def _new(self):
# Do we allow account creation?
if Config.get('account_creation'):
"""Create a new person submit.
"""
# Remove fields not in class
results = self.form_result['person']
del results['password_confirm']
c.person = Person(**results)
c.person.email_address = c.person.email_address.lower()
meta.Session.add(c.person)
#for sn in self.form_result['social_network']:
# network = SocialNetwork.find_by_name(sn['name'])
# if sn['account_name']:
# c.person.social_networks[network] = sn['account_name']
meta.Session.commit()
if Config.get('confirm_email_address', category='rego') == 'no':
redirect_to(controller='person', action='confirm', confirm_hash=c.person.url_hash)
else:
email(c.person.email_address, render('/person/new_person_email.mako'))
# return render('/person/thankyou.mako')
return self.finish_login(c.person.email_address)
else:
return render('/not_allowed.mako')
def _new_incomplete(self):
results = self.form_result['person']
c.person = Person(**results)
c.person.email_address = c.person.email_address.lower()
meta.Session.add(c.person)
meta.Session.commit()
redirect_to(controller='person', action='index')
def validate_python(self, values, state):
assertion = values['assertion']
audience = h.url_for(qualified=True, controller='home').strip("/")
page = urllib2.urlopen('https://verifier.login.persona.org/verify',
urllib.urlencode({ "assertion": assertion,
"audience": audience}))
data = json.load(page)
if data['status'] == 'okay':
c.email = data['email']
c.person = Person.find_by_email(c.email)
if c.person is None:
if not Config.get('account_creation'):
error_message = "Your sign-in details are incorrect; try the 'Forgotten your password' link below."
message = "Login failed"
error_dict = {'email_address': error_message}
raise Invalid(message, values, state, error_dict=error_dict)
# Create a new account for this email address
c.person = Person()
c.person.email_address = data['email']
c.person.activated = True
meta.Session.add(c.person)
meta.Session.commit()
if not c.person.activated:
# Persona returns verified emails only, so might as well confirm this one...
c.person.activated = True
meta.Session.commit()
def test_create_duplicate_person(self):
Dummy_smtplib.install()
# create a fake user
p = Person(email_address='*****@*****.**')
p.activated = True
self.dbsession.save(p)
self.dbsession.flush()
pid = p.id
resp = self.app.get('/person/new')
f = resp.form
f['person.email_address'] = '*****@*****.**'
f['person.firstname'] = 'Testguy'
f['person.lastname'] = 'McTest'
f['person.password'] = '******'
f['person.password_confirm'] = 'test'
f['person.phone'] = '1234'
f['person.mobile'] = '1234'
f['person.address1'] = 'Moo St'
f['person.city'] = 'Tassie'
f['person.country'] = 'Australia'
f['person.postcode'] = '2000'
resp = f.submit()
resp.mustcontain('A person with this email already exists.')
resp.click('recover your password')
self.dbsession.delete(self.dbsession.query(Person).get(pid))
self.dbsession.flush()
def test_duplicate_password_reset(self):
"""Try to reset a password twice.
"""
c = Person(email_address='*****@*****.**')
self.dbsession.save(c)
self.dbsession.flush()
cid = c.id
#
email = '*****@*****.**'
# trap smtp
Dummy_smtplib.install()
resp = self.app.get(url_for(controller='person',
action='signin'))
resp = resp.click('Forgotten your password?')
f = resp.forms[0]
f['email_address'] = email
f.submit()
crec = self.dbsession.query(PasswordResetConfirmation).filter_by(email_address=email).one()
self.failIfEqual(None, crec)
crecid = crec.id
# submit a second time
resp = f.submit()
resp.mustcontain("password recovery process is already in progress")
# clean up
Dummy_smtplib.existing.reset()
self.dbsession.delete(self.dbsession.query(PasswordResetConfirmation).get(crecid))
self.dbsession.delete(self.dbsession.query(Person).get(cid))
self.dbsession.flush()
def test_registration_confirmation(self):
# insert registration model object
timestamp = datetime.datetime.now()
email_address = '*****@*****.**'
password = '******'
handle = 'testguy'
r = Person(creation_timestamp=timestamp,
email_address=email_address,
password=password,
handle=handle,
activated=False)
url_hash = r.url_hash
print url_hash
self.dbsession.save(r)
self.dbsession.flush()
rid = r.id
print r
# clear so that we reload the object later
self.dbsession.clear()
# visit the link
response = self.app.get('/person/confirm/' + url_hash)
response.mustcontain('Thanks for confirming your account')
# test that it's activated
r = self.dbsession.get(Person,rid)
self.assertEqual(True, r.activated, "registration was not activated")
# clean up
self.dbsession.delete(self.dbsession.query(Person).get(rid))
self.dbsession.flush()
def test_confirm(self):
"""Test confirmation of a password reset that should succeed"""
# create a confirmation record
email = '*****@*****.**'
p = Person(email_address=email)
self.dbsession.save(p)
c = PasswordResetConfirmation(email_address=email)
# set the timestamp to just under 24 hours ago
c.timestamp = datetime.datetime.now() - datetime.timedelta(23, 59, 59)
self.dbsession.save(c)
self.dbsession.flush()
pid = p.id
cid = c.id
resp = self.app.get(url_for(controller='person',
action='reset_password',
url_hash=c.url_hash))
# showing the email on the page
resp.mustcontain(email)
f = resp.form
f['password'] = '******'
f['password_confirm'] = 'test'
resp = f.submit()
# check for success
resp.mustcontain("Your password has been updated")
self.dbsession.clear()
# conf rec should be gone
c = self.dbsession.get(PasswordResetConfirmation, cid)
self.assertEqual(None, c)
# password should be set to 'test'
p_hash = md5.new('test').hexdigest()
p = self.dbsession.get(Person, pid)
self.assertEqual(p_hash, p.password_hash)
self.dbsession.delete(p)
self.dbsession.flush()
