[mediagoblin.git] / mediagoblin / auth / views.py

# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

import six

from itsdangerous import BadSignature

from mediagoblin import messages, mg_globals
from mediagoblin.db.models import User, Privilege
from mediagoblin.tools.crypto import get_timed_signer_url
from mediagoblin.decorators import auth_enabled, allow_registration
from mediagoblin.tools.response import render_to_response, redirect, render_404
from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.tools.mail import email_debug_message
from mediagoblin.tools.pluginapi import hook_handle
from mediagoblin.auth.tools import (send_verification_email, register_user,
                                    check_login_simple)

_log = logging.getLogger(__name__)


@allow_registration
@auth_enabled
def register(request):
    """The registration view.

    Note that usernames will always be lowercased. Email domains are lowercased while
    the first part remains case-sensitive.
    """
    if 'pass_auth' not in request.template_env.globals:
        redirect_name = hook_handle('auth_no_pass_redirect')
        if redirect_name:
            return redirect(request, 'mediagoblin.plugins.{0}.register'.format(
                redirect_name))
        else:
            return redirect(request, 'index')

    register_form = hook_handle("auth_get_registration_form", request)

    if request.method == 'POST' and register_form.validate():
        # TODO: Make sure the user doesn't exist already
        user = register_user(request, register_form)

        if user:
            # redirect the user to their homepage... there will be a
            # message waiting for them to verify their email
            return redirect(
                request, 'mediagoblin.user_pages.user_home',
                user=user.username)

    return render_to_response(
        request,
        'mediagoblin/auth/register.html',
        {'register_form': register_form,
         'post_url': request.urlgen('mediagoblin.auth.register')})


@auth_enabled
def login(request):
    """
    MediaGoblin login view.

    If you provide the POST with 'next', it'll redirect to that view.
    """
    if 'pass_auth' not in request.template_env.globals:
        redirect_name = hook_handle('auth_no_pass_redirect')
        if redirect_name:
            return redirect(request, 'mediagoblin.plugins.{0}.login'.format(
                redirect_name))
        else:
            return redirect(request, 'index')

    login_form = hook_handle("auth_get_login_form", request)

    login_failed = False

    if request.method == 'POST':

        if login_form.validate():
            user = check_login_simple(
                login_form.username.data,
                login_form.password.data)

            if user:
                # set up login in session
                if login_form.stay_logged_in.data:
                    request.session['stay_logged_in'] = True
                request.session['user_id'] = six.text_type(user.id)
                request.session.save()

                if request.form.get('next'):
                    return redirect(request, location=request.form['next'])
                else:
                    return redirect(request, "index")

            login_failed = True
            remote_addr = (request.access_route and request.access_route[-1]
                           or request.remote_addr)
            _log.warn("Failed login attempt from %r", remote_addr)

    return render_to_response(
        request,
        'mediagoblin/auth/login.html',
        {'login_form': login_form,
         'next': request.GET.get('next') or request.form.get('next'),
         'login_failed': login_failed,
         'post_url': request.urlgen('mediagoblin.auth.login'),
         'allow_registration': mg_globals.app_config["allow_registration"]})


def logout(request):
    # Maybe deleting the user_id parameter would be enough?
    request.session.delete()

    return redirect(request, "index")


def verify_email(request):
    """
    Email verification view

    validates GET parameters against database and unlocks the user account, if
    you are lucky :)
    """
    # If we don't have userid and token parameters, we can't do anything; 404
    if not 'token' in request.GET:
        return render_404(request)

    # Catch error if token is faked or expired
    try:
        token = get_timed_signer_url("mail_verification_token") \
                .loads(request.GET['token'], max_age=10*24*3600)
    except BadSignature:
        messages.add_message(
            request,
            messages.ERROR,
            _('The verification key or user id is incorrect.'))

        return redirect(
            request,
            'index')

    user = User.query.filter_by(id=int(token)).first()

    if user and user.has_privilege(u'active') is False:
        user.verification_key = None
        user.all_privileges.append(
            Privilege.query.filter(
            Privilege.privilege_name==u'active').first())

        user.save()

        messages.add_message(
            request,
            messages.SUCCESS,
            _("Your email address has been verified. "
              "You may now login, edit your profile, and submit images!"))
    else:
        messages.add_message(
            request,
            messages.ERROR,
            _('The verification key or user id is incorrect'))

    return redirect(
        request, 'mediagoblin.user_pages.user_home',
        user=user.username)


def resend_activation(request):
    """
    The reactivation view

    Resend the activation email.
    """

    if request.user is None:
        messages.add_message(
            request,
            messages.ERROR,
            _('You must be logged in so we know who to send the email to!'))

        return redirect(request, 'mediagoblin.auth.login')

    if request.user.has_privilege(u'active'):
        messages.add_message(
            request,
            messages.ERROR,
            _("You've already verified your email address!"))

        return redirect(request, "mediagoblin.user_pages.user_home", user=request.user.username)

    email_debug_message(request)
    send_verification_email(request.user, request)

    messages.add_message(
        request,
        messages.INFO,
        _('Resent your verification email.'))
    return redirect(
        request, 'mediagoblin.user_pages.user_home',
        user=request.user.username)
Commit	Line	Data
8e1e744d	1	# GNU MediaGoblin -- federated, autonomous media hosting
cf29e8a8	2	# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
24181820 CAW	3	#
	4	# This program is free software: you can redistribute it and/or modify
	5	# it under the terms of the GNU Affero General Public License as published by
	6	# the Free Software Foundation, either version 3 of the License, or
	7	# (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU Affero General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16
b121d89c AB	17	import logging
b121d89c AB	18
e49b7e02 BP	19	import six
e49b7e02 BP	20
342f06f7	21	from itsdangerous import BadSignature
a77d952a	22
70f8b2d0	23	from mediagoblin import messages, mg_globals
3fb96fc9	24	from mediagoblin.db.models import User, Privilege
342f06f7	25	from mediagoblin.tools.crypto import get_timed_signer_url
5adb906a	26	from mediagoblin.decorators import auth_enabled, allow_registration
152a3bfa	27	from mediagoblin.tools.response import render_to_response, redirect, render_404
a789b713	28	from mediagoblin.tools.translate import pass_to_ugettext as _
dd39fe60	29	from mediagoblin.tools.mail import email_debug_message
e4deacd9	30	from mediagoblin.tools.pluginapi import hook_handle
f9e03221	31	from mediagoblin.auth.tools import (send_verification_email, register_user,
1d321f1c	32	check_login_simple)
bf33272f	33
b121d89c AB	34	_log = logging.getLogger(__name__)
b121d89c AB	35
bf33272f	36
5adb906a RE	37	@allow_registration
5adb906a RE	38	@auth_enabled
24181820	39	def register(request):
a89df961 SS	40	"""The registration view.
	41
	42	Note that usernames will always be lowercased. Email domains are lowercased while
	43	the first part remains case-sensitive.
24181820	44	"""
5784c12d	45	if 'pass_auth' not in request.template_env.globals:
e4deacd9	46	redirect_name = hook_handle('auth_no_pass_redirect')
4f8f0a4e RE	47	if redirect_name:
	48	return redirect(request, 'mediagoblin.plugins.{0}.register'.format(
	49	redirect_name))
	50	else:
	51	return redirect(request, 'index')
5784c12d	52
e4deacd9	53	register_form = hook_handle("auth_get_registration_form", request)
24181820 CAW	54
	55	if request.method == 'POST' and register_form.validate():
	56	# TODO: Make sure the user doesn't exist already
5784c12d	57	user = register_user(request, register_form)
0bc03620	58
5784c12d	59	if user:
dce5c9cb CAW	60	# redirect the user to their homepage... there will be a
dce5c9cb CAW	61	# message waiting for them to verify their email
0bc03620 CAW	62	return redirect(
0bc03620 CAW	63	request, 'mediagoblin.user_pages.user_home',
5a4e3ff1	64	user=user.username)
24181820	65
9038c9f9 CAW	66	return render_to_response(
9038c9f9 CAW	67	request,
c9c24934	68	'mediagoblin/auth/register.html',
57e8be21	69	{'register_form': register_form,
57e8be21	70	'post_url': request.urlgen('mediagoblin.auth.register')})
24181820 CAW	71
24181820 CAW	72
5adb906a	73	@auth_enabled
692fd1c9	74	def login(request):
a3776717	75	"""
8e1e744d	76	MediaGoblin login view.
a3776717 CAW	77
	78	If you provide the POST with 'next', it'll redirect to that view.
	79	"""
5784c12d	80	if 'pass_auth' not in request.template_env.globals:
e4deacd9	81	redirect_name = hook_handle('auth_no_pass_redirect')
4f8f0a4e RE	82	if redirect_name:
	83	return redirect(request, 'mediagoblin.plugins.{0}.login'.format(
	84	redirect_name))
	85	else:
	86	return redirect(request, 'index')
5784c12d	87
e4deacd9	88	login_form = hook_handle("auth_get_login_form", request)
692fd1c9	89
a3776717 CAW	90	login_failed = False
a3776717 CAW	91
69b56235	92	if request.method == 'POST':
b2c8dbcf	93
0578d8b3	94	if login_form.validate():
a2b3c623	95	user = check_login_simple(
	96	login_form.username.data,
	97	login_form.password.data)
692fd1c9	98
1d321f1c	99	if user:
69b56235	100	# set up login in session
527b7e3b	101	if login_form.stay_logged_in.data:
ef57b062	102	request.session['stay_logged_in'] = True
e49b7e02	103	request.session['user_id'] = six.text_type(user.id)
69b56235	104	request.session.save()
692fd1c9	105
69b56235 SS	106	if request.form.get('next'):
	107	return redirect(request, location=request.form['next'])
	108	else:
	109	return redirect(request, "index")
692fd1c9	110
a3776717	111	login_failed = True
87548030 BB	112	remote_addr = (request.access_route and request.access_route[-1]
87548030 BB	113	or request.remote_addr)
b121d89c	114	_log.warn("Failed login attempt from %r", remote_addr)
692fd1c9	115
9038c9f9 CAW	116	return render_to_response(
9038c9f9 CAW	117	request,
c9c24934 E	118	'mediagoblin/auth/login.html',
c9c24934 E	119	{'login_form': login_form,
111a609d	120	'next': request.GET.get('next') or request.form.get('next'),
13bb1d67	121	'login_failed': login_failed,
57e8be21	122	'post_url': request.urlgen('mediagoblin.auth.login'),
13bb1d67	123	'allow_registration': mg_globals.app_config["allow_registration"]})
692fd1c9 CAW	124
	125
	126	def logout(request):
b97232fa CAW	127	# Maybe deleting the user_id parameter would be enough?
b97232fa CAW	128	request.session.delete()
7b31a11c	129
9150244a	130	return redirect(request, "index")
db1a438f	131
5866d1a8	132
db1a438f	133	def verify_email(request):
4c093e85 JW	134	"""
	135	Email verification view
	136
	137	validates GET parameters against database and unlocks the user account, if
	138	you are lucky :)
	139	"""
155f24f9	140	# If we don't have userid and token parameters, we can't do anything; 404
342f06f7	141	if not 'token' in request.GET:
de12b4e7	142	return render_404(request)
155f24f9	143
342f06f7 RE	144	# Catch error if token is faked or expired
	145	try:
	146	token = get_timed_signer_url("mail_verification_token") \
	147	.loads(request.GET['token'], max_age=10243600)
	148	except BadSignature:
	149	messages.add_message(
	150	request,
	151	messages.ERROR,
	152	_('The verification key or user id is incorrect.'))
db1a438f	153
342f06f7 RE	154	return redirect(
	155	request,
	156	'index')
	157
	158	user = User.query.filter_by(id=int(token)).first()
	159
25625107	160	if user and user.has_privilege(u'active') is False:
00bb9550	161	user.verification_key = None
3fb96fc9	162	user.all_privileges.append(
	163	Privilege.query.filter(
	164	Privilege.privilege_name==u'active').first())
daf02964	165
db1a438f	166	user.save()
daf02964	167
fe80cb06	168	messages.add_message(
7b31a11c CAW	169	request,
7b31a11c CAW	170	messages.SUCCESS,
4b1adc13 CAW	171	_("Your email address has been verified. "
4b1adc13 CAW	172	"You may now login, edit your profile, and submit images!"))
db1a438f	173	else:
4b1adc13 CAW	174	messages.add_message(
	175	request,
	176	messages.ERROR,
	177	_('The verification key or user id is incorrect'))
7b31a11c	178
269943a6 CAW	179	return redirect(
269943a6 CAW	180	request, 'mediagoblin.user_pages.user_home',
5a4e3ff1	181	user=user.username)
28afb47c	182
5866d1a8	183
b93a6a22 AM	184	def resend_activation(request):
	185	"""
	186	The reactivation view
	187
	188	Resend the activation email.
	189	"""
84a7e770	190
2fe69916	191	if request.user is None:
7903a14f AW	192	messages.add_message(
	193	request,
	194	messages.ERROR,
2fe69916	195	_('You must be logged in so we know who to send the email to!'))
dfa6994d	196
5dbeda8a	197	return redirect(request, 'mediagoblin.auth.login')
7903a14f	198
25625107	199	if request.user.has_privilege(u'active'):
84a7e770 AW	200	messages.add_message(
	201	request,
	202	messages.ERROR,
2fe69916	203	_("You've already verified your email address!"))
dfa6994d	204
5aa4ab06	205	return redirect(request, "mediagoblin.user_pages.user_home", user=request.user.username)
84a7e770	206
bf33272f	207	email_debug_message(request)
02d80437	208	send_verification_email(request.user, request)
b93a6a22	209
61927e6e CAW	210	messages.add_message(
	211	request,
	212	messages.INFO,
4b1adc13	213	_('Resent your verification email.'))
61927e6e CAW	214	return redirect(
61927e6e CAW	215	request, 'mediagoblin.user_pages.user_home',
5a4e3ff1	216	user=request.user.username)