Fix for Issue #691 - ACCOUNTS_APPROVAL_REQUIRED bypasses ACCOUNTS_VER…

…IFICATION_REQUIRED
stephenmcd · Jun 20, 2013 · e5e173e · e5e173e
1 parent 1909a21
commit e5e173e
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 5 deletions.
diff --git a/mezzanine/accounts/admin.py b/mezzanine/accounts/admin.py
@@ -4,7 +4,7 @@
 from mezzanine.accounts.models import get_profile_model
 from mezzanine.core.admin import SitePermissionUserAdmin
 from mezzanine.conf import settings
-from mezzanine.utils.email import send_approved_mail
+from mezzanine.utils.email import send_approved_mail, send_verification_mail
 from mezzanine.utils.models import get_user_model
 
 
@@ -32,11 +32,25 @@ def save_model(self, request, obj, form, change):
         If the ``ACCOUNTS_APPROVAL_REQUIRED`` setting is ``True``,
         send a notification email to the user being saved if their
         ``active`` status has changed to ``True``.
+        If the ``ACCOUNTS_VERIFICATION_REQUIRED`` setting is ``True``,
+        send a verification email instead.
         """
+        must_send_verification_mail_after_save = False
         if change and settings.ACCOUNTS_APPROVAL_REQUIRED:
             if obj.is_active and not User.objects.get(id=obj.id).is_active:
-                send_approved_mail(request, obj)
+                if settings.ACCOUNTS_VERIFICATION_REQUIRED:
+                    # Accounts verification requires an inactive account
+                    obj.is_active = False
+                    # The token generated by send_verification_mail()
+                    # must match the _saved_ User object,
+                    # so postpone send_verification_mail() until later
+                    must_send_verification_mail_after_save = True
+                else:
+                    send_approved_mail(request, obj)
         super(UserProfileAdmin, self).save_model(request, obj, form, change)
+        if must_send_verification_mail_after_save:
+            user = User.objects.get(id=obj.id)
+            send_verification_mail(request, user, "signup_verify")
 
 
 if Profile:

diff --git a/mezzanine/accounts/views.py b/mezzanine/accounts/views.py
@@ -68,16 +68,13 @@ def signup(request, template="accounts/account_signup.html"):
     context = {"form": form, "title": _("Sign up")}
     return render(request, template, context)
 
-
 def signup_verify(request, uidb36=None, token=None):
     """
     View for the link in the verification email sent to a new user
     when they create an account and ``ACCOUNTS_VERIFICATION_REQUIRED``
     is set to ``True``. Activates the user and logs them in,
     redirecting to the URL they tried to access when signing up.
     """
-    if settings.ACCOUNTS_APPROVAL_REQUIRED:
-        raise Http404
     user = authenticate(uidb36=uidb36, token=token, is_active=False)
     if user is not None:
         user.is_active = True