def send_confirmation_email(request, email):
mailer = get_mailer(request)
localizer = request.localizer
confirm_what = _('email')
if isinstance(email.profile, User) and not email.profile.verified:
confirm_what = _('account')
from assembl.auth.password import email_token
data = {
'name': email.profile.name,
'email': email.email,
'assembl': "Assembl",
'confirm_what': localizer.translate(confirm_what),
'confirm_url': maybe_contextual_route(
request, 'user_confirm_email',
ticket=email_token(email))
}
message = Message(
subject=localizer.translate(_("Please confirm your ${confirm_what} with <${assembl}>"), mapping=data),
sender=config.get('assembl.admin_email'),
recipients=["%s <%s>" % (email.profile.name, email.email)],
body=localizer.translate(_(u"""Hello, ${name}!
Please confirm your ${confirm_what} <${email}> with ${assembl} by clicking on the link below.
<${confirm_url}>
"""), mapping=data),
html=localizer.translate(_(u"""<p>Hello, ${name}!</p>
<p>Please <a href="${confirm_url}">confirm your ${confirm_what}</a> <${email}> with <${assembl}>.</p>
"""), mapping=data))
#if deferred:
# mailer.send_to_queue(message)
#else:
mailer.send(message)
def send_confirmation_email(request, email):
mailer = get_mailer(request)
localizer = request.localizer
confirm_what = _('email')
if isinstance(email.profile, User) and not email.profile.verified:
confirm_what = _('account')
text_message = _(u"""Hello, ${name}, and welcome to ${assembl}!
Please confirm your email address <${email}> and complete your registration by clicking the link below.
<${confirm_url}>
Best regards,
The ${assembl} Team""")
html_message = _(u"""<p>Hello, ${name}, and welcome to ${assembl}!</p>
<p>Please <a href="${confirm_url}">click here to confirm your email address</a>
<${email}> and complete your registration.</p>
<p>Best regards,<br />The ${assembl} Team</p>""")
else:
text_message = _(u"""Hello, ${name}!
Please confirm your new email address <${email}> on your ${assembl} account by clicking the link below.
<${confirm_url}>
Best regards,
The ${assembl} Team""")
html_message = _(u"""<p>Hello, ${name}!</p>
<p>Please <a href="${confirm_url}">click here to confirm your new email address</a>
<${email}> on your ${assembl} account.</p>
<p>Best regards,<br />The ${assembl} Team</p>""")
from assembl.auth.password import email_token
data = {
'name':
email.profile.name,
'email':
email.email,
'assembl':
"Assembl",
'confirm_what':
localizer.translate(confirm_what),
'confirm_url':
maybe_contextual_route(request,
'user_confirm_email',
ticket=email_token(email))
}
message = Message(
subject=localizer.translate(
_("Please confirm your ${confirm_what} with ${assembl}"),
mapping=data),
sender=config.get('assembl.admin_email'),
recipients=["%s <%s>" % (email.profile.name, email.email)],
body=localizer.translate(_(text_message), mapping=data),
html=localizer.translate(_(html_message), mapping=data))
#if deferred:
# mailer.send_to_queue(message)
#else:
mailer.send(message)
def send_confirmation_email(request, email, immediate=False):
mailer = get_mailer(request)
localizer = request.localizer
confirm_what = localizer.translate(_('email'))
subject = localizer.translate(
_("Please confirm your {confirm_what} with {assembl}"))
if isinstance(email.profile, User) and not email.profile.verified:
confirm_what = localizer.translate(_('account'))
text_message = localizer.translate(
_(u"""Hello, {name}, and welcome to {assembl}!
Please confirm your email address and complete your registration by clicking the link below.
<{confirm_url}>
Best regards,
The {assembl} Team"""))
html_message = localizer.translate(
_(u"""<p>Hello, {name}, and welcome to {assembl}!</p>
<p>Please <a href="{confirm_url}">click here to confirm your email address</a>
and complete your registration.</p>
<p>Best regards,<br />The {assembl} Team</p>"""))
else:
text_message = localizer.translate(
_(u"""Hello, {name}!
Please confirm your new email address <{email}> on your {assembl} account by clicking the link below.
<{confirm_url}>
Best regards,
The {assembl} Team"""))
html_message = localizer.translate(
_(u"""<p>Hello, {name}!</p>
<p>Please <a href="{confirm_url}">click here to confirm your new email address</a>
on your {assembl} account.</p>
<p>Best regards,<br />The {assembl} Team</p>"""))
from assembl.auth.password import email_token
data = dict(name=email.profile.name,
email=email.email,
assembl="Assembl",
confirm_what=confirm_what,
confirm_url=maybe_contextual_route(request,
'user_confirm_email',
token=email_token(email)))
message = Message(
subject=subject.format(**data),
sender=config.get('assembl.admin_email'),
recipients=["%s <%s>" % (email.profile.name, email.email)],
body=text_message.format(**data),
html=html_message.format(**data))
if immediate:
mailer.send_immediately(message)
else:
mailer.send(message)
def send_confirmation_email(request, email, immediate=False):
mailer = get_mailer(request)
localizer = request.localizer
confirm_what = localizer.translate(_('email'))
subject = localizer.translate(_("Please confirm your {confirm_what} with {assembl}"))
if isinstance(email.profile, User) and not email.profile.verified:
confirm_what = localizer.translate(_('account'))
text_message = localizer.translate(_(u"""Hello, {name}, and welcome to {assembl}!
Please confirm your email address and complete your registration by clicking the link below.
<{confirm_url}>
Best regards,
The {assembl} Team"""))
html_message = localizer.translate(_(u"""<p>Hello, {name}, and welcome to {assembl}!</p>
<p>Please <a href="{confirm_url}">click here to confirm your email address</a>
and complete your registration.</p>
<p>Best regards,<br />The {assembl} Team</p>"""))
else:
text_message = localizer.translate(_(u"""Hello, {name}!
Please confirm your new email address <{email}> on your {assembl} account by clicking the link below.
<{confirm_url}>
Best regards,
The {assembl} Team"""))
html_message = localizer.translate(_(u"""<p>Hello, {name}!</p>
<p>Please <a href="{confirm_url}">click here to confirm your new email address</a>
on your {assembl} account.</p>
<p>Best regards,<br />The {assembl} Team</p>"""))
from assembl.auth.password import email_token
data = dict(
name=email.profile.name,
email=email.email,
assembl="Assembl",
confirm_what=confirm_what,
confirm_url=maybe_contextual_route(
request, 'user_confirm_email',
token=email_token(email))
)
message = Message(
subject=subject.format(**data),
sender=config.get('assembl.admin_email'),
recipients=["%s <%s>" % (email.profile.name, email.email)],
body=text_message.format(**data),
html=html_message.format(**data))
if immediate:
mailer.send_immediately(message)
else:
mailer.send(message)
def send_confirmation_email(request, email):
mailer = get_mailer(request)
localizer = request.localizer
confirm_what = _('email')
if isinstance(email.profile, User) and not email.profile.verified:
confirm_what = _('account')
text_message = _(u"""Hello, ${name}, and welcome to ${assembl}!
Please confirm your email address <${email}> and complete your registration by clicking the link below.
<${confirm_url}>
Best regards,
The ${assembl} Team""")
html_message = _(u"""<p>Hello, ${name}, and welcome to ${assembl}!</p>
<p>Please <a href="${confirm_url}">click here to confirm your email address</a>
<${email}> and complete your registration.</p>
<p>Best regards,<br />The ${assembl} Team</p>""")
else:
text_message = _(u"""Hello, ${name}!
Please confirm your new email address <${email}> on your ${assembl} account by clicking the link below.
<${confirm_url}>
Best regards,
The ${assembl} Team""")
html_message = _(u"""<p>Hello, ${name}!</p>
<p>Please <a href="${confirm_url}">click here to confirm your new email address</a>
<${email}> on your ${assembl} account.</p>
<p>Best regards,<br />The ${assembl} Team</p>""")
from assembl.auth.password import email_token
data = {
'name': email.profile.name,
'email': email.email,
'assembl': "Assembl",
'confirm_what': localizer.translate(confirm_what),
'confirm_url': maybe_contextual_route(
request, 'user_confirm_email',
ticket=email_token(email))
}
message = Message(
subject=localizer.translate(_("Please confirm your ${confirm_what} with ${assembl}"), mapping=data),
sender=config.get('assembl.admin_email'),
recipients=["%s <%s>" % (email.profile.name, email.email)],
body=localizer.translate(_(text_message), mapping=data),
html=localizer.translate(_(html_message), mapping=data))
#if deferred:
# mailer.send_to_queue(message)
#else:
mailer.send(message)
def assembl_register_view(request):
slug = request.matchdict.get('discussion_slug', "")
p_slug = "/" + slug if slug else ""
next_view = handle_next_view(request)
if not request.params.get('email'):
if request.scheme == "http"\
and asbool(config.get("accept_secure_connection")):
raise HTTPFound("https://" + request.host + request.path_qs)
response = dict(get_default_context(request),
slug_prefix=p_slug)
if request.GET.get('error', None):
response['error'] = request.GET['error']
return response
forget(request)
session = AgentProfile.default_db
localizer = request.localizer
name = request.params.get('name', '').strip()
password = request.params.get('password', '').strip()
password2 = request.params.get('password2', '').strip()
email = request.params.get('email', '').strip()
if not is_email(email):
return dict(get_default_context(request),
slug_prefix=p_slug,
error=localizer.translate(_(
"This is not a valid email")))
# Find agent account to avoid duplicates!
if session.query(AbstractAgentAccount).filter_by(
email=email, verified=True).count():
return dict(get_default_context(request),
slug_prefix=p_slug,
error=localizer.translate(_(
"We already have a user with this email.")))
if password != password2:
return dict(get_default_context(request),
slug_prefix=p_slug,
error=localizer.translate(_(
"The passwords should be identical")))
# TODO: Validate password quality
# otherwise create.
validate_registration = asbool(config.get(
'assembl.validate_registration_emails'))
user = User(
name=name,
password=password,
verified=not validate_registration,
creation_date=datetime.utcnow()
)
email_account = EmailAccount(
email=email,
verified=not validate_registration,
profile=user
)
session.add(user)
session.add(email_account)
discussion = discussion_from_request(request)
if discussion:
now = datetime.utcnow()
agent_status = AgentStatusInDiscussion(
agent_profile=user, discussion=discussion,
user_created_on_this_discussion=True)
session.add(agent_status)
session.flush()
if not validate_registration:
if asbool(config.get('pyramid.debug_authorization')):
# for debugging purposes
from assembl.auth.password import email_token
print "email token:", request.route_url(
'user_confirm_email', ticket=email_token(email_account))
headers = remember(request, user.id)
user.last_login = datetime.utcnow()
request.response.headerlist.extend(headers)
# TODO: Tell them to expect an email.
request.session.pop('next_view')
return HTTPFound(location=next_view)
return HTTPFound(location=maybe_contextual_route(
request, 'confirm_emailid_sent', email_account_id=email_account.id))
def assembl_register_view(request):
slug = request.matchdict.get('discussion_slug', "")
next_view = handle_next_view(request)
if not request.params.get('email'):
if request.scheme == "http"\
and asbool(config.get("accept_secure_connection")):
return HTTPFound(get_global_base_url(True) + request.path_qs)
response = get_login_context(request)
return response
forget(request)
session = AgentProfile.default_db
localizer = request.localizer
name = request.params.get('name', '').strip()
if not name or len(name) < 3:
return dict(get_default_context(request),
error=localizer.translate(_(
"Please use a name of at least 3 characters")))
password = request.params.get('password', '').strip()
password2 = request.params.get('password2', '').strip()
email = request.params.get('email', '').strip()
if not is_email(email):
return dict(get_default_context(request),
error=localizer.translate(_(
"This is not a valid email")))
email = EmailString.normalize_email_case(email)
# Find agent account to avoid duplicates!
if session.query(AbstractAgentAccount).filter_by(
email_ci=email, verified=True).count():
return dict(get_default_context(request),
error=localizer.translate(_(
"We already have a user with this email.")))
if password != password2:
return dict(get_default_context(request),
error=localizer.translate(_(
"The passwords should be identical")))
# TODO: Validate password quality
# otherwise create.
validate_registration = asbool(config.get(
'assembl.validate_registration_emails'))
user = User(
name=name,
password=password,
verified=not validate_registration,
creation_date=datetime.utcnow()
)
email_account = EmailAccount(
email=email,
verified=not validate_registration,
profile=user
)
session.add(user)
session.add(email_account)
discussion = discussion_from_request(request)
if discussion:
permissions = get_permissions(Everyone, discussion.id)
if not (P_SELF_REGISTER in permissions or
P_SELF_REGISTER_REQUEST in permissions):
discussion = None
if discussion:
_now = datetime.utcnow()
agent_status = AgentStatusInDiscussion(
agent_profile=user, discussion=discussion,
first_visit=_now, last_visit=_now,
user_created_on_this_discussion=True)
session.add(agent_status)
session.flush()
if not validate_registration:
if asbool(config.get('pyramid.debug_authorization')):
# for debugging purposes
from assembl.auth.password import email_token
print "email token:", request.route_url(
'user_confirm_email', token=email_token(email_account))
headers = remember(request, user.id)
user.last_login = datetime.utcnow()
request.response.headerlist.extend(headers)
if discussion:
maybe_auto_subscribe(user, discussion)
# TODO: Tell them to expect an email.
return HTTPFound(location=next_view)
return HTTPFound(location=maybe_contextual_route(
request, 'confirm_emailid_sent', email_account_id=email_account.id))
def assembl_register_view(request):
slug = request.matchdict.get('discussion_slug', "")
p_slug = "/" + slug if slug else ""
next_view = handle_next_view(request)
if not request.params.get('email'):
if request.scheme == "http"\
and asbool(config.get("accept_secure_connection")):
raise HTTPFound("https://" + request.host + request.path_qs)
response = dict(get_default_context(request), slug_prefix=p_slug)
if request.GET.get('error', None):
response['error'] = request.GET['error']
return response
forget(request)
session = AgentProfile.default_db
localizer = request.localizer
name = request.params.get('name', '').strip()
password = request.params.get('password', '').strip()
password2 = request.params.get('password2', '').strip()
email = request.params.get('email', '').strip()
if not is_email(email):
return dict(get_default_context(request),
slug_prefix=p_slug,
error=localizer.translate(_("This is not a valid email")))
# Find agent account to avoid duplicates!
if session.query(AbstractAgentAccount).filter_by(email=email,
verified=True).count():
return dict(get_default_context(request),
slug_prefix=p_slug,
error=localizer.translate(
_("We already have a user with this email.")))
if password != password2:
return dict(get_default_context(request),
slug_prefix=p_slug,
error=localizer.translate(
_("The passwords should be identical")))
# TODO: Validate password quality
# otherwise create.
validate_registration = asbool(
config.get('assembl.validate_registration_emails'))
user = User(name=name,
password=password,
verified=not validate_registration,
creation_date=datetime.utcnow())
email_account = EmailAccount(email=email,
verified=not validate_registration,
profile=user)
session.add(user)
session.add(email_account)
discussion = discussion_from_request(request)
if discussion:
now = datetime.utcnow()
agent_status = AgentStatusInDiscussion(
agent_profile=user,
discussion=discussion,
user_created_on_this_discussion=True)
session.add(agent_status)
session.flush()
if not validate_registration:
if asbool(config.get('pyramid.debug_authorization')):
# for debugging purposes
from assembl.auth.password import email_token
print "email token:", request.route_url(
'user_confirm_email', ticket=email_token(email_account))
headers = remember(request, user.id)
user.last_login = datetime.utcnow()
request.response.headerlist.extend(headers)
# TODO: Tell them to expect an email.
request.session.pop('next_view')
return HTTPFound(location=next_view)
return HTTPFound(location=maybe_contextual_route(
request, 'confirm_emailid_sent', email_account_id=email_account.id))
def assembl_register_user(request):
forget(request)
localizer = request.localizer
session = AgentProfile.default_db
json = request.json
logger = logging.getLogger()
discussion = discussion_from_request(request)
permissions = get_permissions(Everyone,
discussion.id if discussion else None)
name = json.get('real_name', '').strip()
errors = JSONError()
if not name or len(name) < 3:
errors.add_error(
localizer.translate(
_("Please use a name of at least 3 characters")),
ErrorTypes.SHORT_NAME)
password = json.get('password', '').strip()
# TODO: Check password strength. maybe pwdmeter?
email = None
for account in json.get('accounts', ()):
email = account.get('email', None)
if not is_email(email):
errors.add_error(
localizer.translate(_("This is not a valid email")),
ErrorTypes.INVALID_EMAIL)
continue
email = EmailString.normalize_email_case(email)
# Find agent account to avoid duplicates!
if session.query(AbstractAgentAccount).filter_by(
email_ci=email).count():
if not discussion.preferences['generic_errors']:
errors.add_error(
localizer.translate(
_("We already have a user with this email.")),
ErrorTypes.EXISTING_EMAIL, HTTPConflict.code)
else:
errors.add_error(localizer.translate(generic_error_message),
ErrorTypes.GENERIC, HTTPConflict.code)
logger.error(
"[User creation]: We already have a user with this email %s"
% email)
if not email:
errors.add_error(localizer.translate(_("No email.")),
ErrorTypes.INVALID_EMAIL)
username = json.get('username', None)
if username:
if session.query(Username).filter(
func.lower(Username.username) == username.lower()).count():
if not discussion.preferences['generic_errors']:
errors.add_error(
localizer.translate(
_("We already have a user with this username.")),
ErrorTypes.EXISTING_USERNAME, HTTPConflict.code)
else:
errors.add_error(localizer.translate(generic_error_message),
ErrorTypes.GENERIC, HTTPConflict.code)
logger.error("We already have a user with username %s" %
username)
if len(username) > 20:
errors.add_error(
localizer.translate(
_("The username must be less than 20 characters.")),
ErrorTypes.USERNAME_TOO_LONG, HTTPBadRequest.code)
if discussion:
check_subscription = discussion.preferences['whitelist_on_register']
whitelist = discussion.preferences['require_email_domain']
if check_subscription and whitelist:
status = discussion.check_email(email)
if not status:
admin_emails = discussion.get_admin_emails()
num = len(admin_emails)
errors.add_error(
localizer.pluralize(
_("Your email domain has not been approved for registration. Please contact ${emails} for support."
),
_("Your email domain has not been approved for registration. Please contact one of ${emails} for support."
),
num,
mapping={'emails': ", ".join(admin_emails)}))
if errors:
raise errors
# This logic needs to be above the JSONError checks to ensure that whitelisting is applied
# even if the discussion does not have a P_SELF_REGISTER on system.Everyone
if discussion and not (P_SELF_REGISTER in permissions
or P_SELF_REGISTER_REQUEST in permissions):
# Consider it without context
discussion = None
validate_registration = asbool(
config.get('assembl.validate_registration_emails'))
old_autoflush = session.autoflush
session.autoflush = False
try:
now = datetime.utcnow()
user = User(name=name,
password=password,
verified=not validate_registration,
creation_date=now)
session.add(user)
session.flush()
user.update_from_json(json, user_id=user.id)
account = user.accounts[0]
email = account.email
account.verified = not validate_registration
if discussion:
agent_status = AgentStatusInDiscussion(
agent_profile=user,
discussion=discussion,
first_visit=now,
last_visit=now,
user_created_on_this_discussion=True)
session.add(agent_status)
session.flush()
# create the profile fields for custom fields
for global_id, value in json.get('profileFields', {}).iteritems():
configurable_field_id = from_global_id(global_id)[1]
configurable_field = AbstractConfigurableField.get(
configurable_field_id)
profile_field = ProfileField(
agent_profile=user,
configurable_field=configurable_field,
discussion=configurable_field.discussion,
value_data={u'value': value})
session.add(profile_field)
session.flush()
if validate_registration:
send_confirmation_email(request, account)
else:
user.verified = True
for account in user.accounts:
account.verified = True
user.successful_login()
if asbool(config.get('pyramid.debug_authorization')):
# for debugging purposes
from assembl.auth.password import email_token
print "email token:", request.route_url(
'user_confirm_email', token=email_token(account))
if discussion:
check_subscription = discussion.preferences[
'whitelist_on_register']
maybe_auto_subscribe(user,
discussion,
check_authorization=check_subscription)
session.flush()
return CreationResponse(user, Everyone, permissions)
finally:
session.autoflush = old_autoflush
def assembl_register_user(request):
forget(request)
localizer = request.localizer
session = AgentProfile.default_db
json = request.json
discussion = discussion_from_request(request)
permissions = ctx.get_permissions()
name = json.get('real_name', '').strip()
errors = JSONError()
if not name or len(name) < 3:
errors.add_error(localizer.translate(_(
"Please use a name of at least 3 characters")),
ErrorTypes.SHORT_NAME)
password = json.get('password', '').strip()
# TODO: Check password strength. maybe pwdmeter?
email = None
for account in json.get('accounts', ()):
email = account.get('email', None)
if not is_email(email):
errors.add_error(localizer.translate(_(
"This is not a valid email")),
ErrorTypes.INVALID_EMAIL)
continue
email = EmailString.normalize_email_case(email)
# Find agent account to avoid duplicates!
if session.query(AbstractAgentAccount).filter_by(
email_ci=email, verified=True).count():
errors.add_error(localizer.translate(_(
"We already have a user with this email.")),
ErrorTypes.EXISTING_EMAIL,
HTTPConflict.code)
if not email:
errors.add_error(localizer.translate(_("No email.")),
ErrorTypes.INVALID_EMAIL)
username = json.get('username', None)
if username:
if session.query(User).filter_by(
username=username).count():
errors.add_error(localizer.translate(_(
"We already have a user with this username.")),
ErrorTypes.EXISTING_USERNAME,
HTTPConflict.code)
if errors:
raise errors
validate_registration = asbool(settings.get(
'assembl.validate_registration_emails'))
old_autoflush = session.autoflush
session.autoflush = False
try:
now = datetime.utcnow()
user = User(
name=name,
password=password,
verified=not validate_registration,
creation_date=now
)
session.add(user)
session.flush()
user.update_from_json(json, user_id=user.id)
if discussion and not (
P_SELF_REGISTER in permissions or
P_SELF_REGISTER_REQUEST in permissions):
# Consider it without context
discussion = None
if discussion:
agent_status = AgentStatusInDiscussion(
agent_profile=user, discussion=discussion,
first_visit=now, last_visit=now,
user_created_on_this_discussion=True)
session.add(agent_status)
session.flush()
account = user.accounts[0]
email = account.email
account.verified = not validate_registration
if validate_registration:
send_confirmation_email(request, account)
else:
user.verified = True
for account in user.accounts:
account.verified = True
if asbool(settings.get('pyramid.debug_authorization')):
# for debugging purposes
from assembl.auth.password import email_token
log.info("email token: " + request.route_url(
'user_confirm_email', token=email_token(account)))
if discussion:
maybe_auto_subscribe(user, discussion)
session.flush()
return CreationResponse(user, Everyone, permissions)
finally:
session.autoflush = old_autoflush
def assembl_register_view(request):
slug = request.matchdict.get('discussion_slug', "")
next_view = handle_next_view(request)
if not request.params.get('email'):
if request.scheme == "http"\
and asbool(config.get("accept_secure_connection")):
return HTTPFound(get_global_base_url(True) + request.path_qs)
response = get_login_context(request)
return response
forget(request)
session = AgentProfile.default_db
localizer = request.localizer
name = request.params.get('name', '').strip()
if not name or len(name) < 3:
return dict(get_default_context(request),
error=localizer.translate(_(
"Please use a name of at least 3 characters")))
password = request.params.get('password', '').strip()
password2 = request.params.get('password2', '').strip()
email = request.params.get('email', '').strip()
if not is_email(email):
return dict(get_default_context(request),
error=localizer.translate(_(
"This is not a valid email")))
email = EmailString.normalize_email_case(email)
# Find agent account to avoid duplicates!
if session.query(AbstractAgentAccount).filter_by(
email_ci=email, verified=True).count():
return dict(get_default_context(request),
error=localizer.translate(_(
"We already have a user with this email.")))
if password != password2:
return dict(get_default_context(request),
error=localizer.translate(_(
"The passwords should be identical")))
# TODO: Validate password quality
# otherwise create.
validate_registration = asbool(config.get(
'assembl.validate_registration_emails'))
user = User(
name=name,
password=password,
verified=not validate_registration,
creation_date=datetime.utcnow()
)
email_account = EmailAccount(
email=email,
verified=not validate_registration,
profile=user
)
session.add(user)
session.add(email_account)
discussion = discussion_from_request(request)
if discussion:
permissions = get_permissions(Everyone, discussion.id)
if not (P_SELF_REGISTER in permissions or
P_SELF_REGISTER_REQUEST in permissions):
discussion = None
if discussion:
_now = datetime.utcnow()
agent_status = AgentStatusInDiscussion(
agent_profile=user, discussion=discussion,
first_visit=_now, last_visit=_now,
user_created_on_this_discussion=True)
session.add(agent_status)
session.flush()
if not validate_registration:
if asbool(config.get('pyramid.debug_authorization')):
# for debugging purposes
from assembl.auth.password import email_token
print "email token:", request.route_url(
'user_confirm_email', token=email_token(email_account))
headers = remember(request, user.id)
user.successful_login()
request.response.headerlist.extend(headers)
if discussion:
maybe_auto_subscribe(user, discussion)
# TODO: Tell them to expect an email.
return HTTPFound(location=next_view)
return HTTPFound(location=maybe_contextual_route(
request, 'confirm_emailid_sent', email_account_id=email_account.id))
def assembl_register_user(request):
forget(request)
localizer = request.localizer
session = AgentProfile.default_db
json = request.json
logger = logging.getLogger()
discussion = discussion_from_request(request)
permissions = get_permissions(
Everyone, discussion.id if discussion else None)
name = json.get('real_name', '').strip()
errors = JSONError()
if not name or len(name) < 3:
errors.add_error(localizer.translate(_(
"Please use a name of at least 3 characters")),
ErrorTypes.SHORT_NAME)
password = json.get('password', '').strip()
# TODO: Check password strength. maybe pwdmeter?
email = None
for account in json.get('accounts', ()):
email = account.get('email', None)
if not is_email(email):
errors.add_error(localizer.translate(_(
"This is not a valid email")),
ErrorTypes.INVALID_EMAIL)
continue
email = EmailString.normalize_email_case(email)
# Find agent account to avoid duplicates!
if session.query(AbstractAgentAccount).filter_by(
email_ci=email).count():
if not discussion.preferences['generic_errors']:
errors.add_error(localizer.translate(_(
"We already have a user with this email.")),
ErrorTypes.EXISTING_EMAIL,
HTTPConflict.code)
else:
errors.add_error(localizer.translate(
generic_error_message),
ErrorTypes.GENERIC,
HTTPConflict.code)
logger.error("[User creation]: We already have a user with this email %s" % email)
if not email:
errors.add_error(localizer.translate(_("No email.")),
ErrorTypes.INVALID_EMAIL)
username = json.get('username', None)
if username:
if session.query(Username).filter(
func.lower(Username.username) == username.lower()).count():
if not discussion.preferences['generic_errors']:
errors.add_error(localizer.translate(_(
"We already have a user with this username.")),
ErrorTypes.EXISTING_USERNAME,
HTTPConflict.code)
else:
errors.add_error(localizer.translate(
generic_error_message),
ErrorTypes.GENERIC,
HTTPConflict.code)
logger.error("We already have a user with username %s" % username)
if len(username) > 20:
errors.add_error(localizer.translate(_(
"The username must be less than 20 characters.")),
ErrorTypes.USERNAME_TOO_LONG,
HTTPBadRequest.code)
if discussion:
check_subscription = discussion.preferences['whitelist_on_register']
whitelist = discussion.preferences['require_email_domain']
if check_subscription and whitelist:
status = discussion.check_email(email)
if not status:
admin_emails = discussion.get_admin_emails()
num = len(admin_emails)
errors.add_error(
localizer.pluralize(
_("Your email domain has not been approved for registration. Please contact ${emails} for support."),
_("Your email domain has not been approved for registration. Please contact one of ${emails} for support."),
num,
mapping={'emails': ", ".join(admin_emails)}
)
)
if errors:
raise errors
# This logic needs to be above the JSONError checks to ensure that whitelisting is applied
# even if the discussion does not have a P_SELF_REGISTER on system.Everyone
if discussion and not (
P_SELF_REGISTER in permissions or
P_SELF_REGISTER_REQUEST in permissions):
# Consider it without context
discussion = None
validate_registration = asbool(config.get(
'assembl.validate_registration_emails'))
old_autoflush = session.autoflush
session.autoflush = False
try:
now = datetime.utcnow()
user = User(
name=name,
password=password,
verified=not validate_registration,
creation_date=now
)
session.add(user)
session.flush()
user.update_from_json(json, user_id=user.id)
account = user.accounts[0]
email = account.email
account.verified = not validate_registration
if discussion:
agent_status = AgentStatusInDiscussion(
agent_profile=user, discussion=discussion,
first_visit=now, last_visit=now,
user_created_on_this_discussion=True)
session.add(agent_status)
session.flush()
# create the profile fields for custom fields
for global_id, value in json.get('profileFields', {}).iteritems():
configurable_field_id = from_global_id(global_id)[1]
configurable_field = AbstractConfigurableField.get(configurable_field_id)
profile_field = ProfileField(
agent_profile=user,
configurable_field=configurable_field,
discussion=configurable_field.discussion,
value_data={ u'value': value }
)
session.add(profile_field)
session.flush()
if validate_registration:
send_confirmation_email(request, account)
else:
user.verified = True
for account in user.accounts:
account.verified = True
user.successful_login()
if asbool(config.get('pyramid.debug_authorization')):
# for debugging purposes
from assembl.auth.password import email_token
print "email token:", request.route_url(
'user_confirm_email', token=email_token(account))
if discussion:
check_subscription = discussion.preferences['whitelist_on_register']
maybe_auto_subscribe(user, discussion, check_authorization=check_subscription)
session.flush()
return CreationResponse(user, Everyone, permissions)
finally:
session.autoflush = old_autoflush
