If a user goes to Edit Profile and changes their email address,
deactivate their account temporarily and make them go through the
registration process to confirm that the new email address is in fact
valid and theirs.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Borrow the formatting from some of our other forms which looks much
nicer (and shows field errors properly).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
What we had before was a little bit terse, so add some reasonable text.
Also mention in the confirmation page that sending an email is
predicated on there actually being an account matching the specified
email address (and we deliberately don't specify whether there is or
not, in order to prevent user enumeration).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Use Django's built-in password validators with reasonable settings, and
add a basic complexity validator since there isn't one provided.
Additionally, fix the registration form so that it shows the help text
which includes a description of what the password requirements are.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Extend and override the default views so we can extend and override the
default forms to add a CAPTCHA field. This should prevent the automated
account creation requests we've been seeing on layers.openembedded.org
(luckily failing anyway due to bad domain names), but in any case this
also improves security by making it harder to do user enumeration.
For the registration page in particular, because Django's forms logic
tries to be helpful by showing all errors at once, we need to change it
so that if there's an error for the CAPTCHA then you only see that error
and no other - in particular you won't see "that username already
exists" if that is the case.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Use a more modern version of Bootstrap and take the opportunity to
upgrade jQuery to the latest version at the same time. This provides
better browser compatibility, moves to MIT license, allows us to make
the site more responsive for different devices in future, and provides
theming capabilities for custom installs among other improvements.
(I chose to upgrade to v3 for now rather than straight to v4 as it was
easier to do this gradually.)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
* Newer django-registration doesn't need the workaround URLs
* We need to rename password_reset_email.html to .txt
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Part of this change is temporary for django-registration 1.0; later
versions probably won't require the workaround URLs.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
I'd like to be upgrading to 1.8 but that causes problems with South, and
we're not quite ready to dispense with our existing migrations yet.
Part of the implementation for [YOCTO #9620].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
When clicking on an activation link, after verification,
the registration application tries to show
the activation_complete page. The template was missing,
so I added a basic skeleton.
Signed-off-by: Alexandru DAMIAN <alexandru.damian@intel.com>
Modified the email body to break the blocktrans
into two separate blocks, and not include the
url block inside the blocktrans block.
Signed-off-by: Alexandru DAMIAN <alexandru.damian@intel.com>
