Add support for email confirmation

author: Gertjan van den Burg <gertjanvandenburg@gmail.com> 2019-03-26 16:17:11 +0000
committer: Gertjan van den Burg <gertjanvandenburg@gmail.com> 2019-03-26 16:17:11 +0000
commit: 98f0fcdcbdbbd91a2a4da6b44229a178ddb38d31 (patch)
tree: ec6f1254bab7e65954694704a20c947fa268649e /app/auth
parent: Add email confirmation field (diff)
download: AnnotateChange-98f0fcdcbdbbd91a2a4da6b44229a178ddb38d31.tar.gz
AnnotateChange-98f0fcdcbdbbd91a2a4da6b44229a178ddb38d31.zip
2 files changed, 76 insertions, 4 deletions
diff --git a/app/auth/email.py b/app/auth/email.py
index c071518..581c9ce 100644
--- a/app/auth/email.py
+++ b/app/auth/email.py
@@ -4,6 +4,7 @@ from flask import current_app, render_template
 
 from app.email import send_email
 
+
 def send_password_reset_email(user):
     token = user.get_reset_password_token()
     send_email(
@@ -17,3 +18,18 @@ def send_password_reset_email(user):
             "email/reset_password.html", user=user, token=token
         ),
     )
+
+
+def send_email_confirmation_email(user):
+    token = user.get_email_confirmation_token()
+    send_email(
+        "[AnnotateChange] Confirm your email",
+        sender=current_app.config["ADMINS"][0],
+        recipients=[user.email],
+        text_body=render_template(
+            "email/confirm_email.txt", user=user, token=token
+        ),
+        html_body=render_template(
+            "email/confirm_email.html", user=user, token=token
+        ),
+    )
diff --git a/app/auth/routes.py b/app/auth/routes.py
index 7f7229e..7de091e 100644
--- a/app/auth/routes.py
+++ b/app/auth/routes.py
@@ -3,7 +3,7 @@
 import datetime
 
 from flask import render_template, flash, redirect, url_for, request
-from flask_login import current_user, login_user, logout_user, login_required
+from flask_login import current_user, login_user, logout_user
 
 from werkzeug.urls import url_parse
 
@@ -16,8 +16,12 @@ from app.auth.forms import (
     ResetPasswordRequestForm,
     ResetPasswordForm,
 )
+from app.decorators import login_required
 from app.models import User
-from app.auth.email import send_password_reset_email
+from app.auth.email import (
+    send_password_reset_email,
+    send_email_confirmation_email,
+)
 
 
 @bp.route("/login", methods=("GET", "POST"))
@@ -33,6 +37,8 @@ def login():
             flash("Invalid username or password", "error")
             return redirect(url_for("auth.login"))
         login_user(user, remember=form.remember_me.data)
+        if not user.is_confirmed:
+            return redirect(url_for("auth.not_confirmed"))
         next_page = request.args.get("next")
         if not next_page or url_parse(next_page).netloc != "":
             next_page = url_for("main.index")
@@ -56,8 +62,14 @@ def register():
         user.set_password(form.password.data)
         db.session.add(user)
         db.session.commit()
-        flash("Thank you, you are now a registered user!", "info")
-        return redirect(url_for("auth.login"))
+
+        send_email_confirmation_email(user)
+        flash(
+            "An email has been sent to confirm your account, please check your email.",
+            "info",
+        )
+
+        return redirect(url_for("auth.not_confirmed"))
     return render_template("auth/register.html", title="Register", form=form)
 
 
@@ -94,3 +106,47 @@ def reset_password(token):
         flash("Your password has been reset.", "info")
         return redirect(url_for("auth.login"))
     return render_template("auth/reset_password.html", form=form)
+
+
+@bp.route("/confirm/<token>")
+def confirm_email(token):
+    if current_user.is_authenticated and current_user.is_confirmed:
+        flash("Account is already confirmed.")
+        return redirect(url_for("main.index"))
+    user = User.verify_email_confirmation_token(token)
+    if not user:
+        flash("The confirmation link is invalid or has expired.", "error")
+        return redirect(url_for("main.index"))
+    if user.is_confirmed:
+        flash("Account is already confirmed, please login.", "success")
+    else:
+        user.is_confirmed = True
+        db.session.commit()
+        flash("Account confirmed successfully. Thank you!", "success")
+    return redirect(url_for("main.index"))
+
+
+@bp.route("/not_confirmed")
+def not_confirmed():
+    if current_user.is_anonymous:
+        flash("Please login before accessing this page.")
+        return redirect(url_for("auth.login"))
+    if current_user.is_confirmed:
+        flash("Account is already confirmed.")
+        return redirect(url_for("main.index"))
+    flash("Please confirm your account before moving on.", "info")
+    return render_template("auth/not_confirmed.html")
+
+
+@bp.route("/resend")
+def resend_confirmation():
+    if current_user.is_anonymous:
+        flash("Please login before accessing this page.")
+        return redirect(url_for("auth.login"))
+    if current_user.is_confirmed:
+        flash("Account is already confirmed.")
+        return redirect(url_for("main.index"))
+    send_email_confirmation_email(current_user)
+    email = current_user.email
+    flash("A new confirmation has been sent to %s." % email, "success")
+    return redirect(url_for("auth.not_confirmed"))
author	Gertjan van den Burg <gertjanvandenburg@gmail.com>	2019-03-26 16:17:11 +0000
committer	Gertjan van den Burg <gertjanvandenburg@gmail.com>	2019-03-26 16:17:11 +0000
commit	98f0fcdcbdbbd91a2a4da6b44229a178ddb38d31 (patch)
tree	ec6f1254bab7e65954694704a20c947fa268649e /app/auth
parent	Add email confirmation field (diff)
download	AnnotateChange-98f0fcdcbdbbd91a2a4da6b44229a178ddb38d31.tar.gz AnnotateChange-98f0fcdcbdbbd91a2a4da6b44229a178ddb38d31.zip