Skip to content
This repository has been archived by the owner on Feb 8, 2018. It is now read-only.

Commit

Permalink
Add controller to handle verification
Browse files Browse the repository at this point in the history
  • Loading branch information
rohitpaulk committed Jul 11, 2017
1 parent 45fd40a commit 9be01a3
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 0 deletions.
6 changes: 6 additions & 0 deletions gratipay/security/user.py
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,12 @@ def from_id(cls, userid):
"""
return cls(Participant.from_id(userid))

@classmethod
def from_email(cls, email):
"""Find a participant based on id and return a User.
"""
return cls(Participant.from_email(email))

@classmethod
def from_username(cls, username):
"""Find a participant based on username and return a User.
Expand Down
48 changes: 48 additions & 0 deletions www/auth/email/verify.html.spt
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
from aspen import Response

from gratipay.security.authentication.email import verify_nonce, invalidate_nonce
from gratipay.security.authentication.email import NONCE_VALID, NONCE_INVALID, NONCE_EXPIRED
from gratipay.utils import decode_from_querystring
from gratipay.security import user as _user # Avoid conflict with 'user' in template

[---]

if 'nonce' not in request.qs:
raise Response(400, '`nonce` parameter must be provided')

if 'email' not in request.qs:
raise Response(400, '`email` parameter must be provided')

email = decode_from_querystring(request.qs['email'])
nonce = request.qs['nonce']

result = verify_nonce(website.db, email, nonce)

if result == NONCE_VALID:
_user = _user.from_email(email)
_user.sign_in(response.headers.cookie) # TODO: What if user is already signed in?
website.redirect("/", response=response) # TODO: Why should response be passed?
invalidate_nonce(website.db, email, nonce)
else:
suppress_sidebar = True

[---] text/html via jinja2
{% extends "templates/base.html" %}
{% block content %}
{% if result == NONCE_EXPIRED %}
<h1>{{ _("Link expired") }}</h1>
<p>{{ _( "This link has expired. Please generate a new one.") }}</p>
{# TODO: Add form for email right here? #}
{% else %} {# NONCE_INVALID #}
<h1>{{ _("Bad Info") }}</h1>
<p>
{{ _( "Sorry, that's a bad link.") }}

<br/><br/>

{{ _("If you think this is a mistake, please contact {a}[email protected].{_a}"
, a=('<a href="mailto:[email protected]">'|safe)
, _a='</a>'|safe) }}
</p>
{% endif %}
{% endblock %}

0 comments on commit 9be01a3

Please sign in to comment.