From 342f06f7bd40ee47a48562b42006225e93f0c386 Mon Sep 17 00:00:00 2001
From: Rodney Ewing <ewing.rj@gmail.com>
Date: Wed, 22 May 2013 14:51:30 -0700
Subject: modified verification emails to use itsdangerous tokens

---
 mediagoblin/auth/tools.py | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'mediagoblin/auth/tools.py')

diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py
index d86235b1..d17ee4e6 100644
--- a/mediagoblin/auth/tools.py
+++ b/mediagoblin/auth/tools.py
@@ -62,8 +62,8 @@ def normalize_user_or_email_field(allow_email=True, allow_user=True):
 
 
 EMAIL_VERIFICATION_TEMPLATE = (
-    u"http://{host}{uri}?"
-    u"userid={userid}&token={verification_key}")
+    u"{uri}?"
+    u"token={verification_key}")
 
 
 def send_verification_email(user, request, email=None,
@@ -79,14 +79,15 @@ def send_verification_email(user, request, email=None,
         email = user.email
 
     if not rendered_email:
+        verification_key = get_timed_signer_url('mail_verification_token') \
+                .dumps(user.id)
         rendered_email = render_template(
             request, 'mediagoblin/auth/verification_email.txt',
             {'username': user.username,
             'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
-                    host=request.host,
-                    uri=request.urlgen('mediagoblin.auth.verify_email'),
-                    userid=unicode(user.id),
-                    verification_key=user.verification_key)})
+                    uri=request.urlgen('mediagoblin.auth.verify_email',
+                                       qualified=True),
+                    verification_key=verification_key)})
 
     # TODO: There is no error handling in place
     send_email(
-- 
cgit v1.2.3


From 69b888c22c326b1e69ee8e050a415561b6ca6aac Mon Sep 17 00:00:00 2001
From: Rodney Ewing <ewing.rj@gmail.com>
Date: Tue, 28 May 2013 10:43:57 -0700
Subject: cleanup after merge

---
 mediagoblin/auth/tools.py | 1 +
 1 file changed, 1 insertion(+)

(limited to 'mediagoblin/auth/tools.py')

diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py
index d17ee4e6..c45944d3 100644
--- a/mediagoblin/auth/tools.py
+++ b/mediagoblin/auth/tools.py
@@ -22,6 +22,7 @@ from sqlalchemy import or_
 
 from mediagoblin import mg_globals
 from mediagoblin.auth import lib as auth_lib
+from mediagoblin.tools.crypto import get_timed_signer_url
 from mediagoblin.db.models import User
 from mediagoblin.tools.mail import (normalize_email, send_email,
                                     email_debug_message)
-- 
cgit v1.2.3