heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added support for user to change email address

Browse Source
This commit is contained in:
Rodney Ewing 2013-05-21 16:21:33 -07:00
parent b75eb88fab
commit 89e1563f68
6 changed files with 150 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
mediagoblin/auth/lib.py
View File

@ -95,7 +95,8 @@ EMAIL_VERIFICATION_TEMPLATE = (
u"userid={userid}&token={verification_key}") u"userid={userid}&token={verification_key}")
def send_verification_email(user, request): def send_verification_email(user, request, email=None,
rendered_email=None):
""" """
Send the verification email to users to activate their accounts. Send the verification email to users to activate their accounts.
@ -103,19 +104,23 @@ def send_verification_email(user, request):
- user: a user object - user: a user object
- request: the request - request: the request
""" """
rendered_email = render_template( if not email:
request, 'mediagoblin/auth/verification_email.txt', email = user.email
{'username': user.username,
'verification_url': EMAIL_VERIFICATION_TEMPLATE.format( if not rendered_email:
host=request.host, rendered_email = render_template(
uri=request.urlgen('mediagoblin.auth.verify_email'), request, 'mediagoblin/auth/verification_email.txt',
userid=unicode(user.id), {'username': user.username,
verification_key=user.verification_key)}) 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
host=request.host,
uri=request.urlgen('mediagoblin.auth.verify_email'),
userid=unicode(user.id),
verification_key=user.verification_key)})
# TODO: There is no error handling in place # TODO: There is no error handling in place
send_email( send_email(
mg_globals.app_config['email_sender_address'], mg_globals.app_config['email_sender_address'],
[user.email], [email],
# TODO # TODO
# Due to the distributed nature of GNU MediaGoblin, we should # Due to the distributed nature of GNU MediaGoblin, we should
# find a way to send some additional information about the # find a way to send some additional information about the

14
mediagoblin/edit/forms.py
View File

@ -16,9 +16,11 @@
import wtforms import wtforms
from mediagoblin.tools.text import tag_length_validator, TOO_LONG_TAG_WARNING from mediagoblin.tools.text import tag_length_validator
from mediagoblin.tools.translate import lazy_pass_to_ugettext as _ from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
from mediagoblin.tools.licenses import licenses_as_choices from mediagoblin.tools.licenses import licenses_as_choices
from mediagoblin.auth.forms import normalize_user_or_email_field
class EditForm(wtforms.Form): class EditForm(wtforms.Form):
title = wtforms.TextField( title = wtforms.TextField(
@ -59,6 +61,16 @@ class EditProfileForm(wtforms.Form):
class EditAccountForm(wtforms.Form): class EditAccountForm(wtforms.Form):
new_email = wtforms.TextField(
_('New email address'),
[wtforms.validators.Optional(),
normalize_user_or_email_field(allow_user=False)])
password = wtforms.PasswordField(
_('Password'),
[wtforms.validators.Optional(),
wtforms.validators.Length(min=5, max=1024)],
description=_(
'Enter your old password to prove you own this account.'))
license_preference = wtforms.SelectField( license_preference = wtforms.SelectField(
_('License preference'), _('License preference'),
[ [

2
mediagoblin/edit/routing.py
View File

@ -26,3 +26,5 @@ add_route('mediagoblin.edit.delete_account', '/edit/account/delete/',
'mediagoblin.edit.views:delete_account') 'mediagoblin.edit.views:delete_account')
add_route('mediagoblin.edit.pass', '/edit/password/', add_route('mediagoblin.edit.pass', '/edit/password/',
'mediagoblin.edit.views:change_pass') 'mediagoblin.edit.views:change_pass')
add_route('mediagoblin.edit.verify_email', '/edit/verify_email',
'mediagoblin.edit.views:verify_email')

105
mediagoblin/edit/views.py
View File

@ -23,18 +23,22 @@ from mediagoblin import messages
from mediagoblin import mg_globals from mediagoblin import mg_globals
from mediagoblin.auth import lib as auth_lib from mediagoblin.auth import lib as auth_lib
from mediagoblin.auth.views import email_debug_message
from mediagoblin.edit import forms from mediagoblin.edit import forms
from mediagoblin.edit.lib import may_edit_media from mediagoblin.edit.lib import may_edit_media
from mediagoblin.decorators import (require_active_login, active_user_from_url, from mediagoblin.decorators import (require_active_login, active_user_from_url,
get_media_entry_by_id, get_media_entry_by_id, user_may_alter_collection,
user_may_alter_collection, get_user_collection) get_user_collection)
from mediagoblin.tools.response import render_to_response, \ from mediagoblin.tools.crypto import get_timed_signer_url
redirect, redirect_obj from mediagoblin.tools.response import (render_to_response,
redirect, redirect_obj, render_404)
from mediagoblin.tools.translate import pass_to_ugettext as _ from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.tools.template import render_template
from mediagoblin.tools.text import ( from mediagoblin.tools.text import (
convert_to_tag_list_of_dicts, media_tags_as_string) convert_to_tag_list_of_dicts, media_tags_as_string)
from mediagoblin.tools.url import slugify from mediagoblin.tools.url import slugify
from mediagoblin.db.util import check_media_slug_used, check_collection_slug_used from mediagoblin.db.util import check_media_slug_used, check_collection_slug_used
from mediagoblin.db.models import User
import mimetypes import mimetypes
@ -212,6 +216,10 @@ def edit_profile(request, url_user=None):
{'user': user, {'user': user,
'form': form}) 'form': form})
EMAIL_VERIFICATION_TEMPLATE = (
u'{uri}?'
u'token={verification_key}')
@require_active_login @require_active_login
def edit_account(request): def edit_account(request):
@ -220,27 +228,57 @@ def edit_account(request):
wants_comment_notification=user.wants_comment_notification, wants_comment_notification=user.wants_comment_notification,
license_preference=user.license_preference) license_preference=user.license_preference)
if request.method == 'POST': if request.method == 'POST' and form.validate():
form_validated = form.validate() if form.wants_comment_notification.validate(form):
if form_validated and \
form.wants_comment_notification.validate(form):
user.wants_comment_notification = \ user.wants_comment_notification = \
form.wants_comment_notification.data form.wants_comment_notification.data
if form_validated and \ if form.license_preference.validate(form):
form.license_preference.validate(form):
user.license_preference = \ user.license_preference = \
form.license_preference.data form.license_preference.data
if form_validated and not form.errors: if form.new_email.data:
if not form.password.data:
form.password.errors.append(
_('This field is required.'))
elif not auth_lib.bcrypt_check_password(
form.password.data, user.pw_hash):
form.password.errors.append(
_('Wrong password.'))
else:
new_email = form.new_email.data
users_with_email = User.query.filter_by(
email=new_email).count()
if users_with_email:
form.new_email.errors.append(
_('Sorry, a user with that email address'
' already exists.'))
else:
verification_key = get_timed_signer_url(
'mail_verification_token').dumps({
'user': user.id,
'email': new_email})
rendered_email = render_template(
request, 'mediagoblin/edit/verification.txt',
{'username': user.username,
'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
uri=request.urlgen('mediagoblin.edit.verify_email',
qualified=True),
verification_key=verification_key)})
email_debug_message(request)
auth_lib.send_verification_email(user, request, new_email,
rendered_email)
if not form.errors:
user.save() user.save()
messages.add_message(request, messages.add_message(request,
messages.SUCCESS, messages.SUCCESS,
_("Account settings saved")) _("Account settings saved"))
return redirect(request, return redirect(request,
'mediagoblin.user_pages.user_home', 'mediagoblin.user_pages.user_home',
user=user.username) user=user.username)
return render_to_response( return render_to_response(
request, request,
@ -369,3 +407,38 @@ def change_pass(request):
'mediagoblin/edit/change_pass.html', 'mediagoblin/edit/change_pass.html',
{'form': form, {'form': form,
'user': user}) 'user': user})
def verify_email(request):
"""
Email verification view for changing email address
"""
# If no token, we can't do anything
if not 'token' in request.GET:
return render_404(request)
# This throws an error, if the thing is faked or expired
# should be catched, probably.
token = get_timed_signer_url("mail_verification_token") \
.loads(request.GET['token'], max_age=10*24*3600)
user = User.query.filter_by(id=int(token['user'])).first()
if user:
user.email = token['email']
user.save()
messages.add_message(
request,
messages.SUCCESS,
_('Your email address has been verified.'))
else:
messages.add_message(
request,
messages.ERROR,
_('The verification key or user id is incorrect.'))
return redirect(
request, 'mediagoblin.user_pages.user_home',
user=user.username)

2
mediagoblin/templates/mediagoblin/edit/edit_account.html
View File

@ -46,6 +46,8 @@
{% trans %}Change your password.{% endtrans %} {% trans %}Change your password.{% endtrans %}
</a> </a>
</p> </p>
{{ wtforms_util.render_field_div(form.new_email) }}
{{ wtforms_util.render_field_div(form.password) }}
<div class="form_field_input"> <div class="form_field_input">
<p>{{ form.wants_comment_notification }} <p>{{ form.wants_comment_notification }}
{{ wtforms_util.render_label(form.wants_comment_notification) }}</p> {{ wtforms_util.render_label(form.wants_comment_notification) }}</p>

29
mediagoblin/templates/mediagoblin/edit/verification.txt Normal file
View File

@ -0,0 +1,29 @@
{#
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#}
{% trans username=username, verification_url=verification_url|safe -%}
Hi,
We wanted to verify that you are {{ username }}. If this is the case, then
please follow the link below to verify your new email address.
{{ verification_url }}
If you are not {{ username }} or didn't request an email change, you can ignore
this email.
{%- endtrans %}