def create(self):
form = ProfileForm(self.request.POST)
if self.request.method == 'POST' and form.validate():
name = ' '.join([form.first_name.data, form.last_name.data])
# Create the webapp2_extras.auth user.
model = self.auth.store.user_model
ok, user = model.create_user(form.data['email'],
password_raw=form.data['password'])
if not ok:
self.session.add_flash(messages.EDITOR_CREATE_ERROR,
level='error')
return self.redirect_to('editors.list')
# Create the profile.
profile = Profile(name=name,
email=form.data['email'],
is_editor=True,
auth_user_id=user.key.id())
profile.put()
# Force reload of profile object
Profile.get(profile.key())
self.session.add_flash(messages.EDITOR_CREATE_SUCCESS)
return self.redirect_to('editors.list')
return self.render_to_response('editors/form.haml', {'form': form})
def create(self):
form = ProfileForm(self.request.POST)
if self.request.method == 'POST' and form.validate():
name = ' '.join([form.first_name.data,
form.last_name.data])
# Create the webapp2_extras.auth user.
model = self.auth.store.user_model
ok, user = model.create_user(form.data['email'],
password_raw=form.data['password'])
if not ok:
self.session.add_flash(messages.EDITOR_CREATE_ERROR,
level='error')
return self.redirect_to('editors.list')
# Create the profile.
profile = Profile(name=name,
email=form.data['email'],
is_editor=True,
auth_user_id=user.key.id())
profile.put()
# Force reload of profile object
Profile.get(profile.key())
self.session.add_flash(messages.EDITOR_CREATE_SUCCESS)
return self.redirect_to('editors.list')
return self.render_to_response('editors/form.haml', {'form': form})
def test_forgot_password_post_sends_email(self):
self.assertNotLoggedIn()
profile = self.create_profile()
response = self.app.get(self.uri_for('forgot-password'))
form = response.forms['forgot-password']
form['email'] = profile.email
response = form.submit()
# Check the task was put on the mail queue.
tasks = self.taskqueue_stub.get_filtered_tasks(queue_names='mail')
self.assertIn('mail', tasks[0].headers['X-AppEngine-QueueName'])
task, = tasks
deferred.run(task.payload)
messages = self.mail_stub.get_sent_messages()
self.assertLength(1, messages)
message, = messages
profile = Profile.get(profile.key())
# Reload profile to get new activation key.
self.assertEqual('"%s" <%s>' % (profile.name, profile.email),
message.to)
self.assertEqual(constants.FULL_NO_REPLY_EMAIL, message.sender)
self.assertEqual(constants.FULL_SUPPORT_EMAIL, message.reply_to)
self.assertIn(profile.activation_key, message.body.decode())
self.assertIn(profile.activation_key, message.html.decode())
recover_uri = self.uri_for('forgot-password', k=profile.activation_key)
self.assertIn(recover_uri, message.body.decode())
self.assertIn(recover_uri, message.html.decode())
def endpoint_get(data: dict, user: str) -> dict:
profile: Profile = Profile.get(user)
if profile is None:
return invalid_user_uuid
return profile.serialize
def test_forgot_password_post_sends_email(self):
self.assertNotLoggedIn()
profile = self.create_profile()
response = self.app.get(self.uri_for('forgot-password'))
form = response.forms['forgot-password']
form['email'] = profile.email
response = form.submit()
# Check the task was put on the mail queue.
tasks = self.taskqueue_stub.get_filtered_tasks(queue_names='mail')
self.assertIn('mail', tasks[0].headers['X-AppEngine-QueueName'])
task, = tasks
deferred.run(task.payload)
messages = self.mail_stub.get_sent_messages()
self.assertLength(1, messages)
message, = messages
profile = Profile.get(profile.key())
# Reload profile to get new activation key.
self.assertEqual('"%s" <%s>' % (profile.name, profile.email),
message.to)
self.assertEqual(constants.FULL_NO_REPLY_EMAIL, message.sender)
self.assertEqual(constants.FULL_SUPPORT_EMAIL, message.reply_to)
self.assertIn(profile.activation_key, message.body.decode())
self.assertIn(profile.activation_key, message.html.decode())
recover_uri = self.uri_for('forgot-password', k=profile.activation_key)
self.assertIn(recover_uri, message.body.decode())
self.assertIn(recover_uri, message.html.decode())
def test_forgot_password_post_resets_activation_key(self):
profile = self.create_profile()
old_activation_key = profile.activation_key
params = {'email': profile.email}
response = self.app.post(self.uri_for('forgot-password'), params)
self.assertOk(response)
profile = Profile.get(profile.key())
self.assertNotEqual(old_activation_key, profile.activation_key)
def test_forgot_password_post_resets_activation_key(self):
profile = self.create_profile()
old_activation_key = profile.activation_key
params = {'email': profile.email}
response = self.app.post(self.uri_for('forgot-password'), params)
self.assertOk(response)
profile = Profile.get(profile.key())
self.assertNotEqual(old_activation_key, profile.activation_key)
def update(self, id):
editor = Profile.get_by_id(int(id))
if not editor or not editor.is_editor:
self.session.add_flash(messages.EDITOR_NOT_FOUND, level='error')
self.redirect_to('editors.list')
form = ProfileUpdateForm(self.request.POST, obj=editor)
form.user_id = editor.key().id()
if self.request.method == 'GET':
names = editor.name.split(' ')
form.first_name.data = names[0]
form.last_name.data = names[1]
form.profile_id = editor.key().id()
if self.request.method == 'POST' and form.validate():
# Access to the user model is only needed in this section.
user = editor.get_auth_user()
editor.name = ' '.join([form.first_name.data, form.last_name.data])
if form.email.data != editor.email:
user.auth_ids.remove(editor.email)
user.auth_ids.append(form.email.data)
editor.email = form.email.data
if form.password.data:
user.password = security.generate_password_hash(
form.password.data, length=12)
editor.put()
user.put()
# Force reload of profile object
Profile.get(editor.key())
self.session.add_flash(messages.EDITOR_UPDATE_SUCCESS)
return self.redirect_to('editors.list')
return self.render_to_response('editors/form.haml', {'form': form})
def update(self, id):
editor = Profile.get_by_id(int(id))
if not editor or not editor.is_editor:
self.session.add_flash(messages.EDITOR_NOT_FOUND, level='error')
self.redirect_to('editors.list')
form = ProfileUpdateForm(self.request.POST, obj=editor)
form.user_id = editor.key().id()
if self.request.method == 'GET':
names = editor.name.split(' ')
form.first_name.data = names[0]
form.last_name.data = names[1]
form.profile_id = editor.key().id()
if self.request.method == 'POST' and form.validate():
# Access to the user model is only needed in this section.
user = editor.get_auth_user()
editor.name = ' '.join([form.first_name.data, form.last_name.data])
if form.email.data != editor.email:
user.auth_ids.remove(editor.email)
user.auth_ids.append(form.email.data)
editor.email = form.email.data
if form.password.data:
user.password = security.generate_password_hash(form.password.data,
length=12)
editor.put()
user.put()
# Force reload of profile object
Profile.get(editor.key())
self.session.add_flash(messages.EDITOR_UPDATE_SUCCESS)
return self.redirect_to('editors.list')
return self.render_to_response('editors/form.haml', {'form': form})
def test_forgot_password_post_with_email_trailing_whitespace(self):
profile = self.create_profile()
params = {'email': profile.email + ' '}
response = self.app.post(self.uri_for('forgot-password'), params)
self.assertOk(response)
tasks = self.taskqueue_stub.get_filtered_tasks(queue_names='mail')
self.assertIn('mail', tasks[0].headers['X-AppEngine-QueueName'])
task, = tasks
deferred.run(task.payload)
self.assertLength(1, self.mail_stub.get_sent_messages())
message, = self.mail_stub.get_sent_messages()
profile = Profile.get(profile.key())
self.assertEqual('"%s" <%s>' % (profile.name, profile.email), message.to)
def endpoint_description(data: dict, user: str) -> dict:
if "description" not in data:
return invalid_request
description: str = data["description"]
profile: Optional[Profile] = Profile.get(user)
if profile is None:
return invalid_user_uuid
profile.change_description(description)
return success
def test_forgot_password_post_with_email_trailing_whitespace(self):
profile = self.create_profile()
params = {'email': profile.email + ' '}
response = self.app.post(self.uri_for('forgot-password'), params)
self.assertOk(response)
tasks = self.taskqueue_stub.get_filtered_tasks(queue_names='mail')
self.assertIn('mail', tasks[0].headers['X-AppEngine-QueueName'])
task, = tasks
deferred.run(task.payload)
self.assertLength(1, self.mail_stub.get_sent_messages())
message, = self.mail_stub.get_sent_messages()
profile = Profile.get(profile.key())
self.assertEqual('"%s" <%s>' % (profile.name, profile.email),
message.to)
def endpoint_cluster(data: dict, user: str) -> dict:
if "cluster" not in data:
return invalid_request
cluster: int = data["cluster"]
if not isinstance(cluster, int) or cluster < 0:
return invalid_request
profile: Optional[Profile] = Profile.get(user)
if profile is None:
return invalid_user_uuid
profile.change_cluster(cluster)
return success
def endpoint_hacks(data: dict, user: str) -> dict:
if "hacks" not in data:
return invalid_request
hacks: int = data["hacks"]
if not isinstance(hacks, int) or hacks < 0:
return invalid_request
profile: Optional[Profile] = Profile.get(user)
if profile is None:
return invalid_user_uuid
profile.update_hacks(hacks)
return success
