def reset(token):
"""
This view allows the user to create a new password so long as the token
is valid.
"""
form = ResetForm(request.form)
# Check the token but do not delete it.
data = check_token(token, preserve=True)
if data is not None and data.get('action') == 'reset':
if request.method == 'POST':
if form.validate():
# If the form was successful recheck the token but expire it.
check_token(token)
# Update the password and inform the users
be_change_password(data['uid'], form.password.data)
flash('Your password has now been reset', 'success')
return redirect(url_for('signin'))
else:
flash('Oh no! There are errors in your form', 'error')
else:
flash('Invalid token', 'error')
return redirect(url_for('signin'))
return render_template('reset.html', form=form)
def reset(token):
"""
This view allows the user to create a new password so long as the token
is valid.
"""
form = ResetForm(request.form)
# Check the token but do not delete it.
data = check_token(token, preserve=True)
if data is not None and data.get('action') == 'reset':
if request.method == 'POST':
if form.validate():
# If the form was successful recheck the token but expire it.
check_token(token)
# Update the password and inform the users
be_change_password(data['uid'], form.password.data)
flash('Your password has now been reset', 'success')
return redirect(url_for('auth.signin'))
else:
flash('Oh no! There are errors in your form', 'error')
else:
flash('Invalid token', 'error')
return redirect(url_for('auth.signin'))
return render_template('reset.html', form=form)
def confirm_email(token):
"""
View to actually change the users password.
This is the link they will sent during the email change procedure. If the
token is valid the users password will be changed and a confirmation will
be sent to the new email address.
"""
# Attempt to get the data from the token
data = check_token(token)
if data is not None and data.get('action') == 'change_email':
# Change the users e-mail
uid = data.get('uid')
# We will email the address stored in the token. This may help us
# identify if there is any miss match
email = data.get('email')
# This could only happen if the user deletes there account then presses
# the confirm email link that is sent to them.
if uid and email: # pragma: no branch
be_change_email(uid, email)
send_mail(
'Pjuu Account Notification - Email Address Changed',
[email],
text_body=render_template('emails/confirm_email.txt'),
html_body=render_template('emails/confirm_email.html')
)
flash('We\'ve updated your e-mail address', 'success')
return redirect(url_for('change_email'))
# The token is either out of date or has been tampered with
flash('Invalid token', 'error')
return redirect(url_for('change_email'))
def activate(token):
"""
Activates the user account so long as the token is valid.
"""
# Attempt to get the data from the token
data = check_token(token)
if data is not None and data.get('action') == 'activate':
# Attempt to activate the users account
uid = data.get('uid')
# This should be impossible to happen. The user would have to live a
# millisecond longer than the auth token they are sent to activate
# there account and at the very last nano-second try and activate.
# Not going to get.
if uid and get_user(uid): # pragma: no branch
be_activate(uid)
# If we have got to this point. Send a welcome e-mail :)
send_mail(
'Pjuu Account Notifcation - Welcome!',
[get_email(uid)],
text_body=render_template('emails/welcome.txt'),
html_body=render_template('emails/welcome.html')
)
flash('Your account has now been activated', 'success')
return redirect(url_for('signin'))
# The token is either out of date or has been tampered with
flash('Invalid token', 'error')
return redirect(url_for('signin'))
def activate(token):
"""
Activates the user account so long as the token is valid.
"""
# Attempt to get the data from the token
data = check_token(token)
if data is not None and data.get('action') == 'activate':
# Attempt to activate the users account
user = get_user(data.get('uid'))
# This does not need a branching check as it should never fail!
# The check is there for safety. An auth token can not live longer
# than a newly created user.
if user is not None: # pragma: no branch
be_activate(user.get('_id'))
# If we have got to this point. Send a welcome e-mail :)
send_mail(
'Pjuu Account Notifcation - Welcome!',
[user.get('email')],
text_body=render_template('emails/welcome.txt'),
html_body=render_template('emails/welcome.html')
)
flash('Your account has now been activated', 'success')
return redirect(url_for('auth.signin'))
# The token is either out of date or has been tampered with
flash('Invalid token', 'error')
return redirect(url_for('auth.signin'))
def confirm_email(token):
"""
"""
# Attempt to get the data from the token
data = check_token(token)
if data is not None and data.get('action') == 'change_email':
# Change the users e-mail
uid = data.get('uid')
# We will email the address stored in the token. This may help us
# identify if there is any miss match
email = data.get('email')
# This could only happen if the user deletes there account then presses
# the confirm email link that is sent to them.
if uid and email: # pragma: no branch
be_change_email(uid, email)
send_mail('Pjuu Account Notification - Email Address Changed',
[email],
text_body=render_template('emails/confirm_email.txt'),
html_body=render_template('emails/confirm_email.html'))
flash('We\'ve updated your e-mail address', 'success')
return redirect(url_for('auth.change_email'))
# The token is either out of date or has been tampered with
flash('Invalid token', 'error')
return redirect(url_for('auth.change_email'))
def activate(token):
"""
Activates the user account so long as the token is valid.
"""
# Attempt to get the data from the token
data = check_token(token)
if data is not None and data.get('action') == 'activate':
# Attempt to activate the users account
user = get_user(data.get('uid'))
# This does not need a branching check as it should never fail!
# The check is there for safety. An auth token can not live longer
# than a newly created user.
if user is not None: # pragma: no branch
be_activate(user.get('_id'))
# If we have got to this point. Send a welcome e-mail :)
send_mail('Pjuu Account Notifcation - Welcome!',
[user.get('email')],
text_body=render_template('emails/welcome.txt'),
html_body=render_template('emails/welcome.html'))
flash('Your account has now been activated', 'success')
return redirect(url_for('auth.signin'))
# The token is either out of date or has been tampered with
flash('Invalid token', 'error')
return redirect(url_for('auth.signin'))
def test_tokens(self):
"""Generate and check a few tokens, simple.
"""
# Test normal token operations
token1 = generate_token("token1")
self.assertEqual(check_token(token1), "token1")
# Check that getting the token again returns nothing
self.assertIsNone(check_token(token1))
# Create another token just this time check it initially with preserve
token1 = generate_token("token1")
self.assertEqual(check_token(token1, preserve=True), "token1")
# Get it again with no preserve and check we get the correct answer
self.assertEqual(check_token(token1), "token1")
# Try creating a token with some Python objects
token1 = generate_token({"name": "token1"})
self.assertEqual(check_token(token1).get("name"), "token1")
# A token with None stored would not work as the same outcome would
# happen as if there was not a token
token1 = generate_token(None)
# POINTLESS!
self.assertIsNone(check_token(token1))
# Try and break check tokens
# Check a token that I just made up, not a hex UUID
self.assertIsNone(check_token("token1"))
# Create a token and mangle the data inside Redis
token1 = generate_token("token1")
# Not a valid JSON pickle, the dict is invalid
r.set(k.TOKEN.format(token1), "{token: 1}")
self.assertIsNone(check_token(token1))
# That will have raised our ValueError, I don't know how to trigger a
# TypeError from Redis as everything is a string
# Check that preserve on works on tokens
token1 = generate_token("token1")
self.assertEqual(check_token(token1, preserve=True), 'token1')
self.assertEqual(check_token(token1), 'token1')
self.assertIsNone(check_token(token1))
def test_tokens(self):
"""Generate and check a few tokens, simple.
"""
# Test normal token operations
token1 = generate_token("token1")
self.assertEqual(check_token(token1), "token1")
# Check that getting the token again returns nothing
self.assertIsNone(check_token(token1))
# Create another token just this time check it initially with preserve
token1 = generate_token("token1")
self.assertEqual(check_token(token1, preserve=True), "token1")
# Get it again with no preserve and check we get the correct answer
self.assertEqual(check_token(token1), "token1")
# Try creating a token with some Python objects
token1 = generate_token({"name": "token1"})
self.assertEqual(check_token(token1).get("name"), "token1")
# A token with None stored would not work as the same outcome would
# happen as if there was not a token
token1 = generate_token(None)
# POINTLESS!
self.assertIsNone(check_token(token1))
# Try and break check tokens
# Check a token that I just made up, not a hex UUID
self.assertIsNone(check_token("token1"))
# Create a token and mangle the data inside Redis
token1 = generate_token("token1")
# Not a valid JSON pickle, the dict is invalid
r.set(k.TOKEN.format(token1), "{token: 1}")
self.assertIsNone(check_token(token1))
# That will have raised our ValueError, I don't know how to trigger a
# TypeError from Redis as everything is a string
# Check that preserve on works on tokens
token1 = generate_token("token1")
self.assertEqual(check_token(token1, preserve=True), 'token1')
self.assertEqual(check_token(token1), 'token1')
self.assertIsNone(check_token(token1))
