working on confirmation

app.py

@@ -10,6 +10,8 @@ import auth
 
 app = Flask(__name__)
 app.config['SECRET_KEY'] = '\xacI4\x077\x16?Q\xb4")\xdb\x066\x95\x11i\x0b\x0c&\xb6rP\''
+app.config['SECURITY_PASSWORD_SALT'] = '>\xe3\x9bz\xfd\xbc[\xe22\xcfK\xca\x88!\xd8\xd5,\xd0\x95\x0c\x02\xad\xfa\x9d'
+
 app.teardown_appcontext(db.close_db)
 app.cli.add_command(db.init_db_command)
 app.register_blueprint(auth.bp)

auth.py

@@ -1,11 +1,15 @@
 import functools
+from django import db
 
 from flask import (
     Blueprint, flash, g, redirect, render_template, request, session, url_for
 )
 from werkzeug.security import check_password_hash, generate_password_hash
+from itsdangerous import URLSafeTimedSerializer
 
 from db import get_db
+from app import app
+
 
 bp = Blueprint('auth', __name__, url_prefix='/auth')
 
@@ -55,7 +59,7 @@ def login():
             'SELECT * FROM user WHERE email = ?', (email,)
         ).fetchone()
 
-        if email is None:
+        if user is None:
             error = 'Email existiert nicht.'
         elif not check_password_hash(user['password'], password):
             error = 'Incorrect password.'
@@ -93,7 +97,50 @@ def login_required(view): # use this as decorator
     def wrapped_view(**kwargs):
         if g.user is None:
             return redirect(url_for('auth.login'))
+        elif not g.user["confirmed"]:
+            flash("Benutzer noch nicht freigeschaltet.")
+            return redirect(url_for('auth.login'))
 
         return view(**kwargs)
 
-    return wrapped_view
+    return wrapped_view
+
+
+def generate_confirmation_token(email):
+    serializer = URLSafeTimedSerializer(app.config['SECRET_KEY'])
+    return serializer.dumps(email, salt=app.config['SECURITY_PASSWORD_SALT'])
+
+
+def confirm_token(token, expiration=3600):
+    serializer = URLSafeTimedSerializer(app.config['SECRET_KEY'])
+    try:
+        email = serializer.loads(
+            token,
+            salt=app.config['SECURITY_PASSWORD_SALT'],
+            # max_age=expiration
+        )
+    except:
+        return False
+    return email
+
+
+@bp.route('/confirm/<token>')
+@login_required
+def confirm_email(token):
+    try:
+        email = confirm_token(token)
+    except:
+        flash('The confirmation link is invalid or has expired.', 'danger')
+        
+    if g.user["confirmed"]:
+        flash('Account already confirmed. Please login.', 'success')
+    else:
+        db = get_db()
+        db.execute(
+            "UPDATE user SET confirmed = '1' where email = ?",
+            (email,)
+        )
+        db.commit()
+
+        flash('You have confirmed your account. Thanks!', 'success')
+    return redirect(url_for('main.home'))

email.py

@@ -0,0 +1,13 @@
+from flask.ext.mail import Message
+
+from app import app, mail
+
+
+def send_email(to, subject, template):
+    msg = Message(
+        subject,
+        recipients=[to],
+        html=template,
+        sender=app.config['MAIL_DEFAULT_SENDER']
+    )
+    mail.send(msg)

schema.sql

@@ -4,5 +4,6 @@ CREATE TABLE user (
   id INTEGER PRIMARY KEY AUTOINCREMENT,
   username TEXT NOT NULL,
   email TEXT UNIQUE NOT NULL,
-  password TEXT NOT NULL
+  password TEXT NOT NULL,
+  confirmed BOOLEAN DEFAULT FALSE
 );

templates/auth/activate.html

@@ -0,0 +1,4 @@
+<p>Welcome! Thanks for signing up. Please follow this link to activate your account:</p>
+<p><a href="{{ confirm_url }}">{{ confirm_url }}</a></p>
+<br>
+<p>Cheers!</p>

templates/auth/register.html

@@ -6,9 +6,9 @@
 
 {% block content %}
   <form method="post">
-    <label for="username">Username</label>
+    <label for="username">Name</label>
     <input name="username" id="username" required>
-    <label for="email">email</label>
+    <label for="email">Email</label>
     <input type="email" name="email" id="email" required>
     <label for="password">Password</label>
     <input type="password" name="password" id="password" required>