def activate(token):
"""
Activates the user account so long as the token is valid.
"""
# Attempt to get the data from the token
data = check_token(token)
if data is not None and data.get('action') == 'activate':
# Attempt to activate the users account
user = get_user(data.get('uid'))
# This does not need a branching check as it should never fail!
# The check is there for safety. An auth token can not live longer
# than a newly created user.
if user is not None: # pragma: no branch
be_activate(user.get('_id'))
# If we have got to this point. Send a welcome e-mail :)
send_mail(
'Pjuu Account Notifcation - Welcome!',
[user.get('email')],
text_body=render_template('emails/welcome.txt'),
html_body=render_template('emails/welcome.html')
)
flash('Your account has now been activated', 'success')
return redirect(url_for('auth.signin'))
# The token is either out of date or has been tampered with
flash('Invalid token', 'error')
return redirect(url_for('auth.signin'))
def delete_account():
"""
View the user uses to delete their account.
Once the user has submitted the form and their password has been validated
there is no turning back. They will receive an e-mail to confirm the
account deletion.
"""
form = ConfirmPasswordForm(request.form)
if request.method == 'POST':
if authenticate(current_user['username'], form.password.data):
uid = current_user['uid']
email = current_user['email']
# Log the current user out
logout()
# Delete the account
be_delete_account(uid)
# Inform the user that the account has/is being deleted
flash('Your account has been deleted<br />Thanks for using us',
'information')
# Send the user their last ever email on Pjuu
send_mail(
'Pjuu Account Notification - Account Deletion',
[email],
text_body=render_template('emails/account_deletion.txt'),
html_body=render_template('emails/account_deletion.html')
)
# Send user back to login
return redirect(url_for('signin'))
else:
flash('Oops! wrong password', 'error')
return render_template('delete_account.html', form=form)
def change_password():
"""
The view a user uses to change their password.
This will change their password straight away once they have authenticated,
it will then send them a confirmation e-mail.
"""
form = ChangePasswordForm(request.form)
if request.method == 'POST':
if form.validate():
# User authenticates in the form
# Update the users password!
be_change_password(current_user['uid'], form.new_password.data)
flash('We\'ve updated your password', 'success')
# Inform the user via e-mail that their password has changed
send_mail(
'Pjuu Account Notification - Password Changed',
[current_user['email']],
text_body=render_template('emails/password_change.txt'),
html_body=render_template('emails/password_change.html')
)
else:
flash('Oh no! There are errors in your form', 'error')
return render_template('change_password.html', form=form)
def signup():
"""
"""
form = SignUpForm(request.form)
if request.method == 'POST':
if form.validate():
# User successfully signed up, create an account
uid = create_account(form.username.data, form.email.data,
form.password.data)
# Lets check the account was created
# This would only fail in the event of a race condition
if uid: # pragma: no branch
token = generate_token({'action': 'activate', 'uid': uid})
# Send an e-mail to activate their account
send_mail('Pjuu Account Notification - Activation',
[form.email.data],
text_body=render_template('emails/activate.txt',
token=token),
html_body=render_template('emails/activate.html',
token=token))
flash(
'Yay! You\'ve signed up<br/>'
'We\'ve sent an e-mail to {}<br/>'
'Please activate your account'.format(form.email.data),
'success')
return redirect(url_for('auth.signin'))
flash('Oh no! There are errors in your form. Please try again.',
'error')
return render_template('signup.html', form=form)
def change_email():
"""
This view allows the user to change their their email address.
It will send a token to the new address for the user to confirm they own
it. The email will contain a link to confirm_email()
"""
form = ChangeEmailForm(request.form)
if request.method == 'POST':
if form.validate():
# User validates in the form
# Get an authentication token
token = generate_token({
'action': 'change_email',
'uid': current_user['uid'],
'email': form.new_email.data}
)
# Send a confirmation to the new email address
send_mail(
'Pjuu Account Notification - Confirm Email Change',
[form.new_email.data],
text_body=render_template('emails/email_change.txt',
token=token),
html_body=render_template('emails/email_change.html',
token=token)
)
flash('We\'ve sent you an email, please confirm this',
'success')
else:
flash('Oh no! There are errors in your form', 'error')
return render_template('change_email.html', form=form)
def confirm_email(token):
"""
View to actually change the users password.
This is the link they will sent during the email change procedure. If the
token is valid the users password will be changed and a confirmation will
be sent to the new email address.
"""
# Attempt to get the data from the token
data = check_token(token)
if data is not None and data.get('action') == 'change_email':
# Change the users e-mail
uid = data.get('uid')
# We will email the address stored in the token. This may help us
# identify if there is any miss match
email = data.get('email')
# This could only happen if the user deletes there account then presses
# the confirm email link that is sent to them.
if uid and email: # pragma: no branch
be_change_email(uid, email)
send_mail(
'Pjuu Account Notification - Email Address Changed',
[email],
text_body=render_template('emails/confirm_email.txt'),
html_body=render_template('emails/confirm_email.html')
)
flash('We\'ve updated your e-mail address', 'success')
return redirect(url_for('change_email'))
# The token is either out of date or has been tampered with
flash('Invalid token', 'error')
return redirect(url_for('change_email'))
def activate(token):
"""
Activates the user account so long as the token is valid.
"""
# Attempt to get the data from the token
data = check_token(token)
if data is not None and data.get('action') == 'activate':
# Attempt to activate the users account
uid = data.get('uid')
# This should be impossible to happen. The user would have to live a
# millisecond longer than the auth token they are sent to activate
# there account and at the very last nano-second try and activate.
# Not going to get.
if uid and get_user(uid): # pragma: no branch
be_activate(uid)
# If we have got to this point. Send a welcome e-mail :)
send_mail(
'Pjuu Account Notifcation - Welcome!',
[get_email(uid)],
text_body=render_template('emails/welcome.txt'),
html_body=render_template('emails/welcome.html')
)
flash('Your account has now been activated', 'success')
return redirect(url_for('signin'))
# The token is either out of date or has been tampered with
flash('Invalid token', 'error')
return redirect(url_for('signin'))
def forgot():
"""
View to allow the user to recover their password.
This will send an email to the users email address so long as the account
is found. It will not tell the user if the account was located or not.
"""
form = ForgotForm(request.form)
# We always go to /signin after a POST
if request.method == 'POST':
uid = get_uid(form.username.data)
if uid:
# Only send e-mails to user which exist.
token = generate_token({'action': 'reset', 'uid': uid})
send_mail(
'Pjuu Account Notification - Password Reset',
[get_email(uid)],
text_body=render_template('emails/forgot.txt',
token=token),
html_body=render_template('emails/forgot.html',
token=token)
)
flash('If we\'ve found your account we\'ve e-mailed you',
'information')
return redirect(url_for('signin'))
return render_template('forgot.html', form=form)
def forgot():
"""Allow users to get a password reset link"""
form = ForgotForm(request.form)
# We always go to /signin after a POST
if request.method == 'POST':
if form.validate():
user = get_user(get_uid(form.username.data, non_active=True))
if user is not None:
# Only send e-mails to user which exist.
token = generate_token({
'action': 'reset',
'uid': user.get('_id')
})
send_mail(
'Pjuu Account Notification - Password Reset',
[user.get('email')],
text_body=render_template('emails/forgot.txt',
token=token),
html_body=render_template('emails/forgot.html',
token=token)
)
flash('If we\'ve found your account we\'ve e-mailed you',
'information')
return redirect(url_for('auth.signin'))
else:
flash('Please enter a username or e-mail address',
'error')
return render_template('forgot.html', form=form)
def signup():
"""
"""
form = SignUpForm(request.form)
if request.method == 'POST':
if form.validate():
# User successfully signed up, create an account
uid = create_account(form.username.data, form.email.data,
form.password.data)
# Lets check the account was created
# This would only fail in the event of a race condition
if uid: # pragma: no branch
token = generate_token({'action': 'activate', 'uid': uid})
# Send an e-mail to activate their account
send_mail(
'Pjuu Account Notification - Activation',
[form.email.data],
text_body=render_template('emails/activate.txt',
token=token),
html_body=render_template('emails/activate.html',
token=token)
)
flash('Yay! You\'ve signed up<br/>'
'We\'ve sent an e-mail to {}<br/>'
'Please activate your account'.format(form.email.data),
'success')
return redirect(url_for('auth.signin'))
flash('Oh no! There are errors in your form. Please try again.',
'error')
return render_template('signup.html', form=form)
def activate(token):
"""
Activates the user account so long as the token is valid.
"""
# Attempt to get the data from the token
data = check_token(token)
if data is not None and data.get('action') == 'activate':
# Attempt to activate the users account
user = get_user(data.get('uid'))
# This does not need a branching check as it should never fail!
# The check is there for safety. An auth token can not live longer
# than a newly created user.
if user is not None: # pragma: no branch
be_activate(user.get('_id'))
# If we have got to this point. Send a welcome e-mail :)
send_mail('Pjuu Account Notifcation - Welcome!',
[user.get('email')],
text_body=render_template('emails/welcome.txt'),
html_body=render_template('emails/welcome.html'))
flash('Your account has now been activated', 'success')
return redirect(url_for('auth.signin'))
# The token is either out of date or has been tampered with
flash('Invalid token', 'error')
return redirect(url_for('auth.signin'))
def delete_account():
"""
"""
form = ConfirmPasswordForm(request.form)
if request.method == 'POST':
if authenticate(current_user['username'], form.password.data):
uid = current_user['_id']
email = current_user['email']
# Log the current user out
be_signout()
# Delete the account
be_delete_account(uid)
# Inform the user that the account has/is being deleted
flash('Your account is being deleted<br />Thanks for using us',
'information')
# Send the user their last ever email on Pjuu
send_mail(
'Pjuu Account Notification - Account Deletion', [email],
text_body=render_template('emails/account_deletion.txt'),
html_body=render_template('emails/account_deletion.html'))
# Send user back to login
return redirect(url_for('auth.signin'))
else:
flash('Oops! wrong password', 'error')
return render_template('delete_account.html', form=form)
def confirm_email(token):
"""
"""
# Attempt to get the data from the token
data = check_token(token)
if data is not None and data.get('action') == 'change_email':
# Change the users e-mail
uid = data.get('uid')
# We will email the address stored in the token. This may help us
# identify if there is any miss match
email = data.get('email')
# This could only happen if the user deletes there account then presses
# the confirm email link that is sent to them.
if uid and email: # pragma: no branch
be_change_email(uid, email)
send_mail('Pjuu Account Notification - Email Address Changed',
[email],
text_body=render_template('emails/confirm_email.txt'),
html_body=render_template('emails/confirm_email.html'))
flash('We\'ve updated your e-mail address', 'success')
return redirect(url_for('auth.change_email'))
# The token is either out of date or has been tampered with
flash('Invalid token', 'error')
return redirect(url_for('auth.change_email'))
def change_email():
"""
"""
form = ChangeEmailForm(request.form)
if request.method == 'POST':
if form.validate():
# User validates in the form
# Get an authentication token
token = generate_token({
'action': 'change_email',
'uid': current_user['_id'],
'email': form.new_email.data
})
# Send a confirmation to the new email address
send_mail('Pjuu Account Notification - Confirm Email Change',
[form.new_email.data],
text_body=render_template('emails/email_change.txt',
token=token),
html_body=render_template('emails/email_change.html',
token=token))
flash('We\'ve sent you an email, please confirm this', 'success')
else:
flash('Oh no! There are errors in your form', 'error')
return render_template('change_email.html', form=form)
def forgot():
"""Allow users to get a password reset link"""
form = ForgotForm(request.form)
# We always go to /signin after a POST
if request.method == 'POST':
user = get_user(get_uid(form.username.data, non_active=True))
if user is not None:
# Only send e-mails to user which exist.
token = generate_token({'action': 'reset', 'uid': user.get('_id')})
send_mail('Pjuu Account Notification - Password Reset',
[user.get('email')],
text_body=render_template('emails/forgot.txt',
token=token),
html_body=render_template('emails/forgot.html',
token=token))
flash('If we\'ve found your account we\'ve e-mailed you',
'information')
return redirect(url_for('auth.signin'))
return render_template('forgot.html', form=form)
def signup():
"""
The view a user uses to sign up for Pjuu.
This will generate the activation email and send it to the new user so
long as the form is correct.
"""
form = SignUpForm(request.form)
if request.method == 'POST':
if form.validate():
# User successfully signed up, create an account
uid = create_user(form.username.data, form.email.data,
form.password.data)
# Lets check the account was created
# This would only fail in the event of a race condition
if uid: # pragma: no branch
token = generate_token({'action': 'activate', 'uid': uid})
# Send an e-mail to activate their account
send_mail(
'Pjuu Account Notification - Activation',
[form.email.data],
text_body=render_template('emails/activate.txt',
token=token),
html_body=render_template('emails/activate.html',
token=token)
)
flash('Yay! You\'ve signed up<br/>Please check your e-mails '
'to activate your account', 'success')
return redirect(url_for('signin'))
# This will fire if the form is invalid or if there is a race
# condition with 2 users trying to enter the same username or password
# at exactly the same time.
flash('Oh no! There are errors in your form. Please try again.',
'error')
return render_template('signup.html', form=form)
def change_password():
"""
The view a user uses to change their password.
This will change their password straight away once they have authenticated,
it will then send them a confirmation e-mail.
"""
form = ChangePasswordForm(request.form)
if request.method == 'POST':
if form.validate():
# User authenticates in the form
# Update the users password!
be_change_password(current_user['_id'], form.new_password.data)
flash('We\'ve updated your password', 'success')
# Inform the user via e-mail that their password has changed
send_mail('Pjuu Account Notification - Password Changed',
[current_user['email']],
text_body=render_template('emails/password_change.txt'),
html_body=render_template('emails/password_change.html'))
else:
flash('Oh no! There are errors in your form', 'error')
return render_template('change_password.html', form=form)
