[mediagoblin.git] / mediagoblin / auth / views.py

# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011 Free Software Foundation, Inc
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import uuid

from webob import exc

from mediagoblin import messages
from mediagoblin import mg_globals
from mediagoblin.util import render_to_response, redirect, render_404
from mediagoblin.util import pass_to_ugettext as _
from mediagoblin.db.util import ObjectId
from mediagoblin.auth import lib as auth_lib
from mediagoblin.auth import forms as auth_forms
from mediagoblin.auth.lib import send_verification_email


def register(request):
    """
    Your classic registration view!
    """
    # Redirects to indexpage if registrations are disabled
    if not mg_globals.app_config["allow_registration"]:
        messages.add_message(
            request,
            messages.WARNING,
            _('Sorry, registration is disabled on this instance.'))
        return redirect(request, "index")

    register_form = auth_forms.RegistrationForm(request.POST)

    if request.method == 'POST' and register_form.validate():
        # TODO: Make sure the user doesn't exist already

        users_with_username = request.db.User.find(
            {'username': request.POST['username'].lower()}).count()
        users_with_email = request.db.User.find(
            {'email': request.POST['email'].lower()}).count()

        extra_validation_passes = True

        if users_with_username:
            register_form.username.errors.append(
                _(u'Sorry, a user with that name already exists.'))
            extra_validation_passes = False
        if users_with_email:
            register_form.email.errors.append(
                _(u'Sorry, that email address has already been taken.'))
            extra_validation_passes = False

        if extra_validation_passes:
            # Create the user
            user = request.db.User()
            user['username'] = request.POST['username'].lower()
            user['email'] = request.POST['email'].lower()
            user['pw_hash'] = auth_lib.bcrypt_gen_password_hash(
                request.POST['password'])
            user.save(validate=True)

            # log the user in
            request.session['user_id'] = unicode(user['_id'])
            request.session.save()

            # send verification email
            send_verification_email(user, request)

            # redirect the user to their homepage... there will be a
            # message waiting for them to verify their email
            return redirect(
                request, 'mediagoblin.user_pages.user_home',
                user=user['username'])

    return render_to_response(
        request,
        'mediagoblin/auth/register.html',
        {'register_form': register_form})


def login(request):
    """
    MediaGoblin login view.

    If you provide the POST with 'next', it'll redirect to that view.
    """
    login_form = auth_forms.LoginForm(request.POST)

    login_failed = False

    if request.method == 'POST' and login_form.validate():
        user = request.db.User.one(
            {'username': request.POST['username'].lower()})

        if user and user.check_login(request.POST['password']):
            # set up login in session
            request.session['user_id'] = unicode(user['_id'])
            request.session.save()

            if request.POST.get('next'):
                return exc.HTTPFound(location=request.POST['next'])
            else:
                return redirect(request, "index")

        else:
            # Prevent detecting who's on this system by testing login
            # attempt timings
            auth_lib.fake_login_attempt()
            login_failed = True

    return render_to_response(
        request,
        'mediagoblin/auth/login.html',
        {'login_form': login_form,
         'next': request.GET.get('next') or request.POST.get('next'),
         'login_failed': login_failed,
         'allow_registration': mg_globals.app_config["allow_registration"]})


def logout(request):
    # Maybe deleting the user_id parameter would be enough?
    request.session.delete()

    return redirect(request, "index")


def verify_email(request):
    """
    Email verification view

    validates GET parameters against database and unlocks the user account, if
    you are lucky :)
    """
    # If we don't have userid and token parameters, we can't do anything; 404
    if not request.GET.has_key('userid') or not request.GET.has_key('token'):
        return render_404(request)

    user = request.db.User.find_one(
        {'_id': ObjectId(unicode(request.GET['userid']))})

    if user and user['verification_key'] == unicode(request.GET['token']):
        user['status'] = u'active'
        user['email_verified'] = True
        user.save()
        messages.add_message(
            request,
            messages.SUCCESS,
            _("Your email address has been verified. "
              "You may now login, edit your profile, and submit images!"))
    else:
        messages.add_message(
            request,
            messages.ERROR,
            _('The verification key or user id is incorrect'))

    return redirect(
        request, 'mediagoblin.user_pages.user_home',
        user=user['username'])


def resend_activation(request):
    """
    The reactivation view

    Resend the activation email.
    """
    request.user['verification_key'] = unicode(uuid.uuid4())
    request.user.save()

    send_verification_email(request.user, request)

    messages.add_message(
        request,
        messages.INFO,
        _('Resent your verification email.'))
    return redirect(
        request, 'mediagoblin.user_pages.user_home',
        user=request.user['username'])
Commit	Line	Data
8e1e744d	1	# GNU MediaGoblin -- federated, autonomous media hosting
24181820 CAW	2	# Copyright (C) 2011 Free Software Foundation, Inc
	3	#
	4	# This program is free software: you can redistribute it and/or modify
	5	# it under the terms of the GNU Affero General Public License as published by
	6	# the Free Software Foundation, either version 3 of the License, or
	7	# (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU Affero General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16
a77d952a CAW	17	import uuid
a77d952a CAW	18
1c63ad5d	19	from webob import exc
24181820	20
cfe46f3e	21	from mediagoblin import messages
13677ef9	22	from mediagoblin import mg_globals
de12b4e7	23	from mediagoblin.util import render_to_response, redirect, render_404
4b1adc13	24	from mediagoblin.util import pass_to_ugettext as _
e0f84870	25	from mediagoblin.db.util import ObjectId
24181820 CAW	26	from mediagoblin.auth import lib as auth_lib
24181820 CAW	27	from mediagoblin.auth import forms as auth_forms
02d80437	28	from mediagoblin.auth.lib import send_verification_email
24181820 CAW	29
	30
	31	def register(request):
	32	"""
	33	Your classic registration view!
	34	"""
13677ef9 RL	35	# Redirects to indexpage if registrations are disabled
13677ef9 RL	36	if not mg_globals.app_config["allow_registration"]:
166dc91a CAW	37	messages.add_message(
	38	request,
	39	messages.WARNING,
4b1adc13	40	_('Sorry, registration is disabled on this instance.'))
13677ef9 RL	41	return redirect(request, "index")
13677ef9 RL	42
24181820 CAW	43	register_form = auth_forms.RegistrationForm(request.POST)
	44
	45	if request.method == 'POST' and register_form.validate():
	46	# TODO: Make sure the user doesn't exist already
ce72a1bb	47
dc49cf60 CAW	48	users_with_username = request.db.User.find(
dc49cf60 CAW	49	{'username': request.POST['username'].lower()}).count()
0bf099d7 AV	50	users_with_email = request.db.User.find(
0bf099d7 AV	51	{'email': request.POST['email'].lower()}).count()
24181820	52
9f6ea475 CAW	53	extra_validation_passes = True
9f6ea475 CAW	54
24181820 CAW	55	if users_with_username:
24181820 CAW	56	register_form.username.errors.append(
4b1adc13	57	_(u'Sorry, a user with that name already exists.'))
9f6ea475 CAW	58	extra_validation_passes = False
9f6ea475 CAW	59	if users_with_email:
0bf099d7 AV	60	register_form.email.errors.append(
0bf099d7 AV	61	_(u'Sorry, that email address has already been taken.'))
9f6ea475	62	extra_validation_passes = False
24181820	63
9f6ea475	64	if extra_validation_passes:
24181820	65	# Create the user
0bc03620 CAW	66	user = request.db.User()
0bc03620 CAW	67	user['username'] = request.POST['username'].lower()
873e4e9d	68	user['email'] = request.POST['email'].lower()
0bc03620	69	user['pw_hash'] = auth_lib.bcrypt_gen_password_hash(
24181820	70	request.POST['password'])
0bc03620 CAW	71	user.save(validate=True)
0bc03620 CAW	72
f73f4c4b CAW	73	# log the user in
	74	request.session['user_id'] = unicode(user['_id'])
	75	request.session.save()
	76
	77	# send verification email
0bc03620 CAW	78	send_verification_email(user, request)
0bc03620 CAW	79
dce5c9cb CAW	80	# redirect the user to their homepage... there will be a
dce5c9cb CAW	81	# message waiting for them to verify their email
0bc03620 CAW	82	return redirect(
	83	request, 'mediagoblin.user_pages.user_home',
	84	user=user['username'])
24181820	85
9038c9f9 CAW	86	return render_to_response(
9038c9f9 CAW	87	request,
c9c24934 E	88	'mediagoblin/auth/register.html',
c9c24934 E	89	{'register_form': register_form})
24181820 CAW	90
24181820 CAW	91
692fd1c9	92	def login(request):
a3776717	93	"""
8e1e744d	94	MediaGoblin login view.
a3776717 CAW	95
	96	If you provide the POST with 'next', it'll redirect to that view.
	97	"""
692fd1c9 CAW	98	login_form = auth_forms.LoginForm(request.POST)
692fd1c9 CAW	99
a3776717 CAW	100	login_failed = False
a3776717 CAW	101
692fd1c9	102	if request.method == 'POST' and login_form.validate():
b058cf15	103	user = request.db.User.one(
ce72a1bb	104	{'username': request.POST['username'].lower()})
692fd1c9	105
d1938963	106	if user and user.check_login(request.POST['password']):
692fd1c9 CAW	107	# set up login in session
692fd1c9 CAW	108	request.session['user_id'] = unicode(user['_id'])
a3776717	109	request.session.save()
692fd1c9	110
574d1511	111	if request.POST.get('next'):
a3776717 CAW	112	return exc.HTTPFound(location=request.POST['next'])
a3776717 CAW	113	else:
9150244a	114	return redirect(request, "index")
692fd1c9 CAW	115
	116	else:
	117	# Prevent detecting who's on this system by testing login
	118	# attempt timings
	119	auth_lib.fake_login_attempt()
a3776717	120	login_failed = True
692fd1c9	121
9038c9f9 CAW	122	return render_to_response(
9038c9f9 CAW	123	request,
c9c24934 E	124	'mediagoblin/auth/login.html',
	125	{'login_form': login_form,
	126	'next': request.GET.get('next') or request.POST.get('next'),
13bb1d67 RL	127	'login_failed': login_failed,
13bb1d67 RL	128	'allow_registration': mg_globals.app_config["allow_registration"]})
692fd1c9 CAW	129
	130
	131	def logout(request):
b97232fa CAW	132	# Maybe deleting the user_id parameter would be enough?
b97232fa CAW	133	request.session.delete()
7b31a11c	134
9150244a	135	return redirect(request, "index")
db1a438f	136
5866d1a8	137
db1a438f	138	def verify_email(request):
4c093e85 JW	139	"""
	140	Email verification view
	141
	142	validates GET parameters against database and unlocks the user account, if
	143	you are lucky :)
	144	"""
155f24f9 CAW	145	# If we don't have userid and token parameters, we can't do anything; 404
155f24f9 CAW	146	if not request.GET.has_key('userid') or not request.GET.has_key('token'):
de12b4e7	147	return render_404(request)
155f24f9	148
db1a438f	149	user = request.db.User.find_one(
e0f84870	150	{'_id': ObjectId(unicode(request.GET['userid']))})
db1a438f	151
155f24f9	152	if user and user['verification_key'] == unicode(request.GET['token']):
db1a438f JW	153	user['status'] = u'active'
db1a438f JW	154	user['email_verified'] = True
db1a438f	155	user.save()
fe80cb06	156	messages.add_message(
7b31a11c CAW	157	request,
7b31a11c CAW	158	messages.SUCCESS,
4b1adc13 CAW	159	_("Your email address has been verified. "
4b1adc13 CAW	160	"You may now login, edit your profile, and submit images!"))
db1a438f	161	else:
4b1adc13 CAW	162	messages.add_message(
	163	request,
	164	messages.ERROR,
	165	_('The verification key or user id is incorrect'))
7b31a11c	166
269943a6 CAW	167	return redirect(
269943a6 CAW	168	request, 'mediagoblin.user_pages.user_home',
788272f3	169	user=user['username'])
28afb47c	170
5866d1a8	171
b93a6a22 AM	172	def resend_activation(request):
	173	"""
	174	The reactivation view
	175
	176	Resend the activation email.
	177	"""
a77d952a CAW	178	request.user['verification_key'] = unicode(uuid.uuid4())
a77d952a CAW	179	request.user.save()
b93a6a22	180
02d80437	181	send_verification_email(request.user, request)
b93a6a22	182
61927e6e CAW	183	messages.add_message(
	184	request,
	185	messages.INFO,
4b1adc13	186	_('Resent your verification email.'))
61927e6e CAW	187	return redirect(
	188	request, 'mediagoblin.user_pages.user_home',
	189	user=request.user['username'])