projects / mediagoblin.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge remote-tracking branch 'gsoc2016/Subtitle-1'
[mediagoblin.git] / mediagoblin / auth / views.py
diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py
index 285bddf60e5c1c6fc2a8bc43c0f47bea030cac16..fb8e72652786f58f168a8f267bc50747ae350383 100644 (file)
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -14,10 +14,14 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+import logging
+
+import six
+
 from itsdangerous import BadSignature
 
 from mediagoblin import messages, mg_globals
-from mediagoblin.db.models import User
+from mediagoblin.db.models import User, Privilege
 from mediagoblin.tools.crypto import get_timed_signer_url
 from mediagoblin.decorators import auth_enabled, allow_registration
 from mediagoblin.tools.response import render_to_response, redirect, render_404
@@ -27,6 +31,8 @@ from mediagoblin.tools.pluginapi import hook_handle
 from mediagoblin.auth.tools import (send_verification_email, register_user,
                                     check_login_simple)
 
+_log = logging.getLogger(__name__)
+
 
 @allow_registration
 @auth_enabled
@@ -84,16 +90,17 @@ def login(request):
     login_failed = False
 
     if request.method == 'POST':
-        username = login_form.username.data
 
         if login_form.validate():
-            user = check_login_simple(username, login_form.password.data)
+            user = check_login_simple(
+                login_form.username.data,
+                login_form.password.data)
 
             if user:
                 # set up login in session
                 if login_form.stay_logged_in.data:
                     request.session['stay_logged_in'] = True
-                request.session['user_id'] = unicode(user.id)
+                request.session['user_id'] = six.text_type(user.id)
                 request.session.save()
 
                 if request.form.get('next'):
@@ -102,6 +109,8 @@ def login(request):
                     return redirect(request, "index")
 
             login_failed = True
+            remote_addr = request.access_route[-1] or request.remote_addr
+            _log.warn("Failed login attempt from %r", remote_addr)
 
     return render_to_response(
         request,
@@ -147,9 +156,12 @@ def verify_email(request):
 
     user = User.query.filter_by(id=int(token)).first()
 
-    if user and user.email_verified is False:
-        user.status = u'active'
-        user.email_verified = True
+    if user and user.has_privilege(u'active') is False:
+        user.verification_key = None
+        user.all_privileges.append(
+            Privilege.query.filter(
+            Privilege.privilege_name==u'active').first())
+
         user.save()
 
         messages.add_message(
@@ -183,13 +195,13 @@ def resend_activation(request):
 
         return redirect(request, 'mediagoblin.auth.login')
 
-    if request.user.email_verified:
+    if request.user.has_privilege(u'active'):
         messages.add_message(
             request,
             messages.ERROR,
             _("You've already verified your email address!"))
 
-        return redirect(request, "mediagoblin.user_pages.user_home", user=request.user['username'])
+        return redirect(request, "mediagoblin.user_pages.user_home", user=request.user.username)
 
     email_debug_message(request)
     send_verification_email(request.user, request)
Unnamed repository; edit this file 'description' to name the repository.