if extra_validation_passes:
# Create the user
user = request.db.User()
- user['username'] = username
- user['email'] = email
- user['pw_hash'] = auth_lib.bcrypt_gen_password_hash(
+ user.username = username
+ user.email = email
+ user.pw_hash = auth_lib.bcrypt_gen_password_hash(
request.POST['password'])
+ user.verification_key = unicode(uuid.uuid4())
user.save(validate=True)
# log the user in
# message waiting for them to verify their email
return redirect(
request, 'mediagoblin.user_pages.user_home',
- user=user['username'])
+ user=user.username)
return render_to_response(
request,
user = request.db.User.find_one(
{'_id': ObjectId(unicode(request.GET['userid']))})
- if user and user['verification_key'] == unicode(request.GET['token']):
- user[u'status'] = u'active'
- user[u'email_verified'] = True
- user[u'verification_key'] = None
+ if user and user.verification_key == unicode(request.GET['token']):
+ user.status = u'active'
+ user.email_verified = True
+ user.verification_key = None
user.save()
return redirect(
request, 'mediagoblin.user_pages.user_home',
- user=user['username'])
+ user=user.username)
def resend_activation(request):
messages.ERROR,
_('You must be logged in so we know who to send the email to!'))
- return redirect(request, "/auth/login")
+ return redirect(request, 'mediagoblin.auth.login')
if request.user["email_verified"]:
messages.add_message(
return redirect(request, "mediagoblin.user_pages.user_home", user=request.user['username'])
- request.user[u'verification_key'] = unicode(uuid.uuid4())
+ request.user.verification_key = unicode(uuid.uuid4())
request.user.save()
email_debug_message(request)
_('Resent your verification email.'))
return redirect(
request, 'mediagoblin.user_pages.user_home',
- user=request.user['username'])
+ user=request.user.username)
def forgot_password(request):
"""
Forgot password view
- Sends an email whit an url to renew forgoten password
+ Sends an email with an url to renew forgotten password
"""
fp_form = auth_forms.ForgotPassForm(request.POST)
if request.method == 'POST' and fp_form.validate():
- # Here, so it doesn't depend on the actual mail being sent
- # and thus doesn't reveal, wether mail was sent.
- email_debug_message(request)
-
# '$or' not available till mongodb 1.5.3
user = request.db.User.find_one(
{'username': request.POST['username']})
{'email': request.POST['username']})
if user:
- if user['email_verified'] and user['status'] == 'active':
- user[u'fp_verification_key'] = unicode(uuid.uuid4())
- user[u'fp_token_expire'] = datetime.datetime.now() + \
+ if user.email_verified and user.status == 'active':
+ user.fp_verification_key = unicode(uuid.uuid4())
+ user.fp_token_expire = datetime.datetime.now() + \
datetime.timedelta(days=10)
user.save()
send_fp_verification_email(user, request)
+
+ messages.add_message(
+ request,
+ messages.INFO,
+ _("An email has been sent with instructions on how to "
+ "change your password."))
+ email_debug_message(request)
+
else:
# special case... we can't send the email because the
# username is inactive / hasn't verified their email
return redirect(
request, 'mediagoblin.user_pages.user_home',
- user=user['username'])
-
- # do not reveal whether or not there is a matching user
- return redirect(request, 'mediagoblin.auth.fp_email_sent')
+ user=user.username)
+ return redirect(request, 'mediagoblin.auth.login')
+ else:
+ messages.add_message(
+ request,
+ messages.WARNING,
+ _("Couldn't find someone with that username or email."))
+ return redirect(request, 'mediagoblin.auth.forgot_password')
return render_to_response(
request,
return render_404(request)
# check if we have a real user and correct token
- if ((user and user['fp_verification_key'] and
- user['fp_verification_key'] == unicode(formdata_token) and
- datetime.datetime.now() < user['fp_token_expire']
- and user['email_verified'] and user['status'] == 'active')):
+ if ((user and user.fp_verification_key and
+ user.fp_verification_key == unicode(formdata_token) and
+ datetime.datetime.now() < user.fp_token_expire
+ and user.email_verified and user.status == 'active')):
cp_form = auth_forms.ChangePassForm(formdata_vars)
if request.method == 'POST' and cp_form.validate():
- user[u'pw_hash'] = auth_lib.bcrypt_gen_password_hash(
+ user.pw_hash = auth_lib.bcrypt_gen_password_hash(
request.POST['password'])
- user[u'fp_verification_key'] = None
- user[u'fp_token_expire'] = None
+ user.fp_verification_key = None
+ user.fp_token_expire = None
user.save()
return redirect(request, 'mediagoblin.auth.fp_changed_success')
projects / mediagoblin.git / blobdiff