چندین تغییر جدید ازجمله جنگو ۲ و ریکپچا ورژن ۳

bestoon/settings.py.sample

@@ -120,9 +120,18 @@ USE_TZ = True
 # Static files (CSS, JavaScript, Images)
 # https://docs.djangoproject.com/en/1.10/howto/static-files/
 
+PROJECT_DIR = os.path.dirname(os.path.abspath(__file__))
+STATIC_ROOT = os.path.join(PROJECT_DIR, 'web/static')
 STATIC_URL = '/static/'
 
 
+RECAPTCHA_PRIVATE_KEY = 'your private key'
+RECAPTCHA_PUBLIC_KEY = 'your public key'
+RECAPTCHA_DEFAULT_ACTION = 'generic'
+RECAPTCHA_SCORE_THRESHOLD = 0.5
 
-RECAPTCHA_SECRET_KEY = ''
-POSTMARK_API_TOKEN=''
+EMAIL_HOST = ''
+EMAIL_USE_TLS = True
+EMAIL_PORT = 587
+EMAIL_HOST_USER = ''
+EMAIL_HOST_PASSWORD = ''

fandogh.yml

@@ -0,0 +1,17 @@
+kind: ExternalService
+name: bestoon
+spec:
+  image_pull_policy: Always
+  port: 80
+  source:
+    context: .
+    media_path: ''
+    project_type: django
+    python_version: '3.7'
+    static_path: static
+    wsgi: bestoon.wsgi
+  volume_mounts:
+    - mount_path: /usr/src/app/bestoon/web/static/
+      sub_path: static
+  domains:
+    - name: rayakade.ir

requirements.txt

@@ -1,4 +1,4 @@
 Django>=1.11.27
-python-postmark==0.4.10
 requests==2.20.0
 django-cors-middleware
+django-recaptcha3

web/models.py

@@ -32,7 +32,7 @@ class Expense(models.Model):
     text = models.CharField(max_length=255)
     date = models.DateTimeField()
     amount = models.BigIntegerField()
-    user = models.ForeignKey(User)
+    user = models.ForeignKey(User, on_delete=models.CASCADE)
 
     def __unicode__(self):
         return "{}-{}-{}".format(self.date, self.user, self.amount)
@@ -42,7 +42,7 @@ class Income(models.Model):
     text = models.CharField(max_length=255)
     date = models.DateTimeField()
     amount = models.BigIntegerField()
-    user = models.ForeignKey(User)
+    user = models.ForeignKey(User, on_delete=models.CASCADE)
 
     def __unicode__(self):
         return "{}-{}-{}".format(self.date, self.user, self.amount)

web/static/css/style.css

@@ -1,5 +1,5 @@
 @import url(http://fonts.googleapis.com/earlyaccess/droidarabicnaskh.css);
-@import url('https://fontup.ir/css?fonts=Samim:400');
+/*@import url('https://fontup.ir/css?fonts=Samim:400');*/
 
 @import url(http://weloveiconfonts.com/api/?family=fontawesome);
 [class*="fontawesome-"]:before {

web/templates/index.html

@@ -1,5 +1,5 @@
 {% extends "template.html"%}
-{% load staticfiles %}
+{% load static %}
 
 {% block content %}
 

web/templates/login.html

@@ -1,5 +1,5 @@
 {% extends "template.html"%}
-{% load staticfiles %}
+{% load static %}
 
 {% block content %}
 <div class="row">

web/templates/register.html

@@ -1,9 +1,7 @@
 {% extends "template.html"%}
-{% load staticfiles %}
+{% load static %}
 
 {% block content %}
-<script src='https://www.google.com/recaptcha/api.js'></script>
-
 <div class="row">
     <div class="col-lg-12">
 
@@ -52,6 +50,7 @@ <h3 class="panel-title">ثبت نام</h3>
         <div class="panel-body">
           <form class="form-horizontal" method="POST" action="{% url 'register' %}">
             {% csrf_token %}
+            {{ form }}
             <input type="hidden" name="requestcode" value="True" />
             <input type="hidden" name="next" value="{{ next }}" />
             <div class="form-group">
@@ -72,12 +71,7 @@ <h3 class="panel-title">ثبت نام</h3>
                 <input type="password" name="password" class="form-control"  placeholder="حداقل پنج کاراکتر" required pattern=".{5,}">
               </div>
             </div>
-            <div class="form-group">
-              <label for="inputPassword3" class="col-sm-2 control-label" >ربات نیستید؟</label>
-              <div class="col-sm-10">
-                <div class="g-recaptcha" data-sitekey="6LeVvA8UAAAAALjoTeoU5_n7NDabQcNdZiq5RaQV"></div>
-              </div>
-            </div>
+
 
 
 

web/templates/resetpassword.html

@@ -1,8 +1,7 @@
 {% extends "template.html"%}
-{% load staticfiles %}
+{% load static %}
 
 {% block content %}
-<script src='https://www.google.com/recaptcha/api.js'></script>
 
 <div class="row">
     <div class="col-lg-12">
@@ -45,6 +44,7 @@ <h3 class="panel-title">بازیابی کلمهٔ عبور</h3>
         <div class="panel-body">
           <form class="form-horizontal" method="POST" action="{% url 'reset_password' %}">
             {% csrf_token %}
+            {{ form }}
             <input type="hidden" name="requestcode" value="True" />
             <input type="hidden" name="next" value="{{ next }}" />
             <div class="form-group">
@@ -59,12 +59,7 @@ <h3 class="panel-title">بازیابی کلمهٔ عبور</h3>
                 <input type="password" name="password" class="form-control"  placeholder="حداقل پنج کاراکتر بدون نیاز به تکرار!" required pattern=".{5,}">
               </div>
             </div>
-            <div class="form-group">
-              <label for="inputPassword3" class="col-sm-3 control-label" >ربات نیستید؟</label>
-              <div class="col-sm-9">
-                <div class="g-recaptcha" data-sitekey="6LcB3A4UAAAAAPYNHsIiuWGJwzyyYBhQ12RgIKYj"></div>
-              </div>
-            </div>
+
 
 
 

web/templates/template.html

@@ -1,4 +1,5 @@
-{% load staticfiles %}
+{% load static %}
+{% load recaptcha3 %}
 <!DOCTYPE html>
 <html  class="no-js" lang="fa" dir="rtl">
   <head>
@@ -17,11 +18,21 @@
     <link rel="stylesheet" href="{% static 'css/bootstrap-theme.min.css' %}"  crossorigin="anonymous">
     <link rel="stylesheet" href="{% static 'css/style.css' %}" >
     <!-- Latest compiled and minified CSS -->
+    <script>
+        function alertToken(token) {
+            alert(token);
+        }
+    </script>
+    {% recaptcha_init %}
+    {% recaptcha_ready action_name='homepage' %}
 
         <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
         <script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
 
 
+        <!--BEGIN RAYCHAT CODE-->
+          <script type="text/javascript">!function(){function t(){var t=document.createElement("script");t.type="text/javascript",t.async=!0,localStorage.getItem("rayToken")?t.src="https://app.raychat.io/scripts/js/"+o+"?rid="+localStorage.getItem("rayToken")+"&href="+window.location.href:t.src="https://app.raychat.io/scripts/js/"+o;var e=document.getElementsByTagName("script")[0];e.parentNode.insertBefore(t,e)}var e=document,a=window,o="cc0948d3-e7ca-4739-a636-8665daafda59";"complete"==e.readyState?t():a.attachEvent?a.attachEvent("onload",t):a.addEventListener("load",t,!1)}();</script>
+        <!--END RAYCHAT CODE-->
   </head>
 
   <body>
@@ -42,7 +53,7 @@
                         <span class="icon-bar"></span>
                     </button>
 
-                    <a class="navbar-brand" href="{% url 'index' %}">			                
+                    <a class="navbar-brand" href="{% url 'index' %}">
                       بستون
                     </a>
                 </div>

web/views.py

@@ -15,13 +15,14 @@
 from django.views.decorators.csrf import csrf_exempt
 from django.contrib.auth.hashers import make_password, check_password
 from django.views.decorators.http import require_POST
-
+from django.core.mail import send_mail
+from django.forms import Form
 from .models import User, Token, Expense, Income, Passwordresetcodes, News
 
 # Create your views here.
-from postmark import PMMail
 
-from .utils import grecaptcha_verify, RateLimited
+from .utils import RateLimited
+# from snowpenguin.django.recaptcha3.fields import ReCaptchaField
 
 # create random string for Toekn
 random_str = lambda N: ''.join(
@@ -43,7 +44,9 @@ def news(request):
 @require_POST
 def login(request):
     # check if POST objects has username and password
-    if request.POST.has_key('username') and request.POST.has_key('password'):
+    keys = list(request.POST.keys())
+
+    if ('username' in keys) and ('password' in keys):
         username = request.POST['username']
         password = request.POST['password']
         this_user = get_object_or_404(User, username=username)
@@ -66,13 +69,9 @@ def login(request):
 
 
 def register(request):
-    if request.POST.has_key(
-            'requestcode'):  # form is filled. if not spam, generate code and save in db, wait for email confirmation, return message
-        # is this spam? check reCaptcha
-        if not grecaptcha_verify(request):  # captcha was not correct
-            context = {
-                'message': 'کپچای گوگل درست وارد نشده بود. شاید ربات هستید؟ کد یا کلیک یا تشخیص عکس زیر فرم را درست پر کنید. ببخشید که فرم به شکل اولیه برنگشته!'}  # TODO: forgot password
-            return render(request, 'register.html', context)
+    keys = list(request.POST.keys())
+    keys_get = list(request.GET.keys())
+    if 'requestcode' in keys:  # form is filled. if not spam, generate code and save in db, wait for email confirmation, return message
 
         # duplicate email
         if User.objects.filter(email=request.POST['email']).exists():
@@ -90,18 +89,13 @@ def register(request):
             temporarycode = Passwordresetcodes(
                 email=email, time=now, code=code, username=username, password=password)
             temporarycode.save()
-            #message = PMMail(api_key=settings.POSTMARK_API_TOKEN,
-            #                 subject="فعالسازی اکانت بستون",
-            #                 sender="[email protected]",
-            #                 to=email,
-            #                 text_body=" برای فعال کردن اکانت بستون خود روی لینک روبرو کلیک کنید: {}?code={}".format(
-            #                     request.build_absolute_uri('/accounts/register/'), code),
-            #                 tag="account request")
-            #message.send()
+
+            send_mail("فعالسازی اکانت بستون",
+                " برای فعال کردن اکانت بستون خود روی لینک روبرو کلیک کنید: {}?code={}".format(
+                    request.build_absolute_uri('/accounts/register/'), code)
+                , '[email protected]', [email], fail_silently = False)
             message = 'ایمیلی حاوی لینک فعال سازی اکانت به شما فرستاده شده، لطفا پس از چک کردن ایمیل، روی لینک کلیک کنید.'
-            message = 'قدیم ها ایمیل فعال سازی می فرستادیم ولی الان شرکتش ما رو تحریم کرده (: پس راحت و بی دردسر'
-            body = " برای فعال کردن اکانت بستون خود روی لینک روبرو کلیک کنید: <a href=\"{}?code={}\">لینک رو به رو</a> ".format(request.build_absolute_uri('/accounts/register/'), code)
-            message = message + body
+
             context = {
                 'message': message }
             return render(request, 'index.html', context)
@@ -110,7 +104,7 @@ def register(request):
                 'message': 'متاسفانه این نام کاربری قبلا استفاده شده است. از نام کاربری دیگری استفاده کنید. ببخشید که فرم ذخیره نشده. درست می شه'}  # TODO: forgot password
             # TODO: keep the form data
             return render(request, 'register.html', context)
-    elif request.GET.has_key('code'):  # user clicked on code
+    elif 'code' in keys_get:  # user clicked on code
         code = request.GET['code']
         if Passwordresetcodes.objects.filter(
                 code=code).exists():  # if code is in temporary db, read the data and create the user
@@ -140,7 +134,8 @@ def register(request):
 @csrf_exempt
 @require_POST
 def whoami(request):
-    if request.POST.has_key('token'):
+    keys = request.POST.keys()
+    if 'token' in keys:
         this_token = request.POST['token']  # TODO: Check if there is no `token`- done-please Check it
         # Check if there is a user with this token; will retun 404 instead.
         this_user = get_object_or_404(User, token__token=this_token)
@@ -220,7 +215,7 @@ def edit_expense(request):
     this_pk = request.POST['id'] if 'id' in request.POST else "-1"
     this_token = request.POST['token'] if 'token' in request.POST else ""
     this_user = get_object_or_404(User, token__token=this_token)
-    
+
     this_expense = get_object_or_404(Expense, pk=this_pk, user=this_user)
     this_expense.text = this_text
     this_expense.amount = this_amount
@@ -232,7 +227,7 @@ def edit_expense(request):
 @csrf_exempt
 @require_POST
 def edit_income(request):
-    """ edit an income """    
+    """ edit an income """
     this_text = request.POST['text'] if 'text' in request.POST else ""
     this_amount = request.POST['amount'] if 'amount' in request.POST else "0"
     this_pk = request.POST['id'] if 'id' in request.POST else "0"