def __init__(self, request, max_attempts=None): self.request = request self.target_username = request.matchdict['username'] query = self.request.db_session.query(UserProfile) self.target_user = query.get(self.target_username) request.target_user = self.target_user self.login_view = LoginView(request, max_attempts) if self.target_user is None: raise HTTPNotFound() self.frm = make_profile_form(self.request, edit=True)
def __init__(self, request): self.request = request self.login_view = LoginView(request) self.frm = make_profile_form(self.request)
class EditProfile(object): def __init__(self, request, max_attempts=None): self.request = request self.target_username = request.matchdict['username'] query = self.request.db_session.query(UserProfile) self.target_user = query.get(self.target_username) request.target_user = self.target_user self.login_view = LoginView(request, max_attempts) if self.target_user is None: raise HTTPNotFound() self.frm = make_profile_form(self.request, edit=True) def get_extended_data(self): """Provide a hook to extend the dict returned by the view. Any new values will require that the view template is overriden to use them. """ return None def post(self): if self.request.method != "POST": return HTTPMethodNotAllowed() if 'submit' not in self.request.POST: return self.get() controls = self.request.POST.items() self.request.target_user = self.target_user activity_detail = {} try: appstruct = self.frm.validate(controls) # call validate except ValidationFailure, e: # Don't leak hash information if ('password' in self.frm.cstruct and self.frm.cstruct['password'] != ''): self.frm.cstruct['password'] = '' data = { 'forms': [self.frm], 'rendered_form': e.render(), 'target_username': self.target_username, } ex_data = self.get_extended_data() if ex_data: data.update(ex_data) return data same_user = self.request.user == self.target_user valid_pass = False if same_user: password = appstruct.get('password', colander.null) if password == colander.null: password = '' valid_pass = self.login_view.verify_password( password, self.target_user.password_hash, self.target_user) if (not same_user) and self.request.user.is_superuser: # Let admins edit email addresses w/o a password check valid_pass = True failed = False if (self.target_user.email != appstruct['email'] and valid_pass): activity_detail['old_address'] = [ field.current_value for field in self.frm.schema if field.name == 'email' ][0] activity_detail['new_address'] = appstruct['email'] self.target_user.email = appstruct['email'] elif (self.target_user.email != appstruct['email'] and not valid_pass): self.request.session.flash( 'Must provide the correct password to edit email addresses.', queue='error') failed = True for fname in ('first_name', 'last_name', 'is_superuser'): fval = appstruct.get(fname) if getattr(self.target_user, fname) != fval: setattr(self.target_user, fname, fval) activity_detail[fname] = fval if self.request.user.is_superuser and 'user_disabled' in appstruct: self.target_user.admin_disabled = appstruct['user_disabled'] if appstruct['user_disabled']: self.request.registry.notify( AccountDisabled(self.request, self.target_user, **activity_detail)) else: self.request.registry.notify( AccountEnabled(self.request, self.target_user, **activity_detail)) if same_user: # Invalidate the current token self.request.session.new_csrf_token() self.request.session.save() self.frm = make_profile_form(self.request, edit=True) self.request.db_session.add(self.target_user) if not failed: self.request.registry.notify( ProfileChanged(self.request, self.target_user, **activity_detail)) self.request.session.flash('Account successfully modified!', queue='success') if self.request.user.is_superuser and not failed: if 'user_search' in appstruct['came_from']: # The search form is a GET, so strip the CSRF out. url = replace_url_csrf(appstruct['came_from'], self.request.session) redirect = HTTPFound(url) else: redirect = HTTPFound(self.request.route_url('user_search')) return redirect else: return self.get()
def test_profile_form_policy_title(self): self.request.user = None self.assertEqual( profiles.make_profile_form(self.request)['agree_to_policy'].title, 'I agree to the site policy.')
def test_profile_form_password_fields(self): form = profiles.make_profile_form(self.request) self.assertEqual( form['password'].widget.__class__.__name__, 'StrengthValidatingPasswordWidget')
def test_profile_form_email_fields(self): form = profiles.make_profile_form(self.request) self.assertEqual( form['email'].widget.__class__.__name__, 'CheckedInputWidget')