def success_verify_email(request):
"""
This view is called via links sent in mails to verify mail addresses.
It extracts both email and verification code from the URL.
It will ask for a password
and checks if there is a match in the database.
If the password matches, and all is correct,
the view shows a download link and further info.
"""
# collect data from the URL/matchdict
user_email = request.matchdict['email']
confirm_code = request.matchdict['code']
# if we want to ask the user for her password (through a form)
# we need to have a url to send the form to
post_url = '/verify/' + user_email + '/' + confirm_code
if 'submit' in request.POST:
# print("the form was submitted")
request.session.pop_flash('message_above_form')
request.session.pop_flash('message_above_login')
# check for password ! ! !
if 'password' in request.POST:
_passwd = request.POST['password']
# get matching dataset from DB
member = C3sMember.get_by_code(confirm_code) # returns member or None
if isinstance(member, NoneType):
# member not found: FAIL!
not_found_msg = _(
u"Not found. Check verification URL. "
"If all seems right, please use the form again.")
return {
'correct': False,
'namepart': '',
'result_msg': not_found_msg,
}
# check if the password is valid
try:
correct = C3sMember.check_password(member.id, _passwd)
except AttributeError:
correct = False
request.session.flash(
_(u'Wrong Password!'),
'message_above_login')
# check if info from DB makes sense
# -member
if (member.email == user_email) and correct:
# print("-- found member, code matches, password too. COOL!")
# set the email_is_confirmed flag in the DB for this signee
member.email_is_confirmed = True
# dbsession.flush()
namepart = member.firstname + member.lastname
import re
pdf_file_name_part = re.sub( # replace characters
'[^a-zA-Z0-9]', # other than these
'_', # with an underscore
namepart)
appstruct = {
'firstname': member.firstname,
'lastname': member.lastname,
'email': member.email,
'email_confirm_code': member.email_confirm_code,
'address1': member.address1,
'address2': member.address2,
'postcode': member.postcode,
'city': member.city,
'country': member.country,
'_LOCALE_': member.locale,
'date_of_birth': member.date_of_birth,
'date_of_submission': member.date_of_submission,
# 'activity': set(activities),
# 'invest_member': u'yes' if member.invest_member else u'no',
'membership_type': member.membership_type,
'member_of_colsoc':
u'yes' if member.member_of_colsoc else u'no',
'name_of_colsoc': member.name_of_colsoc,
# 'opt_band': signee.opt_band,
# 'opt_URL': signee.opt_URL,
'num_shares': member.num_shares,
}
request.session['appstruct'] = appstruct
# log this person in, using the session
log.info('verified code and password for id %s', member.id)
request.session.save()
return {
'firstname': member.firstname,
'lastname': member.lastname,
'code': member.email_confirm_code,
'correct': True,
'namepart': pdf_file_name_part,
'result_msg': _("Success. Load your PDF!")
}
# else: code did not match OR SOMETHING...
# just display the form
request.session.flash(
_(u"Please enter your password."),
'message_above_login',
allow_duplicate=False
)
return {
'post_url': post_url,
'firstname': '',
'lastname': '',
'namepart': '',
'correct': False,
'result_msg': "something went wrong."
}
def success_verify_email(request):
"""
This view is called via links sent in mails to verify mail addresses.
It extracts both email and verification code from the URL.
It will ask for a password
and checks if there is a match in the database.
If the password matches, and all is correct,
the view shows a download link and further info.
"""
# collect data from the URL/matchdict
user_email = request.matchdict['email']
confirm_code = request.matchdict['code']
# if we want to ask the user for her password (through a form)
# we need to have a url to send the form to
post_url = '/verify/' + user_email + '/' + confirm_code
# ToDo unify errors for not_found email, wrong password and wrong confirm code to avoid leaking
error_message = _(
u'Your email, password, or confirmation code could not be found')
if 'submit' in request.POST:
# print("the form was submitted")
request.session.pop_flash('message_above_form')
request.session.pop_flash('message_above_login')
# check for password ! ! !
if 'password' in request.POST:
_passwd = request.POST['password']
# get matching dataset from DB
member = C3sMember.get_by_code(confirm_code) # returns member or None
if isinstance(member, NoneType):
# member not found: FAIL!
not_found_msg = _(u"Not found. Check verification URL. "
"If all seems right, please use the form again.")
return {
'correct': False,
'namepart': '',
'result_msg': not_found_msg,
}
# check if the password is valid
try:
correct = C3sMember.check_password(member.id, _passwd)
except AttributeError:
correct = False
request.session.flash(_(u'Wrong Password!'), 'message_above_login')
# check if info from DB makes sense
# -member
if (member.email == user_email) and correct:
# print("-- found member, code matches, password too. COOL!")
# set the email_is_confirmed flag in the DB for this signee
member.email_is_confirmed = True
# dbsession.flush()
namepart = member.firstname + member.lastname
import re
pdf_file_name_part = re.sub( # replace characters
'[^a-zA-Z0-9]', # other than these
'_', # with an underscore
namepart)
appstruct = {
'firstname': member.firstname,
'lastname': member.lastname,
'email': member.email,
'email_confirm_code': member.email_confirm_code,
'address1': member.address1,
'address2': member.address2,
'postcode': member.postcode,
'city': member.city,
'country': member.country,
'locale': member.locale,
'date_of_birth': member.date_of_birth,
'date_of_submission': member.date_of_submission,
# 'activity': set(activities),
# 'invest_member': u'yes' if member.invest_member else u'no',
'membership_type': member.membership_type,
'member_of_colsoc':
u'yes' if member.member_of_colsoc else u'no',
'name_of_colsoc': member.name_of_colsoc,
# 'opt_band': signee.opt_band,
# 'opt_URL': signee.opt_URL,
'num_shares': member.num_shares,
}
request.session['appstruct'] = appstruct
# log this person in, using the session
log.info('verified code and password for id %s', member.id)
request.session.save()
return {
'firstname': member.firstname,
'lastname': member.lastname,
'code': member.email_confirm_code,
'correct': True,
'namepart': pdf_file_name_part,
'result_msg': _("Success. Load your PDF!")
}
# else: code did not match OR SOMETHING...
# just display the form
request.session.flash(_(u"Please enter your password."),
'message_above_login',
allow_duplicate=False)
return {
'post_url': post_url,
'firstname': '',
'lastname': '',
'namepart': '',
'correct': False,
'result_msg': "something went wrong."
}
member = C3sMember.get_by_code(confirm_code) # returns member or None
if isinstance(member, NoneType):
# member not found: FAIL!
not_found_msg = _(
u"Not found. Check verification URL. "
"If all seems right, please use the form again.")
return {
'correct': False,
'namepart': '',
'result_msg': not_found_msg,
}
# check if the password is valid
try:
correct = C3sMember.check_password(member.id, _passwd)
except AttributeError:
correct = False
request.session.flash(
_(u'Wrong Password!'),
'message_above_login')
# check if info from DB makes sense
# -member
if (member.email == user_email) and correct:
# set the email_is_confirmed flag in the DB for this signee
member.email_is_confirmed = True
# dbsession.flush()
namepart = member.firstname + member.lastname
import re
