Commits

Brodie Rao committed f5c905c

Remove request.user.is_verified() shortcut (it breaks pickling)

Comments (0)

Files changed (7)

django-otp-agents/otp_agents/views.py

     """
     user = request.user
 
-    if user.is_anonymous() or user.is_verified():
+    if user.is_anonymous() or user.otp_device is not None:
         form = OTPAuthenticationForm
     else:
         form = partial(OTPTokenForm, user)

django-otp/django_otp/admin.py

         In addition to the default requirements, this only allows access to
         users who have been verified by a registered OTP device.
         """
-        return super(OTPAdminSite, self).has_permission(request) and request.user.is_verified()
+        return (super(OTPAdminSite, self).has_permission(request) and
+                request.user.otp_device is not None)

django-otp/django_otp/decorators.py

     if login_url is None:
         login_url = settings.OTP_LOGIN_URL
 
-    test = lambda user: user.is_verified() or (if_configured and user.is_authenticated() and not user_has_device(user))
+    test = lambda user: (user.otp_device is not None or
+                         (if_configured and user.is_authenticated() and
+                          not user_has_device(user)))
     decorator = user_passes_test(test, login_url=login_url, redirect_field_name=redirect_field_name)
 
     return decorator if (view is None) else decorator(view)

django-otp/django_otp/middleware.py

     ``request.user`` based on session data, OTPMiddleware populates
     ``request.user.otp_device`` to the :class:`~django_otp.models.Device`
     object that has verified the user, or ``None`` if the user has not been
-    verified.  As a convenience, this also installs ``user.is_verified()``,
-    which returns ``True`` if ``user.otp_device`` is not ``None``.
+    verified.
     """
     def process_request(self, request):
         user = getattr(request, 'user', None)
             return None
 
         user.otp_device = None
-        user.is_verified = lambda: user.otp_device is not None
 
         if user.is_anonymous():
             return None

django-otp/django_otp/views.py

     """
     user = request.user
 
-    if user.is_anonymous() or user.is_verified():
+    if user.is_anonymous() or user.otp_device is not None:
         form = OTPAuthenticationForm
     else:
         form = partial(OTPTokenForm, user)

django-otp/docs/source/auth.rst

 If you design your site to always require OTP verification in order to log in,
 then your authorization policies don't need to change.
 ``request.user.is_authenticated()`` will be effectively synonymous with
-``request.user.is_verified()``. If, on the other hand, you anticipate having
-both verified and unverified users on your site, you're probably intending to
-limit access to some resources to verified users only. The primary tool for this
-is otp_required:
+``request.user.otp_device is not None``. If, on the other hand, you anticipate
+having both verified and unverified users on your site, you're probably
+intending to limit access to some resources to verified users only. The
+primary tool for this is otp_required:
 
 .. decorator:: django_otp.decorators.otp_required([redirect_field_name='next', login_url=None, if_configured=False])
 
     :type if_configured: bool
 
 If you need more fine-grained control over authorization decisions, you can use
-``request.user.is_verified()`` to determine whether the user has been verified
-by an OTP device. if ``is_verified()`` is true, then ``request.user.otp_device``
-will be set to the :class:`~django_otp.models.Device` object that verified the
-user. This can be useful if you want to include the name of the verifying device
-in the UI.
+``request.user.otp_device`` to determine whether the user has been verified
+by an OTP device. if ``otp_device`` is not ``None``, then
+``request.user.otp_device`` will be set to the
+:class:`~django_otp.models.Device` object that verified the user. This can be
+useful if you want to include the name of the verifying device in the UI.
 
 If you want to use OTPs to establish trusted user agents (e.g. a browser that
 the user claims is on a private and secure computer), look at

django-otp/docs/source/overview.rst

 
 :class:`~django_otp.middleware.OTPMiddleware` populates
 ``request.user.otp_device`` to the OTP device object that verified the current
-user (if any). As a convenience, it also adds ``user.is_verified()`` as a
-counterpart to ``user.is_authenticated()``. It is not possible for a user to be
-verified without also being authenticated. [#agents]_
+user (if any). It is not possible for a user to have an OTP device set without
+also being authenticated. [#agents]_
 
 
 Plugins and Devices