aboutsummaryrefslogtreecommitdiffstats
path: root/mediagoblin/auth/lib.py
diff options
context:
space:
mode:
Diffstat (limited to 'mediagoblin/auth/lib.py')
-rw-r--r--mediagoblin/auth/lib.py15
1 files changed, 9 insertions, 6 deletions
diff --git a/mediagoblin/auth/lib.py b/mediagoblin/auth/lib.py
index bfc36b28..0810bd1b 100644
--- a/mediagoblin/auth/lib.py
+++ b/mediagoblin/auth/lib.py
@@ -20,6 +20,7 @@ import bcrypt
from mediagoblin.tools.mail import send_email
from mediagoblin.tools.template import render_template
+from mediagoblin.tools.crypto import get_timed_signer_url
from mediagoblin import mg_globals
@@ -91,8 +92,8 @@ def fake_login_attempt():
EMAIL_FP_VERIFICATION_TEMPLATE = (
- u"http://{host}{uri}?"
- u"userid={userid}&token={fp_verification_key}")
+ u"{uri}?"
+ u"token={fp_verification_key}")
def send_fp_verification_email(user, request):
@@ -103,14 +104,16 @@ def send_fp_verification_email(user, request):
- user: a user object
- request: the request
"""
+ fp_verification_key = get_timed_signer_url('mail_verification_token') \
+ .dumps(user.id)
+
rendered_email = render_template(
request, 'mediagoblin/auth/fp_verification_email.txt',
{'username': user.username,
'verification_url': EMAIL_FP_VERIFICATION_TEMPLATE.format(
- host=request.host,
- uri=request.urlgen('mediagoblin.auth.verify_forgot_password'),
- userid=unicode(user.id),
- fp_verification_key=user.fp_verification_key)})
+ uri=request.urlgen('mediagoblin.auth.verify_forgot_password',
+ qualified=True),
+ fp_verification_key=fp_verification_key)})
# TODO: There is no error handling in place
send_email(
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-07 20:46:01 +0000