def test_spamcheck(client, dummy_stageuser, mocker, spamcheck_status, spamcheck_on): user = User(ipa_admin.stageuser_show("dummy")["result"]) assert user.status_note != spamcheck_status token = make_token({"sub": "dummy"}, audience=Audience.spam_check) with mailer.record_messages() as outbox: response = client.post( "/register/spamcheck-hook", json={ "token": token, "status": spamcheck_status }, ) assert response.status_code == 200 assert response.json == {"status": "success"} # Check that the status was changed user = User(ipa_admin.stageuser_show("dummy")["result"]) assert user.status_note == spamcheck_status # Sent email if spamcheck_status == "active": assert len(outbox) == 1 message = outbox[0] assert message.subject == "Verify your email address" assert message.recipients == ["*****@*****.**"] else: assert len(outbox) == 0
def confirm_registration(): username = request.args.get('username') if not username: abort(400, "No username provided") try: user = User(ipa_admin.stageuser_show(a_uid=username)['result']) except python_freeipa.exceptions.NotFound: flash(_("The registration seems to have failed, please try again."), "warning") return redirect(f"{url_for('root')}?tab=register") if app.config["BASSET_URL"] and user.status_note != "active": abort(401, "You should not be here") form = ResendValidationEmailForm() if form.validate_on_submit(): _send_validation_email(user) flash( _('The address validation email has be sent again. Make sure it did not land in ' 'your spam folder'), 'success', ) return redirect(request.url) return render_template('registration-confirmation.html', user=user, form=form)
def test_strip(client, post_data_step_1, cleanup_dummy_user, field_name): """Register a user with fields that contain trailing spaces""" post_data_step_1[f"register-{field_name}"] = "Dummy " with mailer.record_messages() as outbox: result = client.post('/', data=post_data_step_1) assert result.status_code == 302, str(result.data, "utf8") user = User(ipa_admin.stageuser_show(a_uid="dummy")['result']) assert getattr(user, field_name) == "Dummy" assert len(outbox) == 1
def spamcheck_wait(): username = request.args.get('username') if not username: abort(400, "No username provided") try: user = User(ipa_admin.stageuser_show(a_uid=username)["result"]) except python_freeipa.exceptions.NotFound: flash(_("The registration seems to have failed, please try again."), "warning") return redirect(f"{url_for('root')}?tab=register") if user.status_note == "active": return redirect( f"{url_for('confirm_registration')}?username={username}") return render_template('registration-spamcheck-wait.html', user=user)
def test_step_1(client, post_data_step_1, cleanup_dummy_user, mocker): """Register a user, step 1""" record_signal = mocker.Mock() with mailer.record_messages() as outbox, stageuser_created.connected_to( record_signal): result = client.post('/', data=post_data_step_1) assert result.status_code == 302 assert result.location == "http://localhost/register/confirm?username=dummy" # Emitted signal record_signal.assert_called_once() # Sent email assert len(outbox) == 1 message = outbox[0] assert message.subject == "Verify your email address" assert message.recipients == ["*****@*****.**"] # Check that default values are added user = User(ipa_admin.stageuser_show("dummy")['result']) # Creation time assert user.creationtime is not None # Locale assert user.locale == current_app.config["USER_DEFAULTS"]["locale"] # Timezone assert user.timezone == current_app.config["USER_DEFAULTS"]["timezone"]
def test_step_1(client, post_data_step_1, cleanup_dummy_user): """Register a user, step 1""" with mailer.record_messages() as outbox: result = client.post('/', data=post_data_step_1) assert result.status_code == 302 assert result.location == "http://localhost/register/confirm?username=dummy" # Sent email assert len(outbox) == 1 message = outbox[0] assert message.subject == "Verify your email address" assert message.recipients == ["*****@*****.**"] # Check that default values are added user = ipa_admin.stageuser_show("dummy") # Creation time assert "fascreationtime" in user assert user["fascreationtime"][0] # Locale assert "faslocale" in user assert user["faslocale"][0] == current_app.config["USER_DEFAULTS"]["user_locale"] # Timezone assert "fastimezone" in user assert ( user["fastimezone"][0] == current_app.config["USER_DEFAULTS"]["user_timezone"] )
def activate_account(): register_url = f"{url_for('root')}?tab=register" token_string = request.args.get('token') if not token_string: flash(_('No token provided, please check your email validation link.'), 'warning') return redirect(register_url) try: token = EmailValidationToken.from_string(token_string) except jwt.exceptions.DecodeError: flash(_("The token is invalid, please register again."), "warning") return redirect(register_url) if not token.is_valid(): flash(_("This token is no longer valid, please register again."), "warning") return redirect(register_url) try: user = User(ipa_admin.stageuser_show(token.username)) except python_freeipa.exceptions.NotFound: flash(_("This user cannot be found, please register again."), "warning") return redirect(register_url) if not user.mail == token.mail: app.logger.error( f'User {user.username} tried to validate a token for address {token.mail} while they ' f'are registered with address {user.mail}, something fishy may be going on.' ) flash( _("The username and the email address don't match the token you used, " "please register again."), "warning", ) return redirect(register_url) form = PasswordSetForm() if form.validate_on_submit(): with handle_form_errors(form): password = form.password.data # First we activate the stage user try: ipa_admin.stageuser_activate(user.username) except python_freeipa.exceptions.FreeIPAError as e: app.logger.error( f'An unhandled error {e.__class__.__name__} happened while activating ' f'stage user {user.username}: {e.message}') raise FormError( "non_field_errors", _("Something went wrong while activating your account, " "please try again later."), ) # User activation succeeded. Send message. messaging.publish( UserCreateV1( {"msg": { "agent": user.username, "user": user.username }})) # Now we set the password. try: # First, set it as an admin. This will mark it as expired. ipa_admin.user_mod(user.username, userpassword=password) # And now we set it again as the user, so it is not expired any more. ipa = untouched_ipa_client(app) ipa.change_password(user.username, new_password=password, old_password=password) except python_freeipa.exceptions.PWChangePolicyError as e: # The user is active but the password does not match the policy. # Tell the user what's going to happen. flash( _( 'Your account has been activated, but the password you chose does not ' 'comply with the policy (%(policy_error)s) and has thus been set as ' 'expired. You will be asked to change it after logging in.', policy_error=e.policy_error, ), 'warning', ) return redirect(url_for("root")) except python_freeipa.exceptions.ValidationError as e: # for example: invalid username. We don't know which field to link it to _handle_registration_validation_error(user.username, e) except python_freeipa.exceptions.FreeIPAError as e: app.logger.error( f'An unhandled error {e.__class__.__name__} happened while changing initial ' f'password for user {user.username}: {e.message}') # At this point the user has been activated, they can't register again. Send them to # the login page with an appropriate warning. flash( _( 'Your account has been activated, but an error occurred while setting your ' 'password (%(message)s). You may need to change it after logging in.', message=e.message, ), 'warning', ) return redirect(url_for("root")) # Try to log them in directly, so they don't have to type their password again. try: ipa = maybe_ipa_login(app, session, user.username, password) except python_freeipa.exceptions.FreeIPAError: ipa = None if ipa: flash( _( 'Congratulations, your account is now active! Welcome, %(name)s.', name=user.name, ), 'success', ) else: # No shortcut for you, you'll have to login properly (maybe the password is # expired). flash( _('Congratulations, your account is now active! Go ahead and sign in ' 'to proceed.'), 'success', ) return redirect(url_for('root')) return render_template('registration-activation.html', user=user, form=form)