4.21.3

2022-12-30 16:23:27 +00:00
parent 02776e8478
commit 20da343c54
1304 changed files with 870224 additions and 0 deletions
--- a/app/app/auth/views/activate.py
+++ b/app/app/auth/views/activate.py
@ -0,0 +1,69 @@
+from flask import request, redirect, url_for, flash, render_template, g
+from flask_login import login_user, current_user
+
+from app import email_utils
+from app.auth.base import auth_bp
+from app.db import Session
+from app.extensions import limiter
+from app.log import LOG
+from app.models import ActivationCode
+from app.utils import sanitize_next_url
+
+
+@auth_bp.route("/activate", methods=["GET", "POST"])
+@limiter.limit(
+    "10/minute", deduct_when=lambda r: hasattr(g, "deduct_limit") and g.deduct_limit
+)
+def activate():
+    if current_user.is_authenticated:
+        return (
+            render_template("auth/activate.html", error="You are already logged in"),
+            400,
+        )
+
+    code = request.args.get("code")
+
+    activation_code: ActivationCode = ActivationCode.get_by(code=code)
+
+    if not activation_code:
+        # Trigger rate limiter
+        g.deduct_limit = True
+        return (
+            render_template(
+                "auth/activate.html", error="Activation code cannot be found"
+            ),
+            400,
+        )
+
+    if activation_code.is_expired():
+        return (
+            render_template(
+                "auth/activate.html",
+                error="Activation code was expired",
+                show_resend_activation=True,
+            ),
+            400,
+        )
+
+    user = activation_code.user
+    user.activated = True
+    login_user(user)
+
+    # activation code is to be used only once
+    ActivationCode.delete(activation_code.id)
+    Session.commit()
+
+    flash("Your account has been activated", "success")
+
+    email_utils.send_welcome_email(user)
+
+    # The activation link contains the original page, for ex authorize page
+    if "next" in request.args:
+        next_url = sanitize_next_url(request.args.get("next"))
+        LOG.d("redirect user to %s", next_url)
+        return redirect(next_url)
+    else:
+        LOG.d("redirect user to dashboard")
+        return redirect(url_for("dashboard.index"))
+        # todo: redirect to account_activated page when more features are added into the browser extension
+        # return redirect(url_for("onboarding.account_activated"))