Removing the "enter your password to change your email" bit.

A good idea, though it feels fairly clumsy in the form, and I think if
you're logged in you can already sabotage the user pretty well.

This commit sponsored by Sergey Matveev.  Thanks!

mediagoblin/edit/forms.py

@@ -65,12 +65,6 @@ class EditAccountForm(wtforms.Form):
         _('New email address'),
         [wtforms.validators.Optional(),
          normalize_user_or_email_field(allow_user=False)])
-    password = wtforms.PasswordField(
-        _('Password'),
-        [wtforms.validators.Optional(),
-         wtforms.validators.Length(min=5, max=1024)],
-        description=_(
-            'Enter your old password to prove you own this account.'))
     license_preference = wtforms.SelectField(
         _('License preference'),
         [

mediagoblin/edit/views.py

@@ -236,14 +236,6 @@ def edit_account(request):
         user.license_preference = form.license_preference.data
 
         if form.new_email.data:
-            if not form.password.data:
-                form.password.errors.append(
-                    _('This field is required.'))
-            elif not auth_lib.bcrypt_check_password(
-                    form.password.data, user.pw_hash):
-                form.password.errors.append(
-                    _('Wrong password.'))
-            else:
             new_email = form.new_email.data
             users_with_email = User.query.filter_by(
                 email=new_email).count()

mediagoblin/templates/mediagoblin/edit/edit_account.html

@@ -47,7 +47,6 @@
         </a>
       </p>
       {{ wtforms_util.render_field_div(form.new_email) }}
-      {{ wtforms_util.render_field_div(form.password) }}
       <div class="form_field_input">
         <p>{{ form.wants_comment_notification }}
            {{ wtforms_util.render_label(form.wants_comment_notification) }}</p>

mediagoblin/tests/test_edit.py

@@ -144,31 +144,6 @@ class TestUserEdit(object):
     def test_email_change(self, test_app):
         self.login(test_app)
 
-        # Test email change without password
-        template.clear_test_template_context()
-        test_app.post(
-            '/edit/account/', {
-                'new_email': 'new@example.com'})
-
-        # Check form errors
-        context = template.TEMPLATE_TEST_CONTEXT[
-            'mediagoblin/edit/edit_account.html']
-        assert context['form'].password.errors == [
-            u'This field is required.']
-
-        # Test email change with wrong password
-        template.clear_test_template_context()
-        test_app.post(
-            '/edit/account/', {
-                'new_email': 'new@example.com',
-                'password': 'wrong'})
-
-        # Check form errors
-        context = template.TEMPLATE_TEST_CONTEXT[
-            'mediagoblin/edit/edit_account.html']
-        assert context['form'].password.errors == [
-            u'Wrong password.']
-
         # Test email already in db
         template.clear_test_template_context()
         test_app.post(
@@ -182,19 +157,6 @@ class TestUserEdit(object):
         assert context['form'].new_email.errors == [
             u'Sorry, a user with that email address already exists.']
 
-        # Test password is too short
-        template.clear_test_template_context()
-        test_app.post(
-            '/edit/account/', {
-                'new_email': 'new@example.com',
-                'password': 't'})
-
-        # Check form errors
-        context = template.TEMPLATE_TEST_CONTEXT[
-            'mediagoblin/edit/edit_account.html']
-        assert context['form'].password.errors == [
-            u'Field must be between 5 and 1024 characters long.']
-
         # Test successful email change
         template.clear_test_template_context()
         res = test_app.post(