def __init__(self, request, max_attempts=None):
self.request = request
self.target_username = request.matchdict['username']
query = self.request.db_session.query(UserProfile)
self.target_user = query.get(self.target_username)
request.target_user = self.target_user
self.login_view = LoginView(request, max_attempts)
if self.target_user is None:
raise HTTPNotFound()
self.frm = make_profile_form(self.request, edit=True)
def __init__(self, request):
self.request = request
self.login_view = LoginView(request)
self.frm = make_profile_form(self.request)
class EditProfile(object):
def __init__(self, request, max_attempts=None):
self.request = request
self.target_username = request.matchdict['username']
query = self.request.db_session.query(UserProfile)
self.target_user = query.get(self.target_username)
request.target_user = self.target_user
self.login_view = LoginView(request, max_attempts)
if self.target_user is None:
raise HTTPNotFound()
self.frm = make_profile_form(self.request, edit=True)
def get_extended_data(self):
"""Provide a hook to extend the dict returned by the view.
Any new values will require that the view template is overriden
to use them.
"""
return None
def post(self):
if self.request.method != "POST":
return HTTPMethodNotAllowed()
if 'submit' not in self.request.POST:
return self.get()
controls = self.request.POST.items()
self.request.target_user = self.target_user
activity_detail = {}
try:
appstruct = self.frm.validate(controls) # call validate
except ValidationFailure, e:
# Don't leak hash information
if ('password' in self.frm.cstruct
and self.frm.cstruct['password'] != ''):
self.frm.cstruct['password'] = ''
data = {
'forms': [self.frm],
'rendered_form': e.render(),
'target_username': self.target_username,
}
ex_data = self.get_extended_data()
if ex_data:
data.update(ex_data)
return data
same_user = self.request.user == self.target_user
valid_pass = False
if same_user:
password = appstruct.get('password', colander.null)
if password == colander.null:
password = ''
valid_pass = self.login_view.verify_password(
password, self.target_user.password_hash, self.target_user)
if (not same_user) and self.request.user.is_superuser:
# Let admins edit email addresses w/o a password check
valid_pass = True
failed = False
if (self.target_user.email != appstruct['email'] and valid_pass):
activity_detail['old_address'] = [
field.current_value for field in self.frm.schema
if field.name == 'email'
][0]
activity_detail['new_address'] = appstruct['email']
self.target_user.email = appstruct['email']
elif (self.target_user.email != appstruct['email'] and not valid_pass):
self.request.session.flash(
'Must provide the correct password to edit email addresses.',
queue='error')
failed = True
for fname in ('first_name', 'last_name', 'is_superuser'):
fval = appstruct.get(fname)
if getattr(self.target_user, fname) != fval:
setattr(self.target_user, fname, fval)
activity_detail[fname] = fval
if self.request.user.is_superuser and 'user_disabled' in appstruct:
self.target_user.admin_disabled = appstruct['user_disabled']
if appstruct['user_disabled']:
self.request.registry.notify(
AccountDisabled(self.request, self.target_user,
**activity_detail))
else:
self.request.registry.notify(
AccountEnabled(self.request, self.target_user,
**activity_detail))
if same_user:
# Invalidate the current token
self.request.session.new_csrf_token()
self.request.session.save()
self.frm = make_profile_form(self.request, edit=True)
self.request.db_session.add(self.target_user)
if not failed:
self.request.registry.notify(
ProfileChanged(self.request, self.target_user,
**activity_detail))
self.request.session.flash('Account successfully modified!',
queue='success')
if self.request.user.is_superuser and not failed:
if 'user_search' in appstruct['came_from']:
# The search form is a GET, so strip the CSRF out.
url = replace_url_csrf(appstruct['came_from'],
self.request.session)
redirect = HTTPFound(url)
else:
redirect = HTTPFound(self.request.route_url('user_search'))
return redirect
else:
return self.get()
def test_profile_form_policy_title(self):
self.request.user = None
self.assertEqual(
profiles.make_profile_form(self.request)['agree_to_policy'].title,
'I agree to the site policy.')
def test_profile_form_password_fields(self):
form = profiles.make_profile_form(self.request)
self.assertEqual(
form['password'].widget.__class__.__name__,
'StrengthValidatingPasswordWidget')
def test_profile_form_email_fields(self):
form = profiles.make_profile_form(self.request)
self.assertEqual(
form['email'].widget.__class__.__name__,
'CheckedInputWidget')