moved change_pass to basic_auth and fixed some typos with the moving of forgot pass

mediagoblin/edit/forms.py

@@ -98,16 +98,3 @@ class EditCollectionForm(wtforms.Form):
         description=_(
             "The title part of this collection's address. "
             "You usually don't need to change this."))
-
-
-class ChangePassForm(wtforms.Form):
-    old_password = wtforms.PasswordField(
-        _('Old password'),
-        [wtforms.validators.Required()],
-        description=_(
-            "Enter your old password to prove you own this account."))
-    new_password = wtforms.PasswordField(
-        _('New password'),
-        [wtforms.validators.Required(),
-         wtforms.validators.Length(min=6, max=30)],
-        id="password")

mediagoblin/edit/routing.py

@@ -24,7 +24,5 @@ add_route('mediagoblin.edit.account', '/edit/account/',
     'mediagoblin.edit.views:edit_account')
 add_route('mediagoblin.edit.delete_account', '/edit/account/delete/',
     'mediagoblin.edit.views:delete_account')
-add_route('mediagoblin.edit.pass', '/edit/password/',
-    'mediagoblin.edit.views:change_pass')
 add_route('mediagoblin.edit.verify_email', '/edit/verify_email/',
     'mediagoblin.edit.views:verify_email')

mediagoblin/edit/views.py

@@ -23,7 +23,6 @@ from werkzeug.utils import secure_filename
 from mediagoblin import messages
 from mediagoblin import mg_globals
 
-from mediagoblin import auth
 from mediagoblin.auth import tools as auth_tools
 from mediagoblin.edit import forms
 from mediagoblin.edit.lib import may_edit_media
@@ -340,46 +339,6 @@ def edit_collection(request, collection):
          'form': form})
 
 
-@require_active_login
-def change_pass(request):
-    # If no password authentication, no need to change your password
-    if 'pass_auth' not in request.template_env.globals:
-        return redirect(request, 'index')
-
-    form = forms.ChangePassForm(request.form)
-    user = request.user
-
-    if request.method == 'POST' and form.validate():
-
-        if not auth.check_password(
-                form.old_password.data, user.pw_hash):
-            form.old_password.errors.append(
-                _('Wrong password'))
-
-            return render_to_response(
-                request,
-                'mediagoblin/edit/change_pass.html',
-                {'form': form,
-                 'user': user})
-
-        # Password matches
-        user.pw_hash = auth.gen_password_hash(
-            form.new_password.data)
-        user.save()
-
-        messages.add_message(
-            request, messages.SUCCESS,
-            _('Your password was changed successfully'))
-
-        return redirect(request, 'mediagoblin.edit.account')
-
-    return render_to_response(
-        request,
-        'mediagoblin/edit/change_pass.html',
-        {'form': form,
-         'user': user})
-
-
 def verify_email(request):
     """
     Email verification view for changing email address

mediagoblin/plugins/basic_auth/forms.py

@@ -61,3 +61,16 @@ class ChangeForgotPassForm(wtforms.Form):
     token = wtforms.HiddenField(
         '',
         [wtforms.validators.Required()])
+
+
+class ChangePassForm(wtforms.Form):
+    old_password = wtforms.PasswordField(
+        _('Old password'),
+        [wtforms.validators.Required()],
+        description=_(
+            "Enter your old password to prove you own this account."))
+    new_password = wtforms.PasswordField(
+        _('New password'),
+        [wtforms.validators.Required(),
+         wtforms.validators.Length(min=6, max=30)],
+        id="password")

mediagoblin/plugins/basic_auth/templates/mediagoblin/plugins/basic_auth/change_fp.html

@@ -29,7 +29,7 @@
 {%- endblock %}
 
 {% block mediagoblin_content %}
-  <form action="{{ request.urlgen('mediagoblin.auth.verify_forgot_password') }}"
+  <form action="{{ request.urlgen('mediagoblin.plugins.basic_auth.verify_forgot_password') }}"
         method="POST" enctype="multipart/form-data">
     {{ csrf_token }}
     <div class="form_box">

mediagoblin/plugins/basic_auth/templates/mediagoblin/plugins/basic_auth/change_pass.html

@@ -31,7 +31,7 @@
 {%- endblock %}
 
 {% block mediagoblin_content %}
-  <form action="{{ request.urlgen('mediagoblin.edit.pass') }}"
+  <form action="{{ request.urlgen('mediagoblin.plugins.basic_auth.edit.pass') }}"
         method="POST" enctype="multipart/form-data">
     <div class="form_box edit_box">
       <h1>

mediagoblin/plugins/basic_auth/templates/mediagoblin/plugins/basic_auth/forgot_password.html

@@ -24,7 +24,7 @@
 {%- endblock %}
 
 {% block mediagoblin_content %}
-  <form action="{{ request.urlgen('mediagoblin.auth.forgot_password') }}"
+  <form action="{{ request.urlgen('mediagoblin.plugins.basic_auth.forgot_password') }}"
         method="POST" enctype="multipart/form-data">
     {{ csrf_token }}
     <div class="form_box">

mediagoblin/plugins/basic_auth/templates/mediagoblin/plugins/basic_auth/verification.txt

@@ -0,0 +1,29 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+-#}
+
+{% trans username=username, verification_url=verification_url|safe -%}
+Hi,
+
+We wanted to verify that you are {{ username }}. If this is the case, then 
+please follow the link below to verify your new email address.
+
+{{ verification_url }}
+
+If you are not {{ username }} or didn't request an email change, you can ignore
+this email.
+{%- endtrans %}

mediagoblin/plugins/basic_auth/views.py

@@ -17,6 +17,7 @@ from itsdangerous import BadSignature
 
 from mediagoblin import messages
 from mediagoblin.db.models import User
+from mediagoblin.decorators import require_active_login
 from mediagoblin.plugins.basic_auth import forms, tools
 from mediagoblin.tools.crypto import get_timed_signer_url
 from mediagoblin.tools.mail import email_debug_message
@@ -178,3 +179,39 @@ def _process_for_token(request):
         'has_token': 'token' in formdata_vars}
 
     return formdata
+
+
+@require_active_login
+def change_pass(request):
+    form = forms.ChangePassForm(request.form)
+    user = request.user
+
+    if request.method == 'POST' and form.validate():
+
+        if not tools.bcrypt_check_password(
+                form.old_password.data, user.pw_hash):
+            form.old_password.errors.append(
+                _('Wrong password'))
+
+            return render_to_response(
+                request,
+                'mediagoblin/plugins/basic_auth/change_pass.html',
+                {'form': form,
+                 'user': user})
+
+        # Password matches
+        user.pw_hash = tools.bcrypt_gen_password_hash(
+            form.new_password.data)
+        user.save()
+
+        messages.add_message(
+            request, messages.SUCCESS,
+            _('Your password was changed successfully'))
+
+        return redirect(request, 'mediagoblin.edit.account')
+
+    return render_to_response(
+        request,
+        'mediagoblin/plugins/basic_auth/change_pass.html',
+        {'form': form,
+         'user': user})

mediagoblin/tests/test_auth.py

@@ -183,7 +183,7 @@ def test_register_views(test_app):
     message = mail.EMAIL_TEST_INBOX.pop()
     assert message['To'] == 'happygrrl@example.org'
     email_context = template.TEMPLATE_TEST_CONTEXT[
-        'mediagoblin/auth/fp_verification_email.txt']
+        'mediagoblin/plugins/basic_auth/fp_verification_email.txt']
     #TODO - change the name of verification_url to something forgot-password-ish
     assert email_context['verification_url'] in message.get_payload(decode=True)
 
@@ -204,7 +204,8 @@ def test_register_views(test_app):
     ## Verify step 1 of password-change works -- can see form to change password
     template.clear_test_template_context()
     response = test_app.get("%s?%s" % (path, get_params))
-    assert 'mediagoblin/auth/change_fp.html' in template.TEMPLATE_TEST_CONTEXT
+    assert 'mediagoblin/plugins/basic_auth/change_fp.html' in \
+            template.TEMPLATE_TEST_CONTEXT
 
     ## Verify step 2.1 of password-change works -- report success to user
     template.clear_test_template_context()

mediagoblin/tests/test_basic_auth.py

@@ -13,7 +13,12 @@
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+import urlparse
+
+from mediagoblin.db.models import User
 from mediagoblin.plugins.basic_auth import tools as auth_tools
+from mediagoblin.tests.tools import fixture_add_user
+from mediagoblin.tools import template
 from mediagoblin.tools.testing import _activate_testing
 
 _activate_testing()
@@ -57,3 +62,40 @@ def test_bcrypt_gen_password_hash():
         pw, hashed_pw, '3><7R45417')
     assert not auth_tools.bcrypt_check_password(
         'notthepassword', hashed_pw, '3><7R45417')
+
+
+def test_change_password(self, test_app):
+        """Test changing password correctly and incorrectly"""
+        test_user = fixture_add_user(password=u'toast')
+
+        test_app.post(
+            '/auth/login/', {
+                'username': u'chris',
+                'password': u'toast'})
+
+        # test that the password can be changed
+        res = test_app.post(
+            '/edit/password/', {
+                'old_password': 'toast',
+                'new_password': '123456',
+                })
+        res.follow()
+
+        # Did we redirect to the correct page?
+        assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
+
+        # test_user has to be fetched again in order to have the current values
+        test_user = User.query.filter_by(username=u'chris').first()
+        assert auth_tools.bcrypt_check_password('123456', test_user.pw_hash)
+
+        # test that the password cannot be changed if the given
+        # old_password is wrong
+        template.clear_test_template_context()
+        test_app.post(
+            '/edit/password/', {
+                'old_password': 'toast',
+                'new_password': '098765',
+                })
+
+        test_user = User.query.filter_by(username=u'chris').first()
+        assert not auth_tools.bcrypt_check_password('098765', test_user.pw_hash)

mediagoblin/tests/test_edit.py

@@ -56,41 +56,6 @@ class TestUserEdit(object):
         self.login(test_app)
 
 
-    def test_change_password(self, test_app):
-        """Test changing password correctly and incorrectly"""
-        self.login(test_app)
-
-        # test that the password can be changed
-        template.clear_test_template_context()
-        res = test_app.post(
-            '/edit/password/', {
-                'old_password': 'toast',
-                'new_password': '123456',
-                })
-        res.follow()
-
-        # Did we redirect to the correct page?
-        assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
-
-        # test_user has to be fetched again in order to have the current values
-        test_user = User.query.filter_by(username=u'chris').first()
-        assert auth.check_password('123456', test_user.pw_hash)
-        # Update current user passwd
-        self.user_password = '123456'
-
-        # test that the password cannot be changed if the given
-        # old_password is wrong
-        template.clear_test_template_context()
-        test_app.post(
-            '/edit/password/', {
-                'old_password': 'toast',
-                'new_password': '098765',
-                })
-
-        test_user = User.query.filter_by(username=u'chris').first()
-        assert not auth.check_password('098765', test_user.pw_hash)
-
-
     def test_change_bio_url(self, test_app):
         """Test changing bio and URL"""
         self.login(test_app)