1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 from itsdangerous
import BadSignature
19 from mediagoblin
import messages
, mg_globals
20 from mediagoblin
.db
.models
import User
, Privilege
21 from mediagoblin
.tools
.crypto
import get_timed_signer_url
22 from mediagoblin
.decorators
import auth_enabled
, allow_registration
23 from mediagoblin
.tools
.response
import render_to_response
, redirect
, render_404
24 from mediagoblin
.tools
.translate
import pass_to_ugettext
as _
25 from mediagoblin
.tools
.mail
import email_debug_message
26 from mediagoblin
.tools
.pluginapi
import hook_handle
27 from mediagoblin
.auth
.tools
import (send_verification_email
, register_user
,
33 def register(request
):
34 """The registration view.
36 Note that usernames will always be lowercased. Email domains are lowercased while
37 the first part remains case-sensitive.
39 if 'pass_auth' not in request
.template_env
.globals:
40 redirect_name
= hook_handle('auth_no_pass_redirect')
42 return redirect(request
, 'mediagoblin.plugins.{0}.register'.format(
45 return redirect(request
, 'index')
47 register_form
= hook_handle("auth_get_registration_form", request
)
49 if request
.method
== 'POST' and register_form
.validate():
50 # TODO: Make sure the user doesn't exist already
51 user
= register_user(request
, register_form
)
54 # redirect the user to their homepage... there will be a
55 # message waiting for them to verify their email
57 request
, 'mediagoblin.user_pages.user_home',
60 return render_to_response(
62 'mediagoblin/auth/register.html',
63 {'register_form': register_form
,
64 'post_url': request
.urlgen('mediagoblin.auth.register')})
70 MediaGoblin login view.
72 If you provide the POST with 'next', it'll redirect to that view.
74 if 'pass_auth' not in request
.template_env
.globals:
75 redirect_name
= hook_handle('auth_no_pass_redirect')
77 return redirect(request
, 'mediagoblin.plugins.{0}.login'.format(
80 return redirect(request
, 'index')
82 login_form
= hook_handle("auth_get_login_form", request
)
86 if request
.method
== 'POST':
87 username
= login_form
.username
.data
89 if login_form
.validate():
90 user
= check_login_simple(username
, login_form
.password
.data
)
93 # set up login in session
94 if login_form
.stay_logged_in
.data
:
95 request
.session
['stay_logged_in'] = True
96 request
.session
['user_id'] = unicode(user
.id)
97 request
.session
.save()
99 if request
.form
.get('next'):
100 return redirect(request
, location
=request
.form
['next'])
102 return redirect(request
, "index")
106 return render_to_response(
108 'mediagoblin/auth/login.html',
109 {'login_form': login_form
,
110 'next': request
.GET
.get('next') or request
.form
.get('next'),
111 'login_failed': login_failed
,
112 'post_url': request
.urlgen('mediagoblin.auth.login'),
113 'allow_registration': mg_globals
.app_config
["allow_registration"]})
117 # Maybe deleting the user_id parameter would be enough?
118 request
.session
.delete()
120 return redirect(request
, "index")
123 def verify_email(request
):
125 Email verification view
127 validates GET parameters against database and unlocks the user account, if
130 # If we don't have userid and token parameters, we can't do anything; 404
131 if not 'token' in request
.GET
:
132 return render_404(request
)
134 # Catch error if token is faked or expired
136 token
= get_timed_signer_url("mail_verification_token") \
137 .loads(request
.GET
['token'], max_age
=10*24*3600)
139 messages
.add_message(
142 _('The verification key or user id is incorrect.'))
148 user
= User
.query
.filter_by(id=int(token
)).first()
150 if user
and user
.has_privilege(u
'active') is False:
151 user
.verification_key
= None
152 user
.all_privileges
.append(
153 Privilege
.query
.filter(
154 Privilege
.privilege_name
==u
'active').first())
158 messages
.add_message(
161 _("Your email address has been verified. "
162 "You may now login, edit your profile, and submit images!"))
164 messages
.add_message(
167 _('The verification key or user id is incorrect'))
170 request
, 'mediagoblin.user_pages.user_home',
174 def resend_activation(request
):
176 The reactivation view
178 Resend the activation email.
181 if request
.user
is None:
182 messages
.add_message(
185 _('You must be logged in so we know who to send the email to!'))
187 return redirect(request
, 'mediagoblin.auth.login')
189 if request
.user
.has_privilege(u
'active'):
190 messages
.add_message(
193 _("You've already verified your email address!"))
195 return redirect(request
, "mediagoblin.user_pages.user_home", user
=request
.user
['username'])
197 email_debug_message(request
)
198 send_verification_email(request
.user
, request
)
200 messages
.add_message(
203 _('Resent your verification email.'))
205 request
, 'mediagoblin.user_pages.user_home',
206 user
=request
.user
.username
)