diff options
| -rw-r--r-- | mediagoblin/edit/forms.py | 16 | ||||
| -rw-r--r-- | mediagoblin/edit/routing.py | 2 | ||||
| -rw-r--r-- | mediagoblin/edit/views.py | 76 | ||||
| -rw-r--r-- | mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/edit_link.html | 9 | ||||
| -rw-r--r-- | mediagoblin/templates/mediagoblin/edit/change_email.html | 45 | ||||
| -rw-r--r-- | mediagoblin/templates/mediagoblin/edit/edit_account.html | 19 | ||||
| -rw-r--r-- | mediagoblin/tests/test_edit.py | 8 |
7 files changed, 127 insertions, 48 deletions
diff --git a/mediagoblin/edit/forms.py b/mediagoblin/edit/forms.py index 5de1bf96..3f1e2386 100644 --- a/mediagoblin/edit/forms.py +++ b/mediagoblin/edit/forms.py @@ -61,10 +61,6 @@ class EditProfileForm(wtforms.Form): class EditAccountForm(wtforms.Form): - new_email = wtforms.TextField( - _('New email address'), - [wtforms.validators.Optional(), - normalize_user_or_email_field(allow_user=False)]) wants_comment_notification = wtforms.BooleanField( description=_("Email me when others comment on my media")) wants_notifications = wtforms.BooleanField( @@ -113,3 +109,15 @@ class ChangePassForm(wtforms.Form): [wtforms.validators.Required(), wtforms.validators.Length(min=6, max=30)], id="password") + + +class ChangeEmailForm(wtforms.Form): + new_email = wtforms.TextField( + _('New email address'), + [wtforms.validators.Required(), + normalize_user_or_email_field(allow_user=False)]) + password = wtforms.PasswordField( + _('Password'), + [wtforms.validators.Required()], + description=_( + "Enter your password to prove you own this account.")) diff --git a/mediagoblin/edit/routing.py b/mediagoblin/edit/routing.py index 3592f708..75f5a6d8 100644 --- a/mediagoblin/edit/routing.py +++ b/mediagoblin/edit/routing.py @@ -28,3 +28,5 @@ add_route('mediagoblin.edit.pass', '/edit/password/', 'mediagoblin.edit.views:change_pass') add_route('mediagoblin.edit.verify_email', '/edit/verify_email/', 'mediagoblin.edit.views:verify_email') +add_route('mediagoblin.edit.email', '/edit/email/', + 'mediagoblin.edit.views:change_email') diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index a11cb932..b09f8c5e 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -427,30 +427,52 @@ def verify_email(request): user=user.username) -def _update_email(request, form, user): - new_email = form.new_email.data - users_with_email = User.query.filter_by( - email=new_email).count() - - if users_with_email: - form.new_email.errors.append( - _('Sorry, a user with that email address' - ' already exists.')) - - elif not users_with_email: - verification_key = get_timed_signer_url( - 'mail_verification_token').dumps({ - 'user': user.id, - 'email': new_email}) - - rendered_email = render_template( - request, 'mediagoblin/edit/verification.txt', - {'username': user.username, - 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format( - uri=request.urlgen('mediagoblin.edit.verify_email', - qualified=True), - verification_key=verification_key)}) - - email_debug_message(request) - auth_tools.send_verification_email(user, request, new_email, - rendered_email) +def change_email(request): + """ View to change the user's email """ + form = forms.ChangeEmailForm(request.form) + user = request.user + + # If no password authentication, no need to enter a password + if 'pass_auth' not in request.template_env.globals or not user.pw_hash: + form.__delitem__('password') + + if request.method == 'POST' and form.validate(): + new_email = form.new_email.data + users_with_email = User.query.filter_by( + email=new_email).count() + + if users_with_email: + form.new_email.errors.append( + _('Sorry, a user with that email address' + ' already exists.')) + + if form.password and user.pw_hash and not auth.check_password( + form.password.data, user.pw_hash): + form.password.errors.append( + _('Wrong password')) + + if not form.errors: + verification_key = get_timed_signer_url( + 'mail_verification_token').dumps({ + 'user': user.id, + 'email': new_email}) + + rendered_email = render_template( + request, 'mediagoblin/edit/verification.txt', + {'username': user.username, + 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format( + uri=request.urlgen('mediagoblin.edit.verify_email', + qualified=True), + verification_key=verification_key)}) + + email_debug_message(request) + auth_tools.send_verification_email(user, request, new_email, + rendered_email) + + return redirect(request, 'mediagoblin.edit.account') + + return render_to_response( + request, + 'mediagoblin/edit/change_email.html', + {'form': form, + 'user': user}) diff --git a/mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/edit_link.html b/mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/edit_link.html index 2e63e1f8..88b232f8 100644 --- a/mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/edit_link.html +++ b/mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/edit_link.html @@ -17,9 +17,8 @@ #} {% block openid_edit_link %} - <p> - <a href="{{ request.urlgen('mediagoblin.plugins.openid.edit') }}"> - {% trans %}Edit your OpenID's{% endtrans %} - </a> - </p> + <a href="{{ request.urlgen('mediagoblin.plugins.openid.edit') }}"> + {% trans %}OpenID's{% endtrans %} + </a> + · {% endblock %} diff --git a/mediagoblin/templates/mediagoblin/edit/change_email.html b/mediagoblin/templates/mediagoblin/edit/change_email.html new file mode 100644 index 00000000..76cc4771 --- /dev/null +++ b/mediagoblin/templates/mediagoblin/edit/change_email.html @@ -0,0 +1,45 @@ +{# +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. +#} +{% extends "mediagoblin/base.html" %} + +{% import "/mediagoblin/utils/wtforms.html" as wtforms_util %} + +{% block title -%} + {% trans username=user.username -%} + Changing {{ username }}'s email + {%- endtrans %} — {{ super() }} +{%- endblock %} + +{% block mediagoblin_content %} + <form action="{{ request.urlgen('mediagoblin.edit.email') }}" + method="POST" enctype="multipart/form-data"> + <div class="form_box edit_box"> + <h1> + {%- trans username=user.username -%} + Changing {{ username }}'s email + {%- endtrans -%} + </h1> + {{ wtforms_util.render_divs(form, True) }} + {{ csrf_token }} + <div class="form_submit_buttons"> + <input type="submit" value="{% trans %}Save{% endtrans %}" + class="button_form" /> + </div> + </div> + </form> +{% endblock %} diff --git a/mediagoblin/templates/mediagoblin/edit/edit_account.html b/mediagoblin/templates/mediagoblin/edit/edit_account.html index 51293acb..14011daa 100644 --- a/mediagoblin/templates/mediagoblin/edit/edit_account.html +++ b/mediagoblin/templates/mediagoblin/edit/edit_account.html @@ -41,14 +41,6 @@ Changing {{ username }}'s account settings {%- endtrans -%} </h1> - {% if pass_auth is defined %} - <p> - <a href="{{ request.urlgen('mediagoblin.edit.pass') }}"> - {% trans %}Change your password.{% endtrans %} - </a> - </p> - {% endif %} - {% template_hook("edit_link") %} {{ wtforms_util.render_divs(form, True) }} <div class="form_submit_buttons"> <input type="submit" value="{% trans %}Save changes{% endtrans %}" class="button_form" /> @@ -60,5 +52,16 @@ <a href="{{ request.urlgen('mediagoblin.edit.delete_account') }}"> {%- trans %}Delete my account{% endtrans -%} </a> + · + {% template_hook("edit_link") %} + <a href="{{ request.urlgen('mediagoblin.edit.email') }}"> + {% trans %}Email{% endtrans %} + </a> + {% if pass_auth is defined %} + · + <a href="{{ request.urlgen('mediagoblin.edit.pass') }}"> + {% trans %}Password{% endtrans %} + </a> + {% endif %} </div> {% endblock %} diff --git a/mediagoblin/tests/test_edit.py b/mediagoblin/tests/test_edit.py index d70d0478..c43a3a42 100644 --- a/mediagoblin/tests/test_edit.py +++ b/mediagoblin/tests/test_edit.py @@ -147,26 +147,26 @@ class TestUserEdit(object): # Test email already in db template.clear_test_template_context() test_app.post( - '/edit/account/', { + '/edit/email/', { 'new_email': 'chris@example.com', 'password': 'toast'}) # Check form errors context = template.TEMPLATE_TEST_CONTEXT[ - 'mediagoblin/edit/edit_account.html'] + 'mediagoblin/edit/change_email.html'] assert context['form'].new_email.errors == [ u'Sorry, a user with that email address already exists.'] # Test successful email change template.clear_test_template_context() res = test_app.post( - '/edit/account/', { + '/edit/email/', { 'new_email': 'new@example.com', 'password': 'toast'}) res.follow() # Correct redirect? - assert urlparse.urlsplit(res.location)[2] == '/u/chris/' + assert urlparse.urlsplit(res.location)[2] == '/edit/account/' # Make sure we get email verification and try verifying assert len(mail.EMAIL_TEST_INBOX) == 1 |