def verify_mobile(request, user, new_mobile):
log.info('Trying to verify mobile number for user {!r}.'.format(user))
log.debug('Mobile number: {!s}.'.format(new_mobile))
# Start by removing mobile number from any other user
old_user_docs = request.db.profiles.find({
'mobile': {'$elemMatch': {'mobile': new_mobile, 'verified': True}}
})
steal_count = 0
for old_user_doc in old_user_docs:
old_user = User(old_user_doc)
if old_user:
log.debug('Found old user {!r} with mobile number ({!s}) already verified.'.format(old_user, new_mobile))
log.debug('Old user mobile numbers BEFORE: {!r}.'.format(old_user.get_mobiles()))
mobiles = [m for m in old_user.get_mobiles() if m['mobile'] != new_mobile]
old_user.set_mobiles(mobiles)
log.debug('Old user mobile numbers AFTER: {!r}.'.format(old_user.get_mobiles()))
old_user.retrieve_modified_ts(request.db.profiles)
old_user.save(request)
log.info('Removed mobile number from user {!r}.'.format(old_user))
steal_count += 1
# Add the verified mobile number to the requesting user
user.add_verified_mobile(new_mobile)
log.info('Mobile number verified for user {!r}.'.format(user))
request.stats.count('dashboard/verify_mobile_stolen', steal_count)
request.stats.count('dashboard/verify_mobile_completed', 1)
return user, _('Mobile {obj} verified')
def test_steal_verified_mobile(self):
self.set_logged(user='******')
response_form = self.testapp.get('/profile/mobiles/')
form = response_form.forms[self.formname]
mobile = '+34609609609'
form['mobile'].value = mobile
with patch.object(MsgRelay, 'mobile_validator', clear=True):
MsgRelay.mobile_validator.return_value = True
response = form.submit('add')
self.assertEqual(response.status, '200 OK')
old_user = self.db.profiles.find_one({'_id': ObjectId('012345678901234567890123')})
old_user = User(old_user)
self.assertIn(mobile, [mo['mobile'] for mo in old_user.get_mobiles()])
mobile_doc = self.db.verifications.find_one({
'model_name': 'mobile',
'user_oid': ObjectId('901234567890123456789012'),
'obj_id': mobile
})
with patch.object(MsgRelay, 'mobile_validator', clear=True):
with patch.object(UserDB, 'exists_by_field', clear=True):
UserDB.exists_by_field.return_value = False
MsgRelay.mobile_validator.return_value = True
response = self.testapp.post(
'/profile/mobiles-actions/',
{'identifier': 0, 'action': 'verify', 'code': mobile_doc['code']}
)
response_json = json.loads(response.body)
self.assertEqual(response_json['result'], 'ok')
old_user = self.db.profiles.find_one({'_id': ObjectId('012345678901234567890123')})
old_user = User(old_user)
self.assertNotIn(mobile, [mo['mobile'] for mo in old_user.get_mobiles()])
def verificate_code(request, model_name, code):
unverified = request.db.verifications.find_one(
{
"model_name": model_name,
"code": code,
})
if not unverified:
msg = "Could not find un-verified code {!r}, model {!r}"
log.debug(msg.format(code, model_name))
return
obj_id = unverified['obj_id']
if obj_id:
msg = "Code {!r} ({!s}) marked as verified"
log.debug(msg.format(code, str(obj_id)))
user = request.userdb.get_user_by_oid(unverified['user_oid'])
old_verified = request.db.verifications.find_and_modify(
{
"model_name": model_name,
"obj_id": unverified['obj_id'],
"verified": True
},
remove=True)
old_user = None
if old_verified:
old_user = request.userdb.get_user_by_oid(old_verified['user_oid'])
if model_name == 'norEduPersonNIN':
if not old_user:
old_user_doc = request.db.profiles.find_one({
'norEduPersonNIN': obj_id
})
if old_user_doc:
old_user = User(old_user_doc)
if old_user:
nins = [nin for nin in old_user.get_nins() if nin != obj_id]
old_user.set_nins(nins)
addresses = [a for a in old_user.get_addresses() if not a['verified']]
old_user.set_addresses(addresses)
user.add_verified_nin(obj_id)
user.retrieve_address(request, obj_id)
# Reset session eduPersonIdentityProofing on NIN verification
request.session['eduPersonIdentityProofing'] = None
msg = _('National identity number {obj} verified')
elif model_name == 'mobile':
if not old_user:
old_user_doc = request.db.profiles.find_one({
'mobile': {'$elemMatch': {'mobile': obj_id, 'verified': True}}
})
if old_user_doc:
old_user = User(old_user_doc)
if old_user:
mobiles = [m for m in old_user.get_mobiles() if m['mobile'] != obj_id]
old_user.set_mobiles(mobiles)
user.add_verified_mobile(obj_id)
msg = _('Mobile {obj} verified')
elif model_name == 'mailAliases':
if not old_user:
old_user_doc = request.db.profiles.find_one({
'mailAliases': {'email': obj_id, 'verified': True}
})
if old_user_doc:
old_user = User(old_user_doc)
if old_user:
if old_user.get_mail() == obj_id:
old_user.set_mail('')
mails = [m for m in old_user.get_mail_aliases() if m['email'] != obj_id]
old_user.set_mail_aliases(mails)
user.add_verified_email(obj_id)
msg = _('Email {obj} verified')
request.session.flash(msg.format(obj=obj_id),
queue='forms')
user.save(request)
if old_user:
old_user.save(request)
request.db.verifications.update({'_id': unverified['_id']}, {'verified': True})
return obj_id
