[mediagoblin.git] / mediagoblin / auth / views.py

# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011 Free Software Foundation, Inc
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import uuid

from webob import exc

from mediagoblin import messages
from mediagoblin import mg_globals
from mediagoblin.util import render_to_response, redirect
from mediagoblin.db.util import ObjectId
from mediagoblin.auth import lib as auth_lib
from mediagoblin.auth import forms as auth_forms
from mediagoblin.auth.lib import send_verification_email


def register(request):
    """
    Your classic registration view!
    """
    # Redirects to indexpage if registrations are disabled
    if not mg_globals.app_config["allow_registration"]:
        messages.add_message(
            request,
            messages.WARNING,
            ('Sorry, registration is disabled on this instance.'))
        return redirect(request, "index")

    register_form = auth_forms.RegistrationForm(request.POST)

    if request.method == 'POST' and register_form.validate():
        # TODO: Make sure the user doesn't exist already

        users_with_username = \
            request.db.User.find({
                'username': request.POST['username'].lower()
            }).count()

        if users_with_username:
            register_form.username.errors.append(
                u'Sorry, a user with that name already exists.')

        else:
            # Create the user
            entry = request.db.User()
            entry['username'] = request.POST['username'].lower()
            entry['email'] = request.POST['email']
            entry['pw_hash'] = auth_lib.bcrypt_gen_password_hash(
                request.POST['password'])
            entry.save(validate=True)

            send_verification_email(entry, request)

            return redirect(request, "mediagoblin.auth.register_success")

    return render_to_response(
        request,
        'mediagoblin/auth/register.html',
        {'register_form': register_form})


def login(request):
    """
    MediaGoblin login view.

    If you provide the POST with 'next', it'll redirect to that view.
    """
    login_form = auth_forms.LoginForm(request.POST)

    login_failed = False

    if request.method == 'POST' and login_form.validate():
        user = request.db.User.one(
            {'username': request.POST['username'].lower()})

        if user and user.check_login(request.POST['password']):
            # set up login in session
            request.session['user_id'] = unicode(user['_id'])
            request.session.save()

            if request.POST.get('next'):
                return exc.HTTPFound(location=request.POST['next'])
            else:
                return redirect(request, "index")

        else:
            # Prevent detecting who's on this system by testing login
            # attempt timings
            auth_lib.fake_login_attempt()
            login_failed = True

    return render_to_response(
        request,
        'mediagoblin/auth/login.html',
        {'login_form': login_form,
         'next': request.GET.get('next') or request.POST.get('next'),
         'login_failed': login_failed,
         'allow_registration': mg_globals.app_config["allow_registration"]})


def logout(request):
    # Maybe deleting the user_id parameter would be enough?
    request.session.delete()

    return redirect(request, "index")


def verify_email(request):
    """
    Email verification view

    validates GET parameters against database and unlocks the user account, if
    you are lucky :)
    """
    # If we don't have userid and token parameters, we can't do anything; 404
    if not request.GET.has_key('userid') or not request.GET.has_key('token'):
        return exc.HTTPNotFound()

    user = request.db.User.find_one(
        {'_id': ObjectId(unicode(request.GET['userid']))})

    if user and user['verification_key'] == unicode(request.GET['token']):
        user['status'] = u'active'
        user['email_verified'] = True
        user.save()
        verification_successful = True
        messages.add_message(
            request,
            messages.SUCCESS,
            ('Your email address has been verified. '
             'You may now login, edit your profile, and submit images!'))
    else:
        verification_successful = False
        messages.add_message(request,
                             messages.ERROR,
                            'The verification key or user id is incorrect')

    return render_to_response(
        request,
        'mediagoblin/user_pages/user.html',
        {'user': user,
        'verification_successful' : verification_successful})


def resend_activation(request):
    """
    The reactivation view

    Resend the activation email.
    """
    request.user['verification_key'] = unicode(uuid.uuid4())
    request.user.save()

    send_verification_email(request.user, request)

    return redirect(request, 'mediagoblin.auth.resend_verification_success')
Commit	Line	Data
8e1e744d	1	# GNU MediaGoblin -- federated, autonomous media hosting
24181820 CAW	2	# Copyright (C) 2011 Free Software Foundation, Inc
	3	#
	4	# This program is free software: you can redistribute it and/or modify
	5	# it under the terms of the GNU Affero General Public License as published by
	6	# the Free Software Foundation, either version 3 of the License, or
	7	# (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU Affero General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16
a77d952a CAW	17	import uuid
a77d952a CAW	18
1c63ad5d	19	from webob import exc
24181820	20
cfe46f3e	21	from mediagoblin import messages
13677ef9	22	from mediagoblin import mg_globals
9150244a	23	from mediagoblin.util import render_to_response, redirect
e0f84870	24	from mediagoblin.db.util import ObjectId
24181820 CAW	25	from mediagoblin.auth import lib as auth_lib
24181820 CAW	26	from mediagoblin.auth import forms as auth_forms
02d80437	27	from mediagoblin.auth.lib import send_verification_email
24181820 CAW	28
	29
	30	def register(request):
	31	"""
	32	Your classic registration view!
	33	"""
13677ef9 RL	34	# Redirects to indexpage if registrations are disabled
13677ef9 RL	35	if not mg_globals.app_config["allow_registration"]:
166dc91a CAW	36	messages.add_message(
	37	request,
	38	messages.WARNING,
	39	('Sorry, registration is disabled on this instance.'))
13677ef9 RL	40	return redirect(request, "index")
13677ef9 RL	41
24181820 CAW	42	register_form = auth_forms.RegistrationForm(request.POST)
	43
	44	if request.method == 'POST' and register_form.validate():
	45	# TODO: Make sure the user doesn't exist already
ce72a1bb	46
24181820	47	users_with_username = \
ce72a1bb JK	48	request.db.User.find({
	49	'username': request.POST['username'].lower()
	50	}).count()
24181820 CAW	51
	52	if users_with_username:
	53	register_form.username.errors.append(
	54	u'Sorry, a user with that name already exists.')
	55
	56	else:
	57	# Create the user
	58	entry = request.db.User()
ce72a1bb	59	entry['username'] = request.POST['username'].lower()
24181820 CAW	60	entry['email'] = request.POST['email']
	61	entry['pw_hash'] = auth_lib.bcrypt_gen_password_hash(
	62	request.POST['password'])
	63	entry.save(validate=True)
7b31a11c	64
02d80437 AM	65	send_verification_email(entry, request)
02d80437 AM	66
9150244a	67	return redirect(request, "mediagoblin.auth.register_success")
24181820	68
9038c9f9 CAW	69	return render_to_response(
9038c9f9 CAW	70	request,
c9c24934 E	71	'mediagoblin/auth/register.html',
c9c24934 E	72	{'register_form': register_form})
24181820 CAW	73
24181820 CAW	74
692fd1c9	75	def login(request):
a3776717	76	"""
8e1e744d	77	MediaGoblin login view.
a3776717 CAW	78
	79	If you provide the POST with 'next', it'll redirect to that view.
	80	"""
692fd1c9 CAW	81	login_form = auth_forms.LoginForm(request.POST)
692fd1c9 CAW	82
a3776717 CAW	83	login_failed = False
a3776717 CAW	84
692fd1c9	85	if request.method == 'POST' and login_form.validate():
b058cf15	86	user = request.db.User.one(
ce72a1bb	87	{'username': request.POST['username'].lower()})
692fd1c9	88
d1938963	89	if user and user.check_login(request.POST['password']):
692fd1c9 CAW	90	# set up login in session
692fd1c9 CAW	91	request.session['user_id'] = unicode(user['_id'])
a3776717	92	request.session.save()
692fd1c9	93
574d1511	94	if request.POST.get('next'):
a3776717 CAW	95	return exc.HTTPFound(location=request.POST['next'])
a3776717 CAW	96	else:
9150244a	97	return redirect(request, "index")
692fd1c9 CAW	98
	99	else:
	100	# Prevent detecting who's on this system by testing login
	101	# attempt timings
	102	auth_lib.fake_login_attempt()
a3776717	103	login_failed = True
692fd1c9	104
9038c9f9 CAW	105	return render_to_response(
9038c9f9 CAW	106	request,
c9c24934 E	107	'mediagoblin/auth/login.html',
	108	{'login_form': login_form,
	109	'next': request.GET.get('next') or request.POST.get('next'),
13bb1d67 RL	110	'login_failed': login_failed,
13bb1d67 RL	111	'allow_registration': mg_globals.app_config["allow_registration"]})
692fd1c9 CAW	112
	113
	114	def logout(request):
b97232fa CAW	115	# Maybe deleting the user_id parameter would be enough?
b97232fa CAW	116	request.session.delete()
7b31a11c	117
9150244a	118	return redirect(request, "index")
db1a438f	119
5866d1a8	120
db1a438f	121	def verify_email(request):
4c093e85 JW	122	"""
	123	Email verification view
	124
	125	validates GET parameters against database and unlocks the user account, if
	126	you are lucky :)
	127	"""
155f24f9 CAW	128	# If we don't have userid and token parameters, we can't do anything; 404
	129	if not request.GET.has_key('userid') or not request.GET.has_key('token'):
	130	return exc.HTTPNotFound()
	131
db1a438f	132	user = request.db.User.find_one(
e0f84870	133	{'_id': ObjectId(unicode(request.GET['userid']))})
db1a438f	134
155f24f9	135	if user and user['verification_key'] == unicode(request.GET['token']):
db1a438f JW	136	user['status'] = u'active'
db1a438f JW	137	user['email_verified'] = True
db1a438f	138	user.save()
e054ae9b	139	verification_successful = True
fe80cb06	140	messages.add_message(
7b31a11c CAW	141	request,
7b31a11c CAW	142	messages.SUCCESS,
fe80cb06 CAW	143	('Your email address has been verified. '
fe80cb06 CAW	144	'You may now login, edit your profile, and submit images!'))
db1a438f	145	else:
e054ae9b	146	verification_successful = False
7b31a11c CAW	147	messages.add_message(request,
	148	messages.ERROR,
	149	'The verification key or user id is incorrect')
	150
9038c9f9 CAW	151	return render_to_response(
9038c9f9 CAW	152	request,
cfe46f3e	153	'mediagoblin/user_pages/user.html',
e054ae9b CFD	154	{'user': user,
e054ae9b CFD	155	'verification_successful' : verification_successful})
28afb47c	156
5866d1a8	157
b93a6a22 AM	158	def resend_activation(request):
	159	"""
	160	The reactivation view
	161
	162	Resend the activation email.
	163	"""
a77d952a CAW	164	request.user['verification_key'] = unicode(uuid.uuid4())
a77d952a CAW	165	request.user.save()
b93a6a22	166
02d80437	167	send_verification_email(request.user, request)
b93a6a22	168
9150244a	169	return redirect(request, 'mediagoblin.auth.resend_verification_success')