra=log_extra_data(request)) diff --git a/okupy/tests/fixtures/queued_account.json b/okupy/tests/fixtures/queued_account.json index 90519de..40b52bf 100644 --- a/okupy/tests/fixtures/queued_account.json +++ b/okupy/tests/fixtures/queued_account.json @@ -7,8 +7,7 @@ "first_name": "queued_first_name", "last_name": "queued_last_name", "password": "queuedpass", - "email": "queueduser@test.com", - "token": "0123456789012345678901234567890123456789" + "email": "queueduser@test.com" } } ] diff --git a/okupy/tests/integration/signup.py b/okupy/tests/integration/signup.py index 79c3cac..69dc789 100644 --- a/okupy/tests/integration/signup.py +++ b/okupy/tests/integration/signup.py @@ -76,7 +76,7 @@ class SignupTestsOneAccountInQueue(OkupyTestCase): def setUp(self): self.client = Client() self.queued_account = Queue.objects.get(pk=1) - self.activate_url = '/activate/%s/' % self.queued_account.token + self.activate_url = '/activate/%s/' % self.queued_account.encrypted_id self.mockldap.start() self.ldapobject = self.mockldap[settings.AUTH_LDAP_SERVER_URI] @@ -166,7 +166,7 @@ class SignupTestsOneAccountInQueue(OkupyTestCase): self.assertEqual(queued_account.last_name, self.form_data['last_name']) self.assertEqual(queued_account.email, self.form_data['email']) self.assertEqual(queued_account.password, self.form_data['password_origin']) - self.assertRegexpMatches(queued_account.token, '^[a-zA-Z0-9]{40}$') + self.assertRegexpMatches(queued_account.encrypted_id, '^[a-f0-9]{32}$') @mock.patch("django.db.backends.util.CursorWrapper", cursor_wrapper) def test_signup_no_database(self): |