projects / mediagoblin.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Made changes according to http://bugs.foocorp.net/issues/271#note-7
[mediagoblin.git] / mediagoblin / auth / views.py
1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2011 Free Software Foundation, Inc
3 #
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
13 #
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16
17
18 from webob import Response, exc
19
20 from mediagoblin.auth import lib as auth_lib
21 from mediagoblin.auth import forms as auth_forms
22 from mediagoblin.util import send_email
23 from mediagoblin import globals as mgoblin_globals
24
25
26 def register(request):
27 """
28 Your classic registration view!
29 """
30 register_form = auth_forms.RegistrationForm(request.POST)
31
32 if request.method == 'POST' and register_form.validate():
33 # TODO: Make sure the user doesn't exist already
34 users_with_username = \
35 request.db.User.find({'username': request.POST['username']}).count()
36
37 if users_with_username:
38 register_form.username.errors.append(
39 u'Sorry, a user with that name already exists.')
40
41 else:
42 # Create the user
43 entry = request.db.User()
44 entry['username'] = request.POST['username']
45 entry['email'] = request.POST['email']
46 entry['pw_hash'] = auth_lib.bcrypt_gen_password_hash(
47 request.POST['password'])
48 entry.save(validate=True)
49
50 # TODO: Move this setting to a better place
51 EMAIL_SENDER_ADDRESS = 'mediagoblin@fakehost'
52
53 email_template = request.template_env.get_template(
54 'mediagoblin/auth/verification_email.txt')
55
56 # TODO: There is no error handling in place
57 send_email(
58 mgoblin_globals.email_sender_address,
59 list(entry['email']),
60 # TODO
61 # Due to the distributed nature of GNU MediaGoblin, we should
62 # find a way to send some additional information about the
63 # specific GNU MediaGoblin instance in the subject line. For
64 # example "GNU MediaGoblin @ Wandborg - [...]".
65 'GNU MediaGoblin - Verify email',
66 email_template.render(
67 username=entry['username'],
68 verification_url='http://{host}{uri}?userid={userid}&token={verification_key}'.format(
69 host=request.host,
70 uri=request.urlgen('mediagoblin.auth.verify_email'),
71 userid=unicode(entry['_id']),
72 verification_key=entry['verification_key'])))
73
74 # Redirect to register_success
75 return exc.HTTPFound(
76 location=request.urlgen("mediagoblin.auth.register_success"))
77
78 # render
79 template = request.template_env.get_template(
80 'mediagoblin/auth/register.html')
81 return Response(
82 template.render(
83 {'request': request,
84 'register_form': register_form}))
85
86
87 def register_success(request):
88 template = request.template_env.get_template(
89 'mediagoblin/auth/register_success.html')
90 return Response(
91 template.render(
92 {'request': request}))
93
94
95 def login(request):
96 """
97 MediaGoblin login view.
98
99 If you provide the POST with 'next', it'll redirect to that view.
100 """
101 login_form = auth_forms.LoginForm(request.POST)
102
103 login_failed = False
104
105 if request.method == 'POST' and login_form.validate():
106 user = request.db.User.one(
107 {'username': request.POST['username']})
108
109 if user and user.check_login(request.POST['password']):
110 # set up login in session
111 request.session['user_id'] = unicode(user['_id'])
112 request.session.save()
113
114 if request.POST.get('next'):
115 return exc.HTTPFound(location=request.POST['next'])
116 else:
117 return exc.HTTPFound(
118 location=request.urlgen("index"))
119
120 else:
121 # Prevent detecting who's on this system by testing login
122 # attempt timings
123 auth_lib.fake_login_attempt()
124 login_failed = True
125
126 # render
127 template = request.template_env.get_template(
128 'mediagoblin/auth/login.html')
129 return Response(
130 template.render(
131 {'request': request,
132 'login_form': login_form,
133 'next': request.GET.get('next') or request.POST.get('next'),
134 'login_failed': login_failed}))
135
136
137 def logout(request):
138 # Maybe deleting the user_id parameter would be enough?
139 request.session.delete()
140
141 return exc.HTTPFound(
142 location=request.urlgen("index"))
143
144 def verify_email(request):
145 """
146 Email verification view
147
148 validates GET parameters against database and unlocks the user account, if
149 you are lucky :)
150 """
151 import bson.objectid
152 user = request.db.User.find_one(
153 {'_id': bson.objectid.ObjectId(unicode(request.GET.get('userid')))})
154
155 verification_successful = bool
156
157 if user and user['verification_key'] == unicode(request.GET.get('token')):
158 user['status'] = u'active'
159 user['email_verified'] = True
160 verification_successful = True
161 user.save()
162 else:
163 verification_successful = False
164
165 template = request.template_env.get_template(
166 'mediagoblin/auth/verify_email.html')
167 return Response(
168 template.render(
169 {'request': request,
170 'user': user,
171 'verification_successful': verification_successful}))
Unnamed repository; edit this file 'description' to name the repository.