add email verification

app/settings.py

@@ -161,6 +161,7 @@
 # Set up custom auth
 AUTH_USER_MODEL = 'user.User'
 LOGIN_URL = 'account_login'
+PASSWORD_RESET_TIMEOUT_DAYS = 1
 
 BOOTSTRAP3 = {
     # Don't normally want placeholders.

hackers/templates/phases/verify.html

@@ -0,0 +1,8 @@
+{% if user.email_verified %}
+    <p>
+        Your email has been verified!
+
+    </p>
+{% else %}
+    Please check your inbox  to verify that <b>{{ user.email }}</b> is your email.
+{% endif %}

hackers/views.py

@@ -171,6 +171,8 @@ def get_context_data(self, **kwargs):
     def get_phases(self):
         user = self.request.user
         phases = [
+            create_phase('verify', "Email verification",
+                         lambda x: x.email_verified, user),
             create_phase('application', "Application",
                          lambda x: x.application, user),
 

user/apps.py

@@ -8,5 +8,6 @@ class UserConfig(AppConfig):
 
     def ready(self):
         super(UserConfig, self).ready()
-        from .signals import user_organizer
+        from .signals import user_organizer, user_verify_email
         user_organizer
+        user_verify_email

user/emails.py

@@ -0,0 +1,10 @@
+from app import emails
+
+
+def create_verify_email(user, activate_url):
+    c = {
+        'user': user,
+        'activate_url': activate_url
+    }
+    return emails.render_mail('mails/verify_email',
+                              user.email, c)

user/signals.py

@@ -4,6 +4,7 @@
 from django.db.models.signals import post_save
 from django.dispatch import receiver
 
+from user import tokens
 from user.models import User
 
 REGEX_PATTERN = getattr(settings, 'REGEX_HACKATHON_ORGANIZER_EMAIL', None)
@@ -17,3 +18,11 @@ def user_organizer(sender, instance, created, *args, **kwargs):
     if re.match(REGEX_PATTERN, instance.email):
         instance.is_organizer = True
         instance.save()
+
+
+# MAke user organizer if fits regex
+@receiver(post_save, sender=User)
+def user_verify_email(sender, instance, created, *args, **kwargs):
+    if created:
+        msg = tokens.create_token_email(instance)
+        msg.send()

user/templates/mails/verify_email_message.html

@@ -0,0 +1,14 @@
+{% extends 'base_email.html' %}
+{% block preheader %}Verify your email address{% endblock %}
+
+{% block content %}
+    {% include 'include/email_line_start.html' %}
+    Hey {{ user.nickname }},
+    {% include 'include/email_line_end.html' %}
+    {% include 'include/email_line.html' with text="You have 5 days to verify your email address for your account at "|add:h_name %}
+    {% include 'include/email_button.html' with text='Verify' url=activate_url %}
+
+    {% include 'include/email_line.html' with text="Best," %}
+    {% include 'include/email_line.html' with text="" %}
+    {% include 'include/email_line.html' with text=h_name|add:" Team" %}
+{% endblock %}

user/templates/mails/verify_email_message.txt

@@ -0,0 +1,10 @@
+Hi there {{ user.nickname }},
+
+You're receiving this e-mail because a user has given yours as an e-mail address to connect their account in {{ h_name }}.
+Activate your account by using the following URL:
+
+{{activate_url}}
+
+Best,
+
+{{ h_name }} Team

user/templates/mails/verify_email_subject.txt

@@ -0,0 +1 @@
+Please Confirm Your E-mail Address

user/tokens.py

@@ -0,0 +1,27 @@
+from django.conf import settings
+from django.contrib.auth.tokens import PasswordResetTokenGenerator
+from django.urls import reverse
+from django.utils import six
+from django.utils.encoding import force_bytes
+from django.utils.http import urlsafe_base64_encode
+
+from user.emails import create_verify_email
+
+
+class AccountActivationTokenGenerator(PasswordResetTokenGenerator):
+    def _make_hash_value(self, user, timestamp):
+        return (
+            six.text_type(user.pk) + six.text_type(timestamp) +
+            six.text_type(user.email_verified)
+        )
+
+
+account_activation_token = AccountActivationTokenGenerator()
+
+
+def create_token_email(user):
+    token = account_activation_token.make_token(user)
+    uuid = urlsafe_base64_encode(force_bytes(user.pk))
+    activate_url = 'http://' + settings.HACKATHON_DOMAIN + \
+                   reverse('activate', kwargs={'uid': uuid, 'token': token})
+    return create_verify_email(user, activate_url)

user/urls.py

@@ -1,9 +1,11 @@
 from django.conf.urls import url
+
 from user import views
 
 urlpatterns = [
     url(r'login/$', views.login, name='account_login'),
     url(r'signup/$', views.signup, name='account_signup'),
     url(r'logout/$', views.logout, name='account_logout'),
-
+    url(r'^activate/(?P<uid>[0-9A-Za-z_\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$',
+        views.activate, name='activate'),
 ]

user/views.py

@@ -1,9 +1,13 @@
 from django.contrib import auth, messages
 from django.http import HttpResponseRedirect
-from django.shortcuts import render
+from django.shortcuts import render, redirect
+from django.utils.encoding import force_text
+from django.utils.http import urlsafe_base64_decode
 
 from app.utils import reverse
 from user import forms, models
+from user.models import User
+from user.tokens import account_activation_token
 
 
 def login(request):
@@ -53,3 +57,25 @@ def logout(request):
     auth.logout(request)
     messages.success(request, 'Successfully logged out!')
     return HttpResponseRedirect(reverse('account_login'))
+
+
+def activate(request, uid, token):
+    try:
+        uid = force_text(urlsafe_base64_decode(uid))
+        user = User.objects.get(pk=uid)
+        if request.user != user:
+            messages.warning(request, "User email can be verified")
+            return redirect('root')
+    except (TypeError, ValueError, OverflowError, User.DoesNotExist):
+        messages.warning(request, "User email can be verified")
+        return redirect('root')
+
+    if account_activation_token.check_token(user, token):
+        messages.success(request, "Email verified!")
+
+        user.email_verified = True
+        user.save()
+        auth.login(request, user)
+    else:
+        messages.error(request, "This email verification url has expired")
+    return redirect('root')