def control_editemailpassword_post_(request):
form = request.web_input(newemail="", newemailcheck="", newpassword="", newpasscheck="", password="")
newemail = emailer.normalize_address(form.newemail)
newemailcheck = emailer.normalize_address(form.newemailcheck)
profile.edit_email_password(request.userid, form.username, form.password,
newemail, newemailcheck, form.newpassword, form.newpasscheck)
return Response(define.errorpage(
request.userid, "**Success!** Your settings have been updated.",
[["Go Back", "/control"], ["Return Home", "/"]]))
def control_editemailpassword_post_(request):
form = request.web_input(newemail="", newemailcheck="", newpassword="", newpasscheck="", password="")
newemail = emailer.normalize_address(form.newemail)
newemailcheck = emailer.normalize_address(form.newemailcheck)
profile.edit_email_password(request.userid, form.username, form.password,
newemail, newemailcheck, form.newpassword, form.newpasscheck)
return Response(define.errorpage(
request.userid, "**Success!** Your settings have been updated.",
[["Go Back", "/control"], ["Return Home", "/"]]))
def POST(self):
form = web.input(newemail="", newemailcheck="", newpassword="", newpasscheck="", password="")
newemail = emailer.normalize_address(form.newemail)
newemailcheck = emailer.normalize_address(form.newemailcheck)
profile.edit_email_password(self.user_id, form.username, form.password,
newemail, newemailcheck, form.newpassword, form.newpasscheck)
return define.errorpage(
self.user_id, "**Success!** Your settings have been updated.",
[["Go Back", "/control"], ["Return Home", "/"]])
def control_editemailpassword_post_(request):
form = request.web_input(newemail="",
newemailcheck="",
newpassword="",
newpasscheck="",
password="")
newemail = emailer.normalize_address(form.newemail)
newemailcheck = emailer.normalize_address(form.newemailcheck)
# Check if the email was invalid; Both fields must be valid (not None), and have the form fields set
if not newemail and not newemailcheck and form.newemail != "" and form.newemailcheck != "":
raise WeasylError("emailInvalid")
return_message = profile.edit_email_password(request.userid, form.username,
form.password, newemail,
newemailcheck,
form.newpassword,
form.newpasscheck)
if not return_message: # No changes were made
message = "No changes were made to your account."
else: # Changes were made, so inform the user of this
message = "**Success!** " + return_message
# Finally return the message about what (if anything) changed to the user
return Response(
define.errorpage(request.userid, message,
[["Go Back", "/control"], ["Return Home", "/"]]))
def POST(self):
form = web.input(newemail="",
newemailcheck="",
newpassword="",
newpasscheck="",
password="")
newemail = emailer.normalize_address(form.newemail)
newemailcheck = emailer.normalize_address(form.newemailcheck)
profile.edit_email_password(self.user_id, form.username, form.password,
newemail, newemailcheck, form.newpassword,
form.newpasscheck)
return define.errorpage(
self.user_id, "**Success!** Your settings have been updated.",
[["Go Back", "/control"], ["Return Home", "/"]])
def control_editemailpassword_post_(request):
form = request.web_input(newemail="", newemailcheck="", newpassword="", newpasscheck="", password="")
newemail = emailer.normalize_address(form.newemail)
newemailcheck = emailer.normalize_address(form.newemailcheck)
# Check if the email was invalid; Both fields must be valid (not None), and have the form fields set
if not newemail and not newemailcheck and form.newemail != "" and form.newemailcheck != "":
raise WeasylError("emailInvalid")
return_message = profile.edit_email_password(
request.userid, form.username, form.password, newemail, newemailcheck,
form.newpassword, form.newpasscheck
)
if not return_message: # No changes were made
message = "No changes were made to your account."
else: # Changes were made, so inform the user of this
message = "**Success!** " + return_message
# Finally return the message about what (if anything) changed to the user
return Response(define.errorpage(
request.userid, message,
[["Go Back", "/control"], ["Return Home", "/"]])
)
def test_edit_email_password(monkeypatch):
monkeypatch.setattr(profile, 'invalidate_other_sessions', lambda x: '')
from weasyl.login import verify_email_change
password = "******"
username = "******"
email = "*****@*****.**"
userid = db_utils.create_user(username=username,
password=password,
email_addr=email)
# Case 1: No changes, user authentication succeeds
assert not profile.edit_email_password(userid=userid,
username=username,
password=password,
newemail=None,
newemailcheck=None,
newpassword="",
newpasscheck="")
# Case 2: No changes, user authentication fails
with pytest.raises(WeasylError) as err:
profile.edit_email_password(userid=userid,
username=username,
password="******",
newemail=None,
newemailcheck=None,
newpassword="",
newpasscheck="")
assert 'loginInvalid' == err.value.value
# Case 3: Changes, new password only, password too short/'insecure'
with pytest.raises(WeasylError) as err:
profile.edit_email_password(userid=userid,
username=username,
password=password,
newemail=None,
newemailcheck=None,
newpassword="******",
newpasscheck="012345")
assert 'passwordInsecure' == err.value.value
# Case 4: Changes, new password only, password mismatch
with pytest.raises(WeasylError) as err:
profile.edit_email_password(userid=userid,
username=username,
password=password,
newemail=None,
newemailcheck=None,
newpassword="******",
newpasscheck="1234567898")
assert 'passwordMismatch' == err.value.value
# Case 5: Changes, new password only, password change succeeds
result = profile.edit_email_password(userid=userid,
username=username,
password=password,
newemail=None,
newemailcheck=None,
newpassword="******",
newpasscheck="1122334455")
assert "Your password has been successfully changed" in result
password = "******"
# Case 6: Changes, new email only, email mismatch
with pytest.raises(WeasylError) as err:
profile.edit_email_password(userid=userid,
username=username,
password=password,
newemail="*****@*****.**",
newemailcheck="*****@*****.**",
newpassword="",
newpasscheck="")
assert 'emailMismatch' == err.value.value
# Case 7: Changes, new email only, email already in use
db_utils.create_user(email_addr="*****@*****.**")
with pytest.raises(WeasylError) as err:
profile.edit_email_password(userid=userid,
username=username,
password=password,
newemail="*****@*****.**",
newemailcheck="*****@*****.**",
newpassword="",
newpasscheck="")
assert 'emailExists' == err.value.value
# Case 8: Changes, new email only, email change succeeds
newemailaddr = "*****@*****.**"
result = profile.edit_email_password(userid=userid,
username=username,
password=password,
newemail=newemailaddr,
newemailcheck=newemailaddr,
newpassword="",
newpasscheck="")
assert "Your email change request is currently pending" in result
query = d.engine.execute("""
SELECT userid, email, token, createtimestamp
FROM emailverify
WHERE userid = %(userid)s
""",
userid=userid).fetchone()
QID, QEMAIL, QTOKEN, QTIMESTAMP = query
assert QID == userid
assert QEMAIL == newemailaddr
assert len(QTOKEN) == 40
assert arrow.get(QTIMESTAMP)
# Now that we have the token, let's also verify that ``login.verify_email_change`` works.
# It's as good a place as any.
# Case 8.1/8.2: Make sure invalid token and/or userid doesn't work.
with pytest.raises(WeasylError) as err:
verify_email_change(None, "a")
assert "Unexpected" == err.value.value
with pytest.raises(WeasylError) as err:
verify_email_change(1, None)
assert "Unexpected" == err.value.value
# Case 8.3: An incorrect token is provided.
with pytest.raises(WeasylError) as err:
verify_email_change(userid, "a")
assert "ChangeEmailVerificationTokenIncorrect" == err.value.value
# Case 8.4: Correct token is provided, and the new email is written to `login`
result = verify_email_change(userid, QTOKEN)
assert result == newemailaddr
query = d.engine.scalar("""
SELECT email
FROM login
WHERE userid = %(userid)s
""",
userid=userid)
assert query == QEMAIL
# Case 9: Email and password changed at the same time.
newemailaddr = "*****@*****.**"
newpassword = "******"
result = profile.edit_email_password(userid=userid,
username=username,
password=password,
newemail=newemailaddr,
newemailcheck=newemailaddr,
newpassword=newpassword,
newpasscheck=newpassword)
assert "Your password has been successfully changed" in result
assert "Your email change request is currently pending" in result
def test_edit_email_password(monkeypatch):
monkeypatch.setattr(profile, 'invalidate_other_sessions', lambda x: '')
from weasyl.login import verify_email_change
password = "******"
username = "******"
email = "*****@*****.**"
userid = db_utils.create_user(username=username, password=password, email_addr=email)
# Case 1: No changes, user authentication succeeds
assert not profile.edit_email_password(
userid=userid, username=username, password=password, newemail=None, newemailcheck=None,
newpassword="", newpasscheck=""
)
# Case 2: No changes, user authentication fails
with pytest.raises(WeasylError) as err:
profile.edit_email_password(
userid=userid, username=username, password="******", newemail=None, newemailcheck=None,
newpassword="", newpasscheck=""
)
assert 'loginInvalid' == err.value.value
# Case 3: Changes, new password only, password too short/'insecure'
with pytest.raises(WeasylError) as err:
profile.edit_email_password(
userid=userid, username=username, password=password, newemail=None, newemailcheck=None,
newpassword="******", newpasscheck="012345"
)
assert 'passwordInsecure' == err.value.value
# Case 4: Changes, new password only, password mismatch
with pytest.raises(WeasylError) as err:
profile.edit_email_password(
userid=userid, username=username, password=password, newemail=None, newemailcheck=None,
newpassword="******", newpasscheck="1234567898"
)
assert 'passwordMismatch' == err.value.value
# Case 5: Changes, new password only, password change succeeds
result = profile.edit_email_password(
userid=userid, username=username, password=password, newemail=None, newemailcheck=None,
newpassword="******", newpasscheck="1122334455"
)
assert "Your password has been successfully changed" in result
password = "******"
# Case 6: Changes, new email only, email mismatch
with pytest.raises(WeasylError) as err:
profile.edit_email_password(
userid=userid, username=username, password=password,
newemail="*****@*****.**", newemailcheck="*****@*****.**",
newpassword="", newpasscheck=""
)
assert 'emailMismatch' == err.value.value
# Case 7: Changes, new email only, email already in use
db_utils.create_user(email_addr="*****@*****.**")
profile.edit_email_password(
userid=userid, username=username, password=password,
newemail="*****@*****.**", newemailcheck="*****@*****.**",
newpassword="", newpasscheck=""
)
query = d.engine.scalar("""
SELECT email FROM emailverify WHERE userid = %(userid)s LIMIT 1
""", userid=userid)
assert not query
# Case 8: Changes, new email only, email change succeeds
newemailaddr = "*****@*****.**"
result = profile.edit_email_password(
userid=userid, username=username, password=password,
newemail=newemailaddr, newemailcheck=newemailaddr,
newpassword="", newpasscheck=""
)
assert "Your email change request is currently pending" in result
query = d.engine.execute("""
SELECT userid, email, token, createtimestamp
FROM emailverify
WHERE userid = %(userid)s
""", userid=userid).fetchone()
QID, QEMAIL, QTOKEN, QTIMESTAMP = query
assert QID == userid
assert QEMAIL == newemailaddr
assert len(QTOKEN) == 40
assert arrow.get(QTIMESTAMP)
# Now that we have the token, let's also verify that ``login.verify_email_change`` works.
# It's as good a place as any.
# Case 8.1/8.2: Make sure invalid token and/or userid doesn't work.
with pytest.raises(WeasylError) as err:
verify_email_change(None, "a")
assert "Unexpected" == err.value.value
with pytest.raises(WeasylError) as err:
verify_email_change(1, None)
assert "Unexpected" == err.value.value
# Case 8.3: An incorrect token is provided.
with pytest.raises(WeasylError) as err:
verify_email_change(userid, "a")
assert "ChangeEmailVerificationTokenIncorrect" == err.value.value
# Case 8.4: Correct token is provided, and the new email is written to `login`
result = verify_email_change(userid, QTOKEN)
assert result == newemailaddr
query = d.engine.scalar("""
SELECT email
FROM login
WHERE userid = %(userid)s
""", userid=userid)
assert query == QEMAIL
# Case 9: Email and password changed at the same time.
newemailaddr = "*****@*****.**"
newpassword = "******"
result = profile.edit_email_password(
userid=userid, username=username, password=password, newemail=newemailaddr, newemailcheck=newemailaddr,
newpassword=newpassword, newpasscheck=newpassword
)
assert "Your password has been successfully changed" in result
assert "Your email change request is currently pending" in result