from mediagoblin import messages
from mediagoblin import mg_globals
-from mediagoblin.util import render_to_response, redirect, render_404
-from mediagoblin.util import pass_to_ugettext as _
+from mediagoblin.tools.response import render_to_response, redirect, render_404
+from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.db.util import ObjectId, InvalidId
from mediagoblin.auth import lib as auth_lib
from mediagoblin.auth import forms as auth_forms
send_fp_verification_email
+def email_debug_message(request):
+ """
+ If the server is running in email debug mode (which is
+ the current default), give a debug message to the user
+ so that they have an idea where to find their email.
+ """
+ if mg_globals.app_config['email_debug_mode']:
+ # DEBUG message, no need to translate
+ messages.add_message(request, messages.DEBUG,
+ u"This instance is running in email debug mode. "
+ u"The email will be on the console of the server process.")
+
+
def register(request):
"""
Your classic registration view!
extra_validation_passes = False
if users_with_email:
register_form.email.errors.append(
- _(u'Sorry, that email address has already been taken.'))
+ _(u'Sorry, a user with that email address already exists.'))
extra_validation_passes = False
if extra_validation_passes:
# Create the user
user = request.db.User()
- user['username'] = username
- user['email'] = email
- user['pw_hash'] = auth_lib.bcrypt_gen_password_hash(
+ user.username = username
+ user.email = email
+ user.pw_hash = auth_lib.bcrypt_gen_password_hash(
request.POST['password'])
user.save(validate=True)
# log the user in
- request.session['user_id'] = unicode(user['_id'])
+ request.session['user_id'] = unicode(user._id)
request.session.save()
# send verification email
+ email_debug_message(request)
send_verification_email(user, request)
# redirect the user to their homepage... there will be a
# message waiting for them to verify their email
return redirect(
request, 'mediagoblin.user_pages.user_home',
- user=user['username'])
+ user=user.username)
return render_to_response(
request,
if user and user.check_login(request.POST['password']):
# set up login in session
- request.session['user_id'] = unicode(user['_id'])
+ request.session['user_id'] = unicode(user._id)
request.session.save()
if request.POST.get('next'):
you are lucky :)
"""
# If we don't have userid and token parameters, we can't do anything; 404
- if not request.GET.has_key('userid') or not request.GET.has_key('token'):
+ if not 'userid' in request.GET or not 'token' in request.GET:
return render_404(request)
user = request.db.User.find_one(
{'_id': ObjectId(unicode(request.GET['userid']))})
- if user and user['verification_key'] == unicode(request.GET['token']):
- user[u'status'] = u'active'
- user[u'email_verified'] = True
- user[u'verification_key'] = None
+ if user and user.verification_key == unicode(request.GET['token']):
+ user.status = u'active'
+ user.email_verified = True
+ user.verification_key = None
user.save()
return redirect(
request, 'mediagoblin.user_pages.user_home',
- user=user['username'])
+ user=user.username)
def resend_activation(request):
Resend the activation email.
"""
- request.user[u'verification_key'] = unicode(uuid.uuid4())
- request.user.save()
+ if request.user is None:
+ messages.add_message(
+ request,
+ messages.ERROR,
+ _('You must be logged in so we know who to send the email to!'))
+
+ return redirect(request, 'mediagoblin.auth.login')
+
+ if request.user["email_verified"]:
+ messages.add_message(
+ request,
+ messages.ERROR,
+ _("You've already verified your email address!"))
+
+ return redirect(request, "mediagoblin.user_pages.user_home", user=request.user['username'])
+
+ request.user.verification_key = unicode(uuid.uuid4())
+ request.user.save()
+
+ email_debug_message(request)
send_verification_email(request.user, request)
messages.add_message(
_('Resent your verification email.'))
return redirect(
request, 'mediagoblin.user_pages.user_home',
- user=request.user['username'])
+ user=request.user.username)
def forgot_password(request):
fp_form = auth_forms.ForgotPassForm(request.POST)
if request.method == 'POST' and fp_form.validate():
+
+ # Here, so it doesn't depend on the actual mail being sent
+ # and thus doesn't reveal, wether mail was sent.
+ email_debug_message(request)
+
# '$or' not available till mongodb 1.5.3
user = request.db.User.find_one(
{'username': request.POST['username']})
{'email': request.POST['username']})
if user:
- if user['email_verified'] and user['status'] == 'active':
+ if user.email_verified and user.status == 'active':
user[u'fp_verification_key'] = unicode(uuid.uuid4())
user[u'fp_token_expire'] = datetime.datetime.now() + \
datetime.timedelta(days=10)
return redirect(
request, 'mediagoblin.user_pages.user_home',
- user=user['username'])
-
+ user=user.username)
- # do not reveal whether or not there is a matching user, just move along
+ # do not reveal whether or not there is a matching user
return redirect(request, 'mediagoblin.auth.fp_email_sent')
return render_to_response(
if ((user and user['fp_verification_key'] and
user['fp_verification_key'] == unicode(formdata_token) and
datetime.datetime.now() < user['fp_token_expire']
- and user['email_verified'] and user['status'] == 'active')):
+ and user.email_verified and user.status == 'active')):
cp_form = auth_forms.ChangePassForm(formdata_vars)
if request.method == 'POST' and cp_form.validate():
- user[u'pw_hash'] = auth_lib.bcrypt_gen_password_hash(
+ user.pw_hash = auth_lib.bcrypt_gen_password_hash(
request.POST['password'])
user[u'fp_verification_key'] = None
user[u'fp_token_expire'] = None
formdata = {
'vars': formdata_vars,
'has_userid_and_token':
- formdata_vars.has_key('userid') and formdata_vars.has_key('token')}
+ 'userid' in formdata_vars and 'token' in formdata_vars}
return formdata