From 32581c0621eb06a60a949528fa9ce558ad4281a6 Mon Sep 17 00:00:00 2001 From: yackob03 Date: Fri, 27 Sep 2013 19:55:04 -0400 Subject: [PATCH] Handle the confirmation codes to validate user emails. --- data/database.py | 9 ++++----- data/model.py | 15 ++++++++++++++- endpoints/web.py | 20 +++++++++++++------- util/email.py | 2 +- 4 files changed, 32 insertions(+), 14 deletions(-) diff --git a/data/database.py b/data/database.py index 50ca6055a..e4c276c03 100644 --- a/data/database.py +++ b/data/database.py @@ -18,9 +18,7 @@ class User(BaseModel): username = CharField(unique=True) password_hash = CharField() email = CharField(unique=True) - - # TODO move this to False and require email verification - verified = BooleanField(default=True) + verified = BooleanField(default=False) class Visibility(BaseModel): @@ -67,7 +65,7 @@ class AccessToken(BaseModel): class EmailConfirmation(BaseModel): - code = CharField(default=random_string_generator()) + code = CharField(default=random_string_generator(), unique=True) user = ForeignKeyField(User) pw_reset = BooleanField(default=False) email_confirm = BooleanField(default=False) @@ -101,7 +99,8 @@ class RepositoryTag(BaseModel): def initialize_db(): create_model_tables([User, Repository, Image, AccessToken, Role, - RepositoryPermission, Visibility, RepositoryTag]) + RepositoryPermission, Visibility, RepositoryTag, + EmailConfirmation]) Role.create(name='admin') Role.create(name='write') Role.create(name='read') diff --git a/data/model.py b/data/model.py index 4c64699be..69cc79dbc 100644 --- a/data/model.py +++ b/data/model.py @@ -34,10 +34,23 @@ def create_user(username, password, email): def create_confirm_email_code(user): - code = EmailConfirmation(user=user, email_confirm=True) + code = EmailConfirmation.create(user=user, email_confirm=True) return code +def confirm_user_email(code): + code = EmailConfirmation.get(EmailConfirmation.code == code, + EmailConfirmation.email_confirm == True) + + user = code.user + user.verified = True + user.save() + + code.delete_instance() + + return user + + def get_user(username): try: return User.get(User.username == username) diff --git a/endpoints/web.py b/endpoints/web.py index c2a549b5d..ca4f07c91 100644 --- a/endpoints/web.py +++ b/endpoints/web.py @@ -36,6 +36,12 @@ def index(): return send_file('templates/index.html') +def common_login(db_user): + logger.debug('Successfully signed in as: %s' % db_user.username) + login_user(_LoginWrappedDBUser(db_user)) + identity_changed.send(app, identity=Identity(db_user.username, 'username')) + + @app.route('/signin', methods=['POST']) def signin(): username = request.form['username'] @@ -44,12 +50,7 @@ def signin(): #TODO Allow email login verified = model.verify_user(username, password) if verified: - logger.debug('Successfully signed in as: %s' % username) - - login_user(_LoginWrappedDBUser(verified)) - - identity_changed.send(app, identity=Identity(verified.username, - 'username')) + common_login(verified) return redirect(request.args.get('next') or url_for('index')) @@ -58,7 +59,12 @@ def signin(): @app.route('/confirm', methods=['GET']) def confirm_email(): - pass + code = request.values['code'] + user = model.confirm_user_email(code) + + common_login(user) + + return redirect(url_for('index')) @app.route('/reset', methods=['GET']) diff --git a/util/email.py b/util/email.py index 2d7dc950e..fcc069409 100644 --- a/util/email.py +++ b/util/email.py @@ -8,7 +8,7 @@ This email address was recently used to register the username '%s' at Quay.io.

To confirm this email address, please click the following link:
-http://quay.io/confirm?token=%s +http://quay.io/confirm?code=%s """