Handle the confirmation codes to validate user emails.

data/database.py

@@ -18,9 +18,7 @@ class User(BaseModel):
   username = CharField(unique=True)
   password_hash = CharField()
   email = CharField(unique=True)
-
+  verified = BooleanField(default=False)
-  # TODO move this to False and require email verification
-  verified = BooleanField(default=True)
 
 
 class Visibility(BaseModel):
@@ -67,7 +65,7 @@ class AccessToken(BaseModel):
 
 
 class EmailConfirmation(BaseModel):
-  code = CharField(default=random_string_generator())
+  code = CharField(default=random_string_generator(), unique=True)
   user = ForeignKeyField(User)
   pw_reset = BooleanField(default=False)
   email_confirm = BooleanField(default=False)
@@ -101,7 +99,8 @@ class RepositoryTag(BaseModel):
 
 def initialize_db():
   create_model_tables([User, Repository, Image, AccessToken, Role,
-                       RepositoryPermission, Visibility, RepositoryTag])
+                       RepositoryPermission, Visibility, RepositoryTag,
+                       EmailConfirmation])
   Role.create(name='admin')
   Role.create(name='write')
   Role.create(name='read')

data/model.py

@@ -34,10 +34,23 @@ def create_user(username, password, email):
 
 
 def create_confirm_email_code(user):
-  code = EmailConfirmation(user=user, email_confirm=True)
+  code = EmailConfirmation.create(user=user, email_confirm=True)
   return code
 
 
+def confirm_user_email(code):
+  code = EmailConfirmation.get(EmailConfirmation.code == code,
+                               EmailConfirmation.email_confirm == True)
+
+  user = code.user
+  user.verified = True
+  user.save()
+
+  code.delete_instance()
+
+  return user
+
+
 def get_user(username):
   try:
     return User.get(User.username == username)

endpoints/web.py

@@ -36,6 +36,12 @@ def index():
   return send_file('templates/index.html')
 
 
+def common_login(db_user):
+  logger.debug('Successfully signed in as: %s' % db_user.username)
+  login_user(_LoginWrappedDBUser(db_user))
+  identity_changed.send(app, identity=Identity(db_user.username, 'username'))
+
+
 @app.route('/signin', methods=['POST'])
 def signin():
   username = request.form['username']
@@ -44,12 +50,7 @@ def signin():
   #TODO Allow email login
   verified = model.verify_user(username, password)
   if verified:
-    logger.debug('Successfully signed in as: %s' % username)
+    common_login(verified)
-
-    login_user(_LoginWrappedDBUser(verified))
-
-    identity_changed.send(app, identity=Identity(verified.username,
-                                                 'username'))
 
     return redirect(request.args.get('next') or url_for('index'))
 
@@ -58,7 +59,12 @@ def signin():
 
 @app.route('/confirm', methods=['GET'])
 def confirm_email():
-  pass
+  code = request.values['code']
+  user = model.confirm_user_email(code)
+
+  common_login(user)
+
+  return redirect(url_for('index'))
 
 
 @app.route('/reset', methods=['GET'])

util/email.py

@@ -8,7 +8,7 @@ This email address was recently used to register the username '%s'
 at <a href="http://quay.io">Quay.io</a>.<br>
 <br>
 To confirm this email address, please click the following link:<br>
-<a href="http://quay.io/confirm?token=%s">http://quay.io/confirm?token=%s</a>
+<a href="http://quay.io/confirm?code=%s">http://quay.io/confirm?code=%s</a>
 """