aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCédric Bonhomme <cedric@cedricbonhomme.org>2016-02-18 21:41:50 +0100
committerCédric Bonhomme <cedric@cedricbonhomme.org>2016-02-18 21:41:50 +0100
commita2336c5de836267a4e88961422fc3f26cedab47e (patch)
tree18dbc1fb5d09cba02f5c54cae764f3610570d3ff
parentfix migration script (diff)
downloadnewspipe-a2336c5de836267a4e88961422fc3f26cedab47e.tar.gz
newspipe-a2336c5de836267a4e88961422fc3f26cedab47e.tar.bz2
newspipe-a2336c5de836267a4e88961422fc3f26cedab47e.zip
we now specify the validity period of the activation link.
-rw-r--r--app.json3
-rw-r--r--src/conf.py2
-rw-r--r--src/conf/conf.cfg-sample1
-rw-r--r--src/web/lib/user_utils.py6
-rw-r--r--src/web/notifications.py17
-rw-r--r--src/web/templates/emails/account_activation.txt9
-rw-r--r--src/web/views/user.py2
7 files changed, 30 insertions, 10 deletions
diff --git a/app.json b/app.json
index de17707b..42f9bc93 100644
--- a/app.json
+++ b/app.json
@@ -16,7 +16,8 @@
"CDN_ADDRESS": "https://cdn.cedricbonhomme.org/",
"ADMIN_EMAIL": "root@jarr.localhost",
"ADMIN_PASSWORD": "password",
- "SECRET_KEY": "a secret only you know in order to use sessions",
+ "SECRET_KEY": "a secret token only you know in order to use sessions",
+ "TOKEN_VALIDITY_PERIOD": 3600,
"SECURITY_PASSWORD_SALT": "a secret to confirm user account",
"NOTIFICATION_EMAIL": "JARR@no-reply.com",
"RECAPTCHA_PRIVATE_KEY": "REDACTED",
diff --git a/src/conf.py b/src/conf.py
index 1cef95dc..0fcb330e 100644
--- a/src/conf.py
+++ b/src/conf.py
@@ -28,6 +28,7 @@ DEFAULTS = {"platform_url": "https://jarr.herokuapp.com/",
"postmark_api_key": "",
"recaptcha_public_key": "",
"recaptcha_private_key": "",
+ "token_validity_period": "3600",
"nb_worker": "100",
"api_login": "",
"api_passwd": "",
@@ -79,6 +80,7 @@ RECAPTCHA_PUBLIC_KEY = config.get('misc', 'recaptcha_public_key')
RECAPTCHA_PRIVATE_KEY = config.get('misc',
'recaptcha_private_key')
SECURITY_PASSWORD_SALT = config.get('misc', 'security_password_salt')
+TOKEN_VALIDITY_PERIOD = config.getint('misc', 'token_validity_period')
LOG_PATH = os.path.abspath(config.get('misc', 'log_path'))
NB_WORKER = config.getint('misc', 'nb_worker')
API_LOGIN = config.get('crawler', 'api_login')
diff --git a/src/conf/conf.cfg-sample b/src/conf/conf.cfg-sample
index 286ccbe5..1fd572ba 100644
--- a/src/conf/conf.cfg-sample
+++ b/src/conf/conf.cfg-sample
@@ -10,6 +10,7 @@ admin_email =
recaptcha_public_key =
recaptcha_private_key =
security_password_salt = a secret to confirm user account
+token_validity_period = 3600
log_path = ./src/web/var/jarr.log
nb_worker = 5
log_level = info
diff --git a/src/web/lib/user_utils.py b/src/web/lib/user_utils.py
index d5c3da22..dfeb8dfa 100644
--- a/src/web/lib/user_utils.py
+++ b/src/web/lib/user_utils.py
@@ -1,7 +1,7 @@
from itsdangerous import URLSafeTimedSerializer
-
+import conf
from bootstrap import application
@@ -10,13 +10,13 @@ def generate_confirmation_token(email):
return serializer.dumps(email, salt=application.config['SECURITY_PASSWORD_SALT'])
-def confirm_token(token, expiration=3600):
+def confirm_token(token):
serializer = URLSafeTimedSerializer(application.config['SECRET_KEY'])
try:
email = serializer.loads(
token,
salt=application.config['SECURITY_PASSWORD_SALT'],
- max_age=expiration
+ max_age=conf.TOKEN_VALIDITY_PERIOD
)
except:
return False
diff --git a/src/web/notifications.py b/src/web/notifications.py
index 309da2a3..19562fad 100644
--- a/src/web/notifications.py
+++ b/src/web/notifications.py
@@ -19,6 +19,7 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+from flask import render_template
import conf
from web import emails
from web.lib.user_utils import generate_confirmation_token
@@ -43,10 +44,16 @@ def new_account_notification(user):
Account creation notification.
"""
token = generate_confirmation_token(user.email)
- plaintext = """Hello,\n\nYour account has been created. Click on the following link to confirm it:\n%s\n\nSee you,""" % \
- (conf.PLATFORM_URL + 'user/confirm_account/' + token)
+ expire_time = datetime.datetime.now() + \
+ datetime.timedelta(seconds=conf.TOKEN_VALIDITY_PERIOD)
+
+ plaintext = render_template('emails/account_activation.txt',
+ user=user, platform_url=conf.PLATFORM_URL,
+ token=token,
+ expire_time=expire_time)
+
emails.send(to=user.email, bcc=conf.NOTIFICATION_EMAIL,
- subject="[jarr] Account creation", plaintext=plaintext)
+ subject="[JARR] Account creation", plaintext=plaintext)
def new_account_activation(user):
"""
@@ -55,7 +62,7 @@ def new_account_activation(user):
plaintext = """Hello,\n\nYour account has been activated. You can now connect to the platform:\n%s\n\nSee you,""" % \
(conf.PLATFORM_URL)
emails.send(to=user.email, bcc=conf.NOTIFICATION_EMAIL,
- subject="[jarr] Account activated", plaintext=plaintext)
+ subject="[JARR] Account activated", plaintext=plaintext)
def new_password_notification(user, password):
"""
@@ -66,4 +73,4 @@ def new_password_notification(user, password):
plaintext += "\n\nIt is advised to replace it as soon as connected to jarr.\n\nSee you,"
emails.send(to=user.email,
bcc=conf.NOTIFICATION_EMAIL,
- subject="[jarr] New password", plaintext=plaintext)
+ subject="[JARR] New password", plaintext=plaintext)
diff --git a/src/web/templates/emails/account_activation.txt b/src/web/templates/emails/account_activation.txt
new file mode 100644
index 00000000..ce7a8dc2
--- /dev/null
+++ b/src/web/templates/emails/account_activation.txt
@@ -0,0 +1,9 @@
+Hello {{ user.nickname }},
+
+Your account has been created.
+Click on the following link to confirm it:
+{{ platform_url }}user/confirm_account/{{ token }}
+
+The link expires at {{ expire_time.strftime('%Y-%m-%d %H:%M') }}.
+
+See you,
diff --git a/src/web/views/user.py b/src/web/views/user.py
index 57153003..06dc2089 100644
--- a/src/web/views/user.py
+++ b/src/web/views/user.py
@@ -111,7 +111,7 @@ def confirm_account(token=None):
user_contr = UserController()
user, email = None, None
if token != "":
- email = confirm_token(token, expiration=3600)
+ email = confirm_token(token)
if email:
user = user_contr.read(email=email).first()
if user is not None:
bgstack15