user verification email required for login

4 files changed, 77 insertions, 7 deletions

diff --git a/users/templates/verification_email.html b/users/templates/verification_email.html
new file mode 100644
index 00000000..9a96e31b
--- /dev/null
+++ b/users/templates/verification_email.html
@@ -0,0 +1,10 @@
+{% autoescape off %}
+Hi {{ user }},
+
+Thanks for registering an account on {{ site_name }}. To verify your email address, please click the link below.</p>
+{{ protocol }}{{ domain }}{% url 'users:verifyemail' uidb64=uid token=token %}
+
+Thanks,
+{{ site_name }} Team
+{% endautoescape %}
+
diff --git a/users/tokens.py b/users/tokens.py
new file mode 100644
index 00000000..7bc5bc90
--- /dev/null
+++ b/users/tokens.py
@@ -0,0 +1,11 @@
+from django.contrib.auth.tokens import PasswordResetTokenGenerator
+from six import text_type
+
+class AccountActivationTokenGenerator(PasswordResetTokenGenerator):
+    def _make_hash_value(self, user, timestamp):
+        return (
+            text_type(user.pk) + text_type(timestamp) +
+            text_type(user.is_active)
+        )
+
+account_activation_token = AccountActivationTokenGenerator()
diff --git a/users/urls.py b/users/urls.py
index 24230426..b7cd5f82 100644
--- a/users/urls.py
+++ b/users/urls.py
@@ -9,6 +9,8 @@ urlpatterns = [
     path('logout', views.logout_user, name='logout'),
     path('update', views.update_user, name='update'),
     path('changepassword', views.change_password, name='changepassword'),
+    path('sendverificationemail', views.send_verification_email, name='sendverificationemail'),
+    path('verifyemail/<uidb64>/<token>', views.verify_email, name='verifyemail'),
 ]
 
 # Configure Admin Site
diff --git a/users/views.py b/users/views.py
index 175d68e6..f4405a38 100644
--- a/users/views.py
+++ b/users/views.py
@@ -4,7 +4,15 @@ from django.contrib.auth import authenticate, login, logout, update_session_auth
 from django.contrib import messages
 from .models import UserProfile
 from django.contrib.auth.models import User
-
+from django.core.mail import send_mail
+from django.conf import settings
+from django.template.loader import render_to_string
+from django.utils.html import strip_tags
+from django.utils.encoding import force_bytes
+from django.utils.http import urlsafe_base64_encode
+from django.contrib.sites.shortcuts import get_current_site
+from .tokens import account_activation_token
+from django.utils.http import urlsafe_base64_decode
 
 # Create your views here.
 def login_user(request):
@@ -14,17 +22,21 @@ def login_user(request):
     password = request.POST['password']
     print (username, password)
     if username == '' or password == '':
-        messages.error(request, 'Please fill in all fields')
+        messages.error(request, 'Please fill in all fields.')
         return HttpResponseRedirect(next + '?username=' + username)
     else: 
+        # check if email is verified
         user = authenticate(request, username=username, password=password)
         if user is not None:
-            print('here3')
-            login(request, user)
-            return HttpResponseRedirect(next)
+            email_verified = UserProfile.objects.get(user=user.pk).email_verified
+            if email_verified:
+                login(request, user)
+                return HttpResponseRedirect(next)
+            else:
+                messages.error(request, 'EVERR')
+                return HttpResponseRedirect(next + '?username=' + username)
         else:
-            messages.error(request, 'Invalid username or password')
-            print('here4')
+            messages.error(request, 'Invalid username or password.')
             return HttpResponseRedirect(next + '?username=' + username)
 
 def logout_user(request):
@@ -90,3 +102,38 @@ def change_password(request):
         messages.error(request, 'Unable to change password! Please try again later.')
         return redirect('/')
 
+
+def send_verification_email(request):
+    username = request.POST['username']
+    user = User.objects.get(username=username)
+    
+
+    subject = 'Verify your email address'
+    message = render_to_string('verification_email.html', {
+        'user': user.username if user.first_name is None else user.first_name,
+        'site_name': 'That Computer Scientist',
+        'uid': urlsafe_base64_encode(force_bytes(user.pk)),
+        'token': account_activation_token.make_token(user),
+        'protocol': 'https://' if request.is_secure() else 'http://',
+        'domain': get_current_site(request).domain,
+    })
+    message = strip_tags(message)
+    send_mail(subject, message, 'That Computer Scientist <' + settings.EMAIL_HOST_USER + '>', [user.email])
+    messages.success(request, 'Verification email was sent! Please check your email.')
+    return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
+
+def verify_email(request, uidb64, token):
+    try:
+        uid = urlsafe_base64_decode(uidb64).decode()
+        user = User.objects.get(pk=uid)
+        user_profile = UserProfile.objects.get(user=user.pk)
+    except (TypeError, ValueError, OverflowError, User.DoesNotExist):
+        user = None
+    if user is not None and account_activation_token.check_token(user, token):
+        user_profile.email_verified = True
+        user_profile.save()
+        messages.success(request, 'Your email has been verified! You can now login.')
+        return redirect('/')
+    else:
+        messages.error(request, 'The verification link is invalid!')
+        return redirect('/')
\ No newline at end of file