Add user email verification

2025-06-14 12:06:06 +00:00 · 2019-12-21 21:43:03 +07:00
parent 49908b9039
commit 7739bf7cfc
18 changed files with 495 additions and 20 deletions
--- a/powerdnsadmin/routes/admin.py
+++ b/powerdnsadmin/routes/admin.py
@ -501,7 +501,7 @@ def setting_basic():
            'pretty_ipv6_ptr', 'dnssec_admins_only',
            'allow_user_create_domain', 'bg_domain_updates', 'site_name',
            'session_timeout', 'warn_session_timeout', 'ttl_options',
-            'pdns_api_timeout'
+            'pdns_api_timeout', 'verify_user_email'
        ]

        return render_template('admin_setting_basic.html', settings=settings)
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@ -29,6 +29,8 @@ from ..services.github import github_oauth
 from ..services.azure import azure_oauth
 from ..services.oidc import oidc_oauth
 from ..services.saml import SAML
+from ..services.token import confirm_token
+from ..services.email import send_account_verification

 google = None
 github = None
@ -280,6 +282,12 @@ def login():
                    plain_text_password=password)

        try:
+            if Setting().get('verify_user_email') and user.email and not user.confirmed:
+                return render_template(
+                    'login.html',
+                    saml_enabled=SAML_ENABLED,
+                    error='Please confirm your email address first')
+
            auth = user.is_validate(method=auth_method,
                                    src_ip=request.remote_addr)
            if auth == False:
@ -411,6 +419,8 @@ def register():
            try:
                result = user.create_local_user()
                if result and result['status']:
+                    if Setting().get('verify_user_email'):
+                        send_account_verification(email)
                    return redirect(url_for('index.login'))
                else:
                    return render_template('register.html',
@ -421,6 +431,50 @@ def register():
        return render_template('errors/404.html'), 404


+@index_bp.route('/confirm/<token>', methods=['GET'])
+def confirm_email(token):
+    email = confirm_token(token)
+    if not email:
+        # Cannot confirm email
+        return render_template('email_confirmation.html', status=0)
+
+    user = User.query.filter_by(email=email).first_or_404()
+    if user.confirmed:
+        # Already confirmed
+        current_app.logger.info(
+            "User email {} already confirmed".format(email))
+        return render_template('email_confirmation.html', status=2)
+    else:
+        # Confirm email is valid
+        user.update_confirmed(confirmed=True)
+        current_app.logger.info(
+            "User email {} confirmed successfully".format(email))
+        return render_template('email_confirmation.html', status=1)
+
+
+@index_bp.route('/resend-confirmation-email', methods=['GET', 'POST'])
+def resend_confirmation_email():
+    if current_user.is_authenticated:
+        return redirect(url_for('index.index'))
+    if request.method == 'GET':
+        return render_template('resend_confirmation_email.html')
+    elif request.method == 'POST':
+        email = request.form.get('email')
+        user = User.query.filter(User.email == email).first()
+        if not user:
+            # Email not found
+            status = 0
+        elif user.confirmed:
+            # Email already confirmed
+            status = 1
+        else:
+            # Send new confirmed email
+            send_account_verification(user.email)
+            status = 2
+
+        return render_template('resend_confirmation_email.html', status=status)
+
+
@index_bp.route('/nic/checkip.html', methods=['GET', 'POST'])
 def dyndns_checkip():
    # This route covers the default ddclient 'web' setting for the checkip service