1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2011 Free Software Foundation, Inc
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
21 from mediagoblin
import messages
22 from mediagoblin
import mg_globals
23 from mediagoblin
.util
import render_to_response
, redirect
, render_404
24 from mediagoblin
.util
import pass_to_ugettext
as _
25 from mediagoblin
.db
.util
import ObjectId
26 from mediagoblin
.auth
import lib
as auth_lib
27 from mediagoblin
.auth
import forms
as auth_forms
28 from mediagoblin
.auth
.lib
import send_verification_email
31 def register(request
):
33 Your classic registration view!
35 # Redirects to indexpage if registrations are disabled
36 if not mg_globals
.app_config
["allow_registration"]:
40 _('Sorry, registration is disabled on this instance.'))
41 return redirect(request
, "index")
43 register_form
= auth_forms
.RegistrationForm(request
.POST
)
45 if request
.method
== 'POST' and register_form
.validate():
46 # TODO: Make sure the user doesn't exist already
48 users_with_username
= request
.db
.User
.find(
49 {'username': request
.POST
['username'].lower()}).count()
50 users_with_email
= request
.db
.User
.find(
51 {'email': request
.POST
['email'].lower()}).count()
53 extra_validation_passes
= True
55 if users_with_username
:
56 register_form
.username
.errors
.append(
57 _(u
'Sorry, a user with that name already exists.'))
58 extra_validation_passes
= False
60 register_form
.email
.errors
.append(
61 _(u
'Sorry, that email address has already been taken.'))
62 extra_validation_passes
= False
64 if extra_validation_passes
:
66 user
= request
.db
.User()
67 user
['username'] = request
.POST
['username'].lower()
68 user
['email'] = request
.POST
['email'].lower()
69 user
['pw_hash'] = auth_lib
.bcrypt_gen_password_hash(
70 request
.POST
['password'])
71 user
.save(validate
=True)
74 request
.session
['user_id'] = unicode(user
['_id'])
75 request
.session
.save()
77 # send verification email
78 send_verification_email(user
, request
)
80 # redirect the user to their homepage... there will be a
81 # message waiting for them to verify their email
83 request
, 'mediagoblin.user_pages.user_home',
84 user
=user
['username'])
86 return render_to_response(
88 'mediagoblin/auth/register.html',
89 {'register_form': register_form
})
94 MediaGoblin login view.
96 If you provide the POST with 'next', it'll redirect to that view.
98 login_form
= auth_forms
.LoginForm(request
.POST
)
102 if request
.method
== 'POST' and login_form
.validate():
103 user
= request
.db
.User
.one(
104 {'username': request
.POST
['username'].lower()})
106 if user
and user
.check_login(request
.POST
['password']):
107 # set up login in session
108 request
.session
['user_id'] = unicode(user
['_id'])
109 request
.session
.save()
111 if request
.POST
.get('next'):
112 return exc
.HTTPFound(location
=request
.POST
['next'])
114 return redirect(request
, "index")
117 # Prevent detecting who's on this system by testing login
119 auth_lib
.fake_login_attempt()
122 return render_to_response(
124 'mediagoblin/auth/login.html',
125 {'login_form': login_form
,
126 'next': request
.GET
.get('next') or request
.POST
.get('next'),
127 'login_failed': login_failed
,
128 'allow_registration': mg_globals
.app_config
["allow_registration"]})
132 # Maybe deleting the user_id parameter would be enough?
133 request
.session
.delete()
135 return redirect(request
, "index")
138 def verify_email(request
):
140 Email verification view
142 validates GET parameters against database and unlocks the user account, if
145 # If we don't have userid and token parameters, we can't do anything; 404
146 if not request
.GET
.has_key('userid') or not request
.GET
.has_key('token'):
147 return render_404(request
)
149 user
= request
.db
.User
.find_one(
150 {'_id': ObjectId(unicode(request
.GET
['userid']))})
152 if user
and user
['verification_key'] == unicode(request
.GET
['token']):
153 user
['status'] = u
'active'
154 user
['email_verified'] = True
156 messages
.add_message(
159 _("Your email address has been verified. "
160 "You may now login, edit your profile, and submit images!"))
162 messages
.add_message(
165 _('The verification key or user id is incorrect'))
168 request
, 'mediagoblin.user_pages.user_home',
169 user
=user
['username'])
172 def resend_activation(request
):
174 The reactivation view
176 Resend the activation email.
178 request
.user
['verification_key'] = unicode(uuid
.uuid4())
181 send_verification_email(request
.user
, request
)
183 messages
.add_message(
186 _('Resent your verification email.'))
188 request
, 'mediagoblin.user_pages.user_home',
189 user
=request
.user
['username'])