diff options
Diffstat (limited to 'mediagoblin/edit')
| -rw-r--r-- | mediagoblin/edit/forms.py | 32 | ||||
| -rw-r--r-- | mediagoblin/edit/routing.py | 2 | ||||
| -rw-r--r-- | mediagoblin/edit/views.py | 98 |
3 files changed, 89 insertions, 43 deletions
diff --git a/mediagoblin/edit/forms.py b/mediagoblin/edit/forms.py index 30dce151..0832f0db 100644 --- a/mediagoblin/edit/forms.py +++ b/mediagoblin/edit/forms.py @@ -61,12 +61,10 @@ class EditProfileForm(wtforms.Form): class EditAccountForm(wtforms.Form): - new_email = wtforms.TextField( - _('New email address'), - [wtforms.validators.Optional(), - normalize_user_or_email_field(allow_user=False)]) wants_comment_notification = wtforms.BooleanField( description=_("Email me when others comment on my media")) + wants_notifications = wtforms.BooleanField( + description=_("Enable insite notifications about events.")) license_preference = wtforms.SelectField( _('License preference'), [ @@ -83,6 +81,7 @@ class EditAttachmentsForm(wtforms.Form): attachment_file = wtforms.FileField( 'File') + class EditCollectionForm(wtforms.Form): title = wtforms.TextField( _('Title'), @@ -98,3 +97,28 @@ class EditCollectionForm(wtforms.Form): description=_( "The title part of this collection's address. " "You usually don't need to change this.")) + + +class ChangePassForm(wtforms.Form): + old_password = wtforms.PasswordField( + _('Old password'), + [wtforms.validators.Required()], + description=_( + "Enter your old password to prove you own this account.")) + new_password = wtforms.PasswordField( + _('New password'), + [wtforms.validators.Required(), + wtforms.validators.Length(min=6, max=30)], + id="password") + + +class ChangeEmailForm(wtforms.Form): + new_email = wtforms.TextField( + _('New email address'), + [wtforms.validators.Required(), + normalize_user_or_email_field(allow_user=False)]) + password = wtforms.PasswordField( + _('Password'), + [wtforms.validators.Required()], + description=_( + "Enter your password to prove you own this account.")) diff --git a/mediagoblin/edit/routing.py b/mediagoblin/edit/routing.py index e6264fb6..a2d03d26 100644 --- a/mediagoblin/edit/routing.py +++ b/mediagoblin/edit/routing.py @@ -26,3 +26,5 @@ add_route('mediagoblin.edit.delete_account', '/edit/account/delete/', 'mediagoblin.edit.views:delete_account') add_route('mediagoblin.edit.verify_email', '/edit/verify_email/', 'mediagoblin.edit.views:verify_email') +add_route('mediagoblin.edit.email', '/edit/email/', + 'mediagoblin.edit.views:change_email') diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index 0bd04498..da186758 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -227,24 +227,22 @@ def edit_account(request): user = request.user form = forms.EditAccountForm(request.form, wants_comment_notification=user.wants_comment_notification, - license_preference=user.license_preference) + license_preference=user.license_preference, + wants_notifications=user.wants_notifications) if request.method == 'POST' and form.validate(): user.wants_comment_notification = form.wants_comment_notification.data + user.wants_notifications = form.wants_notifications.data user.license_preference = form.license_preference.data - if form.new_email.data: - _update_email(request, form, user) - - if not form.errors: - user.save() - messages.add_message(request, - messages.SUCCESS, - _("Account settings saved")) - return redirect(request, - 'mediagoblin.user_pages.user_home', - user=user.username) + user.save() + messages.add_message(request, + messages.SUCCESS, + _("Account settings saved")) + return redirect(request, + 'mediagoblin.user_pages.user_home', + user=user.username) return render_to_response( request, @@ -384,30 +382,52 @@ def verify_email(request): user=user.username) -def _update_email(request, form, user): - new_email = form.new_email.data - users_with_email = User.query.filter_by( - email=new_email).count() - - if users_with_email: - form.new_email.errors.append( - _('Sorry, a user with that email address' - ' already exists.')) - - elif not users_with_email: - verification_key = get_timed_signer_url( - 'mail_verification_token').dumps({ - 'user': user.id, - 'email': new_email}) - - rendered_email = render_template( - request, 'mediagoblin/edit/verification.txt', - {'username': user.username, - 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format( - uri=request.urlgen('mediagoblin.edit.verify_email', - qualified=True), - verification_key=verification_key)}) - - email_debug_message(request) - auth_tools.send_verification_email(user, request, new_email, - rendered_email) +def change_email(request): + """ View to change the user's email """ + form = forms.ChangeEmailForm(request.form) + user = request.user + + # If no password authentication, no need to enter a password + if 'pass_auth' not in request.template_env.globals or not user.pw_hash: + form.__delitem__('password') + + if request.method == 'POST' and form.validate(): + new_email = form.new_email.data + users_with_email = User.query.filter_by( + email=new_email).count() + + if users_with_email: + form.new_email.errors.append( + _('Sorry, a user with that email address' + ' already exists.')) + + if form.password and user.pw_hash and not auth.check_password( + form.password.data, user.pw_hash): + form.password.errors.append( + _('Wrong password')) + + if not form.errors: + verification_key = get_timed_signer_url( + 'mail_verification_token').dumps({ + 'user': user.id, + 'email': new_email}) + + rendered_email = render_template( + request, 'mediagoblin/edit/verification.txt', + {'username': user.username, + 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format( + uri=request.urlgen('mediagoblin.edit.verify_email', + qualified=True), + verification_key=verification_key)}) + + email_debug_message(request) + auth_tools.send_verification_email(user, request, new_email, + rendered_email) + + return redirect(request, 'mediagoblin.edit.account') + + return render_to_response( + request, + 'mediagoblin/edit/change_email.html', + {'form': form, + 'user': user}) |