def test_FullSignUp(self):
#Registering a new user
url_to_signup = '/sso/registration/'
url_to_verify_key = '/sso/account-confirm-email/'
data = {
'username': "******",
'password1': 'optica2020',
'password2': 'optica2020',
'email': '*****@*****.**',
'clave_ciudadano': '123abc'
}
response = self.client.post(url_to_signup, data)
#verifying the user email
exist_keyclassgenerator = EmailConfirmationHMAC(
EmailAddress.objects.get(email='*****@*****.**'))
key = {'key': exist_keyclassgenerator.key}
self.assertEqual(type(key['key']), type('str'))
try:
exist_keyclassgenerator2 = EmailConfirmationHMAC(
EmailAddress.objects.get(email='*****@*****.**'))
key = {'key': exist_keyclassgenerator2.key}
self.assertEqual(type(key['key']), type('str'))
except:
self.assertEqual('correo no existe', 'correo no existe')
response1 = self.client.post(url_to_verify_key, key)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
self.assertEqual(
UserCustom.objects.get(id=1).username, data['username'])
self.assertEqual(response1.status_code, status.HTTP_200_OK)
self.assertEqual(response1.data, {'detail': 'ok'})
def validate(self, attrs):
token = attrs['token']
payload = self._check_payload(token=token)
username = jwt_get_username_from_payload(payload)
if username:
user = self._check_user(username)
new_token = get_login_token_with_auth_info(user, AuthAction.LOGIN,
AuthProvider.EMAIL)
self.instance = dict(token=new_token, user=user)
return self.instance
if payload['provider'] == AuthProvider.SOCIAL.value:
email = self._check_email(payload['email'], False)
try:
email_address = EmailAddress.objects.get(email=email)
except EmailAddress.DoesNotExist:
raise serializers.ValidationError(_("User doesn't exist."))
ret = EmailConfirmationHMAC(email_address)
ret.confirm(self._request)
user = email_address.user
new_token = get_login_token_with_auth_info(user,
AuthAction.REGISTRATION,
AuthProvider.SOCIAL,
payload.get('social'))
self.instance = dict(token=new_token, user=user)
return self.instance
email = self._check_email(payload['email'], True)
return dict(email=email)
def test_email_confirmation_hmac_timeout(self):
user = self._create_user()
email = EmailAddress.objects.create(
user=user, email="*****@*****.**", verified=False, primary=True
)
confirmation = EmailConfirmationHMAC(email)
confirmation.send()
self.assertEqual(len(mail.outbox), 1)
self.client.post(reverse("account_confirm_email", args=[confirmation.key]))
email = EmailAddress.objects.get(pk=email.pk)
self.assertFalse(email.verified)
def test_email_confirmation_hmac_timeout(self):
user = self._create_user()
email = EmailAddress.objects.create(
user=user,
email='*****@*****.**',
verified=False,
primary=True)
confirmation = EmailConfirmationHMAC(email)
confirmation.send()
self.assertEqual(len(mail.outbox), 1)
self.client.post(
reverse('account_confirm_email',
args=[confirmation.key]))
email = EmailAddress.objects.get(pk=email.pk)
self.assertFalse(email.verified)
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
if not EmailAddress.objects.filter(user=self.request.user,
verified=True).exists():
user_email_address = EmailAddress.objects.get(
user=self.request.user)
user_email_confirmation = EmailConfirmationHMAC(
email_address=user_email_address)
user_email_confirmation.send(self.request, False)
context["verified"] = EmailAddress.objects.filter(
user=self.request.user, verified=True).exists()
return context
def test_login_on_confirm(self):
user = self._create_user()
email = EmailAddress.objects.create(
user=user,
email='*****@*****.**',
verified=False,
primary=True)
key = EmailConfirmationHMAC(email).key
receiver_mock = Mock() # we've logged if signal was called
user_logged_in.connect(receiver_mock)
# fake post-signup account_user stash
session = self.client.session
session['account_user'] = user_pk_to_url_str(user)
session.save()
resp = self.client.post(
reverse('account_confirm_email',
args=[key]))
email = EmailAddress.objects.get(pk=email.pk)
self.assertTrue(email.verified)
receiver_mock.assert_called_once_with(
sender=get_user_model(),
request=resp.wsgi_request,
response=resp,
user=get_user_model().objects.get(username='******'),
signal=user_logged_in,
)
user_logged_in.disconnect(receiver_mock)
def _get_email_confirmation(self, key):
email_confirmation = EmailConfirmationHMAC.from_key(key)
if not email_confirmation:
# noinspection PyTypeChecker
queryset = ConfirmEmailView.get_queryset(self=None)
email_confirmation = queryset.get(key=key.lower())
return email_confirmation
def get_email_confirmation_redirect_url(self, request, badgr_app=None):
"""
The URL to return to after successful e-mail confirmation.
"""
if badgr_app is None:
badgr_app = BadgrApp.objects.get_current(request)
if not badgr_app:
logger = logging.getLogger(self.__class__.__name__)
logger.warning("Could not determine authorized badgr app")
return super(BadgrAccountAdapter, self).get_email_confirmation_redirect_url(request)
try:
resolverMatch = resolve(request.path)
confirmation = EmailConfirmationHMAC.from_key(resolverMatch.kwargs.get('confirm_id'))
# publish changes to cache
email_address = CachedEmailAddress.objects.get(pk=confirmation.email_address.pk)
email_address.save()
redirect_url = urlparse.urljoin(
badgr_app.email_confirmation_redirect.rstrip('/') + '/',
urllib.quote(email_address.user.first_name.encode('utf8'))
)
redirect_url = set_url_query_params(redirect_url, email=email_address.email.encode('utf8'))
return redirect_url
except Resolver404, EmailConfirmation.DoesNotExist:
return badgr_app.email_confirmation_redirect
def get(self, request, **kwargs):
"""
Confirm an email address
"""
badgrapp_id = request.query_params.get('a', None)
if badgrapp_id is None:
badgrapp_id = getattr(settings, 'BADGR_APP_ID', 1)
try:
badgrapp = BadgrApp.objects.get(id=badgrapp_id)
except BadgrApp.DoesNotExist:
return Response(status=HTTP_404_NOT_FOUND)
emailconfirmation = EmailConfirmationHMAC.from_key(
kwargs.get('confirm_id'))
if emailconfirmation is None:
return Response(status=HTTP_404_NOT_FOUND)
try:
email_address = CachedEmailAddress.cached.get(
pk=emailconfirmation.email_address.pk)
except CachedEmailAddress.DoesNotExist:
return Response(status=HTTP_404_NOT_FOUND)
email_address.verified = True
email_address.save()
process_email_verification.delay(email_address.pk)
redirect_url = badgrapp.ui_login_redirect
return Response(status=HTTP_302_FOUND,
headers={'Location': redirect_url})
def test_full_user_registration_process(self):
outbox = mail.outbox
self.assertEqual(len(outbox), 0)
url = '/rest-auth/registration/'
payload = {
"email": "*****@*****.**",
"password1": "ILoveTacos",
"password2": "ILoveTacos",
"time_zone": "US/Eastern",
"phone_number": "5556798786"
}
resp = self.client.post(url, payload)
self.assertEqual(resp.status_code, 201)
self.assertEqual(len(outbox), 1)
conf_email = outbox[0]
self.assertEqual(conf_email.to[0], '*****@*****.**')
self.assertEqual(conf_email.subject,
'[example.com] Activate your Sports Warning Account')
url = '/rest-auth/login/'
payload = {"email": "*****@*****.**", "password": "******"}
resp = self.client.post(url, payload)
self.assertEqual(resp.status_code, 400)
self.assertEqual(resp.json()['non_field_errors'][0],
'E-mail is not verified.')
email = EmailAddress.objects.get(email='*****@*****.**')
key = EmailConfirmationHMAC(email).key
url = '/rest-auth/registration/verify-email/'
payload = {"key": key}
resp = self.client.post(url, payload)
self.assertEqual(resp.status_code, 200)
url = '/rest-auth/login/'
payload = {"email": "*****@*****.**", "password": "******"}
resp = self.client.post(url, payload)
self.assertEqual(resp.status_code, 200)
def get_confirmkey_data(request):
"""
Get data for an email confirmation key
"""
response = {}
key = request.POST['key']
confirmation = EmailConfirmationHMAC.from_key(key)
if not confirmation:
qs = EmailConfirmation.objects.all_valid()
qs = qs.select_related("email_address__user")
confirmation = qs.filter(key=key.lower()).first()
if confirmation:
status = 200
response['username'] = confirmation.email_address.user.username
response['email'] = confirmation.email_address.email
if request.user:
if request.user != confirmation.email_address.user:
response['logout'] = True
logout(request)
# We check if the user has another verified email already. If yes,
# we don't need to display the terms and test server warning again.
if confirmation.email_address.user.emailaddress_set.filter(
verified=True
).first():
response['verified'] = True
else:
response['verified'] = False
else:
status = 404
return JsonResponse(
response,
status=status
)
def get_email_confirmation_redirect_url(self, request, badgr_app=None):
"""
The URL to return to after successful e-mail confirmation.
"""
if badgr_app is None:
badgr_app = BadgrApp.objects.get_current(request)
if not badgr_app:
logger = logging.getLogger(self.__class__.__name__)
logger.warning("Could not determine authorized badgr app")
return super(BadgrAccountAdapter,
self).get_email_confirmation_redirect_url(request)
try:
resolverMatch = resolve(request.path)
confirmation = EmailConfirmationHMAC.from_key(
resolverMatch.kwargs.get('confirm_id'))
# publish changes to cache
email_address = CachedEmailAddress.objects.get(
pk=confirmation.email_address.pk)
email_address.save()
redirect_url = urlparse.urljoin(
badgr_app.email_confirmation_redirect.rstrip('/') + '/',
urllib.quote(email_address.user.first_name.encode('utf8')))
redirect_url = set_url_query_params(
redirect_url, email=email_address.email.encode('utf8'))
return redirect_url
except Resolver404, EmailConfirmation.DoesNotExist:
return badgr_app.email_confirmation_redirect
def step_impl(context):
email = EmailAddress.objects.get(user=context.user)
confirmation = EmailConfirmationHMAC(email)
context.get_browser().visit(
context.base_url +
'/accounts/confirm-email/{}/'.format(confirmation.key)
)
def get(self, request, **kwargs):
"""
Confirm an email address with a token provided in an email
---
parameters:
- name: token
type: string
paramType: form
description: The token received in the recovery email
required: true
"""
token = request.query_params.get('token')
badgrapp_id = request.query_params.get('a', None)
if badgrapp_id is None:
badgrapp_id = getattr(settings, 'BADGR_APP_ID', 1)
try:
badgrapp = BadgrApp.objects.get(id=badgrapp_id)
except BadgrApp.DoesNotExist:
return Response(status=HTTP_404_NOT_FOUND)
emailconfirmation = EmailConfirmationHMAC.from_key(kwargs.get('confirm_id'))
if emailconfirmation is None:
return Response(status=HTTP_404_NOT_FOUND)
try:
email_address = CachedEmailAddress.cached.get(pk=emailconfirmation.email_address.pk)
except CachedEmailAddress.DoesNotExist:
return Response(status=HTTP_404_NOT_FOUND)
matches = re.search(r'([0-9A-Za-z]+)-(.*)', token)
if not matches:
return Response(status=HTTP_404_NOT_FOUND)
uidb36 = matches.group(1)
key = matches.group(2)
if not (uidb36 and key):
return Response(status=HTTP_404_NOT_FOUND)
user = self._get_user(uidb36)
if user is None or not default_token_generator.check_token(user, key):
return Response(status=HTTP_404_NOT_FOUND)
if email_address.user != user:
return Response(status=HTTP_404_NOT_FOUND)
old_primary = CachedEmailAddress.objects.get_primary(user)
if old_primary is None:
email_address.primary = True
email_address.verified = True
email_address.save()
process_email_verification.delay(email_address.pk)
# get badgr_app url redirect
redirect_url = get_adapter().get_email_confirmation_redirect_url(request, badgr_app=badgrapp)
redirect_url = set_url_query_params(redirect_url, authToken=user.auth_token)
return Response(status=HTTP_302_FOUND, headers={'Location': redirect_url})
def get_confirmation_object(key, queryset=None):
email_confirmation = EmailConfirmationHMAC.from_key(key)
if not email_confirmation:
if queryset is None:
queryset = EmailConfirmation.objects.all_valid()
queryset = queryset.select_related("email_address__user")
email_confirmation = get_object_or_404(queryset, key=key.lower())
return email_confirmation
def perform_create(self, serializer):
user = serializer.save(self.request)
if getattr(settings, "REST_USE_JWT", False):
self.token = jwt_encode(user)
email = EmailAddress.objects.get(user=user, email=user.email)
confirmation = EmailConfirmationHMAC(email)
tasks.send_confirmation_email.delay(user.username, user.email, confirmation.key)
return user
def post(self, request, *args, **kwargs):
email = request.data.get("email", None)
email_address = get_object_or_404(EmailAddress, email=email)
confirmation = EmailConfirmationHMAC(email_address)
tasks.send_confirmation_email.delay(
email_address.user.username, email_address.email, confirmation.key
)
return Response({"detail": _("Email Confirmation Sent.")})
def get_object(self, queryset=None):
key = self.kwargs['key']
if allauth_settings.EMAIL_CONFIRMATION_HMAC:
emailconfirmation = EmailConfirmationHMAC.from_key(key)
else:
emailconfirmation = EmailConfirmation.objects.filter(key=key)[0]
return emailconfirmation
def setUp(self):
self.user = User.objects.create_user(username="******",
email="*****@*****.**",
password="******")
self.email_address = EmailAddress.objects.create(user=self.user,
email=self.user.email,
verified=True,
primary=True)
self.confirm_key = EmailConfirmationHMAC(self.email_address).key
def perform_create(self, serializer):
user = serializer.save(self.request)
if getattr(settings, 'REST_USE_JWT', False):
self.token = jwt_encode(user)
email = EmailAddress.objects.get(user=user, email=user.email)
confirmation = EmailConfirmationHMAC(email)
print("key ->>>", confirmation.key)
# TODO send email confirmation here
return user
def get(self, request, key, format=None):
confirmation = EmailConfirmationHMAC.from_key(key)
if not confirmation:
return Response({"detail": "wrong confirm key or expired"}, status=status.HTTP_400_BAD_REQUEST)
email = confirmation.confirm(self.request)
if email is None:
return Response({"detail": "this email already confirmed."}, status=status.HTTP_400_BAD_REQUEST)
else:
return Response({"email": email.email})
def form_valid(self, form):
org = form.save()
# by default, make the user creating the org the admin
admin = Membership(member=self.request.user, organization=org,)
admin.save()
email_content = (
"Dear Representable Team, "
+ self.request.user.email
+ " signed up to create an organization called "
+ org.name
+ ", in the state(s) of "
+ str(org.states)
+ " Their organization description: "
+ org.description
+ "."
)
send_mail(
"[Action Required] New Organization Sign-up",
email_content,
"*****@*****.**",
["*****@*****.**"],
# ["*****@*****.**"],
fail_silently=False,
)
self.success_url = reverse_lazy(
"main:thanks_org", kwargs=org.get_url_kwargs()
)
if not EmailAddress.objects.filter(
user=self.request.user, verified=True
).exists():
user_email_address = EmailAddress.objects.get(
user=self.request.user
)
user_email_confirmation = EmailConfirmationHMAC(
email_address=user_email_address
)
user_email_confirmation.send(self.request, False)
return super().form_valid(form)
def get_object(self, key):
confirmation = EmailConfirmationHMAC.from_key(key)
if confirmation is None:
try:
qs = EmailConfirmation.objects.all_valid()
confirmation = qs.select_related('email_address__user').get(
key=key.lower())
except ObjectDoesNotExist:
raise
return confirmation
def test_on_boarding_workflow(self):
# main page has registration link
self.assertContains(self.client.get("", follow=True),
reverse("account_signup"))
# user fills out registration form
self.assertContains(self.client.get(reverse("account_signup")),
"Vorname")
response = self.client.post(
reverse("account_signup"),
{
"first_name": "Bob",
"last_name": "Jones",
"email": "*****@*****.**",
"password1": "the password open sesame",
"password2": "the password open sesame",
},
)
self.assertRedirects(response,
reverse("account_email_verification_sent"))
user = User.objects.get(first_name="Bob")
self.assertEqual(user.last_name, "Jones")
self.assertEqual(user.email, "*****@*****.**")
self.assertEqual(user.access.count(), 0)
# user clicks on link in their email verification link
confirmation = EmailConfirmationHMAC(user.emailaddress_set.get())
self.client.post(
reverse("account_confirm_email", args=[confirmation.key]))
response = self.client.post(
reverse("account_login"),
{
"login": "******",
"password": "******"
},
follow=True,
)
self.assertRedirects(response, reverse("companies"))
self.assertContains(response, reverse("company.create"))
self.assertContains(self.client.get(reverse("company.create")),
"Subdomain")
response = self.client.post(
reverse("company.create"),
{
"name": "Widgets LLC",
"schema": "widgets",
"timezone": "Europe/Berlin"
},
follow=True,
HTTP_HOST="widgets.systori.localhost",
)
self.assertRedirects(response, "http://widgets.systori.localhost")
self.assertContains(response, "Widgets LLC")
def update(self, instance, validated_data):
profile_data = validated_data.pop('profile', {})
phone_number = profile_data.pop('phone_number', None)
profile_picture = profile_data.get('profile_picture', None)
about = profile_data.get('about', None)
address = profile_data.get('address', None)
birth_date = profile_data.get('birth_date', None)
transportation = profile_data.get('transportation', None)
gender = profile_data.get('gender', None)
id_number = profile_data.get('id_number', None)
id_images = profile_data.get('id_images', [])
is_tasker = profile_data.get('is_tasker', None)
new_email = validated_data.pop('email', None)
user = super(UserSerializer, self).update(instance, validated_data)
if new_email:
if EmailAddress.objects.filter(user=user,
email=new_email,
verified=False).exists():
raise exceptions.ValidationError(
_("Email confirmation has been sent"))
if not EmailAddress.objects.filter(
user=user, email=new_email, verified=False).exists():
email_address = EmailAddress.objects.add_email(
self.context.get('request'), user, new_email)
confirmation = EmailConfirmationHMAC(email_address)
print("confirmation key ->", confirmation.key)
# TODO send mail to confirmation
profile = user.profile
if profile_data:
if phone_number:
profile.phone_number = phone_number
if profile_picture:
profile.profile_picture = profile_picture
if about:
profile.about = about
if address:
profile.address = address
if birth_date:
profile.birth_date = birth_date
if transportation:
profile.transportation = transportation
if gender:
profile.gender = gender
if id_number:
profile.id_number = id_number
if id_images:
profile.id_images = id_images
if is_tasker:
profile.is_tasker = is_tasker
profile.save()
return instance
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
has_drive = False
organization_name = ""
drive_name = ""
if kwargs["drive"]:
has_drive = True
drive_slug = self.kwargs["drive"]
drive = Drive.objects.get(slug=drive_slug)
drive_name = drive.name
organization = drive.organization
organization_name = organization.name
if EmailAddress.objects.filter(
user=self.request.user, verified=True
).exists():
context["verified"] = True
else:
user_email_address = EmailAddress.objects.get(
user=self.request.user
)
user_email_confirmation = EmailConfirmationHMAC(
email_address=user_email_address
)
# default_adapter = adapter.get_adapter()
# default_adapter.send_confirmation_mail(self.request, user_email_confirmation, False)
# user_email_address.send_confirmation(None, False)
user_email_confirmation.send(self.request, False)
context["verified"] = False
context["map_url"] = self.kwargs["map_id"]
context["drive"] = self.kwargs["drive"]
context["has_drive"] = has_drive
context["organization_name"] = organization_name
context["drive_name"] = drive_name
return context
def get_object(self, queryset=None):
key = self.kwargs['key']
email_confirmation = EmailConfirmationHMAC.from_key(key)
if not email_confirmation:
if queryset is None:
queryset = self.get_queryset()
try:
email_confirmation = queryset.get(key=key.lower())
except EmailConfirmation.DoesNotExist:
return Response(status.HTTP_406_NOT_ACCEPTABLE)
return email_confirmation
def get_object(self, queryset=None):
key = get_adapter().email_confirmation_key(self.request)
emailconfirmation = EmailConfirmationHMAC.from_key(key)
if not emailconfirmation:
if queryset is None:
queryset = self.get_queryset()
try:
emailconfirmation = queryset.get(key=key.lower())
except EmailConfirmation.DoesNotExist:
pass
return emailconfirmation
def ConfirmEmail(request, key):
emailconfirmation = EmailConfirmationHMAC.from_key(key)
if not emailconfirmation:
qs = EmailConfirmation.objects.all_valid()
queryset = qs.select_related("email_address__user")
try:
emailconfirmation = queryset.get(key=key.lower())
except EmailConfirmation.DoesNotExist:
return render(request, 'confirm_email.html', {'error': True})
emailconfirmation.confirm(request)
return render(request, 'confirm_email.html', {'error': False})
def get_object(self, queryset=None):
key = self.kwargs['key']
emailconfirmation = EmailConfirmationHMAC.from_key(key)
if not emailconfirmation:
if queryset is None:
queryset = self.get_queryset()
try:
emailconfirmation = queryset.get(key=key.lower())
except EmailConfirmation.DoesNotExist:
raise EmailConfirmation.DoesNotExist
return emailconfirmation
def patch(self, request, key=None):
try:
confirmation = EmailConfirmationHMAC.from_key(key)
confirmation.confirm(self.request)
serializer = PressPassEmailAddressSerializer(
confirmation.email_address)
return Response(serializer.data)
except EmailConfirmation.DoesNotExist:
return Response("Please specify a valid key",
status=status.HTTP_400_BAD_REQUEST)
def account_confirm_email(request, key):
emailconfirmation = EmailConfirmationHMAC.from_key(key)
if not emailconfirmation:
queryset = EmailConfirmation.objects.all_valid()
queryset = queryset.select_related("email_address__user")
try:
emailconfirmation = queryset.get(key=key.lower())
except EmailConfirmation.DoesNotExist:
raise Http404()
emailconfirmation.confirm(request)
return Response("Test")
def get_object(self, queryset=None):
key = self.kwargs['key']
email_confirmation = EmailConfirmationHMAC.from_key(key)
if not email_confirmation:
if queryset is None:
queryset = self.get_queryset()
try:
email_confirmation = queryset.get(key=key.lower())
except EmailConfirmation.DoesNotExist:
# A React Router Route will handle the failure scenario
return HttpResponseRedirect('/login/failure')
return email_confirmation
def test_welcome_mail_for_unverified_email(self):
Switch.objects.get_or_create(name='welcome_email', active=True)
testuser = user(username='******', email='*****@*****.**',
password='******', save=True)
email_address = EmailAddress.objects.create(user=testuser,
email='*****@*****.**',
verified=False)
request = self.rf.get('/')
request.LANGUAGE_CODE = 'en-US'
# emulate the phase in which the request for email confirmation is
# sent as the user's email address is not verified
confirmation = EmailConfirmationHMAC(email_address)
confirmation.send()
# only one email, the confirmation email is sent
self.assertEqual(len(mail.outbox), 1)
confirm_email = mail.outbox[0]
expected_to = [email_address.email]
self.assertEqual(expected_to, confirm_email.to)
self.assertTrue('Confirm' in confirm_email.subject)
# Click on a similar confirm link (HMAC has timestamp, changes)
link = reverse('account_confirm_email', locale='en-US', args=[confirmation.key])
resp = self.client.get(link)
assert resp.status_code == 200
resp = self.client.post(link, follow=True)
assert resp.status_code == 200
# a second email, the welcome email, is sent
self.assertEqual(len(mail.outbox), 2)
welcome_email = mail.outbox[1]
expected_to = [email_address.email]
self.assertEqual(expected_to, welcome_email.to)
self.assertTrue('utm_campaign=welcome' in welcome_email.body)
# now add second unverified email address to the user
# and check if the usual confirmation email is sent out
email_address2 = EmailAddress.objects.create(user=testuser,
email='*****@*****.**',
verified=False)
confirmation2 = EmailConfirmationHMAC(email_address2)
confirmation2.send()
self.assertEqual(len(mail.outbox), 3)
confirm_email2 = mail.outbox[2]
expected_to = [email_address2.email]
self.assertEqual(expected_to, confirm_email2.to)
self.assertTrue('Confirm' in confirm_email2.subject)
# Confirm the second email address
link2 = reverse('account_confirm_email', locale='en-US',
args=[confirmation2.key])
resp = self.client.get(link2)
assert resp.status_code == 200
resp = self.client.post(link2, follow=True)
assert resp.status_code == 200
# no increase in number of emails (no 2nd welcome email)
self.assertEqual(len(mail.outbox), 3)
self.assertTrue('Confirm' in mail.outbox[2].subject)
def get(self, request, **kwargs):
"""
Confirm an email address with a token provided in an email
---
parameters:
- name: token
type: string
paramType: form
description: The token received in the recovery email
required: true
"""
token = request.query_params.get('token')
badgrapp_id = request.query_params.get('a', None)
if badgrapp_id is None:
badgrapp_id = getattr(settings, 'BADGR_APP_ID', 1)
try:
badgrapp = BadgrApp.objects.get(id=badgrapp_id)
except BadgrApp.DoesNotExist:
return Response(status=HTTP_404_NOT_FOUND)
emailconfirmation = EmailConfirmationHMAC.from_key(kwargs.get('confirm_id'))
if emailconfirmation is None:
return Response(status=HTTP_404_NOT_FOUND)
try:
email_address = CachedEmailAddress.cached.get(pk=emailconfirmation.email_address.pk)
except CachedEmailAddress.DoesNotExist:
return Response(status=HTTP_404_NOT_FOUND)
matches = re.search(r'([0-9A-Za-z]+)-(.*)', token)
if not matches:
return Response(status=HTTP_404_NOT_FOUND)
uidb36 = matches.group(1)
key = matches.group(2)
if not (uidb36 and key):
return Response(status=HTTP_404_NOT_FOUND)
user = self._get_user(uidb36)
if user is None or not default_token_generator.check_token(user, key):
return Response(status=HTTP_404_NOT_FOUND)
if email_address.user != user:
return Response(status=HTTP_404_NOT_FOUND)
old_primary = CachedEmailAddress.objects.get_primary(user)
if old_primary is None:
email_address.primary = True
email_address.verified = True
email_address.save()
process_email_verification.delay(email_address.pk)
# get badgr_app url redirect
redirect_url = get_adapter().get_email_confirmation_redirect_url(request, badgr_app=badgrapp)
# generate an AccessToken for the user
accesstoken = BadgrAccessToken.objects.generate_new_token_for_user(
user,
application=badgrapp.oauth_application if badgrapp.oauth_application_id else None,
scope='rw:backpack rw:profile rw:issuer')
if badgrapp.use_auth_code_exchange:
authcode = authcode_for_accesstoken(accesstoken)
redirect_url = set_url_query_params(redirect_url, authCode=authcode)
else:
redirect_url = set_url_query_params(redirect_url, authToken=accesstoken.token)
return Response(status=HTTP_302_FOUND, headers={'Location': redirect_url})
