Commit 889142c6 authored by Samuel GAIST's avatar Samuel GAIST
Browse files

[registration] Implement custom AuthenticationForm

This special form will send an email to a blocked account
owner on successful login attempt. This replaces what the
custom login view did prior to implementation of the 2FA.
parent e078a286
......@@ -32,11 +32,14 @@ Forms and validation code for user registration.
import datetime
from django import forms
from django.contrib.auth.forms import AuthenticationForm
from django.contrib.auth.models import User
from django.urls import reverse
from django.utils.translation import ugettext_lazy as _
from ...accounts.models import Profile
from ...accounts.models import SupervisionTrack
from ...utils import mail
from .models import PreregistrationProfile
from .models import RegistrationProfile
......@@ -501,3 +504,45 @@ class RegistrationFormTermsOfServiceSupervisor(RegistrationSupervisorForm):
required=u"You must agree to the Terms of Service in order to register"
class AuthenticationFormSendingWarning(AuthenticationForm):
Subclass that will send an email to the owner of the account if a successful login
attempt is done.
def check_and_warn(self, username, password):
user = User.objects.get(username=username)
except User.DoesNotExist:
# No specific action is required here
# Possible future step: DOS/DDOS Brute-Force attack detection
authentication_match = user.check_password(password)
if authentication_match and user.profile.status == Profile.BLOCKED:
reactivation_url = self.request.build_absolute_uri(
context = {
"user": user,
"reactivation_url": reactivation_url,
def clean(self):
username = self.cleaned_data.get("username")
password = self.cleaned_data.get("password")
if username is not None and password:
self.check_and_warn(username, password)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment