aboutsummaryrefslogtreecommitdiff
path: root/src/web
diff options
context:
space:
mode:
authorCédric Bonhomme <cedric@cedricbonhomme.org>2016-02-18 21:41:50 +0100
committerCédric Bonhomme <cedric@cedricbonhomme.org>2016-02-18 21:41:50 +0100
commita2336c5de836267a4e88961422fc3f26cedab47e (patch)
tree18dbc1fb5d09cba02f5c54cae764f3610570d3ff /src/web
parentfix migration script (diff)
downloadnewspipe-a2336c5de836267a4e88961422fc3f26cedab47e.tar.gz
newspipe-a2336c5de836267a4e88961422fc3f26cedab47e.tar.bz2
newspipe-a2336c5de836267a4e88961422fc3f26cedab47e.zip
we now specify the validity period of the activation link.
Diffstat (limited to 'src/web')
-rw-r--r--src/web/lib/user_utils.py6
-rw-r--r--src/web/notifications.py17
-rw-r--r--src/web/templates/emails/account_activation.txt9
-rw-r--r--src/web/views/user.py2
4 files changed, 25 insertions, 9 deletions
diff --git a/src/web/lib/user_utils.py b/src/web/lib/user_utils.py
index d5c3da22..dfeb8dfa 100644
--- a/src/web/lib/user_utils.py
+++ b/src/web/lib/user_utils.py
@@ -1,7 +1,7 @@
from itsdangerous import URLSafeTimedSerializer
-
+import conf
from bootstrap import application
@@ -10,13 +10,13 @@ def generate_confirmation_token(email):
return serializer.dumps(email, salt=application.config['SECURITY_PASSWORD_SALT'])
-def confirm_token(token, expiration=3600):
+def confirm_token(token):
serializer = URLSafeTimedSerializer(application.config['SECRET_KEY'])
try:
email = serializer.loads(
token,
salt=application.config['SECURITY_PASSWORD_SALT'],
- max_age=expiration
+ max_age=conf.TOKEN_VALIDITY_PERIOD
)
except:
return False
diff --git a/src/web/notifications.py b/src/web/notifications.py
index 309da2a3..19562fad 100644
--- a/src/web/notifications.py
+++ b/src/web/notifications.py
@@ -19,6 +19,7 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+from flask import render_template
import conf
from web import emails
from web.lib.user_utils import generate_confirmation_token
@@ -43,10 +44,16 @@ def new_account_notification(user):
Account creation notification.
"""
token = generate_confirmation_token(user.email)
- plaintext = """Hello,\n\nYour account has been created. Click on the following link to confirm it:\n%s\n\nSee you,""" % \
- (conf.PLATFORM_URL + 'user/confirm_account/' + token)
+ expire_time = datetime.datetime.now() + \
+ datetime.timedelta(seconds=conf.TOKEN_VALIDITY_PERIOD)
+
+ plaintext = render_template('emails/account_activation.txt',
+ user=user, platform_url=conf.PLATFORM_URL,
+ token=token,
+ expire_time=expire_time)
+
emails.send(to=user.email, bcc=conf.NOTIFICATION_EMAIL,
- subject="[jarr] Account creation", plaintext=plaintext)
+ subject="[JARR] Account creation", plaintext=plaintext)
def new_account_activation(user):
"""
@@ -55,7 +62,7 @@ def new_account_activation(user):
plaintext = """Hello,\n\nYour account has been activated. You can now connect to the platform:\n%s\n\nSee you,""" % \
(conf.PLATFORM_URL)
emails.send(to=user.email, bcc=conf.NOTIFICATION_EMAIL,
- subject="[jarr] Account activated", plaintext=plaintext)
+ subject="[JARR] Account activated", plaintext=plaintext)
def new_password_notification(user, password):
"""
@@ -66,4 +73,4 @@ def new_password_notification(user, password):
plaintext += "\n\nIt is advised to replace it as soon as connected to jarr.\n\nSee you,"
emails.send(to=user.email,
bcc=conf.NOTIFICATION_EMAIL,
- subject="[jarr] New password", plaintext=plaintext)
+ subject="[JARR] New password", plaintext=plaintext)
diff --git a/src/web/templates/emails/account_activation.txt b/src/web/templates/emails/account_activation.txt
new file mode 100644
index 00000000..ce7a8dc2
--- /dev/null
+++ b/src/web/templates/emails/account_activation.txt
@@ -0,0 +1,9 @@
+Hello {{ user.nickname }},
+
+Your account has been created.
+Click on the following link to confirm it:
+{{ platform_url }}user/confirm_account/{{ token }}
+
+The link expires at {{ expire_time.strftime('%Y-%m-%d %H:%M') }}.
+
+See you,
diff --git a/src/web/views/user.py b/src/web/views/user.py
index 57153003..06dc2089 100644
--- a/src/web/views/user.py
+++ b/src/web/views/user.py
@@ -111,7 +111,7 @@ def confirm_account(token=None):
user_contr = UserController()
user, email = None, None
if token != "":
- email = confirm_token(token, expiration=3600)
+ email = confirm_token(token)
if email:
user = user_contr.read(email=email).first()
if user is not None:
bgstack15