Ejemplo n.º 1
0
def confirm_user_email(token):
    result = decode_public_private_token(token)
    if not result:
        raise DataModelException("Invalid email confirmation code")

    try:
        code = EmailConfirmation.get(
            EmailConfirmation.code == result.public_code,
            EmailConfirmation.email_confirm == True)
    except EmailConfirmation.DoesNotExist:
        raise DataModelException("Invalid email confirmation code")

    if result.private_token and not code.verification_code.matches(
            result.private_token):
        raise DataModelException("Invalid email confirmation code")

    user = code.user
    user.verified = True

    old_email = None
    new_email = code.new_email
    if new_email and new_email != old_email:
        if find_user_by_email(new_email):
            raise DataModelException("E-mail address already used")

        old_email = user.email
        user.email = new_email

    with db_transaction():
        user.save()
        code.delete_instance()

    return user, new_email, old_email
Ejemplo n.º 2
0
def validate_reset_code(token):
    result = decode_public_private_token(token)
    if not result:
        return None

    # Find the reset code.
    try:
        code = EmailConfirmation.get(
            EmailConfirmation.code == result.public_code,
            EmailConfirmation.pw_reset == True)
    except EmailConfirmation.DoesNotExist:
        return None

    if result.private_token and not code.verification_code.matches(
            result.private_token):
        return None

    # Make sure the code is not expired.
    max_lifetime_duration = convert_to_timedelta(
        config.app_config["USER_RECOVERY_TOKEN_LIFETIME"])
    if code.created + max_lifetime_duration < datetime.now():
        code.delete_instance()
        return None

    # Verify the user and return the code.
    user = code.user

    with db_transaction():
        if not user.verified:
            user.verified = True
            user.save()

        code.delete_instance()

    return user
Ejemplo n.º 3
0
def validate_reset_code(token):
    # TODO(remove-unenc): Remove allow_public_only once migrated.
    allow_public_only = ActiveDataMigration.has_flag(ERTMigrationFlags.READ_OLD_FIELDS)
    result = decode_public_private_token(token, allow_public_only=allow_public_only)
    if not result:
        return None

    # Find the reset code.
    try:
        code = EmailConfirmation.get(
            EmailConfirmation.code == result.public_code, EmailConfirmation.pw_reset == True
        )
    except EmailConfirmation.DoesNotExist:
        return None

    if result.private_token and not code.verification_code.matches(result.private_token):
        return None

    # Make sure the code is not expired.
    max_lifetime_duration = convert_to_timedelta(config.app_config["USER_RECOVERY_TOKEN_LIFETIME"])
    if code.created + max_lifetime_duration < datetime.now():
        code.delete_instance()
        return None

    # Verify the user and return the code.
    user = code.user

    with db_transaction():
        if not user.verified:
            user.verified = True
            user.save()

        code.delete_instance()

    return user
Ejemplo n.º 4
0
def confirm_user_email(token):
    # TODO(remove-unenc): Remove allow_public_only once migrated.
    allow_public_only = ActiveDataMigration.has_flag(ERTMigrationFlags.READ_OLD_FIELDS)
    result = decode_public_private_token(token, allow_public_only=allow_public_only)
    if not result:
        raise DataModelException("Invalid email confirmation code")

    try:
        code = EmailConfirmation.get(
            EmailConfirmation.code == result.public_code, EmailConfirmation.email_confirm == True
        )
    except EmailConfirmation.DoesNotExist:
        raise DataModelException("Invalid email confirmation code")

    if result.private_token and not code.verification_code.matches(result.private_token):
        raise DataModelException("Invalid email confirmation code")

    user = code.user
    user.verified = True

    old_email = None
    new_email = code.new_email
    if new_email and new_email != old_email:
        if find_user_by_email(new_email):
            raise DataModelException("E-mail address already used")

        old_email = user.email
        user.email = new_email

    with db_transaction():
        user.save()
        code.delete_instance()

    return user, new_email, old_email
Ejemplo n.º 5
0
def create_confirm_email_code(user, new_email=None):
    if new_email:
        if not validate_email(new_email):
            raise InvalidEmailAddressException("Invalid email address: %s" % new_email)

    verification_code, unhashed = Credential.generate()
    code = EmailConfirmation.create(
        user=user, email_confirm=True, new_email=new_email, verification_code=verification_code
    )
    return encode_public_private_token(code.code, unhashed)
Ejemplo n.º 6
0
def create_reset_password_email_code(email):
    try:
        user = User.get(User.email == email)
    except User.DoesNotExist:
        raise InvalidEmailAddressException("Email address was not found")

    if user.organization:
        raise InvalidEmailAddressException("Organizations can not have passwords")

    verification_code, unhashed = Credential.generate()
    code = EmailConfirmation.create(user=user, pw_reset=True, verification_code=verification_code)
    return encode_public_private_token(code.code, unhashed)
Ejemplo n.º 7
0
def test_validation_code(token_lifetime, time_since, initialized_db):
  user = create_user_noverify('foobar', '*****@*****.**', email_required=False)
  created = datetime.now() - convert_to_timedelta(time_since)
  verification_code, unhashed = Credential.generate()
  confirmation = EmailConfirmation.create(user=user, pw_reset=True,
                                          created=created, verification_code=verification_code)
  encoded = encode_public_private_token(confirmation.code, unhashed)

  with patch('data.model.config.app_config', {'USER_RECOVERY_TOKEN_LIFETIME': token_lifetime}):
    result = validate_reset_code(encoded)
    expect_success = convert_to_timedelta(token_lifetime) >= convert_to_timedelta(time_since)
    assert expect_success == (result is not None)