def POST(self):
f = forms.ChangeEmail()
i = web.input()
if not f.validates(i):
return render["account/email"](self.get_email(), f)
else:
username = web.ctx.site.get_user().key.split("/")[-1]
code = _generate_salted_hash(get_secret_key(), username + "," + i.email)
link = (
web.ctx.home
+ "/account/email/verify"
+ "?"
+ urllib.urlencode({"username": username, "email": i.email, "code": code})
)
msg = render["email/email/verify"](username=username, email=i.email, link=link)
sendmail(i.email, msg)
title = _("Hi %(user)s", user=username)
message = _(
"We've sent an email to %(email)s. You'll need to read that and click on the verification link to update your email.",
email=i.email,
)
return render.message(title, message)
class account_login(delegate.page):
"""Account login.
Login can fail because of the following reasons:
* account_not_found: Error message is displayed.
* account_bad_password: Error message is displayed with a link to reset password.
* account_not_verified: Error page is dispalyed with button to "resend verification email".
"""
path = "/account/login"
def render_error(self, error_key, i):
f = forms.Login()
f.fill(i)
f.note = LOGIN_ERRORS[error_key]
return render.login(f)
def GET(self):
referer = web.ctx.env.get('HTTP_REFERER', '/')
i = web.input(redirect=referer)
f = forms.Login()
f['redirect'].value = i.redirect
return render.login(f)
def POST(self):
i = web.input(username="", connect=None, password="", remember=False,
redirect='/', test=False, access=None, secret=None)
email = i.username # XXX username is now email
audit = audit_accounts(email, i.password, require_link=True,
s3_access_key=i.access,
s3_secret_key=i.secret, test=i.test)
error = audit.get('error')
if error:
return self.render_error(error, i)
expires = (i.remember and 3600 * 24 * 7) or ""
web.setcookie(config.login_cookie_name, web.ctx.conn.get_auth_token(),
expires=expires)
blacklist = ["/account/login", "/account/password", "/account/email",
"/account/create"]
if i.redirect == "" or any([path in i.redirect for path in blacklist]):
i.redirect = "/"
raise web.seeother(i.redirect)
def POST_resend_verification_email(self, i):
try:
ol_login = OpenLibraryAccount.authenticate(i.email, i.password)
except ClientException, e:
code = e.get_data().get("code")
if code != "account_not_verified":
return self.error("account_incorrect_password", i)
account = OpenLibraryAccount.get(email=i.email)
account.send_verification_email()
title = _("Hi %(user)s", user=account.displayname)
message = _("We've sent the verification email to %(email)s. You'll need to read that and click on the verification link to verify your email.", email=account.email)
return render.message(title, message)
def POST(self):
i = web.input(username='', code='')
try:
web.ctx.site.check_reset_code(i.username, i.code)
except ClientException, e:
title = _("Password reset failed.")
message = web.safestr(e)
return render.message(title, message)
def GET(self, code):
docs = web.ctx.site.store.values(type="account-link", name="code", value=code)
if not docs:
title = _("Password reset failed.")
message = "Your password reset link seems invalid or expired."
return render.message(title, message)
f = forms.ResetPassword()
return render['account/password/reset'](f)
def POST(self):
i = web.input(username='', code='')
try:
web.ctx.site.check_reset_code(i.username, i.code)
except ClientException, e:
title = _("Password reset failed.")
message = web.safestr(e)
return render.message(title, message)
def GET(self, code):
docs = web.ctx.site.store.values(type="account-link", name="code", value=code)
if not docs:
title = _("Password reset failed.")
message = "Your password reset link seems invalid or expired."
return render.message(title, message)
f = forms.ResetPassword()
return render['account/password/reset'](f)
def update_email(self, username, email):
if accounts.find(email=email):
title = _("Email address is already used.")
message = _("Your email address couldn't be updated. The specified email address is already used.")
else:
logger.info("updated email of %s to %s", username, email)
accounts.update_account(username=username, email=email, status="active")
title = _("Email verification successful.")
message = _('Your email address has been successfully verified and updated in your account.')
return render.message(title, message)
def update_email(self, username, email):
if accounts.find(email=email):
title = _("Email address is already used.")
message = _("Your email address couldn't be updated. The specified email address is already used.")
else:
logger.info("updated email of %s to %s", username, email)
accounts.update_account(username=username, email=email, status="active")
title = _("Email verification successful.")
message = _('Your email address has been successfully verified and updated in your account.')
return render.message(title, message)
def POST(self, code):
link = accounts.get_link(code)
if not link:
title = _("Password reset failed.")
message = "The password reset link seems invalid or expired."
return render.message(title, message)
username = link['username']
i = web.input()
accounts.update_account(username, password=i.password)
link.delete()
return render_template("account/password/reset_success", username=username)
def POST(self, code):
link = accounts.get_link(code)
if not link:
title = _("Password reset failed.")
message = "The password reset link seems invalid or expired."
return render.message(title, message)
username = link['username']
i = web.input()
accounts.update_account(username, password=i.password)
link.delete()
return render_template("account/password/reset_success", username=username)
def POST(self, code=None):
"""Called to regenerate account verification code.
"""
i = web.input(email=None)
account = accounts.find(email=i.email)
if not account:
return render_template("account/verify/failed", email=i.email)
elif account['status'] != "pending":
return render['account/verify/activated'](account)
else:
account.send_verification_email()
title = _("Hi %(user)s", user=account.displayname)
message = _("We've sent the verification email to %(email)s. You'll need to read that and click on the verification link to verify your email.", email=account.email)
return render.message(title, message)
def POST_resend_verification_email(self, i):
try:
ol_login = OpenLibraryAccount.authenticate(i.email, i.password)
except ClientException as e:
code = e.get_data().get("code")
if code != "account_not_verified":
return self.error("account_incorrect_password", i)
account = OpenLibraryAccount.get(email=i.email)
account.send_verification_email()
title = _("Hi, %(user)s", user=account.displayname)
message = _("We've sent the verification email to %(email)s. You'll need to read that and click on the verification link to verify your email.", email=account.email)
return render.message(title, message)
def POST(self, code=None):
"""Called to regenerate account verification code.
"""
i = web.input(email=None)
account = accounts.find(email=i.email)
if not account:
return render_template("account/verify/failed", email=i.email)
elif account['status'] != "pending":
return render['account/verify/activated'](account)
else:
account.send_verification_email()
title = _("Hi, %(user)s", user=account.displayname)
message = _("We've sent the verification email to %(email)s. You'll need to read that and click on the verification link to verify your email.", email=account.email)
return render.message(title, message)
def POST(self, code):
docs = web.ctx.site.store.values(type="account-link", name="code", value=code)
if not docs:
title = _("Password reset failed.")
message = "The password reset link seems invalid or expired."
return render.message(title, message)
doc = docs[0]
username = doc['username']
i = web.input()
web.ctx.site.update_account(username, password=i.password)
del web.ctx.site.store[doc['_key']]
return render_template("account/password/reset_success", username=username)
def POST_resend_verification_email(self, i):
try:
ol_login = OpenLibraryAccount.authenticate(i.email, i.password)
except ClientException as e:
code = e.get_data().get("code")
if code != "account_not_verified":
return self.error("account_incorrect_password", i)
account = OpenLibraryAccount.get(email=i.email)
account.send_verification_email()
title = _("Hi, %(user)s", user=account.displayname)
message = _("We've sent the verification email to %(email)s. You'll need to read that and click on the verification link to verify your email.", email=account.email)
return render.message(title, message)
def POST(self, code):
docs = web.ctx.site.store.values(type="account-link",
name="code",
value=code)
if not docs:
title = _("Password reset failed.")
message = "The password reset link seems invalid or expired."
return render.message(title, message)
doc = docs[0]
username = doc['username']
i = web.input()
web.ctx.site.update_account(username, password=i.password)
del web.ctx.site.store[doc['_key']]
return render_template("account/password/reset_success",
username=username)
def POST(self):
f = forms.ChangeEmail()
i = web.input()
if not f.validates(i):
return render['account/email'](self.get_email(), f)
else:
user = accounts.get_current_user()
username = user.key.split('/')[-1]
displayname = user.displayname or username
send_email_change_email(username, i.email)
title = _("Hi %(user)s", user=user.displayname or username)
message = _("We've sent an email to %(email)s. You'll need to read that and click on the verification link to update your email.", email=i.email)
return render.message(title, message)
def GET(self):
i = web.input(username='', email='', code='')
verified = _verify_salted_hash(get_secret_key(), i.username + ',' + i.email, i.code)
if verified:
if web.ctx.site.find_user_by_email(i.email) is not None:
title = _("Email address is already used.")
message = _("Your email address couldn't be updated. The specified email address is already used.")
else:
web.ctx.site.update_user_details(i.username, email=i.email)
title = _("Email verification successful.")
message = _('Your email address has been successfully verified and updated in your account.')
else:
title = _("Email address couldn't be verified.")
message = _("Your email address couldn't be verified. The verification link seems invalid.")
return render.message(title, message)
def POST(self):
f = forms.ChangeEmail()
i = web.input()
if not f.validates(i):
return render['account/email'](self.get_email(), f)
else:
user = accounts.get_current_user()
username = user.key.split('/')[-1]
displayname = user.displayname or username
send_email_change_email(username, i.email)
title = _("Hi %(user)s", user=user.displayname or username)
message = _("We've sent an email to %(email)s. You'll need to read that and click on the verification link to update your email.", email=i.email)
return render.message(title, message)
def POST(self):
f = forms.ChangeEmail()
i = web.input()
if not f.validates(i):
return render['account/email'](self.get_email(), f)
else:
user = web.ctx.site.get_user()
username = user.key.split('/')[-1]
code = _generate_salted_hash(get_secret_key(), username + ',' + i.email)
link = web.ctx.home + '/account/email/verify' + '?' + urllib.urlencode({"username": username, 'email': i.email, 'code': code})
msg = render['email/email/verify'](username=username, email=i.email, link=link)
sendmail(i.email, msg)
title = _("Hi %(user)s", user=user.displayname or username)
message = _("We've sent an email to %(email)s. You'll need to read that and click on the verification link to update your email.", email=i.email)
return render.message(title, message)
def POST_resend_verification_email(self, i):
try:
web.ctx.site.login(i.username, i.password)
except ClientException, e:
code = e.get_data().get("code")
if code != "account_not_verified":
return self.error("account_incorrect_password", i)
account = web.ctx.site.find_account(username=i.username)
send_verification_email(i.username, account.email)
user = web.ctx.site.get('/people/' + i.username)
title = _("Hi %(user)s", user=user.displayname or i.username)
message = _("We've sent the verification email to %(email)s. You'll need to read that and click on the verification link to verify your email.", email=account.email)
return render.message(title, message)
class account_verify(delegate.page):
"""Verify user account.
"""
path = "/account/verify/([0-9a-f]*)"
def GET(self, code):
docs = web.ctx.site.store.values(type="account-link", name="code", value=code)
if docs:
doc = docs[0]
web.ctx.site.activate_account(username=doc['username'])
del web.ctx.site.store[doc['_key']]
user = web.ctx.site.get("/people/" + doc['username'])
class account_login(delegate.page):
"""Account login.
Login can fail because of the following reasons:
* account_not_found: Error message is displayed.
* account_bad_password: Error message is displayed with a link to reset password.
* account_not_verified: Error page is dispalyed with button to "resend verification email".
"""
path = "/account/login"
def GET(self):
referer = web.ctx.env.get('HTTP_REFERER', '/')
i = web.input(redirect=referer)
f = forms.Login()
f['redirect'].value = i.redirect
return render.login(f)
def POST(self):
i = web.input(remember=False, redirect='/', action="login")
if i.action == "resend_verification_email":
return self.POST_resend_verification_email(i)
else:
return self.POST_login(i)
def error(self, name, i):
f = forms.Login()
f.fill(i)
f.note = utils.get_error(name)
return render.login(f)
def POST_login(self, i):
# make sure the username is valid
if not forms.vlogin.valid(i.username):
return self.error("account_user_notfound", i)
# Try to find account with exact username, failing which try for case variations.
account = accounts.find(username=i.username) or accounts.find(
lusername=i.username)
if not account:
return self.error("account_user_notfound", i)
if i.redirect == "/account/login" or i.redirect == "":
i.redirect = "/"
status = account.login(i.password)
if status == 'ok':
expires = (i.remember and 3600 * 24 * 7) or ""
web.setcookie(config.login_cookie_name,
web.ctx.conn.get_auth_token(),
expires=expires)
raise web.seeother(i.redirect)
elif status == "account_not_verified":
return render_template("account/not_verified",
username=account.username,
password=i.password,
email=account.email)
elif status == "account_not_found":
return self.error("account_user_notfound", i)
elif status == "account_blocked":
return self.error("account_blocked", i)
else:
return self.error("account_incorrect_password", i)
def POST_resend_verification_email(self, i):
try:
accounts.login(i.username, i.password)
except ClientException, e:
code = e.get_data().get("code")
if code != "account_not_verified":
return self.error("account_incorrect_password", i)
account = accounts.find(username=i.username)
account.send_verification_email()
title = _("Hi %(user)s", user=account.displayname)
message = _(
"We've sent the verification email to %(email)s. You'll need to read that and click on the verification link to verify your email.",
email=account.email)
return render.message(title, message)
class account_login(delegate.page):
"""Account login.
Login can fail because of the following reasons:
* account_not_found: Error message is displayed.
* account_bad_password: Error message is displayed with a link to reset password.
* account_not_verified: Error page is dispalyed with button to "resend verification email".
"""
path = "/account/login"
def GET(self):
referer = web.ctx.env.get('HTTP_REFERER', '/')
i = web.input(redirect=referer)
f = forms.Login()
f['redirect'].value = i.redirect
return render.login(f)
def POST(self):
i = web.input(email='',
connect=None,
remember=False,
redirect='/',
action="login")
if i.action == "resend_verification_email":
return self.POST_resend_verification_email(i)
else:
return self.POST_login(i)
def error(self, name, i):
f = forms.Login()
f.fill(i)
f.note = utils.get_error(name)
return render.login(f)
def error_check(self, audit, i):
if 'error' in audit:
error = audit['error']
if error == "account_not_verified":
return render_template("account/not_verified",
username=account.username,
password=i.password,
email=account.email)
elif error == "account_not_found":
return self.error("account_user_notfound", i)
elif error == "account_blocked":
return self.error("account_blocked", i)
else:
return self.error(audit['error'], i)
if not audit['link']:
# This needs to be overriden w/ `test`
return self.error("accounts_not_connected", i)
return None
def POST_login(self, i):
i = web.input(username="", password="", remember=False, redirect='')
audit = audit_accounts(i.username, i.password)
errors = self.error_check(audit, i)
if errors:
return errors
blacklist = [
"/account/login", "/account/password", "/account/email",
"/account/create"
]
if i.redirect == "" or any([path in i.redirect for path in blacklist]):
i.redirect = "/"
expires = (i.remember and 3600 * 24 * 7) or ""
web.setcookie(config.login_cookie_name,
web.ctx.conn.get_auth_token(),
expires=expires)
raise web.seeother(i.redirect)
def POST_resend_verification_email(self, i):
try:
accounts.login(i.username, i.password)
except ClientException, e:
code = e.get_data().get("code")
if code != "account_not_verified":
return self.error("account_incorrect_password", i)
account = accounts.find(username=i.username)
account.send_verification_email()
title = _("Hi %(user)s", user=account.displayname)
message = _(
"We've sent the verification email to %(email)s. You'll need to read that and click on the verification link to verify your email.",
email=account.email)
return render.message(title, message)
def POST_resend_verification_email(self, i):
try:
web.ctx.site.login(i.username, i.password)
except ClientException, e:
code = e.get_data().get("code")
if code != "account_not_verified":
return self.error("account_incorrect_password", i)
account = Account.find(username=i.username)
send_verification_email(i.username, account.email)
title = _("Hi %(user)s", user=account.displayname)
message = _(
"We've sent the verification email to %(email)s. You'll need to read that and click on the verification link to verify your email.",
email=account.email)
return render.message(title, message)
class account_verify(delegate.page):
"""Verify user account.
"""
path = "/account/verify/([0-9a-f]*)"
def GET(self, code):
docs = web.ctx.site.store.values(type="account-link",
name="code",
value=code)
if docs:
doc = docs[0]
web.ctx.site.activate_account(username=doc['username'])
def bad_link(self):
title = _("Email address couldn't be verified.")
message = _(
"Your email address couldn't be verified. The verification link seems invalid."
)
return render.message(title, message)
def bad_link(self):
title = _("Email address couldn't be verified.")
message = _("Your email address couldn't be verified. The verification link seems invalid.")
return render.message(title, message)