From: Rodney Ewing Date: Tue, 28 May 2013 17:46:46 +0000 (-0700) Subject: Merge remote-tracking branch 'upstream/master' into change_email X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=8087f56b07b11a8abc1f6d5108a70765712cc63d;p=mediagoblin.git Merge remote-tracking branch 'upstream/master' into change_email Conflicts: mediagoblin/auth/lib.py --- 8087f56b07b11a8abc1f6d5108a70765712cc63d diff --cc mediagoblin/auth/tools.py index 1b30a7d9,db6b6e37..d86235b1 --- a/mediagoblin/auth/tools.py +++ b/mediagoblin/auth/tools.py @@@ -48,3 -59,101 +59,106 @@@ def normalize_user_or_email_field(allow if field.data is None: # should not happen, but be cautious anyway raise wtforms.ValidationError(message) return _normalize_field + + + EMAIL_VERIFICATION_TEMPLATE = ( + u"http://{host}{uri}?" + u"userid={userid}&token={verification_key}") + + -def send_verification_email(user, request): ++def send_verification_email(user, request, email=None, ++ rendered_email=None): + """ + Send the verification email to users to activate their accounts. + + Args: + - user: a user object + - request: the request + """ - rendered_email = render_template( - request, 'mediagoblin/auth/verification_email.txt', - {'username': user.username, - 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format( - host=request.host, - uri=request.urlgen('mediagoblin.auth.verify_email'), - userid=unicode(user.id), - verification_key=user.verification_key)}) ++ if not email: ++ email = user.email ++ ++ if not rendered_email: ++ rendered_email = render_template( ++ request, 'mediagoblin/auth/verification_email.txt', ++ {'username': user.username, ++ 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format( ++ host=request.host, ++ uri=request.urlgen('mediagoblin.auth.verify_email'), ++ userid=unicode(user.id), ++ verification_key=user.verification_key)}) + + # TODO: There is no error handling in place + send_email( + mg_globals.app_config['email_sender_address'], - [user.email], ++ [email], + # TODO + # Due to the distributed nature of GNU MediaGoblin, we should + # find a way to send some additional information about the + # specific GNU MediaGoblin instance in the subject line. For + # example "GNU MediaGoblin @ Wandborg - [...]". + 'GNU MediaGoblin - Verify your email!', + rendered_email) + + + def basic_extra_validation(register_form, *args): + users_with_username = User.query.filter_by( + username=register_form.data['username']).count() + users_with_email = User.query.filter_by( + email=register_form.data['email']).count() + + extra_validation_passes = True + + if users_with_username: + register_form.username.errors.append( + _(u'Sorry, a user with that name already exists.')) + extra_validation_passes = False + if users_with_email: + register_form.email.errors.append( + _(u'Sorry, a user with that email address already exists.')) + extra_validation_passes = False + + return extra_validation_passes + + + def register_user(request, register_form): + """ Handle user registration """ + extra_validation_passes = basic_extra_validation(register_form) + + if extra_validation_passes: + # Create the user + user = User() + user.username = register_form.data['username'] + user.email = register_form.data['email'] + user.pw_hash = auth_lib.bcrypt_gen_password_hash( + register_form.password.data) + user.verification_key = unicode(uuid.uuid4()) + user.save() + + # log the user in + request.session['user_id'] = unicode(user.id) + request.session.save() + + # send verification email + email_debug_message(request) + send_verification_email(user, request) + + return user + + return None + + + def check_login_simple(username, password, username_might_be_email=False): + search = (User.username == username) + if username_might_be_email and ('@' in username): + search = or_(search, User.email == username) + user = User.query.filter(search).first() + if not user: + _log.info("User %r not found", username) + auth_lib.fake_login_attempt() + return None + if not auth_lib.bcrypt_check_password(password, user.pw_hash): + _log.warn("Wrong password for %r", username) + return None + _log.info("Logging %r in", username) + return user