def request_whitelist_ip(request):
"""
User logs in successfully but it's from a non-whitelisted ip.
They click on a link 'whitelist current ip', which sends an email
to their account.
"""
try:
email = user_from_request(request).email
except UserUnauthorizedError:
email = params_from_request(request).get('email', '')
try:
user = User.objects.get(email=email)
except (UserNotFoundError, me.DoesNotExist):
# still return OK so that there's no leak on valid email
return OK
token = get_secure_rand_token()
user.whitelist_ip_token = token
user.whitelist_ip_token_created = time()
user.whitelist_ip_token_ip_addr = ip_from_request(request)
log.debug("will now save (whitelist_ip)")
user.save()
subject = config.WHITELIST_IP_EMAIL_SUBJECT
body = config.WHITELIST_IP_EMAIL_BODY
body = body % ( (user.first_name or "") + " " + (user.last_name or ""),
config.CORE_URI,
encrypt("%s:%s" % (token, email), config.SECRET),
user.whitelist_ip_token_ip_addr,
config.CORE_URI)
if not send_email(subject, body, email):
log.info("Failed to send email to user %s for whitelist IP link" %
user.email)
raise ServiceUnavailableError()
log.info("Sent email to user %s\n%s" % (email, body))
return OK
# SEC
评论列表
文章目录
