def post(self):
"""
Delete the current user's account
use POST instead of GET to enable csrf validation
"""
u = user_manipulator.first(email=current_user.email)
logout_user()
user_manipulator.delete(u)
return {"message": "success"}, 200
def post(self):
"""
Delete the current user's account
use POST instead of GET to enable csrf validation
"""
u = user_manipulator.first(email=current_user.email)
logout_user()
user_manipulator.delete(u)
return {"message": "success"}, 200
def get(self, token):
try:
email = current_app.ts.loads(token,
max_age=86400,
salt=VerificationEmail.salt)
except:
current_app.logger.warning(
"{0} verification token not validated".format(token))
return {"error": "unknown verification token"}, 404
# This logic is necessary to de-activate accounts via the change-email
# workflow. This strong coupling should be deprecated by using signals.
previous_uid = None
if " " in email:
email, previous_uid = email.split()
u = user_manipulator.first(email=email)
if u is None:
return {
"error": "no user associated "
"with that verification token"
}, 404
if u.confirmed_at is not None:
return {
"error": "this user and email "
"has already been validated"
}, 400
if previous_uid:
# De-activate previous accounts by deleting the account associated
# with the new email address, then update the old account with the
# new email address. Again, this should be deprecated with signals.
user_manipulator.delete(u)
u = user_manipulator.first(id=previous_uid)
user_manipulator.update(u,
email=email,
confirmed_at=datetime.datetime.now())
else:
user_manipulator.update(u, confirmed_at=datetime.datetime.now())
login_user(u)
return {"message": "success", "email": email}
def get(self, token):
try:
email = current_app.ts.loads(token,
max_age=86400,
salt=VerificationEmail.salt)
except:
current_app.logger.warning(
"{0} verification token not validated".format(token)
)
return {"error": "unknown verification token"}, 404
# This logic is necessary to de-activate accounts via the change-email
# workflow. This strong coupling should be deprecated by using signals.
previous_uid = None
if " " in email:
email, previous_uid = email.split()
u = user_manipulator.first(email=email)
if u is None:
return {"error": "no user associated "
"with that verification token"}, 404
if u.confirmed_at is not None:
return {"error": "this user and email "
"has already been validated"}, 400
if previous_uid:
# De-activate previous accounts by deleting the account associated
# with the new email address, then update the old account with the
# new email address. Again, this should be deprecated with signals.
user_manipulator.delete(u)
u = user_manipulator.first(id=previous_uid)
user_manipulator.update(
u,
email=email,
confirmed_at=datetime.datetime.now()
)
else:
user_manipulator.update(u, confirmed_at=datetime.datetime.now())
login_user(u)
return {"message": "success", "email": email}
def test_users_crud_operations(self):
"""
perform and test create, read, update, and delete patterns on user
models using the `user_manipulator` service
"""
# .new() should not save the User to the database
joe = user_manipulator.new(email='joe')
self.assertIsNone(user_manipulator.first(email='joe'))
# .save() should save the User to the database
user_manipulator.save(joe)
u = user_manipulator.first(email='joe')
self.assertIsNotNone(u)
self.assertEqual(u.email, 'joe')
# .create() should create immediately
elias = user_manipulator.create(email='elias')
u = user_manipulator.first(email='elias')
self.assertIsNotNone(u)
self.assertEqual(elias, u)
# .update() should update immediately
user_manipulator.update(elias, confirmed_at=datetime(2000, 1, 1))
u = user_manipulator.first(email='elias')
self.assertEqual(u.confirmed_at, datetime(2000, 1, 1))
self.assertEqual(elias, u)
# .delete() should delete immediately
user_manipulator.delete(elias)
u = user_manipulator.first(email='elias')
self.assertIsNone(u)
# even though this object was deleted in the db, we still should
# have a reference to the python object
self.assertIsNotNone(elias)
self.assertEqual(elias.confirmed_at, datetime(2000, 1, 1))
def test_users_crud_operations(self):
"""
perform and test create, read, update, and delete patterns on user
models using the `user_manipulator` service
"""
# .new() should not save the User to the database
joe = user_manipulator.new(email='joe')
self.assertIsNone(user_manipulator.first(email='joe'))
# .save() should save the User to the database
user_manipulator.save(joe)
u = user_manipulator.first(email='joe')
self.assertIsNotNone(u)
self.assertEqual(u.email, 'joe')
# .create() should create immediately
elias = user_manipulator.create(email='elias')
u = user_manipulator.first(email='elias')
self.assertIsNotNone(u)
self.assertEqual(elias, u)
# .update() should update immediately
user_manipulator.update(elias, confirmed_at=datetime(2000, 1, 1))
u = user_manipulator.first(email='elias')
self.assertEqual(u.confirmed_at, datetime(2000, 1, 1))
self.assertEqual(elias, u)
# .delete() should delete immediately
user_manipulator.delete(elias)
u = user_manipulator.first(email='elias')
self.assertIsNone(u)
# even though this object was deleted in the db, we still should
# have a reference to the python object
self.assertIsNotNone(elias)
self.assertEqual(elias.confirmed_at, datetime(2000, 1, 1))
