def _register(self, username, email, password):
user = User(username=username, email=email, password=password)
self.request.db.add(user)
# Create a new activation for the user
activation = Activation()
self.request.db.add(activation)
user.activation = activation
# Flush the session to ensure that the user can be created and the
# activation is successfully wired up
self.request.db.flush()
# Send the activation email
message = activation_email(self.request, user)
mailer = get_mailer(self.request)
mailer.send(message)
self.request.session.flash(
jinja2.Markup(
_('Thank you for creating an account! '
"We've sent you an email with an activation link, "
'before you can sign in <strong>please check your email and open '
'the link to activate your account</strong>.')), 'success')
self.request.registry.notify(RegistrationEvent(self.request, user))
def activate(self):
"""
Handle a request for a user activation link.
Checks if the activation code passed is valid, and (as a safety check)
that it is an activation for the passed user id. If all is well,
activate the user and redirect them to the stream.
"""
code = self.request.matchdict.get("code")
id_ = self.request.matchdict.get("id")
if code is None or id_ is None:
return httpexceptions.HTTPNotFound()
try:
id_ = int(id_)
except ValueError:
return httpexceptions.HTTPNotFound()
activation = Activation.get_by_code(code)
if activation is None:
return httpexceptions.HTTPNotFound()
user = User.get_by_activation(activation)
if user is None or user.id != id_:
return httpexceptions.HTTPNotFound()
# Activate the user (by deleting the activation)
self.request.db.delete(activation)
self.request.session.flash(_("Your e-mail address has been verified. " "Thank you!"), "success")
self.request.registry.notify(ActivationEvent(self.request, user))
return httpexceptions.HTTPFound(location=self.request.route_url("index"))
def forgot_password(self):
"""
Handle submission of the forgot password form.
Validates that the email is one we know about, and then generates a new
activation for the associated user, and dispatches a "reset your
password" email which contains a token and/or link to the reset
password form.
"""
schema = schemas.ForgotPasswordSchema().bind(request=self.request)
form = deform.Form(schema)
# Nothing to do here for logged-in users
if self.request.authenticated_userid is not None:
return httpexceptions.HTTPFound(
location=self.forgot_password_redirect)
err, appstruct = validate_form(form, self.request.POST.items())
if err is not None:
return err
# If the validation passes, we assume the user exists.
#
# TODO: fix this latent race condition by returning a user object in
# the appstruct.
user = User.get_by_email(appstruct['email'])
# Create a new activation for this user. Any previous activation will
# get overwritten.
activation = Activation()
self.request.db.add(activation)
user.activation = activation
# Write the new activation to the database in order to set up the
# foreign key field and generate the code.
self.request.db.flush()
# Send the reset password email
code = user.activation.code
link = reset_password_link(self.request, code)
message = reset_password_email(user, code, link)
mailer = get_mailer(self.request)
mailer.send(message)
self.request.session.flash(
_("Please check your email to finish "
"resetting your password."), "success")
return httpexceptions.HTTPFound(location=self.reset_password_redirect)
def _send_forgot_password_email(self, user):
# Create a new activation for this user. Any previous activation will
# get overwritten.
activation = Activation()
self.request.db.add(activation)
user.activation = activation
# Write the new activation to the database in order to set up the
# foreign key field and generate the code.
self.request.db.flush()
# Send the reset password email
code = user.activation.code
link = reset_password_link(self.request, code)
message = reset_password_email(user, code, link)
mailer = get_mailer(self.request)
mailer.send(message)
def get_when_not_logged_in(self):
"""
Handle a request for a user activation link.
Checks if the activation code passed is valid, and (as a safety check)
that it is an activation for the passed user id. If all is well,
activate the user and redirect them to the stream.
"""
code = self.request.matchdict.get('code')
id_ = self.request.matchdict.get('id')
try:
id_ = int(id_)
except ValueError:
raise httpexceptions.HTTPNotFound()
activation = Activation.get_by_code(code)
if activation is None:
self.request.session.flash(
jinja2.Markup(
_("We didn't recognize that activation link. "
"Perhaps you've already activated your account? "
'If so, try <a href="{url}">signing in</a> using the username '
'and password that you provided.').format(
url=self.request.route_url('login'))), 'error')
return httpexceptions.HTTPFound(
location=self.request.route_url('index'))
user = User.get_by_activation(activation)
if user is None or user.id != id_:
raise httpexceptions.HTTPNotFound()
user.activate()
self.request.session.flash(
jinja2.Markup(
_('Your account has been activated! '
'You can now <a href="{url}">sign in</a> using the password you '
'provided.').format(url=self.request.route_url('login'))),
'success')
self.request.registry.notify(ActivationEvent(self.request, user))
return httpexceptions.HTTPFound(
location=self.request.route_url('index'))
def get_when_not_logged_in(self):
"""
Handle a request for a user activation link.
Checks if the activation code passed is valid, and (as a safety check)
that it is an activation for the passed user id. If all is well,
activate the user and redirect them to the stream.
"""
code = self.request.matchdict.get('code')
id_ = self.request.matchdict.get('id')
try:
id_ = int(id_)
except ValueError:
raise httpexceptions.HTTPNotFound()
activation = Activation.get_by_code(self.request.db, code)
if activation is None:
self.request.session.flash(jinja2.Markup(_(
"We didn't recognize that activation link. "
"Perhaps you've already activated your account? "
'If so, try <a href="{url}">logging in</a> using the username '
'and password that you provided.').format(
url=self.request.route_url('login'))),
'error')
return httpexceptions.HTTPFound(
location=self.request.route_url('index'))
user = User.get_by_activation(self.request.db, activation)
if user is None or user.id != id_:
raise httpexceptions.HTTPNotFound()
user.activate()
self.request.session.flash(jinja2.Markup(_(
'Your account has been activated! '
'You can now <a href="{url}">log in</a> using the password you '
'provided.').format(url=self.request.route_url('login'))),
'success')
self.request.registry.notify(ActivationEvent(self.request, user))
return httpexceptions.HTTPFound(
location=self.request.route_url('index'))
def activate(self):
"""
Handle a request for a user activation link.
Checks if the activation code passed is valid, and (as a safety check)
that it is an activation for the passed user id. If all is well,
activate the user and redirect them to the stream.
"""
code = self.request.matchdict.get("code")
id_ = self.request.matchdict.get("id")
if code is None or id_ is None:
return httpexceptions.HTTPNotFound()
try:
id_ = int(id_)
except ValueError:
return httpexceptions.HTTPNotFound()
activation = Activation.get_by_code(code)
if activation is None:
return httpexceptions.HTTPNotFound()
user = User.get_by_activation(activation)
if user is None or user.id != id_:
return httpexceptions.HTTPNotFound()
# Activate the user (by deleting the activation)
self.request.db.delete(activation)
self.request.session.flash(
jinja2.Markup(
_(
"Your account has been activated! "
'You can now <a href="{url}">login</a> using the password you '
"provided."
).format(url=self.request.route_url("login"))
),
"success",
)
self.request.registry.notify(ActivationEvent(self.request, user))
return httpexceptions.HTTPFound(location=self.request.route_url("index"))
def activate(self):
"""
Handle a request for a user activation link.
Checks if the activation code passed is valid, and (as a safety check)
that it is an activation for the passed user id. If all is well,
activate the user and redirect them to the stream.
"""
code = self.request.matchdict.get('code')
id_ = self.request.matchdict.get('id')
if code is None or id_ is None:
return httpexceptions.HTTPNotFound()
try:
id_ = int(id_)
except ValueError:
return httpexceptions.HTTPNotFound()
activation = Activation.get_by_code(code)
if activation is None:
return httpexceptions.HTTPNotFound()
user = User.get_by_activation(activation)
if user is None or user.id != id_:
return httpexceptions.HTTPNotFound()
# Activate the user (by deleting the activation)
self.request.db.delete(activation)
self.request.session.flash(
jinja2.Markup(
_('Your account has been activated! '
'You can now <a href="{url}">login</a> using the password you '
'provided.').format(url=self.request.route_url('login'))),
'success')
self.request.registry.notify(ActivationEvent(self.request, user))
return httpexceptions.HTTPFound(
location=self.request.route_url('index'))
def register(self):
"""
Handle submission of the new user registration form.
Validates the form data, creates a new activation for the user, sends
the activation mail, and then redirects the user to the index.
"""
err, appstruct = validate_form(self.form, self.request.POST.items())
if err is not None:
return err
# Create the new user from selected form fields
props = {k: appstruct[k] for k in ['username', 'email', 'password']}
user = User(**props)
self.request.db.add(user)
# Create a new activation for the user
activation = Activation()
self.request.db.add(activation)
user.activation = activation
# Flush the session to ensure that the user can be created and the
# activation is successfully wired up
self.request.db.flush()
# Send the activation email
message = activation_email(self.request, user)
mailer = get_mailer(self.request)
mailer.send(message)
self.request.session.flash(
_("Thank you for registering! Please check "
"your e-mail now. You can continue by "
"clicking the activation link we have "
"sent you."), 'success')
self.request.registry.notify(RegistrationEvent(self.request, user))
return httpexceptions.HTTPFound(
location=self.request.route_url('index'))
def reset_password(self):
"""
Handle submission of the reset password form.
This function checks that the activation code (i.e. reset token)
provided by the form is valid, retrieves the user associated with the
activation code, and resets their password.
"""
schema = schemas.ResetPasswordSchema().bind(request=self.request)
form = deform.Form(schema)
code = self.request.matchdict.get('code')
if code is None:
return httpexceptions.HTTPNotFound()
activation = Activation.get_by_code(self.request, code)
if activation is None:
return httpexceptions.HTTPNotFound()
user = User.get_by_activation(self.request, activation)
if user is None:
return httpexceptions.HTTPNotFound()
if self.request.method != 'POST':
return httpexceptions.HTTPMethodNotAllowed()
err, appstruct = validate_form(form, self.request.POST.items())
if err is not None:
return err
user.password = appstruct['password']
db = get_session(self.request)
db.delete(activation)
self.request.session.flash(_('Your password has been reset!'),
'success')
self.request.registry.notify(PasswordResetEvent(self.request, user))
return httpexceptions.HTTPFound(location=self.reset_password_redirect)
def reset_password(self):
"""
Handle submission of the reset password form.
This function checks that the activation code (i.e. reset token)
provided by the form is valid, retrieves the user associated with the
activation code, and resets their password.
"""
schema = schemas.ResetPasswordSchema().bind(request=self.request)
form = deform.Form(schema)
code = self.request.matchdict.get('code')
if code is None:
return httpexceptions.HTTPNotFound()
activation = Activation.get_by_code(code)
if activation is None:
return httpexceptions.HTTPNotFound()
user = User.get_by_activation(activation)
if user is None:
return httpexceptions.HTTPNotFound()
if self.request.method != 'POST':
return httpexceptions.HTTPMethodNotAllowed()
err, appstruct = validate_form(form, self.request.POST.items())
if err is not None:
return err
user.password = appstruct['password']
self.request.db.delete(activation)
self.request.session.flash(_('Your password has been reset!'),
'success')
self.request.registry.notify(PasswordResetEvent(self.request, user))
return httpexceptions.HTTPFound(location=self.reset_password_redirect)
def activate(self):
"""
Handle a request for a user activation link.
Checks if the activation code passed is valid, and (as a safety check)
that it is an activation for the passed user id. If all is well,
activate the user and redirect them to the stream.
"""
code = self.request.matchdict.get('code')
id_ = self.request.matchdict.get('id')
if code is None or id_ is None:
return httpexceptions.HTTPNotFound()
try:
id_ = int(id_)
except ValueError:
return httpexceptions.HTTPNotFound()
activation = Activation.get_by_code(code)
if activation is None:
return httpexceptions.HTTPNotFound()
user = User.get_by_activation(activation)
if user is None or user.id != id_:
return httpexceptions.HTTPNotFound()
# Activate the user (by deleting the activation)
self.request.db.delete(activation)
self.request.session.flash(
_("Your e-mail address has been verified. "
"Thank you!"), 'success')
self.request.registry.notify(ActivationEvent(self.request, user))
return httpexceptions.HTTPFound(
location=self.request.route_url('index'))