diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | mediagoblin/auth/routing.py | 4 | ||||
| -rw-r--r-- | mediagoblin/auth/views.py | 49 | ||||
| -rw-r--r-- | mediagoblin/models.py | 7 | ||||
| -rw-r--r-- | mediagoblin/templates/mediagoblin/auth/verify_email.html | 28 | ||||
| -rw-r--r-- | mediagoblin/util.py | 3 |
6 files changed, 84 insertions, 8 deletions
@@ -10,3 +10,4 @@ mediagoblin.egg-info *.pyo docs/_build/ user_dev/ +server-log.txt
\ No newline at end of file diff --git a/mediagoblin/auth/routing.py b/mediagoblin/auth/routing.py index 92f19371..59762840 100644 --- a/mediagoblin/auth/routing.py +++ b/mediagoblin/auth/routing.py @@ -24,4 +24,6 @@ auth_routes = [ Route('mediagoblin.auth.login', '/login/', controller='mediagoblin.auth.views:login'), Route('mediagoblin.auth.logout', '/logout/', - controller='mediagoblin.auth.views:logout')] + controller='mediagoblin.auth.views:logout'), + Route('mediagoblin.auth.verify_email', '/verify_email/', + controller='mediagoblin.auth.views:verify_email')] diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py index 15e33e17..79c09f5b 100644 --- a/mediagoblin/auth/views.py +++ b/mediagoblin/auth/views.py @@ -19,6 +19,7 @@ from webob import Response, exc from mediagoblin.auth import lib as auth_lib from mediagoblin.auth import forms as auth_forms +from mediagoblin.util import send_email def register(request): @@ -44,9 +45,28 @@ def register(request): entry['pw_hash'] = auth_lib.bcrypt_gen_password_hash( request.POST['password']) entry.save(validate=True) - - # TODO: Send email authentication request - + + # TODO: Move this setting to a better place + EMAIL_SENDER_ADDRESS = 'mediagoblin@fakehost' + + ''' TODO Index - Regarding sending of verification email + 1. There is no error handling in place + 2. Due to the distributed nature of GNU MediaGoblin, we should find a way to send some additional information about the specific GNU MediaGoblin instance in the subject line. For example "GNU MediaGoblin @ Wandborg - [...]". + 3. The verification link generation does not detect and adapt to access via the HTTPS protocol. + ''' + + # TODO (1) + send_email( + EMAIL_SENDER_ADDRESS, + entry['email'], + 'GNU MediaGoblin - Verify email', # TODO (2) + 'http://{host}{uri}?userid={userid}&token={verification_key}'.format( # TODO (3) + host = request.host, + uri = request.urlgen('mediagoblin.auth.verify_email'), + userid = unicode( entry['_id'] ), + verification_key = entry['verification_key'] + )) + # Redirect to register_success return exc.HTTPFound( location=request.urlgen("mediagoblin.auth.register_success")) @@ -116,3 +136,26 @@ def logout(request): return exc.HTTPFound( location=request.urlgen("index")) + +def verify_email(request): + import bson.objectid + user = request.db.User.find_one( + {'_id': bson.objectid.ObjectId( unicode( request.GET.get('userid') ) )}) + + verification_successful = bool + + if user and user['verification_key'] == unicode( request.GET.get('token') ): + user['status'] = u'active' + user['email_verified'] = True + verification_successful = True + user.save() + else: + verification_successful = False + + template = request.template_env.get_template( + 'mediagoblin/auth/verify_email.html') + return Response( + template.render( + {'request': request, + 'user': user, + 'verification_successful': verification_successful})) diff --git a/mediagoblin/models.py b/mediagoblin/models.py index cd6a28cc..69b1f4f0 100644 --- a/mediagoblin/models.py +++ b/mediagoblin/models.py @@ -14,7 +14,7 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. -import datetime +import datetime, uuid from mongokit import Document, Set @@ -41,6 +41,7 @@ class User(Document): 'pw_hash': unicode, 'email_verified': bool, 'status': unicode, + 'verification_key': unicode } required_fields = ['username', 'created', 'pw_hash', 'email'] @@ -48,8 +49,8 @@ class User(Document): default_values = { 'created': datetime.datetime.utcnow, 'email_verified': False, - # TODO: shouldn't be active by default, must have email registration - 'status': u'active'} + 'status': u'needs_email_verification', + 'verification_key': lambda: unicode( uuid.uuid4() ) } def check_login(self, password): """ diff --git a/mediagoblin/templates/mediagoblin/auth/verify_email.html b/mediagoblin/templates/mediagoblin/auth/verify_email.html new file mode 100644 index 00000000..fe9094bd --- /dev/null +++ b/mediagoblin/templates/mediagoblin/auth/verify_email.html @@ -0,0 +1,28 @@ +{# +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011 Free Software Foundation, Inc +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +#} +{% extends "mediagoblin/base.html" %} + +{% block mediagoblin_content %} +<p> + {% if verification_successful %} + Your email address has been verified! + {% else %} + The verification key or user id is incorrect + {% endif %} +</p> +{% endblock %} diff --git a/mediagoblin/util.py b/mediagoblin/util.py index d24b59b6..0d8bcae2 100644 --- a/mediagoblin/util.py +++ b/mediagoblin/util.py @@ -163,7 +163,8 @@ def send_email(from_addr, to_addrs, subject, message_body): message = MIMEText(message_body.encode('utf-8'), 'plain', 'utf-8') message['Subject'] = subject message['From'] = from_addr - message['To'] = ', '.join(to_addrs) + # The shorthand condition takes height for the possibility that the to_addrs argument can be either list() or string() + message['To'] = ', '.join(to_addrs) if type( to_addrs ) == list else to_addrs if TESTS_ENABLED: EMAIL_TEST_INBOX.append(message) |