Merge remote-tracking branch 'refs/remotes/rodney757/email'

mediagoblin/edit/forms.py

@@ -61,10 +61,6 @@ class EditProfileForm(wtforms.Form):
 
 
 class EditAccountForm(wtforms.Form):
-    new_email = wtforms.TextField(
-        _('New email address'),
-        [wtforms.validators.Optional(),
-         normalize_user_or_email_field(allow_user=False)])
     wants_comment_notification = wtforms.BooleanField(
         description=_("Email me when others comment on my media"))
     wants_notifications = wtforms.BooleanField(
@@ -113,3 +109,15 @@ class ChangePassForm(wtforms.Form):
         [wtforms.validators.Required(),
          wtforms.validators.Length(min=6, max=30)],
         id="password")
+
+
+class ChangeEmailForm(wtforms.Form):
+    new_email = wtforms.TextField(
+        _('New email address'),
+        [wtforms.validators.Required(),
+         normalize_user_or_email_field(allow_user=False)])
+    password = wtforms.PasswordField(
+        _('Password'),
+        [wtforms.validators.Required()],
+        description=_(
+            "Enter your password to prove you own this account."))

mediagoblin/edit/routing.py

@@ -28,3 +28,5 @@ add_route('mediagoblin.edit.pass', '/edit/password/',
     'mediagoblin.edit.views:change_pass')
 add_route('mediagoblin.edit.verify_email', '/edit/verify_email/',
     'mediagoblin.edit.views:verify_email')
+add_route('mediagoblin.edit.email', '/edit/email/',
+    'mediagoblin.edit.views:change_email')

mediagoblin/edit/views.py

@@ -427,30 +427,52 @@ def verify_email(request):
         user=user.username)
 
 
-def _update_email(request, form, user):
+def change_email(request):
-    new_email = form.new_email.data
+    """ View to change the user's email """
-    users_with_email = User.query.filter_by(
+    form = forms.ChangeEmailForm(request.form)
-        email=new_email).count()
+    user = request.user
 
-    if users_with_email:
+    # If no password authentication, no need to enter a password
-        form.new_email.errors.append(
+    if 'pass_auth' not in request.template_env.globals or not user.pw_hash:
-            _('Sorry, a user with that email address'
+        form.__delitem__('password')
-                ' already exists.'))
 
-    elif not users_with_email:
+    if request.method == 'POST' and form.validate():
-        verification_key = get_timed_signer_url(
+        new_email = form.new_email.data
-            'mail_verification_token').dumps({
+        users_with_email = User.query.filter_by(
-                'user': user.id,
+            email=new_email).count()
-                'email': new_email})
 
-        rendered_email = render_template(
+        if users_with_email:
-            request, 'mediagoblin/edit/verification.txt',
+            form.new_email.errors.append(
-            {'username': user.username,
+                _('Sorry, a user with that email address'
-                'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
+                    ' already exists.'))
-                uri=request.urlgen('mediagoblin.edit.verify_email',
-                                   qualified=True),
-                verification_key=verification_key)})
 
-        email_debug_message(request)
+        if form.password and user.pw_hash and not auth.check_password(
-        auth_tools.send_verification_email(user, request, new_email,
+                form.password.data, user.pw_hash):
-                                           rendered_email)
+            form.password.errors.append(
+                _('Wrong password'))
+
+        if not form.errors:
+            verification_key = get_timed_signer_url(
+                'mail_verification_token').dumps({
+                    'user': user.id,
+                    'email': new_email})
+
+            rendered_email = render_template(
+                request, 'mediagoblin/edit/verification.txt',
+                {'username': user.username,
+                    'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
+                    uri=request.urlgen('mediagoblin.edit.verify_email',
+                                    qualified=True),
+                    verification_key=verification_key)})
+
+            email_debug_message(request)
+            auth_tools.send_verification_email(user, request, new_email,
+                                            rendered_email)
+
+            return redirect(request, 'mediagoblin.edit.account')
+
+    return render_to_response(
+        request,
+        'mediagoblin/edit/change_email.html',
+        {'form': form,
+         'user': user})

mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/edit_link.html

@@ -17,9 +17,8 @@
 #}
 
 {% block openid_edit_link %}
-    <p>
+  <a href="{{ request.urlgen('mediagoblin.plugins.openid.edit') }}">
-      <a href="{{ request.urlgen('mediagoblin.plugins.openid.edit') }}">
+      {% trans %}OpenID's{% endtrans %}
-          {% trans %}Edit your OpenID's{% endtrans %}
+  </a>
-      </a>
+  &middot;
-    </p>
 {% endblock %}

mediagoblin/templates/mediagoblin/edit/change_email.html

@@ -0,0 +1,45 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#}
+{% extends "mediagoblin/base.html" %}
+
+{% import "/mediagoblin/utils/wtforms.html" as wtforms_util %}
+
+{% block title -%}
+  {% trans username=user.username -%}
+    Changing {{ username }}'s email
+  {%- endtrans %} &mdash; {{ super() }}
+{%- endblock %}
+
+{% block mediagoblin_content %}
+  <form action="{{ request.urlgen('mediagoblin.edit.email') }}"
+        method="POST" enctype="multipart/form-data">
+    <div class="form_box edit_box">
+      <h1>
+        {%- trans username=user.username -%}
+          Changing {{ username }}'s email
+        {%- endtrans -%}
+      </h1>
+      {{ wtforms_util.render_divs(form, True) }}
+      {{ csrf_token }}
+      <div class="form_submit_buttons">
+        <input type="submit" value="{% trans %}Save{% endtrans %}"
+        class="button_form" />
+      </div>
+    </div>
+  </form>
+{% endblock %}

mediagoblin/templates/mediagoblin/edit/edit_account.html

@@ -41,14 +41,6 @@
           Changing {{ username }}'s account settings
         {%- endtrans -%}
       </h1>
-      {% if pass_auth is defined %}
-      <p>
-        <a href="{{ request.urlgen('mediagoblin.edit.pass') }}">
-          {% trans %}Change your password.{% endtrans %}
-        </a>
-      </p>
-      {% endif %}
-      {% template_hook("edit_link") %} 
       {{ wtforms_util.render_divs(form, True) }}
      <div class="form_submit_buttons">
         <input type="submit" value="{% trans %}Save changes{% endtrans %}" class="button_form" />
@@ -60,5 +52,16 @@
     <a href="{{ request.urlgen('mediagoblin.edit.delete_account') }}">
       {%- trans %}Delete my account{% endtrans -%}
     </a>
+    &middot;
+    {% template_hook("edit_link") %}
+    <a href="{{ request.urlgen('mediagoblin.edit.email') }}">
+      {% trans %}Email{% endtrans %}
+    </a>
+    {% if pass_auth is defined %}
+      &middot;
+      <a href="{{ request.urlgen('mediagoblin.edit.pass') }}">
+        {% trans %}Password{% endtrans %}
+      </a>
+    {% endif %}
   </div>
 {% endblock %}

mediagoblin/tests/test_edit.py

@@ -147,26 +147,26 @@ class TestUserEdit(object):
         # Test email already in db
         template.clear_test_template_context()
         test_app.post(
-            '/edit/account/', {
+            '/edit/email/', {
                 'new_email': 'chris@example.com',
                 'password': 'toast'})
 
         # Check form errors
         context = template.TEMPLATE_TEST_CONTEXT[
-            'mediagoblin/edit/edit_account.html']
+            'mediagoblin/edit/change_email.html']
         assert context['form'].new_email.errors == [
             u'Sorry, a user with that email address already exists.']
 
         # Test successful email change
         template.clear_test_template_context()
         res = test_app.post(
-            '/edit/account/', {
+            '/edit/email/', {
                 'new_email': 'new@example.com',
                 'password': 'toast'})
         res.follow()
 
         # Correct redirect?
-        assert urlparse.urlsplit(res.location)[2] == '/u/chris/'
+        assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
 
         # Make sure we get email verification and try verifying
         assert len(mail.EMAIL_TEST_INBOX) == 1