def send_fp_verification_email(user, request):
"""
Send the verification email to users to change their password.
Args:
- user: a user object
- request: the request
"""
fp_verification_key = get_timed_signer_url('mail_verification_token') \
.dumps(user.id)
rendered_email = render_template(
request, 'mediagoblin/plugins/basic_auth/fp_verification_email.txt', {
'username':
user.username,
'verification_url':
EMAIL_FP_VERIFICATION_TEMPLATE.format(
uri=request.urlgen(
'mediagoblin.plugins.basic_auth.verify_forgot_password',
qualified=True),
fp_verification_key=fp_verification_key)
})
# TODO: There is no error handling in place
send_email(mg_globals.app_config['email_sender_address'], [user.email],
'GNU MediaGoblin - Change forgotten password!', rendered_email)
def send_fp_verification_email(user, request):
"""
Send the verification email to users to change their password.
Args:
- user: a user object
- request: the request
"""
fp_verification_key = get_timed_signer_url('mail_verification_token') \
.dumps(user.id)
rendered_email = render_template(
request, 'mediagoblin/plugins/basic_auth/fp_verification_email.txt',
{'username': user.username,
'verification_url': EMAIL_FP_VERIFICATION_TEMPLATE.format(
uri=request.urlgen('mediagoblin.plugins.basic_auth.verify_forgot_password',
qualified=True),
fp_verification_key=fp_verification_key)})
# TODO: There is no error handling in place
send_email(
mg_globals.app_config['email_sender_address'],
[user.email],
'GNU MediaGoblin - Change forgotten password!',
rendered_email)
def _update_email(request, form, user):
new_email = form.new_email.data
users_with_email = User.query.filter_by(email=new_email).count()
if users_with_email:
form.new_email.errors.append(
_('Sorry, a user with that email address'
' already exists.'))
elif not users_with_email:
verification_key = get_timed_signer_url(
'mail_verification_token').dumps({
'user': user.id,
'email': new_email
})
rendered_email = render_template(
request, 'mediagoblin/edit/verification.txt', {
'username':
user.username,
'verification_url':
EMAIL_VERIFICATION_TEMPLATE.format(
uri=request.urlgen('mediagoblin.edit.verify_email',
qualified=True),
verification_key=verification_key)
})
email_debug_message(request)
auth_tools.send_verification_email(user, request, new_email,
rendered_email)
def send_verification_email(user, request, email=None,
rendered_email=None):
"""
Send the verification email to users to activate their accounts.
Args:
- user: a user object
- request: the request
"""
if not email:
email = user.email
if not rendered_email:
verification_key = get_timed_signer_url('mail_verification_token') \
.dumps(user.id)
rendered_email = render_template(
request, 'mediagoblin/auth/verification_email.txt',
{'username': user.username,
'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
uri=request.urlgen('mediagoblin.auth.verify_email',
qualified=True),
verification_key=verification_key)})
# TODO: There is no error handling in place
send_email(
mg_globals.app_config['email_sender_address'],
[email],
# TODO
# Due to the distributed nature of GNU MediaGoblin, we should
# find a way to send some additional information about the
# specific GNU MediaGoblin instance in the subject line. For
# example "GNU MediaGoblin @ Wandborg - [...]".
'GNU MediaGoblin - Verify your email!',
rendered_email)
def verify_email(request):
"""
Email verification view for changing email address
"""
# If no token, we can't do anything
if not "token" in request.GET:
return render_404(request)
# Catch error if token is faked or expired
token = None
try:
token = get_timed_signer_url("mail_verification_token").loads(request.GET["token"], max_age=10 * 24 * 3600)
except BadSignature:
messages.add_message(request, messages.ERROR, _("The verification key or user id is incorrect."))
return redirect(request, "index")
user = User.query.filter_by(id=int(token["user"])).first()
if user:
user.email = token["email"]
user.save()
messages.add_message(request, messages.SUCCESS, _("Your email address has been verified."))
else:
messages.add_message(request, messages.ERROR, _("The verification key or user id is incorrect."))
return redirect(request, "mediagoblin.user_pages.user_home", user=user.username)
def send_verification_email(user, request, email=None,
rendered_email=None):
"""
Send the verification email to users to activate their accounts.
Args:
- user: a user object
- request: the request
"""
if not email:
email = user.email
if not rendered_email:
verification_key = get_timed_signer_url('mail_verification_token') \
.dumps(user.id)
rendered_email = render_template(
request, 'mediagoblin/auth/verification_email.txt',
{'username': user.username,
'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
uri=request.urlgen('mediagoblin.auth.verify_email',
qualified=True),
verification_key=verification_key)})
# TODO: There is no error handling in place
send_email(
mg_globals.app_config['email_sender_address'],
[email],
# TODO
# Due to the distributed nature of GNU MediaGoblin, we should
# find a way to send some additional information about the
# specific GNU MediaGoblin instance in the subject line. For
# example "GNU MediaGoblin @ Wandborg - [...]".
'GNU MediaGoblin - Verify your email!',
rendered_email)
def change_email(request):
""" View to change the user's email """
form = forms.ChangeEmailForm(request.method == 'POST' and request.form
or None)
user = request.user
# If no password authentication, no need to enter a password
if 'pass_auth' not in request.template_env.globals or not user.pw_hash:
form.__delitem__('password')
if request.method == 'POST' and form.validate():
new_email = form.new_email.data
users_with_email = User.query.filter(
LocalUser.email == new_email).count()
if users_with_email:
form.new_email.errors.append(
_('Sorry, a user with that email address'
' already exists.'))
if form.password and user.pw_hash and not check_password(
form.password.data, user.pw_hash):
form.password.errors.append(_('Wrong password'))
if not form.errors:
verification_key = get_timed_signer_url(
'mail_verification_token').dumps({
'user': user.id,
'email': new_email
})
rendered_email = render_template(
request, 'mediagoblin/edit/verification.txt', {
'username':
user.username,
'verification_url':
EMAIL_VERIFICATION_TEMPLATE.format(
uri=request.urlgen('mediagoblin.edit.verify_email',
qualified=True),
verification_key=verification_key)
})
email_debug_message(request)
auth_tools.send_verification_email(user, request, new_email,
rendered_email)
return redirect(request, 'mediagoblin.edit.account')
return render_to_response(request, 'mediagoblin/edit/change_email.html', {
'form': form,
'user': user
})
def change_email(request):
""" View to change the user's email """
form = forms.ChangeEmailForm(request.form)
user = request.user
# If no password authentication, no need to enter a password
if 'pass_auth' not in request.template_env.globals or not user.pw_hash:
form.__delitem__('password')
if request.method == 'POST' and form.validate():
new_email = form.new_email.data
users_with_email = User.query.filter(
LocalUser.email==new_email
).count()
if users_with_email:
form.new_email.errors.append(
_('Sorry, a user with that email address'
' already exists.'))
if form.password and user.pw_hash and not check_password(
form.password.data, user.pw_hash):
form.password.errors.append(
_('Wrong password'))
if not form.errors:
verification_key = get_timed_signer_url(
'mail_verification_token').dumps({
'user': user.id,
'email': new_email})
rendered_email = render_template(
request, 'mediagoblin/edit/verification.txt',
{'username': user.username,
'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
uri=request.urlgen('mediagoblin.edit.verify_email',
qualified=True),
verification_key=verification_key)})
email_debug_message(request)
auth_tools.send_verification_email(user, request, new_email,
rendered_email)
return redirect(request, 'mediagoblin.edit.account')
return render_to_response(
request,
'mediagoblin/edit/change_email.html',
{'form': form,
'user': user})
def verify_email(request):
"""
Email verification view
validates GET parameters against database and unlocks the user account, if
you are lucky :)
"""
# If we don't have userid and token parameters, we can't do anything; 404
if not 'token' in request.GET:
return render_404(request)
# Catch error if token is faked or expired
try:
token = get_timed_signer_url("mail_verification_token") \
.loads(request.GET['token'], max_age=10*24*3600)
except BadSignature:
messages.add_message(
request,
messages.ERROR,
_('The verification key or user id is incorrect.'))
return redirect(
request,
'index')
user = User.query.filter_by(id=int(token)).first()
if user and user.has_privilege(u'active') is False:
user.verification_key = None
user.all_privileges.append(
Privilege.query.filter(
Privilege.privilege_name==u'active').first())
user.save()
messages.add_message(
request,
messages.SUCCESS,
_("Your email address has been verified. "
"You may now login, edit your profile, and submit images!"))
else:
messages.add_message(
request,
messages.ERROR,
_('The verification key or user id is incorrect'))
return redirect(
request, 'mediagoblin.user_pages.user_home',
user=user.username)
def verify_email(request):
"""
Email verification view
validates GET parameters against database and unlocks the user account, if
you are lucky :)
"""
# If we don't have userid and token parameters, we can't do anything; 404
if not 'token' in request.GET:
return render_404(request)
# Catch error if token is faked or expired
try:
token = get_timed_signer_url("mail_verification_token") \
.loads(request.GET['token'], max_age=10*24*3600)
except BadSignature:
messages.add_message(
request, messages.ERROR,
_('The verification key or user id is incorrect.'))
return redirect(request, 'index')
user = User.query.filter_by(id=int(token)).first()
if user and user.has_privilege(u'active') is False:
user.verification_key = None
user.all_privileges.append(
Privilege.query.filter(
Privilege.privilege_name == u'active').first())
user.save()
messages.add_message(
request, messages.SUCCESS,
_("Your email address has been verified. "
"You may now login, edit your profile, and submit images!"))
else:
messages.add_message(request, messages.ERROR,
_('The verification key or user id is incorrect'))
return redirect(request,
'mediagoblin.user_pages.user_home',
user=user.username)
def verify_email(request):
"""
Email verification view for changing email address
"""
# If no token, we can't do anything
if not 'token' in request.GET:
return render_404(request)
# Catch error if token is faked or expired
token = None
try:
token = get_timed_signer_url("mail_verification_token") \
.loads(request.GET['token'], max_age=10*24*3600)
except BadSignature:
messages.add_message(
request,
messages.ERROR,
_('The verification key or user id is incorrect.'))
return redirect(
request,
'index')
user = User.query.filter_by(id=int(token['user'])).first()
if user:
user.email = token['email']
user.save()
messages.add_message(
request,
messages.SUCCESS,
_('Your email address has been verified.'))
else:
messages.add_message(
request,
messages.ERROR,
_('The verification key or user id is incorrect.'))
return redirect(
request, 'mediagoblin.user_pages.user_home',
user=user.username)
def _update_email(request, form, user):
new_email = form.new_email.data
users_with_email = User.query.filter_by(email=new_email).count()
if users_with_email:
form.new_email.errors.append(_("Sorry, a user with that email address" " already exists."))
elif not users_with_email:
verification_key = get_timed_signer_url("mail_verification_token").dumps({"user": user.id, "email": new_email})
rendered_email = render_template(
request,
"mediagoblin/edit/verification.txt",
{
"username": user.username,
"verification_url": EMAIL_VERIFICATION_TEMPLATE.format(
uri=request.urlgen("mediagoblin.edit.verify_email", qualified=True),
verification_key=verification_key,
),
},
)
email_debug_message(request)
auth_tools.send_verification_email(user, request, new_email, rendered_email)
def verify_forgot_password(request):
"""
Check the forgot-password verification and possibly let the user
change their password because of it.
"""
# get form data variables, and specifically check for presence of token
formdata = _process_for_token(request)
if not formdata['has_token']:
return render_404(request)
formdata_vars = formdata['vars']
# Catch error if token is faked or expired
try:
token = get_timed_signer_url("mail_verification_token") \
.loads(formdata_vars['token'], max_age=10*24*3600)
except BadSignature:
messages.add_message(
request,
messages.ERROR,
_('The verification key or user id is incorrect.'))
return redirect(
request,
'index')
# check if it's a valid user id
user = User.query.filter_by(id=int(token)).first()
# no user in db
if not user:
messages.add_message(
request, messages.ERROR,
_('The user id is incorrect.'))
return redirect(
request, 'index')
# check if user active and has email verified
if user.email_verified and user.status == 'active':
cp_form = forms.ChangeForgotPassForm(formdata_vars)
if request.method == 'POST' and cp_form.validate():
user.pw_hash = tools.bcrypt_gen_password_hash(
cp_form.password.data)
user.save()
messages.add_message(
request,
messages.INFO,
_("You can now log in using your new password."))
return redirect(request, 'mediagoblin.auth.login')
else:
return render_to_response(
request,
'mediagoblin/plugins/basic_auth/change_fp.html',
{'cp_form': cp_form})
if not user.email_verified:
messages.add_message(
request, messages.ERROR,
_('You need to verify your email before you can reset your'
' password.'))
if not user.status == 'active':
messages.add_message(
request, messages.ERROR,
_('You are no longer an active user. Please contact the system'
' admin to reactivate your accoutn.'))
return redirect(
request, 'index')
def __init__(self, cookie_name='MGSession', namespace=None):
if namespace is None:
namespace = cookie_name
self.signer = crypto.get_timed_signer_url(namespace)
self.cookie_name = cookie_name
def verify_forgot_password(request):
"""
Check the forgot-password verification and possibly let the user
change their password because of it.
"""
# get form data variables, and specifically check for presence of token
formdata = _process_for_token(request)
if not formdata['has_token']:
return render_404(request)
formdata_vars = formdata['vars']
# Catch error if token is faked or expired
try:
token = get_timed_signer_url("mail_verification_token") \
.loads(formdata_vars['token'], max_age=10*24*3600)
except BadSignature:
messages.add_message(
request, messages.ERROR,
_('The verification key or user id is incorrect.'))
return redirect(request, 'index')
# check if it's a valid user id
user = User.query.filter_by(id=int(token)).first()
# no user in db
if not user:
messages.add_message(request, messages.ERROR,
_('The user id is incorrect.'))
return redirect(request, 'index')
# check if user active and has email verified
if user.has_privilege(u'active'):
cp_form = forms.ChangeForgotPassForm(formdata_vars)
if request.method == 'POST' and cp_form.validate():
user.pw_hash = tools.bcrypt_gen_password_hash(
cp_form.password.data)
user.save()
messages.add_message(
request, messages.INFO,
_("You can now log in using your new password."))
return redirect(request, 'mediagoblin.auth.login')
else:
return render_to_response(
request, 'mediagoblin/plugins/basic_auth/change_fp.html',
{'cp_form': cp_form})
## Commenting this out temporarily because I'm checking into
## what's going on with user.email_verified.
##
## ... if this commit lasts long enough for anyone but me (cwebber) to
## notice it, they should pester me to remove this or remove it
## themselves ;)
#
# if not user.email_verified:
# messages.add_message(
# request, messages.ERROR,
# _('You need to verify your email before you can reset your'
# ' password.'))
if not user.status == 'active':
messages.add_message(
request, messages.ERROR,
_('You are no longer an active user. Please contact the system'
' admin to reactivate your account.'))
return redirect(request, 'index')
def verify_forgot_password(request):
"""
Check the forgot-password verification and possibly let the user
change their password because of it.
"""
# get form data variables, and specifically check for presence of token
formdata = _process_for_token(request)
if not formdata['has_token']:
return render_404(request)
formdata_vars = formdata['vars']
# Catch error if token is faked or expired
try:
token = get_timed_signer_url("mail_verification_token") \
.loads(formdata_vars['token'], max_age=10*24*3600)
except BadSignature:
messages.add_message(
request,
messages.ERROR,
_('The verification key or user id is incorrect.'))
return redirect(
request,
'index')
# check if it's a valid user id
user = User.query.filter_by(id=int(token)).first()
# no user in db
if not user:
messages.add_message(
request, messages.ERROR,
_('The user id is incorrect.'))
return redirect(
request, 'index')
# check if user active and has email verified
if user.has_privilege(u'active'):
cp_form = auth_forms.ChangeForgotPassForm(formdata_vars)
if request.method == 'POST' and cp_form.validate():
user.pw_hash = tools.bcrypt_gen_password_hash(
cp_form.password.data)
user.save()
messages.add_message(
request,
messages.INFO,
_("You can now log in using your new password."))
return redirect(request, 'mediagoblin.auth.login')
else:
return render_to_response(
request,
'mediagoblin/plugins/recaptcha/change_fp.html',
{'cp_form': cp_form})
## Commenting this out temporarily because I'm checking into
## what's going on with user.email_verified.
##
## ... if this commit lasts long enough for anyone but me (cwebber) to
## notice it, they should pester me to remove this or remove it
## themselves ;)
#
# if not user.email_verified:
# messages.add_message(
# request, messages.ERROR,
# _('You need to verify your email before you can reset your'
# ' password.'))
if not user.status == 'active':
messages.add_message(
request, messages.ERROR,
_('You are no longer an active user. Please contact the system'
' admin to reactivate your account.'))
return redirect(
request, 'index')
def __init__(self, cookie_name='MGSession', namespace=None):
if namespace is None:
namespace = cookie_name
self.signer = crypto.get_timed_signer_url(namespace)
self.cookie_name = cookie_name
