aboutsummaryrefslogtreecommitdiff
path: root/src/web/views
diff options
context:
space:
mode:
authorCédric Bonhomme <cedric@cedricbonhomme.org>2016-02-18 08:59:13 +0100
committerCédric Bonhomme <cedric@cedricbonhomme.org>2016-02-18 08:59:13 +0100
commit2e5a241777ef0bb0d76420d39bf3be41e16e042a (patch)
tree3223b8fba4fa244fa97b0df0b8bf8c5b91aeffec /src/web/views
parentCheck if the id of the category is '0'. (diff)
downloadnewspipe-2e5a241777ef0bb0d76420d39bf3be41e16e042a.tar.gz
newspipe-2e5a241777ef0bb0d76420d39bf3be41e16e042a.tar.bz2
newspipe-2e5a241777ef0bb0d76420d39bf3be41e16e042a.zip
New management of the token for the account confirmation.
Diffstat (limited to 'src/web/views')
-rw-r--r--src/web/views/admin.py11
-rw-r--r--src/web/views/api/common.py3
-rw-r--r--src/web/views/user.py12
3 files changed, 13 insertions, 13 deletions
diff --git a/src/web/views/admin.py b/src/web/views/admin.py
index 30758f63..832c134d 100644
--- a/src/web/views/admin.py
+++ b/src/web/views/admin.py
@@ -83,13 +83,13 @@ def process_user_form(user_id=None):
flash(gettext('User %(nick)s successfully updated',
nick=user.nickname), 'success')
else:
- # Create a new user
+ # Create a new user (by the admin)
user = user_contr.create(nickname=form.nickname.data,
email=form.email.data,
password=form.password.data,
roles=[role_user],
refresh_rate=form.refresh_rate.data,
- activation_key="")
+ enabled=True)
flash(gettext('User %(nick)s successfully created',
nick=user.nickname), 'success')
return redirect(url_for('admin.user_form', user_id=user.id))
@@ -144,12 +144,11 @@ def toggle_user(user_id=None):
flash(gettext('This user does not exist.'), 'danger')
return redirect(url_for('admin.dashboard'))
- if user.activation_key != "":
-
+ if not user.enabled:
# Send the confirmation email
try:
notifications.new_account_activation(user)
- user_contr.unset_activation_key(user.id)
+ user_contr.update({'id': user.id}, {'enabled': True})
message = gettext('Account of the user %(nick)s successfully '
'activated.', nick=user.nickname)
except Exception as error:
@@ -158,7 +157,7 @@ def toggle_user(user_id=None):
return redirect(url_for('admin.dashboard'))
else:
- user_contr.set_activation_key(user.id)
+ user_contr.update({'id': user.id}, {'enabled': False})
message = gettext('Account of the user %(nick)s successfully disabled',
nick=user.nickname)
flash(message, 'success')
diff --git a/src/web/views/api/common.py b/src/web/views/api/common.py
index 3476cad9..c155a254 100644
--- a/src/web/views/api/common.py
+++ b/src/web/views/api/common.py
@@ -54,8 +54,7 @@ def authenticate(func):
if auth is not None:
user = User.query.filter(
User.nickname == auth.username).first()
- if user and user.check_password(auth.password) \
- and user.activation_key == "":
+ if user and user.check_password(auth.password) and user.enabled:
g.user = user
logged_in = True
if logged_in:
diff --git a/src/web/views/user.py b/src/web/views/user.py
index 754d3b9a..0f9fe612 100644
--- a/src/web/views/user.py
+++ b/src/web/views/user.py
@@ -7,6 +7,7 @@ from flask.ext.login import login_required
import conf
from web import utils, notifications
+from web.lib.user_utils import confirm_token
from web.controllers import (UserController, FeedController, ArticleController)
from web.forms import ProfileForm, RecoverPasswordForm
@@ -102,16 +103,17 @@ def delete_account():
return redirect(url_for('login'))
-@user_bp.route('/confirm_account/<string:activation_key>', methods=['GET'])
-def confirm_account(activation_key=None):
+@user_bp.route('/confirm_account/<string:token>', methods=['GET'])
+def confirm_account(token=None):
"""
Confirm the account of a user.
"""
user_contr = UserController()
- if activation_key != "":
- user = user_contr.read(activation_key=activation_key).first()
+ if token != "":
+ email = confirm_token(token, expiration=3600)
+ user = user_contr.read(email=email).first()
if user is not None:
- user_contr.update({'id': user.id}, {'activation_key': ''})
+ user_contr.update({'id': user.id}, {'enabled': True})
flash(gettext('Your account has been confirmed.'), 'success')
else:
flash(gettext('Impossible to confirm this account.'), 'danger')
bgstack15