diff options
| author | Marian Sigler <m@qjym.de> | 2012-09-21 16:12:30 +0200 |
|---|---|---|
| committer | Marian Sigler <m@qjym.de> | 2012-09-21 16:12:30 +0200 |
| commit | 2bdceb1209a081e9ccb80a35dd605c120aaf32e9 (patch) | |
| tree | 8646d269449061ed1405c8ed114066f2fc685f26 /app.py | |
| parent | c6d55f462ebc1d5fb387ccc7873582406205bef8 (diff) | |
| download | web-2bdceb1209a081e9ccb80a35dd605c120aaf32e9.tar.gz web-2bdceb1209a081e9ccb80a35dd605c120aaf32e9.tar.bz2 web-2bdceb1209a081e9ccb80a35dd605c120aaf32e9.zip | |
Send verify mail on change of mail address
Diffstat (limited to 'app.py')
| -rw-r--r-- | app.py | 49 |
1 files changed, 33 insertions, 16 deletions
@@ -37,7 +37,7 @@ def index(): form = LoginForm(request.form) if request.method == 'POST' and form.validate(): if login_user(form.username.data, form.password.data): - flash(u'Erfolgreich eingeloggt (als %s)' % session['username'], 'success') + flash(u'Erfolgreich eingeloggt (als %s)' % g.user.uid, 'success') return redirect(url_for('settings')) else: flash(u'Ungültiger Benutzername und/oder Passwort', 'error') @@ -74,12 +74,7 @@ def register(): @app.route('/register/<token>', methods=['GET', 'POST']) @templated('register_complete.html') def register_complete(token): - try: - username, mail = verify_confirmation('register', token.encode('ascii'), timeout=3*24*60*60) - except ConfirmationInvalid: - raise Forbidden(u'Ungültiger Bestätigungslink') - except ConfirmationTimeout: - raise Forbidden(u'Bestätigungslink ist zu alt') + username, mail = http_verify_confirmation('register', token.encode('ascii'), timeout=3*24*60*60) form = RegisterCompleteForm(request.form) @@ -110,29 +105,51 @@ def register_complete(token): def settings(): form = SettingsForm(request.form, mail=g.user.mail) if request.method == 'POST' and form.validate(): - changed = [] + changed = False if form.mail.data and form.mail.data != g.user.mail: - g.user.change_email(form.mail.data) - changed.append(u'E-Mail-Adresse') + confirm_token = make_confirmation('change_mail', (g.user.uid, form.mail.data)) + confirm_link = url_for('change_mail', token=confirm_token, _external=True) + + body = render_template('mail/change_mail.txt', username=g.user.uid, + mail=form.mail.data, link=confirm_link) + + send_mail(form.mail.data, u'E-Mail-Adresse bestätigen', body, + sender=app.config.get('MAIL_CONFIRM_SENDER')) + + flash(u'Es wurde eine E-Mail an die angegebene Adresse geschickt, ' + u'um diese zu überprüfen. Bitte folge den Anweisungen in der ' + u'E-Mail.') + changed = True if form.password.data: g.user.change_password(form.password.data) - changed.append(u'Passwort') - + g.ldap.update(g.user) session['password'] = encrypt_password(form.password.data) - if changed: - g.ldap.update(g.user) - flash(u'%s geändert' % u' und '.join(changed), 'success') + flash(u'Passwort geändert', 'success') + changed = True + if changed: return redirect(url_for('settings')) - else: flash(u'Nichts geändert') return {'form': form} +@login_required +@app.route('/settings/change_mail/<token>') +def change_mail(token): + username, mail = http_verify_confirmation('change_mail', token.encode('ascii'), timeout=3*24*60*60) + + if g.user.uid != username: + raise Forbidden(u'Bitte logge dich als der Benutzer ein, dessen E-Mail-Adresse du ändern willst.') + g.user.change_email(mail) + g.ldap.update(g.user) + + flash(u'E-Mail-Adresse geändert.', 'success') + return redirect(url_for('settings')) + @app.route('/logout') def logout(): |