See #1039: resend confirmation email on login if email is unverified

2025-10-05 10:09:26 +02:00 · 2020-04-01 15:24:40 +02:00 · 2020-04-01 15:24:40 +02:00 · b07bd83fa1
commit b07bd83fa1
parent 372bd4a6ee
9 changed files with 82 additions and 11 deletions
--- a/api/funkwhale_api/common/authentication.py
+++ b/api/funkwhale_api/common/authentication.py
@ -1,6 +1,13 @@
 from django.conf import settings
 from django.utils.encoding import smart_text
 from django.utils.translation import ugettext as _
+
+from django.core.cache import cache
+
+from allauth.account.utils import send_email_confirmation
+from oauth2_provider.contrib.rest_framework.authentication import (
+    OAuth2Authentication as BaseOAuth2Authentication,
+)
 from rest_framework import exceptions
 from rest_framework_jwt import authentication
 from rest_framework_jwt.settings import api_settings
@ -14,7 +21,40 @@ def should_verify_email(user):
    return has_unverified_email and mandatory_verification


+class UnverifiedEmail(Exception):
+    def __init__(self, user):
+        self.user = user
+
+
+def resend_confirmation_email(request, user):
+    THROTTLE_DELAY = 500
+    cache_key = "auth:resent-email-confirmation:{}".format(user.pk)
+    if cache.get(cache_key):
+        return False
+
+    done = send_email_confirmation(request, user)
+    cache.set(cache_key, True, THROTTLE_DELAY)
+    return done
+
+
+class OAuth2Authentication(BaseOAuth2Authentication):
+    def authenticate(self, request):
+        try:
+            return super().authenticate(request)
+        except UnverifiedEmail as e:
+            request.oauth2_error = {"error": "unverified_email"}
+            resend_confirmation_email(request, e.user)
+
+
 class BaseJsonWebTokenAuth(object):
+    def authenticate(self, request):
+        try:
+            return super().authenticate(request)
+        except UnverifiedEmail as e:
+            msg = _("You need to verify your email address.")
+            resend_confirmation_email(request, e.user)
+            raise exceptions.AuthenticationFailed(msg)
+
    def authenticate_credentials(self, payload):
        """
        We have to implement this method by hand to ensure we can check that the
@ -38,9 +78,7 @@ class BaseJsonWebTokenAuth(object):
            raise exceptions.AuthenticationFailed(msg)

        if should_verify_email(user):
-
-            msg = _("You need to verify your email address.")
-            raise exceptions.AuthenticationFailed(msg)
+            raise UnverifiedEmail(user)

        return user

--- a/api/funkwhale_api/users/adapters.py
+++ b/api/funkwhale_api/users/adapters.py
@ -25,3 +25,7 @@ class FunkwhaleAccountAdapter(DefaultAccountAdapter):

    def get_login_redirect_url(self, request):
        return "noop"
+
+    def add_message(self, *args, **kwargs):
+        # disable message sending
+        return
--- a/api/funkwhale_api/users/auth_backends.py
+++ b/api/funkwhale_api/users/auth_backends.py
@ -43,9 +43,11 @@ class ModelBackend(backends.ModelBackend):
        return user if self.user_can_authenticate(user) else None

    def user_can_authenticate(self, user):
-        return super().user_can_authenticate(
-            user
-        ) and not authentication.should_verify_email(user)
+        can_authenticate = super().user_can_authenticate(user)
+        if authentication.should_verify_email(user):
+            raise authentication.UnverifiedEmail(user)
+
+        return can_authenticate


 class AllAuthBackend(auth_backends.AuthenticationBackend, ModelBackend):
--- a/api/funkwhale_api/users/jwt_views.py
+++ b/api/funkwhale_api/users/jwt_views.py
@ -1,8 +1,11 @@
 from rest_framework_jwt import views as jwt_views

+from . import serializers
+

 class ObtainJSONWebToken(jwt_views.ObtainJSONWebToken):
    throttling_scopes = {"*": {"anonymous": "jwt-login", "authenticated": "jwt-login"}}
+    serializer_class = serializers.JSONWebTokenSerializer


 class RefreshJSONWebToken(jwt_views.RefreshJSONWebToken):
--- a/api/funkwhale_api/users/oauth/server.py
+++ b/api/funkwhale_api/users/oauth/server.py
@ -8,8 +8,7 @@ def check(request):
    user = request.user
    request.user = user.__class__.objects.all().for_auth().get(pk=user.pk)
    if authentication.should_verify_email(request.user):
-        setattr(request, "oauth2_error", {"error": "unverified_email"})
-        return False
+        raise authentication.UnverifiedEmail(user)
    return True


--- a/api/funkwhale_api/users/serializers.py
+++ b/api/funkwhale_api/users/serializers.py
@ -7,8 +7,10 @@ from django.utils.translation import gettext_lazy as _
 from rest_auth.serializers import PasswordResetSerializer as PRS
 from rest_auth.registration.serializers import RegisterSerializer as RS, get_adapter
 from rest_framework import serializers
+from rest_framework_jwt import serializers as jwt_serializers

 from funkwhale_api.activity import serializers as activity_serializers
+from funkwhale_api.common import authentication
 from funkwhale_api.common import models as common_models
 from funkwhale_api.common import preferences
 from funkwhale_api.common import serializers as common_serializers
@ -36,6 +38,15 @@ username_validators = [ASCIIUsernameValidator()]
 NOOP = object()


+class JSONWebTokenSerializer(jwt_serializers.JSONWebTokenSerializer):
+    def validate(self, data):
+        try:
+            return super().validate(data)
+        except authentication.UnverifiedEmail as e:
+            authentication.send_email_confirmation(self.context["request"], e.user)
+            raise serializers.ValidationError("Please verify your email address.")
+
+
 class RegisterSerializer(RS):
    invitation = serializers.CharField(
        required=False, allow_null=True, allow_blank=True