Add controller to generate signin link

emails/signin_link.spt

@@ -0,0 +1,15 @@
+{{ _("Sign in to Gratipay") }}
+
+[---] text/html
+{{ _( "Click the button below to sign in to Gratipay. "
+      "This link will expire in 1 hour and can only be used once.") }}
+<br>
+<br>
+<a href="{{ signin_link }}" style="{{ button_style }}">{{ _("Sign in to Gratipay") }}</a>
+
+[---] text/plain
+
+{{ _( "Click the link below to sign in to Gratipay. "
+      "This link will expire in 1 hour and can only be used once.") }}
+
+{{ signin_link }}

tests/py/test_www_email_auth.py

@@ -0,0 +1,42 @@
+# -*- coding: utf-8 -*-
+from __future__ import absolute_import, division, print_function, unicode_literals
+
+import json
+
+from gratipay.testing import Harness
+from gratipay.testing.email import QueuedEmailHarness
+
+
+class TestSendLink(Harness):
+    def test_returns_json(self):
+        self.make_participant('alice', email_address='[email protected]')
+        response = self.client.POST('/auth/email/send_link.json', {'email_address': '[email protected]'})
+
+        message = json.loads(response.body)['message']
+        assert message == "We've sent you a link to sign in. Please check your inbox."
+
+    def test_only_allows_post(self):
+        response = self.client.GxT('/auth/email/send_link.json')
+
+        assert response.code == 405
+
+    def test_400_for_no_email_address_parameter(self):
+        response = self.client.PxST('/auth/email/send_link.json')
+
+        assert response.code == 400
+
+    def test_400_for_invalid_email(self):
+        response = self.client.PxST('/auth/email/send_link.json', {'email_address': '[email protected]'})
+
+        # TODO: Change this when signup links are supported
+
+        assert response.code == 400
+
+class TestSendLinkEmail(QueuedEmailHarness):
+    def test_sends_email(self):
+        self.make_participant('alice', email_address='[email protected]')
+        self.client.POST('/auth/email/send_link.json', {'email_address': '[email protected]'})
+
+        assert self.get_last_email()['to'] == 'alice <[email protected]>'
+        assert 'Click the link below to sign in to Gratipay' in self.get_last_email()['body_text']
+        assert 'Click the button below to sign in to Gratipay' in self.get_last_email()['body_html']

www/auth/email/send_link.json.spt

@@ -0,0 +1,39 @@
+from aspen import Response
+
+from gratipay.models.participant import Participant
+from gratipay.security.authentication.email import create_signin_nonce
+from gratipay.utils import encode_for_querystring
+
+[---]
+
+request.allow("POST")
+
+if "email_address" not in request.body:
+    raise Response(400, "no 'email_address' in body")
+
+email_address = request.body["email_address"]
+
+participant = Participant.from_email(email_address)
+
+if participant:
+    nonce = create_signin_nonce(website.db, email_address)
+
+    # TODO: Catch throttled!
+
+    encoded_email = encode_for_querystring(email_address)
+
+    signin_link = "%s/auth/email/verify.html?nonce=%s&email=%s" % (website.base_url, nonce, encoded_email)
+    website.app.email_queue.put( participant
+                               , "signin_link"
+                               , _user_initiated=True
+                               , include_unsubscribe=False
+                               , email=email_address
+                               , signin_link=signin_link
+                                )
+    message = _("We've sent you a link to sign in. Please check your inbox.")
+else:
+    # TODO: Create sign-up link!
+    raise Response(400, "no participant exists by this address")
+
+[---] application/json via json_dump
+{"message": message}