From 1fd2e81d8e465c0b69920ae0b4ab5797d261f78e Mon Sep 17 00:00:00 2001 From: Wil Clouser Date: Wed, 17 Mar 2010 14:00:53 -0700 Subject: [PATCH] use new DOMAIN; other tweaks --- apps/users/tests/test_utils.py | 10 ++++------ apps/users/tests/test_views.py | 14 ++++++++------ apps/users/urls.py | 9 +++++---- apps/users/utils.py | 2 +- apps/users/views.py | 11 ++++++----- 5 files changed, 24 insertions(+), 22 deletions(-) diff --git a/apps/users/tests/test_utils.py b/apps/users/tests/test_utils.py index 997bd2b2b8..111bfd9dae 100644 --- a/apps/users/tests/test_utils.py +++ b/apps/users/tests/test_utils.py @@ -10,14 +10,12 @@ class TestEmailResetCode(test.TestCase): def test_parse(self): id = 1 mail = 'nobody@mozilla.org' - code = EmailResetCode.create(id, mail) + token, hash = EmailResetCode.create(id, mail) - code, hash = code.split('/') - - r_id, r_mail = EmailResetCode.parse(code, hash) + r_id, r_mail = EmailResetCode.parse(token, hash) eq_(id, r_id) eq_(mail, r_mail) # A bad token or hash raises ValueError - self.assertRaises(ValueError, EmailResetCode.parse, code, hash[:-5]) - self.assertRaises(ValueError, EmailResetCode.parse, code[5:], hash) + self.assertRaises(ValueError, EmailResetCode.parse, token, hash[:-5]) + self.assertRaises(ValueError, EmailResetCode.parse, token[5:], hash) diff --git a/apps/users/tests/test_views.py b/apps/users/tests/test_views.py index d0360d36c6..30ae0c3080 100644 --- a/apps/users/tests/test_views.py +++ b/apps/users/tests/test_views.py @@ -1,6 +1,7 @@ from django import test from django.core import mail from django.contrib.auth.models import User +from django.core.urlresolvers import reverse from django.test.client import Client from nose.tools import eq_ @@ -47,28 +48,29 @@ class TestEmailChange(UserViewBase): def setUp(self): super(TestEmailChange, self).setUp() - self.code = EmailResetCode.create(self.user.id, 'nobody@mozilla.org') - self.url = '/en-US/firefox/user/%s/emailchange/%s' + self.token, self.hash = EmailResetCode.create(self.user.id, 'nobody@mozilla.org') def test_fail(self): # Completely invalid user, valid code - url = self.url % (12345, self.code) + url = reverse('users.emailchange', args=[1234, self.token, self.hash]) r = self.client.get(url, follow=True) eq_(r.status_code, 404) # User is in the system, but not attached to this code, valid code - url = self.url % (9945, self.code) + url = reverse('users.emailchange', args=[9945, self.token, self.hash]) r = self.client.get(url, follow=True) eq_(r.status_code, 400) # Valid user, invalid code - url = self.url % (self.user.id, self.code[:-3]) + url = reverse('users.emailchange', args=[self.user.id, self.token, + self.hash[:-3]]) r = self.client.get(url, follow=True) eq_(r.status_code, 400) def test_success(self): self.assertEqual(self.user_profile.email, 'jbalogh@mozilla.com') - url = self.url % (self.user.id, self.code) + url = reverse('users.emailchange', args=[self.user.id, self.token, + self.hash]) r = self.client.get(url, follow=True) eq_(r.status_code, 200) u = User.objects.get(id=self.user.id).get_profile() diff --git a/apps/users/urls.py b/apps/users/urls.py index c98e00a665..9d9f66a97f 100644 --- a/apps/users/urls.py +++ b/apps/users/urls.py @@ -8,15 +8,15 @@ from . import views detail_patterns = patterns('', url('^$', views.profile, name='users.profile'), url(r'^emailchange/(?P[-\w]+={0,3})/(?P[\w]+)$', - views.emailchange), + views.emailchange, name="users.emailchange"), ) urlpatterns = patterns('', # URLs for a single user. ('^user/(?P\d+)/', include(detail_patterns)), - url(r'^users/login/?$', views.login, name='users.login'), - url(r'^users/logout$', views.logout, name='users.logout'), + url(r'^users/login', views.login, name='users.login'), + url(r'^users/logout', views.logout, name='users.logout'), url('^users/edit$', views.edit, name='users.edit'), @@ -25,7 +25,8 @@ urlpatterns = patterns('', {'template_name': 'pwreset_request.html', 'email_template_name': 'email/pwreset.ltxt', 'password_reset_form': forms.PasswordResetForm, - }), + }, + name="users.pwreset"), url(r'^users/pwresetsent$', auth_views.password_reset_done, {'template_name': 'pwreset_sent.html'}), url(r'^users/pwreset/(?P[-\w]+)/(?P[-\w]+)$', diff --git a/apps/users/utils.py b/apps/users/utils.py index 4328335725..24b21eb60d 100644 --- a/apps/users/utils.py +++ b/apps/users/utils.py @@ -19,7 +19,7 @@ class EmailResetCode(): token = ",".join([str(i) for i in data]) secret = self.make_secret(token) - return "%s/%s" % (base64.urlsafe_b64encode(token), secret) + return base64.urlsafe_b64encode(token), secret @classmethod def parse(self, code, hash): diff --git a/apps/users/views.py b/apps/users/views.py index 3a392813d4..7650b9d2e2 100644 --- a/apps/users/views.py +++ b/apps/users/views.py @@ -48,11 +48,11 @@ def edit(request): 'email. Until then, you can keep logging in with your ' 'current email address.').format(amouser.email))) - domain = settings.HOSTNAME - code = EmailResetCode.create(amouser.id, amouser.email) - url = "%s/user/%s/emailchange/%s" % (settings.SITE_URL, - amouser.id, - code) + domain = settings.DOMAIN + token, hash = EmailResetCode.create(amouser.id, amouser.email) + url = "%s%s" % (settings.SITE_URL, + reverse('users.emailchange', args=[amouser.id, + token, hash])) t = loader.get_template('email/emailchange.ltxt') c = {'domain': domain, 'url': url, } send_mail(_(("Please confirm your email address " @@ -104,6 +104,7 @@ def emailchange(request, user_id, token, hash): def login(request): + logout(request) r = auth.views.login(request, template_name='login.html', authentication_form=forms.AuthenticationForm) form = forms.AuthenticationForm(data=request.POST)