Centralized banning in Banning app - removed user-specific banning.

misago/auth/views.py

@@ -3,6 +3,7 @@ from django.shortcuts import redirect
 from django.template import RequestContext
 from django.utils import timezone
 from django.utils.translation import ugettext as _
+from misago.banning.models import check_ban
 from misago.banning.decorators import block_banned
 from misago.banning.views import error_banned
 from misago.forms.layouts import FormLayout
@@ -89,8 +90,9 @@ def send_activation(request):
         form = UserSendSpecialMailForm(request.POST, request=request)
         if form.is_valid():
             user = form.found_user
-            if user.is_banned():
-                return error_banned(request, user)
+            user_ban = check_ban(username=user.username, email=user.email)
+            if user_ban:
+                return error_banned(request, user, user_ban)
             if user.activation == User.ACTIVATION_NONE:
                 return error403(request, Message(request, 'auth/activation_not_required', extra={'user': user}))
             if user.activation == User.ACTIVATION_ADMIN:
@@ -123,8 +125,9 @@ def activate(request, username="", user="0", token=""):
         user = User.objects.get(pk=user)
         current_activation = user.activation
         # Run checks
-        if user.is_banned():
-            return error_banned(request, user)
+        user_ban = check_ban(username=user.username, email=user.email)
+        if user_ban:
+            return error_banned(request, user, user_ban)
         if user.activation == User.ACTIVATION_NONE:
             return error403(request, Message(request, 'auth/activation_not_required', extra={'user': user}))
         if user.activation == User.ACTIVATION_ADMIN:
@@ -152,8 +155,9 @@ def forgot_password(request):
         form = UserSendSpecialMailForm(request.POST, request=request)
         if form.is_valid():
             user = form.found_user
-            if user.is_banned():
-                return error_banned(request, user)
+            user_ban = check_ban(username=user.username, email=user.email)
+            if user_ban:
+                return error_banned(request, user, user_ban)
             elif user.activation != User.ACTIVATION_NONE:
                 return error403(request, Message(request, 'auth/activation_required', {'user': user}))
             user.token = get_random_string(12)
@@ -184,8 +188,9 @@ def reset_password(request, username="", user="0", token=""):
     user = int(user)
     try:
         user = User.objects.get(pk=user)
-        if user.is_banned():
-            return error_banned(request, user)
+        user_ban = check_ban(username=user.username, email=user.email)
+        if user_ban:
+            return error_banned(request, user, user_ban)
         if user.activation != User.ACTIVATION_NONE:
             return error403(request, Message(request, 'auth/activation_required', {'user': user}))
         if not token or not user.token or user.token != token:

misago/banning/decorators.py

@@ -4,7 +4,7 @@ def block_banned(f):
     def decorator(*args, **kwargs):
         request = args[0]
         try:
-            if request.user.is_banned() or request.ban.is_banned():
+            if request.ban.is_banned():
                 return error_banned(request);
             return f(*args, **kwargs)
         except AttributeError:

misago/banning/middleware.py

@@ -13,5 +13,5 @@ class BanningMiddleware(object):
         if not request.firewall.admin:
             request.ban.check_for_updates(request)
             # Make sure banned session is downgraded to guest level
-            if request.user.is_banned() or request.ban.is_banned():
+            if request.ban.is_banned():
                 request.session.sign_out(request)

misago/banning/models.py

@@ -13,6 +13,8 @@ BAN_IP = 3
 class Ban(models.Model):
     type = models.PositiveIntegerField(default=BAN_NAME_EMAIL)
     ban = models.CharField(max_length=255)
+    reason_user = models.TextField(null=True,blank=True)
+    reason_admin = models.TextField(null=True,blank=True)
     expires = models.DateTimeField(null=True,blank=True,db_index=True)
 
     
@@ -43,23 +45,26 @@ def check_ban(ip=False, username=False, email=False):
 
 
 class BanCache(object):
-    banned = False
-    type = None
-    expires = None
-    version = 0
+    def __init__(self):
+        self.banned = False
+        self.type = None
+        self.expires = None
+        self.reason = None
+        self.version = 0
+        
     def check_for_updates(self, request):
         if (self.version < request.monitor['bans_version']
             or (self.expires != None and self.expires < timezone.now())):
             self.version = request.monitor['bans_version']
-            ban = check_ban(
-                            ip=request.session.get_ip(request),
-                            )
+            ban = check_ban(ip=request.session.get_ip(request))
             if ban:
                 self.banned = True
+                self.reason = ban.reason_user
                 self.expires = ban.expires
                 self.type = ban.type
             else:
                 self.banned = False
+                self.reason = None
                 self.expires = None
                 self.type = None
             return True

misago/banning/views.py

@@ -2,10 +2,9 @@ from django.utils.translation import ugettext as _
 from misago.messages import Message
 from misago.views import error403
 
-def error_banned(request, user=False):
+def error_banned(request, user=None, ban=None):
     if not user:
         user = request.user
-    if user.is_banned():
-        return error403(request, Message(request, 'banning/banned_user', extra={'user': user}), _("You are banned"));
-    if request.ban.is_banned():
-        return error403(request, Message(request, 'banning/banned_ip'), _("You are banned"));
+    if not ban:
+        ban = request.ban
+    return error403(request, Message(request, 'banned', extra={'user': user, 'ban': ban}), _("You are banned"));

misago/security/auth.py

@@ -13,7 +13,7 @@ Exception constants
 CREDENTIALS = 'security/bad_credentials'
 ACTIVATION_USER = 'users/activation_user'
 ACTIVATION_ADMIN = 'users/activation_admin'
-BANNED = 'banning/banned_user'
+BANNED = 'banned'
 NOT_ADMIN = 'security/not_admin'
 
 
@@ -21,10 +21,10 @@ class AuthException(Exception):
     """
     Auth Exception is thrown when auth_* method finds problem with allowing user to sign-in
     """
-    def __init__(self, type=None, error=None, user=None):
+    def __init__(self, type=None, user=None, ban=None):
         self.type = type
-        self.error = error
         self.user = user
+        self.ban = ban
         
     def __str__(self):
         return self.error
@@ -56,17 +56,16 @@ def auth_forum(request, email, password):
     Forum auth - check bans and if we are in maintenance - maintenance access
     """
     user = get_user(email, password)
-    if user.is_banned():
-        raise AuthException(
-                            BANNED,
-                            user.ban_reason_user
-                            )
+    user_ban = check_ban(username=user.username, email=user.email)
+    if user_ban:
+        raise AuthException(BANNED, user, user_ban)
     return user;
 
 
 def auth_remember(request, ip):
     """
     Remember-me auth - check if token is valid
+    Dont worry about AuthException being empty, it doesnt have to have anything
     """
     if request.firewall.admin:
         raise AuthException()

misago/security/views.py

@@ -65,7 +65,7 @@ def signin(request):
                 request.messages.set_flash(Message(request, 'security/signed_in', extra={'user': user}), 'success', 'security')
                 return redirect(success_redirect)
             except AuthException as e:
-                message = Message(request, e.type, extra={'user':e.user})
+                message = Message(request, e.type, extra={'user':e.user, 'ban':e.ban})
                 message.type = 'error'
                 # If not in Admin, register failed attempt
                 if not request.firewall.admin and e.type == auth.CREDENTIALS:

misago/users/models.py

@@ -134,10 +134,6 @@ class User(models.Model):
     alerts_new = models.PositiveIntegerField(default=0)
     activation = models.IntegerField(default=0)
     token = models.CharField(max_length=12,null=True,blank=True)
-    banned = models.BooleanField(default=False)
-    ban_reason_admin = models.TextField(null=True,blank=True)
-    ban_reason_user = models.TextField(null=True,blank=True)
-    ban_expires = models.DateTimeField(null=True,blank=True)
     avatar_ban = models.BooleanField(default=False)
     avatar_ban_reason_user = models.TextField(null=True,blank=True)
     avatar_ban_reason_admin = models.TextField(null=True,blank=True)
@@ -173,16 +169,6 @@ class User(models.Model):
     def is_crawler(self):
         return False
 
-    def is_banned(self):
-        """
-        Check if user is banned and handle eventual ban expiration.
-        """
-        banned = self.banned and (self.ban_expires == None or self.ban_expires > tz_util.now());
-        if not banned and self.banned:
-            self.banned = False
-            self.save(force_update=True)
-        return banned
-
     def default_avatar(self, db_settings):
         if db_settings['default_avatar'] == 'gallery':
             try:
@@ -349,9 +335,6 @@ class Guest(object):
     def is_crawler(self):
         return False
         
-    def is_banned(self):
-        return False
-        
         
 class Crawler(object): 
     """
@@ -371,9 +354,6 @@ class Crawler(object):
     
     def is_crawler(self):
         return True
-        
-    def is_banned(self):
-        return False
     
     
 class Group(models.Model):

misago/views.py

@@ -1,8 +1,6 @@
 from django.template import RequestContext
 
 def home(request):
-    #if request.user.is_authenticated():
-    #    request.user.email_user('LOL Testowy e-mail z Django!', 'who', 'cares')
     return request.theme.render_to_response('index.html',
                                             {'page_title': 'Hello World!'},
                                             context_instance=RequestContext(request));

templates/_message/banned.html

@@ -0,0 +1,23 @@
+{% extends "_message/base.html" %}
+{% load i18n %}
+
+{% block content %}
+{% if message.user.is_authorized() %}
+  {% if message.ban.reason %}
+  <p>{% trans username=message.user.username %}{{ username }}, your account has been locked for following reason:{% endtrans %}</p>
+  <p>{{ message.ban.reason }}</p>
+  {% else %}
+  <p>{% trans username=message.user.username %}{{ username }}, your account has been locked by board administrator.{% endtrans %}</p>
+  {% endif %}
+{% else %}
+  {% if message.ban.reason %}
+  <p>{% trans %}Dear guest, your access to this page has been forbidden for following reason:{% endtrans %}</p>
+  <p>{{ message.ban.reason }}</p>
+  {% else %}
+  <p>{% trans %}Dear guest, your access to this page has been forbidden.{% endtrans %}</p>
+  {% endif %}
+{% endif %}
+  {% if message.ban.expires %}
+  <p>{% trans %}Your ban will expire on{% endtrans %} <em>{{ message.ban.expires|date(format.DATE_FORMAT) }}</em></p>
+  {% endif %}
+{% endblock %}

templates/_message/banning/banned_ip.html

@@ -1,6 +0,0 @@
-{% extends "_message/base.html" %}
-{% load i18n %}
-
-{% block content %}
-  <p>{% trans %}Your IP address has been black-listed by Board Administrator. You will not be able to sign in or register.{% endtrans %}</p>
-{% endblock %}

templates/_message/banning/banned_user.html

@@ -1,14 +0,0 @@
-{% extends "_message/base.html" %}
-{% load i18n %}
-
-{% block content %}
-  {% if message.user.ban_reason_public %}
-  <p>{% trans username=message.user.username %}{{ username }}, your account has been locked for following reason:{% endtrans %}</p>
-  <p>{{ if user.ban_reason_public }}</p>
-  {% else %}
-  <p>{% trans username=message.user.username %}{{ username }}, your account has been locked by board administrator.{% endtrans %}</p>
-  {% endif %}
-  {% if message.user.ban_expires %}
-  <p>{% trans %}Your ban will expire on{% endtrans %} <em>{{ message.user.ban_expires|date:"DATE_FORMAT" }}</em></p>
-  {% endif %}
-{% endblock %}