Email otp

CHANGES.rst

@@ -4,6 +4,8 @@ Changelog
 2.7.1 (unreleased)
 ------------------
 
+- Add functionality to check the user iserted email by an OTP.
+  [folix-01]
 - Breaking change: clear data method changed from GET to DELETE
   [mamico]
 - Fix: with multiple blocks on the same page, all data is deleted. 

README.rst

@@ -96,11 +96,38 @@ Reset the store (only for users that have **Modify portal content** permission):
 
 > curl -i -X DELETE http://localhost:8080/Plone/my-form/@form-data-clear --data-raw '{block_id: bbb}' -H 'Accept: application/json' -H 'Content-Type: application/json' --user admin:admin
 
-Optional paramaters could be passed in the payload: 
+Optional paramaters could be passed in the payload:
 
 * `block_id` to delete only data related to a specific block on the page, otherwise data from all form blocks on the page will be deleted
 * `expired` a boolean that, if `true`, removes only records older than the value of days specified in the block configuration (the above `block_id` parameter is required)
 
+@validate-email-message
+-----------------------
+
+Send an message to the passed email wit OTP code to verify the address.
+Returns a HTTP 204 in case of success or HTTP 400 in case if the email is badly composed.::
+
+> curl -i -X POST http://localhost:8080/Plone/my-form/@validate-email-message --data-raw '{'email': "email@email.com"}' -H 'Accept: application/json' -H 'Content-Type: application/json'
+
+paramaters:
+
+* `email` email address.
+* `uid` uid related to email field
+
+@validate-email-token
+---------------------
+
+Supposed to validate the OTP code recieved by user via email.
+Returns HTTP 204 in case of success or HTTP 400 in case of failure ::
+
+> curl -i -X POST http://localhost:8080/Plone/my-form/@validate-email-token --data-raw '{'email': "email@email.com", "token": "blahblahblah"}' -H 'Accept: application/json' -H 'Content-Type: application/json'
+
+paramaters:
+
+* `email` email address
+* `uid` uid used to generate the OTP
+* `token` OTP code
+
 Form actions
 ============
 
@@ -276,7 +303,7 @@ There is a script that implements data cleansing (i.e. for GDPR purpose)::
     --help          Show this message and exit.
 
 
-The form block as an integer field `remove_data_after_days`, the retention days can be defined on a single block, 
+The form block as an integer field `remove_data_after_days`, the retention days can be defined on a single block,
 If the value is lower or equal to `0` there is no data cleaning for the specific form.
 
 Examples

base.cfg

@@ -33,6 +33,7 @@ eggs =
     Plone
     Pillow
     collective.volto.formsupport [test]
+    plone.keyring
 
 zcml-additional +=
   <configure xmlns="http://namespaces.zope.org/zope"

setup.py

@@ -56,6 +56,7 @@
         "plone.app.dexterity",
         "souper.plone",
         "click",
+        "pyotp",
     ],
     extras_require={
         "hcaptcha": [

src/collective/volto/formsupport/browser/configure.zcml

@@ -34,4 +34,13 @@
       template="send_mail_template_table.pt"
       permission="zope2.View"
       />
+  <browser:page
+    name="email-confirm-view"
+    for="Products.CMFPlone.interfaces.IPloneSiteRoot"
+    class=".email_confirm_view.EmailConfirmView"
+    template="templates/email_confirm_view.pt"
+    permission="zope2.View"
+    layer="collective.volto.formsupport.interfaces.ICollectiveVoltoFormsupportLayer"
+    />
+
 </configure>

src/collective/volto/formsupport/browser/email_confirm_view.py

@@ -0,0 +1,16 @@
+# -*- coding: utf-8 -*-
+from plone import api
+from Products.Five.browser import BrowserView
+
+
+class EmailConfirmView(BrowserView):
+    def __call__(self, token="alksdjfakls", *args, **kwargs):
+        self.token = token
+
+        return super().__call__(*args, **kwargs)
+
+    def get_token(self):
+        return self.token
+
+    def get_portal(self):
+        return api.portal.get()