diff options
Diffstat (limited to 'mediagoblin/auth')
| -rw-r--r-- | mediagoblin/auth/forms.py | 10 | ||||
| -rw-r--r-- | mediagoblin/auth/lib.py | 10 | ||||
| -rw-r--r-- | mediagoblin/auth/routing.py | 3 | ||||
| -rw-r--r-- | mediagoblin/auth/views.py | 56 |
4 files changed, 59 insertions, 20 deletions
diff --git a/mediagoblin/auth/forms.py b/mediagoblin/auth/forms.py index 6339b4a3..dcb6766c 100644 --- a/mediagoblin/auth/forms.py +++ b/mediagoblin/auth/forms.py @@ -17,7 +17,7 @@ import wtforms import re -from mediagoblin.util import fake_ugettext_passthrough as _ +from mediagoblin.tools.translate import fake_ugettext_passthrough as _ class RegistrationForm(wtforms.Form): @@ -59,9 +59,10 @@ class ForgotPassForm(wtforms.Form): 'Username or email', [wtforms.validators.Required()]) - def validate_username(form,field): - if not (re.match(r'^\w+$',field.data) or - re.match(r'^.+@[^.].*\.[a-z]{2,10}$',field.data, re.IGNORECASE)): + def validate_username(form, field): + if not (re.match(r'^\w+$', field.data) or + re.match(r'^.+@[^.].*\.[a-z]{2,10}$', field.data, + re.IGNORECASE)): raise wtforms.ValidationError(u'Incorrect input') @@ -82,4 +83,3 @@ class ChangePassForm(wtforms.Form): token = wtforms.HiddenField( '', [wtforms.validators.Required()]) - diff --git a/mediagoblin/auth/lib.py b/mediagoblin/auth/lib.py index d7d351a5..cf4a2b83 100644 --- a/mediagoblin/auth/lib.py +++ b/mediagoblin/auth/lib.py @@ -19,7 +19,8 @@ import random import bcrypt -from mediagoblin.util import send_email, render_template +from mediagoblin.tools.mail import send_email +from mediagoblin.tools.template import render_template from mediagoblin import mg_globals @@ -93,6 +94,7 @@ EMAIL_VERIFICATION_TEMPLATE = ( u"http://{host}{uri}?" u"userid={userid}&token={verification_key}") + def send_verification_email(user, request): """ Send the verification email to users to activate their accounts. @@ -107,7 +109,7 @@ def send_verification_email(user, request): 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format( host=request.host, uri=request.urlgen('mediagoblin.auth.verify_email'), - userid=unicode(user['_id']), + userid=unicode(user._id), verification_key=user['verification_key'])}) # TODO: There is no error handling in place @@ -127,6 +129,7 @@ EMAIL_FP_VERIFICATION_TEMPLATE = ( u"http://{host}{uri}?" u"userid={userid}&token={fp_verification_key}") + def send_fp_verification_email(user, request): """ Send the verification email to users to change their password. @@ -141,7 +144,7 @@ def send_fp_verification_email(user, request): 'verification_url': EMAIL_FP_VERIFICATION_TEMPLATE.format( host=request.host, uri=request.urlgen('mediagoblin.auth.verify_forgot_password'), - userid=unicode(user['_id']), + userid=unicode(user._id), fp_verification_key=user['fp_verification_key'])}) # TODO: There is no error handling in place @@ -150,4 +153,3 @@ def send_fp_verification_email(user, request): [user['email']], 'GNU MediaGoblin - Change forgotten password!', rendered_email) - diff --git a/mediagoblin/auth/routing.py b/mediagoblin/auth/routing.py index 912d89fa..365ccfaa 100644 --- a/mediagoblin/auth/routing.py +++ b/mediagoblin/auth/routing.py @@ -33,7 +33,8 @@ auth_routes = [ controller='mediagoblin.views:simple_template_render'), Route('mediagoblin.auth.forgot_password', '/forgot_password/', controller='mediagoblin.auth.views:forgot_password'), - Route('mediagoblin.auth.verify_forgot_password', '/forgot_password/verify/', + Route('mediagoblin.auth.verify_forgot_password', + '/forgot_password/verify/', controller='mediagoblin.auth.views:verify_forgot_password'), Route('mediagoblin.auth.fp_changed_success', '/forgot_password/changed_success/', diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py index f67f0588..d01861d1 100644 --- a/mediagoblin/auth/views.py +++ b/mediagoblin/auth/views.py @@ -21,8 +21,8 @@ from webob import exc from mediagoblin import messages from mediagoblin import mg_globals -from mediagoblin.util import render_to_response, redirect, render_404 -from mediagoblin.util import pass_to_ugettext as _ +from mediagoblin.tools.response import render_to_response, redirect, render_404 +from mediagoblin.tools.translate import pass_to_ugettext as _ from mediagoblin.db.util import ObjectId, InvalidId from mediagoblin.auth import lib as auth_lib from mediagoblin.auth import forms as auth_forms @@ -30,6 +30,19 @@ from mediagoblin.auth.lib import send_verification_email, \ send_fp_verification_email +def email_debug_message(request): + """ + If the server is running in email debug mode (which is + the current default), give a debug message to the user + so that they have an idea where to find their email. + """ + if mg_globals.app_config['email_debug_mode']: + # DEBUG message, no need to translate + messages.add_message(request, messages.DEBUG, + u"This instance is running in email debug mode. " + u"The email will be on the console of the server process.") + + def register(request): """ Your classic registration view! @@ -61,7 +74,7 @@ def register(request): extra_validation_passes = False if users_with_email: register_form.email.errors.append( - _(u'Sorry, that email address has already been taken.')) + _(u'Sorry, a user with that email address already exists.')) extra_validation_passes = False if extra_validation_passes: @@ -74,10 +87,11 @@ def register(request): user.save(validate=True) # log the user in - request.session['user_id'] = unicode(user['_id']) + request.session['user_id'] = unicode(user._id) request.session.save() # send verification email + email_debug_message(request) send_verification_email(user, request) # redirect the user to their homepage... there will be a @@ -108,7 +122,7 @@ def login(request): if user and user.check_login(request.POST['password']): # set up login in session - request.session['user_id'] = unicode(user['_id']) + request.session['user_id'] = unicode(user._id) request.session.save() if request.POST.get('next'): @@ -146,7 +160,7 @@ def verify_email(request): you are lucky :) """ # If we don't have userid and token parameters, we can't do anything; 404 - if not request.GET.has_key('userid') or not request.GET.has_key('token'): + if not 'userid' in request.GET or not 'token' in request.GET: return render_404(request) user = request.db.User.find_one( @@ -181,9 +195,27 @@ def resend_activation(request): Resend the activation email. """ + + if request.user is None: + messages.add_message( + request, + messages.ERROR, + _('You must be logged in so we know who to send the email to!')) + + return redirect(request, 'mediagoblin.auth.login') + + if request.user["email_verified"]: + messages.add_message( + request, + messages.ERROR, + _("You've already verified your email address!")) + + return redirect(request, "mediagoblin.user_pages.user_home", user=request.user['username']) + request.user[u'verification_key'] = unicode(uuid.uuid4()) request.user.save() - + + email_debug_message(request) send_verification_email(request.user, request) messages.add_message( @@ -204,6 +236,11 @@ def forgot_password(request): fp_form = auth_forms.ForgotPassForm(request.POST) if request.method == 'POST' and fp_form.validate(): + + # Here, so it doesn't depend on the actual mail being sent + # and thus doesn't reveal, wether mail was sent. + email_debug_message(request) + # '$or' not available till mongodb 1.5.3 user = request.db.User.find_one( {'username': request.POST['username']}) @@ -233,8 +270,7 @@ def forgot_password(request): request, 'mediagoblin.user_pages.user_home', user=user['username']) - - # do not reveal whether or not there is a matching user, just move along + # do not reveal whether or not there is a matching user return redirect(request, 'mediagoblin.auth.fp_email_sent') return render_to_response( @@ -308,6 +344,6 @@ def _process_for_token(request): formdata = { 'vars': formdata_vars, 'has_userid_and_token': - formdata_vars.has_key('userid') and formdata_vars.has_key('token')} + 'userid' in formdata_vars and 'token' in formdata_vars} return formdata |