def verify_phone(phoneclaim):
form = VerifyPhoneForm()
form.phoneclaim = phoneclaim
if form.validate_on_submit():
if UserPhone.get(phoneclaim.phone) is None:
if not g.user.phones:
primary = True
else:
primary = False
userphone = UserPhone(user=g.user,
phone=phoneclaim.phone,
gets_text=True)
userphone.primary = primary
db.session.add(userphone)
db.session.delete(phoneclaim)
db.session.commit()
flash(_("Your phone number has been verified"), 'success')
user_data_changed.send(g.user, changes=['phone'])
return render_redirect(url_for('.profile'), code=303)
else:
db.session.delete(phoneclaim)
db.session.commit()
flash(
_("This phone number has already been claimed by another user"
), 'danger')
return render_form(form=form,
title=_("Verify phone number"),
formid='phone_verify',
submit=_("Verify"),
ajax=True)
def verify_phone(phoneclaim):
if phoneclaim.verification_expired:
flash(_("You provided an incorrect verification code too many times"), 'danger')
# Block attempts to verify this number, but also keep the claim so that a new
# claim cannot be made. A periodic sweep to delete old claims is needed.
return render_redirect(url_for('.account'), code=303)
form = VerifyPhoneForm()
form.phoneclaim = phoneclaim
if form.validate_on_submit():
if UserPhone.get(phoneclaim.phone) is None:
if not current_auth.user.phones:
primary = True
else:
primary = False
userphone = UserPhone(user=current_auth.user, phone=phoneclaim.phone, gets_text=True)
userphone.primary = primary
db.session.add(userphone)
db.session.delete(phoneclaim)
db.session.commit()
flash(_("Your phone number has been verified"), 'success')
user_data_changed.send(current_auth.user, changes=['phone'])
return render_redirect(url_for('.account'), code=303)
else:
db.session.delete(phoneclaim)
db.session.commit()
flash(_("This phone number has already been claimed by another user"), 'danger')
elif request.method == 'POST':
phoneclaim.verification_attempts += 1
db.session.commit()
return render_form(form=form, title=_("Verify phone number"), formid='phone_verify',
submit=_("Verify"), ajax=True)
def validate_phone(self, field):
# TODO: Use the phonenumbers library to validate this
# Step 1: Remove punctuation in number
number = strip_phone(field.data)
# Step 2: Check length
if len(number) > 16:
raise forms.ValidationError(_("This is too long to be a valid phone number"))
# Step 3: Validate number format
if not valid_phone(number):
raise forms.ValidationError(_("Invalid phone number (must be in international format with a leading + symbol)"))
# Step 4: Check if Indian number (startswith('+91'))
if number.startswith('+91') and len(number) != 13:
raise forms.ValidationError(_("This does not appear to be a valid Indian mobile number"))
# Step 5: Check if number has already been claimed
existing = UserPhone.get(phone=number)
if existing is not None:
if existing.user == current_auth.user:
raise forms.ValidationError(_("You have already registered this phone number"))
else:
raise forms.ValidationError(_("This phone number has already been claimed"))
existing = UserPhoneClaim.get(phone=number, user=current_auth.user)
if existing is not None:
raise forms.ValidationError(_("This phone number is pending verification"))
field.data = number # Save stripped number
def remove_phone(number):
userphone = UserPhone.get(phone=number)
if userphone is None or userphone.user != current_auth.user:
userphone = UserPhoneClaim.get_for(user=current_auth.user,
phone=number)
if not userphone:
abort(404)
if userphone.verification_expired:
flash(
_("This number has been blocked due to too many failed verification attempts"
),
'danger',
)
# Block attempts to delete this number if verification failed.
# It needs to be deleted in a background sweep.
return render_redirect(url_for('.account'), code=303)
if request.method == 'POST':
# FIXME: Confirm validation success
user_data_changed.send(current_auth.user, changes=['phone-delete'])
return render_delete_sqla(
userphone,
db,
title=_("Confirm removal"),
message=_("Remove phone number {phone} from your account?").format(
phone=userphone.phone),
success=_("You have removed your number {phone}").format(
phone=userphone.phone),
next=url_for('.account'),
delete_text=_("Remove"),
)
def validate_phone(self, field):
# Step 1: Remove punctuation in number
number = strip_phone(field.data)
# Step 2: Check length
if len(number) > 16:
raise forms.ValidationError(
_("This is too long to be a valid phone number"))
# Step 3: Validate number format
if not valid_phone(number):
raise forms.ValidationError(
_("Invalid phone number (must be in international format with a leading + symbol)"
))
# Step 4: Check if Indian number (startswith('+91'))
if number.startswith('+91') and len(number) != 13:
raise forms.ValidationError(
_("This does not appear to be a valid Indian mobile number"))
# Step 5: Check if number has already been claimed
existing = UserPhone.get(phone=number)
if existing is not None:
if existing.user == current_auth.user:
raise forms.ValidationError(
_("You have already registered this phone number"))
else:
raise forms.ValidationError(
_("This phone number has already been claimed"))
existing = UserPhoneClaim.get(phone=number, user=current_auth.user)
if existing is not None:
raise forms.ValidationError(
_("This phone number is pending verification"))
field.data = number # Save stripped number
def verify_phone(phoneclaim):
if phoneclaim.verification_expired:
flash(_("You provided an incorrect verification code too many times"),
'danger')
# Block attempts to verify this number, but also keep the claim so that a new
# claim cannot be made. A periodic sweep to delete old claims is needed.
return render_redirect(url_for('.account'), code=303)
form = VerifyPhoneForm()
form.phoneclaim = phoneclaim
if form.validate_on_submit():
if UserPhone.get(phoneclaim.phone) is None:
if not current_auth.user.phones:
primary = True
else:
primary = False
userphone = UserPhone(user=current_auth.user,
phone=phoneclaim.phone,
gets_text=True)
userphone.primary = primary
db.session.add(userphone)
db.session.delete(phoneclaim)
db.session.commit()
flash(_("Your phone number has been verified"), 'success')
user_data_changed.send(current_auth.user, changes=['phone'])
return render_redirect(url_for('.account'), code=303)
else:
db.session.delete(phoneclaim)
db.session.commit()
flash(
_("This phone number has already been claimed by another user"
),
'danger',
)
elif request.method == 'POST':
phoneclaim.verification_attempts += 1
db.session.commit()
return render_form(
form=form,
title=_("Verify phone number"),
formid='phone_verify',
submit=_("Verify"),
ajax=True,
)
def validate_phone(self, field):
existing = UserPhone.get(phone=field.data)
if existing is not None:
if existing.user == g.user:
raise wtforms.ValidationError("You have already registered this phone number.")
else:
raise wtforms.ValidationError("This phone number has already been claimed.")
existing = UserPhoneClaim.get(phone=field.data, user=g.user)
if existing is not None:
raise wtforms.ValidationError("This phone number is pending verification.")
# Step 1: Remove punctuation in number
field.data = strip_phone(field.data)
# Step 2: Validate number format
if not valid_phone(field.data):
raise wtforms.ValidationError("Invalid phone number (must be in international format with a leading + symbol)")
# Step 3: Check if Indian number (startswith('+91'))
if not field.data.startswith('+91') or len(field.data) != 13:
raise wtforms.ValidationError("Only Indian mobile numbers are allowed at this time")
def make_phone_primary():
form = PhonePrimaryForm()
if form.validate_on_submit():
userphone = UserPhone.get_for(user=current_auth.user,
phone=form.phone.data)
if userphone is not None:
if userphone.primary:
flash(_("This is already your primary phone number"), 'info')
else:
current_auth.user.primary_phone = userphone
db.session.commit()
user_data_changed.send(current_auth.user,
changes=['phone-update-primary'])
flash(_("Your primary phone number has been updated"),
'success')
else:
flash(_("No such phone number is linked to this user account"),
'danger')
else:
flash(_("Please select a phone number"), 'danger')
return render_redirect(url_for('.account'), code=303)
def verify_phone(phoneclaim):
form = VerifyPhoneForm()
form.phoneclaim = phoneclaim
if form.validate_on_submit():
if UserPhone.get(phoneclaim.phone) is None:
if not g.user.phones:
primary = True
else:
primary = False
userphone = UserPhone(user=g.user, phone=phoneclaim.phone, gets_text=True, primary=primary)
db.session.add(userphone)
db.session.delete(phoneclaim)
db.session.commit()
flash("Your phone number has been verified.", 'success')
user_data_changed.send(g.user, changes=['phone'])
return render_redirect(url_for('.profile'), code=303)
else:
db.session.delete(phoneclaim)
db.session.commit()
flash("This phone number has already been claimed by another user.", 'danger')
return render_form(form=form, title="Verify phone number", formid="phone_verify", submit="Verify", ajax=True)
def verify_phone(phoneclaim):
form = VerifyPhoneForm()
form.phoneclaim = phoneclaim
if form.validate_on_submit():
if not g.user.phones:
primary = True
else:
primary = False
userphone = UserPhone(user=g.user,
phone=phoneclaim.phone,
gets_text=True,
primary=primary)
db.session.add(userphone)
db.session.delete(phoneclaim)
db.session.commit()
flash("Your phone number has been verified.", 'success')
user_data_changed.send(g.user, 'phone')
return render_redirect(url_for('.profile'), code=303)
return render_form(form=form,
title="Verify phone number",
formid="phone_verify",
submit="Verify",
ajax=True)
def validate_phone(self, field):
existing = UserPhone.get(phone=field.data)
if existing is not None:
if existing.user == g.user:
raise wtforms.ValidationError(
"You have already registered this phone number.")
else:
raise wtforms.ValidationError(
"This phone number has already been claimed.")
existing = UserPhoneClaim.get(phone=field.data, user=g.user)
if existing is not None:
raise wtforms.ValidationError(
"This phone number is pending verification.")
# Step 1: Remove punctuation in number
field.data = strip_phone(field.data)
# Step 2: Validate number format
if not valid_phone(field.data):
raise wtforms.ValidationError(
"Invalid phone number (must be in international format with a leading + symbol)"
)
# Step 3: Check if Indian number (startswith('+91'))
if not field.data.startswith('+91') or len(field.data) != 13:
raise wtforms.ValidationError(
"Only Indian mobile numbers are allowed at this time")
def make_fixtures(self):
"""
Create users, attach them to organizations. Create test client app, add test
resource, action and message.
"""
crusoe = User(username="******", fullname="Crusoe Celebrity Dachshund")
oakley = User(username="******")
piglet = User(username="******")
nameless = User(fullname="Nameless")
db.session.add_all([crusoe, oakley, piglet, nameless])
self.crusoe = crusoe
self.oakley = oakley
self.piglet = piglet
self.nameless = nameless
crusoe_email = UserEmail(
email="*****@*****.**", user=crusoe, primary=True
)
crusoe_phone = UserPhone(phone="+8080808080", user=crusoe, primary=True)
oakley_email = UserEmail(email="*****@*****.**", user=oakley)
db.session.add_all([crusoe_email, crusoe_phone, oakley_email])
self.crusoe_email = crusoe_email
self.crusoe_phone = crusoe_phone
batdog = Organization(name='batdog', title='Batdog')
batdog.owners.users.append(crusoe)
db.session.add(batdog)
self.batdog = batdog
specialdachs = Organization(name="specialdachs", title="Special Dachshunds")
specialdachs.owners.users.append(oakley)
db.session.add(specialdachs)
self.specialdachs = specialdachs
auth_client = AuthClient(
title="Batdog Adventures",
organization=batdog,
confidential=True,
namespace='fun.batdogadventures.com',
website="http://batdogadventures.com",
)
db.session.add(auth_client)
self.auth_client = auth_client
dachshunds = Team(title="Dachshunds", organization=batdog)
db.session.add(dachshunds)
self.dachshunds = dachshunds
auth_client_team_permissions = AuthClientTeamPermissions(
team=dachshunds, auth_client=auth_client, access_permissions="admin"
)
self.auth_client_team_permissions = auth_client_team_permissions
db.session.add(auth_client_team_permissions)
auth_client_user_permissions = AuthClientUserPermissions(
user=crusoe, auth_client=auth_client
)
db.session.add(auth_client_user_permissions)
self.auth_client_user_permissions = auth_client_user_permissions
message = SMSMessage(
phone_number=crusoe_phone.phone,
transactionid="Ruff" * 5,
message="Wuff Wuff",
)
db.session.add(message)
db.session.commit()
self.message = message
def make_fixtures(self):
"""
Create users, attach them to organizations. Create test client app, add test
resource, action and message.
"""
crusoe = User(username=u"crusoe",
fullname=u"Crusoe Celebrity Dachshund")
oakley = User(username=u"oakley")
piglet = User(username=u"piglet")
nameless = User(fullname="Nameless")
db.session.add_all([crusoe, oakley, piglet, nameless])
self.crusoe = crusoe
self.oakley = oakley
self.piglet = piglet
self.nameless = nameless
crusoe_email = UserEmail(email=u"*****@*****.**",
primary=True,
user=crusoe)
crusoe_phone = UserPhone(phone=u"+8080808080",
primary=True,
user=crusoe)
oakley_email = UserEmail(email=u"*****@*****.**", user=oakley)
db.session.add_all([crusoe_email, crusoe_phone, oakley_email])
self.crusoe_email = crusoe_email
self.crusoe_phone = crusoe_phone
batdog = Organization(name=u'batdog', title=u'Batdog')
batdog.owners.users.append(crusoe)
batdog.members.users.append(oakley)
db.session.add(batdog)
self.batdog = batdog
specialdachs = Organization(name=u"specialdachs",
title=u"Special Dachshunds")
specialdachs.owners.users.append(oakley)
specialdachs.members.users.append(piglet)
db.session.add(specialdachs)
self.specialdachs = specialdachs
client = Client(title=u"Batdog Adventures",
org=batdog,
confidential=True,
namespace=u'fun.batdogadventures.com',
website=u"http://batdogadventures.com")
db.session.add(client)
self.client = client
dachshunds = Team(title=u"Dachshunds", org=batdog)
db.session.add(dachshunds)
self.dachshunds = dachshunds
team_client_permission = TeamClientPermissions(
team=dachshunds, client=client, access_permissions=u"admin")
self.team_client_permission = team_client_permission
db.session.add(team_client_permission)
client_team_access = ClientTeamAccess(
org=batdog, client=client, access_level=CLIENT_TEAM_ACCESS.ALL)
db.session.add(client_team_access)
bdfl = Permission(name=u"bdfl", title=u"BDFL", user=crusoe)
db.session.add(bdfl)
self.bdfl = bdfl
user_client_permissions = UserClientPermissions(user=crusoe,
client=client)
db.session.add(user_client_permissions)
self.user_client_permissions = user_client_permissions
resource = Resource(name=u"test_resource",
title=u"Test Resource",
client=client)
db.session.add(resource)
self.resource = resource
resource_action = ResourceAction(name=u'Fun',
resource=resource,
title=u'fun')
db.session.add(resource_action)
self.resource_action = resource_action
action = ResourceAction(name=u"read", title=u"Read", resource=resource)
db.session.add(action)
self.action = action
message = SMSMessage(phone_number=crusoe_phone.phone,
transaction_id=u"Ruff" * 5,
message=u"Wuff Wuff")
db.session.add(message)
db.session.commit()
self.message = message