zulip/zephyr
Luke Faraone 54a19e9091 Check whether users are active, not whether they are nonunique.
Previously we checked and bailed when there was a user registered with
an email address, regardless of active status.

This meant that MIT users who had inactive accounts autocreated had
issues where they would be confusingly told they were signed up even
though they had never taken any action on our site directly.

Now we instead check whether there are any current *active* user
accounts with that email address, and proceed with generating an
activation link if the user lacks a corresponding active account.

Security implications of this commit come into play if we start
implementing removing users ability to sign in as deactivation. Since we
lack a user removal story here, this isn't terribly concerning yet and
we'll revist this code when we decide to add such functionality in the
future.

This resolves trac #581 and #631.

(imported from commit c3fb93ce065e63e19b41f63c1f27891b93b75f86)
2013-02-12 15:31:06 -05:00
..
fixtures Rename zephyrs.json => messages.json in .gitignore. 2012-10-10 10:39:27 -04:00
jstemplates Restore click-to-reply in the blank space between the sender name and timestamp 2013-02-12 12:36:39 -05:00
lib Add https?: greedy url matching before falling back to our url guesser 2013-02-12 12:24:15 -05:00
management management: add a remove_users_from_stream command. 2013-02-12 11:49:22 -05:00
migrations [manual][schema] Add an API for user presence (idle) information 2013-02-11 18:05:57 -05:00
static Add an initial message to greet you. 2013-02-12 15:21:28 -05:00
tests Fix wait condition in subscriptions frontend test 2013-02-06 13:49:37 -05:00
__init__.py Initial Django commit: basic account, zephyr stream, narrowing, etc. 2012-08-28 12:44:51 -04:00
context_processors.py [manual] Get rid of the static-access-control mechanism 2013-01-31 15:34:12 -05:00
decorator.py Log requestor email address for non-error requests too. 2013-02-12 11:07:36 -05:00
filters.py Filter out all cookies and the csrfmiddlewaretoken. 2013-02-05 16:12:48 -05:00
forms.py Check whether users are active, not whether they are nonunique. 2013-02-12 15:31:06 -05:00
handlers.py Catch all exceptions when sending a message from AdminHumbugHandler 2013-02-05 16:12:48 -05:00
middleware.py Monkeypatch Django cursor to log query times even when DEBUG=False. 2013-02-12 12:01:02 -05:00
models.py [manual][schema] Add an API for user presence (idle) information 2013-02-11 18:05:57 -05:00
retention_policy.py retention: look up domain instead of inferring from a user's email. 2013-02-08 13:20:18 -05:00
tests.py tests: Fail with a useful error message if Pygments is missing 2013-02-12 15:04:30 -05:00
tornadoviews.py If a web client is requesting message that are too old, force a reload. 2013-01-23 11:33:07 -05:00
views.py Check whether users are active, not whether they are nonunique. 2013-02-12 15:31:06 -05:00