Exemplo n.º 1
0
def register_user(request, register_form):
    """ Handle user registration """
    extra_validation_passes = auth.extra_validation(register_form)

    if extra_validation_passes:
        # Create the user
        user = auth.create_user(register_form)

        # give the user the default privileges
        default_privileges = [
            Privilege.query.filter(Privilege.privilege_name==u'commenter').first(),
            Privilege.query.filter(Privilege.privilege_name==u'uploader').first(),
            Privilege.query.filter(Privilege.privilege_name==u'reporter').first()]
        user.all_privileges += default_privileges
        user.save()

        # log the user in
        request.session['user_id'] = unicode(user.id)
        request.session.save()

        # send verification email
        email_debug_message(request)
        send_verification_email(user, request)

        return user

    return None
def forgot_password(request):
    """
    Forgot password view

    Sends an email with an url to renew forgotten password.
    Use GET querystring parameter 'username' to pre-populate the input field
    """
    fp_form = auth_forms.ForgotPassForm(request.form,
                                   username=request.args.get('username'))

    if not (request.method == 'POST' and fp_form.validate()):
        # Either GET request, or invalid form submitted. Display the template
        return render_to_response(request,
            'mediagoblin/plugins/recaptcha/forgot_password.html',
            {'fp_form': fp_form})

    # If we are here: method == POST and form is valid. username casing
    # has been sanitized. Store if a user was found by email. We should
    # not reveal if the operation was successful then as we don't want to
    # leak if an email address exists in the system.
    found_by_email = '@' in fp_form.username.data

    if found_by_email:
        user = User.query.filter_by(
            email=fp_form.username.data).first()
        # Don't reveal success in case the lookup happened by email address.
        success_message = _("If that email address (case sensitive!) is "
                            "registered an email has been sent with "
                            "instructions on how to change your password.")

    else:  # found by username
        user = User.query.filter_by(
            username=fp_form.username.data).first()

        if user is None:
            messages.add_message(request,
                                 messages.WARNING,
                                 _("Couldn't find someone with that username."))
            return redirect(request, 'mediagoblin.auth.forgot_password')

        success_message = _("An email has been sent with instructions "
                            "on how to change your password.")

    if user and user.has_privilege(u'active') is False:
        # Don't send reminder because user is inactive or has no verified email
        messages.add_message(request,
            messages.WARNING,
            _("Could not send password recovery email as your username is in"
              "active or your account's email address has not been verified."))

        return redirect(request, 'mediagoblin.user_pages.user_home',
                        user=user.username)

    # SUCCESS. Send reminder and return to login page
    if user:
        email_debug_message(request)
        tools.send_fp_verification_email(user, request)

    messages.add_message(request, messages.INFO, success_message)
    return redirect(request, 'mediagoblin.auth.login')
Exemplo n.º 3
0
def resend_activation(request):
    """
    The reactivation view

    Resend the activation email.
    """

    if request.user is None:
        messages.add_message(
            request, messages.ERROR,
            _('You must be logged in so we know who to send the email to!'))

        return redirect(request, 'mediagoblin.auth.login')

    if request.user.has_privilege(u'active'):
        messages.add_message(request, messages.ERROR,
                             _("You've already verified your email address!"))

        return redirect(request,
                        "mediagoblin.user_pages.user_home",
                        user=request.user.username)

    email_debug_message(request)
    send_verification_email(request.user, request)

    messages.add_message(request, messages.INFO,
                         _('Resent your verification email.'))
    return redirect(request,
                    'mediagoblin.user_pages.user_home',
                    user=request.user.username)
Exemplo n.º 4
0
def _update_email(request, form, user):
    new_email = form.new_email.data
    users_with_email = User.query.filter_by(email=new_email).count()

    if users_with_email:
        form.new_email.errors.append(
            _('Sorry, a user with that email address'
              ' already exists.'))

    elif not users_with_email:
        verification_key = get_timed_signer_url(
            'mail_verification_token').dumps({
                'user': user.id,
                'email': new_email
            })

        rendered_email = render_template(
            request, 'mediagoblin/edit/verification.txt', {
                'username':
                user.username,
                'verification_url':
                EMAIL_VERIFICATION_TEMPLATE.format(
                    uri=request.urlgen('mediagoblin.edit.verify_email',
                                       qualified=True),
                    verification_key=verification_key)
            })

        email_debug_message(request)
        auth_tools.send_verification_email(user, request, new_email,
                                           rendered_email)
Exemplo n.º 5
0
def resend_activation(request):
    """
    The reactivation view

    Resend the activation email.
    """

    if request.user is None:
        messages.add_message(
            request,
            messages.ERROR,
            _('You must be logged in so we know who to send the email to!'))

        return redirect(request, 'mediagoblin.auth.login')

    if request.user.has_privilege(u'active'):
        messages.add_message(
            request,
            messages.ERROR,
            _("You've already verified your email address!"))

        return redirect(request, "mediagoblin.user_pages.user_home", user=request.user.username)

    email_debug_message(request)
    send_verification_email(request.user, request)

    messages.add_message(
        request,
        messages.INFO,
        _('Resent your verification email.'))
    return redirect(
        request, 'mediagoblin.user_pages.user_home',
        user=request.user.username)
Exemplo n.º 6
0
def forgot_password(request):
    """
    Forgot password view

    Sends an email with an url to renew forgotten password.
    Use GET querystring parameter 'username' to pre-populate the input field
    """
    fp_form = forms.ForgotPassForm(request.form,
                                   username=request.args.get('username'))

    if not (request.method == 'POST' and fp_form.validate()):
        # Either GET request, or invalid form submitted. Display the template
        return render_to_response(
            request, 'mediagoblin/plugins/basic_auth/forgot_password.html',
            {'fp_form': fp_form})

    # If we are here: method == POST and form is valid. username casing
    # has been sanitized. Store if a user was found by email. We should
    # not reveal if the operation was successful then as we don't want to
    # leak if an email address exists in the system.
    found_by_email = '@' in fp_form.username.data

    if found_by_email:
        user = User.query.filter_by(email=fp_form.username.data).first()
        # Don't reveal success in case the lookup happened by email address.
        success_message = _("If that email address (case sensitive!) is "
                            "registered an email has been sent with "
                            "instructions on how to change your password.")

    else:  # found by username
        user = User.query.filter_by(username=fp_form.username.data).first()

        if user is None:
            messages.add_message(
                request, messages.WARNING,
                _("Couldn't find someone with that username."))
            return redirect(request, 'mediagoblin.auth.forgot_password')

        success_message = _("An email has been sent with instructions "
                            "on how to change your password.")

    if user and user.has_privilege(u'active') is False:
        # Don't send reminder because user is inactive or has no verified email
        messages.add_message(
            request, messages.WARNING,
            _("Could not send password recovery email as your username is in"
              "active or your account's email address has not been verified."))

        return redirect(request,
                        'mediagoblin.user_pages.user_home',
                        user=user.username)

    # SUCCESS. Send reminder and return to login page
    if user:
        email_debug_message(request)
        tools.send_fp_verification_email(user, request)

    messages.add_message(request, messages.INFO, success_message)
    return redirect(request, 'mediagoblin.auth.login')
Exemplo n.º 7
0
def change_email(request):
    """ View to change the user's email """
    form = forms.ChangeEmailForm(request.method == 'POST' and request.form
                                 or None)
    user = request.user

    # If no password authentication, no need to enter a password
    if 'pass_auth' not in request.template_env.globals or not user.pw_hash:
        form.__delitem__('password')

    if request.method == 'POST' and form.validate():
        new_email = form.new_email.data
        users_with_email = User.query.filter(
            LocalUser.email == new_email).count()

        if users_with_email:
            form.new_email.errors.append(
                _('Sorry, a user with that email address'
                  ' already exists.'))

        if form.password and user.pw_hash and not check_password(
                form.password.data, user.pw_hash):
            form.password.errors.append(_('Wrong password'))

        if not form.errors:
            verification_key = get_timed_signer_url(
                'mail_verification_token').dumps({
                    'user': user.id,
                    'email': new_email
                })

            rendered_email = render_template(
                request, 'mediagoblin/edit/verification.txt', {
                    'username':
                    user.username,
                    'verification_url':
                    EMAIL_VERIFICATION_TEMPLATE.format(
                        uri=request.urlgen('mediagoblin.edit.verify_email',
                                           qualified=True),
                        verification_key=verification_key)
                })

            email_debug_message(request)
            auth_tools.send_verification_email(user, request, new_email,
                                               rendered_email)

            return redirect(request, 'mediagoblin.edit.account')

    return render_to_response(request, 'mediagoblin/edit/change_email.html', {
        'form': form,
        'user': user
    })
Exemplo n.º 8
0
def change_email(request):
    """ View to change the user's email """
    form = forms.ChangeEmailForm(request.form)
    user = request.user

    # If no password authentication, no need to enter a password
    if 'pass_auth' not in request.template_env.globals or not user.pw_hash:
        form.__delitem__('password')

    if request.method == 'POST' and form.validate():
        new_email = form.new_email.data
        users_with_email = User.query.filter(
            LocalUser.email==new_email
        ).count()

        if users_with_email:
            form.new_email.errors.append(
                _('Sorry, a user with that email address'
                    ' already exists.'))

        if form.password and user.pw_hash and not check_password(
                form.password.data, user.pw_hash):
            form.password.errors.append(
                _('Wrong password'))

        if not form.errors:
            verification_key = get_timed_signer_url(
                'mail_verification_token').dumps({
                    'user': user.id,
                    'email': new_email})

            rendered_email = render_template(
                request, 'mediagoblin/edit/verification.txt',
                {'username': user.username,
                    'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
                    uri=request.urlgen('mediagoblin.edit.verify_email',
                                    qualified=True),
                    verification_key=verification_key)})

            email_debug_message(request)
            auth_tools.send_verification_email(user, request, new_email,
                                            rendered_email)

            return redirect(request, 'mediagoblin.edit.account')

    return render_to_response(
        request,
        'mediagoblin/edit/change_email.html',
        {'form': form,
         'user': user})
Exemplo n.º 9
0
def register_user(request, register_form):
    """ Handle user registration """
    extra_validation_passes = auth.extra_validation(register_form)

    if extra_validation_passes:
        # Create the user
        user = auth.create_user(register_form)

        # log the user in
        request.session['user_id'] = unicode(user.id)
        request.session.save()

        # send verification email
        email_debug_message(request)
        send_verification_email(user, request)

        return user

    return None
Exemplo n.º 10
0
def register_user(request, register_form):
    """ Handle user registration """
    extra_validation_passes = auth.extra_validation(register_form)

    if extra_validation_passes:
        # Create the user
        user = auth.create_user(register_form)

        # log the user in
        request.session['user_id'] = unicode(user.id)
        request.session.save()

        # send verification email
        email_debug_message(request)
        send_verification_email(user, request)

        return user

    return None
Exemplo n.º 11
0
def register_user(request, register_form):
    """ Handle user registration """
    extra_validation_passes = auth.extra_validation(register_form)

    if extra_validation_passes:
        # Create the user
        user = auth.create_user(register_form)

        # give the user the default privileges
        user.all_privileges += get_default_privileges(user)
        user.save()

        # log the user in
        request.session['user_id'] = six.text_type(user.id)
        request.session.save()

        # send verification email
        email_debug_message(request)
        send_verification_email(user, request)

        return user

    return None
Exemplo n.º 12
0
def register_user(request, register_form):
    """ Handle user registration """
    extra_validation_passes = auth.extra_validation(register_form)

    if extra_validation_passes:
        # Create the user
        user = auth.create_user(register_form)

        # give the user the default privileges
        user.all_privileges += get_default_privileges(user)
        user.save()

        # log the user in
        request.session['user_id'] = six.text_type(user.id)
        request.session.save()

        # send verification email
        email_debug_message(request)
        send_verification_email(user, request)

        return user

    return None
Exemplo n.º 13
0
def _update_email(request, form, user):
    new_email = form.new_email.data
    users_with_email = User.query.filter_by(email=new_email).count()

    if users_with_email:
        form.new_email.errors.append(_("Sorry, a user with that email address" " already exists."))

    elif not users_with_email:
        verification_key = get_timed_signer_url("mail_verification_token").dumps({"user": user.id, "email": new_email})

        rendered_email = render_template(
            request,
            "mediagoblin/edit/verification.txt",
            {
                "username": user.username,
                "verification_url": EMAIL_VERIFICATION_TEMPLATE.format(
                    uri=request.urlgen("mediagoblin.edit.verify_email", qualified=True),
                    verification_key=verification_key,
                ),
            },
        )

        email_debug_message(request)
        auth_tools.send_verification_email(user, request, new_email, rendered_email)