diff --git a/gratipay/security/user.py b/gratipay/security/user.py index 09cafcb4bf..a821caea0f 100644 --- a/gratipay/security/user.py +++ b/gratipay/security/user.py @@ -34,6 +34,12 @@ def from_id(cls, userid): """ return cls(Participant.from_id(userid)) + @classmethod + def from_email(cls, email): + """Find a participant based on id and return a User. + """ + return cls(Participant.from_email(email)) + @classmethod def from_username(cls, username): """Find a participant based on username and return a User. diff --git a/www/auth/email/verify.html.spt b/www/auth/email/verify.html.spt new file mode 100644 index 0000000000..325215b8c1 --- /dev/null +++ b/www/auth/email/verify.html.spt @@ -0,0 +1,48 @@ +from aspen import Response + +from gratipay.security.authentication.email import verify_nonce, invalidate_nonce +from gratipay.security.authentication.email import NONCE_VALID, NONCE_INVALID, NONCE_EXPIRED +from gratipay.utils import decode_from_querystring +from gratipay.security import user as _user # Avoid conflict with 'user' in template + +[---] + +if 'nonce' not in request.qs: + raise Response(400, '`nonce` parameter must be provided') + +if 'email' not in request.qs: + raise Response(400, '`email` parameter must be provided') + +email = decode_from_querystring(request.qs['email']) +nonce = request.qs['nonce'] + +result = verify_nonce(website.db, email, nonce) + +if result == NONCE_VALID: + _user = _user.from_email(email) + _user.sign_in(response.headers.cookie) # TODO: What if user is already signed in? + website.redirect("/", response=response) # TODO: Why should response be passed? + invalidate_nonce(website.db, email, nonce) +else: + suppress_sidebar = True + +[---] text/html via jinja2 +{% extends "templates/base.html" %} +{% block content %} + {% if result == NONCE_EXPIRED %} +
{{ _( "This link has expired. Please generate a new one.") }}
+ {# TODO: Add form for email right here? #} + {% else %} {# NONCE_INVALID #} +
+ {{ _( "Sorry, that's a bad link.") }}
+
+
+
+ {{ _("If you think this is a mistake, please contact {a}support@gratipay.com.{_a}"
+ , a=(''|safe)
+ , _a=''|safe) }}
+