Fix #5398 and #5395 - Fix tests failing due to problem creating connection for alembic
[larjonas-mediagoblin.git] / mediagoblin / auth / views.py
blob03a46f7b5944c8e907b110b2a94ffc0e864bf718
1 # GNU MediaGoblin -- federated, autonomous media hosting
2 # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU Affero General Public License for more details.
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17 import six
19 from itsdangerous import BadSignature
21 from mediagoblin import messages, mg_globals
22 from mediagoblin.db.models import User, Privilege
23 from mediagoblin.tools.crypto import get_timed_signer_url
24 from mediagoblin.decorators import auth_enabled, allow_registration
25 from mediagoblin.tools.response import render_to_response, redirect, render_404
26 from mediagoblin.tools.translate import pass_to_ugettext as _
27 from mediagoblin.tools.mail import email_debug_message
28 from mediagoblin.tools.pluginapi import hook_handle
29 from mediagoblin.auth.tools import (send_verification_email, register_user,
30 check_login_simple)
33 @allow_registration
34 @auth_enabled
35 def register(request):
36 """The registration view.
38 Note that usernames will always be lowercased. Email domains are lowercased while
39 the first part remains case-sensitive.
40 """
41 if 'pass_auth' not in request.template_env.globals:
42 redirect_name = hook_handle('auth_no_pass_redirect')
43 if redirect_name:
44 return redirect(request, 'mediagoblin.plugins.{0}.register'.format(
45 redirect_name))
46 else:
47 return redirect(request, 'index')
49 register_form = hook_handle("auth_get_registration_form", request)
51 if request.method == 'POST' and register_form.validate():
52 # TODO: Make sure the user doesn't exist already
53 user = register_user(request, register_form)
55 if user:
56 # redirect the user to their homepage... there will be a
57 # message waiting for them to verify their email
58 return redirect(
59 request, 'mediagoblin.user_pages.user_home',
60 user=user.username)
62 return render_to_response(
63 request,
64 'mediagoblin/auth/register.html',
65 {'register_form': register_form,
66 'post_url': request.urlgen('mediagoblin.auth.register')})
69 @auth_enabled
70 def login(request):
71 """
72 MediaGoblin login view.
74 If you provide the POST with 'next', it'll redirect to that view.
75 """
76 if 'pass_auth' not in request.template_env.globals:
77 redirect_name = hook_handle('auth_no_pass_redirect')
78 if redirect_name:
79 return redirect(request, 'mediagoblin.plugins.{0}.login'.format(
80 redirect_name))
81 else:
82 return redirect(request, 'index')
84 login_form = hook_handle("auth_get_login_form", request)
86 login_failed = False
88 if request.method == 'POST':
90 if login_form.validate():
91 user = check_login_simple(
92 login_form.username.data,
93 login_form.password.data)
95 if user:
96 # set up login in session
97 if login_form.stay_logged_in.data:
98 request.session['stay_logged_in'] = True
99 request.session['user_id'] = six.text_type(user.id)
100 request.session.save()
102 if request.form.get('next'):
103 return redirect(request, location=request.form['next'])
104 else:
105 return redirect(request, "index")
107 login_failed = True
109 return render_to_response(
110 request,
111 'mediagoblin/auth/login.html',
112 {'login_form': login_form,
113 'next': request.GET.get('next') or request.form.get('next'),
114 'login_failed': login_failed,
115 'post_url': request.urlgen('mediagoblin.auth.login'),
116 'allow_registration': mg_globals.app_config["allow_registration"]})
119 def logout(request):
120 # Maybe deleting the user_id parameter would be enough?
121 request.session.delete()
123 return redirect(request, "index")
126 def verify_email(request):
128 Email verification view
130 validates GET parameters against database and unlocks the user account, if
131 you are lucky :)
133 # If we don't have userid and token parameters, we can't do anything; 404
134 if not 'token' in request.GET:
135 return render_404(request)
137 # Catch error if token is faked or expired
138 try:
139 token = get_timed_signer_url("mail_verification_token") \
140 .loads(request.GET['token'], max_age=10*24*3600)
141 except BadSignature:
142 messages.add_message(
143 request,
144 messages.ERROR,
145 _('The verification key or user id is incorrect.'))
147 return redirect(
148 request,
149 'index')
151 user = User.query.filter_by(id=int(token)).first()
153 if user and user.has_privilege(u'active') is False:
154 user.verification_key = None
155 user.all_privileges.append(
156 Privilege.query.filter(
157 Privilege.privilege_name==u'active').first())
159 user.save()
161 messages.add_message(
162 request,
163 messages.SUCCESS,
164 _("Your email address has been verified. "
165 "You may now login, edit your profile, and submit images!"))
166 else:
167 messages.add_message(
168 request,
169 messages.ERROR,
170 _('The verification key or user id is incorrect'))
172 return redirect(
173 request, 'mediagoblin.user_pages.user_home',
174 user=user.username)
177 def resend_activation(request):
179 The reactivation view
181 Resend the activation email.
184 if request.user is None:
185 messages.add_message(
186 request,
187 messages.ERROR,
188 _('You must be logged in so we know who to send the email to!'))
190 return redirect(request, 'mediagoblin.auth.login')
192 if request.user.has_privilege(u'active'):
193 messages.add_message(
194 request,
195 messages.ERROR,
196 _("You've already verified your email address!"))
198 return redirect(request, "mediagoblin.user_pages.user_home", user=request.user['username'])
200 email_debug_message(request)
201 send_verification_email(request.user, request)
203 messages.add_message(
204 request,
205 messages.INFO,
206 _('Resent your verification email.'))
207 return redirect(
208 request, 'mediagoblin.user_pages.user_home',
209 user=request.user.username)