From db1a438f3e6f8c5c8cec20b9326a21baf4579306 Mon Sep 17 00:00:00 2001 From: Joar Wandborg Date: Tue, 3 May 2011 19:49:39 +0200 Subject: [PATCH 01/10] Added functionality to support user email verification, email = TBD, verification = done. Signed-off-by: Joar Wandborg --- mediagoblin/auth/routing.py | 4 ++- mediagoblin/auth/views.py | 23 +++++++++++++++ mediagoblin/models.py | 7 +++-- .../mediagoblin/auth/verify_email.html | 28 +++++++++++++++++++ 4 files changed, 58 insertions(+), 4 deletions(-) create mode 100644 mediagoblin/templates/mediagoblin/auth/verify_email.html diff --git a/mediagoblin/auth/routing.py b/mediagoblin/auth/routing.py index 92f19371..59762840 100644 --- a/mediagoblin/auth/routing.py +++ b/mediagoblin/auth/routing.py @@ -24,4 +24,6 @@ auth_routes = [ Route('mediagoblin.auth.login', '/login/', controller='mediagoblin.auth.views:login'), Route('mediagoblin.auth.logout', '/logout/', - controller='mediagoblin.auth.views:logout')] + controller='mediagoblin.auth.views:logout'), + Route('mediagoblin.auth.verify_email', '/verify_email/', + controller='mediagoblin.auth.views:verify_email')] diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py index 15e33e17..dfb6899f 100644 --- a/mediagoblin/auth/views.py +++ b/mediagoblin/auth/views.py @@ -116,3 +116,26 @@ def logout(request): return exc.HTTPFound( location=request.urlgen("index")) + +def verify_email(request): + import bson.objectid + user = request.db.User.find_one( + {'_id': bson.objectid.ObjectId( unicode( request.GET.get('userid') ) )}) + + verification_successful = bool + + if user and user['verification_key'] == unicode( request.GET.get('token') ): + user['status'] = u'active' + user['email_verified'] = True + verification_successful = True + user.save() + else: + verification_successful = False + + template = request.template_env.get_template( + 'mediagoblin/auth/verify_email.html') + return Response( + template.render( + {'request': request, + 'user': user, + 'verification_successful': verification_successful})) diff --git a/mediagoblin/models.py b/mediagoblin/models.py index eef59ed4..62cab4a5 100644 --- a/mediagoblin/models.py +++ b/mediagoblin/models.py @@ -14,7 +14,7 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . -import datetime +import datetime, uuid from mongokit import Document, Set @@ -41,6 +41,7 @@ class User(Document): 'pw_hash': unicode, 'email_verified': bool, 'status': unicode, + 'verification_key': unicode } required_fields = ['username', 'created', 'pw_hash', 'email'] @@ -48,8 +49,8 @@ class User(Document): default_values = { 'created': datetime.datetime.utcnow, 'email_verified': False, - # TODO: shouldn't be active by default, must have email registration - 'status': u'active'} + 'status': u'needs_email_verification', + 'verification_key': unicode( uuid.uuid4() ) } def check_login(self, password): """ diff --git a/mediagoblin/templates/mediagoblin/auth/verify_email.html b/mediagoblin/templates/mediagoblin/auth/verify_email.html new file mode 100644 index 00000000..fe9094bd --- /dev/null +++ b/mediagoblin/templates/mediagoblin/auth/verify_email.html @@ -0,0 +1,28 @@ +{# +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011 Free Software Foundation, Inc +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +#} +{% extends "mediagoblin/base.html" %} + +{% block mediagoblin_content %} +

+ {% if verification_successful %} + Your email address has been verified! + {% else %} + The verification key or user id is incorrect + {% endif %} +

+{% endblock %} From 65f24846540052ec58174296190578a3323cac12 Mon Sep 17 00:00:00 2001 From: Joar Wandborg Date: Tue, 3 May 2011 20:03:54 +0200 Subject: [PATCH 02/10] Added server-log.txt to .gitignore Signed-off-by: Joar Wandborg --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index b9f1554e..6f6fc624 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ mediagoblin.egg-info *.pyo docs/_build/ user_dev/ +server-log.txt \ No newline at end of file From 67e63926f929cf7b6665fba00238fec227b5831e Mon Sep 17 00:00:00 2001 From: Joar Wandborg Date: Sat, 7 May 2011 00:55:32 +0200 Subject: [PATCH 03/10] Fixed bug in models.py:User that caused all users created by the same python process to have the same verification_key value Signed-off-by: Joar Wandborg --- mediagoblin/models.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mediagoblin/models.py b/mediagoblin/models.py index 62cab4a5..c361feac 100644 --- a/mediagoblin/models.py +++ b/mediagoblin/models.py @@ -50,7 +50,7 @@ class User(Document): 'created': datetime.datetime.utcnow, 'email_verified': False, 'status': u'needs_email_verification', - 'verification_key': unicode( uuid.uuid4() ) } + 'verification_key': uuid.uuid4 } def check_login(self, password): """ From 85e1bc316ec7010d06e95b35d3496ad3ecf7ef78 Mon Sep 17 00:00:00 2001 From: Joar Wandborg Date: Sat, 7 May 2011 00:57:39 +0200 Subject: [PATCH 04/10] mediagoblin.util.send_email now supports both list() and string() in the 'to_addrs' parameter Signed-off-by: Joar Wandborg --- mediagoblin/util.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mediagoblin/util.py b/mediagoblin/util.py index d24b59b6..0d8bcae2 100644 --- a/mediagoblin/util.py +++ b/mediagoblin/util.py @@ -163,7 +163,8 @@ def send_email(from_addr, to_addrs, subject, message_body): message = MIMEText(message_body.encode('utf-8'), 'plain', 'utf-8') message['Subject'] = subject message['From'] = from_addr - message['To'] = ', '.join(to_addrs) + # The shorthand condition takes height for the possibility that the to_addrs argument can be either list() or string() + message['To'] = ', '.join(to_addrs) if type( to_addrs ) == list else to_addrs if TESTS_ENABLED: EMAIL_TEST_INBOX.append(message) From b16ebe0e13247c94a3dc545761af395166956757 Mon Sep 17 00:00:00 2001 From: Joar Wandborg Date: Sat, 7 May 2011 02:30:35 +0200 Subject: [PATCH 05/10] Changed the method used to generate uuids for verification_key, this one works, thanks paroneayea Signed-off-by: Joar Wandborg --- mediagoblin/models.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mediagoblin/models.py b/mediagoblin/models.py index c361feac..e1198187 100644 --- a/mediagoblin/models.py +++ b/mediagoblin/models.py @@ -50,7 +50,7 @@ class User(Document): 'created': datetime.datetime.utcnow, 'email_verified': False, 'status': u'needs_email_verification', - 'verification_key': uuid.uuid4 } + 'verification_key': lambda: unicode( uuid.uuid4() ) } def check_login(self, password): """ From 5c42a82c5ad4fa410219084a6f43bdc414369114 Mon Sep 17 00:00:00 2001 From: Joar Wandborg Date: Sat, 7 May 2011 03:08:09 +0200 Subject: [PATCH 06/10] Added functionality to send out verification email upon successful registration Signed-off-by: Joar Wandborg --- mediagoblin/auth/views.py | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py index dfb6899f..79c09f5b 100644 --- a/mediagoblin/auth/views.py +++ b/mediagoblin/auth/views.py @@ -19,6 +19,7 @@ from webob import Response, exc from mediagoblin.auth import lib as auth_lib from mediagoblin.auth import forms as auth_forms +from mediagoblin.util import send_email def register(request): @@ -44,9 +45,28 @@ def register(request): entry['pw_hash'] = auth_lib.bcrypt_gen_password_hash( request.POST['password']) entry.save(validate=True) + + # TODO: Move this setting to a better place + EMAIL_SENDER_ADDRESS = 'mediagoblin@fakehost' - # TODO: Send email authentication request - + ''' TODO Index - Regarding sending of verification email + 1. There is no error handling in place + 2. Due to the distributed nature of GNU MediaGoblin, we should find a way to send some additional information about the specific GNU MediaGoblin instance in the subject line. For example "GNU MediaGoblin @ Wandborg - [...]". + 3. The verification link generation does not detect and adapt to access via the HTTPS protocol. + ''' + + # TODO (1) + send_email( + EMAIL_SENDER_ADDRESS, + entry['email'], + 'GNU MediaGoblin - Verify email', # TODO (2) + 'http://{host}{uri}?userid={userid}&token={verification_key}'.format( # TODO (3) + host = request.host, + uri = request.urlgen('mediagoblin.auth.verify_email'), + userid = unicode( entry['_id'] ), + verification_key = entry['verification_key'] + )) + # Redirect to register_success return exc.HTTPFound( location=request.urlgen("mediagoblin.auth.register_success")) From 4c093e85c7457e989b22b5274f240e3ccfdab210 Mon Sep 17 00:00:00 2001 From: Joar Wandborg Date: Sun, 8 May 2011 00:55:57 +0200 Subject: [PATCH 07/10] Made changes according to http://bugs.foocorp.net/issues/271#note-7 Signed-off-by: Joar Wandborg --- mediagoblin.ini | 1 + mediagoblin/app.py | 4 ++ mediagoblin/auth/views.py | 48 +++++++++++-------- mediagoblin/celery_setup/from_celery.py | 4 ++ .../mediagoblin/auth/verify_email.html | 4 +- mediagoblin/util.py | 3 +- 6 files changed, 41 insertions(+), 23 deletions(-) diff --git a/mediagoblin.ini b/mediagoblin.ini index c6dd4f76..a54eebd5 100644 --- a/mediagoblin.ini +++ b/mediagoblin.ini @@ -14,6 +14,7 @@ queuestore_base_dir = %(here)s/user_dev/media/queue publicstore_base_dir = %(here)s/user_dev/media/public publicstore_base_url = /mgoblin_media/ direct_remote_path = /mgoblin_static/ +email_sender_address = "notice@mediagoblin.org" ## Uncomment this to put some user-overriding templates here #local_templates = %(here)s/user_dev/templates/ diff --git a/mediagoblin/app.py b/mediagoblin/app.py index 59b943dd..ca3de6ca 100644 --- a/mediagoblin/app.py +++ b/mediagoblin/app.py @@ -36,6 +36,7 @@ class MediaGoblinApp(object): def __init__(self, connection, database_path, public_store, queue_store, staticdirector, + email_sender_address, user_template_path=None): # Get the template environment self.template_env = util.get_jinja_env(user_template_path) @@ -59,6 +60,7 @@ class MediaGoblinApp(object): # validators, etc, which might not access to the request # object. setup_globals( + email_sender_address=email_sender_address, db_connection=connection, database=self.db, public_store=self.public_store, @@ -139,6 +141,8 @@ def paste_app_factory(global_config, **app_config): connection, app_config.get('db_name', 'mediagoblin'), public_store=public_store, queue_store=queue_store, staticdirector=staticdirector, + email_sender_address=app_config.get('email_sender_address', + 'notice@medigoblin.org'), user_template_path=app_config.get('local_templates')) return mgoblin_app diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py index 79c09f5b..7468def0 100644 --- a/mediagoblin/auth/views.py +++ b/mediagoblin/auth/views.py @@ -20,6 +20,7 @@ from webob import Response, exc from mediagoblin.auth import lib as auth_lib from mediagoblin.auth import forms as auth_forms from mediagoblin.util import send_email +from mediagoblin import globals as mgoblin_globals def register(request): @@ -49,23 +50,26 @@ def register(request): # TODO: Move this setting to a better place EMAIL_SENDER_ADDRESS = 'mediagoblin@fakehost' - ''' TODO Index - Regarding sending of verification email - 1. There is no error handling in place - 2. Due to the distributed nature of GNU MediaGoblin, we should find a way to send some additional information about the specific GNU MediaGoblin instance in the subject line. For example "GNU MediaGoblin @ Wandborg - [...]". - 3. The verification link generation does not detect and adapt to access via the HTTPS protocol. - ''' - - # TODO (1) - send_email( - EMAIL_SENDER_ADDRESS, - entry['email'], - 'GNU MediaGoblin - Verify email', # TODO (2) - 'http://{host}{uri}?userid={userid}&token={verification_key}'.format( # TODO (3) - host = request.host, - uri = request.urlgen('mediagoblin.auth.verify_email'), - userid = unicode( entry['_id'] ), - verification_key = entry['verification_key'] - )) + email_template = request.template_env.get_template( + 'mediagoblin/auth/verification_email.txt') + + # TODO: There is no error handling in place + send_email( + mgoblin_globals.email_sender_address, + list(entry['email']), + # TODO + # Due to the distributed nature of GNU MediaGoblin, we should + # find a way to send some additional information about the + # specific GNU MediaGoblin instance in the subject line. For + # example "GNU MediaGoblin @ Wandborg - [...]". + 'GNU MediaGoblin - Verify email', + email_template.render( + username=entry['username'], + verification_url='http://{host}{uri}?userid={userid}&token={verification_key}'.format( + host=request.host, + uri=request.urlgen('mediagoblin.auth.verify_email'), + userid=unicode(entry['_id']), + verification_key=entry['verification_key']))) # Redirect to register_success return exc.HTTPFound( @@ -138,13 +142,19 @@ def logout(request): location=request.urlgen("index")) def verify_email(request): + """ + Email verification view + + validates GET parameters against database and unlocks the user account, if + you are lucky :) + """ import bson.objectid user = request.db.User.find_one( - {'_id': bson.objectid.ObjectId( unicode( request.GET.get('userid') ) )}) + {'_id': bson.objectid.ObjectId(unicode(request.GET.get('userid')))}) verification_successful = bool - if user and user['verification_key'] == unicode( request.GET.get('token') ): + if user and user['verification_key'] == unicode(request.GET.get('token')): user['status'] = u'active' user['email_verified'] = True verification_successful = True diff --git a/mediagoblin/celery_setup/from_celery.py b/mediagoblin/celery_setup/from_celery.py index 9bd7fe07..387538e6 100644 --- a/mediagoblin/celery_setup/from_celery.py +++ b/mediagoblin/celery_setup/from_celery.py @@ -22,6 +22,7 @@ from paste.deploy.loadwsgi import NicerConfigParser from mediagoblin import storage, models from mediagoblin.celery_setup import setup_celery_from_config from mediagoblin.globals import setup_globals +from mediagoblin import globals as mgoblin_globals OUR_MODULENAME = 'mediagoblin.celery_setup.from_celery' @@ -81,6 +82,9 @@ def setup_self(setup_globals_func=setup_globals): db_connection=connection, database=db, public_store=public_store, + email_sender_address=mgoblin_section.get( + 'email_sender_address', + 'notice@mediagoblin.org'), queue_store=queue_store) diff --git a/mediagoblin/templates/mediagoblin/auth/verify_email.html b/mediagoblin/templates/mediagoblin/auth/verify_email.html index fe9094bd..b6e6d1f8 100644 --- a/mediagoblin/templates/mediagoblin/auth/verify_email.html +++ b/mediagoblin/templates/mediagoblin/auth/verify_email.html @@ -20,9 +20,9 @@ {% block mediagoblin_content %}

{% if verification_successful %} - Your email address has been verified! + Your email address has been verified! {% else %} - The verification key or user id is incorrect + The verification key or user id is incorrect {% endif %}

{% endblock %} diff --git a/mediagoblin/util.py b/mediagoblin/util.py index 0d8bcae2..d24b59b6 100644 --- a/mediagoblin/util.py +++ b/mediagoblin/util.py @@ -163,8 +163,7 @@ def send_email(from_addr, to_addrs, subject, message_body): message = MIMEText(message_body.encode('utf-8'), 'plain', 'utf-8') message['Subject'] = subject message['From'] = from_addr - # The shorthand condition takes height for the possibility that the to_addrs argument can be either list() or string() - message['To'] = ', '.join(to_addrs) if type( to_addrs ) == list else to_addrs + message['To'] = ', '.join(to_addrs) if TESTS_ENABLED: EMAIL_TEST_INBOX.append(message) From 4942b63711e53162a0ae5e7e5fdfd902df4e5e66 Mon Sep 17 00:00:00 2001 From: Joar Wandborg Date: Sun, 8 May 2011 01:58:58 +0200 Subject: [PATCH 08/10] Removed unused variable Signed-off-by: Joar Wandborg --- mediagoblin/auth/views.py | 3 --- 1 file changed, 3 deletions(-) diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py index 7468def0..3ef1e75f 100644 --- a/mediagoblin/auth/views.py +++ b/mediagoblin/auth/views.py @@ -47,9 +47,6 @@ def register(request): request.POST['password']) entry.save(validate=True) - # TODO: Move this setting to a better place - EMAIL_SENDER_ADDRESS = 'mediagoblin@fakehost' - email_template = request.template_env.get_template( 'mediagoblin/auth/verification_email.txt') From 07a3a69cd476ac8844f96d5edb916d652bb91e42 Mon Sep 17 00:00:00 2001 From: Joar Wandborg Date: Sun, 8 May 2011 02:01:26 +0200 Subject: [PATCH 09/10] Added verification email template Signed-off-by: Joar Wandborg --- .../mediagoblin/auth/verification_email.txt | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 mediagoblin/templates/mediagoblin/auth/verification_email.txt diff --git a/mediagoblin/templates/mediagoblin/auth/verification_email.txt b/mediagoblin/templates/mediagoblin/auth/verification_email.txt new file mode 100644 index 00000000..ce0629eb --- /dev/null +++ b/mediagoblin/templates/mediagoblin/auth/verification_email.txt @@ -0,0 +1,22 @@ +{# +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011 Free Software Foundation, Inc +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +#} +Hi {{ username }}, + +to activate your GNU MediaGoblin account, open the following URL in your web browser + +{{ verification_url }} From 8a6a81bcaa557f1d7ceebea8b372be7cc3423ca2 Mon Sep 17 00:00:00 2001 From: Joar Wandborg Date: Sun, 8 May 2011 02:03:11 +0200 Subject: [PATCH 10/10] Updated default sender address Signed-off-by: Joar Wandborg --- mediagoblin.ini | 2 +- mediagoblin/app.py | 2 +- mediagoblin/celery_setup/from_celery.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mediagoblin.ini b/mediagoblin.ini index a54eebd5..951971a9 100644 --- a/mediagoblin.ini +++ b/mediagoblin.ini @@ -14,7 +14,7 @@ queuestore_base_dir = %(here)s/user_dev/media/queue publicstore_base_dir = %(here)s/user_dev/media/public publicstore_base_url = /mgoblin_media/ direct_remote_path = /mgoblin_static/ -email_sender_address = "notice@mediagoblin.org" +email_sender_address = "notice@mediagoblin.example.org" ## Uncomment this to put some user-overriding templates here #local_templates = %(here)s/user_dev/templates/ diff --git a/mediagoblin/app.py b/mediagoblin/app.py index ca3de6ca..ad9e77df 100644 --- a/mediagoblin/app.py +++ b/mediagoblin/app.py @@ -142,7 +142,7 @@ def paste_app_factory(global_config, **app_config): public_store=public_store, queue_store=queue_store, staticdirector=staticdirector, email_sender_address=app_config.get('email_sender_address', - 'notice@medigoblin.org'), + 'notice@mediagoblin.example.org'), user_template_path=app_config.get('local_templates')) return mgoblin_app diff --git a/mediagoblin/celery_setup/from_celery.py b/mediagoblin/celery_setup/from_celery.py index 387538e6..218ebfeb 100644 --- a/mediagoblin/celery_setup/from_celery.py +++ b/mediagoblin/celery_setup/from_celery.py @@ -84,7 +84,7 @@ def setup_self(setup_globals_func=setup_globals): public_store=public_store, email_sender_address=mgoblin_section.get( 'email_sender_address', - 'notice@mediagoblin.org'), + 'notice@mediagoblin.example.org'), queue_store=queue_store)