X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=mediagoblin%2Fauth%2Fviews.py;h=948db188262d9cf8835dd330e2af2ff9ab6fa002;hb=f80cdc586840f845b1163e935588d2810d295793;hp=dfb6899f8c7077f3ecd4a5e9c54a7975718e2ce5;hpb=eee2c3a7e699da493ed9b5c11d0c5873441a7abb;p=mediagoblin.git diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py index dfb6899f..948db188 100644 --- a/mediagoblin/auth/views.py +++ b/mediagoblin/auth/views.py @@ -14,11 +14,15 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . +import uuid from webob import Response, exc +from mediagoblin.db.util import ObjectId from mediagoblin.auth import lib as auth_lib from mediagoblin.auth import forms as auth_forms +from mediagoblin.util import send_email +from mediagoblin import globals as mgoblin_globals def register(request): @@ -29,8 +33,11 @@ def register(request): if request.method == 'POST' and register_form.validate(): # TODO: Make sure the user doesn't exist already + users_with_username = \ - request.db.User.find({'username': request.POST['username']}).count() + request.db.User.find({ + 'username': request.POST['username'].lower() + }).count() if users_with_username: register_form.username.errors.append( @@ -39,14 +46,33 @@ def register(request): else: # Create the user entry = request.db.User() - entry['username'] = request.POST['username'] + entry['username'] = request.POST['username'].lower() entry['email'] = request.POST['email'] entry['pw_hash'] = auth_lib.bcrypt_gen_password_hash( request.POST['password']) entry.save(validate=True) - - # TODO: Send email authentication request - + + email_template = request.template_env.get_template( + 'mediagoblin/auth/verification_email.txt') + + # TODO: There is no error handling in place + send_email( + mgoblin_globals.email_sender_address, + [entry['email']], + # TODO + # Due to the distributed nature of GNU MediaGoblin, we should + # find a way to send some additional information about the + # specific GNU MediaGoblin instance in the subject line. For + # example "GNU MediaGoblin @ Wandborg - [...]". + 'GNU MediaGoblin - Verify email', + email_template.render( + username=entry['username'], + verification_url='http://{host}{uri}?userid={userid}&token={verification_key}'.format( + host=request.host, + uri=request.urlgen('mediagoblin.auth.verify_email'), + userid=unicode(entry['_id']), + verification_key=entry['verification_key']))) + # Redirect to register_success return exc.HTTPFound( location=request.urlgen("mediagoblin.auth.register_success")) @@ -80,7 +106,7 @@ def login(request): if request.method == 'POST' and login_form.validate(): user = request.db.User.one( - {'username': request.POST['username']}) + {'username': request.POST['username'].lower()}) if user and user.check_login(request.POST['password']): # set up login in session @@ -117,14 +143,22 @@ def logout(request): return exc.HTTPFound( location=request.urlgen("index")) + def verify_email(request): - import bson.objectid - user = request.db.User.find_one( - {'_id': bson.objectid.ObjectId( unicode( request.GET.get('userid') ) )}) + """ + Email verification view + + validates GET parameters against database and unlocks the user account, if + you are lucky :) + """ + # If we don't have userid and token parameters, we can't do anything; 404 + if not request.GET.has_key('userid') or not request.GET.has_key('token'): + return exc.HTTPNotFound() - verification_successful = bool + user = request.db.User.find_one( + {'_id': ObjectId(unicode(request.GET['userid']))}) - if user and user['verification_key'] == unicode( request.GET.get('token') ): + if user and user['verification_key'] == unicode(request.GET['token']): user['status'] = u'active' user['email_verified'] = True verification_successful = True @@ -139,3 +173,61 @@ def verify_email(request): {'request': request, 'user': user, 'verification_successful': verification_successful})) + +def verify_email_notice(request): + """ + Verify warning view. + + When the user tries to do some action that requires their account + to be verified beforehand, this view is called upon! + """ + + template = request.template_env.get_template( + 'mediagoblin/auth/verification_needed.html') + return Response( + template.render( + {'request': request})) + + +def resend_activation(request): + """ + The reactivation view + + Resend the activation email. + """ + request.user['verification_key'] = unicode(uuid.uuid4()) + request.user.save() + + # Copied shamelessly from the register view above. + + email_template = request.template_env.get_template( + 'mediagoblin/auth/verification_email.txt') + + # TODO: There is no error handling in place + send_email( + mgoblin_globals.email_sender_address, + [request.user['email']], + # TODO + # Due to the distributed nature of GNU MediaGoblin, we should + # find a way to send some additional information about the + # specific GNU MediaGoblin instance in the subject line. For + # example "GNU MediaGoblin @ Wandborg - [...]". + 'GNU MediaGoblin - Verify email', + email_template.render( + username=request.user['username'], + verification_url='http://{host}{uri}?userid={userid}&token={verification_key}'.format( + host=request.host, + uri=request.urlgen('mediagoblin.auth.verify_email'), + userid=unicode(request.user['_id']), + verification_key=request.user['verification_key']))) + + return exc.HTTPFound( + location=request.urlgen('mediagoblin.auth.resend_verification_success')) + + +def resend_activation_success(request): + template = request.template_env.get_template( + 'mediagoblin/auth/resent_verification_email.html') + return Response( + template.render( + {'request': request}))