Adds a USERENA_SIGNIN_AFTER_SIGNUP setting, which automatically signs a newly registered user in if True and if USERENA_ACTIVATION_REQUIRED is False.

Adds documentation in settings.rst.

If you like the feature but I am missing something, let me know and I'll complete.

Thanks for Userena!

The problem is in ExtraContextTemplateView - it only implements the get method (in TemplateView), but the signup view is defined as:

def signup(...):
    if request.method == 'POST':
        if form.is_valid():
            . . .
            return redirect(...)

    return ExtraContextTemplateView.as_view(...)

Since I think this might happen on other places in userena.views, I added a post() method to ExtraContextTemplateView by copying the get method.

Some commits that makes django-userena work with Django 1.9.

Django 1.4 compatibility had to be dropped ({% load url from future %} was removed from Django 1.9).

So far, the changes seem to work fine, but some more testing is certainly needed before making a release.

This pull request fixes password reset on django>=1.6.0.

It adds password reset wies tests and creates new submodule named userena.compat. This is proposition to handle in future any compatibility issues.

Note that this pull request depend on #386. Merge #386 before merging this one or simply forgot about #386. Sorry for that inconvienience but I was in hurry and wanted to contribute my code ASAP because I need that fixes in my production application. I simply simply don't want to watch if earlier PR was accepted and merged, because I could forget to create new one.

Finally I couldn't be sure that my fixes doesn't break anything without merging #386.

This pull request fixes/closes issues #381, #384, #372, #371 without duplicating urls in userena.urls or changing url names.

This patch is not ready to be merged, but I wanted to put it out there to see if there is interest in offering an invitation flow in django-userena.

The patch allows existing users to invite a new user by entering their email address and optionally other user info like their first name. If no user with that email address exists a user is created so that it can be used for some basic interaction.

At the same time an activation email is sent out to the email address. It contains a link that allows the user to activate their account by entering a password. At this point no further email address validation is needed and the user is immediately signed in.

Cheers, Felix

It seems like something of a lapse in the security/anonymity provided by using SHA1 keys for user activation and email confirmation changes to have the "username" directly in the URL, and really there's no reason to have it since the lookup can be done on the key anyway.

I've implemented a moderated registration feature. By default all functionality is the same, however there is now the capability to set the following in your settings.py:

USERENA_MODERATED_REGISTRATION = True
USERENA_ACTIVATION_REJECTED = 'ACTIVATION_REJECTED'
USERENA_PENDING_MODERATION = 'PENDING_MODERATION'

With moderated registration enabled, the following happens:

• User registers
• Receives activation email, and clicks activation link
• Gets msg that they are activated, but pending administrators approval
• The admin logs into the django admin, clicks 'Users', selects user, performs the 'Approve user registration' or 'Reject user registration' action from the drop down.
• An approval or rejection email is sent accordingly

This is an extremely important feature for us during pilot periods where we want something online publicly but only want specific people able to fully register and login. I did my best to follow Userena's coding style/layout/etc. If there is anything you are questionable about please let me know... however I feel it is a very sane and simple solution.

Thanks!

in python 3 all model must be have the str method because unicode doesn't exist

https://docs.djangoproject.com/en/1.7/topics/python3/#str-and-unicode-methods

It's hard to realized this issue when using Django default templating system as it's too nice to tell the error. However, if you use Jinja2 you will get error in signin form.

I believe it was a typo as other forms in views are okay.

Credit goes to Fuhong Liu for locating this bug. Initially we had a fix in template but later Fuhong Liu found that it should have been fixed in the views.

Why User's activation is so impositive? There should have others options, like allowing users to login even if they don't confirm their emails.

This commit adds 'USERENA_ACTIVATION', and when it is False, users signup as active.

Hi userena team,

Here's a patch for the auth backend that allows a superuser to steal the identity of another user. This is very useful when a user reports an error on her/his account and you want to test it.

Cheers,

Guillaume

Updated the "Hackery" to move the new fields to the front of the OrderedDict with move_to_end('key', last=False).

Updated user_profile = new_user.get_profile() to user_profile = new_user.my_profile. get_profile() has been deprecated.

Current signin view accept next parameter for redirect after login successfully but it don't safe check url. It could be exploited to redirect to different page other than current host

After login successfully, there's no way to specify redirect url if account is disabled. It's hardcoded with url resolved from name userena_disabled and arguments username.

What if application doesn't want to include username in url and just return a static template. All the usage of redirect in views have option for that except this usecase

I'm using a custom auth model with USERNAME_FIELD = "email".

The changes here are enough, along with

USERENA_REGISTER_PROFILE = False
USERENA_REGISTER_USER = False

to get django-userena up and running with my project. However, I haven't done any thorough testing yet.