Merge remote-tracking branch 'refs/remotes/rodney757-github/mail'

[mediagoblin.git] / mediagoblin / auth / lib.py

diff --git a/mediagoblin/auth/lib.py b/mediagoblin/auth/lib.py
index ddb58fe61eec606b578b19cfc7cd5b7c1d6db77a..0810bd1bf8d1aa95a5e78d5e0aee5c47b7c698d0 100644 (file)
--- a/mediagoblin/auth/lib.py
+++ b/mediagoblin/auth/lib.py
@@ -14,13 +14,13 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-import os
 import random
 
 import bcrypt
 
 from mediagoblin.tools.mail import send_email
 from mediagoblin.tools.template import render_template
+from mediagoblin.tools.crypto import get_timed_signer_url
 from mediagoblin import mg_globals
 
 
@@ -91,44 +91,9 @@ def fake_login_attempt():
     randplus_stored_hash == randplus_hashed_pass
 
 
-EMAIL_VERIFICATION_TEMPLATE = (
-    u"http://{host}{uri}?"
-    u"userid={userid}&token={verification_key}")
-
-
-def send_verification_email(user, request):
-    """
-    Send the verification email to users to activate their accounts.
-
-    Args:
-    - user: a user object
-    - request: the request
-    """
-    rendered_email = render_template(
-        request, 'mediagoblin/auth/verification_email.txt',
-        {'username': user.username,
-         'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
-                host=request.host,
-                uri=request.urlgen('mediagoblin.auth.verify_email'),
-                userid=unicode(user._id),
-                verification_key=user.verification_key)})
-
-    # TODO: There is no error handling in place
-    send_email(
-        mg_globals.app_config['email_sender_address'],
-        [user.email],
-        # TODO
-        # Due to the distributed nature of GNU MediaGoblin, we should
-        # find a way to send some additional information about the
-        # specific GNU MediaGoblin instance in the subject line. For
-        # example "GNU MediaGoblin @ Wandborg - [...]".
-        'GNU MediaGoblin - Verify your email!',
-        rendered_email)
-
-
 EMAIL_FP_VERIFICATION_TEMPLATE = (
-    u"http://{host}{uri}?"
-    u"userid={userid}&token={fp_verification_key}")
+    u"{uri}?"
+    u"token={fp_verification_key}")
 
 
 def send_fp_verification_email(user, request):
@@ -139,14 +104,16 @@ def send_fp_verification_email(user, request):
     - user: a user object
     - request: the request
     """
+    fp_verification_key = get_timed_signer_url('mail_verification_token') \
+            .dumps(user.id)
+
     rendered_email = render_template(
         request, 'mediagoblin/auth/fp_verification_email.txt',
         {'username': user.username,
          'verification_url': EMAIL_FP_VERIFICATION_TEMPLATE.format(
-                host=request.host,
-                uri=request.urlgen('mediagoblin.auth.verify_forgot_password'),
-                userid=unicode(user._id),
-                fp_verification_key=user.fp_verification_key)})
+                uri=request.urlgen('mediagoblin.auth.verify_forgot_password',
+                                   qualified=True),
+                fp_verification_key=fp_verification_key)})
 
     # TODO: There is no error handling in place
     send_email(