Changeset 76ebb1b in OpenWorkouts-current for ow/views

Timestamp:

Feb 18, 2019, 12:54:45 PM (5 years ago)

Author:

Borja Lopez <borja@…>

Branches:

current, feature/docs, master

Children:

4af38e8

Parents:

d6da99e

Message:

(#29) Add user verification by email on signup.

From now on, when a new user signs up, we set the account into an "unverified"
state. In order to complete the signup procedure, the user has to click on a
link we send by email to the email address provided on signup.

IMPORTANT: A new dependency has been added, pyramid_mailer, so remember to
install it in any existing openworkouts environment (this is done automatically
if you use the ./bin/start script):

pip install pyramid_mailer

File:

• ow/views/user.py (modified) (4 diffs)

ow/views/user.py

@@ -22 +22 @@
 from ..models.root import OpenWorkouts
 from ..views.renderers import OWFormRenderer
-from ..utilities import timedelta_to_hms
+from ..utilities import timedelta_to_hms, get_verification_token
+from ..mail import send_verification_email
 
 _ = TranslationStringFactory('OpenWorkouts')
@@ -59 +60 @@
         user = context.get_user_by_email(email)
         if user:
-            password = request.POST.get('password', None)
-            if password is not None and user.check_password(password):
-                headers = remember(request, str(user.uid))
-                redirect_url = return_to or request.resource_url(user)
-                return HTTPFound(location=redirect_url, headers=headers)
+            if user.verified:
+                password = request.POST.get('password', None)
+                if password is not None and user.check_password(password):
+                    headers = remember(request, str(user.uid))
+                    redirect_url = return_to or request.resource_url(user)
+                    return HTTPFound(location=redirect_url, headers=headers)
+                else:
+                    message = _('Wrong password')
             else:
-                message = _('Wrong password')
+                message = _('You have to verify your account first')
         else:
             message = _('Wrong email address')
@@ -94 +98 @@
     if 'submit' in request.POST and form.validate():
         user = form.bind(User(), exclude=['password_confirm'])
+        user.verified = False
+        user.verification_token = get_verification_token()
         context.add_user(user)
+        # send a verification link to the user email address
+        send_verification_email(request, user)
         # Send to login
         return HTTPFound(location=request.resource_url(context))
@@ -101 +109 @@
         'form': OWFormRenderer(form)
     }
+
+
+@view_config(
+    context=User,
+    name="verify",
+    renderer='ow:templates/verify.pt')
+def verify(context, request):
+    redirect_url = request.resource_url(context)
+
+    # user has been verified already, send to dashboard
+    if getattr(context, 'verified', False):
+        return HTTPFound(location=redirect_url)
+
+    # Look for a verification token, then check if we can verify the user with
+    # that token
+    verified = len(request.subpath) > 0
+    token = getattr(context, 'verification_token', False)
+    verified = verified and token and str(token) == request.subpath[0]
+    if verified:
+        # verified, log in automatically and send to the dashboard
+        context.verified = True
+        headers = remember(request, str(context.uid))
+        return HTTPFound(location=redirect_url, headers=headers)
+
+    # if we can not verify the user, show a page with some info about it
+    return {}