Opened 12 years ago

Last modified 12 years ago

#43 closed defect (FIXED)

More useful errors for users who have registered but not verified their email

Reported by: Christopher Allan Webber Owned by:
Priority: minor Milestone: 0.0.2
Component: Keywords:
Cc: Parent Tickets:


We should somehow warn users that they need to verify their email
before they can do anything.

We could do one of a few things:

-  When we redirect to login on pages that require an active user,
   include a GET parameter on the redirect to /auth/login/ like
   /auth/login/?needs\_verify\_email=true and display a warning that
   the reason that the user wasn't able to do something was because
   they need to verify their email
-  Put some text like "not verified" after the user's login name on
   each page?

In addition we should provide a means to resend the verification
email if it borked the first time, and maybe link to that.

Change History (8)

comment:1 by Aaron Williamson, 12 years ago

Django has a "messaging framework" that makes it easy to queue user
messages for later deliver. A similar system would be very useful
here: you'd stick the message "You have to verify your account to
view /foo/bar/" into the user's message queue in the view at
/foo/bar/ and then you'd pop the message off the stack at the
/auth/login/ view and display it to the user. (Or the base template
would display all unreviewed messages at every opportunity.)

I don't know if there's a general purpose user messaging framework
similar to Django's. One direction for exploration is RabbitMQ. At
its most basic, RabbitMQ can behave like a simple
`message delivery system <>`_.
It's actually much much more than a place for storing user
messages, though -- it's a robust task-queueing system. In that
sense it's a very heavyweight solution to the problem. But its
other uses may make it a valuable piece of infrastructure -- for
example, it could be used to queue media-conversion tasks to pass
to celeryd,
`like so <>`_.

Admittedly, I've never worked with RabbitMQ at all, so I may be
missing something that makes this a terrible suggestion.

comment:2 by Christopher Allan Webber, 12 years ago

Okay, so yes, a messaging system is sounding like a better and
better idea.

comment:3 by Aleksandar Micovic, 12 years ago

Okay, so there were about 3 of us on IRC who liked the idea of a
messaging system, but I didn't really get a feeling that there was
a concrete way that it was going to be tackled -- only that
everyone was on the same boat. :) In the meantime, until we get a
proper messaging system I've updated the require\_active\_login
decorator to redirect to an appropriate auth page. Here is the
commit from my branch:

[\ :sub:`aleksandarmicovic/mediagoblin/aleks-mediagoblin/commit/28afb47ca82b0857aad546ef4cbf869de1ca95a5](`\ aleksandarmicovic/mediagoblin/aleks-mediagoblin/commit/28afb47ca82b0857aad546ef4cbf869de1ca95a5)

We should also have an option to resend the verification email if
it hasn't arrived for some strange reason. I can see this getting a
little cumbersome as a message if we add this option, though (and
in general where a user might want to act upon a message). We'd
also have to have the message persist until the user activates
their email. To that end, maybe it isn't such a bad idea having a
dedicated page for this? We could even have a cute goblin looking
at a clock, tapping his foot, growing impatient waiting for the
email to arrive. :)

comment:4 by Christopher Allan Webber, 12 years ago

Thanks Aleks; this looks like it's going in the right direction for
now. I guess a couple of things:

-  I think you're right about needing the verification email
   re-sending thing, and that that's a requirement before I can merge
   this even :)
-  The switch you've done here creates a separate problem: if
   there's no user logged in whatsoever, it tells them they need to
   verify their email!

Maybe here's what we should do instead:


            if request.user and request.user.get('status') == u'needs_email_verification':
                return exc.HTTPFound(
            elif not request.user or request.user.get('status') != u'active':
                return exc.HTTPFound(
                    location="%s?next=%s" % (

comment:5 by Aleksandar Micovic, 12 years ago

Argh, you're right. Should have caught that case. I've fixed it

[\ :sub:`aleksandarmicovic/mediagoblin/aleks-mediagoblin/commit/bcec749b52c287a6d361fd06bfbd833e03e5b478](`\ aleksandarmicovic/mediagoblin/aleks-mediagoblin/commit/bcec749b52c287a6d361fd06bfbd833e03e5b478)

As for the resending of emails, since it's bad practice to keep
resending the same key over and over, I ended up actually adding a
new method to the User model to generate a new verification key.
You can see all of this here:

[\ :sub:`aleksandarmicovic/mediagoblin/aleks-mediagoblin/commit/b93a6a229e1c7a7eef76e8322104912378f79a96](`\ aleksandarmicovic/mediagoblin/aleks-mediagoblin/commit/b93a6a229e1c7a7eef76e8322104912378f79a96)

comment:6 by Christopher Allan Webber, 12 years ago

Status: NewClosed
Great... I merged this, made a couple of adjustments (gave a
separate message than the "register successful" page) and pushed
into master. Thanks aleksm!

comment:7 by Elrond, 12 years ago

Milestone: 0.0.2
Looks like this went into 0.0.2

comment:8 by Will Kahn-Greene, 12 years ago

The original url for this bug was .

Note: See TracTickets for help on using tickets.