feat(user): Adds logic to handle authentication. #258
Conversation
ERosendo
changed the title
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
Tests are failing and this is marked as a draft, but you're doing other work. Should I take a deeper look here or wait? |
This commit adds a dropdown menu with the profile and the logout button to the header template
This commit adds a receiver method to add the activation key and tweak the email_confirmed field to super user records
ERosendo
force-pushed
the
feat-handle-user-authentication
branch
from
81e6b6e
to
cb1cc69
Compare
ERosendo
force-pushed
the
feat-handle-user-authentication
branch
from
562a9bd
to
404a321
Compare
|
Oh, one other thing. All of our account-related views need to avoid the CDN, right? Or at least some of them do? |
ERosendo
force-pushed
the
feat-handle-user-authentication
branch
from
176cb13
to
906a1d1
Compare
This commit introduces the following changes: - Removes the crypto module. - Removes the activation_key and the key_expires field from the User model. - Adds a new method in the User class get the signed pk. - Initialize a TimestampSigner object as a class attribute of the Users class. - Updates the superuser_creation signal to remove the old fields of the user model. - Tweak the register, request email confirmation and email confirmation views. - Tweak the URL pattern that matches the email confirmation view.
This commit updates the script_src and the default_src directives to add hcaptcha as a valid source.
|
Thanks for your comments. I've applied all your suggestions. I tweaked the registration page to use hcaptcha and also added a new ratelimit decorator to create a global counter to limit the OTOH, I reviewed the new account views and noticed the only one that needs to avoid the CDN is the Successful Registration page but that one should work fine because it uses the query string to get the data that renders on the page and we tweaked the cache policy to forward the query strings to the origin ( we did this to fix the add-a-case form). Let me know what you think. |
|
This is merged. Will you please create an issue in CL to update the way it does email verification URLs? Maybe put some notes or links to this in there so we can just do this same code over there? |
This PR fixes #202 and also closes #203.
This PR adds a dropdown menu next to the Donate button in the header. This dropdown menu has a button to
sign outand a link to the profile page.Here's a screenshot of the new dropdown menu:
This PR also introduces the views and templates to register, reset the password and request the email confirmation link.
Here are screenshots of the new pages:
Signed out page:
Register form:
Successful Registration
Successful Email Confirmation
Invalid confirmation link
Expired confirmation link
Reset Your Password
