Save user timezone to session and use that to get the local time in the login notification e-mail.

Author: frjo

hypha/apply/users/signals.py

@@ -7,6 +7,8 @@
 
 from hypha.core.mail import MarkdownMail
 
+from .utils import get_zoneinfo
+
 HIJACK_VIEW_NAMES = {
     "hijack-become",
     "users:hijack",
@@ -20,10 +22,18 @@ def send_login_notification(sender, request, user, **kwargs):
     if not settings.SEND_MESSAGES or not user.email:
         return
 
+    if getattr(user, "backend", "").startswith("social_core."):
+        return
+
     if request and getattr(request, "resolver_match", None):
         if request.resolver_match.view_name in HIJACK_VIEW_NAMES:
             return
 
+    tz_name = (
+        getattr(request, "session", {}).get("user_timezone", "") if request else ""
+    )
+    user_tz = get_zoneinfo(tz_name)
+
     subject = _("Successful login to %(org)s") % {"org": settings.ORG_LONG_NAME}
     if settings.EMAIL_SUBJECT_PREFIX:
         subject = str(settings.EMAIL_SUBJECT_PREFIX) + str(subject)
@@ -35,7 +45,9 @@ def send_login_notification(sender, request, user, **kwargs):
         from_email=settings.DEFAULT_FROM_EMAIL,
         context={
             "user": user,
-            "login_time": formats.date_format(timezone.now(), "SHORT_DATETIME_FORMAT"),
+            "login_time": formats.date_format(
+                timezone.localtime(timezone=user_tz), "SHORT_DATETIME_FORMAT"
+            ),
             "site": Site.find_for_request(request) if request else None,
             "ORG_EMAIL": settings.ORG_EMAIL,
         },

hypha/apply/users/urls.py

@@ -37,6 +37,7 @@
     oauth,
     send_confirm_access_email_view,
     set_password_view,
+    set_timezone_view,
 )
 
 app_name = "users"
@@ -159,6 +160,7 @@
     ),
     path("activate/", create_password, name="activate_password"),
     path("oauth", oauth, name="oauth"),
+    path("set-timezone/", set_timezone_view, name="set_timezone"),
     # 2FA
     path("two_factor/setup/", TWOFASetupView.as_view(), name="setup"),
     path(

hypha/apply/users/utils.py

@@ -1,4 +1,5 @@
 import string
+import zoneinfo
 
 import nh3
 from django.conf import settings
@@ -196,6 +197,16 @@ def update_is_staff(request, user):
         user.save()
 
 
+def get_zoneinfo(tz_name):
+    """Return a ZoneInfo for tz_name, or None if invalid/empty."""
+    if not tz_name:
+        return None
+    try:
+        return zoneinfo.ZoneInfo(tz_name)
+    except (zoneinfo.ZoneInfoNotFoundError, KeyError):
+        return None
+
+
 def strip_html_and_nerf_urls(value: str):
     # Remove all HTML tags. This prohibits HTML without creating hurdles.
     cleaned_value = nh3.clean(value, tags=set())

hypha/apply/users/views.py

@@ -31,6 +31,7 @@
 from django.views.decorators.cache import never_cache
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.debug import sensitive_post_parameters
+from django.views.decorators.http import require_POST
 from django.views.generic import UpdateView
 from django.views.generic.base import TemplateView
 from django.views.generic.edit import FormView
@@ -70,6 +71,7 @@
 from .utils import (
     generate_numeric_token,
     get_redirect_url,
+    get_zoneinfo,
     send_activation_email,
     send_confirmation_email,
 )
@@ -870,6 +872,15 @@ def set_password_view(request):
         return HttpResponse(_("✓ Check your email for password set link."))
 
 
+@require_POST
+def set_timezone_view(request: HttpRequest) -> HttpResponse:
+    """Store the browser timezone in the session for use in login notifications."""
+    tz_name = request.POST.get("user_timezone", "")
+    if get_zoneinfo(tz_name):
+        request.session["user_timezone"] = tz_name
+    return HttpResponse(status=204)
+
+
 @never_cache
 @csrf_exempt
 @psa(f"{settings.SOCIAL_AUTH_URL_NAMESPACE}:complete")

hypha/templates/base.html

@@ -202,6 +202,15 @@
                 });
             </script>
         {% endif %}
+        {% if not request.session.user_timezone %}
+            <script>
+                fetch("{% url 'users:set_timezone' %}", {
+                    method: 'POST',
+                    headers: {'Content-Type': 'application/x-www-form-urlencoded', 'X-CSRFToken': '{{ csrf_token }}'},
+                    body: 'user_timezone=' + encodeURIComponent(Intl.DateTimeFormat().resolvedOptions().timeZone)
+                });
+            </script>
+        {% endif %}
         {% include "includes/body_end.html" %}
     </body>
 </html>