def test_confirmation_token(app, users):
"""Test expiration of token for email confirmation.
Test to ensures that the configuration option is respected.
"""
user = users[0]["obj"]
token = generate_confirmation_token(user)
# Valid
expired, invalid, token_user = confirm_email_token_status(token)
assert expired is False and invalid is False and token_user is user
# Expired
time.sleep(4)
expired, invalid, token_user = confirm_email_token_status(token)
assert expired is True and invalid is False and token_user is user
def test_confirmation_token(app, users):
"""Test expiration of token for email confirmation.
Test to ensures that the configuration option is respected.
"""
user = users[0]['obj']
token = generate_confirmation_token(user)
# Valid
expired, invalid, token_user = confirm_email_token_status(token)
assert expired is False and invalid is False and token_user is user
# Expired
time.sleep(4)
expired, invalid, token_user = confirm_email_token_status(token)
assert expired is True and invalid is False and token_user is user
def confirm_email(token):
"""View function which handles a email confirmation request."""
expired, invalid, user = confirm_email_token_status(token)
if not user or invalid:
invalid = True
already_confirmed = user is not None and user.confirmed_at is not None
expired_and_not_confirmed = expired and not already_confirmed
if expired_and_not_confirmed:
send_confirmation_instructions(user)
if invalid or expired_and_not_confirmed:
return redirect(get_url(_security.confirm_error_view))
if confirm_user(user):
after_this_request(_commit)
if user != current_user:
logout_user()
login_user(user)
return redirect(get_url(_security.post_confirm_view))
def confirm_email(token):
"""View function which handles a email confirmation request."""
security = current_app.extensions.get('security')
expired, invalid, user = confirm_email_token_status(token)
if not user or invalid:
invalid = True
do_flash(*get_message('INVALID_CONFIRMATION_TOKEN'))
if expired:
send_confirmation_instructions(user)
do_flash(*get_message('CONFIRMATION_EXPIRED',
email=user.email,
within=security.confirm_email_within))
if invalid or expired:
return redirect(
get_url(security.confirm_error_view)
or url_for('send_confirmation'))
if user != current_user:
logout_user()
login_user(user)
if confirm_user(user):
msg = 'EMAIL_CONFIRMED'
else:
msg = 'ALREADY_CONFIRMED'
do_flash(*get_message(msg))
return redirect(
get_url(security.post_confirm_view)
or get_url(security.post_login_view))
def validate_cache_data(self, token):
self.success_message = current_app.config[
'SECURITY_MSG_EMAIL_CONFIRMED'][0]
expired, invalid, self.user = confirm_email_token_status(token)
self.new_email = get_new_email(self.user)
if not self.new_email:
flash(
'Unable to retrieve old email, please try updating your email address again',
'error')
return self.update_error()
if not self.user or invalid:
do_flash(*get_message('INVALID_CONFIRMATION_TOKEN'))
return self.update_error()
if expired:
send_confirmation_instructions(self.user, )
do_flash(*get_message('CONFIRMATION_EXPIRED',
email=self.user.email,
within=config_value('CONFIRM_EMAIL_WITHIN')))
return self.update_error()
if self.user != current_user:
logout_user()
login_user(self.user)
return self.validation_success()
def confirm_email(self):
schema = RELS['v1.AuthView:confirm'][request.method]
args = request_confirm_options.parse_args()
try:
validate(args, schema, format_checker=FormatChecker())
token = args.get('token')
expired, invalid, user = confirm_email_token_status(token)
if invalid or not user:
return dict(status=409, message="Invalid confirmation token"), 409
if expired:
return dict(status=409, message="Confirmation token has expired"), 409
confirmed = confirm_user(user)
user.save()
if not confirmed:
return dict(status=409, message='Email already confirmed'), 409
except ValidationError as e:
return dict(status=400, message=e.message), 400
return {'status': 200, 'message': 'Account confirmed.', 'user': generate_response_dict(user=user)}
def get_user(self, token=None, **kwargs):
"""Retrieve a user by the provided arguments."""
expired, invalid, user = confirm_email_token_status(token)
if not user or invalid:
_abort(get_message('INVALID_CONFIRMATION_TOKEN'))
already_confirmed = user is not None and user.confirmed_at is not None
if expired and not already_confirmed:
_abort(
get_message('CONFIRMATION_EXPIRED',
email=user.email,
within=current_security.confirm_email_within))
return user
def confirm(token):
''' Serve confirmaton page '''
expired, invalid, user = confirm_email_token_status(token)
name, confirmed = None, None
if user:
if not expired and not invalid:
confirmed = confirm_user(user)
db.session.commit()
name = user.name
else:
confirmed = None
return render_template('confirm.html',
confirmed=confirmed,
expired=expired,
invalid=invalid,
name=name,
action_url=url_for('index', _external=True))
