You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by je...@apache.org on 2014/10/28 10:11:32 UTC
[8/8] git commit: [#7717] Invalidate existing verification emails
[#7717] Invalidate existing verification emails
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/625e2b66
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/625e2b66
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/625e2b66
Branch: refs/heads/master
Commit: 625e2b665ff5c95252dded864a32b3ff7cebcc33
Parents: 58410c9
Author: Alexander Luberg <al...@slashdotmedia.com>
Authored: Thu Oct 23 11:10:49 2014 -0700
Committer: Alexander Luberg <al...@slashdotmedia.com>
Committed: Mon Oct 27 14:58:24 2014 +0000
----------------------------------------------------------------------
Allura/allura/controllers/auth.py | 5 ++++-
Allura/allura/tests/functional/test_auth.py | 27 ++++++++++++++++++++++++
2 files changed, 31 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/625e2b66/Allura/allura/controllers/auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/auth.py b/Allura/allura/controllers/auth.py
index 8a90a3a..94a97cc 100644
--- a/Allura/allura/controllers/auth.py
+++ b/Allura/allura/controllers/auth.py
@@ -248,7 +248,10 @@ class AuthController(BaseController):
redirect(request.referer)
def _verify_addr(self, addr):
- if addr:
+ confirmed_by_other = M.EmailAddress.query.find(dict(email=addr.email, confirmed=True)).all() if addr else []
+ confirmed_by_other = filter(lambda item: item != addr, confirmed_by_other)
+
+ if addr and not confirmed_by_other:
addr.confirmed = True
flash('Email address confirmed')
h.auditlog_user('Email address verified: %s', addr.email, user=addr.claimed_by_user())
http://git-wip-us.apache.org/repos/asf/allura/blob/625e2b66/Allura/allura/tests/functional/test_auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_auth.py b/Allura/allura/tests/functional/test_auth.py
index 33a548b..add0a16 100644
--- a/Allura/allura/tests/functional/test_auth.py
+++ b/Allura/allura/tests/functional/test_auth.py
@@ -282,6 +282,33 @@ class TestAuth(TestController):
assert "You tried to add %s to your Allura account, " \
"but it is already claimed by your %s account." % (email_address, user.username) in kwargs['text']
+ def test_invalidate_verification_link_if_email_was_confirmed(self):
+ email_address = 'test_abcd@domain.net'
+
+ # test-user claimed email address
+ user = M.User.query.get(username='test-user')
+ user.claim_address(email_address)
+ email = M.EmailAddress.query.find(dict(email=email_address, claimed_by_user_id=user._id)).first()
+ email.confirmed = False
+ ThreadLocalORMSession.flush_all()
+
+ self.app.post('/auth/send_verification_link',
+ params=dict(a=email_address),
+ extra_environ=dict(username='test-user'))
+
+
+ user1 = M.User.query.get(username='test-user-1')
+ user1.claim_address(email_address)
+ email1 = M.EmailAddress.query.find(dict(email=email_address, claimed_by_user_id=user1._id)).first()
+ email1.confirmed = True
+ ThreadLocalORMSession.flush_all()
+ # Verify first email with the verification link
+ r = self.app.get('/auth/verify_addr', params=dict(a=email.nonce), extra_environ=dict(username='test-user'))
+
+ assert json.loads(self.webflash(r))['status'] == 'error'
+ email = M.EmailAddress.query.find(dict(email=email_address, claimed_by_user_id=user._id)).first()
+ assert not email.confirmed
+
@td.with_user_project('test-admin')
def test_prefs(self):