--- /dev/null
+{% extends "../base.html" %}
+
+{% block title %}{{ _("Activate Your Account") }}{% end block %}
+
+{% block content %}
+ <div class="row justify-content-center my-5">
+ <div class="col col-md-4">
+ <h5 class=" mb-4">{{ _("Activate Your Account") }}</h5>
+
+ <form action="" method="POST">
+ {% raw xsrf_form_html() %}
+
+ {% module Password(account) %}
+
+ <button type="submit" class="btn btn-primary btn-block">
+ {{ _("Activate Account") }}
+ </button>
+ </form>
+ </div>
+ </div>
+{% end block %}
# people.ipfire.org
self.add_handlers(r"people(\.dev)?\.ipfire\.org", [
(r"/", people.IndexHandler),
+ (r"/activate/(\w+)/(\w+)", auth.ActivateHandler),
(r"/conferences", people.ConferencesHandler),
(r"/register", auth.RegisterHandler),
(r"/search", people.SearchHandler),
from . import base
class AuthenticationMixin(object):
- def login(self, username, password):
+ def authenticate(self, username, password):
# Find account
account = self.backend.accounts.find_account(username)
if not account:
if not account.check_password(password):
raise tornado.web.HTTPError(401, "Invalid password for %s" % account)
+ return self.login(account)
+
+ def login(self, account):
# User has logged in, create a session
session_id, session_expires = self.backend.accounts.create_session(
account, self.request.host)
password = self.get_argument("password")
with self.db.transaction():
- self.login(username, password)
+ self.authenticate(username, password)
# Determine the page we should redirect to
next = self.get_argument("next", None)
self.render("auth/register-success.html")
+class ActivateHandler(AuthenticationMixin, base.BaseHandler):
+ def get(self, uid, activation_code):
+ # Fetch the account
+ account = self.backend.accounts.get_by_uid(uid)
+ if not account:
+ raise tornado.web.HTTPError(400, "Account not found: %s" % uid)
+
+ # Validate activation code
+ if not account.check_password(activation_code):
+ raise tornado.web.HTTPError(400, "Activation code did not match: %s" % activation_code)
+
+ self.render("auth/activate.html", account=account)
+
+ def post(self, uid, activation_code):
+ password = self.get_argument("password1")
+
+ # Fetch the account
+ account = self.backend.accounts.get_by_uid(uid)
+ if not account:
+ raise tornado.web.HTTPError(404, "Account not found: %s" % uid)
+
+ # Validate activation code
+ if not account.check_password(activation_code):
+ raise tornado.web.HTTPError(403, "Activation code did not match: %s" % activation_code)
+
+ # Set the new password
+ account.passwd(password)
+
+ # Create session
+ self.login(account)
+
+ # Redirect to main page
+ self.redirect("/")
+
+
class CacheMixin(object):
def prepare(self):
# Mark this as private when someone is logged in