[mediagoblin.git] / mediagoblin / auth / views.py

# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

import six

from itsdangerous import BadSignature

from mediagoblin import messages, mg_globals
from mediagoblin.db.models import User, Privilege
from mediagoblin.tools.crypto import get_timed_signer_url
from mediagoblin.decorators import auth_enabled, allow_registration
from mediagoblin.tools.response import render_to_response, redirect, render_404
from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.tools.mail import email_debug_message
from mediagoblin.tools.pluginapi import hook_handle
from mediagoblin.auth.tools import (send_verification_email, register_user,
                                    check_login_simple)

_log = logging.getLogger(__name__)


@allow_registration
@auth_enabled
def register(request):
    """The registration view.

    Note that usernames will always be lowercased. Email domains are lowercased while
    the first part remains case-sensitive.
    """
    if 'pass_auth' not in request.template_env.globals:
        redirect_name = hook_handle('auth_no_pass_redirect')
        if redirect_name:
            return redirect(request, 'mediagoblin.plugins.{0}.register'.format(
                redirect_name))
        else:
            return redirect(request, 'index')

    register_form = hook_handle("auth_get_registration_form", request)

    if request.method == 'POST' and register_form.validate():
        # TODO: Make sure the user doesn't exist already
        user = register_user(request, register_form)

        if user:
            # redirect the user to their homepage... there will be a
            # message waiting for them to verify their email
            return redirect(
                request, 'mediagoblin.user_pages.user_home',
                user=user.username)

    return render_to_response(
        request,
        'mediagoblin/auth/register.html',
        {'register_form': register_form,
         'post_url': request.urlgen('mediagoblin.auth.register')})


@auth_enabled
def login(request):
    """
    MediaGoblin login view.

    If you provide the POST with 'next', it'll redirect to that view.
    """
    if 'pass_auth' not in request.template_env.globals:
        redirect_name = hook_handle('auth_no_pass_redirect')
        if redirect_name:
            return redirect(request, 'mediagoblin.plugins.{0}.login'.format(
                redirect_name))
        else:
            return redirect(request, 'index')

    login_form = hook_handle("auth_get_login_form", request)

    login_failed = False

    if request.method == 'POST':

        if login_form.validate():
            user = check_login_simple(
                login_form.username.data,
                login_form.password.data)

            if user:
                # set up login in session
                if login_form.stay_logged_in.data:
                    request.session['stay_logged_in'] = True
                request.session['user_id'] = six.text_type(user.id)
                request.session.save()

                if request.form.get('next'):
                    return redirect(request, location=request.form['next'])
                else:
                    return redirect(request, "index")

            login_failed = True
            remote_addr = (request.access_route and request.access_route[-1]
                           or request.remote_addr)
            _log.warn("Failed login attempt from %r", remote_addr)

    return render_to_response(
        request,
        'mediagoblin/auth/login.html',
        {'login_form': login_form,
         'next': request.GET.get('next') or request.form.get('next'),
         'login_failed': login_failed,
         'post_url': request.urlgen('mediagoblin.auth.login'),
         'allow_registration': mg_globals.app_config["allow_registration"]})


def logout(request):
    # Maybe deleting the user_id parameter would be enough?
    request.session.delete()

    return redirect(request, "index")


def verify_email(request):
    """
    Email verification view

    validates GET parameters against database and unlocks the user account, if
    you are lucky :)
    """
    # If we don't have userid and token parameters, we can't do anything; 404
    if not 'token' in request.GET:
        return render_404(request)

    # Catch error if token is faked or expired
    try:
        token = get_timed_signer_url("mail_verification_token") \
                .loads(request.GET['token'], max_age=10*24*3600)
    except BadSignature:
        messages.add_message(
            request,
            messages.ERROR,
            _('The verification key or user id is incorrect.'))

        return redirect(
            request,
            'index')

    user = User.query.filter_by(id=int(token)).first()

    if user and user.has_privilege(u'active') is False:
        user.verification_key = None
        user.all_privileges.append(
            Privilege.query.filter(
            Privilege.privilege_name==u'active').first())

        user.save()

        messages.add_message(
            request,
            messages.SUCCESS,
            _("Your email address has been verified. "
              "You may now login, edit your profile, and submit images!"))
    else:
        messages.add_message(
            request,
            messages.ERROR,
            _('The verification key or user id is incorrect'))

    return redirect(
        request, 'mediagoblin.user_pages.user_home',
        user=user.username)


def resend_activation(request):
    """
    The reactivation view

    Resend the activation email.
    """

    if request.user is None:
        messages.add_message(
            request,
            messages.ERROR,
            _('You must be logged in so we know who to send the email to!'))

        return redirect(request, 'mediagoblin.auth.login')

    if request.user.has_privilege(u'active'):
        messages.add_message(
            request,
            messages.ERROR,
            _("You've already verified your email address!"))

        return redirect(request, "mediagoblin.user_pages.user_home", user=request.user.username)

    email_debug_message(request)
    send_verification_email(request.user, request)

    messages.add_message(
        request,
        messages.INFO,
        _('Resent your verification email.'))
    return redirect(
        request, 'mediagoblin.user_pages.user_home',
        user=request.user.username)
Commit	Line	Data
	1	# GNU MediaGoblin -- federated, autonomous media hosting
	2	# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
	3	#
	4	# This program is free software: you can redistribute it and/or modify
	5	# it under the terms of the GNU Affero General Public License as published by
	6	# the Free Software Foundation, either version 3 of the License, or
	7	# (at your option) any later version.
	8	#
	9	# This program is distributed in the hope that it will be useful,
	10	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	11	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	12	# GNU Affero General Public License for more details.
	13	#
	14	# You should have received a copy of the GNU Affero General Public License
	15	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	16
	17	import logging
	18
	19	import six
	20
	21	from itsdangerous import BadSignature
	22
	23	from mediagoblin import messages, mg_globals
	24	from mediagoblin.db.models import User, Privilege
	25	from mediagoblin.tools.crypto import get_timed_signer_url
	26	from mediagoblin.decorators import auth_enabled, allow_registration
	27	from mediagoblin.tools.response import render_to_response, redirect, render_404
	28	from mediagoblin.tools.translate import pass_to_ugettext as _
	29	from mediagoblin.tools.mail import email_debug_message
	30	from mediagoblin.tools.pluginapi import hook_handle
	31	from mediagoblin.auth.tools import (send_verification_email, register_user,
	32	check_login_simple)
	33
	34	_log = logging.getLogger(__name__)
	35
	36
	37	@allow_registration
	38	@auth_enabled
	39	def register(request):
	40	"""The registration view.
	41
	42	Note that usernames will always be lowercased. Email domains are lowercased while
	43	the first part remains case-sensitive.
	44	"""
	45	if 'pass_auth' not in request.template_env.globals:
	46	redirect_name = hook_handle('auth_no_pass_redirect')
	47	if redirect_name:
	48	return redirect(request, 'mediagoblin.plugins.{0}.register'.format(
	49	redirect_name))
	50	else:
	51	return redirect(request, 'index')
	52
	53	register_form = hook_handle("auth_get_registration_form", request)
	54
	55	if request.method == 'POST' and register_form.validate():
	56	# TODO: Make sure the user doesn't exist already
	57	user = register_user(request, register_form)
	58
	59	if user:
	60	# redirect the user to their homepage... there will be a
	61	# message waiting for them to verify their email
	62	return redirect(
	63	request, 'mediagoblin.user_pages.user_home',
	64	user=user.username)
	65
	66	return render_to_response(
	67	request,
	68	'mediagoblin/auth/register.html',
	69	{'register_form': register_form,
	70	'post_url': request.urlgen('mediagoblin.auth.register')})
	71
	72
	73	@auth_enabled
	74	def login(request):
	75	"""
	76	MediaGoblin login view.
	77
	78	If you provide the POST with 'next', it'll redirect to that view.
	79	"""
	80	if 'pass_auth' not in request.template_env.globals:
	81	redirect_name = hook_handle('auth_no_pass_redirect')
	82	if redirect_name:
	83	return redirect(request, 'mediagoblin.plugins.{0}.login'.format(
	84	redirect_name))
	85	else:
	86	return redirect(request, 'index')
	87
	88	login_form = hook_handle("auth_get_login_form", request)
	89
	90	login_failed = False
	91
	92	if request.method == 'POST':
	93
	94	if login_form.validate():
	95	user = check_login_simple(
	96	login_form.username.data,
	97	login_form.password.data)
	98
	99	if user:
	100	# set up login in session
	101	if login_form.stay_logged_in.data:
	102	request.session['stay_logged_in'] = True
	103	request.session['user_id'] = six.text_type(user.id)
	104	request.session.save()
	105
	106	if request.form.get('next'):
	107	return redirect(request, location=request.form['next'])
	108	else:
	109	return redirect(request, "index")
	110
	111	login_failed = True
	112	remote_addr = (request.access_route and request.access_route[-1]
	113	or request.remote_addr)
	114	_log.warn("Failed login attempt from %r", remote_addr)
	115
	116	return render_to_response(
	117	request,
	118	'mediagoblin/auth/login.html',
	119	{'login_form': login_form,
	120	'next': request.GET.get('next') or request.form.get('next'),
	121	'login_failed': login_failed,
	122	'post_url': request.urlgen('mediagoblin.auth.login'),
	123	'allow_registration': mg_globals.app_config["allow_registration"]})
	124
	125
	126	def logout(request):
	127	# Maybe deleting the user_id parameter would be enough?
	128	request.session.delete()
	129
	130	return redirect(request, "index")
	131
	132
	133	def verify_email(request):
	134	"""
	135	Email verification view
	136
	137	validates GET parameters against database and unlocks the user account, if
	138	you are lucky :)
	139	"""
	140	# If we don't have userid and token parameters, we can't do anything; 404
	141	if not 'token' in request.GET:
	142	return render_404(request)
	143
	144	# Catch error if token is faked or expired
	145	try:
	146	token = get_timed_signer_url("mail_verification_token") \
	147	.loads(request.GET['token'], max_age=10243600)
	148	except BadSignature:
	149	messages.add_message(
	150	request,
	151	messages.ERROR,
	152	_('The verification key or user id is incorrect.'))
	153
	154	return redirect(
	155	request,
	156	'index')
	157
	158	user = User.query.filter_by(id=int(token)).first()
	159
	160	if user and user.has_privilege(u'active') is False:
	161	user.verification_key = None
	162	user.all_privileges.append(
	163	Privilege.query.filter(
	164	Privilege.privilege_name==u'active').first())
	165
	166	user.save()
	167
	168	messages.add_message(
	169	request,
	170	messages.SUCCESS,
	171	_("Your email address has been verified. "
	172	"You may now login, edit your profile, and submit images!"))
	173	else:
	174	messages.add_message(
	175	request,
	176	messages.ERROR,
	177	_('The verification key or user id is incorrect'))
	178
	179	return redirect(
	180	request, 'mediagoblin.user_pages.user_home',
	181	user=user.username)
	182
	183
	184	def resend_activation(request):
	185	"""
	186	The reactivation view
	187
	188	Resend the activation email.
	189	"""
	190
	191	if request.user is None:
	192	messages.add_message(
	193	request,
	194	messages.ERROR,
	195	_('You must be logged in so we know who to send the email to!'))
	196
	197	return redirect(request, 'mediagoblin.auth.login')
	198
	199	if request.user.has_privilege(u'active'):
	200	messages.add_message(
	201	request,
	202	messages.ERROR,
	203	_("You've already verified your email address!"))
	204
	205	return redirect(request, "mediagoblin.user_pages.user_home", user=request.user.username)
	206
	207	email_debug_message(request)
	208	send_verification_email(request.user, request)
	209
	210	messages.add_message(
	211	request,
	212	messages.INFO,
	213	_('Resent your verification email.'))
	214	return redirect(
	215	request, 'mediagoblin.user_pages.user_home',
	216	user=request.user.username)