No reason for 'verification_successful = bool' here.

[mediagoblin.git] / mediagoblin / auth / views.py

diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py
index 906d6f13d826400613eb0f1083e58434b4ec8d2e..948db188262d9cf8835dd330e2af2ff9ab6fa002 100644 (file)
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -14,9 +14,11 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-import bson.objectid
+import uuid
+
 from webob import Response, exc
 
+from mediagoblin.db.util import ObjectId
 from mediagoblin.auth import lib as auth_lib
 from mediagoblin.auth import forms as auth_forms
 from mediagoblin.util import send_email
@@ -149,12 +151,14 @@ def verify_email(request):
     validates GET parameters against database and unlocks the user account, if
     you are lucky :)
     """
-    user = request.db.User.find_one(
-        {'_id': bson.objectid.ObjectId(unicode(request.GET.get('userid')))})
+    # If we don't have userid and token parameters, we can't do anything; 404
+    if not request.GET.has_key('userid') or not request.GET.has_key('token'):
+        return exc.HTTPNotFound()
 
-    verification_successful = bool
+    user = request.db.User.find_one(
+        {'_id': ObjectId(unicode(request.GET['userid']))})
 
-    if user and user['verification_key'] == unicode(request.GET.get('token')):
+    if user and user['verification_key'] == unicode(request.GET['token']):
         user['status'] = u'active'
         user['email_verified'] = True
         verification_successful = True
@@ -191,8 +195,8 @@ def resend_activation(request):
 
     Resend the activation email.
     """
-
-    request.user.generate_new_verification_key()
+    request.user['verification_key'] = unicode(uuid.uuid4())
+    request.user.save()
 
     # Copied shamelessly from the register view above.