def test_confirmation_token(app, users): """Test expiration of token for email confirmation. Test to ensures that the configuration option is respected. """ user = users[0]["obj"] token = generate_confirmation_token(user) # Valid expired, invalid, token_user = confirm_email_token_status(token) assert expired is False and invalid is False and token_user is user # Expired time.sleep(4) expired, invalid, token_user = confirm_email_token_status(token) assert expired is True and invalid is False and token_user is user
def test_confirmation_token(app, users): """Test expiration of token for email confirmation. Test to ensures that the configuration option is respected. """ user = users[0]['obj'] token = generate_confirmation_token(user) # Valid expired, invalid, token_user = confirm_email_token_status(token) assert expired is False and invalid is False and token_user is user # Expired time.sleep(4) expired, invalid, token_user = confirm_email_token_status(token) assert expired is True and invalid is False and token_user is user
def confirm_email(token): """View function which handles a email confirmation request.""" expired, invalid, user = confirm_email_token_status(token) if not user or invalid: invalid = True already_confirmed = user is not None and user.confirmed_at is not None expired_and_not_confirmed = expired and not already_confirmed if expired_and_not_confirmed: send_confirmation_instructions(user) if invalid or expired_and_not_confirmed: return redirect(get_url(_security.confirm_error_view)) if confirm_user(user): after_this_request(_commit) if user != current_user: logout_user() login_user(user) return redirect(get_url(_security.post_confirm_view))
def confirm_email(token): """View function which handles a email confirmation request.""" security = current_app.extensions.get('security') expired, invalid, user = confirm_email_token_status(token) if not user or invalid: invalid = True do_flash(*get_message('INVALID_CONFIRMATION_TOKEN')) if expired: send_confirmation_instructions(user) do_flash(*get_message('CONFIRMATION_EXPIRED', email=user.email, within=security.confirm_email_within)) if invalid or expired: return redirect( get_url(security.confirm_error_view) or url_for('send_confirmation')) if user != current_user: logout_user() login_user(user) if confirm_user(user): msg = 'EMAIL_CONFIRMED' else: msg = 'ALREADY_CONFIRMED' do_flash(*get_message(msg)) return redirect( get_url(security.post_confirm_view) or get_url(security.post_login_view))
def validate_cache_data(self, token): self.success_message = current_app.config[ 'SECURITY_MSG_EMAIL_CONFIRMED'][0] expired, invalid, self.user = confirm_email_token_status(token) self.new_email = get_new_email(self.user) if not self.new_email: flash( 'Unable to retrieve old email, please try updating your email address again', 'error') return self.update_error() if not self.user or invalid: do_flash(*get_message('INVALID_CONFIRMATION_TOKEN')) return self.update_error() if expired: send_confirmation_instructions(self.user, ) do_flash(*get_message('CONFIRMATION_EXPIRED', email=self.user.email, within=config_value('CONFIRM_EMAIL_WITHIN'))) return self.update_error() if self.user != current_user: logout_user() login_user(self.user) return self.validation_success()
def confirm_email(self): schema = RELS['v1.AuthView:confirm'][request.method] args = request_confirm_options.parse_args() try: validate(args, schema, format_checker=FormatChecker()) token = args.get('token') expired, invalid, user = confirm_email_token_status(token) if invalid or not user: return dict(status=409, message="Invalid confirmation token"), 409 if expired: return dict(status=409, message="Confirmation token has expired"), 409 confirmed = confirm_user(user) user.save() if not confirmed: return dict(status=409, message='Email already confirmed'), 409 except ValidationError as e: return dict(status=400, message=e.message), 400 return {'status': 200, 'message': 'Account confirmed.', 'user': generate_response_dict(user=user)}
def get_user(self, token=None, **kwargs): """Retrieve a user by the provided arguments.""" expired, invalid, user = confirm_email_token_status(token) if not user or invalid: _abort(get_message('INVALID_CONFIRMATION_TOKEN')) already_confirmed = user is not None and user.confirmed_at is not None if expired and not already_confirmed: _abort( get_message('CONFIRMATION_EXPIRED', email=user.email, within=current_security.confirm_email_within)) return user
def confirm(token): ''' Serve confirmaton page ''' expired, invalid, user = confirm_email_token_status(token) name, confirmed = None, None if user: if not expired and not invalid: confirmed = confirm_user(user) db.session.commit() name = user.name else: confirmed = None return render_template('confirm.html', confirmed=confirmed, expired=expired, invalid=invalid, name=name, action_url=url_for('index', _external=True))