0

So i based my code on this question Redirect User to another url with django-allauth log in signal but i am still having some issues.

Basically i want to detect a first time login so that i can force a password change using django-allauth

I created an adapter.py:

class AccountAdapter(DefaultAccountAdapter):

    def get_login_redirect_url(self, request):
        threshold = 90  # seconds

        is_first_time = False
        if request.user.last_login:
            is_first_time = (request.user.last_login - request.user.date_joined).seconds < threshold

        if request.user.last_login is None or is_first_time:
            log.info(
                'The user {request.user} is login in for the first time so '
                'lets set a new password'.format(**locals())
            )
            url = '/accounts/password/change/'
        else:
            log.info(
                'The user {request.user} is NOT login in for the first '
                'time'.format(**locals())
            )
            url = settings.LOGIN_REDIRECT_URL
        return resolve_url(url)

Everything seems to work fine, except for 1 case were i create a new user in the django admin and give him a temporary password. I then try to login with this user and purposely fail providing the wrong initial password. For some reason it appears that user.last_login gets updated (although if i go to django admin the dates are not yet different).

When i finally put the right initial password, i login but then my code fails and enters the bit were he assumes this user already logged in before so it doesn't call the force password change bit.

This is the result from the debuging i got so far

    is_first_time:  False
    request.user.last_login:  2015-05-17 18:02:33.424718
    request.user.date_joined:  2015-05-17 18:00:26.191912
    INFO 2015-05-17 18:02:33,431 adapter 2955 139903929153280
    The user pai <pai@example.com> is NOT login in for the first time

Any ideas what could be wrong? Isn't this a common issue??

Community
  • 1
  • 1
psychok7
  • 5,373
  • 9
  • 63
  • 101

1 Answers1

1

I still don't know whats the problem, but i ended up working around the issue by creating a boolean field in the db that tells me if the log in has happened or not

def check_if_first_time_login(user):
    is_first_time_login = None
    for type in ['administrator', 'agent']:
        try:
            user_type = getattr(user, type)
            is_first_time_login = user_type.is_first_time_login
        except ObjectDoesNotExist:
            pass
        else:
            log.info('The user {user} is an {type}'.format(**locals()))
            user_type.is_first_time_login = False
            user_type.save()

    return is_first_time_login


class AccountAdapter(DefaultAccountAdapter):

    def get_login_redirect_url(self, request):
        user = get_object_or_404(get_user_model(), pk=request.user.id)

        is_first_time_login = check_if_first_time_login(user)

        if is_first_time_login:
            log.info(
                'The user {user} is login in for the first time so '
                'lets set a new password'.format(**locals())
            )
            url = '/accounts/password/change/'
        else:
            log.info(
                'The user {user} is NOT login in for the first '
                'time'.format(**locals())
            )
            url = settings.LOGIN_REDIRECT_URL
        return resolve_url(url)
psychok7
  • 5,373
  • 9
  • 63
  • 101