Merge remote-tracking branch 'refs/remotes/rodney757/email'

3 files changed, 63 insertions, 31 deletions

diff --git a/mediagoblin/edit/forms.py b/mediagoblin/edit/forms.py
index 5de1bf96..3f1e2386 100644
--- a/mediagoblin/edit/forms.py
+++ b/mediagoblin/edit/forms.py
@@ -61,10 +61,6 @@ class EditProfileForm(wtforms.Form):
 
 
 class EditAccountForm(wtforms.Form):
-    new_email = wtforms.TextField(
-        _('New email address'),
-        [wtforms.validators.Optional(),
-         normalize_user_or_email_field(allow_user=False)])
     wants_comment_notification = wtforms.BooleanField(
         description=_("Email me when others comment on my media"))
     wants_notifications = wtforms.BooleanField(
@@ -113,3 +109,15 @@ class ChangePassForm(wtforms.Form):
         [wtforms.validators.Required(),
          wtforms.validators.Length(min=6, max=30)],
         id="password")
+
+
+class ChangeEmailForm(wtforms.Form):
+    new_email = wtforms.TextField(
+        _('New email address'),
+        [wtforms.validators.Required(),
+         normalize_user_or_email_field(allow_user=False)])
+    password = wtforms.PasswordField(
+        _('Password'),
+        [wtforms.validators.Required()],
+        description=_(
+            "Enter your password to prove you own this account."))
diff --git a/mediagoblin/edit/routing.py b/mediagoblin/edit/routing.py
index 3592f708..75f5a6d8 100644
--- a/mediagoblin/edit/routing.py
+++ b/mediagoblin/edit/routing.py
@@ -28,3 +28,5 @@ add_route('mediagoblin.edit.pass', '/edit/password/',
     'mediagoblin.edit.views:change_pass')
 add_route('mediagoblin.edit.verify_email', '/edit/verify_email/',
     'mediagoblin.edit.views:verify_email')
+add_route('mediagoblin.edit.email', '/edit/email/',
+    'mediagoblin.edit.views:change_email')
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index a11cb932..b09f8c5e 100644
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -427,30 +427,52 @@ def verify_email(request):
         user=user.username)
 
 
-def _update_email(request, form, user):
-    new_email = form.new_email.data
-    users_with_email = User.query.filter_by(
-        email=new_email).count()
-
-    if users_with_email:
-        form.new_email.errors.append(
-            _('Sorry, a user with that email address'
-                ' already exists.'))
-
-    elif not users_with_email:
-        verification_key = get_timed_signer_url(
-            'mail_verification_token').dumps({
-                'user': user.id,
-                'email': new_email})
-
-        rendered_email = render_template(
-            request, 'mediagoblin/edit/verification.txt',
-            {'username': user.username,
-                'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
-                uri=request.urlgen('mediagoblin.edit.verify_email',
-                                   qualified=True),
-                verification_key=verification_key)})
-
-        email_debug_message(request)
-        auth_tools.send_verification_email(user, request, new_email,
-                                           rendered_email)
+def change_email(request):
+    """ View to change the user's email """
+    form = forms.ChangeEmailForm(request.form)
+    user = request.user
+
+    # If no password authentication, no need to enter a password
+    if 'pass_auth' not in request.template_env.globals or not user.pw_hash:
+        form.__delitem__('password')
+
+    if request.method == 'POST' and form.validate():
+        new_email = form.new_email.data
+        users_with_email = User.query.filter_by(
+            email=new_email).count()
+
+        if users_with_email:
+            form.new_email.errors.append(
+                _('Sorry, a user with that email address'
+                    ' already exists.'))
+
+        if form.password and user.pw_hash and not auth.check_password(
+                form.password.data, user.pw_hash):
+            form.password.errors.append(
+                _('Wrong password'))
+
+        if not form.errors:
+            verification_key = get_timed_signer_url(
+                'mail_verification_token').dumps({
+                    'user': user.id,
+                    'email': new_email})
+
+            rendered_email = render_template(
+                request, 'mediagoblin/edit/verification.txt',
+                {'username': user.username,
+                    'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
+                    uri=request.urlgen('mediagoblin.edit.verify_email',
+                                    qualified=True),
+                    verification_key=verification_key)})
+
+            email_debug_message(request)
+            auth_tools.send_verification_email(user, request, new_email,
+                                            rendered_email)
+
+            return redirect(request, 'mediagoblin.edit.account')
+
+    return render_to_response(
+        request,
+        'mediagoblin/edit/change_email.html',
+        {'form': form,
+         'user': user})