diff options
Diffstat (limited to 'app.py')
-rw-r--r-- | app.py | 53 |
1 files changed, 45 insertions, 8 deletions
@@ -7,8 +7,8 @@ import account import ldap import os from flask import flash, Flask, g, redirect, request, session, url_for -from utils import templated, login_required, encrypt_password, decrypt_password, login_user, logout_user -from forms import RegisterForm, LoginForm, SettingsForm +from utils import * +from forms import RegisterForm, RegisterCompleteForm, LoginForm, SettingsForm app = Flask(__name__) @@ -52,18 +52,55 @@ def register(): if request.method == 'POST' and form.validate(): username = form.username.data mail = form.mail.data + + confirm_token = make_confirmation('register', (username, mail)) + confirm_link = url_for('register_complete', token=confirm_token, _external=True) + + body = render_template('mail/register.txt', username=username, + mail=mail, link=confirm_link) + + send_mail(mail, u'E-Mail-Adresse bestätigen', body, + sender=app.config.get('MAIL_CONFIRM_SENDER')) + + flash(u'Es wurde eine E-Mail an die angegebene Adresse geschickt, ' + u'um diese zu überprüfen. Bitte folge den Anweisungen in der ' + u'E-Mail.') + + return redirect(url_for('index')) + + return {'form': form} + + +@app.route('/register/<token>', methods=['GET', 'POST']) +@templated('register_complete.html') +def register_complete(token): + try: + username, mail = verify_confirmation('register', token.encode('ascii'), timeout=3*24*60*60) + except ConfirmationInvalid: + raise Forbidden(u'Ungültiger Bestätigungslink') + except ConfirmationTimeout: + raise Forbidden(u'Bestätigungslink ist zu alt') + + + form = RegisterCompleteForm(request.form) + if request.method == 'POST' and form.validate(): password = form.password.data - user = Account(form.username.data, form.mail.data, password=form.password.data) - service.register(user) + user = account.Account(username, mail, password=form.password.data) + g.ldap.register(user) # populate request context and session - assert login_user(user.username, user.password) + assert login_user(user.uid, user.password) flash(u'Benutzer erfolgreich angelegt.') - redirect(url_for('settings')) - - return {'form': form} + return redirect(url_for('settings')) + + return { + 'form': form, + 'token': token, + 'username': username, + 'mail': mail, + } |