diff options
author | Cédric Bonhomme <cedric@cedricbonhomme.org> | 2016-02-18 08:59:13 +0100 |
---|---|---|
committer | Cédric Bonhomme <cedric@cedricbonhomme.org> | 2016-02-18 08:59:13 +0100 |
commit | 2e5a241777ef0bb0d76420d39bf3be41e16e042a (patch) | |
tree | 3223b8fba4fa244fa97b0df0b8bf8c5b91aeffec /src/web/views | |
parent | Check if the id of the category is '0'. (diff) | |
download | newspipe-2e5a241777ef0bb0d76420d39bf3be41e16e042a.tar.gz newspipe-2e5a241777ef0bb0d76420d39bf3be41e16e042a.tar.bz2 newspipe-2e5a241777ef0bb0d76420d39bf3be41e16e042a.zip |
New management of the token for the account confirmation.
Diffstat (limited to 'src/web/views')
-rw-r--r-- | src/web/views/admin.py | 11 | ||||
-rw-r--r-- | src/web/views/api/common.py | 3 | ||||
-rw-r--r-- | src/web/views/user.py | 12 |
3 files changed, 13 insertions, 13 deletions
diff --git a/src/web/views/admin.py b/src/web/views/admin.py index 30758f63..832c134d 100644 --- a/src/web/views/admin.py +++ b/src/web/views/admin.py @@ -83,13 +83,13 @@ def process_user_form(user_id=None): flash(gettext('User %(nick)s successfully updated', nick=user.nickname), 'success') else: - # Create a new user + # Create a new user (by the admin) user = user_contr.create(nickname=form.nickname.data, email=form.email.data, password=form.password.data, roles=[role_user], refresh_rate=form.refresh_rate.data, - activation_key="") + enabled=True) flash(gettext('User %(nick)s successfully created', nick=user.nickname), 'success') return redirect(url_for('admin.user_form', user_id=user.id)) @@ -144,12 +144,11 @@ def toggle_user(user_id=None): flash(gettext('This user does not exist.'), 'danger') return redirect(url_for('admin.dashboard')) - if user.activation_key != "": - + if not user.enabled: # Send the confirmation email try: notifications.new_account_activation(user) - user_contr.unset_activation_key(user.id) + user_contr.update({'id': user.id}, {'enabled': True}) message = gettext('Account of the user %(nick)s successfully ' 'activated.', nick=user.nickname) except Exception as error: @@ -158,7 +157,7 @@ def toggle_user(user_id=None): return redirect(url_for('admin.dashboard')) else: - user_contr.set_activation_key(user.id) + user_contr.update({'id': user.id}, {'enabled': False}) message = gettext('Account of the user %(nick)s successfully disabled', nick=user.nickname) flash(message, 'success') diff --git a/src/web/views/api/common.py b/src/web/views/api/common.py index 3476cad9..c155a254 100644 --- a/src/web/views/api/common.py +++ b/src/web/views/api/common.py @@ -54,8 +54,7 @@ def authenticate(func): if auth is not None: user = User.query.filter( User.nickname == auth.username).first() - if user and user.check_password(auth.password) \ - and user.activation_key == "": + if user and user.check_password(auth.password) and user.enabled: g.user = user logged_in = True if logged_in: diff --git a/src/web/views/user.py b/src/web/views/user.py index 754d3b9a..0f9fe612 100644 --- a/src/web/views/user.py +++ b/src/web/views/user.py @@ -7,6 +7,7 @@ from flask.ext.login import login_required import conf from web import utils, notifications +from web.lib.user_utils import confirm_token from web.controllers import (UserController, FeedController, ArticleController) from web.forms import ProfileForm, RecoverPasswordForm @@ -102,16 +103,17 @@ def delete_account(): return redirect(url_for('login')) -@user_bp.route('/confirm_account/<string:activation_key>', methods=['GET']) -def confirm_account(activation_key=None): +@user_bp.route('/confirm_account/<string:token>', methods=['GET']) +def confirm_account(token=None): """ Confirm the account of a user. """ user_contr = UserController() - if activation_key != "": - user = user_contr.read(activation_key=activation_key).first() + if token != "": + email = confirm_token(token, expiration=3600) + user = user_contr.read(email=email).first() if user is not None: - user_contr.update({'id': user.id}, {'activation_key': ''}) + user_contr.update({'id': user.id}, {'enabled': True}) flash(gettext('Your account has been confirmed.'), 'success') else: flash(gettext('Impossible to confirm this account.'), 'danger') |