Require re-registration if user changes email address

If a user goes to Edit Profile and changes their email address, deactivate their account temporarily and make them go through the registration process to confirm that the new email address is in fact valid and theirs. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
2025-07-19 20:59:01 +02:00 · 2018-10-25 15:12:33 +13:00 · 2018-10-25 15:12:33 +13:00 · e7e43ce03b
commit e7e43ce03b
parent 54c9ac8e43
3 changed files with 29 additions and 1 deletions
--- a/layerindex/views.py
+++ b/layerindex/views.py
@ -28,6 +28,7 @@ from django.db.models.query import QuerySet
 from django.template.loader import get_template
 from django.utils.decorators import method_decorator
 from django.contrib.auth.decorators import login_required
+from django.contrib.auth import logout
 from django.contrib import messages
 from django import forms
 from django.utils.html import escape
@ -41,6 +42,7 @@ import settings
 from django.dispatch import receiver
 import reversion
 from django.db.models.signals import pre_save
+from registration.models import RegistrationProfile

 def edit_layernote_view(request, template_name, slug, pk=None):
    layeritem = get_object_or_404(LayerItem, name=slug)
@ -847,6 +849,23 @@ class EditProfileFormView(SuccessMessageMixin, UpdateView):
    def get_object(self, queryset=None):
        return self.user

+    def form_valid(self, form):
+        self.object = form.save()
+        if 'email' in form.changed_data:
+            # Take a copy of request.user as it is about to be invalidated by logout()
+            user = self.request.user
+            logout(self.request)
+            # Deactivate user and put through registration again
+            user.is_active = False
+            user.save()
+            site = Site.objects.get_current()
+            RegistrationProfile.objects.filter(user=user).delete()
+            registration_profile = RegistrationProfile.objects.create_profile(user)
+            registration_profile.send_activation_email(site)
+            return HttpResponseRedirect(reverse('reregister'))
+
+        return HttpResponseRedirect(self.get_success_url())
+
    def get_success_message(self, cleaned_data):
        return "Profile saved successfully"

--- a/templates/registration/reregister.html
+++ b/templates/registration/reregister.html
@ -0,0 +1,6 @@
+{% extends "base.html" %}
+{% load i18n %}
+
+{% block content %}
+<p>{% trans "As you have changed the email address for your account, you will now be required to re-register. An email has been sent with instructions on how to re-activate your account." %}</p>
+{% endblock %}
--- a/urls.py
+++ b/urls.py
@ -7,7 +7,7 @@

 from django.conf.urls import include, url
 from django.core.urlresolvers import reverse_lazy
-from django.views.generic import RedirectView
+from django.views.generic import RedirectView, TemplateView
 from layerindex.auth_views import CaptchaRegistrationView, CaptchaPasswordResetView, delete_account_view

 from django.contrib import admin
@ -28,6 +28,9 @@ urlpatterns = [
    url(r'^accounts/delete/$', delete_account_view,
        {'template_name': 'layerindex/deleteaccount.html'},
        name='delete_account'),
+    url(r'^accounts/reregister/$', TemplateView.as_view(
+        template_name='registration/reregister.html'),
+        name='reregister'),
    url(r'^accounts/', include('registration.backends.default.urls')),
    url(r'^captcha/', include('captcha.urls')),
 ]