Anonymous avatar Anonymous committed 64c46e9

Avoid DB hits on obviously invalid activation keys

Comments (0)

Files changed (1)

-import datetime, random, sha
+import datetime, random, re, sha
 from django.db import models
 from django.core.mail import send_mail
 from django.template import Context, loader
     making it easier to manage profiles.
     
     """
+    def activate_user(self, activation_key):
+        """
+        Given the activation key, makes a User's account active if
+        the activation key is valid and has not expired.
+        
+        Returns the User if successful, or False if the account was
+        not found or the key had expired.
+        
+        """
+        # Make sure the key we're trying conforms to the pattern of a
+        # SHA1 hash; if it doesn't, no point even trying to look it up
+        # in the DB.
+        if re.match('[a-f0-9]{40}', activation_key):
+            try:
+                user_profile = self.get(activation_key=activation_key)
+            except self.model.DoesNotExist:
+                return False
+            if not user_profile.activation_key_expired():
+                # Account exists and has a non-expired key. Activate it.
+                user = user_profile.user
+                user.is_active = True
+                user.save()
+                return user
+        return False
+
     def create_inactive_user(self, username, password, email, send_email=True):
         """
         Creates a new User and a new RegistrationProfile
             send_mail(subject, message, settings.DEFAULT_FROM_EMAIL, [new_user.email])
         return new_user
 
-    def activate_user(self, activation_key):
-        """
-        Given the activation key, makes a User's account active if
-        the activation key is valid and has not expired.
-        
-        Returns the User if successful, or False if the account was
-        not found or the key had expired.
-        
-        """
-        try:
-            user_profile = self.get(activation_key=activation_key)
-        except self.model.DoesNotExist:
-            return False
-        if not user_profile.activation_key_expired():
-            # Account exists and has a non-expired key. Activate it.
-            user = user_profile.user
-            user.is_active = True
-            user.save()
-            return user
-        return False
-
 
 class RegistrationProfile(models.Model):
     """
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.