mediagoblin/auth/views.py

   1 # GNU MediaGoblin -- federated, autonomous media hosting
   2 # Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
   3 #
   4 # This program is free software: you can redistribute it and/or modify
   5 # it under the terms of the GNU Affero General Public License as published by
   6 # the Free Software Foundation, either version 3 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU Affero General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU Affero General Public License
  15 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 import logging
  18
  19 import six
  20
  21 from itsdangerous import BadSignature
  22
  23 from mediagoblin import messages, mg_globals
  24 from mediagoblin.db.models import User, Privilege
  25 from mediagoblin.tools.crypto import get_timed_signer_url
  26 from mediagoblin.decorators import auth_enabled, allow_registration
  27 from mediagoblin.tools.response import render_to_response, redirect, render_404
  28 from mediagoblin.tools.translate import pass_to_ugettext as _
  29 from mediagoblin.tools.mail import email_debug_message
  30 from mediagoblin.tools.pluginapi import hook_handle
  31 from mediagoblin.auth.tools import (send_verification_email, register_user,
  32                                     check_login_simple)
  33
  34 _log = logging.getLogger(__name__)
  35
  36
  37 @allow_registration
  38 @auth_enabled
  39 def register(request):
  40     """The registration view.
  41
  42     Note that usernames will always be lowercased. Email domains are lowercased while
  43     the first part remains case-sensitive.
  44     """
  45     if 'pass_auth' not in request.template_env.globals:
  46         redirect_name = hook_handle('auth_no_pass_redirect')
  47         if redirect_name:
  48             return redirect(request, 'mediagoblin.plugins.{0}.register'.format(
  49                 redirect_name))
  50         else:
  51             return redirect(request, 'index')
  52
  53     register_form = hook_handle("auth_get_registration_form", request)
  54
  55     if request.method == 'POST' and register_form.validate():
  56         # TODO: Make sure the user doesn't exist already
  57         user = register_user(request, register_form)
  58
  59         if user:
  60             # redirect the user to their homepage... there will be a
  61             # message waiting for them to verify their email
  62             return redirect(
  63                 request, 'mediagoblin.user_pages.user_home',
  64                 user=user.username)
  65
  66     return render_to_response(
  67         request,
  68         'mediagoblin/auth/register.html',
  69         {'register_form': register_form,
  70          'post_url': request.urlgen('mediagoblin.auth.register')})
  71
  72
  73 @auth_enabled
  74 def login(request):
  75     """
  76     MediaGoblin login view.
  77
  78     If you provide the POST with 'next', it'll redirect to that view.
  79     """
  80     if 'pass_auth' not in request.template_env.globals:
  81         redirect_name = hook_handle('auth_no_pass_redirect')
  82         if redirect_name:
  83             return redirect(request, 'mediagoblin.plugins.{0}.login'.format(
  84                 redirect_name))
  85         else:
  86             return redirect(request, 'index')
  87
  88     login_form = hook_handle("auth_get_login_form", request)
  89
  90     login_failed = False
  91
  92     if request.method == 'POST':
  93
  94         if login_form.validate():
  95             user = check_login_simple(
  96                 login_form.username.data,
  97                 login_form.password.data)
  98
  99             if user:
 100                 # set up login in session
 101                 if login_form.stay_logged_in.data:
 102                     request.session['stay_logged_in'] = True
 103                 request.session['user_id'] = six.text_type(user.id)
 104                 request.session.save()
 105
 106                 if request.form.get('next'):
 107                     return redirect(request, location=request.form['next'])
 108                 else:
 109                     return redirect(request, "index")
 110
 111             login_failed = True
 112             remote_addr = request.access_route[-1] or request.remote_addr
 113             _log.warn("Failed login attempt from %r", remote_addr)
 114
 115     return render_to_response(
 116         request,
 117         'mediagoblin/auth/login.html',
 118         {'login_form': login_form,
 119          'next': request.GET.get('next') or request.form.get('next'),
 120          'login_failed': login_failed,
 121          'post_url': request.urlgen('mediagoblin.auth.login'),
 122          'allow_registration': mg_globals.app_config["allow_registration"]})
 123
 124
 125 def logout(request):
 126     # Maybe deleting the user_id parameter would be enough?
 127     request.session.delete()
 128
 129     return redirect(request, "index")
 130
 131
 132 def verify_email(request):
 133     """
 134     Email verification view
 135
 136     validates GET parameters against database and unlocks the user account, if
 137     you are lucky :)
 138     """
 139     # If we don't have userid and token parameters, we can't do anything; 404
 140     if not 'token' in request.GET:
 141         return render_404(request)
 142
 143     # Catch error if token is faked or expired
 144     try:
 145         token = get_timed_signer_url("mail_verification_token") \
 146                 .loads(request.GET['token'], max_age=10*24*3600)
 147     except BadSignature:
 148         messages.add_message(
 149             request,
 150             messages.ERROR,
 151             _('The verification key or user id is incorrect.'))
 152
 153         return redirect(
 154             request,
 155             'index')
 156
 157     user = User.query.filter_by(id=int(token)).first()
 158
 159     if user and user.has_privilege(u'active') is False:
 160         user.verification_key = None
 161         user.all_privileges.append(
 162             Privilege.query.filter(
 163             Privilege.privilege_name==u'active').first())
 164
 165         user.save()
 166
 167         messages.add_message(
 168             request,
 169             messages.SUCCESS,
 170             _("Your email address has been verified. "
 171               "You may now login, edit your profile, and submit images!"))
 172     else:
 173         messages.add_message(
 174             request,
 175             messages.ERROR,
 176             _('The verification key or user id is incorrect'))
 177
 178     return redirect(
 179         request, 'mediagoblin.user_pages.user_home',
 180         user=user.username)
 181
 182
 183 def resend_activation(request):
 184     """
 185     The reactivation view
 186
 187     Resend the activation email.
 188     """
 189
 190     if request.user is None:
 191         messages.add_message(
 192             request,
 193             messages.ERROR,
 194             _('You must be logged in so we know who to send the email to!'))
 195
 196         return redirect(request, 'mediagoblin.auth.login')
 197
 198     if request.user.has_privilege(u'active'):
 199         messages.add_message(
 200             request,
 201             messages.ERROR,
 202             _("You've already verified your email address!"))
 203
 204         return redirect(request, "mediagoblin.user_pages.user_home", user=request.user.username)
 205
 206     email_debug_message(request)
 207     send_verification_email(request.user, request)
 208
 209     messages.add_message(
 210         request,
 211         messages.INFO,
 212         _('Resent your verification email.'))
 213     return redirect(
 214         request, 'mediagoblin.user_pages.user_home',
 215         user=request.user.username)