allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jetm...@apache.org
Subject [2/8] git commit: [#7717] Allow claiming same email addresses
Date Tue, 28 Oct 2014 09:11:26 GMT
[#7717] Allow claiming same email addresses


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/dd0ab3e0
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/dd0ab3e0
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/dd0ab3e0

Branch: refs/heads/master
Commit: dd0ab3e0a7c449d6ed615d47a7093ce3fd92d811
Parents: 73fc357
Author: Alexander Luberg <aluberg@slashdotmedia.com>
Authored: Wed Oct 15 16:12:54 2014 -0700
Committer: Alexander Luberg <aluberg@slashdotmedia.com>
Committed: Mon Oct 27 14:55:57 2014 +0000

----------------------------------------------------------------------
 Allura/allura/controllers/auth.py           | 55 ++++--------------
 Allura/allura/tests/functional/test_auth.py | 74 ++++++++++++++----------
 2 files changed, 54 insertions(+), 75 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/dd0ab3e0/Allura/allura/controllers/auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/auth.py b/Allura/allura/controllers/auth.py
index 0730d59..ee8f0e8 100644
--- a/Allura/allura/controllers/auth.py
+++ b/Allura/allura/controllers/auth.py
@@ -244,22 +244,6 @@ class AuthController(BaseController):
     def _verify_addr(self, addr):
         if addr:
             addr.confirmed = True
-            # Remove other non-confirmed emails claimed by other users
-            claimed_by_others = M.EmailAddress.query.find({
-                'email': addr.email,
-                'claimed_by_user_id': {"$ne": addr.claimed_by_user_id}
-            }).all()
-
-            users = [email.claimed_by_user() for email in claimed_by_others]
-            for user in users:
-                log.info("Removed the email %s from user %s " % (addr.email, user.username))
-                user.email_addresses.remove(addr.email)
-
-            M.EmailAddress.query.remove({
-                'email': addr.email,
-                'claimed_by_user_id': {'$ne': addr.claimed_by_user_id}
-            })
-
             flash('Email address confirmed')
             h.auditlog_user('Email address verified: %s', addr.email, user=addr.claimed_by_user())
         else:
@@ -474,40 +458,25 @@ class PreferencesController(BaseController):
                 flash('You must provide your current password to claim new email', 'error')
                 return
 
-            claimed_email = M.EmailAddress.query.get(email=new_addr['addr'])
-            if claimed_email:
-                if claimed_email.confirmed and claimed_email.claimed_by_user_id != user._id:
-                    # Claimed and confirmed by someone else
-                    owner = M.User.query.get(_id=claimed_email.claimed_by_user_id)
-
-                    text = g.jinja2_env.get_template('allura:templates/mail/claimed_existing_email.txt').render(dict(
-                        email=claimed_email,
-                        user=owner,
-                        config=config
-                    ))
-
-                    allura.tasks.mail_tasks.sendsimplemail.post(
-                        toaddr=claimed_email.email,
-                        fromaddr=config['forgemail.return_path'],
-                        reply_to=config['forgemail.return_path'],
-                        subject=u'%s - Email address claim attempt' % config['site_name'],
-                        message_id=h.gen_message_id(),
-                        text=text)
-                    # TODO: Need a better message
-                    flash('Email address already claimed :: EMAIL')
-                else:
-                    # Claimed by current user
-                    flash('Email address already claimed', 'error')
+            claimed_emails = M.EmailAddress.query.find({'email': new_addr['addr']}).all()
+
+            if any(email.claimed_by_user_id == user._id for email in claimed_emails):
+                flash('Email address already cla:imed', 'error')
 
             elif mail_util.isvalid(new_addr['addr']):
                 user.email_addresses.append(new_addr['addr'])
                 em = M.EmailAddress.create(new_addr['addr'])
                 em.claimed_by_user_id = user._id
+
+                if not any(email.confirmed for email in claimed_emails):
+                    if not admin:
+                        em.send_verification_link()
+                    else:
+                        AuthController()._verify_addr(em)
+
                 if not admin:
-                    em.send_verification_link()
                     flash('A verification email has been sent.  Please check your email and
click to confirm.')
-                else:
-                    AuthController()._verify_addr(em)
+
                 h.auditlog_user('New email address: %s', new_addr['addr'], user=user)
             else:
                 flash('Email address %s is invalid' % new_addr['addr'], 'error')

http://git-wip-us.apache.org/repos/asf/allura/blob/dd0ab3e0/Allura/allura/tests/functional/test_auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_auth.py b/Allura/allura/tests/functional/test_auth.py
index 7afed67..374f041 100644
--- a/Allura/allura/tests/functional/test_auth.py
+++ b/Allura/allura/tests/functional/test_auth.py
@@ -114,30 +114,6 @@ class TestAuth(TestController):
             if header == 'Set-cookie':
                 assert_in('expires', contents)
 
-    def test_claimed_duplicate_emails_by_different_users(self):
-        email_address = 'test-email@domain.com'
-
-        user1 = M.User.query.get(username='test-user-0')
-        user2 = M.User.query.get(username='test-user-1')
-
-        user1.claim_address(email_address)
-        user2.claim_address(email_address)
-
-        ThreadLocalORMSession.flush_all()
-        r = self.app.post('/auth/send_verification_link',
-                          params=dict(a=email_address),
-                          extra_environ={'username': 'test-user-0'})
-        email1 = M.EmailAddress.query.find(dict(email=email_address, claimed_by_user_id=user1._id)).first()
-        email2 = M.EmailAddress.query.find(dict(email=email_address, claimed_by_user_id=user2._id)).first()
-
-        # User1 verifies claimed address. All other duplicates should be removed once it
is confirmed
-        r = self.app.get('/auth/verify_addr', params=dict(a=email1.nonce))
-
-        assert email1.confirmed == True
-        assert M.EmailAddress.query.find(dict(email=email_address)).count() == 1
-        assert email_address in M.User.query.get(username='test-user-0').email_addresses
-        assert email_address not in M.User.query.get(username='test-user-1').email_addresses
-
     @td.with_user_project('test-admin')
     def test_user_can_not_claim_duplicate_emails(self):
         email_address = 'test_abcd_123@domain.net'
@@ -171,7 +147,7 @@ class TestAuth(TestController):
     @td.with_user_project('test-admin')
     @patch('allura.tasks.mail_tasks.sendsimplemail')
     @patch('allura.lib.helpers.gen_message_id')
-    def test_user_added_claimed_address_by_other_user(self, gen_message_id, sendsimplemail):
+    def test_user_added_claimed_address_by_other_user_confirmed(self, gen_message_id, sendsimplemail):
         email_address = 'test_abcd_123@domain.net'
 
         # test-user claimed & confirmed email address
@@ -182,6 +158,8 @@ class TestAuth(TestController):
         ThreadLocalORMSession.flush_all()
 
         # Claiming the same email address by test-admin
+        # the email should be added to the email_addresses list but notifications should
not be sent
+
         admin = M.User.query.get(username='test-admin')
         addresses_number = len(admin.email_addresses)
         r = self.app.post('/auth/preferences/update_emails',
@@ -195,13 +173,45 @@ class TestAuth(TestController):
                           extra_environ=dict(username='test-admin'))
 
         assert json.loads(self.webflash(r))['status'] == 'ok'
-        assert json.loads(self.webflash(r))['message'] == 'Email address already claimed
:: EMAIL'
-        args, kwargs = sendsimplemail.post.call_args
-        assert kwargs['toaddr'] == email_address
-        assert kwargs['subject'] == u'Allura - Email address claim attempt'
-        assert "You tried to add %s to your Allura account, " \
-               "but it is already claimed by your %s account." % (email_address, user.username)
in kwargs['text']
-        assert len(M.User.query.get(username='test-admin').email_addresses) == addresses_number
+        assert json.loads(self.webflash(r))['message'] == 'A verification email has been
sent.  Please check your email and click to confirm.'
+        assert not sendsimplemail.post.called
+        assert len(M.User.query.get(username='test-admin').email_addresses) == addresses_number
+ 1
+        assert len(M.EmailAddress.query.find(dict(email=email_address)).all()) == 2
+
+    @td.with_user_project('test-admin')
+    @patch('allura.tasks.mail_tasks.sendsimplemail')
+    @patch('allura.lib.helpers.gen_message_id')
+    def test_user_added_claimed_address_by_other_user_not_confirmed(self, gen_message_id,
sendsimplemail):
+        email_address = 'test_abcd_1235@domain.net'
+
+        # test-user claimed email address
+        user = M.User.query.get(username='test-user')
+        user.claim_address(email_address)
+        email = M.EmailAddress.query.find(dict(email=email_address)).first()
+        email.confirmed = False
+        ThreadLocalORMSession.flush_all()
+        # Claiming the same email address by test-admin
+        # the email should be added to the email_addresses list but notifications should
not be sent
+
+        user1 = M.User.query.get(username='test-user-1')
+        addresses_number = len(user1.email_addresses)
+        print M.EmailAddress.query.find(dict(email=email_address)).all()
+        r = self.app.post('/auth/preferences/update_emails',
+                          params={
+                              'new_addr.addr': email_address,
+                              'new_addr.claim': 'Claim Address',
+                              'primary_addr': 'test-user-1@users.localhost',
+                              'preferences.email_format': 'plain',
+                              'password': 'foo',
+                          },
+                          extra_environ=dict(username='test-user-1'))
+
+        assert json.loads(self.webflash(r))['status'] == 'ok'
+        assert json.loads(self.webflash(r))['message'] == 'A verification email has been
sent.  Please check your email and click to confirm.'
+        assert sendsimplemail.post.called
+        assert len(M.User.query.get(username='test-admin').email_addresses) == addresses_number
+ 1
+        assert len(M.EmailAddress.query.find(dict(email=email_address)).all()) == 2
+
 
     @td.with_user_project('test-admin')
     def test_prefs(self):


Mime
View raw message