diff options
| author | Christopher Allan Webber <cwebber@dustycloud.org> | 2013-06-21 17:24:33 -0500 |
|---|---|---|
| committer | Christopher Allan Webber <cwebber@dustycloud.org> | 2013-06-21 17:24:33 -0500 |
| commit | f7698af1c118afa4f0db10cc0359d2b8b0e319b4 (patch) | |
| tree | 70418245ca481226d6f6bc9855378ecf2c153645 /mediagoblin/edit | |
| parent | c482f0149d566156c4017fa58a8d57ffde90b1dc (diff) | |
| download | mediagoblin-f7698af1c118afa4f0db10cc0359d2b8b0e319b4.tar.lz mediagoblin-f7698af1c118afa4f0db10cc0359d2b8b0e319b4.tar.xz mediagoblin-f7698af1c118afa4f0db10cc0359d2b8b0e319b4.zip | |
Removing the "enter your password to change your email" bit.
A good idea, though it feels fairly clumsy in the form, and I think if
you're logged in you can already sabotage the user pretty well.
This commit sponsored by Sergey Matveev. Thanks!
Diffstat (limited to 'mediagoblin/edit')
| -rw-r--r-- | mediagoblin/edit/forms.py | 6 | ||||
| -rw-r--r-- | mediagoblin/edit/views.py | 54 |
2 files changed, 23 insertions, 37 deletions
diff --git a/mediagoblin/edit/forms.py b/mediagoblin/edit/forms.py index 3a502263..24b31a76 100644 --- a/mediagoblin/edit/forms.py +++ b/mediagoblin/edit/forms.py @@ -65,12 +65,6 @@ class EditAccountForm(wtforms.Form): _('New email address'), [wtforms.validators.Optional(), normalize_user_or_email_field(allow_user=False)]) - password = wtforms.PasswordField( - _('Password'), - [wtforms.validators.Optional(), - wtforms.validators.Length(min=5, max=1024)], - description=_( - 'Enter your old password to prove you own this account.')) license_preference = wtforms.SelectField( _('License preference'), [ diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index df7db21b..4eda61a2 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -236,38 +236,30 @@ def edit_account(request): user.license_preference = form.license_preference.data if form.new_email.data: - if not form.password.data: - form.password.errors.append( - _('This field is required.')) - elif not auth_lib.bcrypt_check_password( - form.password.data, user.pw_hash): - form.password.errors.append( - _('Wrong password.')) + new_email = form.new_email.data + users_with_email = User.query.filter_by( + email=new_email).count() + if users_with_email: + form.new_email.errors.append( + _('Sorry, a user with that email address' + ' already exists.')) else: - new_email = form.new_email.data - users_with_email = User.query.filter_by( - email=new_email).count() - if users_with_email: - form.new_email.errors.append( - _('Sorry, a user with that email address' - ' already exists.')) - else: - verification_key = get_timed_signer_url( - 'mail_verification_token').dumps({ - 'user': user.id, - 'email': new_email}) - - rendered_email = render_template( - request, 'mediagoblin/edit/verification.txt', - {'username': user.username, - 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format( - uri=request.urlgen('mediagoblin.edit.verify_email', - qualified=True), - verification_key=verification_key)}) - - email_debug_message(request) - auth_tools.send_verification_email(user, request, new_email, - rendered_email) + verification_key = get_timed_signer_url( + 'mail_verification_token').dumps({ + 'user': user.id, + 'email': new_email}) + + rendered_email = render_template( + request, 'mediagoblin/edit/verification.txt', + {'username': user.username, + 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format( + uri=request.urlgen('mediagoblin.edit.verify_email', + qualified=True), + verification_key=verification_key)}) + + email_debug_message(request) + auth_tools.send_verification_email(user, request, new_email, + rendered_email) if not form.errors: user.save() |