def change_email():
"""
This view allows the user to change their their email address.
It will send a token to the new address for the user to confirm they own
it. The email will contain a link to confirm_email()
"""
form = ChangeEmailForm(request.form)
if request.method == 'POST':
if form.validate():
# User validates in the form
# Get an authentication token
token = generate_token({
'action': 'change_email',
'uid': current_user['uid'],
'email': form.new_email.data}
)
# Send a confirmation to the new email address
send_mail(
'Pjuu Account Notification - Confirm Email Change',
[form.new_email.data],
text_body=render_template('emails/email_change.txt',
token=token),
html_body=render_template('emails/email_change.html',
token=token)
)
flash('We\'ve sent you an email, please confirm this',
'success')
else:
flash('Oh no! There are errors in your form', 'error')
return render_template('change_email.html', form=form)
def signup():
"""
"""
form = SignUpForm(request.form)
if request.method == 'POST':
if form.validate():
# User successfully signed up, create an account
uid = create_account(form.username.data, form.email.data,
form.password.data)
# Lets check the account was created
# This would only fail in the event of a race condition
if uid: # pragma: no branch
token = generate_token({'action': 'activate', 'uid': uid})
# Send an e-mail to activate their account
send_mail(
'Pjuu Account Notification - Activation',
[form.email.data],
text_body=render_template('emails/activate.txt',
token=token),
html_body=render_template('emails/activate.html',
token=token)
)
flash('Yay! You\'ve signed up<br/>'
'We\'ve sent an e-mail to {}<br/>'
'Please activate your account'.format(form.email.data),
'success')
return redirect(url_for('auth.signin'))
flash('Oh no! There are errors in your form. Please try again.',
'error')
return render_template('signup.html', form=form)
def forgot():
"""
View to allow the user to recover their password.
This will send an email to the users email address so long as the account
is found. It will not tell the user if the account was located or not.
"""
form = ForgotForm(request.form)
# We always go to /signin after a POST
if request.method == 'POST':
uid = get_uid(form.username.data)
if uid:
# Only send e-mails to user which exist.
token = generate_token({'action': 'reset', 'uid': uid})
send_mail(
'Pjuu Account Notification - Password Reset',
[get_email(uid)],
text_body=render_template('emails/forgot.txt',
token=token),
html_body=render_template('emails/forgot.html',
token=token)
)
flash('If we\'ve found your account we\'ve e-mailed you',
'information')
return redirect(url_for('signin'))
return render_template('forgot.html', form=form)
def forgot():
"""Allow users to get a password reset link"""
form = ForgotForm(request.form)
# We always go to /signin after a POST
if request.method == 'POST':
if form.validate():
user = get_user(get_uid(form.username.data, non_active=True))
if user is not None:
# Only send e-mails to user which exist.
token = generate_token({
'action': 'reset',
'uid': user.get('_id')
})
send_mail(
'Pjuu Account Notification - Password Reset',
[user.get('email')],
text_body=render_template('emails/forgot.txt',
token=token),
html_body=render_template('emails/forgot.html',
token=token)
)
flash('If we\'ve found your account we\'ve e-mailed you',
'information')
return redirect(url_for('auth.signin'))
else:
flash('Please enter a username or e-mail address',
'error')
return render_template('forgot.html', form=form)
def change_email():
"""
"""
form = ChangeEmailForm(request.form)
if request.method == 'POST':
if form.validate():
# User validates in the form
# Get an authentication token
token = generate_token({
'action': 'change_email',
'uid': current_user['_id'],
'email': form.new_email.data
})
# Send a confirmation to the new email address
send_mail('Pjuu Account Notification - Confirm Email Change',
[form.new_email.data],
text_body=render_template('emails/email_change.txt',
token=token),
html_body=render_template('emails/email_change.html',
token=token))
flash('We\'ve sent you an email, please confirm this', 'success')
else:
flash('Oh no! There are errors in your form', 'error')
return render_template('change_email.html', form=form)
def signup():
"""
"""
form = SignUpForm(request.form)
if request.method == 'POST':
if form.validate():
# User successfully signed up, create an account
uid = create_account(form.username.data, form.email.data,
form.password.data)
# Lets check the account was created
# This would only fail in the event of a race condition
if uid: # pragma: no branch
token = generate_token({'action': 'activate', 'uid': uid})
# Send an e-mail to activate their account
send_mail('Pjuu Account Notification - Activation',
[form.email.data],
text_body=render_template('emails/activate.txt',
token=token),
html_body=render_template('emails/activate.html',
token=token))
flash(
'Yay! You\'ve signed up<br/>'
'We\'ve sent an e-mail to {}<br/>'
'Please activate your account'.format(form.email.data),
'success')
return redirect(url_for('auth.signin'))
flash('Oh no! There are errors in your form. Please try again.',
'error')
return render_template('signup.html', form=form)
def forgot():
"""Allow users to get a password reset link"""
form = ForgotForm(request.form)
# We always go to /signin after a POST
if request.method == 'POST':
user = get_user(get_uid(form.username.data, non_active=True))
if user is not None:
# Only send e-mails to user which exist.
token = generate_token({'action': 'reset', 'uid': user.get('_id')})
send_mail('Pjuu Account Notification - Password Reset',
[user.get('email')],
text_body=render_template('emails/forgot.txt',
token=token),
html_body=render_template('emails/forgot.html',
token=token))
flash('If we\'ve found your account we\'ve e-mailed you',
'information')
return redirect(url_for('auth.signin'))
return render_template('forgot.html', form=form)
def signup():
"""
The view a user uses to sign up for Pjuu.
This will generate the activation email and send it to the new user so
long as the form is correct.
"""
form = SignUpForm(request.form)
if request.method == 'POST':
if form.validate():
# User successfully signed up, create an account
uid = create_user(form.username.data, form.email.data,
form.password.data)
# Lets check the account was created
# This would only fail in the event of a race condition
if uid: # pragma: no branch
token = generate_token({'action': 'activate', 'uid': uid})
# Send an e-mail to activate their account
send_mail(
'Pjuu Account Notification - Activation',
[form.email.data],
text_body=render_template('emails/activate.txt',
token=token),
html_body=render_template('emails/activate.html',
token=token)
)
flash('Yay! You\'ve signed up<br/>Please check your e-mails '
'to activate your account', 'success')
return redirect(url_for('signin'))
# This will fire if the form is invalid or if there is a race
# condition with 2 users trying to enter the same username or password
# at exactly the same time.
flash('Oh no! There are errors in your form. Please try again.',
'error')
return render_template('signup.html', form=form)
def test_tokens(self):
"""Generate and check a few tokens, simple.
"""
# Test normal token operations
token1 = generate_token("token1")
self.assertEqual(check_token(token1), "token1")
# Check that getting the token again returns nothing
self.assertIsNone(check_token(token1))
# Create another token just this time check it initially with preserve
token1 = generate_token("token1")
self.assertEqual(check_token(token1, preserve=True), "token1")
# Get it again with no preserve and check we get the correct answer
self.assertEqual(check_token(token1), "token1")
# Try creating a token with some Python objects
token1 = generate_token({"name": "token1"})
self.assertEqual(check_token(token1).get("name"), "token1")
# A token with None stored would not work as the same outcome would
# happen as if there was not a token
token1 = generate_token(None)
# POINTLESS!
self.assertIsNone(check_token(token1))
# Try and break check tokens
# Check a token that I just made up, not a hex UUID
self.assertIsNone(check_token("token1"))
# Create a token and mangle the data inside Redis
token1 = generate_token("token1")
# Not a valid JSON pickle, the dict is invalid
r.set(k.TOKEN.format(token1), "{token: 1}")
self.assertIsNone(check_token(token1))
# That will have raised our ValueError, I don't know how to trigger a
# TypeError from Redis as everything is a string
# Check that preserve on works on tokens
token1 = generate_token("token1")
self.assertEqual(check_token(token1, preserve=True), 'token1')
self.assertEqual(check_token(token1), 'token1')
self.assertIsNone(check_token(token1))
def test_tokens(self):
"""Generate and check a few tokens, simple.
"""
# Test normal token operations
token1 = generate_token("token1")
self.assertEqual(check_token(token1), "token1")
# Check that getting the token again returns nothing
self.assertIsNone(check_token(token1))
# Create another token just this time check it initially with preserve
token1 = generate_token("token1")
self.assertEqual(check_token(token1, preserve=True), "token1")
# Get it again with no preserve and check we get the correct answer
self.assertEqual(check_token(token1), "token1")
# Try creating a token with some Python objects
token1 = generate_token({"name": "token1"})
self.assertEqual(check_token(token1).get("name"), "token1")
# A token with None stored would not work as the same outcome would
# happen as if there was not a token
token1 = generate_token(None)
# POINTLESS!
self.assertIsNone(check_token(token1))
# Try and break check tokens
# Check a token that I just made up, not a hex UUID
self.assertIsNone(check_token("token1"))
# Create a token and mangle the data inside Redis
token1 = generate_token("token1")
# Not a valid JSON pickle, the dict is invalid
r.set(k.TOKEN.format(token1), "{token: 1}")
self.assertIsNone(check_token(token1))
# That will have raised our ValueError, I don't know how to trigger a
# TypeError from Redis as everything is a string
# Check that preserve on works on tokens
token1 = generate_token("token1")
self.assertEqual(check_token(token1, preserve=True), 'token1')
self.assertEqual(check_token(token1), 'token1')
self.assertIsNone(check_token(token1))
