def success_verify_email(request): """ This view is called via links sent in mails to verify mail addresses. It extracts both email and verification code from the URL. It will ask for a password and checks if there is a match in the database. If the password matches, and all is correct, the view shows a download link and further info. """ # collect data from the URL/matchdict user_email = request.matchdict['email'] confirm_code = request.matchdict['code'] # if we want to ask the user for her password (through a form) # we need to have a url to send the form to post_url = '/verify/' + user_email + '/' + confirm_code if 'submit' in request.POST: # print("the form was submitted") request.session.pop_flash('message_above_form') request.session.pop_flash('message_above_login') # check for password ! ! ! if 'password' in request.POST: _passwd = request.POST['password'] # get matching dataset from DB member = C3sMember.get_by_code(confirm_code) # returns member or None if isinstance(member, NoneType): # member not found: FAIL! not_found_msg = _( u"Not found. Check verification URL. " "If all seems right, please use the form again.") return { 'correct': False, 'namepart': '', 'result_msg': not_found_msg, } # check if the password is valid try: correct = C3sMember.check_password(member.id, _passwd) except AttributeError: correct = False request.session.flash( _(u'Wrong Password!'), 'message_above_login') # check if info from DB makes sense # -member if (member.email == user_email) and correct: # print("-- found member, code matches, password too. COOL!") # set the email_is_confirmed flag in the DB for this signee member.email_is_confirmed = True # dbsession.flush() namepart = member.firstname + member.lastname import re pdf_file_name_part = re.sub( # replace characters '[^a-zA-Z0-9]', # other than these '_', # with an underscore namepart) appstruct = { 'firstname': member.firstname, 'lastname': member.lastname, 'email': member.email, 'email_confirm_code': member.email_confirm_code, 'address1': member.address1, 'address2': member.address2, 'postcode': member.postcode, 'city': member.city, 'country': member.country, '_LOCALE_': member.locale, 'date_of_birth': member.date_of_birth, 'date_of_submission': member.date_of_submission, # 'activity': set(activities), # 'invest_member': u'yes' if member.invest_member else u'no', 'membership_type': member.membership_type, 'member_of_colsoc': u'yes' if member.member_of_colsoc else u'no', 'name_of_colsoc': member.name_of_colsoc, # 'opt_band': signee.opt_band, # 'opt_URL': signee.opt_URL, 'num_shares': member.num_shares, } request.session['appstruct'] = appstruct # log this person in, using the session log.info('verified code and password for id %s', member.id) request.session.save() return { 'firstname': member.firstname, 'lastname': member.lastname, 'code': member.email_confirm_code, 'correct': True, 'namepart': pdf_file_name_part, 'result_msg': _("Success. Load your PDF!") } # else: code did not match OR SOMETHING... # just display the form request.session.flash( _(u"Please enter your password."), 'message_above_login', allow_duplicate=False ) return { 'post_url': post_url, 'firstname': '', 'lastname': '', 'namepart': '', 'correct': False, 'result_msg': "something went wrong." }
def success_verify_email(request): """ This view is called via links sent in mails to verify mail addresses. It extracts both email and verification code from the URL. It will ask for a password and checks if there is a match in the database. If the password matches, and all is correct, the view shows a download link and further info. """ # collect data from the URL/matchdict user_email = request.matchdict['email'] confirm_code = request.matchdict['code'] # if we want to ask the user for her password (through a form) # we need to have a url to send the form to post_url = '/verify/' + user_email + '/' + confirm_code # ToDo unify errors for not_found email, wrong password and wrong confirm code to avoid leaking error_message = _( u'Your email, password, or confirmation code could not be found') if 'submit' in request.POST: # print("the form was submitted") request.session.pop_flash('message_above_form') request.session.pop_flash('message_above_login') # check for password ! ! ! if 'password' in request.POST: _passwd = request.POST['password'] # get matching dataset from DB member = C3sMember.get_by_code(confirm_code) # returns member or None if isinstance(member, NoneType): # member not found: FAIL! not_found_msg = _(u"Not found. Check verification URL. " "If all seems right, please use the form again.") return { 'correct': False, 'namepart': '', 'result_msg': not_found_msg, } # check if the password is valid try: correct = C3sMember.check_password(member.id, _passwd) except AttributeError: correct = False request.session.flash(_(u'Wrong Password!'), 'message_above_login') # check if info from DB makes sense # -member if (member.email == user_email) and correct: # print("-- found member, code matches, password too. COOL!") # set the email_is_confirmed flag in the DB for this signee member.email_is_confirmed = True # dbsession.flush() namepart = member.firstname + member.lastname import re pdf_file_name_part = re.sub( # replace characters '[^a-zA-Z0-9]', # other than these '_', # with an underscore namepart) appstruct = { 'firstname': member.firstname, 'lastname': member.lastname, 'email': member.email, 'email_confirm_code': member.email_confirm_code, 'address1': member.address1, 'address2': member.address2, 'postcode': member.postcode, 'city': member.city, 'country': member.country, 'locale': member.locale, 'date_of_birth': member.date_of_birth, 'date_of_submission': member.date_of_submission, # 'activity': set(activities), # 'invest_member': u'yes' if member.invest_member else u'no', 'membership_type': member.membership_type, 'member_of_colsoc': u'yes' if member.member_of_colsoc else u'no', 'name_of_colsoc': member.name_of_colsoc, # 'opt_band': signee.opt_band, # 'opt_URL': signee.opt_URL, 'num_shares': member.num_shares, } request.session['appstruct'] = appstruct # log this person in, using the session log.info('verified code and password for id %s', member.id) request.session.save() return { 'firstname': member.firstname, 'lastname': member.lastname, 'code': member.email_confirm_code, 'correct': True, 'namepart': pdf_file_name_part, 'result_msg': _("Success. Load your PDF!") } # else: code did not match OR SOMETHING... # just display the form request.session.flash(_(u"Please enter your password."), 'message_above_login', allow_duplicate=False) return { 'post_url': post_url, 'firstname': '', 'lastname': '', 'namepart': '', 'correct': False, 'result_msg': "something went wrong." }
member = C3sMember.get_by_code(confirm_code) # returns member or None if isinstance(member, NoneType): # member not found: FAIL! not_found_msg = _( u"Not found. Check verification URL. " "If all seems right, please use the form again.") return { 'correct': False, 'namepart': '', 'result_msg': not_found_msg, } # check if the password is valid try: correct = C3sMember.check_password(member.id, _passwd) except AttributeError: correct = False request.session.flash( _(u'Wrong Password!'), 'message_above_login') # check if info from DB makes sense # -member if (member.email == user_email) and correct: # set the email_is_confirmed flag in the DB for this signee member.email_is_confirmed = True # dbsession.flush() namepart = member.firstname + member.lastname import re