1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2011 Free Software Foundation, Inc
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
18 from webob
import Response
, exc
20 from mediagoblin
.auth
import lib
as auth_lib
21 from mediagoblin
.auth
import forms
as auth_forms
22 from mediagoblin
.util
import send_email
23 from mediagoblin
import globals as mgoblin_globals
26 def register(request
):
28 Your classic registration view!
30 register_form
= auth_forms
.RegistrationForm(request
.POST
)
32 if request
.method
== 'POST' and register_form
.validate():
33 # TODO: Make sure the user doesn't exist already
34 users_with_username
= \
35 request
.db
.User
.find({'username': request
.POST
['username']}).count()
37 if users_with_username
:
38 register_form
.username
.errors
.append(
39 u
'Sorry, a user with that name already exists.')
43 entry
= request
.db
.User()
44 entry
['username'] = request
.POST
['username']
45 entry
['email'] = request
.POST
['email']
46 entry
['pw_hash'] = auth_lib
.bcrypt_gen_password_hash(
47 request
.POST
['password'])
48 entry
.save(validate
=True)
50 # TODO: Move this setting to a better place
51 EMAIL_SENDER_ADDRESS
= 'mediagoblin@fakehost'
53 email_template
= request
.template_env
.get_template(
54 'mediagoblin/auth/verification_email.txt')
56 # TODO: There is no error handling in place
58 mgoblin_globals
.email_sender_address
,
61 # Due to the distributed nature of GNU MediaGoblin, we should
62 # find a way to send some additional information about the
63 # specific GNU MediaGoblin instance in the subject line. For
64 # example "GNU MediaGoblin @ Wandborg - [...]".
65 'GNU MediaGoblin - Verify email',
66 email_template
.render(
67 username
=entry
['username'],
68 verification_url
='http://{host}{uri}?userid={userid}&token={verification_key}'.format(
70 uri
=request
.urlgen('mediagoblin.auth.verify_email'),
71 userid
=unicode(entry
['_id']),
72 verification_key
=entry
['verification_key'])))
74 # Redirect to register_success
76 location
=request
.urlgen("mediagoblin.auth.register_success"))
79 template
= request
.template_env
.get_template(
80 'mediagoblin/auth/register.html')
84 'register_form': register_form
}))
87 def register_success(request
):
88 template
= request
.template_env
.get_template(
89 'mediagoblin/auth/register_success.html')
92 {'request': request
}))
97 MediaGoblin login view.
99 If you provide the POST with 'next', it'll redirect to that view.
101 login_form
= auth_forms
.LoginForm(request
.POST
)
105 if request
.method
== 'POST' and login_form
.validate():
106 user
= request
.db
.User
.one(
107 {'username': request
.POST
['username']})
109 if user
and user
.check_login(request
.POST
['password']):
110 # set up login in session
111 request
.session
['user_id'] = unicode(user
['_id'])
112 request
.session
.save()
114 if request
.POST
.get('next'):
115 return exc
.HTTPFound(location
=request
.POST
['next'])
117 return exc
.HTTPFound(
118 location
=request
.urlgen("index"))
121 # Prevent detecting who's on this system by testing login
123 auth_lib
.fake_login_attempt()
127 template
= request
.template_env
.get_template(
128 'mediagoblin/auth/login.html')
132 'login_form': login_form
,
133 'next': request
.GET
.get('next') or request
.POST
.get('next'),
134 'login_failed': login_failed
}))
138 # Maybe deleting the user_id parameter would be enough?
139 request
.session
.delete()
141 return exc
.HTTPFound(
142 location
=request
.urlgen("index"))
144 def verify_email(request
):
146 Email verification view
148 validates GET parameters against database and unlocks the user account, if
152 user
= request
.db
.User
.find_one(
153 {'_id': bson
.objectid
.ObjectId(unicode(request
.GET
.get('userid')))})
155 verification_successful
= bool
157 if user
and user
['verification_key'] == unicode(request
.GET
.get('token')):
158 user
['status'] = u
'active'
159 user
['email_verified'] = True
160 verification_successful
= True
163 verification_successful
= False
165 template
= request
.template_env
.get_template(
166 'mediagoblin/auth/verify_email.html')
171 'verification_successful': verification_successful
}))