awesto · jrief · May 30, 2017 · May 30, 2017 · May 30, 2017 · May 30, 2017
diff --git a/example/myshop/templates/myshop/pages/password-reset-confirm.html b/example/myshop/templates/myshop/pages/password-reset-confirm.html
@@ -3,19 +3,29 @@
 
 {% block title %}{% trans "Password Reset Confirm" %}{% endblock %}
 
-{% block breadcrumb %}{% endblock %}
+{% block breadcrumb %}
+<div class="container">
+	<div class="row">
+		<div class="col-xs-12">
+			<ol class="breadcrumb">
+				<li class="active"><a href="{{ request.path }}">{% trans "Set Account Password" %}</a></li>
+			</ol>
+		</div>
+	</div>
+</div>
+{% endblock %}
 
 {% block main-content %}
-<div class="row">
-	<div class="col-xs-12">
-
+<div class="container">
+	<div class="row">
+		<div class="col-xs-12 col-sm-10 col-sm-offset-1 col-md-8 col-md-offset-2">
 	{% if validlink %}
-		{% page_url 'shop-cart' as action %}
-		{% include "shop/auth/password-reset-confirm.html" %}
+		{% page_url 'shop-customer-details' as customer_details_url %}
+		{% include "shop/auth/password-reset-confirm.html" with action=customer_details_url|default:'DO_NOTHING' form_name="password_reset_confirm" %}
 	{% else %}
 		{% include "shop/auth/password-reset-decline.html" %}
 	{% endif %}
-
+		</div>
 	</div>
 </div>
 {% endblock main-content %}
diff --git a/example/myshop/urls/__init__.py b/example/myshop/urls/__init__.py
@@ -20,13 +20,13 @@ def render_robots(request):
     permission = 'noindex' in settings.ROBOTS_META_TAGS and 'Disallow' or 'Allow'
     return HttpResponse('User-Agent: *\n%s: /\n' % permission, content_type='text/plain')
 
-i18n_urls = (
+i18n_urls = [
     url(r'^admin/', include(admin.site.urls)),
     url(r'^password-reset-confirm/(?P<uidb64>[0-9A-Za-z_\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/?$',
         PasswordResetConfirm.as_view(template_name='myshop/pages/password-reset-confirm.html'),
         name='password_reset_confirm'),
     url(r'^', include('cms.urls')),
-)
+]
 urlpatterns = [
     url(r'^robots\.txt$', render_robots),
     url(r'^sitemap\.xml$', sitemap, {'sitemaps': sitemaps}, name='sitemap'),

diff --git a/shop/cascade/auth.py b/shop/cascade/auth.py
@@ -22,6 +22,7 @@
     ('reset', _("Password Reset Form")),
     ('change', _("Change Password Form")),
     ('register-user', _("Register User"), 'shop.forms.auth.RegisterUserForm'),
+    ('register-user-activate', _("Register User with Activation"), 'shop.forms.auth.RegisterUserActivateForm'),
     ('continue-as-guest', _("Continue as guest")),
 )
 
@@ -41,7 +42,7 @@ def clean(self):
 class ShopAuthenticationPlugin(ShopLinkPluginBase):
     """
     A placeholder plugin which provides various authentication forms, such as login-, logout-,
-    register-, and other forms. They can be added any placeholder using the Cascade framework.
+    register-, and other forms. They can be added to any placeholder using the Cascade framework.
     """
     name = _("Authentication")
     parent_classes = ('BootstrapColumnPlugin',)
@@ -71,10 +72,10 @@ def render(self, context, instance, placeholder):
         form_type = instance.glossary.get('form_type')
         if form_type:
             # prevent a malicious database entry to import an ineligible file
-            form_type = AUTH_FORM_TYPES[[ft[0] for ft in AUTH_FORM_TYPES].index(form_type)]
             try:
+                form_type = AUTH_FORM_TYPES[[ft[0] for ft in AUTH_FORM_TYPES].index(form_type)]
                 FormClass = import_string(form_type[2])
-            except (ImportError, IndexError):
+            except (ImportError, IndexError, ValueError):
                 form_name = form_type[0].replace('-', '_')
                 context['form_name'] = '{0}_form'.format(form_name)
             else:

diff --git a/shop/forms/auth.py b/shop/forms/auth.py
@@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 from __future__ import unicode_literals
 
+from django.conf import settings
 from django.contrib.auth import get_user_model, authenticate, login
 from django.contrib.sites.shortcuts import get_current_site
 from django.core.exceptions import ValidationError
@@ -14,6 +15,7 @@
 
 from shop.conf import app_settings
 from shop.models.customer import CustomerModel
+from shop.rest.auth import PasswordResetSerializer
 from .base import UniqueEmailValidationMixin
 
 
@@ -99,6 +101,39 @@ def _send_password(self, request, user, password):
         user.email_user(subject, body)
 
 
+class RegisterUserActivateSerializer(PasswordResetSerializer):
+    base_template = 'register-user-activate'
+
+
+class RegisterUserActivateForm(NgModelFormMixin, NgFormValidationMixin, UniqueEmailValidationMixin, Bootstrap3ModelForm):
+    form_name = 'register_user_form'
+    scope_prefix = 'form_data'
+    field_css_classes = 'input-group has-feedback'
+
+    email = fields.EmailField(label=_("Your e-mail address"))
+
+    class Meta:
+        model = CustomerModel
+        fields = ['email']
+
+    def save(self, request=None, commit=True):
+        self.instance.user.is_active = True
+        self.instance.user.email = self.cleaned_data['email']
+        password = get_user_model().objects.make_random_password(20)
+        self.instance.user.set_password(password)
+        self.instance.user.save()
+        self.instance.recognize_as_guest(request, commit=False)
+
+        serializer = RegisterUserActivateSerializer(data=request.data, context={'request': request})
+        if serializer.is_valid():
+            msg = _("A link to activate this account has been sent to '{email}'.")
+            self.data.update(success=msg.format(**self.cleaned_data))
+            serializer.save()
+
+        customer = super(RegisterUserActivateForm, self).save(commit)
+        return customer
+
+
 class ContinueAsGuestForm(ModelForm):
     """
     Handles Customer's decision to order as guest.

diff --git a/shop/rest/auth.py b/shop/rest/auth.py
@@ -11,14 +11,16 @@
 
 
 class PasswordResetSerializer(serializers.PasswordResetSerializer):
+    base_template = 'reset-password'
+
     def save(self):
         subject_template = select_template([
-            '{}/email/reset-password-subject.txt'.format(app_settings.APP_LABEL),
-            'shop/email/reset-password-subject.txt',
+            '{}/email/{}-subject.txt'.format(app_settings.APP_LABEL, self.base_template),
+            'shop/email/{}-subject.txt'.format(self.base_template),
         ])
         body_template = select_template([
-            '{}/email/reset-password-body.txt'.format(app_settings.APP_LABEL),
-            'shop/email/reset-password-body.txt',
+            '{}/email/{}-body.txt'.format(app_settings.APP_LABEL, self.base_template),
+            'shop/email/{}-body.txt'.format(self.base_template),
         ])
         opts = {
             'use_https': self.context['request'].is_secure(),

diff --git a/shop/templates/shop/auth/password-reset-confirm.html b/shop/templates/shop/auth/password-reset-confirm.html
@@ -9,18 +9,33 @@
 	{{ block.super }}
 	<div ng-hide="success_message">
 		<p>{% trans "Please enter your new password twice so we can verify you typed it in correctly." %}</p>
-		<label class="control-label">{% trans "New Password" %}</label>
-		<div style="margin-bottom: 10px" class="input-group">
-			<span class="input-group-addon"><i class="fa fa-key fa-fw"></i></span>
-			<input type="password" class="form-control" name="new_password1" ng-model="form_data.new_password1" placeholder="{% trans 'New password' %}" />
+
+		<div class="has-feedback form-group" style="margin-bottom: 10px">
+			<label class="control-label">{% trans "New Password" %}</label>
+			<ul ng-messages="password_reset_confirm.new_password1.$error" class="shop-form-error" ng-cloak>
+				<li ng-show="password_reset_confirm.new_password1.$pristine" ng-message="rejected">
+					<span ng-bind="password_reset_confirm.new_password1.$message"></span>
+				</li>
+			</ul>
+			<div class="input-group">
+				<span class="input-group-addon"><i class="fa fa-key fa-fw"></i></span>
+				<input type="password" class="form-control" name="new_password1" ng-model="form_data.new_password1" placeholder="{% trans 'New password' %}" />
+			</div>
 		</div>
-
-		<label class="control-label">{% trans "Confirm Password" %}</label>
-		<div style="margin-bottom: 20px" class="input-group">
-			<span class="input-group-addon"><i class="fa fa-key fa-fw"></i></span>
-			<input type="password" class="form-control" name="new_password2" ng-model="form_data.new_password2" placeholder="{% trans 'Confirm password' %}" />
+
+		<div class="has-feedback form-group" style="margin-bottom: 20px">
+			<label class="control-label">{% trans "Confirm Password" %}</label>
+			<ul ng-messages="password_reset_confirm.new_password2.$error" class="shop-form-error" ng-cloak>
+				<li ng-show="password_reset_confirm.new_password2.$pristine" ng-message="rejected">
+					<span ng-bind="password_reset_confirm.new_password2.$message"></span>
+				</li>
+			</ul>
+			<div class="input-group">
+				<span class="input-group-addon"><i class="fa fa-key fa-fw"></i></span>
+				<input type="password" class="form-control" name="new_password2" ng-model="form_data.new_password2" placeholder="{% trans 'Confirm password' %}" />
+			</div>
 		</div>
-	
+
 		<div class="input-group">
 			<button type="button" ng-click="submitForm('{{ request.path }}', 5000)" class="btn btn-primary">{% trans 'Change my password' %}</button>
 		</div>

diff --git a/shop/templates/shop/auth/password-reset-decline.html b/shop/templates/shop/auth/password-reset-decline.html
@@ -1,9 +1,11 @@
-{% load i18n %}
+{% load i18n cms_tags %}
 <div class="panel panel-danger">
 	<div class="panel-heading">
-		<div class="panel-title">{% trans 'Password reset unsuccessful' %}</div>
+		<div class="panel-title">{% trans "Password can not be reset" %}</div>
 	</div>
 	<div class="panel-body">
-		{% trans "The password reset link was invalid, possibly because it has already been used.  Please request a new password reset." %}
+	{% page_url 'shop-password-reset' as password_reset_url %}
+		<p>{% trans "The password reset link is invalid, possibly because it has already been used." %}</p>
+		<p>{% if password_reset_url %}<a href="{{ password_reset_url }}">{% endif %}{% trans "Please request a new password reset." %}{% if password_reset_url %}</a>{% endif %}</p>
 	</div>
 </div>
diff --git a/shop/templates/shop/auth/register-user-activate.html b/shop/templates/shop/auth/register-user-activate.html
@@ -0,0 +1,23 @@
+{% extends "shop/auth/anonymous-base.html" %}
+{% load i18n %}
+
+{% block form_title %}{% trans "Register Yourself" %}{% endblock %}
+
+{% block form_content %}
+{{ block.super }}
+<div class="form-group has-feedback" style="margin-bottom: 20px">
+	{{ register_user_form.email.label_tag }}
+	<div class="input-group" ng-class="hasError('email')">
+		<span class="input-group-addon"><i class="fa fa-envelope-o fa-fw"></i></span>
+		{{ register_user_form.email }}
+	</div>
+	<ul ng-messages="register_user_form.email.$error" class="shop-form-error" ng-cloak>
+		<li ng-show="register_user_form.email.$dirty" ng-message="email">{% trans "Please provide a valid email address" %}</li>
+		<li ng-show="register_user_form.email.$pristine" ng-message="rejected"><span ng-bind="register_user_form.email.$message"></span></li>
+	</ul>
+</div>
+
+<div class="form-group">
+	<button type="button" ng-click="submitForm('{% url 'shop:register-user-activate' %}', 5000)" class="btn btn-primary">{% trans "Register" %}</button>
+</div>
+{% endblock form_content %}
diff --git a/shop/templates/shop/email/register-user-activate-body.txt b/shop/templates/shop/email/register-user-activate-body.txt
@@ -0,0 +1,12 @@
+{% load i18n %}{% autoescape off %}
+{% blocktrans %}You're receiving this email because you registered a new account
+for '{{ user }}' at {{ site_name }}.{% endblocktrans %}
+
+{% trans "Please go to the following webpage to activate your new account:" %}
+{{ protocol }}://{{ domain }}{% url 'password_reset_confirm' uidb64=uid token=token %}
+
+{% trans "Thanks for visiting our site!" %}
+
+{% blocktrans %}The {{ site_name }} team{% endblocktrans %}
+
+{% endautoescape %}
diff --git a/shop/templates/shop/email/register-user-activate-subject.txt b/shop/templates/shop/email/register-user-activate-subject.txt
@@ -0,0 +1,3 @@
+{% load i18n %}{% autoescape off %}
+{% blocktrans %}Activate your new account on {{ site_name }}{% endblocktrans %}
+{% endautoescape %}
diff --git a/shop/templates/shop/email/reset-password-body.txt b/shop/templates/shop/email/reset-password-body.txt
@@ -1,11 +1,11 @@
 {% load i18n %}{% autoescape off %}
-{% blocktrans %}You're receiving this email because you requested a password reset for your user
+{% blocktrans %}You're receiving this email because you requested to reset the password for your
 account '{{ user }}' at {{ site_name }}.{% endblocktrans %}
 
-{% trans "Please go to the following page and choose a new password:" %}
+{% trans "Please go to the following webpage and choose a new password:" %}
 {{ protocol }}://{{ domain }}{% url 'password_reset_confirm' uidb64=uid token=token %}
 
-{% trans "Thanks for using our site!" %}
+{% trans "Thanks for visiting our site!" %}
 
 {% blocktrans %}The {{ site_name }} team{% endblocktrans %}
 

diff --git a/shop/urls/auth.py b/shop/urls/auth.py
@@ -2,7 +2,7 @@
 from __future__ import unicode_literals
 from django.conf.urls import url
 from rest_auth.views import PasswordChangeView
-from shop.forms.auth import RegisterUserForm, ContinueAsGuestForm
+from shop.forms.auth import RegisterUserForm, RegisterUserActivateForm, ContinueAsGuestForm
 from shop.views.auth import AuthFormsView, LoginView, LogoutView, PasswordResetView
 
 urlpatterns = [
@@ -12,6 +12,8 @@
         name='login'),
     url(r'^register/?$', AuthFormsView.as_view(form_class=RegisterUserForm),
         name='register-user'),
+    url(r'^register-activate/?$', AuthFormsView.as_view(form_class=RegisterUserActivateForm),
+        name='register-user-activate'),
     url(r'^continue/?$', AuthFormsView.as_view(form_class=ContinueAsGuestForm),
         name='continue-as-guest'),
 

diff --git a/shop/views/auth.py b/shop/views/auth.py
@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 from __future__ import unicode_literals
 
-from django.contrib.auth import logout, get_user_model
+from django.contrib.auth import logout, get_user_model, authenticate, login
 from django.contrib.auth.models import AnonymousUser
 from django.contrib.auth.tokens import default_token_generator
 from django.utils.encoding import force_text
@@ -146,4 +146,13 @@ def post(self, request, uidb64=None, token=None):
                 serializer.errors, status=status.HTTP_400_BAD_REQUEST
             )
         serializer.save()
-        return Response({"success": _("Password has been reset with the new password.")})
+
+        # TODO: the following code can be simplified to ``customer = serializer.save().customer``
+        # whenever https://github.com/Tivix/django-rest-auth/pull/334 has been merged
+        customer = serializer.set_password_form.user.customer
+        customer.recognize_as_registered(request)
+        user = authenticate(username=customer.user.username, password=serializer.data['new_password1'])
+        login(request, user)
+
+        msg = _("The password for '{email}' has been reset by a new password.")
+        return Response({'success': msg.format(email=customer.email)})