From f7698af1c118afa4f0db10cc0359d2b8b0e319b4 Mon Sep 17 00:00:00 2001 From: Christopher Allan Webber Date: Fri, 21 Jun 2013 17:24:33 -0500 Subject: [PATCH] Removing the "enter your password to change your email" bit. A good idea, though it feels fairly clumsy in the form, and I think if you're logged in you can already sabotage the user pretty well. This commit sponsored by Sergey Matveev. Thanks! --- mediagoblin/edit/forms.py | 6 --- mediagoblin/edit/views.py | 54 ++++++++----------- .../mediagoblin/edit/edit_account.html | 1 - mediagoblin/tests/test_edit.py | 38 ------------- 4 files changed, 23 insertions(+), 76 deletions(-) diff --git a/mediagoblin/edit/forms.py b/mediagoblin/edit/forms.py index 3a502263..24b31a76 100644 --- a/mediagoblin/edit/forms.py +++ b/mediagoblin/edit/forms.py @@ -65,12 +65,6 @@ class EditAccountForm(wtforms.Form): _('New email address'), [wtforms.validators.Optional(), normalize_user_or_email_field(allow_user=False)]) - password = wtforms.PasswordField( - _('Password'), - [wtforms.validators.Optional(), - wtforms.validators.Length(min=5, max=1024)], - description=_( - 'Enter your old password to prove you own this account.')) license_preference = wtforms.SelectField( _('License preference'), [ diff --git a/mediagoblin/edit/views.py b/mediagoblin/edit/views.py index df7db21b..4eda61a2 100644 --- a/mediagoblin/edit/views.py +++ b/mediagoblin/edit/views.py @@ -236,38 +236,30 @@ def edit_account(request): user.license_preference = form.license_preference.data if form.new_email.data: - if not form.password.data: - form.password.errors.append( - _('This field is required.')) - elif not auth_lib.bcrypt_check_password( - form.password.data, user.pw_hash): - form.password.errors.append( - _('Wrong password.')) + new_email = form.new_email.data + users_with_email = User.query.filter_by( + email=new_email).count() + if users_with_email: + form.new_email.errors.append( + _('Sorry, a user with that email address' + ' already exists.')) else: - new_email = form.new_email.data - users_with_email = User.query.filter_by( - email=new_email).count() - if users_with_email: - form.new_email.errors.append( - _('Sorry, a user with that email address' - ' already exists.')) - else: - verification_key = get_timed_signer_url( - 'mail_verification_token').dumps({ - 'user': user.id, - 'email': new_email}) - - rendered_email = render_template( - request, 'mediagoblin/edit/verification.txt', - {'username': user.username, - 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format( - uri=request.urlgen('mediagoblin.edit.verify_email', - qualified=True), - verification_key=verification_key)}) - - email_debug_message(request) - auth_tools.send_verification_email(user, request, new_email, - rendered_email) + verification_key = get_timed_signer_url( + 'mail_verification_token').dumps({ + 'user': user.id, + 'email': new_email}) + + rendered_email = render_template( + request, 'mediagoblin/edit/verification.txt', + {'username': user.username, + 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format( + uri=request.urlgen('mediagoblin.edit.verify_email', + qualified=True), + verification_key=verification_key)}) + + email_debug_message(request) + auth_tools.send_verification_email(user, request, new_email, + rendered_email) if not form.errors: user.save() diff --git a/mediagoblin/templates/mediagoblin/edit/edit_account.html b/mediagoblin/templates/mediagoblin/edit/edit_account.html index d56b3ba0..461dd6df 100644 --- a/mediagoblin/templates/mediagoblin/edit/edit_account.html +++ b/mediagoblin/templates/mediagoblin/edit/edit_account.html @@ -47,7 +47,6 @@

{{ wtforms_util.render_field_div(form.new_email) }} - {{ wtforms_util.render_field_div(form.password) }}

{{ form.wants_comment_notification }} {{ wtforms_util.render_label(form.wants_comment_notification) }}

diff --git a/mediagoblin/tests/test_edit.py b/mediagoblin/tests/test_edit.py index 76fd5ee9..2afc519a 100644 --- a/mediagoblin/tests/test_edit.py +++ b/mediagoblin/tests/test_edit.py @@ -144,31 +144,6 @@ class TestUserEdit(object): def test_email_change(self, test_app): self.login(test_app) - # Test email change without password - template.clear_test_template_context() - test_app.post( - '/edit/account/', { - 'new_email': 'new@example.com'}) - - # Check form errors - context = template.TEMPLATE_TEST_CONTEXT[ - 'mediagoblin/edit/edit_account.html'] - assert context['form'].password.errors == [ - u'This field is required.'] - - # Test email change with wrong password - template.clear_test_template_context() - test_app.post( - '/edit/account/', { - 'new_email': 'new@example.com', - 'password': 'wrong'}) - - # Check form errors - context = template.TEMPLATE_TEST_CONTEXT[ - 'mediagoblin/edit/edit_account.html'] - assert context['form'].password.errors == [ - u'Wrong password.'] - # Test email already in db template.clear_test_template_context() test_app.post( @@ -182,19 +157,6 @@ class TestUserEdit(object): assert context['form'].new_email.errors == [ u'Sorry, a user with that email address already exists.'] - # Test password is too short - template.clear_test_template_context() - test_app.post( - '/edit/account/', { - 'new_email': 'new@example.com', - 'password': 't'}) - - # Check form errors - context = template.TEMPLATE_TEST_CONTEXT[ - 'mediagoblin/edit/edit_account.html'] - assert context['form'].password.errors == [ - u'Field must be between 5 and 1024 characters long.'] - # Test successful email change template.clear_test_template_context() res = test_app.post( -- 2.25.1