-# GNU Mediagoblin -- federated, autonomous media hosting
+# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011 Free Software Foundation, Inc
#
# This program is free software: you can redistribute it and/or modify
from mediagoblin.auth import lib as auth_lib
from mediagoblin.auth import forms as auth_forms
+from mediagoblin.util import send_email
+from mediagoblin import globals as mgoblin_globals
def register(request):
entry['pw_hash'] = auth_lib.bcrypt_gen_password_hash(
request.POST['password'])
entry.save(validate=True)
-
- # TODO: Send email authentication request
-
+
+ email_template = request.template_env.get_template(
+ 'mediagoblin/auth/verification_email.txt')
+
+ # TODO: There is no error handling in place
+ send_email(
+ mgoblin_globals.email_sender_address,
+ [entry['email']],
+ # TODO
+ # Due to the distributed nature of GNU MediaGoblin, we should
+ # find a way to send some additional information about the
+ # specific GNU MediaGoblin instance in the subject line. For
+ # example "GNU MediaGoblin @ Wandborg - [...]".
+ 'GNU MediaGoblin - Verify email',
+ email_template.render(
+ username=entry['username'],
+ verification_url='http://{host}{uri}?userid={userid}&token={verification_key}'.format(
+ host=request.host,
+ uri=request.urlgen('mediagoblin.auth.verify_email'),
+ userid=unicode(entry['_id']),
+ verification_key=entry['verification_key'])))
+
# Redirect to register_success
return exc.HTTPFound(
location=request.urlgen("mediagoblin.auth.register_success"))
def login(request):
+ """
+ MediaGoblin login view.
+
+ If you provide the POST with 'next', it'll redirect to that view.
+ """
login_form = auth_forms.LoginForm(request.POST)
+ login_failed = False
+
if request.method == 'POST' and login_form.validate():
- #try:
- user = request.db.User.find_one(
+ user = request.db.User.one(
{'username': request.POST['username']})
- if user.check_login(request.POST['password']):
+ if user and user.check_login(request.POST['password']):
# set up login in session
request.session['user_id'] = unicode(user['_id'])
+ request.session.save()
- import pdb
- pdb.set_trace()
-
+ if request.POST.get('next'):
+ return exc.HTTPFound(location=request.POST['next'])
+ else:
+ return exc.HTTPFound(
+ location=request.urlgen("index"))
else:
# Prevent detecting who's on this system by testing login
# attempt timings
auth_lib.fake_login_attempt()
+ login_failed = True
# render
template = request.template_env.get_template(
return Response(
template.render(
{'request': request,
- 'login_form': login_form}))
+ 'login_form': login_form,
+ 'next': request.GET.get('next') or request.POST.get('next'),
+ 'login_failed': login_failed}))
def logout(request):
+ # Maybe deleting the user_id parameter would be enough?
+ request.session.delete()
+
+ return exc.HTTPFound(
+ location=request.urlgen("index"))
+
+def verify_email(request):
+ """
+ Email verification view
+
+ validates GET parameters against database and unlocks the user account, if
+ you are lucky :)
+ """
+ import bson.objectid
+ user = request.db.User.find_one(
+ {'_id': bson.objectid.ObjectId(unicode(request.GET.get('userid')))})
+
+ verification_successful = bool
+
+ if user and user['verification_key'] == unicode(request.GET.get('token')):
+ user['status'] = u'active'
+ user['email_verified'] = True
+ verification_successful = True
+ user.save()
+ else:
+ verification_successful = False
+
template = request.template_env.get_template(
- 'mediagoblin/auth/logout.html')
+ 'mediagoblin/auth/verify_email.html')
return Response(
template.render(
- {'request': request}))
+ {'request': request,
+ 'user': user,
+ 'verification_successful': verification_successful}))