Coverage for ivatar/ivataraccount/views.py: 76%

1""" 

2View classes for ivatar/ivataraccount/ 

3""" 

4 

5from io import BytesIO 

6from ivatar.utils import urlopen, Bluesky 

7import base64 

8import binascii 

9import contextlib 

10from xml.sax import saxutils 

11import gzip 

12import logging 

13 

14from PIL import Image 

15 

16from django.db.models import ProtectedError 

17from django.core.exceptions import ObjectDoesNotExist 

18from django.contrib.auth.decorators import login_required 

19from django.contrib.auth.models import User 

20from django.utils.decorators import method_decorator 

21from django.contrib.messages.views import SuccessMessageMixin 

22from django.contrib import messages 

23from django.views.generic.edit import FormView, UpdateView 

24from django.views.generic.base import View, TemplateView 

25from django.views.generic.detail import DetailView 

26from django.contrib.auth import authenticate, login 

27from django.contrib.auth.forms import UserCreationForm, SetPasswordForm 

28from django.contrib.auth.views import LoginView 

29from django.contrib.auth.views import ( 

30 PasswordResetView as PasswordResetViewOriginal, 

31) 

32from django.utils.crypto import get_random_string 

33from django.utils.translation import gettext_lazy as _ 

34from django.http import HttpResponseRedirect, HttpResponse 

35from django.urls import reverse_lazy, reverse 

36from django.shortcuts import render 

37from django_openid_auth.models import UserOpenID 

38 

39from openid import oidutil 

40from openid.consumer import consumer 

41 

42from ipware import get_client_ip 

43 

44from email_validator import validate_email 

45 

46from libravatar import libravatar_url 

47from ivatar.settings import ( 

48 MAX_NUM_PHOTOS, 

49 MAX_PHOTO_SIZE, 

50 JPEG_QUALITY, 

51 AVATAR_MAX_SIZE, 

52 SOCIAL_AUTH_FEDORA_KEY, 

53) 

54from .gravatar import get_photo as get_gravatar_photo 

55 

56from .forms import AddEmailForm, UploadPhotoForm, AddOpenIDForm 

57from .forms import UpdatePreferenceForm, UploadLibravatarExportForm 

58from .forms import DeleteAccountForm 

59from .models import UnconfirmedEmail, ConfirmedEmail, Photo 

60from .models import UnconfirmedOpenId, ConfirmedOpenId, DjangoOpenIDStore 

61from .models import UserPreference 

62from .models import file_format 

63from .read_libravatar_export import read_gzdata as libravatar_read_gzdata 

64 

65# Initialize loggers 

66logger = logging.getLogger("ivatar") 

67security_logger = logging.getLogger("ivatar.security") 

68 

69# Import OpenTelemetry with graceful degradation 

70from ..telemetry_utils import ( 

71 trace_file_upload, 

72 trace_authentication, 

73 get_telemetry_metrics, 

74) 

75 

76avatar_metrics = get_telemetry_metrics() 

77 

78 

79def openid_logging(message, level=0): 

80 """ 

81 Helper method for openid logging 

82 """ 

83 # Normal messages are not that important 

84 # No need for coverage here 

85 if level > 0: # pragma: no cover 

86 logger.debug(message) 

87 

88 

89class CreateView(SuccessMessageMixin, FormView): 

90 """ 

91 View class for creating a new user 

92 """ 

93 

94 template_name = "new.html" 

95 form_class = UserCreationForm 

96 

97 @trace_authentication("user_registration") 

98 def form_valid(self, form): 

99 form.save() 

100 user = authenticate( 

101 username=form.cleaned_data["username"], 

102 password=form.cleaned_data["password1"], 

103 ) 

104 if user is not None: 

105 # If the username looks like a mail address, automagically 

106 # add it as unconfirmed mail and set it also as user's 

107 # email address 

108 with contextlib.suppress(Exception): 

109 self._extracted_from_form_valid_(form, user) 

110 login(self.request, user) 

111 pref = UserPreference.objects.create( 

112 user_id=user.pk 

113 ) # pylint: disable=no-member 

114 pref.save() 

115 return HttpResponseRedirect(reverse_lazy("profile")) 

116 return HttpResponseRedirect(reverse_lazy("login")) # pragma: no cover 

117 

118 def _extracted_from_form_valid_(self, form, user): 

119 # This will error out if it's not a valid address 

120 valid = validate_email(form.cleaned_data["username"]) 

121 user.email = valid.email 

122 user.save() 

123 # The following will also error out if it already exists 

124 unconfirmed = UnconfirmedEmail() 

125 unconfirmed.email = valid.email 

126 unconfirmed.user = user 

127 unconfirmed.save() 

128 unconfirmed.send_confirmation_mail( 

129 url=self.request.build_absolute_uri("/")[:-1] 

130 ) 

131 

132 def get(self, request, *args, **kwargs): 

133 """ 

134 Handle get for create view 

135 """ 

136 if request.user and request.user.is_authenticated: 

137 return HttpResponseRedirect(reverse_lazy("profile")) 

138 return super().get(self, request, args, kwargs) 

139 

140 

141@method_decorator(login_required, name="dispatch") 

142class PasswordSetView(SuccessMessageMixin, FormView): 

143 """ 

144 View class for changing the password 

145 """ 

146 

147 template_name = "password_change.html" 

148 form_class = SetPasswordForm 

149 success_message = _("password changed successfully - please login again") 

150 success_url = reverse_lazy("profile") 

151 

152 def get_form_kwargs(self): 

153 kwargs = super().get_form_kwargs() 

154 kwargs["user"] = self.request.user 

155 return kwargs 

156 

157 def form_valid(self, form): 

158 form.save() 

159 super().form_valid(form) 

160 return HttpResponseRedirect(reverse_lazy("login")) 

161 

162 

163@method_decorator(login_required, name="dispatch") 

164class AddEmailView(SuccessMessageMixin, FormView): 

165 """ 

166 View class for adding email addresses 

167 """ 

168 

169 template_name = "add_email.html" 

170 form_class = AddEmailForm 

171 success_url = reverse_lazy("profile") 

172 

173 def form_valid(self, form): 

174 if not form.save(self.request): 

175 return render(self.request, self.template_name, {"form": form}) 

176 

177 messages.success(self.request, _("Address added successfully")) 

178 return super().form_valid(form) 

179 

180 

181@method_decorator(login_required, name="dispatch") 

182class RemoveUnconfirmedEmailView(SuccessMessageMixin, View): 

183 """ 

184 View class for removing a unconfirmed email address 

185 """ 

186 

187 @staticmethod 

188 def post(request, *args, **kwargs): # pylint: disable=unused-argument 

189 """ 

190 Handle post request - removing unconfirmed email 

191 """ 

192 try: 

193 email = UnconfirmedEmail.objects.get( # pylint: disable=no-member 

194 user=request.user, id=kwargs["email_id"] 

195 ) 

196 email.delete() 

197 messages.success(request, _("Address removed")) 

198 except UnconfirmedEmail.DoesNotExist: # pylint: disable=no-member 

199 messages.error(request, _("Address does not exist")) 

200 return HttpResponseRedirect(reverse_lazy("profile")) 

201 

202 

203class ConfirmEmailView(SuccessMessageMixin, TemplateView): 

204 """ 

205 View class for confirming an unconfirmed email address 

206 """ 

207 

208 template_name = "email_confirmed.html" 

209 

210 def get(self, request, *args, **kwargs): 

211 # be tolerant of extra crap added by mail clients 

212 key = kwargs["verification_key"].replace(" ", "") 

213 

214 if len(key) != 64: 

215 messages.error(request, _("Verification key incorrect")) 

216 return HttpResponseRedirect(reverse_lazy("profile")) 

217 

218 try: 

219 unconfirmed = UnconfirmedEmail.objects.get( 

220 verification_key=key 

221 ) # pylint: disable=no-member 

222 except UnconfirmedEmail.DoesNotExist: # pylint: disable=no-member 

223 messages.error(request, _("Verification key does not exist")) 

224 return HttpResponseRedirect(reverse_lazy("profile")) 

225 

226 if ConfirmedEmail.objects.filter(email=unconfirmed.email).count() > 0: 

227 messages.error( 

228 request, 

229 _("This mail address has been taken already and cannot be confirmed"), 

230 ) 

231 return HttpResponseRedirect(reverse_lazy("profile")) 

232 

233 # TODO: Check for a reasonable expiration time in unconfirmed email 

234 

235 (confirmed_id, external_photos) = ConfirmedEmail.objects.create_confirmed_email( 

236 unconfirmed.user, unconfirmed.email, not request.user.is_anonymous 

237 ) 

238 

239 unconfirmed.delete() 

240 

241 # if there's a single image in this user's profile, 

242 # assign it to the new email 

243 confirmed = ConfirmedEmail.objects.get(id=confirmed_id) 

244 if confirmed.user.photo_set.count() == 1: 

245 confirmed.set_photo(confirmed.user.photo_set.first()) 

246 kwargs["photos"] = external_photos 

247 kwargs["email_id"] = confirmed_id 

248 return super().get(request, *args, **kwargs) 

249 

250 

251@method_decorator(login_required, name="dispatch") 

252class RemoveConfirmedEmailView(SuccessMessageMixin, View): 

253 """ 

254 View class for removing a confirmed email address 

255 """ 

256 

257 @staticmethod 

258 def post(request, *args, **kwargs): # pylint: disable=unused-argument 

259 """ 

260 Handle post request - removing confirmed email 

261 """ 

262 try: 

263 email = ConfirmedEmail.objects.get(user=request.user, id=kwargs["email_id"]) 

264 email.delete() 

265 messages.success(request, _("Address removed")) 

266 except ConfirmedEmail.DoesNotExist: # pylint: disable=no-member 

267 messages.error(request, _("Address does not exist")) 

268 return HttpResponseRedirect(reverse_lazy("profile")) 

269 

270 

271@method_decorator(login_required, name="dispatch") 

272class AssignPhotoEmailView(SuccessMessageMixin, TemplateView): 

273 """ 

274 View class for assigning a photo to an email address 

275 """ 

276 

277 model = Photo 

278 template_name = "assign_photo_email.html" 

279 

280 def post(self, request, *args, **kwargs): # pylint: disable=unused-argument 

281 """ 

282 Handle post request - assign photo to email 

283 """ 

284 photo = None 

285 

286 try: 

287 email = ConfirmedEmail.objects.get(user=request.user, id=kwargs["email_id"]) 

288 except ConfirmedEmail.DoesNotExist: # pylint: disable=no-member 

289 messages.error(request, _("Invalid request")) 

290 return HttpResponseRedirect(reverse_lazy("profile")) 

291 

292 if "photoNone" in request.POST: 

293 email.photo = None 

294 email.bluesky_handle = None 

295 elif "photoBluesky" in request.POST: 

296 # Keep the existing Bluesky handle, clear the photo 

297 email.photo = None 

298 # Don't clear bluesky_handle - keep it as is 

299 else: 

300 if "photo_id" not in request.POST: 

301 messages.error(request, _("Invalid request [photo_id] missing")) 

302 return HttpResponseRedirect(reverse_lazy("profile")) 

303 

304 if request.POST["photo_id"] == "bluesky": 

305 # Handle Bluesky photo selection 

306 email.photo = None 

307 # Don't clear bluesky_handle - keep it as is 

308 else: 

309 try: 

310 photo = self.model.objects.get( # pylint: disable=no-member 

311 id=request.POST["photo_id"], user=request.user 

312 ) 

313 except self.model.DoesNotExist: # pylint: disable=no-member 

314 messages.error(request, _("Photo does not exist")) 

315 return HttpResponseRedirect(reverse_lazy("profile")) 

316 email.photo = photo 

317 email.bluesky_handle = None 

318 email.save() 

319 

320 messages.success(request, _("Successfully changed photo")) 

321 return HttpResponseRedirect(reverse_lazy("profile")) 

322 

323 def get_context_data(self, **kwargs): 

324 data = super().get_context_data(**kwargs) 

325 data["email"] = ConfirmedEmail.objects.get(pk=kwargs["email_id"]) 

326 return data 

327 

328 

329@method_decorator(login_required, name="dispatch") 

330class AssignPhotoOpenIDView(SuccessMessageMixin, TemplateView): 

331 """ 

332 View class for assigning a photo to an openid address 

333 """ 

334 

335 model = Photo 

336 template_name = "assign_photo_openid.html" 

337 

338 def post(self, request, *args, **kwargs): # pylint: disable=unused-argument 

339 """ 

340 Handle post - assign photo to openid 

341 """ 

342 photo = None 

343 

344 try: 

345 openid = ConfirmedOpenId.objects.get( # pylint: disable=no-member 

346 user=request.user, id=kwargs["openid_id"] 

347 ) 

348 except ConfirmedOpenId.DoesNotExist: # pylint: disable=no-member 

349 messages.error(request, _("Invalid request")) 

350 return HttpResponseRedirect(reverse_lazy("profile")) 

351 

352 if "photoNone" in request.POST: 

353 openid.photo = None 

354 else: 

355 if "photo_id" not in request.POST: 

356 messages.error(request, _("Invalid request [photo_id] missing")) 

357 return HttpResponseRedirect(reverse_lazy("profile")) 

358 

359 try: 

360 photo = self.model.objects.get( # pylint: disable=no-member 

361 id=request.POST["photo_id"], user=request.user 

362 ) 

363 except self.model.DoesNotExist: # pylint: disable=no-member 

364 messages.error(request, _("Photo does not exist")) 

365 return HttpResponseRedirect(reverse_lazy("profile")) 

366 openid.photo = photo 

367 openid.bluesky_handle = None 

368 openid.save() 

369 

370 messages.success(request, _("Successfully changed photo")) 

371 return HttpResponseRedirect(reverse_lazy("profile")) 

372 

373 def get_context_data(self, **kwargs): 

374 data = super().get_context_data(**kwargs) 

375 data["openid"] = ConfirmedOpenId.objects.get( 

376 pk=kwargs["openid_id"] 

377 ) # pylint: disable=no-member 

378 return data 

379 

380 

381@method_decorator(login_required, name="dispatch") 

382class AssignBlueskyHandleToEmailView(SuccessMessageMixin, TemplateView): 

383 """ 

384 View class for assigning a Bluesky handle to an email address 

385 """ 

386 

387 def post(self, request, *args, **kwargs): # pylint: disable=unused-argument 

388 """ 

389 Handle post request - assign bluesky handle to email 

390 """ 

391 

392 try: 

393 email = ConfirmedEmail.objects.get(user=request.user, id=kwargs["email_id"]) 

394 except ConfirmedEmail.DoesNotExist: # pylint: disable=no-member 

395 messages.error(request, _("Invalid request")) 

396 return HttpResponseRedirect(reverse_lazy("profile")) 

397 

398 if "bluesky_handle" not in request.POST: 

399 messages.error(request, _("Invalid request [bluesky_handle] missing")) 

400 return HttpResponseRedirect(reverse_lazy("profile")) 

401 bluesky_handle = request.POST["bluesky_handle"] 

402 

403 try: 

404 bs = Bluesky() 

405 

406 bs.get_avatar(bluesky_handle) 

407 except Exception as e: 

408 messages.error(request, _(f"Handle '{bluesky_handle}' not found: {e}")) 

409 return HttpResponseRedirect( 

410 reverse_lazy( 

411 "assign_photo_email", kwargs={"email_id": int(kwargs["email_id"])} 

412 ) 

413 ) 

414 try: 

415 email.set_bluesky_handle(bluesky_handle) 

416 except Exception as e: 

417 messages.error(request, _(f"Error: {e}")) 

418 return HttpResponseRedirect( 

419 reverse_lazy( 

420 "assign_photo_email", kwargs={"email_id": int(kwargs["email_id"])} 

421 ) 

422 ) 

423 email.photo = None 

424 email.save() 

425 

426 messages.success(request, _("Successfully assigned Bluesky handle")) 

427 return HttpResponseRedirect(reverse_lazy("profile")) 

428 

429 def get_context_data(self, **kwargs): 

430 data = super().get_context_data(**kwargs) 

431 data["email"] = ConfirmedEmail.objects.get(pk=kwargs["email_id"]) 

432 return data 

433 

434 

435@method_decorator(login_required, name="dispatch") 

436class AssignBlueskyHandleToOpenIdView(SuccessMessageMixin, TemplateView): 

437 """ 

438 View class for assigning a Bluesky handle to an email address 

439 """ 

440 

441 def post(self, request, *args, **kwargs): # pylint: disable=unused-argument 

442 """ 

443 Handle post request - assign bluesky handle to email 

444 """ 

445 

446 try: 

447 openid = ConfirmedOpenId.objects.get( 

448 user=request.user, id=kwargs["open_id"] 

449 ) 

450 except ConfirmedOpenId.DoesNotExist: # pylint: disable=no-member 

451 messages.error(request, _("Invalid request")) 

452 return HttpResponseRedirect(reverse_lazy("profile")) 

453 

454 if "bluesky_handle" not in request.POST: 

455 messages.error(request, _("Invalid request [bluesky_handle] missing")) 

456 return HttpResponseRedirect(reverse_lazy("profile")) 

457 bluesky_handle = request.POST["bluesky_handle"] 

458 

459 try: 

460 bs = Bluesky() 

461 

462 bs.get_avatar(bluesky_handle) 

463 except Exception as e: 

464 messages.error(request, _(f"Handle '{bluesky_handle}' not found: {e}")) 

465 return HttpResponseRedirect( 

466 reverse_lazy( 

467 "assign_photo_openid", kwargs={"openid_id": int(kwargs["open_id"])} 

468 ) 

469 ) 

470 try: 

471 openid.set_bluesky_handle(bluesky_handle) 

472 except Exception as e: 

473 messages.error(request, _(f"Error: {e}")) 

474 return HttpResponseRedirect( 

475 reverse_lazy( 

476 "assign_photo_openid", kwargs={"openid_id": int(kwargs["open_id"])} 

477 ) 

478 ) 

479 openid.photo = None 

480 openid.save() 

481 

482 messages.success(request, _("Successfully assigned Bluesky handle")) 

483 return HttpResponseRedirect(reverse_lazy("profile")) 

484 

485 def get_context_data(self, **kwargs): 

486 data = super().get_context_data(**kwargs) 

487 data["openid"] = ConfirmedOpenId.objects.get(pk=kwargs["open_id"]) 

488 return data 

489 

490 

491@method_decorator(login_required, name="dispatch") 

492class ImportPhotoView(SuccessMessageMixin, TemplateView): 

493 """ 

494 View class to import a photo from another service 

495 Currently only Gravatar is supported 

496 """ 

497 

498 template_name = "import_photo.html" 

499 

500 def get_context_data(self, **kwargs): 

501 context = super().get_context_data(**kwargs) 

502 context["photos"] = [] 

503 addr = None 

504 if "email_id" in kwargs: 

505 try: 

506 addr = ConfirmedEmail.objects.get(pk=kwargs["email_id"]).email 

507 except ConfirmedEmail.ObjectDoesNotExist: # pylint: disable=no-member 

508 messages.error(self.request, _("Address does not exist")) 

509 return context 

510 

511 if addr := kwargs.get("email_addr", None): 

512 if gravatar := get_gravatar_photo(addr): 

513 context["photos"].append(gravatar) 

514 

515 if libravatar_service_url := libravatar_url( 

516 email=addr, 

517 default=404, 

518 size=AVATAR_MAX_SIZE, 

519 ): 

520 try: 

521 urlopen(libravatar_service_url) 

522 except OSError as exc: 

523 logger.warning(f"Exception caught during photo import: {exc}") 

524 else: 

525 context["photos"].append( 

526 { 

527 "service_url": libravatar_service_url, 

528 "thumbnail_url": f"{libravatar_service_url}&s=80", 

529 "image_url": f"{libravatar_service_url}&s=512", 

530 "width": 80, 

531 "height": 80, 

532 "service_name": "Libravatar", 

533 } 

534 ) 

535 

536 return context 

537 

538 def post( 

539 self, request, *args, **kwargs 

540 ): # pylint: disable=no-self-use,unused-argument,too-many-branches,line-too-long 

541 """ 

542 Handle post to photo import 

543 """ 

544 

545 imported = None 

546 

547 email_id = kwargs.get("email_id", request.POST.get("email_id", None)) 

548 addr = kwargs.get("email", request.POST.get("email_addr", None)) 

549 

550 if email_id: 

551 email = ConfirmedEmail.objects.filter(id=email_id, user=request.user) 

552 if email.exists(): 

553 addr = email.first().email 

554 else: 

555 messages.error(request, _("Address does not exist")) 

556 return HttpResponseRedirect(reverse_lazy("profile")) 

557 

558 if "photo_Gravatar" in request.POST: 

559 photo = Photo() 

560 photo.user = request.user 

561 photo.ip_address = get_client_ip(request)[0] 

562 if photo.import_image("Gravatar", addr): 

563 messages.success(request, _("Gravatar image successfully imported")) 

564 else: 

565 # Honestly, I'm not sure how to test this... 

566 messages.error( 

567 request, _("Gravatar image import not successful") 

568 ) # pragma: no cover 

569 imported = True 

570 

571 if "photo_Libravatar" in request.POST: 

572 photo = Photo() 

573 photo.user = request.user 

574 photo.ip_address = get_client_ip(request)[0] 

575 if photo.import_image("Libravatar", addr): 

576 messages.success(request, _("Libravatar image successfully imported")) 

577 else: 

578 # Honestly, I'm not sure how to test this... 

579 messages.error( 

580 request, _("Libravatar image import not successful") 

581 ) # pragma: no cover 

582 imported = True 

583 if not imported: 

584 messages.warning(request, _("Nothing importable")) 

585 return HttpResponseRedirect(reverse_lazy("profile")) 

586 

587 

588@method_decorator(login_required, name="dispatch") 

589class RawImageView(DetailView): 

590 """ 

591 View to return (binary) raw image data, for use in <img/>-tags 

592 """ 

593 

594 model = Photo 

595 

596 def get(self, request, *args, **kwargs): 

597 photo = self.model.objects.get(pk=kwargs["pk"]) # pylint: disable=no-member 

598 if photo.user.id != request.user.id and not request.user.is_staff: 

599 return HttpResponseRedirect(reverse_lazy("home")) 

600 return HttpResponse(BytesIO(photo.data), content_type=f"image/{photo.format}") 

601 

602 

603@method_decorator(login_required, name="dispatch") 

604class DeletePhotoView(SuccessMessageMixin, View): 

605 """ 

606 View class for deleting a photo 

607 """ 

608 

609 model = Photo 

610 

611 def get(self, request, *args, **kwargs): # pylint: disable=unused-argument 

612 """ 

613 Handle get - delete photo 

614 """ 

615 try: 

616 photo = self.model.objects.get( # pylint: disable=no-member 

617 pk=kwargs["pk"], user=request.user 

618 ) 

619 photo.delete() 

620 except (self.model.DoesNotExist, ProtectedError): # pylint: disable=no-member 

621 messages.error(request, _("No such image or no permission to delete it")) 

622 return HttpResponseRedirect(reverse_lazy("profile")) 

623 messages.success(request, _("Photo deleted successfully")) 

624 return HttpResponseRedirect(reverse_lazy("profile")) 

625 

626 

627@method_decorator(login_required, name="dispatch") 

628class UploadPhotoView(SuccessMessageMixin, FormView): 

629 """ 

630 View class responsible for photo upload with enhanced security 

631 """ 

632 

633 model = Photo 

634 template_name = "upload_photo.html" 

635 form_class = UploadPhotoForm 

636 success_message = _("Successfully uploaded") 

637 success_url = reverse_lazy("profile") 

638 

639 def post(self, request, *args, **kwargs): 

640 # Check maximum number of photos 

641 num_photos = request.user.photo_set.count() 

642 if num_photos >= MAX_NUM_PHOTOS: 

643 messages.error( 

644 request, _("Maximum number of photos (%i) reached" % MAX_NUM_PHOTOS) 

645 ) 

646 return HttpResponseRedirect(reverse_lazy("profile")) 

647 

648 return super().post(request, *args, **kwargs) 

649 

650 @trace_file_upload("photo_upload") 

651 def form_valid(self, form): 

652 photo_data = self.request.FILES["photo"] 

653 

654 # Additional size check (redundant but good for security) 

655 if photo_data.size > MAX_PHOTO_SIZE: 

656 messages.error(self.request, _("Image too big")) 

657 avatar_metrics.record_file_upload( 

658 file_size=photo_data.size, 

659 content_type=photo_data.content_type, 

660 success=False, 

661 ) 

662 return HttpResponseRedirect(reverse_lazy("profile")) 

663 

664 # Enhanced security logging 

665 security_logger.info( 

666 f"Photo upload attempt by user {self.request.user.id} " 

667 f"from IP {get_client_ip(self.request)[0]}, " 

668 f"file size: {photo_data.size} bytes" 

669 ) 

670 

671 photo = form.save(self.request, photo_data) 

672 

673 if not photo: 

674 security_logger.warning( 

675 f"Photo upload failed for user {self.request.user.id} - invalid format" 

676 ) 

677 messages.error(self.request, _("Invalid Format")) 

678 avatar_metrics.record_file_upload( 

679 file_size=photo_data.size, 

680 content_type=photo_data.content_type, 

681 success=False, 

682 ) 

683 return HttpResponseRedirect(reverse_lazy("profile")) 

684 

685 # Log successful upload 

686 security_logger.info( 

687 f"Photo uploaded successfully by user {self.request.user.id}, " 

688 f"photo ID: {photo.pk}" 

689 ) 

690 

691 # Record successful file upload metrics 

692 avatar_metrics.record_file_upload( 

693 file_size=photo_data.size, 

694 content_type=photo_data.content_type, 

695 success=True, 

696 ) 

697 

698 # Override success URL -> Redirect to crop page. 

699 self.success_url = reverse_lazy("crop_photo", args=[photo.pk]) 

700 return super().form_valid(form) 

701 

702 

703@method_decorator(login_required, name="dispatch") 

704class AddOpenIDView(SuccessMessageMixin, FormView): 

705 """ 

706 View class for adding OpenID 

707 """ 

708 

709 template_name = "add_openid.html" 

710 form_class = AddOpenIDForm 

711 success_url = reverse_lazy("profile") 

712 

713 def form_valid(self, form): 

714 if openid_id := form.save(self.request.user): 

715 # At this point we have an unconfirmed OpenID, but 

716 # we do not add the message, that we successfully added it, 

717 # since this is misleading 

718 return HttpResponseRedirect( 

719 reverse_lazy("openid_redirection", args=[openid_id]) 

720 ) 

721 else: 

722 return render(self.request, self.template_name, {"form": form}) 

723 

724 

725@method_decorator(login_required, name="dispatch") 

726class RemoveUnconfirmedOpenIDView(View): 

727 """ 

728 View class for removing a unconfirmed OpenID 

729 """ 

730 

731 model = UnconfirmedOpenId 

732 

733 def post(self, request, *args, **kwargs): # pylint: disable=unused-argument 

734 """ 

735 Handle post - remove unconfirmed openid 

736 """ 

737 try: 

738 openid = self.model.objects.get( # pylint: disable=no-member 

739 user=request.user, id=kwargs["openid_id"] 

740 ) 

741 openid.delete() 

742 messages.success(request, _("ID removed")) 

743 except ( 

744 self.model.DoesNotExist 

745 ): # pragma: no cover pylint: disable=no-member,line-too-long 

746 messages.error(request, _("ID does not exist")) 

747 return HttpResponseRedirect(reverse_lazy("profile")) 

748 

749 

750@method_decorator(login_required, name="dispatch") 

751class RemoveConfirmedOpenIDView(View): 

752 """ 

753 View class for removing a confirmed OpenID 

754 """ 

755 

756 model = ConfirmedOpenId 

757 

758 def post(self, request, *args, **kwargs): # pylint: disable=unused-argument 

759 """ 

760 Handle post - remove confirmed openid 

761 """ 

762 try: 

763 openid = self.model.objects.get( # pylint: disable=no-member 

764 user=request.user, id=kwargs["openid_id"] 

765 ) 

766 try: 

767 openidobj = ( 

768 UserOpenID.objects.get( # pylint: disable=no-member,line-too-long 

769 user_id=request.user.id, claimed_id=openid.openid 

770 ) 

771 ) 

772 openidobj.delete() 

773 except Exception as exc: # pylint: disable=broad-except 

774 # Why it is not there? 

775 logger.warning(f"How did we get here: {exc}") 

776 openid.delete() 

777 messages.success(request, _("ID removed")) 

778 except self.model.DoesNotExist: # pylint: disable=no-member 

779 messages.error(request, _("ID does not exist")) 

780 return HttpResponseRedirect(reverse_lazy("profile")) 

781 

782 

783@method_decorator(login_required, name="dispatch") 

784class RedirectOpenIDView(View): 

785 """ 

786 Redirect view for OpenID 

787 """ 

788 

789 model = UnconfirmedOpenId 

790 

791 def get(self, request, *args, **kwargs): # pylint: disable=unused-argument 

792 """ 

793 Handle get for OpenID redirect view 

794 """ 

795 try: 

796 unconfirmed = self.model.objects.get( # pylint: disable=no-member 

797 user=request.user, id=kwargs["openid_id"] 

798 ) 

799 except ( 

800 self.model.DoesNotExist 

801 ): # pragma: no cover pylint: disable=no-member,line-too-long 

802 messages.error(request, _("ID does not exist"))