diff options
| author | Christopher Allan Webber <cwebber@dustycloud.org> | 2011-09-07 23:45:14 -0500 |
|---|---|---|
| committer | Christopher Allan Webber <cwebber@dustycloud.org> | 2011-09-07 23:45:14 -0500 |
| commit | a85a21103bb5e3d4b5a6e454cce1d2011372c867 (patch) | |
| tree | ba2f74e3521090f629fa70741cb9b35bda4dd5ed | |
| parent | 73fffbb8b0b37d642f7dc996bbec8fdf7d4e3e8b (diff) | |
| download | mediagoblin-a85a21103bb5e3d4b5a6e454cce1d2011372c867.tar.lz mediagoblin-a85a21103bb5e3d4b5a6e454cce1d2011372c867.tar.xz mediagoblin-a85a21103bb5e3d4b5a6e454cce1d2011372c867.zip | |
If the user hasn't verified their email or account inactive give a special warning
| -rw-r--r-- | mediagoblin/auth/views.py | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py index dd693892..1c010372 100644 --- a/mediagoblin/auth/views.py +++ b/mediagoblin/auth/views.py @@ -208,12 +208,27 @@ def forgot_password(request): {'email': request.POST['username']}) if user: - user['fp_verification_key'] = unicode(uuid.uuid4()) - user['fp_token_expire'] = datetime.datetime.now() + \ - datetime.timedelta(days=10) - user.save() + if user['email_verified'] and user['status'] == 'active': + user['fp_verification_key'] = unicode(uuid.uuid4()) + user['fp_token_expire'] = datetime.datetime.now() + \ + datetime.timedelta(days=10) + user.save() + + send_fp_verification_email(user, request) + else: + # special case... we can't send the email because the + # username is inactive / hasn't verified their email + messages.add_message( + request, + messages.WARNING, + _("Could not send password recovery email as " + "your username is inactive or your account's " + "email address has not been verified.")) + + return redirect( + request, 'mediagoblin.user_pages.user_home', + user=user['username']) - send_fp_verification_email(user, request) # do not reveal whether or not there is a matching user, just move along return redirect(request, 'mediagoblin.auth.fp_email_sent') @@ -244,7 +259,8 @@ def verify_forgot_password(request): # check if we have a real user and correct token if ((user and user['fp_verification_key'] and user['fp_verification_key'] == unicode(session_token) and - datetime.datetime.now() < user['fp_token_expire'])): + datetime.datetime.now() < user['fp_token_expire'] + and user['email_verified'] and user['status'] == 'active')): cp_form = auth_forms.ChangePassForm(session_vars) |