def register_user(request, register_form):
""" Handle user registration """
extra_validation_passes = auth.extra_validation(register_form)
if extra_validation_passes:
# Create the user
user = auth.create_user(register_form)
# give the user the default privileges
default_privileges = [
Privilege.query.filter(Privilege.privilege_name==u'commenter').first(),
Privilege.query.filter(Privilege.privilege_name==u'uploader').first(),
Privilege.query.filter(Privilege.privilege_name==u'reporter').first()]
user.all_privileges += default_privileges
user.save()
# log the user in
request.session['user_id'] = unicode(user.id)
request.session.save()
# send verification email
email_debug_message(request)
send_verification_email(user, request)
return user
return None
def forgot_password(request):
"""
Forgot password view
Sends an email with an url to renew forgotten password.
Use GET querystring parameter 'username' to pre-populate the input field
"""
fp_form = auth_forms.ForgotPassForm(request.form,
username=request.args.get('username'))
if not (request.method == 'POST' and fp_form.validate()):
# Either GET request, or invalid form submitted. Display the template
return render_to_response(request,
'mediagoblin/plugins/recaptcha/forgot_password.html',
{'fp_form': fp_form})
# If we are here: method == POST and form is valid. username casing
# has been sanitized. Store if a user was found by email. We should
# not reveal if the operation was successful then as we don't want to
# leak if an email address exists in the system.
found_by_email = '@' in fp_form.username.data
if found_by_email:
user = User.query.filter_by(
email=fp_form.username.data).first()
# Don't reveal success in case the lookup happened by email address.
success_message = _("If that email address (case sensitive!) is "
"registered an email has been sent with "
"instructions on how to change your password.")
else: # found by username
user = User.query.filter_by(
username=fp_form.username.data).first()
if user is None:
messages.add_message(request,
messages.WARNING,
_("Couldn't find someone with that username."))
return redirect(request, 'mediagoblin.auth.forgot_password')
success_message = _("An email has been sent with instructions "
"on how to change your password.")
if user and user.has_privilege(u'active') is False:
# Don't send reminder because user is inactive or has no verified email
messages.add_message(request,
messages.WARNING,
_("Could not send password recovery email as your username is in"
"active or your account's email address has not been verified."))
return redirect(request, 'mediagoblin.user_pages.user_home',
user=user.username)
# SUCCESS. Send reminder and return to login page
if user:
email_debug_message(request)
tools.send_fp_verification_email(user, request)
messages.add_message(request, messages.INFO, success_message)
return redirect(request, 'mediagoblin.auth.login')
def resend_activation(request):
"""
The reactivation view
Resend the activation email.
"""
if request.user is None:
messages.add_message(
request, messages.ERROR,
_('You must be logged in so we know who to send the email to!'))
return redirect(request, 'mediagoblin.auth.login')
if request.user.has_privilege(u'active'):
messages.add_message(request, messages.ERROR,
_("You've already verified your email address!"))
return redirect(request,
"mediagoblin.user_pages.user_home",
user=request.user.username)
email_debug_message(request)
send_verification_email(request.user, request)
messages.add_message(request, messages.INFO,
_('Resent your verification email.'))
return redirect(request,
'mediagoblin.user_pages.user_home',
user=request.user.username)
def _update_email(request, form, user):
new_email = form.new_email.data
users_with_email = User.query.filter_by(email=new_email).count()
if users_with_email:
form.new_email.errors.append(
_('Sorry, a user with that email address'
' already exists.'))
elif not users_with_email:
verification_key = get_timed_signer_url(
'mail_verification_token').dumps({
'user': user.id,
'email': new_email
})
rendered_email = render_template(
request, 'mediagoblin/edit/verification.txt', {
'username':
user.username,
'verification_url':
EMAIL_VERIFICATION_TEMPLATE.format(
uri=request.urlgen('mediagoblin.edit.verify_email',
qualified=True),
verification_key=verification_key)
})
email_debug_message(request)
auth_tools.send_verification_email(user, request, new_email,
rendered_email)
def resend_activation(request):
"""
The reactivation view
Resend the activation email.
"""
if request.user is None:
messages.add_message(
request,
messages.ERROR,
_('You must be logged in so we know who to send the email to!'))
return redirect(request, 'mediagoblin.auth.login')
if request.user.has_privilege(u'active'):
messages.add_message(
request,
messages.ERROR,
_("You've already verified your email address!"))
return redirect(request, "mediagoblin.user_pages.user_home", user=request.user.username)
email_debug_message(request)
send_verification_email(request.user, request)
messages.add_message(
request,
messages.INFO,
_('Resent your verification email.'))
return redirect(
request, 'mediagoblin.user_pages.user_home',
user=request.user.username)
def forgot_password(request):
"""
Forgot password view
Sends an email with an url to renew forgotten password.
Use GET querystring parameter 'username' to pre-populate the input field
"""
fp_form = forms.ForgotPassForm(request.form,
username=request.args.get('username'))
if not (request.method == 'POST' and fp_form.validate()):
# Either GET request, or invalid form submitted. Display the template
return render_to_response(
request, 'mediagoblin/plugins/basic_auth/forgot_password.html',
{'fp_form': fp_form})
# If we are here: method == POST and form is valid. username casing
# has been sanitized. Store if a user was found by email. We should
# not reveal if the operation was successful then as we don't want to
# leak if an email address exists in the system.
found_by_email = '@' in fp_form.username.data
if found_by_email:
user = User.query.filter_by(email=fp_form.username.data).first()
# Don't reveal success in case the lookup happened by email address.
success_message = _("If that email address (case sensitive!) is "
"registered an email has been sent with "
"instructions on how to change your password.")
else: # found by username
user = User.query.filter_by(username=fp_form.username.data).first()
if user is None:
messages.add_message(
request, messages.WARNING,
_("Couldn't find someone with that username."))
return redirect(request, 'mediagoblin.auth.forgot_password')
success_message = _("An email has been sent with instructions "
"on how to change your password.")
if user and user.has_privilege(u'active') is False:
# Don't send reminder because user is inactive or has no verified email
messages.add_message(
request, messages.WARNING,
_("Could not send password recovery email as your username is in"
"active or your account's email address has not been verified."))
return redirect(request,
'mediagoblin.user_pages.user_home',
user=user.username)
# SUCCESS. Send reminder and return to login page
if user:
email_debug_message(request)
tools.send_fp_verification_email(user, request)
messages.add_message(request, messages.INFO, success_message)
return redirect(request, 'mediagoblin.auth.login')
def change_email(request):
""" View to change the user's email """
form = forms.ChangeEmailForm(request.method == 'POST' and request.form
or None)
user = request.user
# If no password authentication, no need to enter a password
if 'pass_auth' not in request.template_env.globals or not user.pw_hash:
form.__delitem__('password')
if request.method == 'POST' and form.validate():
new_email = form.new_email.data
users_with_email = User.query.filter(
LocalUser.email == new_email).count()
if users_with_email:
form.new_email.errors.append(
_('Sorry, a user with that email address'
' already exists.'))
if form.password and user.pw_hash and not check_password(
form.password.data, user.pw_hash):
form.password.errors.append(_('Wrong password'))
if not form.errors:
verification_key = get_timed_signer_url(
'mail_verification_token').dumps({
'user': user.id,
'email': new_email
})
rendered_email = render_template(
request, 'mediagoblin/edit/verification.txt', {
'username':
user.username,
'verification_url':
EMAIL_VERIFICATION_TEMPLATE.format(
uri=request.urlgen('mediagoblin.edit.verify_email',
qualified=True),
verification_key=verification_key)
})
email_debug_message(request)
auth_tools.send_verification_email(user, request, new_email,
rendered_email)
return redirect(request, 'mediagoblin.edit.account')
return render_to_response(request, 'mediagoblin/edit/change_email.html', {
'form': form,
'user': user
})
def change_email(request):
""" View to change the user's email """
form = forms.ChangeEmailForm(request.form)
user = request.user
# If no password authentication, no need to enter a password
if 'pass_auth' not in request.template_env.globals or not user.pw_hash:
form.__delitem__('password')
if request.method == 'POST' and form.validate():
new_email = form.new_email.data
users_with_email = User.query.filter(
LocalUser.email==new_email
).count()
if users_with_email:
form.new_email.errors.append(
_('Sorry, a user with that email address'
' already exists.'))
if form.password and user.pw_hash and not check_password(
form.password.data, user.pw_hash):
form.password.errors.append(
_('Wrong password'))
if not form.errors:
verification_key = get_timed_signer_url(
'mail_verification_token').dumps({
'user': user.id,
'email': new_email})
rendered_email = render_template(
request, 'mediagoblin/edit/verification.txt',
{'username': user.username,
'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
uri=request.urlgen('mediagoblin.edit.verify_email',
qualified=True),
verification_key=verification_key)})
email_debug_message(request)
auth_tools.send_verification_email(user, request, new_email,
rendered_email)
return redirect(request, 'mediagoblin.edit.account')
return render_to_response(
request,
'mediagoblin/edit/change_email.html',
{'form': form,
'user': user})
def register_user(request, register_form):
""" Handle user registration """
extra_validation_passes = auth.extra_validation(register_form)
if extra_validation_passes:
# Create the user
user = auth.create_user(register_form)
# log the user in
request.session['user_id'] = unicode(user.id)
request.session.save()
# send verification email
email_debug_message(request)
send_verification_email(user, request)
return user
return None
def register_user(request, register_form):
""" Handle user registration """
extra_validation_passes = auth.extra_validation(register_form)
if extra_validation_passes:
# Create the user
user = auth.create_user(register_form)
# log the user in
request.session['user_id'] = unicode(user.id)
request.session.save()
# send verification email
email_debug_message(request)
send_verification_email(user, request)
return user
return None
def register_user(request, register_form):
""" Handle user registration """
extra_validation_passes = auth.extra_validation(register_form)
if extra_validation_passes:
# Create the user
user = auth.create_user(register_form)
# give the user the default privileges
user.all_privileges += get_default_privileges(user)
user.save()
# log the user in
request.session['user_id'] = six.text_type(user.id)
request.session.save()
# send verification email
email_debug_message(request)
send_verification_email(user, request)
return user
return None
def register_user(request, register_form):
""" Handle user registration """
extra_validation_passes = auth.extra_validation(register_form)
if extra_validation_passes:
# Create the user
user = auth.create_user(register_form)
# give the user the default privileges
user.all_privileges += get_default_privileges(user)
user.save()
# log the user in
request.session['user_id'] = six.text_type(user.id)
request.session.save()
# send verification email
email_debug_message(request)
send_verification_email(user, request)
return user
return None
def _update_email(request, form, user):
new_email = form.new_email.data
users_with_email = User.query.filter_by(email=new_email).count()
if users_with_email:
form.new_email.errors.append(_("Sorry, a user with that email address" " already exists."))
elif not users_with_email:
verification_key = get_timed_signer_url("mail_verification_token").dumps({"user": user.id, "email": new_email})
rendered_email = render_template(
request,
"mediagoblin/edit/verification.txt",
{
"username": user.username,
"verification_url": EMAIL_VERIFICATION_TEMPLATE.format(
uri=request.urlgen("mediagoblin.edit.verify_email", qualified=True),
verification_key=verification_key,
),
},
)
email_debug_message(request)
auth_tools.send_verification_email(user, request, new_email, rendered_email)