def verify_email(md5sum):
"""
If the user has a pending email verification but has lost the email, allow them to
send themselves another verification email. This endpoint is only linked to from
the account page under the list of email addresses pending verification.
"""
useremail = UserEmail.get(md5sum=md5sum)
if useremail and useremail.user == current_auth.user:
# If an email address is already verified (this should not happen unless the
# user followed a stale link), tell them it's done -- but only if the email
# address belongs to this user, to prevent this endpoint from being used as a
# probe for email addresses in the database.
flash(_("This email address is already verified"), 'danger')
return render_redirect(url_for('.account'), code=303)
# Get the existing email claim that we're resending a verification link for
emailclaim = UserEmailClaim.get_for(user=current_auth.user, md5sum=md5sum)
if not emailclaim:
abort(404)
verify_form = VerifyEmailForm()
if verify_form.validate_on_submit():
send_email_verify_link(emailclaim)
flash(_("The verification email has been sent to this address"),
'success')
return render_redirect(url_for('.account'), code=303)
return render_form(
form=verify_form,
title=_("Resend the verification email?"),
message=_("We will resend the verification email to '{email}'".format(
email=emailclaim.email)),
formid="email_verify",
submit=_("Send"),
cancel_url=url_for('.account'),
)
def validate_email(self, field):
field.data = field.data.lower() # Convert to lowercase
existing = UserEmail.get(email=field.data)
if existing is not None:
if existing.user == current_auth.user:
raise forms.ValidationError(
_("You have already registered this email address"))
else:
raise forms.ValidationError(
_("This email address has already been claimed"))
existing = UserEmailClaim.get_for(user=current_auth.user,
email=field.data)
if existing is not None:
raise forms.ValidationError(
_("This email address is pending verification"))
def add_email():
form = NewEmailAddressForm()
if form.validate_on_submit():
useremail = UserEmailClaim.get_for(user=current_auth.user,
email=form.email.data)
if useremail is None:
useremail = UserEmailClaim(user=current_auth.user,
email=form.email.data,
type=form.type.data)
db.session.add(useremail)
db.session.commit()
send_email_verify_link(useremail)
flash(_("We sent you an email to confirm your address"), 'success')
user_data_changed.send(current_auth.user, changes=['email-claim'])
return render_redirect(url_for('.account'), code=303)
return render_form(
form=form,
title=_("Add an email address"),
formid='email_add',
submit=_("Add email"),
ajax=True,
)
def remove_email(md5sum):
useremail = UserEmail.get_for(user=current_auth.user, md5sum=md5sum)
if not useremail:
useremail = UserEmailClaim.get_for(user=current_auth.user,
md5sum=md5sum)
if not useremail:
abort(404)
if isinstance(useremail, UserEmail) and useremail.primary:
flash(_("You cannot remove your primary email address"), 'danger')
return render_redirect(url_for('.account'), code=303)
if request.method == 'POST':
# FIXME: Confirm validation success
user_data_changed.send(current_auth.user, changes=['email-delete'])
return render_delete_sqla(
useremail,
db,
title=_("Confirm removal"),
message=_("Remove email address {email} from your account?").format(
email=useremail.email),
success=_("You have removed your email address {email}").format(
email=useremail.email),
next=url_for('.account'),
delete_text=_("Remove"),
)
def account_edit(newprofile=False):
form = ProfileForm(obj=current_auth.user)
form.edit_user = current_auth.user
form.fullname.description = current_app.config.get('FULLNAME_REASON')
form.email.description = current_app.config.get('EMAIL_REASON')
form.username.description = current_app.config.get('USERNAME_REASON')
form.timezone.description = current_app.config.get('TIMEZONE_REASON')
if current_auth.user.email or newprofile is False:
del form.email
if form.validate_on_submit():
# Can't auto-populate here because user.email is read-only
current_auth.user.fullname = form.fullname.data
current_auth.user.username = form.username.data
current_auth.user.timezone = form.timezone.data
if newprofile and not current_auth.user.email:
useremail = UserEmailClaim.get_for(
user=current_auth.user, email=form.email.data
)
if useremail is None:
useremail = UserEmailClaim(
user=current_auth.user, email=form.email.data
)
db.session.add(useremail)
send_email_verify_link(useremail)
db.session.commit()
user_data_changed.send(
current_auth.user, changes=['profile', 'email-claim']
)
flash(
_(
"Your profile has been updated. We sent you an email to confirm your address"
),
category='success',
)
else:
db.session.commit()
user_data_changed.send(current_auth.user, changes=['profile'])
flash(_("Your profile has been updated"), category='success')
if newprofile:
return render_redirect(get_next_url(), code=303)
else:
return render_redirect(url_for('account'), code=303)
if newprofile:
return render_form(
form,
title=_("Update profile"),
formid='account_new',
submit=_("Continue"),
message=Markup(
_(
"Hello, <strong>{fullname}</strong>. Please spare a minute to fill out your profile"
).format(fullname=escape(current_auth.user.fullname))
),
ajax=True,
)
else:
return render_form(
form,
title=_("Edit profile"),
formid='account_edit',
submit=_("Save changes"),
ajax=True,
)
