def _new(self):
# Do we allow account creation?
if lca_info['account_creation']:
"""Create a new person submit.
"""
# Remove fields not in class
results = self.form_result['person']
del results['password_confirm']
del results['email_address2']
c.person = Person(**results)
c.person.email_address = c.person.email_address.lower()
meta.Session.add(c.person)
#for sn in self.form_result['social_network']:
# network = SocialNetwork.find_by_name(sn['name'])
# if sn['account_name']:
# c.person.social_networks[network] = sn['account_name']
meta.Session.commit()
if lca_rego['confirm_email_address'] == 'no':
redirect_to(controller='person',
action='confirm',
confirm_hash=c.person.url_hash)
else:
email(c.person.email_address,
render('/person/new_person_email.mako'))
return render('/person/thankyou.mako')
else:
return render('/not_allowed.mako')
def test_create_duplicate_person(self):
Dummy_smtplib.install()
# create a fake user
p = Person(email_address='*****@*****.**')
p.activated = True
self.dbsession.save(p)
self.dbsession.flush()
pid = p.id
resp = self.app.get('/person/new')
f = resp.form
f['person.email_address'] = '*****@*****.**'
f['person.firstname'] = 'Testguy'
f['person.lastname'] = 'McTest'
f['person.password'] = '******'
f['person.password_confirm'] = 'test'
f['person.phone'] = '1234'
f['person.mobile'] = '1234'
f['person.address1'] = 'Moo St'
f['person.city'] = 'Tassie'
f['person.country'] = 'Australia'
f['person.postcode'] = '2000'
resp = f.submit()
resp.mustcontain('A person with this email already exists.')
resp.click('recover your password')
self.dbsession.delete(self.dbsession.query(Person).get(pid))
self.dbsession.flush()
def test_registration_confirmation(self):
# insert registration model object
timestamp = datetime.datetime.now()
email_address = '*****@*****.**'
password = '******'
handle = 'testguy'
r = Person(creation_timestamp=timestamp,
email_address=email_address,
password=password,
handle=handle,
activated=False)
url_hash = r.url_hash
print url_hash
self.dbsession.save(r)
self.dbsession.flush()
rid = r.id
print r
# clear so that we reload the object later
self.dbsession.clear()
# visit the link
response = self.app.get('/person/confirm/' + url_hash)
response.mustcontain('Thanks for confirming your account')
# test that it's activated
r = self.dbsession.get(Person, rid)
self.assertEqual(True, r.activated, "registration was not activated")
# clean up
self.dbsession.delete(self.dbsession.query(Person).get(rid))
self.dbsession.flush()
def test_confirm(self):
"""Test confirmation of a password reset that should succeed"""
# create a confirmation record
email = '*****@*****.**'
p = Person(email_address=email)
self.dbsession.save(p)
c = PasswordResetConfirmation(email_address=email)
# set the timestamp to just under 24 hours ago
c.timestamp = datetime.datetime.now() - datetime.timedelta(23, 59, 59)
self.dbsession.save(c)
self.dbsession.flush()
pid = p.id
cid = c.id
resp = self.app.get(
url_for(controller='person',
action='reset_password',
url_hash=c.url_hash))
# showing the email on the page
resp.mustcontain(email)
f = resp.form
f['password'] = '******'
f['password_confirm'] = 'test'
resp = f.submit()
# check for success
resp.mustcontain("Your password has been updated")
self.dbsession.clear()
# conf rec should be gone
c = self.dbsession.get(PasswordResetConfirmation, cid)
self.assertEqual(None, c)
# password should be set to 'test'
p_hash = md5.new('test').hexdigest()
p = self.dbsession.get(Person, pid)
self.assertEqual(p_hash, p.password_hash)
self.dbsession.delete(p)
self.dbsession.flush()
def test_duplicate_password_reset(self):
"""Try to reset a password twice.
"""
c = Person(email_address='*****@*****.**')
self.dbsession.save(c)
self.dbsession.flush()
cid = c.id
#
email = '*****@*****.**'
# trap smtp
Dummy_smtplib.install()
resp = self.app.get(url_for(controller='person', action='signin'))
resp = resp.click('Forgotten your password?')
f = resp.forms[0]
f['email_address'] = email
f.submit()
crec = self.dbsession.query(PasswordResetConfirmation).filter_by(
email_address=email).one()
self.failIfEqual(None, crec)
crecid = crec.id
# submit a second time
resp = f.submit()
resp.mustcontain("password recovery process is already in progress")
# clean up
Dummy_smtplib.existing.reset()
self.dbsession.delete(
self.dbsession.query(PasswordResetConfirmation).get(crecid))
self.dbsession.delete(self.dbsession.query(Person).get(cid))
self.dbsession.flush()
