def confirm_user_email(token):
result = decode_public_private_token(token)
if not result:
raise DataModelException("Invalid email confirmation code")
try:
code = EmailConfirmation.get(
EmailConfirmation.code == result.public_code,
EmailConfirmation.email_confirm == True)
except EmailConfirmation.DoesNotExist:
raise DataModelException("Invalid email confirmation code")
if result.private_token and not code.verification_code.matches(
result.private_token):
raise DataModelException("Invalid email confirmation code")
user = code.user
user.verified = True
old_email = None
new_email = code.new_email
if new_email and new_email != old_email:
if find_user_by_email(new_email):
raise DataModelException("E-mail address already used")
old_email = user.email
user.email = new_email
with db_transaction():
user.save()
code.delete_instance()
return user, new_email, old_email
def validate_reset_code(token):
result = decode_public_private_token(token)
if not result:
return None
# Find the reset code.
try:
code = EmailConfirmation.get(
EmailConfirmation.code == result.public_code,
EmailConfirmation.pw_reset == True)
except EmailConfirmation.DoesNotExist:
return None
if result.private_token and not code.verification_code.matches(
result.private_token):
return None
# Make sure the code is not expired.
max_lifetime_duration = convert_to_timedelta(
config.app_config["USER_RECOVERY_TOKEN_LIFETIME"])
if code.created + max_lifetime_duration < datetime.now():
code.delete_instance()
return None
# Verify the user and return the code.
user = code.user
with db_transaction():
if not user.verified:
user.verified = True
user.save()
code.delete_instance()
return user
def validate_reset_code(token):
# TODO(remove-unenc): Remove allow_public_only once migrated.
allow_public_only = ActiveDataMigration.has_flag(ERTMigrationFlags.READ_OLD_FIELDS)
result = decode_public_private_token(token, allow_public_only=allow_public_only)
if not result:
return None
# Find the reset code.
try:
code = EmailConfirmation.get(
EmailConfirmation.code == result.public_code, EmailConfirmation.pw_reset == True
)
except EmailConfirmation.DoesNotExist:
return None
if result.private_token and not code.verification_code.matches(result.private_token):
return None
# Make sure the code is not expired.
max_lifetime_duration = convert_to_timedelta(config.app_config["USER_RECOVERY_TOKEN_LIFETIME"])
if code.created + max_lifetime_duration < datetime.now():
code.delete_instance()
return None
# Verify the user and return the code.
user = code.user
with db_transaction():
if not user.verified:
user.verified = True
user.save()
code.delete_instance()
return user
def confirm_user_email(token):
# TODO(remove-unenc): Remove allow_public_only once migrated.
allow_public_only = ActiveDataMigration.has_flag(ERTMigrationFlags.READ_OLD_FIELDS)
result = decode_public_private_token(token, allow_public_only=allow_public_only)
if not result:
raise DataModelException("Invalid email confirmation code")
try:
code = EmailConfirmation.get(
EmailConfirmation.code == result.public_code, EmailConfirmation.email_confirm == True
)
except EmailConfirmation.DoesNotExist:
raise DataModelException("Invalid email confirmation code")
if result.private_token and not code.verification_code.matches(result.private_token):
raise DataModelException("Invalid email confirmation code")
user = code.user
user.verified = True
old_email = None
new_email = code.new_email
if new_email and new_email != old_email:
if find_user_by_email(new_email):
raise DataModelException("E-mail address already used")
old_email = user.email
user.email = new_email
with db_transaction():
user.save()
code.delete_instance()
return user, new_email, old_email
def create_confirm_email_code(user, new_email=None):
if new_email:
if not validate_email(new_email):
raise InvalidEmailAddressException("Invalid email address: %s" % new_email)
verification_code, unhashed = Credential.generate()
code = EmailConfirmation.create(
user=user, email_confirm=True, new_email=new_email, verification_code=verification_code
)
return encode_public_private_token(code.code, unhashed)
def create_reset_password_email_code(email):
try:
user = User.get(User.email == email)
except User.DoesNotExist:
raise InvalidEmailAddressException("Email address was not found")
if user.organization:
raise InvalidEmailAddressException("Organizations can not have passwords")
verification_code, unhashed = Credential.generate()
code = EmailConfirmation.create(user=user, pw_reset=True, verification_code=verification_code)
return encode_public_private_token(code.code, unhashed)
def test_validation_code(token_lifetime, time_since, initialized_db):
user = create_user_noverify('foobar', '*****@*****.**', email_required=False)
created = datetime.now() - convert_to_timedelta(time_since)
verification_code, unhashed = Credential.generate()
confirmation = EmailConfirmation.create(user=user, pw_reset=True,
created=created, verification_code=verification_code)
encoded = encode_public_private_token(confirmation.code, unhashed)
with patch('data.model.config.app_config', {'USER_RECOVERY_TOKEN_LIFETIME': token_lifetime}):
result = validate_reset_code(encoded)
expect_success = convert_to_timedelta(token_lifetime) >= convert_to_timedelta(time_since)
assert expect_success == (result is not None)