Пример #1
0
def control_editemailpassword_post_(request):
    form = request.web_input(newemail="", newemailcheck="", newpassword="", newpasscheck="", password="")

    newemail = emailer.normalize_address(form.newemail)
    newemailcheck = emailer.normalize_address(form.newemailcheck)

    profile.edit_email_password(request.userid, form.username, form.password,
                                newemail, newemailcheck, form.newpassword, form.newpasscheck)

    return Response(define.errorpage(
        request.userid, "**Success!** Your settings have been updated.",
        [["Go Back", "/control"], ["Return Home", "/"]]))
Пример #2
0
def control_editemailpassword_post_(request):
    form = request.web_input(newemail="", newemailcheck="", newpassword="", newpasscheck="", password="")

    newemail = emailer.normalize_address(form.newemail)
    newemailcheck = emailer.normalize_address(form.newemailcheck)

    profile.edit_email_password(request.userid, form.username, form.password,
                                newemail, newemailcheck, form.newpassword, form.newpasscheck)

    return Response(define.errorpage(
        request.userid, "**Success!** Your settings have been updated.",
        [["Go Back", "/control"], ["Return Home", "/"]]))
Пример #3
0
    def POST(self):
        form = web.input(newemail="", newemailcheck="", newpassword="", newpasscheck="", password="")

        newemail = emailer.normalize_address(form.newemail)
        newemailcheck = emailer.normalize_address(form.newemailcheck)

        profile.edit_email_password(self.user_id, form.username, form.password,
                                    newemail, newemailcheck, form.newpassword, form.newpasscheck)

        return define.errorpage(
            self.user_id, "**Success!** Your settings have been updated.",
            [["Go Back", "/control"], ["Return Home", "/"]])
Пример #4
0
def control_editemailpassword_post_(request):
    form = request.web_input(newemail="",
                             newemailcheck="",
                             newpassword="",
                             newpasscheck="",
                             password="")

    newemail = emailer.normalize_address(form.newemail)
    newemailcheck = emailer.normalize_address(form.newemailcheck)

    # Check if the email was invalid; Both fields must be valid (not None), and have the form fields set
    if not newemail and not newemailcheck and form.newemail != "" and form.newemailcheck != "":
        raise WeasylError("emailInvalid")

    return_message = profile.edit_email_password(request.userid, form.username,
                                                 form.password, newemail,
                                                 newemailcheck,
                                                 form.newpassword,
                                                 form.newpasscheck)

    if not return_message:  # No changes were made
        message = "No changes were made to your account."
    else:  # Changes were made, so inform the user of this
        message = "**Success!** " + return_message
    # Finally return the message about what (if anything) changed to the user
    return Response(
        define.errorpage(request.userid, message,
                         [["Go Back", "/control"], ["Return Home", "/"]]))
Пример #5
0
    def POST(self):
        form = web.input(newemail="",
                         newemailcheck="",
                         newpassword="",
                         newpasscheck="",
                         password="")

        newemail = emailer.normalize_address(form.newemail)
        newemailcheck = emailer.normalize_address(form.newemailcheck)

        profile.edit_email_password(self.user_id, form.username, form.password,
                                    newemail, newemailcheck, form.newpassword,
                                    form.newpasscheck)

        return define.errorpage(
            self.user_id, "**Success!** Your settings have been updated.",
            [["Go Back", "/control"], ["Return Home", "/"]])
Пример #6
0
def control_editemailpassword_post_(request):
    form = request.web_input(newemail="", newemailcheck="", newpassword="", newpasscheck="", password="")

    newemail = emailer.normalize_address(form.newemail)
    newemailcheck = emailer.normalize_address(form.newemailcheck)

    # Check if the email was invalid; Both fields must be valid (not None), and have the form fields set
    if not newemail and not newemailcheck and form.newemail != "" and form.newemailcheck != "":
        raise WeasylError("emailInvalid")

    return_message = profile.edit_email_password(
        request.userid, form.username, form.password, newemail, newemailcheck,
        form.newpassword, form.newpasscheck
    )

    if not return_message:  # No changes were made
        message = "No changes were made to your account."
    else:  # Changes were made, so inform the user of this
        message = "**Success!** " + return_message
    # Finally return the message about what (if anything) changed to the user
    return Response(define.errorpage(
        request.userid, message,
        [["Go Back", "/control"], ["Return Home", "/"]])
    )
Пример #7
0
def test_edit_email_password(monkeypatch):
    monkeypatch.setattr(profile, 'invalidate_other_sessions', lambda x: '')

    from weasyl.login import verify_email_change

    password = "******"
    username = "******"
    email = "*****@*****.**"
    userid = db_utils.create_user(username=username,
                                  password=password,
                                  email_addr=email)

    # Case 1: No changes, user authentication succeeds
    assert not profile.edit_email_password(userid=userid,
                                           username=username,
                                           password=password,
                                           newemail=None,
                                           newemailcheck=None,
                                           newpassword="",
                                           newpasscheck="")

    # Case 2: No changes, user authentication fails
    with pytest.raises(WeasylError) as err:
        profile.edit_email_password(userid=userid,
                                    username=username,
                                    password="******",
                                    newemail=None,
                                    newemailcheck=None,
                                    newpassword="",
                                    newpasscheck="")
    assert 'loginInvalid' == err.value.value

    # Case 3: Changes, new password only, password too short/'insecure'
    with pytest.raises(WeasylError) as err:
        profile.edit_email_password(userid=userid,
                                    username=username,
                                    password=password,
                                    newemail=None,
                                    newemailcheck=None,
                                    newpassword="******",
                                    newpasscheck="012345")
    assert 'passwordInsecure' == err.value.value

    # Case 4: Changes, new password only, password mismatch
    with pytest.raises(WeasylError) as err:
        profile.edit_email_password(userid=userid,
                                    username=username,
                                    password=password,
                                    newemail=None,
                                    newemailcheck=None,
                                    newpassword="******",
                                    newpasscheck="1234567898")
    assert 'passwordMismatch' == err.value.value

    # Case 5: Changes, new password only, password change succeeds
    result = profile.edit_email_password(userid=userid,
                                         username=username,
                                         password=password,
                                         newemail=None,
                                         newemailcheck=None,
                                         newpassword="******",
                                         newpasscheck="1122334455")
    assert "Your password has been successfully changed" in result
    password = "******"

    # Case 6: Changes, new email only, email mismatch
    with pytest.raises(WeasylError) as err:
        profile.edit_email_password(userid=userid,
                                    username=username,
                                    password=password,
                                    newemail="*****@*****.**",
                                    newemailcheck="*****@*****.**",
                                    newpassword="",
                                    newpasscheck="")
    assert 'emailMismatch' == err.value.value

    # Case 7: Changes, new email only, email already in use
    db_utils.create_user(email_addr="*****@*****.**")
    with pytest.raises(WeasylError) as err:
        profile.edit_email_password(userid=userid,
                                    username=username,
                                    password=password,
                                    newemail="*****@*****.**",
                                    newemailcheck="*****@*****.**",
                                    newpassword="",
                                    newpasscheck="")
    assert 'emailExists' == err.value.value

    # Case 8: Changes, new email only, email change succeeds
    newemailaddr = "*****@*****.**"
    result = profile.edit_email_password(userid=userid,
                                         username=username,
                                         password=password,
                                         newemail=newemailaddr,
                                         newemailcheck=newemailaddr,
                                         newpassword="",
                                         newpasscheck="")
    assert "Your email change request is currently pending" in result
    query = d.engine.execute("""
        SELECT userid, email, token, createtimestamp
        FROM emailverify
        WHERE userid = %(userid)s
    """,
                             userid=userid).fetchone()
    QID, QEMAIL, QTOKEN, QTIMESTAMP = query
    assert QID == userid
    assert QEMAIL == newemailaddr
    assert len(QTOKEN) == 40
    assert arrow.get(QTIMESTAMP)

    # Now that we have the token, let's also verify that ``login.verify_email_change`` works.
    #   It's as good a place as any.
    # Case 8.1/8.2: Make sure invalid token and/or userid doesn't work.
    with pytest.raises(WeasylError) as err:
        verify_email_change(None, "a")
    assert "Unexpected" == err.value.value
    with pytest.raises(WeasylError) as err:
        verify_email_change(1, None)
    assert "Unexpected" == err.value.value

    # Case 8.3: An incorrect token is provided.
    with pytest.raises(WeasylError) as err:
        verify_email_change(userid, "a")
    assert "ChangeEmailVerificationTokenIncorrect" == err.value.value

    # Case 8.4: Correct token is provided, and the new email is written to `login`
    result = verify_email_change(userid, QTOKEN)
    assert result == newemailaddr
    query = d.engine.scalar("""
        SELECT email
        FROM login
        WHERE userid = %(userid)s
    """,
                            userid=userid)
    assert query == QEMAIL

    # Case 9: Email and password changed at the same time.
    newemailaddr = "*****@*****.**"
    newpassword = "******"
    result = profile.edit_email_password(userid=userid,
                                         username=username,
                                         password=password,
                                         newemail=newemailaddr,
                                         newemailcheck=newemailaddr,
                                         newpassword=newpassword,
                                         newpasscheck=newpassword)
    assert "Your password has been successfully changed" in result
    assert "Your email change request is currently pending" in result
Пример #8
0
def test_edit_email_password(monkeypatch):
    monkeypatch.setattr(profile, 'invalidate_other_sessions', lambda x: '')

    from weasyl.login import verify_email_change

    password = "******"
    username = "******"
    email = "*****@*****.**"
    userid = db_utils.create_user(username=username, password=password, email_addr=email)

    # Case 1: No changes, user authentication succeeds
    assert not profile.edit_email_password(
        userid=userid, username=username, password=password, newemail=None, newemailcheck=None,
        newpassword="", newpasscheck=""
    )

    # Case 2: No changes, user authentication fails
    with pytest.raises(WeasylError) as err:
        profile.edit_email_password(
            userid=userid, username=username, password="******", newemail=None, newemailcheck=None,
            newpassword="", newpasscheck=""
        )
    assert 'loginInvalid' == err.value.value

    # Case 3: Changes, new password only, password too short/'insecure'
    with pytest.raises(WeasylError) as err:
        profile.edit_email_password(
            userid=userid, username=username, password=password, newemail=None, newemailcheck=None,
            newpassword="******", newpasscheck="012345"
        )
    assert 'passwordInsecure' == err.value.value

    # Case 4: Changes, new password only, password mismatch
    with pytest.raises(WeasylError) as err:
        profile.edit_email_password(
            userid=userid, username=username, password=password, newemail=None, newemailcheck=None,
            newpassword="******", newpasscheck="1234567898"
        )
    assert 'passwordMismatch' == err.value.value

    # Case 5: Changes, new password only, password change succeeds
    result = profile.edit_email_password(
        userid=userid, username=username, password=password, newemail=None, newemailcheck=None,
        newpassword="******", newpasscheck="1122334455"
    )
    assert "Your password has been successfully changed" in result
    password = "******"

    # Case 6: Changes, new email only, email mismatch
    with pytest.raises(WeasylError) as err:
        profile.edit_email_password(
            userid=userid, username=username, password=password,
            newemail="*****@*****.**", newemailcheck="*****@*****.**",
            newpassword="", newpasscheck=""
        )
    assert 'emailMismatch' == err.value.value

    # Case 7: Changes, new email only, email already in use
    db_utils.create_user(email_addr="*****@*****.**")
    profile.edit_email_password(
        userid=userid, username=username, password=password,
        newemail="*****@*****.**", newemailcheck="*****@*****.**",
        newpassword="", newpasscheck=""
    )
    query = d.engine.scalar("""
        SELECT email FROM emailverify WHERE userid = %(userid)s LIMIT 1
    """, userid=userid)
    assert not query

    # Case 8: Changes, new email only, email change succeeds
    newemailaddr = "*****@*****.**"
    result = profile.edit_email_password(
        userid=userid, username=username, password=password,
        newemail=newemailaddr, newemailcheck=newemailaddr,
        newpassword="", newpasscheck=""
    )
    assert "Your email change request is currently pending" in result
    query = d.engine.execute("""
        SELECT userid, email, token, createtimestamp
        FROM emailverify
        WHERE userid = %(userid)s
    """, userid=userid).fetchone()
    QID, QEMAIL, QTOKEN, QTIMESTAMP = query
    assert QID == userid
    assert QEMAIL == newemailaddr
    assert len(QTOKEN) == 40
    assert arrow.get(QTIMESTAMP)

    # Now that we have the token, let's also verify that ``login.verify_email_change`` works.
    #   It's as good a place as any.
    # Case 8.1/8.2: Make sure invalid token and/or userid doesn't work.
    with pytest.raises(WeasylError) as err:
        verify_email_change(None, "a")
    assert "Unexpected" == err.value.value
    with pytest.raises(WeasylError) as err:
        verify_email_change(1, None)
    assert "Unexpected" == err.value.value

    # Case 8.3: An incorrect token is provided.
    with pytest.raises(WeasylError) as err:
        verify_email_change(userid, "a")
    assert "ChangeEmailVerificationTokenIncorrect" == err.value.value

    # Case 8.4: Correct token is provided, and the new email is written to `login`
    result = verify_email_change(userid, QTOKEN)
    assert result == newemailaddr
    query = d.engine.scalar("""
        SELECT email
        FROM login
        WHERE userid = %(userid)s
    """, userid=userid)
    assert query == QEMAIL

    # Case 9: Email and password changed at the same time.
    newemailaddr = "*****@*****.**"
    newpassword = "******"
    result = profile.edit_email_password(
        userid=userid, username=username, password=password, newemail=newemailaddr, newemailcheck=newemailaddr,
        newpassword=newpassword, newpasscheck=newpassword
    )
    assert "Your password has been successfully changed" in result
    assert "Your email change request is currently pending" in result