def _new(self): # Do we allow account creation? if Config.get('account_creation'): """Create a new person submit. """ # Remove fields not in class results = self.form_result['person'] del results['password_confirm'] c.person = Person(**results) c.person.email_address = c.person.email_address.lower() meta.Session.add(c.person) #for sn in self.form_result['social_network']: # network = SocialNetwork.find_by_name(sn['name']) # if sn['account_name']: # c.person.social_networks[network] = sn['account_name'] meta.Session.commit() if Config.get('confirm_email_address', category='rego') == 'no': redirect_to(controller='person', action='confirm', confirm_hash=c.person.url_hash) else: email(c.person.email_address, render('/person/new_person_email.mako')) # return render('/person/thankyou.mako') return self.finish_login(c.person.email_address) else: return render('/not_allowed.mako')
def _new_incomplete(self): results = self.form_result['person'] c.person = Person(**results) c.person.email_address = c.person.email_address.lower() meta.Session.add(c.person) meta.Session.commit() redirect_to(controller='person', action='index')
def validate_python(self, values, state): assertion = values['assertion'] audience = h.url_for(qualified=True, controller='home').strip("/") page = urllib2.urlopen('https://verifier.login.persona.org/verify', urllib.urlencode({ "assertion": assertion, "audience": audience})) data = json.load(page) if data['status'] == 'okay': c.email = data['email'] c.person = Person.find_by_email(c.email) if c.person is None: if not Config.get('account_creation'): error_message = "Your sign-in details are incorrect; try the 'Forgotten your password' link below." message = "Login failed" error_dict = {'email_address': error_message} raise Invalid(message, values, state, error_dict=error_dict) # Create a new account for this email address c.person = Person() c.person.email_address = data['email'] c.person.activated = True meta.Session.add(c.person) meta.Session.commit() if not c.person.activated: # Persona returns verified emails only, so might as well confirm this one... c.person.activated = True meta.Session.commit()
def test_create_duplicate_person(self): Dummy_smtplib.install() # create a fake user p = Person(email_address='*****@*****.**') p.activated = True self.dbsession.save(p) self.dbsession.flush() pid = p.id resp = self.app.get('/person/new') f = resp.form f['person.email_address'] = '*****@*****.**' f['person.firstname'] = 'Testguy' f['person.lastname'] = 'McTest' f['person.password'] = '******' f['person.password_confirm'] = 'test' f['person.phone'] = '1234' f['person.mobile'] = '1234' f['person.address1'] = 'Moo St' f['person.city'] = 'Tassie' f['person.country'] = 'Australia' f['person.postcode'] = '2000' resp = f.submit() resp.mustcontain('A person with this email already exists.') resp.click('recover your password') self.dbsession.delete(self.dbsession.query(Person).get(pid)) self.dbsession.flush()
def test_duplicate_password_reset(self): """Try to reset a password twice. """ c = Person(email_address='*****@*****.**') self.dbsession.save(c) self.dbsession.flush() cid = c.id # email = '*****@*****.**' # trap smtp Dummy_smtplib.install() resp = self.app.get(url_for(controller='person', action='signin')) resp = resp.click('Forgotten your password?') f = resp.forms[0] f['email_address'] = email f.submit() crec = self.dbsession.query(PasswordResetConfirmation).filter_by(email_address=email).one() self.failIfEqual(None, crec) crecid = crec.id # submit a second time resp = f.submit() resp.mustcontain("password recovery process is already in progress") # clean up Dummy_smtplib.existing.reset() self.dbsession.delete(self.dbsession.query(PasswordResetConfirmation).get(crecid)) self.dbsession.delete(self.dbsession.query(Person).get(cid)) self.dbsession.flush()
def test_registration_confirmation(self): # insert registration model object timestamp = datetime.datetime.now() email_address = '*****@*****.**' password = '******' handle = 'testguy' r = Person(creation_timestamp=timestamp, email_address=email_address, password=password, handle=handle, activated=False) url_hash = r.url_hash print url_hash self.dbsession.save(r) self.dbsession.flush() rid = r.id print r # clear so that we reload the object later self.dbsession.clear() # visit the link response = self.app.get('/person/confirm/' + url_hash) response.mustcontain('Thanks for confirming your account') # test that it's activated r = self.dbsession.get(Person,rid) self.assertEqual(True, r.activated, "registration was not activated") # clean up self.dbsession.delete(self.dbsession.query(Person).get(rid)) self.dbsession.flush()
def test_confirm(self): """Test confirmation of a password reset that should succeed""" # create a confirmation record email = '*****@*****.**' p = Person(email_address=email) self.dbsession.save(p) c = PasswordResetConfirmation(email_address=email) # set the timestamp to just under 24 hours ago c.timestamp = datetime.datetime.now() - datetime.timedelta(23, 59, 59) self.dbsession.save(c) self.dbsession.flush() pid = p.id cid = c.id resp = self.app.get(url_for(controller='person', action='reset_password', url_hash=c.url_hash)) # showing the email on the page resp.mustcontain(email) f = resp.form f['password'] = '******' f['password_confirm'] = 'test' resp = f.submit() # check for success resp.mustcontain("Your password has been updated") self.dbsession.clear() # conf rec should be gone c = self.dbsession.get(PasswordResetConfirmation, cid) self.assertEqual(None, c) # password should be set to 'test' p_hash = md5.new('test').hexdigest() p = self.dbsession.get(Person, pid) self.assertEqual(p_hash, p.password_hash) self.dbsession.delete(p) self.dbsession.flush()