From e7e43ce03b3cc3541cca1f7825a57e41bd18ec50 Mon Sep 17 00:00:00 2001
From: Paul Eggleton <paul.eggleton@linux.intel.com>
Date: Thu, 25 Oct 2018 15:12:33 +1300
Subject: [PATCH] Require re-registration if user changes email address

If a user goes to Edit Profile and changes their email address,
deactivate their account temporarily and make them go through the
registration process to confirm that the new email address is in fact
valid and theirs.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
---
 layerindex/views.py                    | 19 +++++++++++++++++++
 templates/registration/reregister.html |  6 ++++++
 urls.py                                |  5 ++++-
 3 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 templates/registration/reregister.html

diff --git a/layerindex/views.py b/layerindex/views.py
index c54e22b..143cfd7 100644
--- a/layerindex/views.py
+++ b/layerindex/views.py
@@ -28,6 +28,7 @@ from django.db.models.query import QuerySet
 from django.template.loader import get_template
 from django.utils.decorators import method_decorator
 from django.contrib.auth.decorators import login_required
+from django.contrib.auth import logout
 from django.contrib import messages
 from django import forms
 from django.utils.html import escape
@@ -41,6 +42,7 @@ import settings
 from django.dispatch import receiver
 import reversion
 from django.db.models.signals import pre_save
+from registration.models import RegistrationProfile
 
 def edit_layernote_view(request, template_name, slug, pk=None):
     layeritem = get_object_or_404(LayerItem, name=slug)
@@ -847,6 +849,23 @@ class EditProfileFormView(SuccessMessageMixin, UpdateView):
     def get_object(self, queryset=None):
         return self.user
 
+    def form_valid(self, form):
+        self.object = form.save()
+        if 'email' in form.changed_data:
+            # Take a copy of request.user as it is about to be invalidated by logout()
+            user = self.request.user
+            logout(self.request)
+            # Deactivate user and put through registration again
+            user.is_active = False
+            user.save()
+            site = Site.objects.get_current()
+            RegistrationProfile.objects.filter(user=user).delete()
+            registration_profile = RegistrationProfile.objects.create_profile(user)
+            registration_profile.send_activation_email(site)
+            return HttpResponseRedirect(reverse('reregister'))
+
+        return HttpResponseRedirect(self.get_success_url())
+
     def get_success_message(self, cleaned_data):
         return "Profile saved successfully"
 
diff --git a/templates/registration/reregister.html b/templates/registration/reregister.html
new file mode 100644
index 0000000..33c4bfb
--- /dev/null
+++ b/templates/registration/reregister.html
@@ -0,0 +1,6 @@
+{% extends "base.html" %}
+{% load i18n %}
+
+{% block content %}
+<p>{% trans "As you have changed the email address for your account, you will now be required to re-register. An email has been sent with instructions on how to re-activate your account." %}</p>
+{% endblock %}
diff --git a/urls.py b/urls.py
index 307ef1d..dcf9a83 100644
--- a/urls.py
+++ b/urls.py
@@ -7,7 +7,7 @@
 
 from django.conf.urls import include, url
 from django.core.urlresolvers import reverse_lazy
-from django.views.generic import RedirectView
+from django.views.generic import RedirectView, TemplateView
 from layerindex.auth_views import CaptchaRegistrationView, CaptchaPasswordResetView, delete_account_view
 
 from django.contrib import admin
@@ -28,6 +28,9 @@ urlpatterns = [
     url(r'^accounts/delete/$', delete_account_view,
         {'template_name': 'layerindex/deleteaccount.html'},
         name='delete_account'),
+    url(r'^accounts/reregister/$', TemplateView.as_view(
+        template_name='registration/reregister.html'),
+        name='reregister'),
     url(r'^accounts/', include('registration.backends.default.urls')),
     url(r'^captcha/', include('captcha.urls')),
 ]