From: Michael Tremer Date: Sun, 18 Nov 2018 14:47:17 +0000 (+0000) Subject: people: Add account activation handler X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d8a15b2e570ebb98268d2ca5cf538b5a78bc35c5;p=ipfire.org.git people: Add account activation handler Signed-off-by: Michael Tremer --- diff --git a/Makefile.am b/Makefile.am index e08b5b39..263bc9ee 100644 --- a/Makefile.am +++ b/Makefile.am @@ -106,6 +106,7 @@ templates_DATA = \ templatesdir = $(datadir)/templates templates_auth_DATA = \ + src/templates/auth/activate.html \ src/templates/auth/login.html \ src/templates/auth/register.html \ src/templates/auth/register-success.html diff --git a/src/templates/auth/activate.html b/src/templates/auth/activate.html new file mode 100644 index 00000000..4a88d584 --- /dev/null +++ b/src/templates/auth/activate.html @@ -0,0 +1,21 @@ +{% extends "../base.html" %} + +{% block title %}{{ _("Activate Your Account") }}{% end block %} + +{% block content %} +
+
+
{{ _("Activate Your Account") }}
+ +
+ {% raw xsrf_form_html() %} + + {% module Password(account) %} + + +
+
+
+{% end block %} diff --git a/src/web/__init__.py b/src/web/__init__.py index e4855b4f..504b8a46 100644 --- a/src/web/__init__.py +++ b/src/web/__init__.py @@ -265,6 +265,7 @@ class Application(tornado.web.Application): # people.ipfire.org self.add_handlers(r"people(\.dev)?\.ipfire\.org", [ (r"/", people.IndexHandler), + (r"/activate/(\w+)/(\w+)", auth.ActivateHandler), (r"/conferences", people.ConferencesHandler), (r"/register", auth.RegisterHandler), (r"/search", people.SearchHandler), diff --git a/src/web/auth.py b/src/web/auth.py index eaaec463..14ae0d21 100644 --- a/src/web/auth.py +++ b/src/web/auth.py @@ -6,7 +6,7 @@ import tornado.web from . import base class AuthenticationMixin(object): - def login(self, username, password): + def authenticate(self, username, password): # Find account account = self.backend.accounts.find_account(username) if not account: @@ -16,6 +16,9 @@ class AuthenticationMixin(object): if not account.check_password(password): raise tornado.web.HTTPError(401, "Invalid password for %s" % account) + return self.login(account) + + def login(self, account): # User has logged in, create a session session_id, session_expires = self.backend.accounts.create_session( account, self.request.host) @@ -51,7 +54,7 @@ class LoginHandler(AuthenticationMixin, base.BaseHandler): password = self.get_argument("password") with self.db.transaction(): - self.login(username, password) + self.authenticate(username, password) # Determine the page we should redirect to next = self.get_argument("next", None) @@ -89,6 +92,41 @@ class RegisterHandler(base.BaseHandler): self.render("auth/register-success.html") +class ActivateHandler(AuthenticationMixin, base.BaseHandler): + def get(self, uid, activation_code): + # Fetch the account + account = self.backend.accounts.get_by_uid(uid) + if not account: + raise tornado.web.HTTPError(400, "Account not found: %s" % uid) + + # Validate activation code + if not account.check_password(activation_code): + raise tornado.web.HTTPError(400, "Activation code did not match: %s" % activation_code) + + self.render("auth/activate.html", account=account) + + def post(self, uid, activation_code): + password = self.get_argument("password1") + + # Fetch the account + account = self.backend.accounts.get_by_uid(uid) + if not account: + raise tornado.web.HTTPError(404, "Account not found: %s" % uid) + + # Validate activation code + if not account.check_password(activation_code): + raise tornado.web.HTTPError(403, "Activation code did not match: %s" % activation_code) + + # Set the new password + account.passwd(password) + + # Create session + self.login(account) + + # Redirect to main page + self.redirect("/") + + class CacheMixin(object): def prepare(self): # Mark this as private when someone is logged in