Commit | Line | Data |
---|---|---|
8e1e744d | 1 | # GNU MediaGoblin -- federated, autonomous media hosting |
24181820 CAW |
2 | # Copyright (C) 2011 Free Software Foundation, Inc |
3 | # | |
4 | # This program is free software: you can redistribute it and/or modify | |
5 | # it under the terms of the GNU Affero General Public License as published by | |
6 | # the Free Software Foundation, either version 3 of the License, or | |
7 | # (at your option) any later version. | |
8 | # | |
9 | # This program is distributed in the hope that it will be useful, | |
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 | # GNU Affero General Public License for more details. | |
13 | # | |
14 | # You should have received a copy of the GNU Affero General Public License | |
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
16 | ||
a77d952a CAW |
17 | import uuid |
18 | ||
1c63ad5d | 19 | from webob import exc |
24181820 | 20 | |
cfe46f3e | 21 | from mediagoblin import messages |
13677ef9 | 22 | from mediagoblin import mg_globals |
de12b4e7 | 23 | from mediagoblin.util import render_to_response, redirect, render_404 |
4b1adc13 | 24 | from mediagoblin.util import pass_to_ugettext as _ |
e0f84870 | 25 | from mediagoblin.db.util import ObjectId |
24181820 CAW |
26 | from mediagoblin.auth import lib as auth_lib |
27 | from mediagoblin.auth import forms as auth_forms | |
02d80437 | 28 | from mediagoblin.auth.lib import send_verification_email |
24181820 CAW |
29 | |
30 | ||
31 | def register(request): | |
32 | """ | |
33 | Your classic registration view! | |
34 | """ | |
13677ef9 RL |
35 | # Redirects to indexpage if registrations are disabled |
36 | if not mg_globals.app_config["allow_registration"]: | |
166dc91a CAW |
37 | messages.add_message( |
38 | request, | |
39 | messages.WARNING, | |
4b1adc13 | 40 | _('Sorry, registration is disabled on this instance.')) |
13677ef9 RL |
41 | return redirect(request, "index") |
42 | ||
24181820 CAW |
43 | register_form = auth_forms.RegistrationForm(request.POST) |
44 | ||
45 | if request.method == 'POST' and register_form.validate(): | |
46 | # TODO: Make sure the user doesn't exist already | |
ce72a1bb | 47 | |
dc49cf60 CAW |
48 | users_with_username = request.db.User.find( |
49 | {'username': request.POST['username'].lower()}).count() | |
0bf099d7 AV |
50 | users_with_email = request.db.User.find( |
51 | {'email': request.POST['email'].lower()}).count() | |
24181820 | 52 | |
9f6ea475 CAW |
53 | extra_validation_passes = True |
54 | ||
24181820 CAW |
55 | if users_with_username: |
56 | register_form.username.errors.append( | |
4b1adc13 | 57 | _(u'Sorry, a user with that name already exists.')) |
9f6ea475 CAW |
58 | extra_validation_passes = False |
59 | if users_with_email: | |
0bf099d7 AV |
60 | register_form.email.errors.append( |
61 | _(u'Sorry, that email address has already been taken.')) | |
9f6ea475 | 62 | extra_validation_passes = False |
24181820 | 63 | |
9f6ea475 | 64 | if extra_validation_passes: |
24181820 | 65 | # Create the user |
0bc03620 CAW |
66 | user = request.db.User() |
67 | user['username'] = request.POST['username'].lower() | |
873e4e9d | 68 | user['email'] = request.POST['email'].lower() |
0bc03620 | 69 | user['pw_hash'] = auth_lib.bcrypt_gen_password_hash( |
24181820 | 70 | request.POST['password']) |
0bc03620 CAW |
71 | user.save(validate=True) |
72 | ||
f73f4c4b CAW |
73 | # log the user in |
74 | request.session['user_id'] = unicode(user['_id']) | |
75 | request.session.save() | |
76 | ||
77 | # send verification email | |
0bc03620 CAW |
78 | send_verification_email(user, request) |
79 | ||
dce5c9cb CAW |
80 | # redirect the user to their homepage... there will be a |
81 | # message waiting for them to verify their email | |
0bc03620 CAW |
82 | return redirect( |
83 | request, 'mediagoblin.user_pages.user_home', | |
84 | user=user['username']) | |
24181820 | 85 | |
9038c9f9 CAW |
86 | return render_to_response( |
87 | request, | |
c9c24934 E |
88 | 'mediagoblin/auth/register.html', |
89 | {'register_form': register_form}) | |
24181820 CAW |
90 | |
91 | ||
692fd1c9 | 92 | def login(request): |
a3776717 | 93 | """ |
8e1e744d | 94 | MediaGoblin login view. |
a3776717 CAW |
95 | |
96 | If you provide the POST with 'next', it'll redirect to that view. | |
97 | """ | |
692fd1c9 CAW |
98 | login_form = auth_forms.LoginForm(request.POST) |
99 | ||
a3776717 CAW |
100 | login_failed = False |
101 | ||
692fd1c9 | 102 | if request.method == 'POST' and login_form.validate(): |
b058cf15 | 103 | user = request.db.User.one( |
ce72a1bb | 104 | {'username': request.POST['username'].lower()}) |
692fd1c9 | 105 | |
d1938963 | 106 | if user and user.check_login(request.POST['password']): |
692fd1c9 CAW |
107 | # set up login in session |
108 | request.session['user_id'] = unicode(user['_id']) | |
a3776717 | 109 | request.session.save() |
692fd1c9 | 110 | |
574d1511 | 111 | if request.POST.get('next'): |
a3776717 CAW |
112 | return exc.HTTPFound(location=request.POST['next']) |
113 | else: | |
9150244a | 114 | return redirect(request, "index") |
692fd1c9 CAW |
115 | |
116 | else: | |
117 | # Prevent detecting who's on this system by testing login | |
118 | # attempt timings | |
119 | auth_lib.fake_login_attempt() | |
a3776717 | 120 | login_failed = True |
692fd1c9 | 121 | |
9038c9f9 CAW |
122 | return render_to_response( |
123 | request, | |
c9c24934 E |
124 | 'mediagoblin/auth/login.html', |
125 | {'login_form': login_form, | |
126 | 'next': request.GET.get('next') or request.POST.get('next'), | |
13bb1d67 RL |
127 | 'login_failed': login_failed, |
128 | 'allow_registration': mg_globals.app_config["allow_registration"]}) | |
692fd1c9 CAW |
129 | |
130 | ||
131 | def logout(request): | |
b97232fa CAW |
132 | # Maybe deleting the user_id parameter would be enough? |
133 | request.session.delete() | |
7b31a11c | 134 | |
9150244a | 135 | return redirect(request, "index") |
db1a438f | 136 | |
5866d1a8 | 137 | |
db1a438f | 138 | def verify_email(request): |
4c093e85 JW |
139 | """ |
140 | Email verification view | |
141 | ||
142 | validates GET parameters against database and unlocks the user account, if | |
143 | you are lucky :) | |
144 | """ | |
155f24f9 CAW |
145 | # If we don't have userid and token parameters, we can't do anything; 404 |
146 | if not request.GET.has_key('userid') or not request.GET.has_key('token'): | |
de12b4e7 | 147 | return render_404(request) |
155f24f9 | 148 | |
db1a438f | 149 | user = request.db.User.find_one( |
e0f84870 | 150 | {'_id': ObjectId(unicode(request.GET['userid']))}) |
db1a438f | 151 | |
155f24f9 | 152 | if user and user['verification_key'] == unicode(request.GET['token']): |
db1a438f JW |
153 | user['status'] = u'active' |
154 | user['email_verified'] = True | |
db1a438f | 155 | user.save() |
fe80cb06 | 156 | messages.add_message( |
7b31a11c CAW |
157 | request, |
158 | messages.SUCCESS, | |
4b1adc13 CAW |
159 | _("Your email address has been verified. " |
160 | "You may now login, edit your profile, and submit images!")) | |
db1a438f | 161 | else: |
4b1adc13 CAW |
162 | messages.add_message( |
163 | request, | |
164 | messages.ERROR, | |
165 | _('The verification key or user id is incorrect')) | |
7b31a11c | 166 | |
269943a6 CAW |
167 | return redirect( |
168 | request, 'mediagoblin.user_pages.user_home', | |
788272f3 | 169 | user=user['username']) |
28afb47c | 170 | |
5866d1a8 | 171 | |
b93a6a22 AM |
172 | def resend_activation(request): |
173 | """ | |
174 | The reactivation view | |
175 | ||
176 | Resend the activation email. | |
177 | """ | |
a77d952a CAW |
178 | request.user['verification_key'] = unicode(uuid.uuid4()) |
179 | request.user.save() | |
b93a6a22 | 180 | |
02d80437 | 181 | send_verification_email(request.user, request) |
b93a6a22 | 182 | |
61927e6e CAW |
183 | messages.add_message( |
184 | request, | |
185 | messages.INFO, | |
4b1adc13 | 186 | _('Resent your verification email.')) |
61927e6e CAW |
187 | return redirect( |
188 | request, 'mediagoblin.user_pages.user_home', | |
189 | user=request.user['username']) |