You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2020/06/02 17:04:01 UTC
[allura] 02/03: email_change_notif email on primary changed,
password recover, email verified
This is an automated email from the ASF dual-hosted git repository.
brondsem pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/allura.git
commit 522e6341a539e7f1abbf2725dc7f079ce7037787
Author: Dillon Walls <di...@slashdotmedia.com>
AuthorDate: Fri May 22 16:44:09 2020 +0000
email_change_notif email on primary changed, password recover, email verified
---
Allura/allura/controllers/auth.py | 30 +++++++++++++-----
Allura/allura/templates/mail/email_added.md | 4 ++-
Allura/allura/templates/mail/email_removed.md | 4 ++-
.../{email_added.md => primary_email_changed.md} | 4 ++-
Allura/allura/tests/functional/test_auth.py | 37 +++++++++++++++-------
5 files changed, 56 insertions(+), 23 deletions(-)
diff --git a/Allura/allura/controllers/auth.py b/Allura/allura/controllers/auth.py
index a803533..947ee19 100644
--- a/Allura/allura/controllers/auth.py
+++ b/Allura/allura/controllers/auth.py
@@ -198,6 +198,11 @@ class AuthController(BaseController):
user.set_tool_data('AuthPasswordReset', hash='', hash_expiry='') # Clear password reset token
user.set_tool_data('allura', pwd_reset_preserve_session=session.id)
h.auditlog_user('Password changed (through recovery process)', user=user)
+ email_body = g.jinja2_env.get_template('allura:templates/mail/password_changed.md').render(dict(
+ user=user,
+ config=config
+ ))
+ send_system_mail_to_user(user, 'Password Changed', email_body)
flash('Password changed')
redirect('/auth/?return_to=/') # otherwise the default return_to would be the forgotten_password referrer page
@@ -306,6 +311,12 @@ class AuthController(BaseController):
projectname = plugin.AuthenticationProvider.get(request).user_project_shortname(user)
n = M.Neighborhood.query.get(name='Users')
n.register_project(projectname, user=user, user_project=True)
+ email_body = g.jinja2_env.get_template('allura:templates/mail/email_added.md').render(dict(
+ user=user,
+ config=config,
+ addr=addr.email
+ ))
+ send_system_mail_to_user(user, 'New Email Address Added', email_body)
else:
flash('Unknown verification link', 'error')
@@ -554,7 +565,7 @@ class PreferencesController(BaseController):
addr = kw.pop('addr', None)
new_addr = kw.pop('new_addr', None)
primary_addr = kw.pop('primary_addr', None)
- notify_addr = primary_addr
+ old_primary_addr = user.preferences.email_address
provider = plugin.AuthenticationProvider.get(request)
for i, (old_a, data) in enumerate(zip(user.email_addresses, addr or [])):
obj = user.address_object(old_a)
@@ -576,8 +587,9 @@ class PreferencesController(BaseController):
email_body = g.jinja2_env.get_template('allura:templates/mail/email_removed.md').render(dict(
user=user,
config=config,
+ addr=user.email_addresses[i]
))
- send_system_mail_to_user(notify_addr, 'Email Address Removed', email_body)
+ send_system_mail_to_user(user, 'Email Address Removed', email_body)
del user.email_addresses[i]
if obj:
obj.delete()
@@ -616,11 +628,6 @@ class PreferencesController(BaseController):
flash('A verification email has been sent. Please check your email and click to confirm.')
h.auditlog_user('New email address: %s', new_addr['addr'], user=user)
- email_body = g.jinja2_env.get_template('allura:templates/mail/email_added.md').render(dict(
- user=user,
- config=config,
- ))
- send_system_mail_to_user(notify_addr, 'New Email Address Added', email_body)
else:
flash('Email address %s is invalid' % new_addr['addr'], 'error')
else:
@@ -628,7 +635,7 @@ class PreferencesController(BaseController):
if not primary_addr and not user.get_pref('email_address') and user.email_addresses:
primary_addr = select_new_primary_addr(user)
if primary_addr:
- if user.get_pref('email_address') != primary_addr:
+ if old_primary_addr != primary_addr:
if not admin and (not kw.get('password') or not provider.validate_password(user, kw.get('password'))):
flash('You must provide your current password to change primary address', 'error')
return
@@ -637,6 +644,13 @@ class PreferencesController(BaseController):
user.get_pref('email_address'),
primary_addr,
user=user)
+ email_body = g.jinja2_env.get_template('allura:templates/mail/primary_email_changed.md').render(dict(
+ user=user,
+ config=config,
+ addr=primary_addr
+ ))
+ # send to previous primary addr
+ send_system_mail_to_user(old_primary_addr, 'Primary Email Address Changed', email_body)
user.set_pref('email_address', primary_addr)
user.set_tool_data('AuthPasswordReset', hash='', hash_expiry='')
diff --git a/Allura/allura/templates/mail/email_added.md b/Allura/allura/templates/mail/email_added.md
index b0ecc58..eace718 100644
--- a/Allura/allura/templates/mail/email_added.md
+++ b/Allura/allura/templates/mail/email_added.md
@@ -19,7 +19,9 @@
Hello {{ user.display_name }},
-A new email address has been added to your {{ config['site_name'] }} account "{{ user.username }}". This is a confirmation email, you are all set.
+A new email address was added to your {{ config['site_name'] }} account "{{ user.username }}":
+
+* {{ addr }}
{% block footer %}
If you did not do this, please contact us immediately.
diff --git a/Allura/allura/templates/mail/email_removed.md b/Allura/allura/templates/mail/email_removed.md
index 6eb6a9f..323ea17 100644
--- a/Allura/allura/templates/mail/email_removed.md
+++ b/Allura/allura/templates/mail/email_removed.md
@@ -19,7 +19,9 @@
Hello {{ user.display_name }},
-An email address has been removed from your {{ config['site_name'] }} account "{{ user.username }}". This is a confirmation email, you are all set.
+An email address was removed from your {{ config['site_name'] }} account "{{ user.username }}":
+
+* {{ addr }}
{% block footer %}
If you did not do this, please contact us immediately.
diff --git a/Allura/allura/templates/mail/email_added.md b/Allura/allura/templates/mail/primary_email_changed.md
similarity index 86%
copy from Allura/allura/templates/mail/email_added.md
copy to Allura/allura/templates/mail/primary_email_changed.md
index b0ecc58..2830b1c 100644
--- a/Allura/allura/templates/mail/email_added.md
+++ b/Allura/allura/templates/mail/primary_email_changed.md
@@ -19,7 +19,9 @@
Hello {{ user.display_name }},
-A new email address has been added to your {{ config['site_name'] }} account "{{ user.username }}". This is a confirmation email, you are all set.
+The primary email address on your {{ config['site_name'] }} account "{{ user.username }}" was changed to:
+
+* {{ addr }}
{% block footer %}
If you did not do this, please contact us immediately.
diff --git a/Allura/allura/tests/functional/test_auth.py b/Allura/allura/tests/functional/test_auth.py
index 9d92260..c85ca4a 100644
--- a/Allura/allura/tests/functional/test_auth.py
+++ b/Allura/allura/tests/functional/test_auth.py
@@ -371,7 +371,6 @@ class TestAuth(TestController):
'Please check your email and click to confirm.'
args, kwargs = sendsimplemail.post.call_args
-
assert sendsimplemail.post.call_count == 1
assert kwargs['toaddr'] == email_address
assert kwargs['subject'] == '%s - Email address claim attempt' % config['site_name']
@@ -511,7 +510,9 @@ class TestAuth(TestController):
email = M.EmailAddress.find(dict(email=email_address, claimed_by_user_id=user._id)).first()
assert not email.confirmed
- def test_verify_addr_correct_session(self):
+ @patch('allura.tasks.mail_tasks.sendsimplemail')
+ @patch('allura.lib.helpers.gen_message_id')
+ def test_verify_addr_correct_session(self, gen_message_id, sendsimplemail):
self.app.get('/').follow() # establish session
email_address = 'test_abcd@domain.net'
@@ -545,6 +546,11 @@ class TestAuth(TestController):
assert_in('confirmed', json.loads(self.webflash(r))['message'])
assert_equal('ok', json.loads(self.webflash(r))['status'])
+ # assert 'email added' notification email sent
+ args, kwargs = sendsimplemail.post.call_args
+ assert_equal(kwargs['toaddr'], user._id)
+ assert_equal(kwargs['subject'], 'New Email Address Added')
+
@staticmethod
def _create_password_reset_hash():
""" Generates a password reset token for a given user.
@@ -703,11 +709,6 @@ class TestAuth(TestController):
user = M.User.query.get(username='test-admin')
assert_equal(user.get_pref('email_address'), 'test-admin@users.localhost')
- # assert 'email added' notification email sent
- args, kwargs = sendsimplemail.post.call_args
- assert_equal(kwargs['toaddr'], 'test-admin@users.localhost')
- assert_equal(kwargs['subject'], 'New Email Address Added')
-
# remove test-admin@users.localhost
with td.audits('Email address deleted: test-admin@users.localhost', user=True):
r = self.app.post('/auth/preferences/update_emails',
@@ -723,9 +724,9 @@ class TestAuth(TestController):
'_session_id': self.app.cookies['_session_id'],
})
- # assert 'remail removed' notification email sent
+ # assert 'email_removed' notification email sent
args, kwargs = sendsimplemail.post.call_args
- assert_equal(kwargs['toaddr'], 'test-admin@users.localhost')
+ assert_equal(kwargs['toaddr'], user._id)
assert_equal(kwargs['subject'], 'Email Address Removed')
r = self.app.get('/auth/preferences/')
@@ -742,7 +743,9 @@ class TestAuth(TestController):
extra_environ=dict(username=str('test-admin')))
@td.with_user_project('test-admin')
- def test_email_prefs_change_requires_password(self):
+ @patch('allura.tasks.mail_tasks.sendsimplemail')
+ @patch('allura.lib.helpers.gen_message_id')
+ def test_email_prefs_change_requires_password(self, gen_message_id, sendsimplemail):
self.app.get('/').follow() # establish session
# Claim new email
new_email_params = {
@@ -798,6 +801,11 @@ class TestAuth(TestController):
assert_not_in('You must provide your current password to change primary address', self.webflash(r))
assert_equal(M.User.by_username('test-admin').get_pref('email_address'), 'test@example.com')
+ # assert 'email added' notification email sent using original primary addr
+ args, kwargs = sendsimplemail.post.call_args
+ assert_equal(kwargs['toaddr'], 'test-admin@users.localhost')
+ assert_equal(kwargs['subject'], 'Primary Email Address Changed')
+
# Remove email
remove_email_params = {
'addr-1.ord': '1',
@@ -1601,7 +1609,7 @@ class TestPasswordReset(TestController):
@patch('allura.tasks.mail_tasks.sendsimplemail')
@patch('allura.lib.helpers.gen_message_id')
- def test_password_reset(self, gen_message_id, sendmail):
+ def test_password_reset(self, gen_message_id, sendsimplemail):
self.app.get('/').follow() # establish session
user = M.User.query.get(username='test-admin')
email = M.EmailAddress.find({'claimed_by_user_id': user._id}).first()
@@ -1626,7 +1634,7 @@ class TestPasswordReset(TestController):
To update your password on %s, please visit the following URL:
%s/auth/forgotten_password/%s''' % (config['site_name'], config['base_url'], hash)
- sendmail.post.assert_called_once_with(
+ sendsimplemail.post.assert_called_once_with(
sender='noreply@localhost',
toaddr=email.email,
fromaddr='"{}" <{}>'.format(config['site_name'], config['forgemail.return_path']),
@@ -1645,6 +1653,11 @@ To update your password on %s, please visit the following URL:
with td.audits('Password changed \(through recovery process\)', user=True):
# escape parentheses, so they would not be treated as regex group
r = form.submit()
+
+ # verify 'Password Changed' email sent
+ args, kwargs = sendsimplemail.post.call_args
+ assert_equal(kwargs['toaddr'], user._id)
+ assert_equal(kwargs['subject'], 'Password Changed')
# confirm password changed and works
user = M.User.query.get(username='test-admin')