From ba5987b67417ef6af563dbe7c8405f4c6182eaee Mon Sep 17 00:00:00 2001
From: Philip Sargent <philip.sargent@gmail.com>
Date: Mon, 20 Jan 2025 21:57:11 +0000
Subject: [PATCH] form now working with basic validation

---
 core/views/user_registration.py | 26 +++++++++++++++++----
 templates/base.html             |  2 +-
 templates/login/register.html   | 40 +++++++++++++++++++++++++++++----
 urls.py                         | 12 ++++------
 4 files changed, 63 insertions(+), 17 deletions(-)

diff --git a/core/views/user_registration.py b/core/views/user_registration.py
index df00ed9..d4ce58e 100644
--- a/core/views/user_registration.py
+++ b/core/views/user_registration.py
@@ -1,6 +1,7 @@
 from django import forms
 from django.http import HttpResponseRedirect
 from django.shortcuts import render
+from django.core.exceptions import ValidationError
 
 """
 This is the new individual user login registration, instead of everyone signing
@@ -13,7 +14,10 @@ def register(request):
         form = register_form(request.POST)
         if form.is_valid():
             # <process form cleaned data>
-            return HttpResponseRedirect("/success/")
+            un = form.cleaned_data["username"]
+            pw= form.cleaned_data["password1"]
+
+            return HttpResponseRedirect("/accounts/login/")
     else:
         form = register_form(initial={"visible": "True"})
 
@@ -26,17 +30,31 @@ class register_form(forms.Form):  # not a model-form, just a form-form
             attrs={"size":  35, "placeholder": "e.g. anathema-device", 
             "style": "vertical-align: text-top;"}
         ))
+    email = forms.CharField(strip=True, required=True, 
+        label="email",
+        widget=forms.TextInput(
+            attrs={"size":  35, "placeholder": "e.g. anathema@potatohut.exp", 
+            "style": "vertical-align: text-top;"}
+        ))
     password1 = forms.CharField(strip=True, required=True,         
-        label="Password",
+        label="Troggle password",
         widget=forms.TextInput(
             attrs={"size":  30, "placeholder": "your new login password", 
             "style": "vertical-align: text-top;"}
         ))
     password2 = forms.CharField(strip=True, required=True, 
-        label="Re-type your password",
+        label="Re-type your troggle password",
         widget=forms.TextInput(
             attrs={"size":  30, "placeholder": "same as the password above", 
             "style": "vertical-align: text-top;"}
         ) )
 
-    # )        
\ No newline at end of file
+    def clean(self):
+        cleaned_data = super().clean()
+        pw1 = cleaned_data.get("password1")
+        pw2 = cleaned_data.get("password2")
+
+        if pw1 != pw2:
+            raise ValidationError(
+                "Retyped password does not match initial password: please fix this."
+            )      
\ No newline at end of file
diff --git a/templates/base.html b/templates/base.html
index 62d1685..404a5ef 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -28,7 +28,7 @@
     <a id="handbook" href="/handbook/computing/onlinesystems.html">Handbook</a> |
     {% if user.username %}User:{{ user.username }}
     {% if user.person %}(<a href="{{ user.person.get_absolute_url }}">{{ user.person }}</a>){% endif %}
-    | <a <a href='/accounts/logout/'>Log out</a> {% else %} <a href='/accounts/login/'>Log in</a> {% endif %}
+    | <a href='/accounts/logout/'>Log out</a> {% else %} <a href='/accounts/register/'>Register</a> <a href='/accounts/login/'>Log in</a> {% endif %}
     {% endblock%}
 
    </div>
diff --git a/templates/login/register.html b/templates/login/register.html
index 9c1527f..d62861f 100644
--- a/templates/login/register.html
+++ b/templates/login/register.html
@@ -29,23 +29,55 @@ function myFunction() {
 <div class='middle'>
 <h2>User registration - for a personal login to Troggle</h2>
 </div>
-<h3>Register a password and your email</h3>
+<h3>Register a password and your email address</h3>
 <!--using template login/register.html -->
-<p>For previous expoers, your username must be your id as listed on the <a href='/people'>past expoers list</a>
+<p>For previous expoers, your username must be your 'troggle id' as listed on the <a href='/people_ids'>past expoers list</a>
+<p>This will eventually sign you up automatically to the 
+<a href="https://lists.wookware.org/cgi-bin/mailman/roster/expo">expo email list</a>. 
+So type in the same email address that you use there.
 <div style='width: 40%' align="right">
     <form  method="post" accept-charset="utf-8">{% csrf_token %}
     {{form.as_p}}
 
 <div class='align-right'>
-	<input type="checkbox" checked name="visible" onclick="myFunction()">Make Passwords visible
+	<input type="checkbox" checked name="visible" onclick="myFunction()">Make Passwords visible (on this form only)
 
 <br /><br /><input type="submit" value="Register &rarr;">
 </div>
 </form>
+</div>
+<div style='width: 40%' align="left">
+<span style="color:red">
+{{ form.non_field_errors }} <!-- form validation errors appear here -->
+</span>
+<p>Unfortunately cavers tend to use weird and playful names when signing up for things, 
+so we can't automatically connect the troggle names and ids with the email addresses 
+on the email list. And we don't believe in signing people up for things without their
+direct permission anyway.
+Having said that, we <em>will</em> sign you up automatically to the expo email list as
+that is how expo manages everything and it is a condition of coming on expo.
 
+<p>But the automatic sign-up to the email list is not working yet, and may not be before April 2025. 
+So if you don't want to miss out on anything important, make sure you sign up to the 
+<a href="https://lists.wookware.org/cgi-bin/mailman/roster/expo">email list</a>
+right now.
 
+<h3>Students !</h3>
+Please do not use an email address which will expire when you leave your current institution.
+This will happen much sooner than you realise.
 
+<h3>Security note</h3>
+We never store passwords at all, we only store a cryptographic hash. 
+We do store your email address but only 'in clear' inside the live database online
+where it is accessible only to the database administrators. There is no troggle report
+which publishes your email address. 
+For permanent storage all email addresses are encrypted. Your troggle
+username is public however, and we do not have anonymous people attending expo.
+<p>The password we are asking for is used only to log on to troggle to keep track of
+who is editing the current expo records, website content, historic survey data and 
+when using the expo kanban software. It is not the same as the password to access your email 
+and it is not the same as the password you use to interact with the expo email list.
 
-
+</div>
 
 {% endblock %}
diff --git a/urls.py b/urls.py
index d6d9ffc..0c0fb77 100644
--- a/urls.py
+++ b/urls.py
@@ -166,16 +166,12 @@ trogglepatterns = [
 
 # setting LOGIN_URL = '/accounts/login/' is default. 
 #   NB setting url pattern name to 'login' instea dof 'expologin' with override Django, see https://docs.djangoproject.com/en/dev/topics/http/urls/#naming-url-patterns
-    path('accounts/logout/', expologout, name='expologout'), # same as in django.contrib.auth.urls
-    path('accounts/login/',  expologin,  name='expologin'),  # same as in django.contrib.auth.urls
-    path("accounts/register", register, name="register"),
-    #path("accounts/register", SignUpView.as_view(), name="signup"),
+    path('accounts/logout/',   expologout, name='expologout'), # same as in django.contrib.auth.urls
+    path('accounts/login/',    expologin,  name='expologin'),  # same as in django.contrib.auth.urls
+    path("accounts/register/", register,   name="register"),
     path('accounts/', include('django.contrib.auth.urls')),  # see site-packages\registration\auth_urls_classes.py
-    
 
-     path('person/<slug:slug>', person, name="person"),
-    #re_path(r'^person/(?P<first_name>[A-Z]*[a-z\-\'&;]*)[^a-zA-Z]*(?P<last_name>[a-z\-\']*[^a-zA-Z]*[\-]*[A-Z]*[a-zA-Z\-&;]*)/?', person, name="person"),
-    #re_path(r'^personexpedition/(?P<first_name>[A-Z]*[a-z&;]*)[^a-zA-Z]*(?P<last_name>[A-Z]*[a-zA-Z&;]*)/(?P<year>\d+)/?$', personexpedition, name="personexpedition"),
+    path('person/<slug:slug>', person, name="person"),
     path('personexpedition/<slug:slug>/<int:year>', personexpedition, name="personexpedition"),
 
 #   Expedition master page & API exports