a90db0eae9645c65688fe450b9edd53dfea4bce4
1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
19 from itsdangerous
import BadSignature
21 from mediagoblin
import messages
, mg_globals
22 from mediagoblin
.db
.models
import User
, Privilege
23 from mediagoblin
.tools
.crypto
import get_timed_signer_url
24 from mediagoblin
.decorators
import auth_enabled
, allow_registration
25 from mediagoblin
.tools
.response
import render_to_response
, redirect
, render_404
26 from mediagoblin
.tools
.translate
import pass_to_ugettext
as _
27 from mediagoblin
.tools
.mail
import email_debug_message
28 from mediagoblin
.tools
.pluginapi
import hook_handle
29 from mediagoblin
.auth
.tools
import (send_verification_email
, register_user
,
35 def register(request
):
36 """The registration view.
38 Note that usernames will always be lowercased. Email domains are lowercased while
39 the first part remains case-sensitive.
41 if 'pass_auth' not in request
.template_env
.globals:
42 redirect_name
= hook_handle('auth_no_pass_redirect')
44 return redirect(request
, 'mediagoblin.plugins.{0}.register'.format(
47 return redirect(request
, 'index')
49 register_form
= hook_handle("auth_get_registration_form", request
)
51 if request
.method
== 'POST' and register_form
.validate():
52 # TODO: Make sure the user doesn't exist already
53 user
= register_user(request
, register_form
)
56 # redirect the user to their homepage... there will be a
57 # message waiting for them to verify their email
59 request
, 'mediagoblin.user_pages.user_home',
62 return render_to_response(
64 'mediagoblin/auth/register.html',
65 {'register_form': register_form
,
66 'post_url': request
.urlgen('mediagoblin.auth.register')})
72 MediaGoblin login view.
74 If you provide the POST with 'next', it'll redirect to that view.
76 if 'pass_auth' not in request
.template_env
.globals:
77 redirect_name
= hook_handle('auth_no_pass_redirect')
79 return redirect(request
, 'mediagoblin.plugins.{0}.login'.format(
82 return redirect(request
, 'index')
84 login_form
= hook_handle("auth_get_login_form", request
)
88 if request
.method
== 'POST':
89 username
= login_form
.username
.data
91 if login_form
.validate():
92 user
= check_login_simple(username
, login_form
.password
.data
)
95 # set up login in session
96 if login_form
.stay_logged_in
.data
:
97 request
.session
['stay_logged_in'] = True
98 request
.session
['user_id'] = six
.text_type(user
.id)
99 request
.session
.save()
101 if request
.form
.get('next'):
102 return redirect(request
, location
=request
.form
['next'])
104 return redirect(request
, "index")
108 return render_to_response(
110 'mediagoblin/auth/login.html',
111 {'login_form': login_form
,
112 'next': request
.GET
.get('next') or request
.form
.get('next'),
113 'login_failed': login_failed
,
114 'post_url': request
.urlgen('mediagoblin.auth.login'),
115 'allow_registration': mg_globals
.app_config
["allow_registration"]})
119 # Maybe deleting the user_id parameter would be enough?
120 request
.session
.delete()
122 return redirect(request
, "index")
125 def verify_email(request
):
127 Email verification view
129 validates GET parameters against database and unlocks the user account, if
132 # If we don't have userid and token parameters, we can't do anything; 404
133 if not 'token' in request
.GET
:
134 return render_404(request
)
136 # Catch error if token is faked or expired
138 token
= get_timed_signer_url("mail_verification_token") \
139 .loads(request
.GET
['token'], max_age
=10*24*3600)
141 messages
.add_message(
144 _('The verification key or user id is incorrect.'))
150 user
= User
.query
.filter_by(id=int(token
)).first()
152 if user
and user
.has_privilege(u
'active') is False:
153 user
.verification_key
= None
154 user
.all_privileges
.append(
155 Privilege
.query
.filter(
156 Privilege
.privilege_name
==u
'active').first())
160 messages
.add_message(
163 _("Your email address has been verified. "
164 "You may now login, edit your profile, and submit images!"))
166 messages
.add_message(
169 _('The verification key or user id is incorrect'))
172 request
, 'mediagoblin.user_pages.user_home',
176 def resend_activation(request
):
178 The reactivation view
180 Resend the activation email.
183 if request
.user
is None:
184 messages
.add_message(
187 _('You must be logged in so we know who to send the email to!'))
189 return redirect(request
, 'mediagoblin.auth.login')
191 if request
.user
.has_privilege(u
'active'):
192 messages
.add_message(
195 _("You've already verified your email address!"))
197 return redirect(request
, "mediagoblin.user_pages.user_home", user
=request
.user
['username'])
199 email_debug_message(request
)
200 send_verification_email(request
.user
, request
)
202 messages
.add_message(
205 _('Resent your verification email.'))
207 request
, 'mediagoblin.user_pages.user_home',
208 user
=request
.user
.username
)