def secure_url_with_token(self, url, user_data=None):
if user_data is None:
(user_data, _) = self.resolve_user_info()
if not user_data:
if not self.request_string("reset_token", default=""):
logging.warn("No user detected for password change")
return util.secure_url(url)
token = TransferAuthToken.for_user(user_data).value
if url.find('?') == -1:
return "%s?transfer_token=%s" % (util.secure_url(url),
urllib.quote_plus(token))
else:
return "%s&transfer_token=%s" % (util.secure_url(url),
urllib.quote_plus(token))
def secure_url_with_token(self, url, user_data=None):
if user_data is None:
(user_data, _) = self.resolve_user_info()
if not user_data:
if not self.request_string("reset_token", default=""):
logging.warn("No user detected for password change")
return util.secure_url(url)
token = TransferAuthToken.for_user(user_data).value
if url.find('?') == -1:
return "%s?transfer_token=%s" % (util.secure_url(url),
urllib.quote_plus(token))
else:
return "%s&transfer_token=%s" % (util.secure_url(url),
urllib.quote_plus(token))
def render_outer(self):
"""Render the second part of the user signup step, after the user
has verified ownership of their e-mail account.
The request URI must include a valid token from an UnverifiedUser, and
can be made via build_link(), or be made by a user without an existing
password set.
Note that the contents are actually rendered in an iframe so it
can be sent over https (generated in render_form).
"""
(valid_token, _) = self.resolve_token()
user_data = UserData.current()
if valid_token and user_data:
if not user_data.is_phantom:
logging.info("User tried to verify e-mail and complete a " +
"signup in a browser with an existing " +
"signed-in user. Forcefully signing old user " +
"out to avoid conflicts")
self.redirect(util.create_logout_url(self.request.uri))
return
# Ignore phantom users.
user_data = None
if not valid_token and not user_data:
# Just take them to the homepage for now.
self.redirect("/")
return
transfer_token = None
if user_data:
if user_data.has_password():
# The user already has a KA login - redirect them to their profile
self.redirect(user_data.profile_root)
return
elif not user_data.has_sendable_email():
# This is a case where a Facebook user logged in and tried
# to signup for a KA password. Unfortunately, since we don't
# have their e-mail, we can't let them proceed, since, without
# a valid e-mail we can't reset passwords, etc.
logging.error("User tried to signup for password with "
"no email associated with the account")
self.redirect("/")
return
else:
# Here we have a valid user, and need to transfer their identity
# to the inner iframe that will be hosted on https.
# Since their current cookies may not be transferred/valid in
# https, mint a custom, short-lived token to transfer identity.
transfer_token = TransferAuthToken.for_user(user_data).value
template_values = {
'params': util.build_params({
'token': valid_token,
'transfer_token': transfer_token,
}),
'continue': self.request_string("continue", default="/")
}
self.render_jinja2_template('completesignup.html', template_values)
def render_outer(self):
"""Render the second part of the user signup step, after the user
has verified ownership of their e-mail account.
The request URI must include a valid token from an UnverifiedUser, and
can be made via build_link(), or be made by a user without an existing
password set.
Note that the contents are actually rendered in an iframe so it
can be sent over https (generated in render_form).
"""
(valid_token, _) = self.resolve_token()
user_data = UserData.current()
if valid_token and user_data:
if not user_data.is_phantom:
logging.info("User tried to verify e-mail and complete a " +
"signup in a browser with an existing " +
"signed-in user. Forcefully signing old user " +
"out to avoid conflicts")
self.redirect(util.create_logout_url(self.request.uri))
return
# Ignore phantom users.
user_data = None
if not valid_token and not user_data:
# Just take them to the homepage for now.
self.redirect("/")
return
transfer_token = None
if user_data:
if user_data.has_password():
# The user already has a KA login - redirect them to their profile
self.redirect(user_data.profile_root)
return
elif not user_data.has_sendable_email():
# This is a case where a Facebook user logged in and tried
# to signup for a KA password. Unfortunately, since we don't
# have their e-mail, we can't let them proceed, since, without
# a valid e-mail we can't reset passwords, etc.
logging.error("User tried to signup for password with "
"no email associated with the account")
self.redirect("/")
return
else:
# Here we have a valid user, and need to transfer their identity
# to the inner iframe that will be hosted on https.
# Since their current cookies may not be transferred/valid in
# https, mint a custom, short-lived token to transfer identity.
transfer_token = TransferAuthToken.for_user(user_data).value
template_values = {
'params':
util.build_params({
'token': valid_token,
'transfer_token': transfer_token,
}),
'continue':
self.request_string("continue", default="/")
}
self.render_jinja2_template('completesignup.html', template_values)
