1 files changed, 60 insertions, 4 deletions

diff --git a/app/auth/routes.py b/app/auth/routes.py
index 7f7229e..7de091e 100644
--- a/app/auth/routes.py
+++ b/app/auth/routes.py
@@ -3,7 +3,7 @@
 import datetime
 
 from flask import render_template, flash, redirect, url_for, request
-from flask_login import current_user, login_user, logout_user, login_required
+from flask_login import current_user, login_user, logout_user
 
 from werkzeug.urls import url_parse
 
@@ -16,8 +16,12 @@ from app.auth.forms import (
     ResetPasswordRequestForm,
     ResetPasswordForm,
 )
+from app.decorators import login_required
 from app.models import User
-from app.auth.email import send_password_reset_email
+from app.auth.email import (
+    send_password_reset_email,
+    send_email_confirmation_email,
+)
 
 
 @bp.route("/login", methods=("GET", "POST"))
@@ -33,6 +37,8 @@ def login():
             flash("Invalid username or password", "error")
             return redirect(url_for("auth.login"))
         login_user(user, remember=form.remember_me.data)
+        if not user.is_confirmed:
+            return redirect(url_for("auth.not_confirmed"))
         next_page = request.args.get("next")
         if not next_page or url_parse(next_page).netloc != "":
             next_page = url_for("main.index")
@@ -56,8 +62,14 @@ def register():
         user.set_password(form.password.data)
         db.session.add(user)
         db.session.commit()
-        flash("Thank you, you are now a registered user!", "info")
-        return redirect(url_for("auth.login"))
+
+        send_email_confirmation_email(user)
+        flash(
+            "An email has been sent to confirm your account, please check your email.",
+            "info",
+        )
+
+        return redirect(url_for("auth.not_confirmed"))
     return render_template("auth/register.html", title="Register", form=form)
 
 
@@ -94,3 +106,47 @@ def reset_password(token):
         flash("Your password has been reset.", "info")
         return redirect(url_for("auth.login"))
     return render_template("auth/reset_password.html", form=form)
+
+
+@bp.route("/confirm/<token>")
+def confirm_email(token):
+    if current_user.is_authenticated and current_user.is_confirmed:
+        flash("Account is already confirmed.")
+        return redirect(url_for("main.index"))
+    user = User.verify_email_confirmation_token(token)
+    if not user:
+        flash("The confirmation link is invalid or has expired.", "error")
+        return redirect(url_for("main.index"))
+    if user.is_confirmed:
+        flash("Account is already confirmed, please login.", "success")
+    else:
+        user.is_confirmed = True
+        db.session.commit()
+        flash("Account confirmed successfully. Thank you!", "success")
+    return redirect(url_for("main.index"))
+
+
+@bp.route("/not_confirmed")
+def not_confirmed():
+    if current_user.is_anonymous:
+        flash("Please login before accessing this page.")
+        return redirect(url_for("auth.login"))
+    if current_user.is_confirmed:
+        flash("Account is already confirmed.")
+        return redirect(url_for("main.index"))
+    flash("Please confirm your account before moving on.", "info")
+    return render_template("auth/not_confirmed.html")
+
+
+@bp.route("/resend")
+def resend_confirmation():
+    if current_user.is_anonymous:
+        flash("Please login before accessing this page.")
+        return redirect(url_for("auth.login"))
+    if current_user.is_confirmed:
+        flash("Account is already confirmed.")
+        return redirect(url_for("main.index"))
+    send_email_confirmation_email(current_user)
+    email = current_user.email
+    flash("A new confirmation has been sent to %s." % email, "success")
+    return redirect(url_for("auth.not_confirmed"))