people: Add account activation handler

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/Makefile.am b/Makefile.am
index e08b5b397390743795b0ee99c3b57f082839cdf3..263bc9eefef77e5105d7f932ec4dfd76aa184297 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -106,6 +106,7 @@ templates_DATA = \
 templatesdir = $(datadir)/templates
 
 templates_auth_DATA = \
+       src/templates/auth/activate.html \
        src/templates/auth/login.html \
        src/templates/auth/register.html \
        src/templates/auth/register-success.html

diff --git a/src/templates/auth/activate.html b/src/templates/auth/activate.html
new file mode 100644 (file)
index 0000000..4a88d58
--- /dev/null
+++ b/src/templates/auth/activate.html
@@ -0,0 +1,21 @@
+{% extends "../base.html" %}
+
+{% block title %}{{ _("Activate Your Account") }}{% end block %}
+
+{% block content %}
+       <div class="row justify-content-center my-5">
+               <div class="col col-md-4">
+                       <h5 class=" mb-4">{{ _("Activate Your Account") }}</h5>
+
+                       <form action="" method="POST">
+                               {% raw xsrf_form_html() %}
+
+                               {% module Password(account) %}
+
+                               <button type="submit" class="btn btn-primary btn-block">
+                                       {{ _("Activate Account") }}
+                               </button>
+                       </form>
+               </div>
+       </div>
+{% end block %}

diff --git a/src/web/__init__.py b/src/web/__init__.py
index e4855b4fbd93f28e8c133d437dff3ecad5607ece..504b8a46bcbda2d9a8905eb793709b93550eb3db 100644 (file)
--- a/src/web/__init__.py
+++ b/src/web/__init__.py
@@ -265,6 +265,7 @@ class Application(tornado.web.Application):
                # people.ipfire.org
                self.add_handlers(r"people(\.dev)?\.ipfire\.org", [
                        (r"/", people.IndexHandler),
+                       (r"/activate/(\w+)/(\w+)", auth.ActivateHandler),
                        (r"/conferences", people.ConferencesHandler),
                        (r"/register", auth.RegisterHandler),
                        (r"/search", people.SearchHandler),

diff --git a/src/web/auth.py b/src/web/auth.py
index eaaec4631bec407702671ecbea38b8a091cf1995..14ae0d213a205623690d1c38b9279c51d72e45dd 100644 (file)
--- a/src/web/auth.py
+++ b/src/web/auth.py
@@ -6,7 +6,7 @@ import tornado.web
 from . import base
 
 class AuthenticationMixin(object):
-       def login(self, username, password):
+       def authenticate(self, username, password):
                # Find account
                account = self.backend.accounts.find_account(username)
                if not account:
@@ -16,6 +16,9 @@ class AuthenticationMixin(object):
                if not account.check_password(password):
                        raise tornado.web.HTTPError(401, "Invalid password for %s" % account)
 
+               return self.login(account)
+
+       def login(self, account):
                # User has logged in, create a session
                session_id, session_expires = self.backend.accounts.create_session(
                        account, self.request.host)
@@ -51,7 +54,7 @@ class LoginHandler(AuthenticationMixin, base.BaseHandler):
                password = self.get_argument("password")
 
                with self.db.transaction():
-                       self.login(username, password)
+                       self.authenticate(username, password)
 
                # Determine the page we should redirect to
                next = self.get_argument("next", None)
@@ -89,6 +92,41 @@ class RegisterHandler(base.BaseHandler):
                self.render("auth/register-success.html")
 
 
+class ActivateHandler(AuthenticationMixin, base.BaseHandler):
+       def get(self, uid, activation_code):
+               # Fetch the account
+               account = self.backend.accounts.get_by_uid(uid)
+               if not account:
+                       raise tornado.web.HTTPError(400, "Account not found: %s" % uid)
+
+               # Validate activation code
+               if not account.check_password(activation_code):
+                       raise tornado.web.HTTPError(400, "Activation code did not match: %s" % activation_code)
+
+               self.render("auth/activate.html", account=account)
+
+       def post(self, uid, activation_code):
+               password = self.get_argument("password1")
+
+               # Fetch the account
+               account = self.backend.accounts.get_by_uid(uid)
+               if not account:
+                       raise tornado.web.HTTPError(404, "Account not found: %s" % uid)
+
+               # Validate activation code
+               if not account.check_password(activation_code):
+                       raise tornado.web.HTTPError(403, "Activation code did not match: %s" % activation_code)
+
+               # Set the new password
+               account.passwd(password)
+
+               # Create session
+               self.login(account)
+
+               # Redirect to main page
+               self.redirect("/")
+
+
 class CacheMixin(object):
        def prepare(self):
                # Mark this as private when someone is logged in