aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--mediagoblin/edit/forms.py16
-rw-r--r--mediagoblin/edit/routing.py2
-rw-r--r--mediagoblin/edit/views.py76
-rw-r--r--mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/edit_link.html9
-rw-r--r--mediagoblin/templates/mediagoblin/edit/change_email.html45
-rw-r--r--mediagoblin/templates/mediagoblin/edit/edit_account.html19
-rw-r--r--mediagoblin/tests/test_edit.py8
7 files changed, 127 insertions, 48 deletions
diff --git a/mediagoblin/edit/forms.py b/mediagoblin/edit/forms.py
index 5de1bf96..3f1e2386 100644
--- a/mediagoblin/edit/forms.py
+++ b/mediagoblin/edit/forms.py
@@ -61,10 +61,6 @@ class EditProfileForm(wtforms.Form):
class EditAccountForm(wtforms.Form):
- new_email = wtforms.TextField(
- _('New email address'),
- [wtforms.validators.Optional(),
- normalize_user_or_email_field(allow_user=False)])
wants_comment_notification = wtforms.BooleanField(
description=_("Email me when others comment on my media"))
wants_notifications = wtforms.BooleanField(
@@ -113,3 +109,15 @@ class ChangePassForm(wtforms.Form):
[wtforms.validators.Required(),
wtforms.validators.Length(min=6, max=30)],
id="password")
+
+
+class ChangeEmailForm(wtforms.Form):
+ new_email = wtforms.TextField(
+ _('New email address'),
+ [wtforms.validators.Required(),
+ normalize_user_or_email_field(allow_user=False)])
+ password = wtforms.PasswordField(
+ _('Password'),
+ [wtforms.validators.Required()],
+ description=_(
+ "Enter your password to prove you own this account."))
diff --git a/mediagoblin/edit/routing.py b/mediagoblin/edit/routing.py
index 3592f708..75f5a6d8 100644
--- a/mediagoblin/edit/routing.py
+++ b/mediagoblin/edit/routing.py
@@ -28,3 +28,5 @@ add_route('mediagoblin.edit.pass', '/edit/password/',
'mediagoblin.edit.views:change_pass')
add_route('mediagoblin.edit.verify_email', '/edit/verify_email/',
'mediagoblin.edit.views:verify_email')
+add_route('mediagoblin.edit.email', '/edit/email/',
+ 'mediagoblin.edit.views:change_email')
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index a11cb932..b09f8c5e 100644
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -427,30 +427,52 @@ def verify_email(request):
user=user.username)
-def _update_email(request, form, user):
- new_email = form.new_email.data
- users_with_email = User.query.filter_by(
- email=new_email).count()
-
- if users_with_email:
- form.new_email.errors.append(
- _('Sorry, a user with that email address'
- ' already exists.'))
-
- elif not users_with_email:
- verification_key = get_timed_signer_url(
- 'mail_verification_token').dumps({
- 'user': user.id,
- 'email': new_email})
-
- rendered_email = render_template(
- request, 'mediagoblin/edit/verification.txt',
- {'username': user.username,
- 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
- uri=request.urlgen('mediagoblin.edit.verify_email',
- qualified=True),
- verification_key=verification_key)})
-
- email_debug_message(request)
- auth_tools.send_verification_email(user, request, new_email,
- rendered_email)
+def change_email(request):
+ """ View to change the user's email """
+ form = forms.ChangeEmailForm(request.form)
+ user = request.user
+
+ # If no password authentication, no need to enter a password
+ if 'pass_auth' not in request.template_env.globals or not user.pw_hash:
+ form.__delitem__('password')
+
+ if request.method == 'POST' and form.validate():
+ new_email = form.new_email.data
+ users_with_email = User.query.filter_by(
+ email=new_email).count()
+
+ if users_with_email:
+ form.new_email.errors.append(
+ _('Sorry, a user with that email address'
+ ' already exists.'))
+
+ if form.password and user.pw_hash and not auth.check_password(
+ form.password.data, user.pw_hash):
+ form.password.errors.append(
+ _('Wrong password'))
+
+ if not form.errors:
+ verification_key = get_timed_signer_url(
+ 'mail_verification_token').dumps({
+ 'user': user.id,
+ 'email': new_email})
+
+ rendered_email = render_template(
+ request, 'mediagoblin/edit/verification.txt',
+ {'username': user.username,
+ 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
+ uri=request.urlgen('mediagoblin.edit.verify_email',
+ qualified=True),
+ verification_key=verification_key)})
+
+ email_debug_message(request)
+ auth_tools.send_verification_email(user, request, new_email,
+ rendered_email)
+
+ return redirect(request, 'mediagoblin.edit.account')
+
+ return render_to_response(
+ request,
+ 'mediagoblin/edit/change_email.html',
+ {'form': form,
+ 'user': user})
diff --git a/mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/edit_link.html b/mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/edit_link.html
index 2e63e1f8..88b232f8 100644
--- a/mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/edit_link.html
+++ b/mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/edit_link.html
@@ -17,9 +17,8 @@
#}
{% block openid_edit_link %}
- <p>
- <a href="{{ request.urlgen('mediagoblin.plugins.openid.edit') }}">
- {% trans %}Edit your OpenID's{% endtrans %}
- </a>
- </p>
+ <a href="{{ request.urlgen('mediagoblin.plugins.openid.edit') }}">
+ {% trans %}OpenID's{% endtrans %}
+ </a>
+ &middot;
{% endblock %}
diff --git a/mediagoblin/templates/mediagoblin/edit/change_email.html b/mediagoblin/templates/mediagoblin/edit/change_email.html
new file mode 100644
index 00000000..76cc4771
--- /dev/null
+++ b/mediagoblin/templates/mediagoblin/edit/change_email.html
@@ -0,0 +1,45 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#}
+{% extends "mediagoblin/base.html" %}
+
+{% import "/mediagoblin/utils/wtforms.html" as wtforms_util %}
+
+{% block title -%}
+ {% trans username=user.username -%}
+ Changing {{ username }}'s email
+ {%- endtrans %} &mdash; {{ super() }}
+{%- endblock %}
+
+{% block mediagoblin_content %}
+ <form action="{{ request.urlgen('mediagoblin.edit.email') }}"
+ method="POST" enctype="multipart/form-data">
+ <div class="form_box edit_box">
+ <h1>
+ {%- trans username=user.username -%}
+ Changing {{ username }}'s email
+ {%- endtrans -%}
+ </h1>
+ {{ wtforms_util.render_divs(form, True) }}
+ {{ csrf_token }}
+ <div class="form_submit_buttons">
+ <input type="submit" value="{% trans %}Save{% endtrans %}"
+ class="button_form" />
+ </div>
+ </div>
+ </form>
+{% endblock %}
diff --git a/mediagoblin/templates/mediagoblin/edit/edit_account.html b/mediagoblin/templates/mediagoblin/edit/edit_account.html
index 51293acb..14011daa 100644
--- a/mediagoblin/templates/mediagoblin/edit/edit_account.html
+++ b/mediagoblin/templates/mediagoblin/edit/edit_account.html
@@ -41,14 +41,6 @@
Changing {{ username }}'s account settings
{%- endtrans -%}
</h1>
- {% if pass_auth is defined %}
- <p>
- <a href="{{ request.urlgen('mediagoblin.edit.pass') }}">
- {% trans %}Change your password.{% endtrans %}
- </a>
- </p>
- {% endif %}
- {% template_hook("edit_link") %}
{{ wtforms_util.render_divs(form, True) }}
<div class="form_submit_buttons">
<input type="submit" value="{% trans %}Save changes{% endtrans %}" class="button_form" />
@@ -60,5 +52,16 @@
<a href="{{ request.urlgen('mediagoblin.edit.delete_account') }}">
{%- trans %}Delete my account{% endtrans -%}
</a>
+ &middot;
+ {% template_hook("edit_link") %}
+ <a href="{{ request.urlgen('mediagoblin.edit.email') }}">
+ {% trans %}Email{% endtrans %}
+ </a>
+ {% if pass_auth is defined %}
+ &middot;
+ <a href="{{ request.urlgen('mediagoblin.edit.pass') }}">
+ {% trans %}Password{% endtrans %}
+ </a>
+ {% endif %}
</div>
{% endblock %}
diff --git a/mediagoblin/tests/test_edit.py b/mediagoblin/tests/test_edit.py
index d70d0478..c43a3a42 100644
--- a/mediagoblin/tests/test_edit.py
+++ b/mediagoblin/tests/test_edit.py
@@ -147,26 +147,26 @@ class TestUserEdit(object):
# Test email already in db
template.clear_test_template_context()
test_app.post(
- '/edit/account/', {
+ '/edit/email/', {
'new_email': 'chris@example.com',
'password': 'toast'})
# Check form errors
context = template.TEMPLATE_TEST_CONTEXT[
- 'mediagoblin/edit/edit_account.html']
+ 'mediagoblin/edit/change_email.html']
assert context['form'].new_email.errors == [
u'Sorry, a user with that email address already exists.']
# Test successful email change
template.clear_test_template_context()
res = test_app.post(
- '/edit/account/', {
+ '/edit/email/', {
'new_email': 'new@example.com',
'password': 'toast'})
res.follow()
# Correct redirect?
- assert urlparse.urlsplit(res.location)[2] == '/u/chris/'
+ assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
# Make sure we get email verification and try verifying
assert len(mail.EMAIL_TEST_INBOX) == 1