13 files changed, 370 insertions, 115 deletions

diff --git a/mediagoblin/auth/forms.py b/mediagoblin/auth/forms.py
index 0a391d67..ec395d60 100644
--- a/mediagoblin/auth/forms.py
+++ b/mediagoblin/auth/forms.py
@@ -58,9 +58,6 @@ class ChangePassForm(wtforms.Form):
         'Password',
         [wtforms.validators.Required(),
          wtforms.validators.Length(min=5, max=1024)])
-    userid = wtforms.HiddenField(
-        '',
-        [wtforms.validators.Required()])
     token = wtforms.HiddenField(
         '',
         [wtforms.validators.Required()])
diff --git a/mediagoblin/auth/lib.py b/mediagoblin/auth/lib.py
index bfc36b28..0810bd1b 100644
--- a/mediagoblin/auth/lib.py
+++ b/mediagoblin/auth/lib.py
@@ -20,6 +20,7 @@ import bcrypt
 
 from mediagoblin.tools.mail import send_email
 from mediagoblin.tools.template import render_template
+from mediagoblin.tools.crypto import get_timed_signer_url
 from mediagoblin import mg_globals
 
 
@@ -91,8 +92,8 @@ def fake_login_attempt():
 
 
 EMAIL_FP_VERIFICATION_TEMPLATE = (
-    u"http://{host}{uri}?"
-    u"userid={userid}&token={fp_verification_key}")
+    u"{uri}?"
+    u"token={fp_verification_key}")
 
 
 def send_fp_verification_email(user, request):
@@ -103,14 +104,16 @@ def send_fp_verification_email(user, request):
     - user: a user object
     - request: the request
     """
+    fp_verification_key = get_timed_signer_url('mail_verification_token') \
+            .dumps(user.id)
+
     rendered_email = render_template(
         request, 'mediagoblin/auth/fp_verification_email.txt',
         {'username': user.username,
          'verification_url': EMAIL_FP_VERIFICATION_TEMPLATE.format(
-                host=request.host,
-                uri=request.urlgen('mediagoblin.auth.verify_forgot_password'),
-                userid=unicode(user.id),
-                fp_verification_key=user.fp_verification_key)})
+                uri=request.urlgen('mediagoblin.auth.verify_forgot_password',
+                                   qualified=True),
+                fp_verification_key=fp_verification_key)})
 
     # TODO: There is no error handling in place
     send_email(
diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py
index db6b6e37..c45944d3 100644
--- a/mediagoblin/auth/tools.py
+++ b/mediagoblin/auth/tools.py
@@ -22,6 +22,7 @@ from sqlalchemy import or_
 
 from mediagoblin import mg_globals
 from mediagoblin.auth import lib as auth_lib
+from mediagoblin.tools.crypto import get_timed_signer_url
 from mediagoblin.db.models import User
 from mediagoblin.tools.mail import (normalize_email, send_email,
                                     email_debug_message)
@@ -62,11 +63,12 @@ def normalize_user_or_email_field(allow_email=True, allow_user=True):
 
 
 EMAIL_VERIFICATION_TEMPLATE = (
-    u"http://{host}{uri}?"
-    u"userid={userid}&token={verification_key}")
+    u"{uri}?"
+    u"token={verification_key}")
 
 
-def send_verification_email(user, request):
+def send_verification_email(user, request, email=None,
+                            rendered_email=None):
     """
     Send the verification email to users to activate their accounts.
 
@@ -74,19 +76,24 @@ def send_verification_email(user, request):
     - user: a user object
     - request: the request
     """
-    rendered_email = render_template(
-        request, 'mediagoblin/auth/verification_email.txt',
-        {'username': user.username,
-         'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
-                host=request.host,
-                uri=request.urlgen('mediagoblin.auth.verify_email'),
-                userid=unicode(user.id),
-                verification_key=user.verification_key)})
+    if not email:
+        email = user.email
+
+    if not rendered_email:
+        verification_key = get_timed_signer_url('mail_verification_token') \
+                .dumps(user.id)
+        rendered_email = render_template(
+            request, 'mediagoblin/auth/verification_email.txt',
+            {'username': user.username,
+            'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
+                    uri=request.urlgen('mediagoblin.auth.verify_email',
+                                       qualified=True),
+                    verification_key=verification_key)})
 
     # TODO: There is no error handling in place
     send_email(
         mg_globals.app_config['email_sender_address'],
-        [user.email],
+        [email],
         # TODO
         # Due to the distributed nature of GNU MediaGoblin, we should
         # find a way to send some additional information about the
diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py
index bb7bda77..45cb3a54 100644
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -15,10 +15,11 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import uuid
-import datetime
+from itsdangerous import BadSignature
 
 from mediagoblin import messages, mg_globals
 from mediagoblin.db.models import User
+from mediagoblin.tools.crypto import get_timed_signer_url
 from mediagoblin.tools.response import render_to_response, redirect, render_404
 from mediagoblin.tools.translate import pass_to_ugettext as _
 from mediagoblin.tools.mail import email_debug_message
@@ -115,16 +116,28 @@ def verify_email(request):
     you are lucky :)
     """
     # If we don't have userid and token parameters, we can't do anything; 404
-    if not 'userid' in request.GET or not 'token' in request.GET:
+    if not 'token' in request.GET:
         return render_404(request)
 
-    user = User.query.filter_by(id=request.args['userid']).first()
+    # Catch error if token is faked or expired
+    try:
+        token = get_timed_signer_url("mail_verification_token") \
+                .loads(request.GET['token'], max_age=10*24*3600)
+    except BadSignature:
+        messages.add_message(
+            request,
+            messages.ERROR,
+            _('The verification key or user id is incorrect.'))
 
-    if user and user.verification_key == unicode(request.GET['token']):
+        return redirect(
+            request,
+            'index')
+
+    user = User.query.filter_by(id=int(token)).first()
+
+    if user and user.email_verified is False:
         user.status = u'active'
         user.email_verified = True
-        user.verification_key = None
-
         user.save()
 
         messages.add_message(
@@ -166,9 +179,6 @@ def resend_activation(request):
 
         return redirect(request, "mediagoblin.user_pages.user_home", user=request.user['username'])
 
-    request.user.verification_key = unicode(uuid.uuid4())
-    request.user.save()
-
     email_debug_message(request)
     send_verification_email(request.user, request)
 
@@ -235,11 +245,6 @@ def forgot_password(request):
 
     # SUCCESS. Send reminder and return to login page
     if user:
-        user.fp_verification_key = unicode(uuid.uuid4())
-        user.fp_token_expire = datetime.datetime.now() + \
-                               datetime.timedelta(days=10)
-        user.save()
-
         email_debug_message(request)
         send_fp_verification_email(user, request)
 
@@ -254,31 +259,44 @@ def verify_forgot_password(request):
     """
     # get form data variables, and specifically check for presence of token
     formdata = _process_for_token(request)
-    if not formdata['has_userid_and_token']:
+    if not formdata['has_token']:
         return render_404(request)
 
-    formdata_token = formdata['vars']['token']
-    formdata_userid = formdata['vars']['userid']
     formdata_vars = formdata['vars']
 
+    # Catch error if token is faked or expired
+    try:
+        token = get_timed_signer_url("mail_verification_token") \
+                .loads(formdata_vars['token'], max_age=10*24*3600)
+    except BadSignature:
+        messages.add_message(
+            request,
+            messages.ERROR,
+            _('The verification key or user id is incorrect.'))
+
+        return redirect(
+            request,
+            'index')
+
     # check if it's a valid user id
-    user = User.query.filter_by(id=formdata_userid).first()
+    user = User.query.filter_by(id=int(token)).first()
+
+    # no user in db
     if not user:
-        return render_404(request)
+        messages.add_message(
+            request, messages.ERROR,
+            _('The user id is incorrect.'))
+        return redirect(
+            request, 'index')
 
-    # check if we have a real user and correct token
-    if ((user and user.fp_verification_key and
-         user.fp_verification_key == unicode(formdata_token) and
-         datetime.datetime.now() < user.fp_token_expire
-         and user.email_verified and user.status == 'active')):
+    # check if user active and has email verified
+    if user.email_verified and user.status == 'active':
 
         cp_form = auth_forms.ChangePassForm(formdata_vars)
 
         if request.method == 'POST' and cp_form.validate():
             user.pw_hash = auth_lib.bcrypt_gen_password_hash(
                 cp_form.password.data)
-            user.fp_verification_key = None
-            user.fp_token_expire = None
             user.save()
 
             messages.add_message(
@@ -292,10 +310,20 @@ def verify_forgot_password(request):
                 'mediagoblin/auth/change_fp.html',
                 {'cp_form': cp_form})
 
-    # in case there is a valid id but no user with that id in the db
-    # or the token expired
-    else:
-        return render_404(request)
+    if not user.email_verified:
+        messages.add_message(
+            request, messages.ERROR,
+            _('You need to verify your email before you can reset your'
+              ' password.'))
+
+    if not user.status == 'active':
+        messages.add_message(
+            request, messages.ERROR,
+            _('You are no longer an active user. Please contact the system'
+              ' admin to reactivate your accoutn.'))
+
+    return redirect(
+        request, 'index')
 
 
 def _process_for_token(request):
@@ -313,7 +341,6 @@ def _process_for_token(request):
 
     formdata = {
         'vars': formdata_vars,
-        'has_userid_and_token':
-            'userid' in formdata_vars and 'token' in formdata_vars}
+        'has_token': 'token' in formdata_vars}
 
     return formdata
diff --git a/mediagoblin/db/migrations.py b/mediagoblin/db/migrations.py
index 2c553396..6c9bf5cc 100644
--- a/mediagoblin/db/migrations.py
+++ b/mediagoblin/db/migrations.py
@@ -287,3 +287,23 @@ def unique_collections_slug(db):
     constraint.create()
 
     db.commit()
+
+
+@RegisterMigration(11, MIGRATIONS)
+def drop_token_related_User_columns(db):
+    """
+    Drop unneeded columns from the User table after switching to using
+    itsdangerous tokens for email and forgot password verification.
+    """
+    metadata = MetaData(bind=db.bind)
+    user_table = inspect_table(metadata, 'core__users')
+
+    verification_key = user_table.columns['verification_key']
+    fp_verification_key = user_table.columns['fp_verification_key']
+    fp_token_expire = user_table.columns['fp_token_expire']
+
+    verification_key.drop()
+    fp_verification_key.drop()
+    fp_token_expire.drop()
+
+    db.commit()
diff --git a/mediagoblin/db/models.py b/mediagoblin/db/models.py
index 2b925983..f5470cb9 100644
--- a/mediagoblin/db/models.py
+++ b/mediagoblin/db/models.py
@@ -68,12 +68,9 @@ class User(Base, UserMixin):
     # set to nullable=True implicitly.
     wants_comment_notification = Column(Boolean, default=True)
     license_preference = Column(Unicode)
-    verification_key = Column(Unicode)
     is_admin = Column(Boolean, default=False, nullable=False)
     url = Column(Unicode)
     bio = Column(UnicodeText)  # ??
-    fp_verification_key = Column(Unicode)
-    fp_token_expire = Column(DateTime)
 
     ## TODO
     # plugin data would be in a separate model
diff --git a/mediagoblin/edit/forms.py b/mediagoblin/edit/forms.py
index 3b2486de..3a502263 100644
--- a/mediagoblin/edit/forms.py
+++ b/mediagoblin/edit/forms.py
@@ -16,9 +16,11 @@
 
 import wtforms
 
-from mediagoblin.tools.text import tag_length_validator, TOO_LONG_TAG_WARNING
+from mediagoblin.tools.text import tag_length_validator
 from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
 from mediagoblin.tools.licenses import licenses_as_choices
+from mediagoblin.auth.forms import normalize_user_or_email_field
+
 
 class EditForm(wtforms.Form):
     title = wtforms.TextField(
@@ -59,6 +61,16 @@ class EditProfileForm(wtforms.Form):
 
 
 class EditAccountForm(wtforms.Form):
+    new_email = wtforms.TextField(
+        _('New email address'),
+        [wtforms.validators.Optional(),
+         normalize_user_or_email_field(allow_user=False)])
+    password = wtforms.PasswordField(
+        _('Password'),
+        [wtforms.validators.Optional(),
+         wtforms.validators.Length(min=5, max=1024)],
+        description=_(
+            'Enter your old password to prove you own this account.'))
     license_preference = wtforms.SelectField(
         _('License preference'),
         [
diff --git a/mediagoblin/edit/routing.py b/mediagoblin/edit/routing.py
index 622729ac..3592f708 100644
--- a/mediagoblin/edit/routing.py
+++ b/mediagoblin/edit/routing.py
@@ -26,3 +26,5 @@ add_route('mediagoblin.edit.delete_account', '/edit/account/delete/',
     'mediagoblin.edit.views:delete_account')
 add_route('mediagoblin.edit.pass', '/edit/password/',
     'mediagoblin.edit.views:change_pass')
+add_route('mediagoblin.edit.verify_email', '/edit/verify_email/',
+    'mediagoblin.edit.views:verify_email')
diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py
index 508c380d..df7db21b 100644
--- a/mediagoblin/edit/views.py
+++ b/mediagoblin/edit/views.py
@@ -16,6 +16,7 @@
 
 from datetime import datetime
 
+from itsdangerous import BadSignature
 from werkzeug.exceptions import Forbidden
 from werkzeug.utils import secure_filename
 
@@ -23,18 +24,23 @@ from mediagoblin import messages
 from mediagoblin import mg_globals
 
 from mediagoblin.auth import lib as auth_lib
+from mediagoblin.auth import tools as auth_tools
+from mediagoblin.auth.views import email_debug_message
 from mediagoblin.edit import forms
 from mediagoblin.edit.lib import may_edit_media
 from mediagoblin.decorators import (require_active_login, active_user_from_url,
-     get_media_entry_by_id,
-     user_may_alter_collection, get_user_collection)
-from mediagoblin.tools.response import render_to_response, \
-    redirect, redirect_obj
+                            get_media_entry_by_id, user_may_alter_collection,
+                            get_user_collection)
+from mediagoblin.tools.crypto import get_timed_signer_url
+from mediagoblin.tools.response import (render_to_response,
+                                        redirect, redirect_obj, render_404)
 from mediagoblin.tools.translate import pass_to_ugettext as _
+from mediagoblin.tools.template import render_template
 from mediagoblin.tools.text import (
     convert_to_tag_list_of_dicts, media_tags_as_string)
 from mediagoblin.tools.url import slugify
 from mediagoblin.db.util import check_media_slug_used, check_collection_slug_used
+from mediagoblin.db.models import User
 
 import mimetypes
 
@@ -212,6 +218,10 @@ def edit_profile(request, url_user=None):
         {'user': user,
          'form': form})
 
+EMAIL_VERIFICATION_TEMPLATE = (
+    u'{uri}?'
+    u'token={verification_key}')
+
 
 @require_active_login
 def edit_account(request):
@@ -220,27 +230,53 @@ def edit_account(request):
         wants_comment_notification=user.wants_comment_notification,
         license_preference=user.license_preference)
 
-    if request.method == 'POST':
-        form_validated = form.validate()
-
-        if form_validated and \
-                form.wants_comment_notification.validate(form):
-            user.wants_comment_notification = \
-                form.wants_comment_notification.data
-
-        if form_validated and \
-                form.license_preference.validate(form):
-            user.license_preference = \
-                form.license_preference.data
-
-        if form_validated and not form.errors:
+    if request.method == 'POST' and form.validate():
+        user.wants_comment_notification = form.wants_comment_notification.data
+
+        user.license_preference = form.license_preference.data
+
+        if form.new_email.data:
+            if not form.password.data:
+                form.password.errors.append(
+                    _('This field is required.'))
+            elif not auth_lib.bcrypt_check_password(
+                    form.password.data, user.pw_hash):
+                form.password.errors.append(
+                    _('Wrong password.'))
+            else:
+                new_email = form.new_email.data
+                users_with_email = User.query.filter_by(
+                    email=new_email).count()
+                if users_with_email:
+                    form.new_email.errors.append(
+                        _('Sorry, a user with that email address'
+                          ' already exists.'))
+                else:
+                    verification_key = get_timed_signer_url(
+                        'mail_verification_token').dumps({
+                            'user': user.id,
+                            'email': new_email})
+
+                    rendered_email = render_template(
+                        request, 'mediagoblin/edit/verification.txt',
+                        {'username': user.username,
+                         'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
+                            uri=request.urlgen('mediagoblin.edit.verify_email',
+                                               qualified=True),
+                            verification_key=verification_key)})
+
+                    email_debug_message(request)
+                    auth_tools.send_verification_email(user, request, new_email,
+                                                     rendered_email)
+
+        if not form.errors:
             user.save()
             messages.add_message(request,
-                messages.SUCCESS,
-                _("Account settings saved"))
+                                 messages.SUCCESS,
+                                 _("Account settings saved"))
             return redirect(request,
-                'mediagoblin.user_pages.user_home',
-                user=user.username)
+                            'mediagoblin.user_pages.user_home',
+                            user=user.username)
 
     return render_to_response(
         request,
@@ -369,3 +405,48 @@ def change_pass(request):
         'mediagoblin/edit/change_pass.html',
         {'form': form,
          'user': user})
+
+
+def verify_email(request):
+    """
+    Email verification view for changing email address
+    """
+    # If no token, we can't do anything
+    if not 'token' in request.GET:
+        return render_404(request)
+
+    # Catch error if token is faked or expired
+    token = None
+    try:
+        token = get_timed_signer_url("mail_verification_token") \
+                .loads(request.GET['token'], max_age=10*24*3600)
+    except BadSignature:
+        messages.add_message(
+            request,
+            messages.ERROR,
+            _('The verification key or user id is incorrect.'))
+
+        return redirect(
+            request,
+            'index')
+
+    user = User.query.filter_by(id=int(token['user'])).first()
+
+    if user:
+        user.email = token['email']
+        user.save()
+
+        messages.add_message(
+            request,
+            messages.SUCCESS,
+            _('Your email address has been verified.'))
+
+    else:
+            messages.add_message(
+                request,
+                messages.ERROR,
+                _('The verification key or user id is incorrect.'))
+
+    return redirect(
+        request, 'mediagoblin.user_pages.user_home',
+        user=user.username)
diff --git a/mediagoblin/templates/mediagoblin/edit/edit_account.html b/mediagoblin/templates/mediagoblin/edit/edit_account.html
index 4c4aaf95..d56b3ba0 100644
--- a/mediagoblin/templates/mediagoblin/edit/edit_account.html
+++ b/mediagoblin/templates/mediagoblin/edit/edit_account.html
@@ -46,6 +46,8 @@
           {% trans %}Change your password.{% endtrans %}
         </a>
       </p>
+      {{ wtforms_util.render_field_div(form.new_email) }}
+      {{ wtforms_util.render_field_div(form.password) }}
       <div class="form_field_input">
         <p>{{ form.wants_comment_notification }}
            {{ wtforms_util.render_label(form.wants_comment_notification) }}</p>
diff --git a/mediagoblin/templates/mediagoblin/edit/verification.txt b/mediagoblin/templates/mediagoblin/edit/verification.txt
new file mode 100644
index 00000000..d53cd5e8
--- /dev/null
+++ b/mediagoblin/templates/mediagoblin/edit/verification.txt
@@ -0,0 +1,29 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+-#}
+
+{% trans username=username, verification_url=verification_url|safe -%}
+Hi,
+
+We wanted to verify that you are {{ username }}. If this is the case, then 
+please follow the link below to verify your new email address.
+
+{{ verification_url }}
+
+If you are not {{ username }} or didn't request an email change, you can ignore
+this email.
+{%- endtrans %}
diff --git a/mediagoblin/tests/test_auth.py b/mediagoblin/tests/test_auth.py
index 755727f9..48b148dd 100644
--- a/mediagoblin/tests/test_auth.py
+++ b/mediagoblin/tests/test_auth.py
@@ -156,20 +156,15 @@ def test_register_views(test_app):
     assert path == u'/auth/verify_email/'
     parsed_get_params = urlparse.parse_qs(get_params)
 
-    ### user should have these same parameters
-    assert parsed_get_params['userid'] == [
-        unicode(new_user.id)]
-    assert parsed_get_params['token'] == [
-        new_user.verification_key]
-
     ## Try verifying with bs verification key, shouldn't work
     template.clear_test_template_context()
     response = test_app.get(
-        "/auth/verify_email/?userid=%s&token=total_bs" % unicode(
-            new_user.id))
+        "/auth/verify_email/?token=total_bs")
     response.follow()
-    context = template.TEMPLATE_TEST_CONTEXT[
-        'mediagoblin/user_pages/user.html']
+
+    # Correct redirect?
+    assert urlparse.urlsplit(response.location)[2] == '/'
+
     # assert context['verification_successful'] == True
     # TODO: Would be good to test messages here when we can do so...
     new_user = mg_globals.database.User.find_one(
@@ -233,35 +228,17 @@ def test_register_views(test_app):
 
     path = urlparse.urlsplit(email_context['verification_url'])[2]
     get_params = urlparse.urlsplit(email_context['verification_url'])[3]
-    assert path == u'/auth/forgot_password/verify/'
     parsed_get_params = urlparse.parse_qs(get_params)
-
-    # user should have matching parameters
-    new_user = mg_globals.database.User.find_one({'username': u'happygirl'})
-    assert parsed_get_params['userid'] == [unicode(new_user.id)]
-    assert parsed_get_params['token'] == [new_user.fp_verification_key]
-
-    ### The forgotten password token should be set to expire in ~ 10 days
-    # A few ticks have expired so there are only 9 full days left...
-    assert (new_user.fp_token_expire - datetime.datetime.now()).days == 9
+    assert path == u'/auth/forgot_password/verify/'
 
     ## Try using a bs password-changing verification key, shouldn't work
     template.clear_test_template_context()
     response = test_app.get(
-        "/auth/forgot_password/verify/?userid=%s&token=total_bs" % unicode(
-            new_user.id), status=404)
-    assert response.status.split()[0] == u'404' # status="404 NOT FOUND"
+        "/auth/forgot_password/verify/?token=total_bs")
+    response.follow()
 
-    ## Try using an expired token to change password, shouldn't work
-    template.clear_test_template_context()
-    new_user = mg_globals.database.User.find_one({'username': u'happygirl'})
-    real_token_expiration = new_user.fp_token_expire
-    new_user.fp_token_expire = datetime.datetime.now()
-    new_user.save()
-    response = test_app.get("%s?%s" % (path, get_params), status=404)
-    assert response.status.split()[0] == u'404' # status="404 NOT FOUND"
-    new_user.fp_token_expire = real_token_expiration
-    new_user.save()
+    # Correct redirect?
+    assert urlparse.urlsplit(response.location)[2] == '/'
 
     ## Verify step 1 of password-change works -- can see form to change password
     template.clear_test_template_context()
@@ -272,7 +249,6 @@ def test_register_views(test_app):
     template.clear_test_template_context()
     response = test_app.post(
         '/auth/forgot_password/verify/', {
-            'userid': parsed_get_params['userid'],
             'password': 'iamveryveryhappy',
             'token': parsed_get_params['token']})
     response.follow()
diff --git a/mediagoblin/tests/test_edit.py b/mediagoblin/tests/test_edit.py
index 08b4f8cf..76fd5ee9 100644
--- a/mediagoblin/tests/test_edit.py
+++ b/mediagoblin/tests/test_edit.py
@@ -15,14 +15,14 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import urlparse
-import pytest
 
 from mediagoblin import mg_globals
 from mediagoblin.db.models import User
 from mediagoblin.tests.tools import fixture_add_user
-from mediagoblin.tools import template
+from mediagoblin.tools import template, mail
 from mediagoblin.auth.lib import bcrypt_check_password
 
+
 class TestUserEdit(object):
     def setup(self):
         # set up new user
@@ -141,4 +141,106 @@ class TestUserEdit(object):
         assert form.url.errors == [
             u'This address contains errors']
 
+    def test_email_change(self, test_app):
+        self.login(test_app)
+
+        # Test email change without password
+        template.clear_test_template_context()
+        test_app.post(
+            '/edit/account/', {
+                'new_email': 'new@example.com'})
+
+        # Check form errors
+        context = template.TEMPLATE_TEST_CONTEXT[
+            'mediagoblin/edit/edit_account.html']
+        assert context['form'].password.errors == [
+            u'This field is required.']
+
+        # Test email change with wrong password
+        template.clear_test_template_context()
+        test_app.post(
+            '/edit/account/', {
+                'new_email': 'new@example.com',
+                'password': 'wrong'})
+
+        # Check form errors
+        context = template.TEMPLATE_TEST_CONTEXT[
+            'mediagoblin/edit/edit_account.html']
+        assert context['form'].password.errors == [
+            u'Wrong password.']
+
+        # Test email already in db
+        template.clear_test_template_context()
+        test_app.post(
+            '/edit/account/', {
+                'new_email': 'chris@example.com',
+                'password': 'toast'})
+
+        # Check form errors
+        context = template.TEMPLATE_TEST_CONTEXT[
+            'mediagoblin/edit/edit_account.html']
+        assert context['form'].new_email.errors == [
+            u'Sorry, a user with that email address already exists.']
+
+        # Test password is too short
+        template.clear_test_template_context()
+        test_app.post(
+            '/edit/account/', {
+                'new_email': 'new@example.com',
+                'password': 't'})
+
+        # Check form errors
+        context = template.TEMPLATE_TEST_CONTEXT[
+            'mediagoblin/edit/edit_account.html']
+        assert context['form'].password.errors == [
+            u'Field must be between 5 and 1024 characters long.']
+
+        # Test successful email change
+        template.clear_test_template_context()
+        res = test_app.post(
+            '/edit/account/', {
+                'new_email': 'new@example.com',
+                'password': 'toast'})
+        res.follow()
+
+        # Correct redirect?
+        assert urlparse.urlsplit(res.location)[2] == '/u/chris/'
+
+        # Make sure we get email verification and try verifying
+        assert len(mail.EMAIL_TEST_INBOX) == 1
+        message = mail.EMAIL_TEST_INBOX.pop()
+        assert message['To'] == 'new@example.com'
+        email_context = template.TEMPLATE_TEST_CONTEXT[
+            'mediagoblin/edit/verification.txt']
+        assert email_context['verification_url'] in \
+            message.get_payload(decode=True)
+
+        path = urlparse.urlsplit(email_context['verification_url'])[2]
+        assert path == u'/edit/verify_email/'
+
+        ## Try verifying with bs verification key, shouldn't work
+        template.clear_test_template_context()
+        res = test_app.get(
+            "/edit/verify_email/?token=total_bs")
+        res.follow()
+
+        # Correct redirect?
+        assert urlparse.urlsplit(res.location)[2] == '/'
+
+        # Email shouldn't be saved
+        email_in_db = mg_globals.database.User.find_one(
+            {'email': 'new@example.com'})
+        email = User.query.filter_by(username='chris').first().email
+        assert email_in_db is None
+        assert email == 'chris@example.com'
+
+        # Verify email activation works
+        template.clear_test_template_context()
+        get_params = urlparse.urlsplit(email_context['verification_url'])[3]
+        res = test_app.get('%s?%s' % (path, get_params))
+        res.follow()
+
+        # New email saved?
+        email = User.query.filter_by(username='chris').first().email
+        assert email == 'new@example.com'
 # test changing the url inproperly