allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brond...@apache.org
Subject [1/4] git commit: [#7683] Optional primary email address reset
Date Mon, 29 Sep 2014 15:31:56 GMT
Repository: allura
Updated Branches:
  refs/heads/master da0578956 -> dfcee1942


[#7683] Optional primary email address reset


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/d7f5a7c2
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/d7f5a7c2
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/d7f5a7c2

Branch: refs/heads/master
Commit: d7f5a7c2055d214ace74d16f139afed2292d3664
Parents: da05789
Author: Alexander Luberg <aluberg@slashdotmedia.com>
Authored: Wed Sep 24 11:31:31 2014 -0700
Committer: Dave Brondsema <dbrondsema@slashdotmedia.com>
Committed: Mon Sep 29 15:31:40 2014 +0000

----------------------------------------------------------------------
 Allura/allura/controllers/auth.py           | 16 +++++++++---
 Allura/allura/lib/plugin.py                 |  4 +++
 Allura/allura/tests/functional/test_auth.py | 31 ++++++++++++++++++++++++
 Allura/development.ini                      |  1 +
 4 files changed, 48 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/d7f5a7c2/Allura/allura/controllers/auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/auth.py b/Allura/allura/controllers/auth.py
index 1f8c8aa..47fd90f 100644
--- a/Allura/allura/controllers/auth.py
+++ b/Allura/allura/controllers/auth.py
@@ -179,10 +179,19 @@ class AuthController(BaseController):
         if not email:
             redirect('/')
 
-        email_record = M.EmailAddress.query.get(email=email, confirmed=True)
         user_record = M.User.by_email_address(email)
+        allow_non_primary_email_reset = asbool(config.get('auth.allow_non_primary_email_password_reset',
True))
 
-        if user_record and email_record.confirmed:
+        if not allow_non_primary_email_reset:
+            message = 'A password reset email has been sent, if the given email address is
on record as a primary email address.'
+            email_record = M.EmailAddress.query.get(email=provider.get_primary_email_address(user_record=user_record),
+                                                    confirmed=True)
+        else:
+            message = 'A password reset email has been sent, if the given email address is
on record in our system.'
+            email_record = M.EmailAddress.query.get(email=email, confirmed=True)
+
+
+        if user_record and email_record and email_record.confirmed:
             hash = h.nonce(42)
             user_record.set_tool_data('AuthPasswordReset',
                                       hash=hash,
@@ -204,9 +213,8 @@ class AuthController(BaseController):
                 subject=subject,
                 message_id=h.gen_message_id(),
                 text=text)
-
         h.auditlog_user('Password recovery link sent to: %s', email, user=user_record)
-        flash('A password reset email has been sent, if the given email address is on record
in our system.')
+        flash(message)
         redirect('/')
 
     @expose()

http://git-wip-us.apache.org/repos/asf/allura/blob/d7f5a7c2/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index 78aae92..504a5f6 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -273,6 +273,10 @@ class AuthenticationProvider(object):
         '''
         raise NotImplementedError, 'get_last_password_updated'
 
+    def get_primary_email_address(self, user_record):
+        return user_record.get_pref('email_address')
+
+
     def is_password_expired(self, user):
         days = asint(config.get('auth.pwdexpire.days', 0))
         before = asint(config.get('auth.pwdexpire.before', 0))

http://git-wip-us.apache.org/repos/asf/allura/blob/d7f5a7c2/Allura/allura/tests/functional/test_auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_auth.py b/Allura/allura/tests/functional/test_auth.py
index 39f5794..665f4ae 100644
--- a/Allura/allura/tests/functional/test_auth.py
+++ b/Allura/allura/tests/functional/test_auth.py
@@ -865,6 +865,37 @@ class TestPasswordReset(TestController):
 
     @patch('allura.tasks.mail_tasks.sendsimplemail')
     @patch('allura.lib.helpers.gen_message_id')
+    def test_only_primary_email_reset_allowed(self, gen_message_id, sendmail):
+        user = M.User.query.get(username='test-admin')
+        user.claim_address('aaa@aaa.com')
+        user.set_pref('email_address', 'aaa@aaa.com')
+        email = M.EmailAddress.query.find({'email': 'aaa@aaa.com'}).first()
+        email.confirmed = True
+        ThreadLocalORMSession.flush_all()
+        with h.push_config(config, **{'auth.allow_non_primary_email_password_reset': 'false'}):
+            self.app.post('/auth/password_recovery_hash', {'email': email.email})
+            hash = user.get_tool_data('AuthPasswordReset', 'hash')
+            assert hash is not None
+
+
+    @patch('allura.tasks.mail_tasks.sendsimplemail')
+    @patch('allura.lib.helpers.gen_message_id')
+    def test_non_primary_email_reset_allowed(self, gen_message_id, sendmail):
+        user = M.User.query.get(username='test-admin')
+        email1 = M.EmailAddress.query.find({'claimed_by_user_id': user._id}).first()
+        user.claim_address('aaa@aaa.com')
+        user.set_pref('email_address', 'aaa@aaa.com')
+        email = M.EmailAddress.query.find({'email': 'aaa@aaa.com'}).first()
+        email.confirmed = True
+        ThreadLocalORMSession.flush_all()
+        with h.push_config(config, **{'auth.allow_non_primary_email_password_reset': 'true'}):
+            self.app.post('/auth/password_recovery_hash', {'email': email1.email})
+            hash = user.get_tool_data('AuthPasswordReset', 'hash')
+            assert hash is not None
+
+
+    @patch('allura.tasks.mail_tasks.sendsimplemail')
+    @patch('allura.lib.helpers.gen_message_id')
     def test_password_reset(self, gen_message_id, sendmail):
         user = M.User.query.get(username='test-admin')
         email = M.EmailAddress.query.find(

http://git-wip-us.apache.org/repos/asf/allura/blob/d7f5a7c2/Allura/development.ini
----------------------------------------------------------------------
diff --git a/Allura/development.ini b/Allura/development.ini
index 6142877..1ecaefc 100644
--- a/Allura/development.ini
+++ b/Allura/development.ini
@@ -109,6 +109,7 @@ auth.allow_password_change = true
 auth.allow_upload_ssh_key = false
 auth.allow_user_messages_config = true
 auth.allow_birth_date = true
+auth.allow_non_primary_email_password_reset = true
 auth.require_email_addr = true
 
 # In seconds


Mime
View raw message