Commit | Line | Data |
---|---|---|
8e1e744d | 1 | # GNU MediaGoblin -- federated, autonomous media hosting |
cf29e8a8 | 2 | # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. |
24181820 CAW |
3 | # |
4 | # This program is free software: you can redistribute it and/or modify | |
5 | # it under the terms of the GNU Affero General Public License as published by | |
6 | # the Free Software Foundation, either version 3 of the License, or | |
7 | # (at your option) any later version. | |
8 | # | |
9 | # This program is distributed in the hope that it will be useful, | |
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 | # GNU Affero General Public License for more details. | |
13 | # | |
14 | # You should have received a copy of the GNU Affero General Public License | |
15 | # along with this program. If not, see <http://www.gnu.org/licenses/>. | |
16 | ||
b121d89c AB |
17 | import logging |
18 | ||
e49b7e02 BP |
19 | import six |
20 | ||
342f06f7 | 21 | from itsdangerous import BadSignature |
a77d952a | 22 | |
70f8b2d0 | 23 | from mediagoblin import messages, mg_globals |
3fb96fc9 | 24 | from mediagoblin.db.models import User, Privilege |
342f06f7 | 25 | from mediagoblin.tools.crypto import get_timed_signer_url |
5adb906a | 26 | from mediagoblin.decorators import auth_enabled, allow_registration |
152a3bfa | 27 | from mediagoblin.tools.response import render_to_response, redirect, render_404 |
a789b713 | 28 | from mediagoblin.tools.translate import pass_to_ugettext as _ |
dd39fe60 | 29 | from mediagoblin.tools.mail import email_debug_message |
e4deacd9 | 30 | from mediagoblin.tools.pluginapi import hook_handle |
f9e03221 | 31 | from mediagoblin.auth.tools import (send_verification_email, register_user, |
1d321f1c | 32 | check_login_simple) |
bf33272f | 33 | |
b121d89c AB |
34 | _log = logging.getLogger(__name__) |
35 | ||
bf33272f | 36 | |
5adb906a RE |
37 | @allow_registration |
38 | @auth_enabled | |
24181820 | 39 | def register(request): |
a89df961 SS |
40 | """The registration view. |
41 | ||
42 | Note that usernames will always be lowercased. Email domains are lowercased while | |
43 | the first part remains case-sensitive. | |
24181820 | 44 | """ |
5784c12d | 45 | if 'pass_auth' not in request.template_env.globals: |
e4deacd9 | 46 | redirect_name = hook_handle('auth_no_pass_redirect') |
4f8f0a4e RE |
47 | if redirect_name: |
48 | return redirect(request, 'mediagoblin.plugins.{0}.register'.format( | |
49 | redirect_name)) | |
50 | else: | |
51 | return redirect(request, 'index') | |
5784c12d | 52 | |
e4deacd9 | 53 | register_form = hook_handle("auth_get_registration_form", request) |
24181820 CAW |
54 | |
55 | if request.method == 'POST' and register_form.validate(): | |
56 | # TODO: Make sure the user doesn't exist already | |
5784c12d | 57 | user = register_user(request, register_form) |
0bc03620 | 58 | |
5784c12d | 59 | if user: |
dce5c9cb CAW |
60 | # redirect the user to their homepage... there will be a |
61 | # message waiting for them to verify their email | |
0bc03620 CAW |
62 | return redirect( |
63 | request, 'mediagoblin.user_pages.user_home', | |
5a4e3ff1 | 64 | user=user.username) |
24181820 | 65 | |
9038c9f9 CAW |
66 | return render_to_response( |
67 | request, | |
c9c24934 | 68 | 'mediagoblin/auth/register.html', |
57e8be21 | 69 | {'register_form': register_form, |
57e8be21 | 70 | 'post_url': request.urlgen('mediagoblin.auth.register')}) |
24181820 CAW |
71 | |
72 | ||
5adb906a | 73 | @auth_enabled |
692fd1c9 | 74 | def login(request): |
a3776717 | 75 | """ |
8e1e744d | 76 | MediaGoblin login view. |
a3776717 CAW |
77 | |
78 | If you provide the POST with 'next', it'll redirect to that view. | |
79 | """ | |
5784c12d | 80 | if 'pass_auth' not in request.template_env.globals: |
e4deacd9 | 81 | redirect_name = hook_handle('auth_no_pass_redirect') |
4f8f0a4e RE |
82 | if redirect_name: |
83 | return redirect(request, 'mediagoblin.plugins.{0}.login'.format( | |
84 | redirect_name)) | |
85 | else: | |
86 | return redirect(request, 'index') | |
5784c12d | 87 | |
e4deacd9 | 88 | login_form = hook_handle("auth_get_login_form", request) |
692fd1c9 | 89 | |
a3776717 CAW |
90 | login_failed = False |
91 | ||
69b56235 | 92 | if request.method == 'POST': |
b2c8dbcf | 93 | |
0578d8b3 | 94 | if login_form.validate(): |
a2b3c623 | 95 | user = check_login_simple( |
96 | login_form.username.data, | |
97 | login_form.password.data) | |
692fd1c9 | 98 | |
1d321f1c | 99 | if user: |
69b56235 | 100 | # set up login in session |
527b7e3b | 101 | if login_form.stay_logged_in.data: |
ef57b062 | 102 | request.session['stay_logged_in'] = True |
e49b7e02 | 103 | request.session['user_id'] = six.text_type(user.id) |
69b56235 | 104 | request.session.save() |
692fd1c9 | 105 | |
69b56235 SS |
106 | if request.form.get('next'): |
107 | return redirect(request, location=request.form['next']) | |
108 | else: | |
109 | return redirect(request, "index") | |
692fd1c9 | 110 | |
a3776717 | 111 | login_failed = True |
b121d89c AB |
112 | remote_addr = request.access_route[-1] or request.remote_addr |
113 | _log.warn("Failed login attempt from %r", remote_addr) | |
692fd1c9 | 114 | |
9038c9f9 CAW |
115 | return render_to_response( |
116 | request, | |
c9c24934 E |
117 | 'mediagoblin/auth/login.html', |
118 | {'login_form': login_form, | |
111a609d | 119 | 'next': request.GET.get('next') or request.form.get('next'), |
13bb1d67 | 120 | 'login_failed': login_failed, |
57e8be21 | 121 | 'post_url': request.urlgen('mediagoblin.auth.login'), |
13bb1d67 | 122 | 'allow_registration': mg_globals.app_config["allow_registration"]}) |
692fd1c9 CAW |
123 | |
124 | ||
125 | def logout(request): | |
b97232fa CAW |
126 | # Maybe deleting the user_id parameter would be enough? |
127 | request.session.delete() | |
7b31a11c | 128 | |
9150244a | 129 | return redirect(request, "index") |
db1a438f | 130 | |
5866d1a8 | 131 | |
db1a438f | 132 | def verify_email(request): |
4c093e85 JW |
133 | """ |
134 | Email verification view | |
135 | ||
136 | validates GET parameters against database and unlocks the user account, if | |
137 | you are lucky :) | |
138 | """ | |
155f24f9 | 139 | # If we don't have userid and token parameters, we can't do anything; 404 |
342f06f7 | 140 | if not 'token' in request.GET: |
de12b4e7 | 141 | return render_404(request) |
155f24f9 | 142 | |
342f06f7 RE |
143 | # Catch error if token is faked or expired |
144 | try: | |
145 | token = get_timed_signer_url("mail_verification_token") \ | |
146 | .loads(request.GET['token'], max_age=10*24*3600) | |
147 | except BadSignature: | |
148 | messages.add_message( | |
149 | request, | |
150 | messages.ERROR, | |
151 | _('The verification key or user id is incorrect.')) | |
db1a438f | 152 | |
342f06f7 RE |
153 | return redirect( |
154 | request, | |
155 | 'index') | |
156 | ||
157 | user = User.query.filter_by(id=int(token)).first() | |
158 | ||
25625107 | 159 | if user and user.has_privilege(u'active') is False: |
00bb9550 | 160 | user.verification_key = None |
3fb96fc9 | 161 | user.all_privileges.append( |
162 | Privilege.query.filter( | |
163 | Privilege.privilege_name==u'active').first()) | |
daf02964 | 164 | |
db1a438f | 165 | user.save() |
daf02964 | 166 | |
fe80cb06 | 167 | messages.add_message( |
7b31a11c CAW |
168 | request, |
169 | messages.SUCCESS, | |
4b1adc13 CAW |
170 | _("Your email address has been verified. " |
171 | "You may now login, edit your profile, and submit images!")) | |
db1a438f | 172 | else: |
4b1adc13 CAW |
173 | messages.add_message( |
174 | request, | |
175 | messages.ERROR, | |
176 | _('The verification key or user id is incorrect')) | |
7b31a11c | 177 | |
269943a6 CAW |
178 | return redirect( |
179 | request, 'mediagoblin.user_pages.user_home', | |
5a4e3ff1 | 180 | user=user.username) |
28afb47c | 181 | |
5866d1a8 | 182 | |
b93a6a22 AM |
183 | def resend_activation(request): |
184 | """ | |
185 | The reactivation view | |
186 | ||
187 | Resend the activation email. | |
188 | """ | |
84a7e770 | 189 | |
2fe69916 | 190 | if request.user is None: |
7903a14f AW |
191 | messages.add_message( |
192 | request, | |
193 | messages.ERROR, | |
2fe69916 | 194 | _('You must be logged in so we know who to send the email to!')) |
dfa6994d | 195 | |
5dbeda8a | 196 | return redirect(request, 'mediagoblin.auth.login') |
7903a14f | 197 | |
25625107 | 198 | if request.user.has_privilege(u'active'): |
84a7e770 AW |
199 | messages.add_message( |
200 | request, | |
201 | messages.ERROR, | |
2fe69916 | 202 | _("You've already verified your email address!")) |
dfa6994d | 203 | |
5aa4ab06 | 204 | return redirect(request, "mediagoblin.user_pages.user_home", user=request.user.username) |
84a7e770 | 205 | |
bf33272f | 206 | email_debug_message(request) |
02d80437 | 207 | send_verification_email(request.user, request) |
b93a6a22 | 208 | |
61927e6e CAW |
209 | messages.add_message( |
210 | request, | |
211 | messages.INFO, | |
4b1adc13 | 212 | _('Resent your verification email.')) |
61927e6e CAW |
213 | return redirect( |
214 | request, 'mediagoblin.user_pages.user_home', | |
5a4e3ff1 | 215 | user=request.user.username) |