Implemented email change confirmation.

author melinath <stephen.r.burrows@gmail.com>

Tue, 17 Aug 2010 20:43:30 +0000 (16:43 -0400)

committer Stephen Burrows <stephen.r.burrows@gmail.com>

Mon, 23 Aug 2010 13:43:55 +0000 (09:43 -0400)
author melinath <stephen.r.burrows@gmail.com>
Tue, 17 Aug 2010 20:43:30 +0000 (16:43 -0400)
committer Stephen Burrows <stephen.r.burrows@gmail.com>
Mon, 23 Aug 2010 13:43:55 +0000 (09:43 -0400)
diff --git a/contrib/waldo/models.py b/contrib/waldo/models.py

index 4f0cd8c..93edab1 100644 (file)
--- a/contrib/waldo/models.py
+++ b/contrib/waldo/models.py
@@ -180,8 +180,8 @@ class LoginMultiView(MultiView):
                 if request.method == 'POST':
                         form = PasswordResetForm(request.POST)
                         if form.is_valid():
                 if request.method == 'POST':
                         form = PasswordResetForm(request.POST)
                         if form.is_valid():
+                               current_site = Site.objects.get_current()
                                 for user in form.users_cache:
                                 for user in form.users_cache:
-                                       current_site = Site.objects.get_current()
                                         token = token_generator.make_token(user)
                                         link = 'http://%s/%s/%s/' % (current_site.domain, node.get_absolute_url().strip('/'), reverse('password_reset_confirm', urlconf=self, kwargs={'uidb36': int_to_base36(user.id), 'token': token}).strip('/'))
                                         context = {
                                         token = token_generator.make_token(user)
                                         link = 'http://%s/%s/%s/' % (current_site.domain, node.get_absolute_url().strip('/'), reverse('password_reset_confirm', urlconf=self, kwargs={'uidb36': int_to_base36(user.id), 'token': token}).strip('/'))
                                         context = {
@@ -307,7 +307,8 @@ class AccountMultiView(LoginMultiView):
         to include in the account, and fields from the account profile to use in
         the account.
         """
         to include in the account, and fields from the account profile to use in
         the account.
         """
-       manage_account_page = models.ForeignKey(Page, related_name='%(app_label)s_%(class)s_manage_account_page')
+       manage_account_page = models.ForeignKey(Page, related_name='%(app_label)s_%(class)s_manage_account_related')
+       email_change_confirmation_email = models.ForeignKey(Page, related_name='%(app_label)s_%(class)s_email_change_confirmation_email_related')
         user_fields = ['first_name', 'last_name', 'email']
         required_user_fields = user_fields
         account_profile = None
         user_fields = ['first_name', 'last_name', 'email']
         required_user_fields = user_fields
         account_profile = None
@@ -317,7 +318,8 @@ class AccountMultiView(LoginMultiView):
         def urlpatterns(self):
                 urlpatterns = super(AccountMultiView, self).urlpatterns
                 urlpatterns += patterns('',
         def urlpatterns(self):
                 urlpatterns = super(AccountMultiView, self).urlpatterns
                 urlpatterns += patterns('',
-                       url(r'^account/$', self.login_required(self.account_view), name='account')
+                       url(r'^account/$', self.login_required(self.account_view), name='account'),
+                       url(r'^account/email/(?P<uidb36>\w+)/(?P<email>[\w.]+[+][\w.]+)/(?P<token>[^/]+)/$', self.email_change_confirm, name='email_change_confirm')
                 )
                 return urlpatterns
         
                 )
                 return urlpatterns
         
@@ -348,14 +350,33 @@ class AccountMultiView(LoginMultiView):
                 
                 return form_instances
         
                 
                 return form_instances
         
-       def account_view(self, request, node=None, extra_context=None):
+       def account_view(self, request, node=None, extra_context=None, token_generator=email_token_generator):
                 if request.method == 'POST':
                         form_instances = self.get_account_form_instances(request.user, request.POST)
                 if request.method == 'POST':
                         form_instances = self.get_account_form_instances(request.user, request.POST)
+                       current_email = request.user.email
                         
                         for form in form_instances:
                                 if not form.is_valid():
                                         break
                         else:
                         
                         for form in form_instances:
                                 if not form.is_valid():
                                         break
                         else:
+                               # When the user_form is validated, it changes the model instance, i.e. request.user, in place.
+                               email = request.user.email
+                               if current_email != email:
+                                       
+                                       request.user.email = current_email
+                                       
+                                       for form in form_instances:
+                                               form.cleaned_data.pop('email', None)
+                                       
+                                       current_site = Site.objects.get_current()
+                                       token = token_generator.make_token(request.user, email)
+                                       link = 'http://%s/%s/%s/' % (current_site.domain, node.get_absolute_url().strip('/'), reverse('email_change_confirm', urlconf=self, kwargs={'uidb36': int_to_base36(request.user.id), 'email': email.replace('@', '+'), 'token': token}).strip('/'))
+                                       context = {
+                                               'link': link
+                                       }
+                                       self.send_confirmation_email('Confirm account email change at %s' % current_site.domain, email, self.email_change_confirmation_email, context)
+                                       messages.add_message(request, messages.SUCCESS, "An email has be sent to %s to confirm the email change." % email)
+                                       
                                 for form in form_instances:
                                         form.save()
                                 messages.add_message(request, messages.SUCCESS, "Account information saved.", fail_silently=True)
                                 for form in form_instances:
                                         form.save()
                                 messages.add_message(request, messages.SUCCESS, "Account information saved.", fail_silently=True)
@@ -397,5 +418,32 @@ class AccountMultiView(LoginMultiView):
                 messages.add_message(request, messages.INFO, 'Welcome! Please fill in some more information.', fail_silently=True)
                 return HttpResponseRedirect('/%s/%s/' % (node.get_absolute_url().strip('/'), reverse('account', urlconf=self).strip('/')))
         
                 messages.add_message(request, messages.INFO, 'Welcome! Please fill in some more information.', fail_silently=True)
                 return HttpResponseRedirect('/%s/%s/' % (node.get_absolute_url().strip('/'), reverse('account', urlconf=self).strip('/')))
         
+       def email_change_confirm(self, request, node=None, extra_context=None, uidb36=None, token=None, email=None, token_generator=email_token_generator):
+               """
+               Checks that a given hash in an email change link is valid. If so, changes the email and redirects to the account page.
+               """
+               assert uidb36 is not None and token is not None and email is not None
+               
+               try:
+                       uid_int = base36_to_int(uidb36)
+               except:
+                       raise Http404
+               
+               user = get_object_or_404(User, id=uid_int)
+               
+               email = email.replace('+', '@')
+               
+               if email == user.email:
+                       # Then short-circuit.
+                       raise Http404
+               
+               if token_generator.check_token(user, email, token):
+                       user.email = email
+                       user.save()
+                       messages.add_message(request, messages.SUCCESS, 'Email changed successfully.')
+                       return HttpResponseRedirect('/%s/%s/' % (node.get_absolute_url().strip('/'), reverse('account', urlconf=self).strip('/')))
+               
+               raise Http404
+       
         class Meta:
                 abstract = True
 \ No newline at end of file
         class Meta:
                 abstract = True
 \ No newline at end of file
author	melinath <stephen.r.burrows@gmail.com>
	Tue, 17 Aug 2010 20:43:30 +0000 (16:43 -0400)
committer	Stephen Burrows <stephen.r.burrows@gmail.com>
	Mon, 23 Aug 2010 13:43:55 +0000 (09:43 -0400)