def reverify_email(self): try: email = self.request.db.query(Email).filter( Email.id == self.request.POST['reverify_email_id'], Email.user_id == self.request.user.id, ).one() except NoResultFound: self.request.session.flash( 'Email address not found.', queue='error' ) return self.default_response if email.verified: self.request.session.flash( 'Email is already verified.', queue='error' ) else: send_email_verification_email(self.request, email) self.request.session.flash( f'Verification email for {email.email} resent.', queue='success', ) return self.default_response
def register(request, _form_class=RegistrationForm): if request.authenticated_userid is not None: return HTTPSeeOther(request.route_path('manage.projects')) # Check if the honeypot field has been filled if request.method == "POST" and request.POST.get('confirm_form'): return HTTPSeeOther(request.route_path("index")) if request.flags.enabled('disallow-new-user-registration'): request.session.flash( ("New user registration temporarily disabled. " "See https://pypi.org/help#admin-intervention for details."), queue="error", ) return HTTPSeeOther(request.route_path("index")) user_service = request.find_service(IUserService, context=None) form = _form_class(data=request.POST, user_service=user_service,) if request.method == "POST" and form.validate(): user = user_service.create_user( form.username.data, form.full_name.data, form.new_password.data, ) email = user_service.add_email(user.id, form.email.data, primary=True) send_email_verification_email(request, user, email) return HTTPSeeOther( request.route_path("index"), headers=dict(_login_user(request, user.id)) ) return {"form": form}
def register(request, _form_class=RegistrationForm): if request.authenticated_userid is not None: return HTTPSeeOther(request.route_path("manage.projects")) # Check if the honeypot field has been filled if request.method == "POST" and request.POST.get("confirm_form"): return HTTPSeeOther(request.route_path("index")) if request.flags.enabled("disallow-new-user-registration"): request.session.flash( ("New user registration temporarily disabled. " "See https://pypi.org/help#admin-intervention for details."), queue="error", ) return HTTPSeeOther(request.route_path("index")) user_service = request.find_service(IUserService, context=None) form = _form_class(data=request.POST, user_service=user_service) if request.method == "POST" and form.validate(): user = user_service.create_user(form.username.data, form.full_name.data, form.new_password.data) email = user_service.add_email(user.id, form.email.data, primary=True) send_email_verification_email(request, user, email) return HTTPSeeOther(request.route_path("index"), headers=dict(_login_user(request, user.id))) return {"form": form}
def add_email(self): form = AddEmailForm(self.request.POST, user_service=self.user_service) if form.validate(): email = self.user_service.add_email( self.request.user.id, form.email.data, ) send_email_verification_email( self.request, self.request.user, email, ) self.request.session.flash( f'Email {email.email} added - check your email for ' + 'a verification link', queue='success', ) return self.default_response return { **self.default_response, 'add_email_form': form, }
def reverify_email(self): try: email = self.request.db.query(Email).filter( Email.id == self.request.POST['reverify_email_id'], Email.user_id == self.request.user.id, ).one() except NoResultFound: self.request.session.flash('Email address not found', queue='error') return self.default_response if email.verified: self.request.session.flash('Email is already verified', queue='error') else: send_email_verification_email( self.request, self.request.user, email, ) self.request.session.flash( f'Verification email for {email.email} resent', queue='success', ) return self.default_response
def add_email(self): form = AddEmailForm(self.request.POST, user_service=self.user_service) if form.validate(): email = self.user_service.add_email( self.request.user.id, form.email.data, ) send_email_verification_email( self.request, self.request.user, email, ) self.request.session.flash( f'Email {email.email} added - check your email for ' + 'a verification link', queue='success', ) return self.default_response return { **self.default_response, 'add_email_form': form, }
def reverify_email(self): try: email = (self.request.db.query(Email).filter( Email.id == self.request.POST["reverify_email_id"], Email.user_id == self.request.user.id, ).one()) except NoResultFound: self.request.session.flash("Email address not found", queue="error") return self.default_response if email.verified: self.request.session.flash("Email is already verified", queue="error") else: send_email_verification_email(self.request, (self.request.user, email)) email.user.record_event( tag="account:email:reverify", ip_address=self.request.remote_addr, additional={"email": email.email}, ) self.request.session.flash( f"Verification email for {email.email} resent", queue="success") return self.default_response
def add_email(self): form = AddEmailForm( self.request.POST, user_service=self.user_service, user_id=self.request.user.id, ) if form.validate(): email = self.user_service.add_email(self.request.user.id, form.email.data) self.user_service.record_event( self.request.user.id, tag="account:email:add", ip_address=self.request.remote_addr, additional={"email": email.email}, ) send_email_verification_email(self.request, (self.request.user, email)) self.request.session.flash( f"Email {email.email} added - check your email for " + "a verification link", queue="success", ) return self.default_response return {**self.default_response, "add_email_form": form}
def register(request, _form_class=RegistrationForm): if request.authenticated_userid is not None: return HTTPSeeOther(request.route_path("manage.projects")) # Check if the honeypot field has been filled if request.method == "POST" and request.POST.get("confirm_form"): return HTTPSeeOther(request.route_path("index")) if request.flags.enabled(AdminFlagValue.DISALLOW_NEW_USER_REGISTRATION): request.session.flash( request._( "New user registration temporarily disabled. " "See https://pypi.org/help#admin-intervention for details."), queue="error", ) return HTTPSeeOther(request.route_path("index")) user_service = request.find_service(IUserService, context=None) breach_service = request.find_service(IPasswordBreachedService, context=None) form = _form_class(data=request.POST, user_service=user_service, breach_service=breach_service) if request.method == "POST" and form.validate(): user = user_service.create_user( form.username.data, form.full_name.data, form.new_password.data, ) email = user_service.add_email(user.id, form.email.data, request.remote_addr, primary=True) user_service.record_event( user.id, tag="account:create", ip_address=request.remote_addr, additional={"email": form.email.data}, ) send_email_verification_email(request, (user, email)) return HTTPSeeOther(request.route_path("index"), headers=dict(_login_user(request, user.id))) return {"form": form}
def add_email(self): form = AddEmailForm(self.request.POST, user_service=self.user_service) if form.validate(): email = self.user_service.add_email(self.request.user.id, form.email.data) send_email_verification_email(self.request, (self.request.user, email)) self.request.session.flash( f"Email {email.email} added - check your email for " + "a verification link", queue="success", ) return self.default_response return {**self.default_response, "add_email_form": form}
def add_email(self): form = AddEmailForm(self.request.POST, user_service=self.user_service) if form.validate(): email = self.user_service.add_email(self.request.user.id, form.email.data) send_email_verification_email(self.request, self.request.user, email) self.request.session.flash( f"Email {email.email} added - check your email for " + "a verification link", queue="success", ) return self.default_response return {**self.default_response, "add_email_form": form}
def test_email_verification_email( self, pyramid_request, pyramid_config, token_service, monkeypatch): stub_email = pretend.stub( id='id', email='email', ) pyramid_request.method = 'POST' token_service.dumps = pretend.call_recorder(lambda a: 'TOKEN') pyramid_request.find_service = pretend.call_recorder( lambda *a, **kw: token_service ) subject_renderer = pyramid_config.testing_add_renderer( 'email/verify-email.subject.txt' ) subject_renderer.string_response = 'Email Subject' body_renderer = pyramid_config.testing_add_renderer( 'email/verify-email.body.txt' ) body_renderer.string_response = 'Email Body' send_email = pretend.stub( delay=pretend.call_recorder(lambda *args, **kwargs: None) ) pyramid_request.task = pretend.call_recorder( lambda *args, **kwargs: send_email ) monkeypatch.setattr(email, 'send_email', send_email) result = email.send_email_verification_email( pyramid_request, email=stub_email, ) assert result == { 'token': 'TOKEN', 'email_address': stub_email.email, 'n_hours': token_service.max_age // 60 // 60, } subject_renderer.assert_() body_renderer.assert_(token='TOKEN', email_address=stub_email.email) assert token_service.dumps.calls == [ pretend.call({ 'action': 'email-verify', 'email.id': str(stub_email.id), }), ] assert pyramid_request.find_service.calls == [ pretend.call(ITokenService, name='email'), ] assert pyramid_request.task.calls == [ pretend.call(send_email), ] assert send_email.delay.calls == [ pretend.call('Email Body', [stub_email.email], 'Email Subject'), ]
def register(request, _form_class=RegistrationForm): if request.authenticated_userid is not None: return HTTPSeeOther(request.route_path('manage.projects')) if AdminFlag.is_enabled(request.db, 'disallow-new-user-registration'): request.session.flash( ("New User Registration Temporarily Disabled " "See https://pypi.org/help#admin-intervention for details"), queue="error", ) return HTTPSeeOther(request.route_path("index")) user_service = request.find_service(IUserService, context=None) recaptcha_service = request.find_service(name="recaptcha") request.find_service(name="csp").merge(recaptcha_service.csp_policy) # the form contains an auto-generated field from recaptcha with # hyphens in it. make it play nice with wtforms. post_body = { key.replace("-", "_"): value for key, value in request.POST.items() } form = _form_class( data=post_body, user_service=user_service, recaptcha_service=recaptcha_service ) if request.method == "POST" and form.validate(): user = user_service.create_user( form.username.data, form.full_name.data, form.new_password.data, ) email = user_service.add_email(user.id, form.email.data, primary=True) send_email_verification_email(request, email) return HTTPSeeOther( request.route_path("index"), headers=dict(_login_user(request, user.id)) ) return {"form": form}
def register(request, _form_class=RegistrationForm): if request.authenticated_userid is not None: return HTTPSeeOther(request.route_path('manage.projects')) if AdminFlag.is_enabled(request.db, 'disallow-new-user-registration'): request.session.flash( ("New User Registration Temporarily Disabled " "See https://pypi.org/help#admin-intervention for details"), queue="error", ) return HTTPSeeOther(request.route_path("index")) user_service = request.find_service(IUserService, context=None) recaptcha_service = request.find_service(name="recaptcha") request.find_service(name="csp").merge(recaptcha_service.csp_policy) # the form contains an auto-generated field from recaptcha with # hyphens in it. make it play nice with wtforms. post_body = { key.replace("-", "_"): value for key, value in request.POST.items() } form = _form_class( data=post_body, user_service=user_service, recaptcha_service=recaptcha_service ) if request.method == "POST" and form.validate(): user = user_service.create_user( form.username.data, form.full_name.data, form.new_password.data, ) email = user_service.add_email(user.id, form.email.data, primary=True) send_email_verification_email(request, email) return HTTPSeeOther( request.route_path("index"), headers=dict(_login_user(request, user.id)) ) return {"form": form}
def test_email_verification_email(self, pyramid_request, pyramid_config, token_service, monkeypatch): stub_email = pretend.stub(id="id", email="*****@*****.**") pyramid_request.method = "POST" token_service.dumps = pretend.call_recorder(lambda a: "TOKEN") pyramid_request.find_service = pretend.call_recorder( lambda *a, **kw: token_service) subject_renderer = pyramid_config.testing_add_renderer( "email/verify-email.subject.txt") subject_renderer.string_response = "Email Subject" body_renderer = pyramid_config.testing_add_renderer( "email/verify-email.body.txt") body_renderer.string_response = "Email Body" send_email = pretend.stub( delay=pretend.call_recorder(lambda *args, **kwargs: None)) pyramid_request.task = pretend.call_recorder( lambda *args, **kwargs: send_email) monkeypatch.setattr(email, "send_email", send_email) result = email.send_email_verification_email( pyramid_request, pretend.stub(username=None, name=None, email="*****@*****.**"), email=stub_email, ) assert result == { "token": "TOKEN", "email_address": stub_email.email, "n_hours": token_service.max_age // 60 // 60, } subject_renderer.assert_() body_renderer.assert_(token="TOKEN", email_address=stub_email.email) assert token_service.dumps.calls == [ pretend.call({ "action": "email-verify", "email.id": str(stub_email.id) }) ] assert pyramid_request.find_service.calls == [ pretend.call(ITokenService, name="email") ] assert pyramid_request.task.calls == [pretend.call(send_email)] assert send_email.delay.calls == [ pretend.call("Email Subject", "Email Body", recipient=stub_email.email) ]
def reverify_email(self): try: email = (self.request.db.query(Email).filter( Email.id == self.request.POST["reverify_email_id"], Email.user_id == self.request.user.id, ).one()) except NoResultFound: self.request.session.flash("Email address not found", queue="error") return self.default_response if email.verified: self.request.session.flash("Email is already verified", queue="error") else: send_email_verification_email(self.request, self.request.user, email) self.request.session.flash( f"Verification email for {email.email} resent", queue="success") return self.default_response
def reverify_email(self): try: email = ( self.request.db.query(Email) .filter( Email.id == self.request.POST["reverify_email_id"], Email.user_id == self.request.user.id, ) .one() ) except NoResultFound: self.request.session.flash("Email address not found", queue="error") return self.default_response if email.verified: self.request.session.flash("Email is already verified", queue="error") else: send_email_verification_email(self.request, (self.request.user, email)) self.request.session.flash( f"Verification email for {email.email} resent", queue="success" ) return self.default_response
def test_email_verification_email( self, pyramid_request, pyramid_config, token_service, monkeypatch): stub_email = pretend.stub( id='id', email='email', ) pyramid_request.method = 'POST' token_service.dumps = pretend.call_recorder(lambda a: 'TOKEN') pyramid_request.find_service = pretend.call_recorder( lambda *a, **kw: token_service ) subject_renderer = pyramid_config.testing_add_renderer( 'email/verify-email.subject.txt' ) subject_renderer.string_response = 'Email Subject' body_renderer = pyramid_config.testing_add_renderer( 'email/verify-email.body.txt' ) body_renderer.string_response = 'Email Body' send_email = pretend.stub( delay=pretend.call_recorder(lambda *args, **kwargs: None) ) pyramid_request.task = pretend.call_recorder( lambda *args, **kwargs: send_email ) monkeypatch.setattr(email, 'send_email', send_email) result = email.send_email_verification_email( pyramid_request, email=stub_email, ) assert result == { 'token': 'TOKEN', 'email_address': stub_email.email, 'n_hours': token_service.max_age // 60 // 60, } subject_renderer.assert_() body_renderer.assert_(token='TOKEN', email_address=stub_email.email) assert token_service.dumps.calls == [ pretend.call({ 'action': 'email-verify', 'email.id': str(stub_email.id), }), ] assert pyramid_request.find_service.calls == [ pretend.call(ITokenService, name='email'), ] assert pyramid_request.task.calls == [ pretend.call(send_email), ] assert send_email.delay.calls == [ pretend.call( 'Email Body', 'Email Subject', recipients=[stub_email.email], ), ]
def test_email_verification_email( self, pyramid_request, pyramid_config, token_service, monkeypatch ): stub_email = pretend.stub(id="id", email="*****@*****.**", verified=False) pyramid_request.method = "POST" token_service.dumps = pretend.call_recorder(lambda a: "TOKEN") pyramid_request.find_service = pretend.call_recorder( lambda *a, **kw: token_service ) subject_renderer = pyramid_config.testing_add_renderer( "email/verify-email/subject.txt" ) subject_renderer.string_response = "Email Subject" body_renderer = pyramid_config.testing_add_renderer( "email/verify-email/body.txt" ) body_renderer.string_response = "Email Body" html_renderer = pyramid_config.testing_add_renderer( "email/verify-email/body.html" ) html_renderer.string_response = "Email HTML Body" send_email = pretend.stub( delay=pretend.call_recorder(lambda *args, **kwargs: None) ) pyramid_request.task = pretend.call_recorder(lambda *args, **kwargs: send_email) monkeypatch.setattr(email, "send_email", send_email) result = email.send_email_verification_email( pyramid_request, ( pretend.stub(username=None, name=None, email="*****@*****.**"), stub_email, ), ) assert result == { "token": "TOKEN", "email_address": stub_email.email, "n_hours": token_service.max_age // 60 // 60, } subject_renderer.assert_() body_renderer.assert_(token="TOKEN", email_address=stub_email.email) html_renderer.assert_(token="TOKEN", email_address=stub_email.email) assert token_service.dumps.calls == [ pretend.call({"action": "email-verify", "email.id": str(stub_email.id)}) ] assert pyramid_request.find_service.calls == [ pretend.call(ITokenService, name="email") ] assert pyramid_request.task.calls == [pretend.call(send_email)] assert send_email.delay.calls == [ pretend.call( stub_email.email, attr.asdict( EmailMessage( subject="Email Subject", body_text="Email Body", body_html=( "<html>\n<head></head>\n" "<body><p>Email HTML Body</p></body>\n</html>\n" ), ) ), ) ]
def test_email_verification_email(self, pyramid_request, pyramid_config, token_service, monkeypatch): stub_email = pretend.stub(id="id", email="*****@*****.**", verified=False) pyramid_request.method = "POST" token_service.dumps = pretend.call_recorder(lambda a: "TOKEN") pyramid_request.find_service = pretend.call_recorder( lambda *a, **kw: token_service) subject_renderer = pyramid_config.testing_add_renderer( "email/verify-email/subject.txt") subject_renderer.string_response = "Email Subject" body_renderer = pyramid_config.testing_add_renderer( "email/verify-email/body.txt") body_renderer.string_response = "Email Body" html_renderer = pyramid_config.testing_add_renderer( "email/verify-email/body.html") html_renderer.string_response = "Email HTML Body" send_email = pretend.stub( delay=pretend.call_recorder(lambda *args, **kwargs: None)) pyramid_request.task = pretend.call_recorder( lambda *args, **kwargs: send_email) monkeypatch.setattr(email, "send_email", send_email) result = email.send_email_verification_email( pyramid_request, ( pretend.stub(username=None, name=None, email="*****@*****.**"), stub_email, ), ) assert result == { "token": "TOKEN", "email_address": stub_email.email, "n_hours": token_service.max_age // 60 // 60, } subject_renderer.assert_() body_renderer.assert_(token="TOKEN", email_address=stub_email.email) html_renderer.assert_(token="TOKEN", email_address=stub_email.email) assert token_service.dumps.calls == [ pretend.call({ "action": "email-verify", "email.id": str(stub_email.id) }) ] assert pyramid_request.find_service.calls == [ pretend.call(ITokenService, name="email") ] assert pyramid_request.task.calls == [pretend.call(send_email)] assert send_email.delay.calls == [ pretend.call( stub_email.email, attr.asdict( EmailMessage( subject="Email Subject", body_text="Email Body", body_html=( "<html>\n<head></head>\n" "<body><p>Email HTML Body</p></body>\n</html>\n"), )), ) ]