mediagoblin/auth/views.py

   1 # GNU MediaGoblin -- federated, autonomous media hosting
   2 # Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
   3 #
   4 # This program is free software: you can redistribute it and/or modify
   5 # it under the terms of the GNU Affero General Public License as published by
   6 # the Free Software Foundation, either version 3 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU Affero General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU Affero General Public License
  15 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 import six
  18
  19 from itsdangerous import BadSignature
  20
  21 from mediagoblin import messages, mg_globals
  22 from mediagoblin.db.models import User, Privilege
  23 from mediagoblin.tools.crypto import get_timed_signer_url
  24 from mediagoblin.decorators import auth_enabled, allow_registration
  25 from mediagoblin.tools.response import render_to_response, redirect, render_404
  26 from mediagoblin.tools.translate import pass_to_ugettext as _
  27 from mediagoblin.tools.mail import email_debug_message
  28 from mediagoblin.tools.pluginapi import hook_handle
  29 from mediagoblin.auth.tools import (send_verification_email, register_user,
  30                                     check_login_simple)
  31
  32
  33 @allow_registration
  34 @auth_enabled
  35 def register(request):
  36     """The registration view.
  37
  38     Note that usernames will always be lowercased. Email domains are lowercased while
  39     the first part remains case-sensitive.
  40     """
  41     if 'pass_auth' not in request.template_env.globals:
  42         redirect_name = hook_handle('auth_no_pass_redirect')
  43         if redirect_name:
  44             return redirect(request, 'mediagoblin.plugins.{0}.register'.format(
  45                 redirect_name))
  46         else:
  47             return redirect(request, 'index')
  48
  49     register_form = hook_handle("auth_get_registration_form", request)
  50
  51     if request.method == 'POST' and register_form.validate():
  52         # TODO: Make sure the user doesn't exist already
  53         user = register_user(request, register_form)
  54
  55         if user:
  56             # redirect the user to their homepage... there will be a
  57             # message waiting for them to verify their email
  58             return redirect(
  59                 request, 'mediagoblin.user_pages.user_home',
  60                 user=user.username)
  61
  62     return render_to_response(
  63         request,
  64         'mediagoblin/auth/register.html',
  65         {'register_form': register_form,
  66          'post_url': request.urlgen('mediagoblin.auth.register')})
  67
  68
  69 @auth_enabled
  70 def login(request):
  71     """
  72     MediaGoblin login view.
  73
  74     If you provide the POST with 'next', it'll redirect to that view.
  75     """
  76     if 'pass_auth' not in request.template_env.globals:
  77         redirect_name = hook_handle('auth_no_pass_redirect')
  78         if redirect_name:
  79             return redirect(request, 'mediagoblin.plugins.{0}.login'.format(
  80                 redirect_name))
  81         else:
  82             return redirect(request, 'index')
  83
  84     login_form = hook_handle("auth_get_login_form", request)
  85
  86     login_failed = False
  87
  88     if request.method == 'POST':
  89         username = login_form.username.data
  90
  91         if login_form.validate():
  92             user = check_login_simple(username, login_form.password.data)
  93
  94             if user:
  95                 # set up login in session
  96                 if login_form.stay_logged_in.data:
  97                     request.session['stay_logged_in'] = True
  98                 request.session['user_id'] = six.text_type(user.id)
  99                 request.session.save()
 100
 101                 if request.form.get('next'):
 102                     return redirect(request, location=request.form['next'])
 103                 else:
 104                     return redirect(request, "index")
 105
 106             login_failed = True
 107
 108     return render_to_response(
 109         request,
 110         'mediagoblin/auth/login.html',
 111         {'login_form': login_form,
 112          'next': request.GET.get('next') or request.form.get('next'),
 113          'login_failed': login_failed,
 114          'post_url': request.urlgen('mediagoblin.auth.login'),
 115          'allow_registration': mg_globals.app_config["allow_registration"]})
 116
 117
 118 def logout(request):
 119     # Maybe deleting the user_id parameter would be enough?
 120     request.session.delete()
 121
 122     return redirect(request, "index")
 123
 124
 125 def verify_email(request):
 126     """
 127     Email verification view
 128
 129     validates GET parameters against database and unlocks the user account, if
 130     you are lucky :)
 131     """
 132     # If we don't have userid and token parameters, we can't do anything; 404
 133     if not 'token' in request.GET:
 134         return render_404(request)
 135
 136     # Catch error if token is faked or expired
 137     try:
 138         token = get_timed_signer_url("mail_verification_token") \
 139                 .loads(request.GET['token'], max_age=10*24*3600)
 140     except BadSignature:
 141         messages.add_message(
 142             request,
 143             messages.ERROR,
 144             _('The verification key or user id is incorrect.'))
 145
 146         return redirect(
 147             request,
 148             'index')
 149
 150     user = User.query.filter_by(id=int(token)).first()
 151
 152     if user and user.has_privilege(u'active') is False:
 153         user.verification_key = None
 154         user.all_privileges.append(
 155             Privilege.query.filter(
 156             Privilege.privilege_name==u'active').first())
 157
 158         user.save()
 159
 160         messages.add_message(
 161             request,
 162             messages.SUCCESS,
 163             _("Your email address has been verified. "
 164               "You may now login, edit your profile, and submit images!"))
 165     else:
 166         messages.add_message(
 167             request,
 168             messages.ERROR,
 169             _('The verification key or user id is incorrect'))
 170
 171     return redirect(
 172         request, 'mediagoblin.user_pages.user_home',
 173         user=user.username)
 174
 175
 176 def resend_activation(request):
 177     """
 178     The reactivation view
 179
 180     Resend the activation email.
 181     """
 182
 183     if request.user is None:
 184         messages.add_message(
 185             request,
 186             messages.ERROR,
 187             _('You must be logged in so we know who to send the email to!'))
 188
 189         return redirect(request, 'mediagoblin.auth.login')
 190
 191     if request.user.has_privilege(u'active'):
 192         messages.add_message(
 193             request,
 194             messages.ERROR,
 195             _("You've already verified your email address!"))
 196
 197         return redirect(request, "mediagoblin.user_pages.user_home", user=request.user['username'])
 198
 199     email_debug_message(request)
 200     send_verification_email(request.user, request)
 201
 202     messages.add_message(
 203         request,
 204         messages.INFO,
 205         _('Resent your verification email.'))
 206     return redirect(
 207         request, 'mediagoblin.user_pages.user_home',
 208         user=request.user.username)