def secure_url_with_token(self, url, user_data=None): if user_data is None: (user_data, _) = self.resolve_user_info() if not user_data: if not self.request_string("reset_token", default=""): logging.warn("No user detected for password change") return util.secure_url(url) token = TransferAuthToken.for_user(user_data).value if url.find('?') == -1: return "%s?transfer_token=%s" % (util.secure_url(url), urllib.quote_plus(token)) else: return "%s&transfer_token=%s" % (util.secure_url(url), urllib.quote_plus(token))
def render_outer(self): """Render the second part of the user signup step, after the user has verified ownership of their e-mail account. The request URI must include a valid token from an UnverifiedUser, and can be made via build_link(), or be made by a user without an existing password set. Note that the contents are actually rendered in an iframe so it can be sent over https (generated in render_form). """ (valid_token, _) = self.resolve_token() user_data = UserData.current() if valid_token and user_data: if not user_data.is_phantom: logging.info("User tried to verify e-mail and complete a " + "signup in a browser with an existing " + "signed-in user. Forcefully signing old user " + "out to avoid conflicts") self.redirect(util.create_logout_url(self.request.uri)) return # Ignore phantom users. user_data = None if not valid_token and not user_data: # Just take them to the homepage for now. self.redirect("/") return transfer_token = None if user_data: if user_data.has_password(): # The user already has a KA login - redirect them to their profile self.redirect(user_data.profile_root) return elif not user_data.has_sendable_email(): # This is a case where a Facebook user logged in and tried # to signup for a KA password. Unfortunately, since we don't # have their e-mail, we can't let them proceed, since, without # a valid e-mail we can't reset passwords, etc. logging.error("User tried to signup for password with " "no email associated with the account") self.redirect("/") return else: # Here we have a valid user, and need to transfer their identity # to the inner iframe that will be hosted on https. # Since their current cookies may not be transferred/valid in # https, mint a custom, short-lived token to transfer identity. transfer_token = TransferAuthToken.for_user(user_data).value template_values = { 'params': util.build_params({ 'token': valid_token, 'transfer_token': transfer_token, }), 'continue': self.request_string("continue", default="/") } self.render_jinja2_template('completesignup.html', template_values)