From abf636e8bbb36e205b5b4d18535cbc3fc349a682 Mon Sep 17 00:00:00 2001 From: "Matthew R. Laue" Date: Sun, 14 Jul 2013 12:21:18 -0700 Subject: [PATCH] Enable the email_validate option. When the email_validate option is set to 'true', user records are created with active = 'N' and an email is sent to the user to ensure the address is valid. --- apex/forms.py | 9 ++++++++- apex/views.py | 30 +++++++++++++++++++++++------- 2 files changed, 31 insertions(+), 8 deletions(-) diff --git a/apex/forms.py b/apex/forms.py index 21ccb32..251cec0 100755 --- a/apex/forms.py +++ b/apex/forms.py @@ -9,6 +9,7 @@ from pyramid.security import authenticated_userid from pyramid.threadlocal import (get_current_registry, get_current_request) +from pyramid.settings import asbool from apex.models import (AuthGroup, AuthID, @@ -35,10 +36,16 @@ def validate_login(form, field): def create_user(self, login): group = self.request.registry.settings.get('apex.default_user_group', None) + if asbool(apex.lib.libapex.apex_settings('email_validate')): + activate='Y' + else: + activate='N' + user = apex.lib.libapex.create_user(username=login, password=self.data['password'], email=self.data['email'], - group=group) + group=group, + activate=activate) return user def save(self): diff --git a/apex/views.py b/apex/views.py index 313bf7a..be71ba2 100755 --- a/apex/views.py +++ b/apex/views.py @@ -18,7 +18,9 @@ from apex import MessageFactory as _ from apex.lib.db import merge_session_with_post + from apex.lib.libapex import (apex_email_forgot, + apex_email_activate, apex_id_from_token, apex_id_providers, apex_remember, @@ -37,7 +39,6 @@ ResetPasswordForm, LoginForm) - def login(request): """ login(request) No return value @@ -195,7 +196,7 @@ def activate(request): """ """ user_id = request.matchdict.get('user_id') - user = AuthID.get_by_id(user_id) + user = AuthUser.get_by_id(user_id) submitted_hmac = request.matchdict.get('hmac') current_time = time.time() time_key = int(base64.b64decode(submitted_hmac[10:])) @@ -208,8 +209,11 @@ def activate(request): DBSession.merge(user) DBSession.flush() flash(_('Account activated. Please log in.')) - return HTTPFound(location=route_url('apex_login', \ - request)) + activated_route = apex_settings('activated_route') + if not activated_route: + activated_route = 'apex_login' + return HTTPFound(location=route_url(activated_route, request)) + flash(_('Invalid request, please try again')) return HTTPFound(location=route_url(apex_settings('came_from_route'), \ request)) @@ -244,10 +248,22 @@ def register(request): form = None if request.method == 'POST' and form.validate(): - user = form.save() + if not asbool(apex_settings('email_validate')): + user = form.save() + headers = apex_remember(request, user.id) + return HTTPFound(location=came_from, headers=headers) - headers = apex_remember(request, user) - return HTTPFound(location=came_from, headers=headers) + # email activation required. + user = form.save() + timestamp = time.time()+3600 + key = '%s:%s:%d' % (str(user.id), \ + apex_settings('auth_secret'), timestamp) + hmac_key = hmac.new(key, user.email).hexdigest()[0:10] + time_key = base64.urlsafe_b64encode('%d' % timestamp) + email_hash = '%s%s' % (hmac_key, time_key) + apex_email_activate(request, user.id, user.email, email_hash) + flash(_('Account activation email sent.')) + return HTTPFound(location=route_url('apex_login', request)) return {'title': title, 'form': form, 'velruse_forms': velruse_forms, \ 'action': 'register'}