def test_request_email_change_invalid_email(self, invalid_email): # Create an account with a valid email address account_api.create_account(self.USERNAME, self.PASSWORD, self.EMAIL) # Attempt to change the account to an invalid email with self.assertRaises(account_api.AccountEmailInvalid): account_api.request_email_change(self.USERNAME, invalid_email, self.PASSWORD)
def test_record_email_change_history(self): account_api.create_account(self.USERNAME, self.PASSWORD, self.EMAIL) # Change the email once activation_key = account_api.request_email_change( self.USERNAME, u"*****@*****.**", self.PASSWORD ) account_api.confirm_email_change(activation_key) # Verify that the old email appears in the history meta = UserProfile.objects.get(user__username=self.USERNAME).get_meta() self.assertEqual(len(meta['old_emails']), 1) email, timestamp = meta['old_emails'][0] self.assertEqual(email, self.EMAIL) self._assert_is_datetime(timestamp) # Change the email again activation_key = account_api.request_email_change( self.USERNAME, u"*****@*****.**", self.PASSWORD ) account_api.confirm_email_change(activation_key) # Verify that both emails appear in the history meta = UserProfile.objects.get(user__username=self.USERNAME).get_meta() self.assertEqual(len(meta['old_emails']), 2) email, timestamp = meta['old_emails'][1] self.assertEqual(email, "*****@*****.**") self._assert_is_datetime(timestamp)
def test_record_email_change_history(self): account_api.create_account(self.USERNAME, self.PASSWORD, self.EMAIL) # Change the email once activation_key = account_api.request_email_change( self.USERNAME, u'*****@*****.**', self.PASSWORD ) account_api.confirm_email_change(activation_key) # Verify that the old email appears in the history meta = UserProfile.objects.get(user__username=self.USERNAME).get_meta() self.assertEqual(len(meta['old_emails']), 1) email, timestamp = meta['old_emails'][0] self.assertEqual(email, self.EMAIL) self._assert_is_datetime(timestamp) # Change the email again activation_key = account_api.request_email_change( self.USERNAME, u'*****@*****.**', self.PASSWORD ) account_api.confirm_email_change(activation_key) # Verify that both emails appear in the history meta = UserProfile.objects.get(user__username=self.USERNAME).get_meta() self.assertEqual(len(meta['old_emails']), 2) email, timestamp = meta['old_emails'][1] self.assertEqual(email, '*****@*****.**') self._assert_is_datetime(timestamp)
def test_request_email_change_same_address(self): # Create and activate the account activation_key = account_api.create_account(self.USERNAME, self.PASSWORD, self.EMAIL) account_api.activate_account(activation_key) # Try to change the email address to the current address with self.assertRaises(account_api.AccountEmailAlreadyExists): account_api.request_email_change(self.USERNAME, self.EMAIL, self.PASSWORD)
def test_confirm_email_change_invalid_activation_key(self): account_api.create_account(self.USERNAME, self.PASSWORD, self.EMAIL) account_api.request_email_change(self.USERNAME, u"*****@*****.**", self.PASSWORD) with self.assertRaises(account_api.AccountNotAuthorized): account_api.confirm_email_change(u"invalid")
def test_request_email_change_wrong_password(self): account_api.create_account(self.USERNAME, self.PASSWORD, self.EMAIL) # Use the wrong password with self.assertRaises(account_api.AccountNotAuthorized): account_api.request_email_change(self.USERNAME, u"*****@*****.**", u"wrong password")
def test_request_email_change_duplicates_unactivated_account(self): # Create two accounts, but the second account is inactive activation_key = account_api.create_account(self.USERNAME, self.PASSWORD, self.EMAIL) account_api.activate_account(activation_key) account_api.create_account(u'another_user', u'password', u'*****@*****.**') # Try to change the first user's email to the same as the second user's # Since the second user has not yet activated, this should succeed. account_api.request_email_change(self.USERNAME, u'*****@*****.**', self.PASSWORD)
def test_request_email_change_duplicates_unactivated_account(self): # Create two accounts, but the second account is inactive activation_key = account_api.create_account(self.USERNAME, self.PASSWORD, self.EMAIL) account_api.activate_account(activation_key) account_api.create_account(u"another_user", u"password", u"*****@*****.**") # Try to change the first user's email to the same as the second user's # Since the second user has not yet activated, this should succeed. account_api.request_email_change(self.USERNAME, u"*****@*****.**", self.PASSWORD)
def test_request_email_change_already_exists(self): # Create two accounts, both activated activation_key = account_api.create_account(self.USERNAME, self.PASSWORD, self.EMAIL) account_api.activate_account(activation_key) activation_key = account_api.create_account(u'another_user', u'password', u'*****@*****.**') account_api.activate_account(activation_key) # Try to change the first user's email to the same as the second user's with self.assertRaises(account_api.AccountEmailAlreadyExists): account_api.request_email_change(self.USERNAME, u'*****@*****.**', self.PASSWORD)
def test_request_email_change_already_exists(self): # Create two accounts, both activated activation_key = account_api.create_account(self.USERNAME, self.PASSWORD, self.EMAIL) account_api.activate_account(activation_key) activation_key = account_api.create_account(u"another_user", u"password", u"*****@*****.**") account_api.activate_account(activation_key) # Try to change the first user's email to the same as the second user's with self.assertRaises(account_api.AccountEmailAlreadyExists): account_api.request_email_change(self.USERNAME, u"*****@*****.**", self.PASSWORD)
def test_confirm_email_no_user_profile(self): account_api.create_account(self.USERNAME, self.PASSWORD, self.EMAIL) activation_key = account_api.request_email_change( self.USERNAME, u"*****@*****.**", self.PASSWORD) # This should never happen, but just in case... UserProfile.objects.get(user__username=self.USERNAME).delete() with self.assertRaises(account_api.AccountInternalError): account_api.confirm_email_change(activation_key)
def test_email_change_confirmation_internal_error(self): # Get an email change activation key activation_key = account_api.request_email_change(self.USERNAME, self.NEW_EMAIL, self.PASSWORD) # Patch account API to return an internal error with patch('student_account.views.account_api.confirm_email_change') as mock_call: mock_call.side_effect = account_api.AccountInternalError response = self.client.get(reverse('email_change_confirm', kwargs={'key': activation_key})) self.assertContains(response, "Something went wrong")
def test_email_change_confirmation(self): # Get an email change activation key activation_key = account_api.request_email_change(self.USERNAME, self.NEW_EMAIL, self.PASSWORD) # Follow the link sent in the confirmation email response = self.client.get(reverse('email_change_confirm', kwargs={'key': activation_key})) self.assertContains(response, "Email change successful") # Verify that the email associated with the account has changed profile_info = profile_api.profile_info(self.USERNAME) self.assertEquals(profile_info['email'], self.NEW_EMAIL)
def test_confirm_email_no_user_profile(self): account_api.create_account(self.USERNAME, self.PASSWORD, self.EMAIL) activation_key = account_api.request_email_change( self.USERNAME, u"*****@*****.**", self.PASSWORD ) # This should never happen, but just in case... UserProfile.objects.get(user__username=self.USERNAME).delete() with self.assertRaises(account_api.AccountInternalError): account_api.confirm_email_change(activation_key)
def test_confirm_email_change_repeat(self): account_api.create_account(self.USERNAME, self.PASSWORD, self.EMAIL) activation_key = account_api.request_email_change( self.USERNAME, u'*****@*****.**', self.PASSWORD ) # Confirm the change once account_api.confirm_email_change(activation_key) # Confirm the change again. The activation code should be # single-use, so this should raise an error. with self.assertRaises(account_api.AccountNotAuthorized): account_api.confirm_email_change(activation_key)
def test_email_change_confirmation_email_already_exists(self): # Get an email change activation key email_activation_key = account_api.request_email_change(self.USERNAME, self.NEW_EMAIL, self.PASSWORD) # Create/activate a second user with the new email account_activation_key = account_api.create_account(self.ALTERNATE_USERNAME, self.PASSWORD, self.NEW_EMAIL) account_api.activate_account(account_activation_key) # Follow the link sent to the original user response = self.client.get(reverse('email_change_confirm', kwargs={'key': email_activation_key})) self.assertContains(response, "address you wanted to use is already used") # Verify that the email associated with the original account has not changed profile_info = profile_api.profile_info(self.USERNAME) self.assertEquals(profile_info['email'], self.OLD_EMAIL)
def test_confirm_email_already_exists(self): account_api.create_account(self.USERNAME, self.PASSWORD, self.EMAIL) # Request a change activation_key = account_api.request_email_change( self.USERNAME, u"*****@*****.**", self.PASSWORD ) # Another use takes the email before we confirm the change account_api.create_account(u"other_user", u"password", u"*****@*****.**") # When we try to confirm our change, we get an error because the email is taken with self.assertRaises(account_api.AccountEmailAlreadyExists): account_api.confirm_email_change(activation_key) # Verify that the email was NOT changed self.assertEqual(account_api.account_info(self.USERNAME)['email'], self.EMAIL)
def test_confirm_email_already_exists(self): account_api.create_account(self.USERNAME, self.PASSWORD, self.EMAIL) # Request a change activation_key = account_api.request_email_change( self.USERNAME, u'*****@*****.**', self.PASSWORD ) # Another use takes the email before we confirm the change account_api.create_account(u'other_user', u'password', u'*****@*****.**') # When we try to confirm our change, we get an error because the email is taken with self.assertRaises(account_api.AccountEmailAlreadyExists): account_api.confirm_email_change(activation_key) # Verify that the email was NOT changed self.assertEqual(account_api.account_info(self.USERNAME)['email'], self.EMAIL)
def test_change_email(self): # Request an email change account_api.create_account(self.USERNAME, self.PASSWORD, self.EMAIL) activation_key = account_api.request_email_change( self.USERNAME, u"*****@*****.**", self.PASSWORD) # Verify that the email has not yet changed account = account_api.account_info(self.USERNAME) self.assertEqual(account['email'], self.EMAIL) # Confirm the change, using the activation code old_email, new_email = account_api.confirm_email_change(activation_key) self.assertEqual(old_email, self.EMAIL) self.assertEqual(new_email, u"*****@*****.**") # Verify that the email is changed account = account_api.account_info(self.USERNAME) self.assertEqual(account['email'], u"*****@*****.**")
def test_change_email(self): # Request an email change account_api.create_account(self.USERNAME, self.PASSWORD, self.EMAIL) activation_key = account_api.request_email_change( self.USERNAME, u"*****@*****.**", self.PASSWORD ) # Verify that the email has not yet changed account = account_api.account_info(self.USERNAME) self.assertEqual(account['email'], self.EMAIL) # Confirm the change, using the activation code old_email, new_email = account_api.confirm_email_change(activation_key) self.assertEqual(old_email, self.EMAIL) self.assertEqual(new_email, u"*****@*****.**") # Verify that the email is changed account = account_api.account_info(self.USERNAME) self.assertEqual(account['email'], u"*****@*****.**")
def email_change_request_handler(request): """Handle a request to change the user's email address. Sends an email to the newly specified address containing a link to a confirmation page. Args: request (HttpRequest) Returns: HttpResponse: 200 if the confirmation email was sent successfully HttpResponse: 302 if not logged in (redirect to login page) HttpResponse: 400 if the format of the new email is incorrect, or if an email change is requested for a user which does not exist HttpResponse: 401 if the provided password (in the form) is incorrect HttpResponse: 405 if using an unsupported HTTP method HttpResponse: 409 if the provided email is already in use Example usage: POST /account/email """ username = request.user.username password = request.POST.get('password') new_email = request.POST.get('email') if new_email is None: return HttpResponseBadRequest("Missing param 'email'") if password is None: return HttpResponseBadRequest("Missing param 'password'") old_email = profile_api.profile_info(username)['email'] try: key = account_api.request_email_change(username, new_email, password) except (account_api.AccountEmailInvalid, account_api.AccountUserNotFound): return HttpResponseBadRequest() except account_api.AccountEmailAlreadyExists: return HttpResponse(status=409) except account_api.AccountNotAuthorized: return HttpResponse(status=401) context = { 'key': key, 'old_email': old_email, 'new_email': new_email, } subject = render_to_string('student_account/emails/email_change_request/subject_line.txt', context) subject = ''.join(subject.splitlines()) message = render_to_string('student_account/emails/email_change_request/message_body.txt', context) from_address = microsite.get_value( 'email_from_address', settings.DEFAULT_FROM_EMAIL ) # Send a confirmation email to the new address containing the activation key send_mail(subject, message, from_address, [new_email]) return HttpResponse(status=200)
def email_change_request_handler(request): """Handle a request to change the user's email address. Args: request (HttpRequest) Returns: HttpResponse: 204 if the confirmation email was sent successfully HttpResponse: 302 if not logged in (redirect to login page) HttpResponse: 400 if the format of the new email is incorrect HttpResponse: 401 if the provided password (in the form) is incorrect HttpResponse: 405 if using an unsupported HTTP method HttpResponse: 409 if the provided email is already in use HttpResponse: 500 if the user to which the email change will be applied does not exist Example usage: PUT /account/email_change_request """ put = QueryDict(request.body) user = request.user password = put.get('password') username = user.username old_email = profile_api.profile_info(username)['email'] new_email = put.get('new_email') if new_email is None: return HttpResponseBadRequest("Missing param 'new_email'") if password is None: return HttpResponseBadRequest("Missing param 'password'") try: key = account_api.request_email_change(username, new_email, password) except account_api.AccountUserNotFound: return HttpResponseServerError() except account_api.AccountEmailAlreadyExists: return HttpResponse(status=409) except account_api.AccountEmailInvalid: return HttpResponseBadRequest() except account_api.AccountNotAuthorized: return HttpResponse(status=401) context = { 'key': key, 'old_email': old_email, 'new_email': new_email, } subject = render_to_string('student_account/emails/email_change_request/subject_line.txt', context) subject = ''.join(subject.splitlines()) message = render_to_string('student_account/emails/email_change_request/message_body.txt', context) from_address = microsite.get_value( 'email_from_address', settings.DEFAULT_FROM_EMAIL ) # Email new address send_mail(subject, message, from_address, [new_email]) # A 204 is intended to allow input for actions to take place # without causing a change to the user agent's active document view. return HttpResponse(status=204)
def email_change_request_handler(request): """Handle a request to change the user's email address. Args: request (HttpRequest) Returns: HttpResponse: 200 if the confirmation email was sent successfully HttpResponse: 302 if not logged in (redirect to login page) HttpResponse: 400 if the format of the new email is incorrect HttpResponse: 401 if the provided password (in the form) is incorrect HttpResponse: 405 if using an unsupported HTTP method HttpResponse: 409 if the provided email is already in use HttpResponse: 500 if the user to which the email change will be applied does not exist Example usage: POST /account/email """ username = request.user.username password = request.POST.get('password') new_email = request.POST.get('email') if new_email is None: return HttpResponseBadRequest("Missing param 'email'") if password is None: return HttpResponseBadRequest("Missing param 'password'") old_email = profile_api.profile_info(username)['email'] try: key = account_api.request_email_change(username, new_email, password) except account_api.AccountUserNotFound: return HttpResponseServerError() except account_api.AccountEmailAlreadyExists: return HttpResponse(status=409) except account_api.AccountEmailInvalid: return HttpResponseBadRequest() except account_api.AccountNotAuthorized: return HttpResponse(status=401) context = { 'key': key, 'old_email': old_email, 'new_email': new_email, } subject = render_to_string('student_account/emails/email_change_request/subject_line.txt', context) subject = ''.join(subject.splitlines()) message = render_to_string('student_account/emails/email_change_request/message_body.txt', context) from_address = microsite.get_value( 'email_from_address', settings.DEFAULT_FROM_EMAIL ) # Send a confirmation email to the new address containing the activation key send_mail(subject, message, from_address, [new_email]) # Send a 200 response code to the client to indicate that the email was sent successfully. return HttpResponse(status=200)
def email_change_request_handler(request): """Handle a request to change the user's email address. Args: request (HttpRequest) Returns: HttpResponse: 204 if the confirmation email was sent successfully HttpResponse: 302 if not logged in (redirect to login page) HttpResponse: 400 if the format of the new email is incorrect HttpResponse: 401 if the provided password (in the form) is incorrect HttpResponse: 405 if using an unsupported HTTP method HttpResponse: 409 if the provided email is already in use HttpResponse: 500 if the user to which the email change will be applied does not exist Example usage: PUT /account/email_change_request """ put = QueryDict(request.body) user = request.user password = put.get('password') username = user.username old_email = profile_api.profile_info(username)['email'] new_email = put.get('new_email') if new_email is None: return HttpResponseBadRequest("Missing param 'new_email'") if password is None: return HttpResponseBadRequest("Missing param 'password'") try: key = account_api.request_email_change(username, new_email, password) except account_api.AccountUserNotFound: return HttpResponseServerError() except account_api.AccountEmailAlreadyExists: return HttpResponse(status=409) except account_api.AccountEmailInvalid: return HttpResponseBadRequest() except account_api.AccountNotAuthorized: return HttpResponse(status=401) context = { 'key': key, 'old_email': old_email, 'new_email': new_email, } subject = render_to_string( 'student_account/emails/email_change_request/subject_line.txt', context) subject = ''.join(subject.splitlines()) message = render_to_string( 'student_account/emails/email_change_request/message_body.txt', context) from_address = microsite.get_value('email_from_address', settings.DEFAULT_FROM_EMAIL) # Email new address send_mail(subject, message, from_address, [new_email]) # A 204 is intended to allow input for actions to take place # without causing a change to the user agent's active document view. return HttpResponse(status=204)
def test_request_email_change_no_user(self): account_api.request_email_change(u"no_such_user", self.EMAIL, self.PASSWORD)
def test_request_email_change_no_user(self): account_api.request_email_change(u'no_such_user', self.EMAIL, self.PASSWORD)