WIP bans in frontend

misago/core/templatetags/misago_stringutils.py

@@ -0,0 +1,10 @@
+import bleach
+from django import template
+
+
+register = template.Library()
+
+
+@register.filter(name='linkify', is_safe=True)
+def linkify(string):
+    return bleach.linkify(string)

misago/templates/misago/errorpages/403.html

@@ -1,5 +1,5 @@
 {% extends "misago/base.html" %}
-{% load i18n %}
+{% load i18n misago_stringutils %}
 
 
 {% block title %}{% trans "Page not available" %} | {{ block.super }}{% endblock %}
@@ -17,11 +17,10 @@
       <span class="fa fa-ban"></span>
     </div>
 
-    <h1>{% trans "Requested page is not available." %}</h1>
     {% if message %}
-    <p>{{ message }}</p>
+    <h1>{{ message|linebreaksbr|linkify }}</h1>
     {% else %}
-    <p>{% trans "You don't have permission to access this page." %}</p>
+    <h1>{% trans "You don't have permission to access this page." %}</h1>
     {% endif %}
 
   </div>

misago/templates/misago/navbar.html

@@ -65,7 +65,7 @@
       {% else %}
       <div class="navbar-nav-guest navbar-right">
         <a href="{% url LOGIN_URL %}" class="btn btn-sign-in navbar-btn">{% trans "Sign in" %}</a>
-        <a href="#" class="btn btn-register navbar-btn">{% trans "Register" %}</a>
+        <a href="{% url 'misago:register' %}" class="btn btn-register navbar-btn">{% trans "Register" %}</a>
       </div>
       {% endif %}
     </div><!-- /.navbar-collapse -->

misago/users/bans.py

@@ -0,0 +1,81 @@
+from datetime import datetime
+
+from django.utils import timezone
+from misago.core import cachebuster
+
+from misago.users.models import Ban
+
+
+"""
+Utils for checking bans
+"""
+BAN_CACHE_SESSION_KEY = 'misago_ip_check'
+BAN_VERSION_KEY = 'misago_bans'
+
+
+def is_user_banned(user):
+    pass
+
+
+def is_ip_banned(request):
+    session_ban_cache = _get_session_bancache(request)
+    if session_ban_cache:
+        if session_ban_cache['is_banned']:
+            return session_ban_cache
+        else:
+            return False
+
+    found_ban = Ban.objects.find_ban(ip=request._misago_real_ip)
+
+    ban_cache = request.session[BAN_CACHE_SESSION_KEY] = {
+        'version': cachebuster.get_version(BAN_VERSION_KEY),
+        'ip': request._misago_real_ip,
+    }
+
+    if found_ban:
+        if found_ban.valid_until:
+            valid_until_as_string = found_ban.valid_until.strftime('%Y-%m-%d')
+            ban_cache['valid_until'] = valid_until_as_string
+        else:
+            ban_cache['valid_until'] = None
+
+        ban_cache.update({
+                'is_banned': True,
+                'message': found_ban.user_message
+            })
+        request.session[BAN_CACHE_SESSION_KEY] = ban_cache
+        return _hydrate_session_cache(request.session[BAN_CACHE_SESSION_KEY])
+    else:
+        ban_cache['is_banned'] = False
+        request.session[BAN_CACHE_SESSION_KEY] = ban_cache
+        return False
+
+
+def _get_session_bancache(request):
+    try:
+        ban_cache = request.session[BAN_CACHE_SESSION_KEY]
+        ban_cache = _hydrate_session_cache(ban_cache)
+        if ban_cache['ip'] != request._misago_real_ip:
+            return None
+        if not cachebuster.is_valid(BAN_VERSION_KEY, ban_cache['version']):
+            return None
+        if ban_cache.get('valid_until'):
+            """
+            Make two timezone unaware dates and compare them
+            """
+            if ban_cache.get('valid_until') < timezone.now().date():
+                return None
+        return ban_cache
+    except KeyError:
+        return None
+
+
+def _hydrate_session_cache(ban_cache):
+    hydrated = ban_cache.copy()
+
+    if hydrated.get('valid_until'):
+        expiration_datetime = datetime.strptime(ban_cache.get('valid_until'),
+                                                '%Y-%m-%d')
+        hydrated['valid_until'] = expiration_datetime.date()
+
+    return hydrated

misago/users/decorators.py

@@ -1,5 +1,6 @@
 from django.core.exceptions import PermissionDenied
 from django.utils.translation import gettext_lazy as _
+from misago.users.bans import is_ip_banned
 
 
 def deny_authenticated(f):
@@ -24,9 +25,9 @@ def deny_guests(f):
 
 def deny_banned_ips(f):
     def decorator(request, *args, **kwargs):
-        if request.user.is_anonymous():
-            raise PermissionDenied(
-                _("This page is not available to guests."))
+        ban = is_ip_banned(request)
+        if ban:
+            raise PermissionDenied(ban.get('message'))
         else:
             return f(request, *args, **kwargs)
     return decorator

misago/users/migrations/0002_users_settings.py

@@ -26,7 +26,7 @@ def create_users_settings_group(apps, schema_editor):
                             ('none', _("No activation required")),
                             ('user', _("Activation Token sent to User")),
                             ('admin', _("Activation by Administrator")),
-                            ('block', _("Don't allow new registrations"))
+                            ('disabled', _("Don't allow new registrations"))
                         )
                     },
                 },

misago/users/models/bans.py

@@ -21,7 +21,7 @@ BAN_IP = 2
 BANS_CHOICES = (
     (BAN_USERNAME, _('Username')),
     (BAN_EMAIL, _('E-mail address')),
-    (BAN_IP, _('IP Address')),
+    (BAN_IP, _('IP address')),
 )
 
 

misago/users/urls/__init__.py → misago/users/urls.py

@@ -6,3 +6,8 @@ urlpatterns = patterns('misago.users.views.auth',
     url(r'^login/banned/$', 'login_banned', name='login_banned'),
     url(r'^logout/$', 'logout', name='logout'),
 )
+
+
+urlpatterns += patterns('misago.users.views.register',
+    url(r'^register/$', 'register', name='register'),
+)

misago/users/views/admin/users.py

@@ -1,5 +1,5 @@
 from django.contrib import messages
-from django.contrib.auth import get_user_model
+from django.contrib.auth import get_user_model, update_session_auth_hash
 from django.shortcuts import redirect
 from django.utils.translation import ugettext_lazy as _
 
@@ -80,6 +80,15 @@ class EditUser(UserAdmin, generic.ModelFormView):
     def handle_form(self, form, request, target):
         form.instance.save()
 
+        if form.cleaned_data.get('new_password'):
+            target.set_password(form.cleaned_data['new_password'])
+
+            if target.pk == request.user.pk:
+                update_session_auth_hash(request, form.user)
+
+        if form.cleaned_data.get('email'):
+            target.set_email(form.cleaned_data['email'])
+
         if form.cleaned_data.get('staff_level'):
             form.instance.staff_level = form.cleaned_data['staff_level']
 

misago/users/views/register.py

@@ -0,0 +1,22 @@
+from misago.conf import settings
+from misago.users.decorators import deny_authenticated, deny_banned_ips
+
+
+def register_decorator(f):
+    def decorator(request):
+        if settings.account_activation == 'disabled':
+            return registrations_off(request)
+        else:
+            return register(request)
+    return decorator
+
+
+@deny_authenticated
+@deny_banned_ips
+@register_decorator
+def register(request):
+    pass
+
+
+def registration_off(request):
+    pass