def get(self, **kwargs):
action = actions_model.Action(
session_id=flask.g.session.id
)
if not flask.g.user.email:
action.add_error(
gettext("You don't have any email address assigned")
)
elif flask.g.user.email_verified_on:
action.add_error(
gettext("Your email address is already verified")
)
else:
with self.api.pgsql.transaction() as tx:
v_id = _create_verification(
tx, flask.g.user.id, flask.g.user.email
)
link = _create_verification_link(v_id)
send_email_verification_link(self.app, flask.g.user, link)
action.add_message(gettext("Verification email sent"))
tx.connection.commit()
action.save(self.api)
return self.redirect("profile.edit_email", action=action)
def get(self, v_id, **kwargs):
message = None
user = flask.g.user
action = actions_model.Action(
session_id=flask.g.session.id
)
if not v_id:
action.add_error(gettext("Invalid verification"))
elif not flask.g.user.email:
action.add_error(gettext("No email address assigned"))
elif flask.g.user.email_verified_on:
action.add_error(gettext("Email address already verified"))
else:
with self.api.pgsql.transaction() as tx:
v = verifications.use(tx, v_id, flask.g.user.id)
tx.connection.commit()
if v.verification_data != flask.g.user.email:
action.add_error(gettext("Invalid verification"))
else:
users_model.set_email_verified(tx, flask.g.user)
action.add_message(gettext("Your email is now verified"))
tx.connection.commit()
action.save(self.api)
return self.redirect("profile.edit_email", action=action)
def post(self, **kwargs):
password = flask.request.form.get("password", None)
repeated = flask.request.form.get("repeated", None)
action = actions_model.Action(session_id=flask.g.session.id)
if not (password and repeated) or (password != repeated):
action.add_error(gettext("Passwords did not match"))
else:
with self.api.pgsql.transaction() as tx:
try:
users_model.set_password(tx, flask.g.user, password)
action.add_message(
gettext("Password changed successfully"))
if flask.g.user.email and flask.g.user.email_verified_on:
content = self.app.flask_app.render_l10n_template(
flask.g.user.locale,
"emails/notification.jinja2",
content=gettext("Your password has been changed."),
user=flask.g.user,
)
send_notification_email(flask.g.user.email,
gettext("Password changed"),
content)
except ki.errors.ValidationError as e:
action.add_error(str(e))
action.save(self.api)
return self.redirect("profile.edit_password", action=action)
def post(self, **kwargs):
name = flask.request.form.get("name", "").lower()
password = flask.request.form.get("password", None)
email = (flask.request.form.get("email", None) or None)
new_user = users_model.User(name=name, email=email)
new_user.password = password
ok = False
message = None
action_id = None
action = actions_model.Action(session_id=flask.g.session.id)
with self.api.pgsql.transaction() as tx:
try:
if not name:
message = gettext("Missing username")
action.add_error(message)
elif users_model.user_exists(tx, new_user):
message = gettext("User already exists")
action.add_error(message)
elif email and users_model.email_exists(tx, email):
message = gettext("Email already exists")
action.add_error(message)
else:
user = users_model.create(tx, new_user)
if not user.id:
message = gettext("Signing up failed")
action.add_error(message)
else:
new_user.id = user.id
user = users_model.get(tx, new_user)
ok = True
message = gettext("Profile created")
action.add_message(message)
if user.email:
send_email_verification_link(self.app, user)
except ki.errors.ValidationError as e:
message = str(e)
ok = False
action.add_error(message)
action.save(self.api)
if ok:
return self.redirect("profile.login", action=action)
return self.redirect("profile.signup", action=action)
def post(self, **kwargs):
log.info("Account removal: user: %s", flask.g.user.name)
keep_username = flask.request.form.get("keep-username", False)
keep_comments = flask.request.form.get("keep-comments", False)
action = actions_model.Action()
redirect = None
try:
email = (flask.g.user.email
if flask.g.user.email_verified_on else None)
locale = flask.g.user.locale
with self.api.pgsql.transaction() as tx:
users_model.delete(
tx,
flask.g.user,
keep_username=keep_username,
keep_comments=keep_comments,
)
tx.connection.commit()
action.add_message(gettext("Your profile was removed."))
flask.g.session.destroy(tx)
flask.session.clear()
if email:
content = self.app.flask_app.render_l10n_template(
locale,
"emails/notification.jinja2",
content=gettext("Your profile was remoed."),
)
send_notification_email(email, gettext("Profile removed"),
content)
except ki.errors.Error as e:
log.exception(e)
action.add_error(gettext("Unable to remove your account."))
action.save(self.api)
return self.redirect("message.message", action=action)
def post(self, **kwargs):
email = flask.request.form.get("email", None)
action = actions_model.Action(
session_id=flask.g.session.id
)
with self.api.pgsql.transaction() as tx:
if not email:
action.add_error(gettext("Missing email"))
elif users_model.email_exists(tx, email):
action.add_error(gettext("Email already exists"))
else:
users_model.set_email(tx, flask.g.user, email)
v_id = _create_verification(tx, flask.g.user.id, email)
link = _create_verification_link(v_id)
send_email_verification_link(self.app, flask.g.user, link, email)
action.add_message(gettext("Please verify your email"))
tx.connection.commit()
action.save(self.api)
return self.redirect("profile.edit_email", action=action)
def post(self, **kwargs):
email = flask.request.form.get("email", None)
if not email:
flask.abort(403)
ok = False
with self.api.pgsql.transaction() as tx:
ok = users_model.remove_email(tx, flask.g.user)
tx.connection.commit()
message = ("Email removed" if ok else "Failed to remove email")
action = actions_model.Action(
session_id=flask.g.session.id
)
if not ok:
action.add_error(message)
else:
action.add_message(message)
return self.redirect("profile.edit_email", action=action)
def post(self, **kwargs):
if flask.g.user and flask.g.user.id:
return self.redirect("profile.main")
action = actions_model.Action(session_id=flask.g.session.id)
email = flask.request.form.get("email", None)
if not email:
action.add_error(gettext("No email provided"))
else:
with self.api.pgsql.transaction() as tx:
u = users_model.get_by_email(tx, email)
if not u:
action.add_error(gettext("Invalid email"))
elif not u.email_verified_on:
action.add_error(gettext("Your email is not verified."))
action.add_error(gettext("Please contact our support."))
else:
v_hash = _create_verification_hash(u.id, u.email,
str(uuid.uuid4()))
v_id = verifications.create(
tx,
u.id,
"profile-recovery",
1200,
verification_data=v_hash,
)
if v_id:
link = _create_recovery_link(v_id, v_hash)
send_recovery_link(self.app, u, link)
action.add_message(
gettext("Recovery link was sent to your email"))
tx.connection.commit()
action.save(self.api)
return self.redirect("profile.recovery", action=action)
def get(self, v_id, v_hash, **kwargs):
action = actions_model.Action(session_id=flask.g.session.id)
ok = False
with self.api.pgsql.transaction() as tx:
v = verifications.use_no_user(tx, v_id)
tx.connection.commit()
ok = (v and v.user_id and v.verification_data == v_hash)
if ok:
u = users_model.User(id=v.user_id)
flask.g.session.set_user(tx, u, 300, True)
action.add_message(gettext("Remember to set a new password."))
else:
action.add_error(gettext("Invalid verification"))
tx.connection.commit()
action.save(self.api)
if not ok:
return self.redirect("profile.recovery", action=action)
else:
return self.redirect("profile.edit_password", action=action)
