def post(self): """ Delete the current user's account use POST instead of GET to enable csrf validation """ u = user_manipulator.first(email=current_user.email) logout_user() user_manipulator.delete(u) return {"message": "success"}, 200
def get(self, token): try: email = current_app.ts.loads(token, max_age=86400, salt=VerificationEmail.salt) except: current_app.logger.warning( "{0} verification token not validated".format(token)) return {"error": "unknown verification token"}, 404 # This logic is necessary to de-activate accounts via the change-email # workflow. This strong coupling should be deprecated by using signals. previous_uid = None if " " in email: email, previous_uid = email.split() u = user_manipulator.first(email=email) if u is None: return { "error": "no user associated " "with that verification token" }, 404 if u.confirmed_at is not None: return { "error": "this user and email " "has already been validated" }, 400 if previous_uid: # De-activate previous accounts by deleting the account associated # with the new email address, then update the old account with the # new email address. Again, this should be deprecated with signals. user_manipulator.delete(u) u = user_manipulator.first(id=previous_uid) user_manipulator.update(u, email=email, confirmed_at=datetime.datetime.now()) else: user_manipulator.update(u, confirmed_at=datetime.datetime.now()) login_user(u) return {"message": "success", "email": email}
def get(self, token): try: email = current_app.ts.loads(token, max_age=86400, salt=VerificationEmail.salt) except: current_app.logger.warning( "{0} verification token not validated".format(token) ) return {"error": "unknown verification token"}, 404 # This logic is necessary to de-activate accounts via the change-email # workflow. This strong coupling should be deprecated by using signals. previous_uid = None if " " in email: email, previous_uid = email.split() u = user_manipulator.first(email=email) if u is None: return {"error": "no user associated " "with that verification token"}, 404 if u.confirmed_at is not None: return {"error": "this user and email " "has already been validated"}, 400 if previous_uid: # De-activate previous accounts by deleting the account associated # with the new email address, then update the old account with the # new email address. Again, this should be deprecated with signals. user_manipulator.delete(u) u = user_manipulator.first(id=previous_uid) user_manipulator.update( u, email=email, confirmed_at=datetime.datetime.now() ) else: user_manipulator.update(u, confirmed_at=datetime.datetime.now()) login_user(u) return {"message": "success", "email": email}
def test_users_crud_operations(self): """ perform and test create, read, update, and delete patterns on user models using the `user_manipulator` service """ # .new() should not save the User to the database joe = user_manipulator.new(email='joe') self.assertIsNone(user_manipulator.first(email='joe')) # .save() should save the User to the database user_manipulator.save(joe) u = user_manipulator.first(email='joe') self.assertIsNotNone(u) self.assertEqual(u.email, 'joe') # .create() should create immediately elias = user_manipulator.create(email='elias') u = user_manipulator.first(email='elias') self.assertIsNotNone(u) self.assertEqual(elias, u) # .update() should update immediately user_manipulator.update(elias, confirmed_at=datetime(2000, 1, 1)) u = user_manipulator.first(email='elias') self.assertEqual(u.confirmed_at, datetime(2000, 1, 1)) self.assertEqual(elias, u) # .delete() should delete immediately user_manipulator.delete(elias) u = user_manipulator.first(email='elias') self.assertIsNone(u) # even though this object was deleted in the db, we still should # have a reference to the python object self.assertIsNotNone(elias) self.assertEqual(elias.confirmed_at, datetime(2000, 1, 1))