X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=mediagoblin%2Fauth%2Flib.py;h=0810bd1bf8d1aa95a5e78d5e0aee5c47b7c698d0;hb=c482f0149d566156c4017fa58a8d57ffde90b1dc;hp=8829995a7083f423b8072dfcb350d27c9c97331c;hpb=058226d0d2d877715b263fd441deb01821f1f59a;p=mediagoblin.git

diff --git a/mediagoblin/auth/lib.py b/mediagoblin/auth/lib.py
index 8829995a..0810bd1b 100644
--- a/mediagoblin/auth/lib.py
+++ b/mediagoblin/auth/lib.py
@@ -20,6 +20,7 @@ import bcrypt
 
 from mediagoblin.tools.mail import send_email
 from mediagoblin.tools.template import render_template
+from mediagoblin.tools.crypto import get_timed_signer_url
 from mediagoblin import mg_globals
 
 
@@ -90,44 +91,9 @@ def fake_login_attempt():
     randplus_stored_hash == randplus_hashed_pass
 
 
-EMAIL_VERIFICATION_TEMPLATE = (
-    u"http://{host}{uri}?"
-    u"userid={userid}&token={verification_key}")
-
-
-def send_verification_email(user, request):
-    """
-    Send the verification email to users to activate their accounts.
-
-    Args:
-    - user: a user object
-    - request: the request
-    """
-    rendered_email = render_template(
-        request, 'mediagoblin/auth/verification_email.txt',
-        {'username': user.username,
-         'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
-                host=request.host,
-                uri=request.urlgen('mediagoblin.auth.verify_email'),
-                userid=unicode(user.id),
-                verification_key=user.verification_key)})
-
-    # TODO: There is no error handling in place
-    send_email(
-        mg_globals.app_config['email_sender_address'],
-        [user.email],
-        # TODO
-        # Due to the distributed nature of GNU MediaGoblin, we should
-        # find a way to send some additional information about the
-        # specific GNU MediaGoblin instance in the subject line. For
-        # example "GNU MediaGoblin @ Wandborg - [...]".
-        'GNU MediaGoblin - Verify your email!',
-        rendered_email)
-
-
 EMAIL_FP_VERIFICATION_TEMPLATE = (
-    u"http://{host}{uri}?"
-    u"userid={userid}&token={fp_verification_key}")
+    u"{uri}?"
+    u"token={fp_verification_key}")
 
 
 def send_fp_verification_email(user, request):
@@ -138,14 +104,16 @@ def send_fp_verification_email(user, request):
     - user: a user object
     - request: the request
     """
+    fp_verification_key = get_timed_signer_url('mail_verification_token') \
+            .dumps(user.id)
+
     rendered_email = render_template(
         request, 'mediagoblin/auth/fp_verification_email.txt',
         {'username': user.username,
          'verification_url': EMAIL_FP_VERIFICATION_TEMPLATE.format(
-                host=request.host,
-                uri=request.urlgen('mediagoblin.auth.verify_forgot_password'),
-                userid=unicode(user.id),
-                fp_verification_key=user.fp_verification_key)})
+                uri=request.urlgen('mediagoblin.auth.verify_forgot_password',
+                                   qualified=True),
+                fp_verification_key=fp_verification_key)})
 
     # TODO: There is no error handling in place
     send_email(