diff --git a/dal/dal/urls.py b/dal/dal/urls.py index 0bf7d78..cdd5ee6 100644 --- a/dal/dal/urls.py +++ b/dal/dal/urls.py @@ -29,4 +29,5 @@ urlpatterns = [ path('deleteaccount/', DeleteAccount.as_view(), name="account_delete"), path('index/', Index.as_view(), name="index"), path('logout/', LogOut.as_view(), name="logout"), + path('', Index.as_view(), name="index"), ] diff --git a/dal/dal/views.py b/dal/dal/views.py index 514df85..f5a3bdf 100644 --- a/dal/dal/views.py +++ b/dal/dal/views.py @@ -33,7 +33,8 @@ class Index(View): def post(self, request): username = request.POST.get('username') password = request.POST.get('password') - user = authenticate(request, username=username, password=password) + pwd = r'%s' % password + user = authenticate(request, username=username, password=pwd) if user is not None: login(request, user) return render(request, 'useroptions.html', { 'user': user } ) @@ -59,31 +60,33 @@ class Register(View): return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Please supply a username.' } ) # Check to see if username is already taken if check_user_exists(username): - return render(request, 'registererror.html', { 'urlname': urlname, 'service': service, 'error': 'User already exists.' } ) + return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'User already exists.' } ) # isalnum() may be a bit harsh, but is the most logical choice to make sure it's a username we # can use elif not username.isalnum(): - return render(request, 'registererror.html', { 'urlname': urlname, 'service': service, 'error': 'Username has to be alphanumeric.' } ) + return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Username has to be alphanumeric.' } ) password1 = request.POST.get('password1') password2 = request.POST.get('password2') # check if the supplied passwords match if password1 != password2: - return render(request, 'registererror.html', { 'urlname': urlname, 'service': service, + return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Your passwords did not match. Please supply the same password twice.' } ) email = request.POST.get('email') # Is the emailaddress valid? try: validate_email(email) except ValidationError: - return render(request, 'registererror.html', { 'urlname': urlname, 'service': service, 'error': 'The supplied email address is invalid.' } ) + return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'The supplied email address is invalid.' } ) firstname = request.POST.get('firstname') lastname = request.POST.get('lastname') if firstname == "" or not firstname or lastname == "" or not lastname: - return render(request, 'registererror.html', { 'urlname': urlname, 'service': service, 'error': 'Please enter your firstname and lastname.' } ) + return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Please enter your firstname and lastname.' } ) # throw it to nameko to create the user with get_pool().next() as rpc: - result = rpc.createuser.create_user(username, password1, firstname, lastname, email) + # so nothing strange happens if there are escapable chars + pwd = r'%s' % password1 + result = rpc.createuser.create_user(username, pwd, firstname, lastname, email) if result == True: return render(request, 'usercreated.html', { 'user': username } ) else: @@ -213,8 +216,9 @@ class ChangePassword(View): return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Please check if you typed the same password both times for the new password' } ) with get_pool().next() as rpc: - # Trying to change the password - result = rpc.changepassword.change_password(user, password1) + # Trying to change the password + pwd = r'%s' % password1 + result = rpc.changepassword.change_password(user, pwd) # Password was changed if result == True: return render(request, 'changedpassword.html', { 'user': user } ) @@ -243,7 +247,8 @@ class DeleteAccount(View): # Do user and password match? password = request.POST.get('password') - check = authenticate(request, username=username, password=password) + pwd = r'%s' % password + check = authenticate(request, username=username, password=pwd) if check is None: return render(request, 'error.html', { 'urlname': urlname, 'service': service, 'error': 'Wrong password for user.' } )