Implement signup after clicking

HyphaApp · Sep 12, 2023 · aebeb73 · aebeb73
1 parent 310e2b4
commit aebeb73
Showing 1 changed file with 18 additions and 3 deletions.
diff --git a/hypha/apply/users/views.py b/hypha/apply/users/views.py
@@ -7,6 +7,8 @@
 from django.contrib.auth import get_user_model, login, update_session_auth_hash
 from django.contrib.auth.decorators import login_required, permission_required
 from django.contrib.auth.forms import AdminPasswordChangeForm
+from django.contrib.auth.hashers import make_password
+from django.contrib.auth.models import BaseUserManager, Group
 from django.contrib.auth.tokens import PasswordResetTokenGenerator
 from django.contrib.auth.views import (
     INTERNAL_RESET_SESSION_TOKEN,
@@ -56,6 +58,7 @@
     ProfileForm,
     TWOFAPasswordForm,
 )
+from .groups import APPLICANT_GROUP_NAME
 from .models import PendingSignup
 from .services import PasswordlessAuthService
 from .tokens import PasswordlessLoginTokenGenerator, PasswordlessSignupTokenGenerator
@@ -709,10 +712,22 @@ class PasswordlessSignupView(TemplateView):
     redirect_field_name = "next"
 
     def get(self, request, *args, **kwargs):
-        user = self.get_user(kwargs.get("uidb64"))
+        pending_signup = self.get_pending_signup(kwargs.get("uidb64"))
+
+        if self.is_valid(user=pending_signup, token=kwargs.get("token")):
+            user = User.objects.create(email=pending_signup.email, is_active=True)
+            temp_pass = BaseUserManager().make_random_password(length=32)
+            user.password = make_password(temp_pass)
+            user.save()
+            pending_signup.delete()
 
-        if self.is_valid(user, kwargs.get("token")):
             user.backend = settings.CUSTOM_AUTH_BACKEND
+
+            applicant_group = Group.objects.get(name=APPLICANT_GROUP_NAME)
+            if applicant_group not in user.groups.all():
+                user.groups.add(applicant_group)
+                user.save()
+
             login(request, user)
             if redirect_url := get_redirect_url(request, self.redirect_field_name):
                 return redirect(redirect_url)
@@ -730,7 +745,7 @@ def is_valid(self, user, token):
         token_generator = PasswordlessSignupTokenGenerator()
         return user is not None and token_generator.check_token(user, token)
 
-    def get_user(self, uidb64):
+    def get_pending_signup(self, uidb64):
         """
         Given the verified uid, look up and return the corresponding user
         account if it exists, or `None` if it doesn't.