def register_user(request, register_form): """ Handle user registration """ extra_validation_passes = auth.extra_validation(register_form) if extra_validation_passes: # Create the user user = auth.create_user(register_form) # give the user the default privileges default_privileges = [ Privilege.query.filter(Privilege.privilege_name==u'commenter').first(), Privilege.query.filter(Privilege.privilege_name==u'uploader').first(), Privilege.query.filter(Privilege.privilege_name==u'reporter').first()] user.all_privileges += default_privileges user.save() # log the user in request.session['user_id'] = unicode(user.id) request.session.save() # send verification email email_debug_message(request) send_verification_email(user, request) return user return None
def forgot_password(request): """ Forgot password view Sends an email with an url to renew forgotten password. Use GET querystring parameter 'username' to pre-populate the input field """ fp_form = auth_forms.ForgotPassForm(request.form, username=request.args.get('username')) if not (request.method == 'POST' and fp_form.validate()): # Either GET request, or invalid form submitted. Display the template return render_to_response(request, 'mediagoblin/plugins/recaptcha/forgot_password.html', {'fp_form': fp_form}) # If we are here: method == POST and form is valid. username casing # has been sanitized. Store if a user was found by email. We should # not reveal if the operation was successful then as we don't want to # leak if an email address exists in the system. found_by_email = '@' in fp_form.username.data if found_by_email: user = User.query.filter_by( email=fp_form.username.data).first() # Don't reveal success in case the lookup happened by email address. success_message = _("If that email address (case sensitive!) is " "registered an email has been sent with " "instructions on how to change your password.") else: # found by username user = User.query.filter_by( username=fp_form.username.data).first() if user is None: messages.add_message(request, messages.WARNING, _("Couldn't find someone with that username.")) return redirect(request, 'mediagoblin.auth.forgot_password') success_message = _("An email has been sent with instructions " "on how to change your password.") if user and user.has_privilege(u'active') is False: # Don't send reminder because user is inactive or has no verified email messages.add_message(request, messages.WARNING, _("Could not send password recovery email as your username is in" "active or your account's email address has not been verified.")) return redirect(request, 'mediagoblin.user_pages.user_home', user=user.username) # SUCCESS. Send reminder and return to login page if user: email_debug_message(request) tools.send_fp_verification_email(user, request) messages.add_message(request, messages.INFO, success_message) return redirect(request, 'mediagoblin.auth.login')
def resend_activation(request): """ The reactivation view Resend the activation email. """ if request.user is None: messages.add_message( request, messages.ERROR, _('You must be logged in so we know who to send the email to!')) return redirect(request, 'mediagoblin.auth.login') if request.user.has_privilege(u'active'): messages.add_message(request, messages.ERROR, _("You've already verified your email address!")) return redirect(request, "mediagoblin.user_pages.user_home", user=request.user.username) email_debug_message(request) send_verification_email(request.user, request) messages.add_message(request, messages.INFO, _('Resent your verification email.')) return redirect(request, 'mediagoblin.user_pages.user_home', user=request.user.username)
def _update_email(request, form, user): new_email = form.new_email.data users_with_email = User.query.filter_by(email=new_email).count() if users_with_email: form.new_email.errors.append( _('Sorry, a user with that email address' ' already exists.')) elif not users_with_email: verification_key = get_timed_signer_url( 'mail_verification_token').dumps({ 'user': user.id, 'email': new_email }) rendered_email = render_template( request, 'mediagoblin/edit/verification.txt', { 'username': user.username, 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format( uri=request.urlgen('mediagoblin.edit.verify_email', qualified=True), verification_key=verification_key) }) email_debug_message(request) auth_tools.send_verification_email(user, request, new_email, rendered_email)
def resend_activation(request): """ The reactivation view Resend the activation email. """ if request.user is None: messages.add_message( request, messages.ERROR, _('You must be logged in so we know who to send the email to!')) return redirect(request, 'mediagoblin.auth.login') if request.user.has_privilege(u'active'): messages.add_message( request, messages.ERROR, _("You've already verified your email address!")) return redirect(request, "mediagoblin.user_pages.user_home", user=request.user.username) email_debug_message(request) send_verification_email(request.user, request) messages.add_message( request, messages.INFO, _('Resent your verification email.')) return redirect( request, 'mediagoblin.user_pages.user_home', user=request.user.username)
def forgot_password(request): """ Forgot password view Sends an email with an url to renew forgotten password. Use GET querystring parameter 'username' to pre-populate the input field """ fp_form = forms.ForgotPassForm(request.form, username=request.args.get('username')) if not (request.method == 'POST' and fp_form.validate()): # Either GET request, or invalid form submitted. Display the template return render_to_response( request, 'mediagoblin/plugins/basic_auth/forgot_password.html', {'fp_form': fp_form}) # If we are here: method == POST and form is valid. username casing # has been sanitized. Store if a user was found by email. We should # not reveal if the operation was successful then as we don't want to # leak if an email address exists in the system. found_by_email = '@' in fp_form.username.data if found_by_email: user = User.query.filter_by(email=fp_form.username.data).first() # Don't reveal success in case the lookup happened by email address. success_message = _("If that email address (case sensitive!) is " "registered an email has been sent with " "instructions on how to change your password.") else: # found by username user = User.query.filter_by(username=fp_form.username.data).first() if user is None: messages.add_message( request, messages.WARNING, _("Couldn't find someone with that username.")) return redirect(request, 'mediagoblin.auth.forgot_password') success_message = _("An email has been sent with instructions " "on how to change your password.") if user and user.has_privilege(u'active') is False: # Don't send reminder because user is inactive or has no verified email messages.add_message( request, messages.WARNING, _("Could not send password recovery email as your username is in" "active or your account's email address has not been verified.")) return redirect(request, 'mediagoblin.user_pages.user_home', user=user.username) # SUCCESS. Send reminder and return to login page if user: email_debug_message(request) tools.send_fp_verification_email(user, request) messages.add_message(request, messages.INFO, success_message) return redirect(request, 'mediagoblin.auth.login')
def change_email(request): """ View to change the user's email """ form = forms.ChangeEmailForm(request.method == 'POST' and request.form or None) user = request.user # If no password authentication, no need to enter a password if 'pass_auth' not in request.template_env.globals or not user.pw_hash: form.__delitem__('password') if request.method == 'POST' and form.validate(): new_email = form.new_email.data users_with_email = User.query.filter( LocalUser.email == new_email).count() if users_with_email: form.new_email.errors.append( _('Sorry, a user with that email address' ' already exists.')) if form.password and user.pw_hash and not check_password( form.password.data, user.pw_hash): form.password.errors.append(_('Wrong password')) if not form.errors: verification_key = get_timed_signer_url( 'mail_verification_token').dumps({ 'user': user.id, 'email': new_email }) rendered_email = render_template( request, 'mediagoblin/edit/verification.txt', { 'username': user.username, 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format( uri=request.urlgen('mediagoblin.edit.verify_email', qualified=True), verification_key=verification_key) }) email_debug_message(request) auth_tools.send_verification_email(user, request, new_email, rendered_email) return redirect(request, 'mediagoblin.edit.account') return render_to_response(request, 'mediagoblin/edit/change_email.html', { 'form': form, 'user': user })
def change_email(request): """ View to change the user's email """ form = forms.ChangeEmailForm(request.form) user = request.user # If no password authentication, no need to enter a password if 'pass_auth' not in request.template_env.globals or not user.pw_hash: form.__delitem__('password') if request.method == 'POST' and form.validate(): new_email = form.new_email.data users_with_email = User.query.filter( LocalUser.email==new_email ).count() if users_with_email: form.new_email.errors.append( _('Sorry, a user with that email address' ' already exists.')) if form.password and user.pw_hash and not check_password( form.password.data, user.pw_hash): form.password.errors.append( _('Wrong password')) if not form.errors: verification_key = get_timed_signer_url( 'mail_verification_token').dumps({ 'user': user.id, 'email': new_email}) rendered_email = render_template( request, 'mediagoblin/edit/verification.txt', {'username': user.username, 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format( uri=request.urlgen('mediagoblin.edit.verify_email', qualified=True), verification_key=verification_key)}) email_debug_message(request) auth_tools.send_verification_email(user, request, new_email, rendered_email) return redirect(request, 'mediagoblin.edit.account') return render_to_response( request, 'mediagoblin/edit/change_email.html', {'form': form, 'user': user})
def register_user(request, register_form): """ Handle user registration """ extra_validation_passes = auth.extra_validation(register_form) if extra_validation_passes: # Create the user user = auth.create_user(register_form) # log the user in request.session['user_id'] = unicode(user.id) request.session.save() # send verification email email_debug_message(request) send_verification_email(user, request) return user return None
def register_user(request, register_form): """ Handle user registration """ extra_validation_passes = auth.extra_validation(register_form) if extra_validation_passes: # Create the user user = auth.create_user(register_form) # give the user the default privileges user.all_privileges += get_default_privileges(user) user.save() # log the user in request.session['user_id'] = six.text_type(user.id) request.session.save() # send verification email email_debug_message(request) send_verification_email(user, request) return user return None
def _update_email(request, form, user): new_email = form.new_email.data users_with_email = User.query.filter_by(email=new_email).count() if users_with_email: form.new_email.errors.append(_("Sorry, a user with that email address" " already exists.")) elif not users_with_email: verification_key = get_timed_signer_url("mail_verification_token").dumps({"user": user.id, "email": new_email}) rendered_email = render_template( request, "mediagoblin/edit/verification.txt", { "username": user.username, "verification_url": EMAIL_VERIFICATION_TEMPLATE.format( uri=request.urlgen("mediagoblin.edit.verify_email", qualified=True), verification_key=verification_key, ), }, ) email_debug_message(request) auth_tools.send_verification_email(user, request, new_email, rendered_email)