def test_properties(): pe = PendingEmail('abc') pe.new_email = '*****@*****.**' pe.verify_code = 'bibble' assert pe.username == 'abc' assert pe.new_email == '*****@*****.**' assert pe.verify_code == 'bibble'
def test_delete(): test_creation() pe = PendingEmail('abc') pe.delete() assert not pe.in_db pe = PendingEmail('abc') assert not pe.in_db
def test_is_email_used_pending_email_change(self): email = '*****@*****.**' pe = PendingEmail('pu') pe.verify_code = 'vc' pe.new_email = email pe.save() used = helpers.email_used(email) assert used == True
def test_none_listed_after_removal(): test_creation() all_list = PendingEmail.ListAll() for pu in all_list: pu.delete() all_list = PendingEmail.ListAll() assert len(all_list) == 0
def test_update(): test_creation() new_email = '*****@*****.**' pe = PendingEmail('abc') pe.new_email = new_email pe.save() pe = PendingEmail('abc') assert pe.new_email == new_email
def test_email_change_request(): """ Test that change requests via POST at /user/ are handled correclty. """ username = "******" old_email = User(username).email new_email = "*****@*****.**" params = { "username": "******", "password": "******", "new_email": new_email, } r, data = test_helpers.server_post("/user/student_coll1_1", params) assert r.status == 200, data user = User(username) assert user.email == old_email ps = test_helpers.last_email() toaddr = ps.toaddr assert toaddr == new_email vars = ps.template_vars first_name = user.first_name assert first_name == vars['name'] template = ps.template_name assert template == 'change_email' test_helpers.assert_load_template(template, vars) pe = PendingEmail(username) assert pe.in_db assert pe.new_email == new_email
def test_user_get_other_can_view(): # Set up a pending email for the student pe = PendingEmail('student_coll1_1') pe.new_email = '*****@*****.**' pe.verify_code = 'bibble' pe.save() params = {"username":"******", "password":"******", } r,data = test_helpers.server_get("/user/student_coll1_1", params) assert r.status == 200 assert data.find("student_coll1_1") != -1 assert 'email' not in data assert 'new_email' not in data
def verify_email(username, code): """ Verifies to the system that an email address exists, and assigns it to a user. Expected to be used only by users clicking links in email-verfication emails. Not part of the documented API. """ change_request = PendingEmail(username) if not change_request.in_db: return "No such change request", 404 if change_request.age > timedelta(days=2): return "Request not valid", 410 if change_request.verify_code != code: return "Invalid verification code", 403 log_action('changing email', user=username, new_email=change_request.new_email) u = User(change_request.username) u.set_email(change_request.new_email) u.save() return "Email address successfully changed", 200
def verify_email(username, code): """ Verifies to the system that an email address exists, and assigns it to a user. Expected to be used only by users clicking links in email-verfication emails. Not part of the documented API. """ change_request = PendingEmail(username) if not change_request.in_db: return "No such change request", 404, PLAINTEXT_HEADER email_change_days = config.config.getint('nemesis', 'email_change_days') max_age = timedelta(days=email_change_days) if change_request.age > max_age: return "Request not valid", 410, PLAINTEXT_HEADER if change_request.verify_code != code: return "Invalid verification code", 403, PLAINTEXT_HEADER log_action('changing email', user=username, new_email=change_request.new_email) u = User(change_request.username) u.set_email(change_request.new_email) u.save() return "Email address successfully changed", 200, PLAINTEXT_HEADER
def clear_old_emails(): for pe in PendingEmail.ListAll(): # deliberately a larger delta than we restrict against to avoid # accidentally removing vaild entries if pe.age > timedelta(days=3): log_action('expiring email change', pe) pe.delete()
def test_send_email(): first_name = 'jim' verification_url = 'http://verify' new_email = '*****@*****.**' pe = PendingEmail('abc') pe.new_email = new_email pe.send_verification_email(first_name, verification_url) ps = test_helpers.last_email() vars = ps.template_vars assert first_name == vars['name'] assert verification_url == vars['url'] toaddr = ps.toaddr assert new_email == toaddr template = ps.template_name assert template == 'change_email' test_helpers.assert_load_template(template, vars)
def email_used(email): if User.email_used(email): return True if any(pe.new_email == email for pe in PendingEmail.ListAll()): return True if any(pu.email == email for pu in PendingUser.ListAll()): return True return False
def clear_old_emails(): # deliberately a larger delta than we restrict against to avoid # accidentally removing vaild entries email_change_days = config.getint('nemesis', 'email_change_days') email_change_days += 0.5 max_age = timedelta(days=email_change_days) for pe in PendingEmail.ListAll(): if pe.age > max_age: log_action('expiring email change', pe) pe.delete()
def request_new_email(user, new_email): userid = user.username pe = PendingEmail(userid) if user.email == new_email: if pe.in_db: pe.delete() return verify_code = helpers.create_verify_code(userid, new_email) pe.new_email = new_email pe.verify_code = verify_code pe.save() url = url_for('verify_email', username=userid, code=verify_code, _external=True) pe.send_verification_email(user.first_name, url)
def test_send_email(): first_name = 'jim' verification_url = 'https://verify' new_email = '*****@*****.**' pe = PendingEmail('abc') pe.new_email = new_email pe.send_verification_email(first_name, verification_url) ps = test_helpers.last_email() vars = ps.template_vars assert first_name == vars['name'] assert verification_url == vars['url'] toaddr = ps.toaddr assert new_email == toaddr template = ps.template_name assert template == 'change_email' test_helpers.assert_load_template(template, vars)
def test_creation(): pe = PendingEmail('abc') pe.new_email = '*****@*****.**' pe.verify_code = 'bibble' pe.save() assert pe.in_db pe = PendingEmail('abc') assert pe.in_db assert pe.username == 'abc' assert pe.new_email == '*****@*****.**' assert pe.verify_code == 'bibble' age = pe.age assert age > timedelta() assert age < timedelta(minutes = 1)
def test_one_listed(): test_creation() all_list = PendingEmail.ListAll() assert len(all_list) == 1 pe = all_list[0] assert type(pe) == PendingEmail assert pe.in_db assert pe.username == 'abc' assert pe.new_email == '*****@*****.**' assert pe.verify_code == 'bibble'
def user_details(requesting_user, userid): if not requesting_user.can_view(userid): return AUTHORIZATION_DENIED user = User.create_user(userid) details = user.details_dictionary_for(requesting_user) if 'email' in details: # The requesting user can view the emails -- also tell them # about any pending changes. email_change_rq = PendingEmail(user.username) if email_change_rq.in_db: new_email = email_change_rq.new_email if new_email != details['email']: details['new_email'] = new_email return json.dumps(details), 200
def user_details(userid): ah = AuthHelper(request) if not (ah.auth_will_succeed and ah.user.can_view(userid)): return ah.auth_error_json, 403 user = User.create_user(userid) details = user.details_dictionary_for(ah.user) if 'email' in details: """Then the requesting user can view the emails -- also tell them about any pending changes.""" email_change_rq = PendingEmail(user.username) if email_change_rq.in_db: new_email = email_change_rq.new_email if new_email != details['email']: details['new_email'] = new_email return json.dumps(details), 200
def test_email_change_request_reset(): """ Test that change requests via POST at /user/ are handled correclty. """ username = "******" old_email = User(username).email new_email = "*****@*****.**" setup_new_email(username, new_email, 'bees') params = { "username": "******", "password": "******", "new_email": old_email, } r, data = test_helpers.server_post("/user/student_coll1_1", params) assert r.status == 200, data user = User(username) assert user.email == old_email pe = PendingEmail(username) assert not pe.in_db, 'POST using original email should have cleared request' test_helpers.assert_no_emails()
def test_user_get_other_can_view(): # Set up a pending email for the student pe = PendingEmail('student_coll1_1') pe.new_email = '*****@*****.**' pe.verify_code = 'bibble' pe.save() params = { "username": "******", "password": "******", } r, data = test_helpers.server_get("/user/student_coll1_1", params) assert r.status == 200 assert data.find("student_coll1_1") != -1 assert 'email' not in data assert 'new_email' not in data
def test_clear_old_emails(self): pe = PendingEmail('old') pe.new_email = '*****@*****.**' pe.verify_code = 'bibble-old' pe.save() self._make_old('email_changes', 'old') pe = PendingEmail('abc') pe.new_email = '*****@*****.**' pe.verify_code = 'bibble-new' pe.save() helpers.clear_old_emails() pe = PendingEmail('old') assert not pe.in_db pe = PendingEmail('abc') assert pe.in_db
def test_none_listed_at_start(): all_list = PendingEmail.ListAll() assert len(all_list) == 0
def test_invalid_property(): pe = PendingEmail('abc') print pe.bacon
def setup_new_email(username, new_email, verify_code): pe = PendingEmail(username) pe.new_email = new_email pe.verify_code = verify_code pe.save()
def test_empty_at_start(): pe = PendingEmail('abc') assert pe.in_db == False assert pe.new_email is None assert pe.verify_code is None assert pe.age == timedelta()