Exemplo n.º 1
0
    def test_valid_email(self):
        self.assertFalse(valid_email('tarek'))
        self.assertFalse(valid_email('tarek@moz'))
        self.assertFalse(valid_email('[email protected]'))

        self.assertTrue(valid_email('*****@*****.**'))
        self.assertTrue(valid_email('*****@*****.**'))
        self.assertTrue(valid_email('[email protected]'))
Exemplo n.º 2
0
    def test_valid_email(self):
        self.assertFalse(valid_email('tarek'))
        self.assertFalse(valid_email('tarek@moz'))
        self.assertFalse(valid_email('[email protected]'))

        self.assertTrue(valid_email('*****@*****.**'))
        self.assertTrue(valid_email('*****@*****.**'))
        self.assertTrue(valid_email('[email protected]'))
Exemplo n.º 3
0
    def change_email(self, request):
        """Changes the user e-mail"""

        # the body is in plain text
        email = request.body

        if not valid_email(email):
            raise HTTPJsonBadRequest(ERROR_NO_EMAIL_ADDRESS)

        if not hasattr(request, 'user_password'):
            raise HTTPBadRequest()

        if not self.auth.update_field(request.user, request.user_password,
                                      'mail', email):
            raise HTTPInternalServerError('User update failed.')

        return text_response(email)
Exemplo n.º 4
0
    def change_email(self, request):
        """Changes the user e-mail"""

        # the body is in plain text
        email = request.body

        if not valid_email(email):
            raise HTTPJsonBadRequest(ERROR_NO_EMAIL_ADDRESS)

        if not hasattr(request, 'user_password'):
            raise HTTPBadRequest()

        if not self.auth.update_field(request.user, request.user_password,
                                      'mail', email):
            raise HTTPInternalServerError('User update failed.')

        return text_response(email)
Exemplo n.º 5
0
    def create_user(self, request):
        """Creates a user."""
        if self.auth.get_user_id(request.user):
            raise HTTPJsonBadRequest(ERROR_INVALID_WRITE)
        username = request.user['username']

        try:
            data = json.loads(request.body)
        except ValueError:
            raise HTTPJsonBadRequest(ERROR_MALFORMED_JSON)

        email = data.get('email')
        if email and not valid_email(email):
            raise HTTPJsonBadRequest(ERROR_NO_EMAIL_ADDRESS)

        # checking that the e-mail matches the username
        munged_email = extract_username(email)
        if munged_email != username and self.strict_usernames:
            raise HTTPJsonBadRequest(ERROR_USERNAME_EMAIL_MISMATCH)

        password = data.get('password')
        if not password:
            raise HTTPJsonBadRequest(ERROR_MISSING_PASSWORD)

        if not valid_password(username, password):
            raise HTTPJsonBadRequest(ERROR_WEAK_PASSWORD)

        # check if captcha info are provided or if we bypass it
        if (self.shared_secret is None or
            request.headers.get('X-Weave-Secret') != self.shared_secret):
            self._check_captcha(request, data)

        # all looks good, let's create the user
        if not self.auth.create_user(request.user['username'], password,
                                     email):
            raise HTTPInternalServerError('User creation failed.')

        return request.user['username']
Exemplo n.º 6
0
    def create_user(self, request):
        """Creates a user."""
        if self.auth.get_user_id(request.user):
            raise HTTPJsonBadRequest(ERROR_INVALID_WRITE)
        username = request.user['username']

        try:
            data = json.loads(request.body)
        except ValueError:
            raise HTTPJsonBadRequest(ERROR_MALFORMED_JSON)

        email = data.get('email')
        if email and not valid_email(email):
            raise HTTPJsonBadRequest(ERROR_NO_EMAIL_ADDRESS)

        # checking that the e-mail matches the username
        munged_email = extract_username(email)
        if munged_email != username and self.strict_usernames:
            raise HTTPJsonBadRequest(ERROR_USERNAME_EMAIL_MISMATCH)

        password = data.get('password')
        if not password:
            raise HTTPJsonBadRequest(ERROR_MISSING_PASSWORD)

        if not valid_password(username, password):
            raise HTTPJsonBadRequest(ERROR_WEAK_PASSWORD)

        # check if captcha info are provided or if we bypass it
        if (self.shared_secret is None or
                request.headers.get('X-Weave-Secret') != self.shared_secret):
            self._check_captcha(request, data)

        # all looks good, let's create the user
        if not self.auth.create_user(request.user['username'], password,
                                     email):
            raise HTTPInternalServerError('User creation failed.')

        return request.user['username']
Exemplo n.º 7
0
def forgot_step_2(request, **args):
    """Tries to send the email with a reset code, then lets the user know
    we've done that
    """
    data = {}
    auth = request.registry["auth"]
    username = extract_username(request.params['username'])
    request.user['username'] = username

    user_id = auth.get_user_id(request.user)
    if not user_id:
        request.errors.append(_('Unable to locate your account. '
                                'Please check your username.'))
        return render_to_response('console/password_reset1.mako',
                                  forgot_step_1(request), request)

    if not request.registry.settings['app.captcha'].check(request):
        log_cef('Captcha failed on forgot password', 3,
                request.environ,
                request.registry.settings.get('config').get_map(),
                username, signature=CAPTCHA_FAILURE)
        request.errors.append(_('The captcha did not match. '
                                'Please try again'))
        return render_to_response('console/password_reset1.mako',
                                  forgot_step_1(request), request)

    try:
        reset = request.registry.settings.get('app.console.reset')
        reset_code = reset.generate_reset_code(request.user, True)
        if not reset_code:
            request.errors.append(_('Getting a reset code failed '
                              'unexpectedly. Please try again later.'))
            logger.error("Could not generate a reset code")
            return render_to_response('console/password_reset1.mako',
                                      forgot_step_1(request), request)
        auth.get_user_info(request.user, ['mail'])
        if not valid_email(request.user['mail']):
            raise NoEmailError()

        maildata = {'forgot_url': '%s/forgot' % request.host_url,
                    'username': username,
                    'code': reset_code}
        template_path = get_template_lookup('console')
        template = \
            template_path.get_template('password_reset_mail.mako')
        body = template.render(**maildata)
        subject = _('Resetting your Mozilla Services password')
        smtp = request.registry.settings.get('config').get_map('smtp')
        #sender has a required position, so we can't pass it in in the
        #dict
        sender = smtp['sender']
        del smtp['sender']
        send_email(sender, request.user['mail'],
                   subject, body, **smtp)

    except AlreadySentError:
        #backend handled the reset code email. Keep going
        pass
    except NoEmailError:
        request.errors.append(_('We do not have an email on file for this '
                          'account and cannot send you a reset code.'))
        return render_to_response('console/password_reset1.mako',
                                  forgot_step_1(request), request)

    return data