allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jetm...@apache.org
Subject [1/4] allura git commit: [#7813] ticket:711 Canonicalize email before EmailAddress lookup
Date Tue, 13 Jan 2015 16:58:40 GMT
Repository: allura
Updated Branches:
  refs/heads/ib/7813 [created] e261b44f2


[#7813] ticket:711 Canonicalize email before EmailAddress lookup


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/f5b4a833
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/f5b4a833
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/f5b4a833

Branch: refs/heads/ib/7813
Commit: f5b4a833c4fa537a7c62a61d54435a24871b3895
Parents: 184ffd6
Author: Igor Bondarenko <jetmind2@gmail.com>
Authored: Tue Jan 13 14:04:01 2015 +0000
Committer: Igor Bondarenko <jetmind2@gmail.com>
Committed: Tue Jan 13 14:15:20 2015 +0000

----------------------------------------------------------------------
 Allura/allura/controllers/auth.py               | 14 +++----
 Allura/allura/lib/mail_util.py                  |  4 +-
 Allura/allura/model/auth.py                     | 22 ++++++++--
 Allura/allura/tests/functional/test_auth.py     | 42 ++++++++++----------
 .../allura/tests/functional/test_site_admin.py  |  4 +-
 Allura/allura/websetup/bootstrap.py             |  2 +-
 .../forgeuserstats/tests/test_model.py          |  2 +-
 .../forgeuserstats/tests/test_stats.py          |  2 +-
 scripts/scrub-allura-data.py                    |  2 +-
 9 files changed, 55 insertions(+), 39 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/f5b4a833/Allura/allura/controllers/auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/auth.py b/Allura/allura/controllers/auth.py
index f971b0a..c81c572 100644
--- a/Allura/allura/controllers/auth.py
+++ b/Allura/allura/controllers/auth.py
@@ -184,11 +184,11 @@ class AuthController(BaseController):
 
         if not allow_non_primary_email_reset:
             message = 'If the given email address is on record, a password reset email has
been sent to the account\'s primary email address.'
-            email_record = M.EmailAddress.query.get(email=provider.get_primary_email_address(user_record=user_record),
+            email_record = M.EmailAddress.get(email=provider.get_primary_email_address(user_record=user_record),
                                                     confirmed=True)
         else:
             message = 'A password reset email has been sent, if the given email address is
on record in our system.'
-            email_record = M.EmailAddress.query.get(email=email, confirmed=True)
+            email_record = M.EmailAddress.get(email=email, confirmed=True)
 
 
         if user_record and email_record and email_record.confirmed:
@@ -241,8 +241,8 @@ class AuthController(BaseController):
 
     @expose()
     def send_verification_link(self, a):
-        addr = M.EmailAddress.query.get(email=a, claimed_by_user_id=c.user._id)
-        confirmed_emails = M.EmailAddress.query.find(dict(email=a, confirmed=True)).all()
+        addr = M.EmailAddress.get(email=a, claimed_by_user_id=c.user._id)
+        confirmed_emails = M.EmailAddress.find(dict(email=a, confirmed=True)).all()
         confirmed_emails = filter(lambda item: item != addr, confirmed_emails)
 
         if addr:
@@ -256,7 +256,7 @@ class AuthController(BaseController):
         redirect(request.referer)
 
     def _verify_addr(self, addr):
-        confirmed_by_other = M.EmailAddress.query.find(dict(email=addr.email, confirmed=True)).all()
if addr else []
+        confirmed_by_other = M.EmailAddress.find(dict(email=addr.email, confirmed=True)).all()
if addr else []
         confirmed_by_other = filter(lambda item: item != addr, confirmed_by_other)
 
         if addr and not confirmed_by_other:
@@ -271,7 +271,7 @@ class AuthController(BaseController):
 
     @expose()
     def verify_addr(self, a):
-        addr = M.EmailAddress.query.get(nonce=a)
+        addr = M.EmailAddress.get(nonce=a)
         self._verify_addr(addr)
         redirect('/auth/preferences/')
 
@@ -483,7 +483,7 @@ class PreferencesController(BaseController):
                 flash('You must provide your current password to claim new email', 'error')
                 return
 
-            claimed_emails = M.EmailAddress.query.find({'email': new_addr['addr']}).all()
+            claimed_emails = M.EmailAddress.find({'email': new_addr['addr']}).all()
 
             if any(email.claimed_by_user_id == user._id for email in claimed_emails):
                 flash('Email address already claimed', 'error')

http://git-wip-us.apache.org/repos/asf/allura/blob/f5b4a833/Allura/allura/lib/mail_util.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/mail_util.py b/Allura/allura/lib/mail_util.py
index 5181889..bef2403 100644
--- a/Allura/allura/lib/mail_util.py
+++ b/Allura/allura/lib/mail_util.py
@@ -158,14 +158,14 @@ def parse_message(data):
 def identify_sender(peer, email_address, headers, msg):
     from allura import model as M
     # Dumb ID -- just look for email address claimed by a particular user
-    addr = M.EmailAddress.query.get(
+    addr = M.EmailAddress.get(
         email=M.EmailAddress.canonical(email_address), confirmed=True)
     if addr and addr.claimed_by_user_id:
         return addr.claimed_by_user() or M.User.anonymous()
     from_address = headers.get('From', '').strip()
     if not from_address:
         return M.User.anonymous()
-    addr = M.EmailAddress.query.get(email=M.EmailAddress.canonical(from_address))
+    addr = M.EmailAddress.get(email=M.EmailAddress.canonical(from_address))
     if addr and addr.claimed_by_user_id:
         return addr.claimed_by_user() or M.User.anonymous()
     return M.User.anonymous()

http://git-wip-us.apache.org/repos/asf/allura/blob/f5b4a833/Allura/allura/model/auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/model/auth.py b/Allura/allura/model/auth.py
index 093b046..c417a64 100644
--- a/Allura/allura/model/auth.py
+++ b/Allura/allura/model/auth.py
@@ -123,6 +123,22 @@ class EmailAddress(MappedClass):
     confirmed = FieldProperty(bool, if_missing=False)
     nonce = FieldProperty(str)
 
+    @classmethod
+    def get(cls, **kw):
+        '''Equivalent to Ming's query.get but calls self.canonical on address
+        before lookup. You should always use this instead of query.get'''
+        if 'email' in kw:
+            kw['email'] = cls.canonical(kw['email'])
+        return cls.query.get(**kw)
+
+    @classmethod
+    def find(cls, q):
+        '''Equivalent to Ming's query.find but calls self.canonical on address
+        before lookup. You should always use this instead of query.find'''
+        if 'email' in q:
+            q['email'] = cls.canonical(q['email'])
+        return cls.query.find(q)
+
     def claimed_by_user(self, include_pending=False):
         q = {'_id': self.claimed_by_user_id,
              'disabled': False,
@@ -148,7 +164,7 @@ class EmailAddress(MappedClass):
             return 'nobody@example.com'
 
     def send_claim_attempt(self):
-        confirmed_email = self.query.find(dict(email=self.email, confirmed=True)).all()
+        confirmed_email = self.find(dict(email=self.email, confirmed=True)).all()
 
         if confirmed_email:
             log.info('Sending claim attempt email to %s', self.email)
@@ -617,7 +633,7 @@ class User(MappedClass, ActivityNode, ActivityObject, SearchIndexable):
 
     @classmethod
     def by_email_address(cls, addr):
-        addrs = EmailAddress.query.find(dict(email=addr, confirmed=True))
+        addrs = EmailAddress.find(dict(email=addr, confirmed=True))
         users = [ea.claimed_by_user() for ea in addrs]
         users = [u for u in users if u is not None]
         if len(users) > 1:
@@ -643,7 +659,7 @@ class User(MappedClass, ActivityNode, ActivityObject, SearchIndexable):
         state(self).soil()
 
     def address_object(self, addr):
-        return EmailAddress.query.get(email=addr, claimed_by_user_id=self._id)
+        return EmailAddress.get(email=addr, claimed_by_user_id=self._id)
 
     def claim_address(self, email_address):
         addr = EmailAddress.canonical(email_address)

http://git-wip-us.apache.org/repos/asf/allura/blob/f5b4a833/Allura/allura/tests/functional/test_auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_auth.py b/Allura/allura/tests/functional/test_auth.py
index 9d0f1b1..ce0e4e4 100644
--- a/Allura/allura/tests/functional/test_auth.py
+++ b/Allura/allura/tests/functional/test_auth.py
@@ -61,7 +61,7 @@ class TestAuth(TestController):
         ThreadLocalORMSession.flush_all()
         r = self.app.get('/auth/verify_addr', params=dict(a='foo'))
         assert json.loads(self.webflash(r))['status'] == 'error', self.webflash(r)
-        ea = M.EmailAddress.query.find().first()
+        ea = M.EmailAddress.find().first()
         r = self.app.get('/auth/verify_addr', params=dict(a=ea.nonce))
         assert json.loads(self.webflash(r))['status'] == 'ok', self.webflash(r)
         r = self.app.get('/auth/logout')
@@ -130,7 +130,7 @@ class TestAuth(TestController):
                       },
                       extra_environ=dict(username='test-admin'))
 
-        assert M.EmailAddress.query.find(dict(email=email_address, claimed_by_user_id=user._id)).count()
== 1
+        assert M.EmailAddress.find(dict(email=email_address, claimed_by_user_id=user._id)).count()
== 1
         r = self.app.post('/auth/preferences/update_emails',
                           params={
                               'new_addr.addr': email_address,
@@ -142,7 +142,7 @@ class TestAuth(TestController):
                           extra_environ=dict(username='test-admin'))
 
         assert json.loads(self.webflash(r))['status'] == 'error', self.webflash(r)
-        assert M.EmailAddress.query.find(dict(email=email_address, claimed_by_user_id=user._id)).count()
== 1
+        assert M.EmailAddress.find(dict(email=email_address, claimed_by_user_id=user._id)).count()
== 1
         assert len(M.User.query.get(username='test-admin').email_addresses) == addresses_number
+ 1
 
     @td.with_user_project('test-admin')
@@ -154,7 +154,7 @@ class TestAuth(TestController):
         # test-user claimed & confirmed email address
         user = M.User.query.get(username='test-user')
         user.claim_address(email_address)
-        email = M.EmailAddress.query.find(dict(email=email_address)).first()
+        email = M.EmailAddress.find(dict(email=email_address)).first()
         email.confirmed = True
         ThreadLocalORMSession.flush_all()
 
@@ -186,7 +186,7 @@ class TestAuth(TestController):
                "but it is already claimed by your %s account." % (email_address, user.username)
in kwargs['text']
 
         assert len(M.User.query.get(username='test-admin').email_addresses) == addresses_number
+ 1
-        assert len(M.EmailAddress.query.find(dict(email=email_address)).all()) == 2
+        assert len(M.EmailAddress.find(dict(email=email_address)).all()) == 2
 
     @td.with_user_project('test-admin')
     @patch('allura.tasks.mail_tasks.sendsimplemail')
@@ -197,7 +197,7 @@ class TestAuth(TestController):
         # test-user claimed email address
         user = M.User.query.get(username='test-user')
         user.claim_address(email_address)
-        email = M.EmailAddress.query.find(dict(email=email_address)).first()
+        email = M.EmailAddress.find(dict(email=email_address)).first()
         email.confirmed = False
         ThreadLocalORMSession.flush_all()
         # Claiming the same email address by test-admin
@@ -220,7 +220,7 @@ class TestAuth(TestController):
                                                           'Please check your email and click
to confirm.'
         assert sendsimplemail.post.called
         assert len(M.User.query.get(username='test-admin').email_addresses) == addresses_number
+ 1
-        assert len(M.EmailAddress.query.find(dict(email=email_address)).all()) == 2
+        assert len(M.EmailAddress.find(dict(email=email_address)).all()) == 2
 
     @td.with_user_project('test-admin')
     @patch('allura.tasks.mail_tasks.sendsimplemail')
@@ -259,12 +259,12 @@ class TestAuth(TestController):
         # test-user claimed email address
         user = M.User.query.get(username='test-user')
         user.claim_address(email_address)
-        email = M.EmailAddress.query.find(dict(email=email_address, claimed_by_user_id=user._id)).first()
+        email = M.EmailAddress.find(dict(email=email_address, claimed_by_user_id=user._id)).first()
         email.confirmed = True
 
         user1 = M.User.query.get(username='test-user-1')
         user1.claim_address(email_address)
-        email = M.EmailAddress.query.find(dict(email=email_address, claimed_by_user_id=user1._id)).first()
+        email = M.EmailAddress.find(dict(email=email_address, claimed_by_user_id=user1._id)).first()
         email.confirmed = False
 
         ThreadLocalORMSession.flush_all()
@@ -289,7 +289,7 @@ class TestAuth(TestController):
         # test-user claimed email address
         user = M.User.query.get(username='test-user')
         user.claim_address(email_address)
-        email = M.EmailAddress.query.find(dict(email=email_address, claimed_by_user_id=user._id)).first()
+        email = M.EmailAddress.find(dict(email=email_address, claimed_by_user_id=user._id)).first()
         email.confirmed = False
         ThreadLocalORMSession.flush_all()
 
@@ -300,14 +300,14 @@ class TestAuth(TestController):
 
         user1 = M.User.query.get(username='test-user-1')
         user1.claim_address(email_address)
-        email1 = M.EmailAddress.query.find(dict(email=email_address, claimed_by_user_id=user1._id)).first()
+        email1 = M.EmailAddress.find(dict(email=email_address, claimed_by_user_id=user1._id)).first()
         email1.confirmed = True
         ThreadLocalORMSession.flush_all()
         # Verify first email with the verification link
         r = self.app.get('/auth/verify_addr', params=dict(a=email.nonce), extra_environ=dict(username='test-user'))
 
         assert json.loads(self.webflash(r))['status'] == 'error'
-        email = M.EmailAddress.query.find(dict(email=email_address, claimed_by_user_id=user._id)).first()
+        email = M.EmailAddress.find(dict(email=email_address, claimed_by_user_id=user._id)).first()
         assert not email.confirmed
 
 
@@ -592,11 +592,11 @@ class TestAuth(TestController):
                     email='test@example.com'))
             r = r.follow()
             user = M.User.query.get(username='aaa')
-            em = M.EmailAddress.query.get(email='test@example.com')
+            em = M.EmailAddress.get(email='test@example.com')
             assert user._id == em.claimed_by_user_id
             r = self.app.get('/auth/verify_addr', params=dict(a=em.nonce))
             user = M.User.query.get(username='aaa')
-            em = M.EmailAddress.query.get(email='test@example.com')
+            em = M.EmailAddress.get(email='test@example.com')
             assert not user.pending
             assert em.confirmed
 
@@ -1029,7 +1029,7 @@ class TestPasswordReset(TestController):
     @patch('allura.lib.helpers.gen_message_id')
     def test_email_unconfirmed(self, gen_message_id, sendmail):
         user = M.User.query.get(username='test-admin')
-        email = M.EmailAddress.query.find(
+        email = M.EmailAddress.find(
             {'claimed_by_user_id': user._id}).first()
         email.confirmed = False
         ThreadLocalORMSession.flush_all()
@@ -1041,7 +1041,7 @@ class TestPasswordReset(TestController):
     @patch('allura.lib.helpers.gen_message_id')
     def test_user_disabled(self, gen_message_id, sendmail):
         user = M.User.query.get(username='test-admin')
-        email = M.EmailAddress.query.find(
+        email = M.EmailAddress.find(
             {'claimed_by_user_id': user._id}).first()
         user.disabled = True
         ThreadLocalORMSession.flush_all()
@@ -1056,7 +1056,7 @@ class TestPasswordReset(TestController):
         user.claim_address(self.test_primary_email)
         user.set_pref('email_address', self.test_primary_email)
 
-        email = M.EmailAddress.query.find({'email': self.test_primary_email}).first()
+        email = M.EmailAddress.find({'email': self.test_primary_email}).first()
         email.confirmed = True
         ThreadLocalORMSession.flush_all()
 
@@ -1071,10 +1071,10 @@ class TestPasswordReset(TestController):
     @patch('allura.lib.helpers.gen_message_id')
     def test_non_primary_email_reset_allowed(self, gen_message_id, sendmail):
         user = M.User.query.get(username='test-admin')
-        email1 = M.EmailAddress.query.find({'claimed_by_user_id': user._id}).first()
+        email1 = M.EmailAddress.find({'claimed_by_user_id': user._id}).first()
         user.claim_address(self.test_primary_email)
         user.set_pref('email_address', self.test_primary_email)
-        email = M.EmailAddress.query.find({'email': self.test_primary_email}).first()
+        email = M.EmailAddress.find({'email': self.test_primary_email}).first()
         email.confirmed = True
         ThreadLocalORMSession.flush_all()
         with h.push_config(config, **{'auth.allow_non_primary_email_password_reset': 'true'}):
@@ -1088,7 +1088,7 @@ class TestPasswordReset(TestController):
     @patch('allura.lib.helpers.gen_message_id')
     def test_password_reset(self, gen_message_id, sendmail):
         user = M.User.query.get(username='test-admin')
-        email = M.EmailAddress.query.find(
+        email = M.EmailAddress.find(
             {'claimed_by_user_id': user._id}).first()
         email.confirmed = True
         ThreadLocalORMSession.flush_all()
@@ -1137,7 +1137,7 @@ To reset your password on %s, please visit the following URL:
     @patch('allura.lib.helpers.gen_message_id')
     def test_hash_expired(self, gen_message_id, sendmail):
         user = M.User.query.get(username='test-admin')
-        email = M.EmailAddress.query.find(
+        email = M.EmailAddress.find(
             {'claimed_by_user_id': user._id}).first()
         email.confirmed = True
         ThreadLocalORMSession.flush_all()

http://git-wip-us.apache.org/repos/asf/allura/blob/f5b4a833/Allura/allura/tests/functional/test_site_admin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_site_admin.py b/Allura/allura/tests/functional/test_site_admin.py
index 197d058..5d3648d 100644
--- a/Allura/allura/tests/functional/test_site_admin.py
+++ b/Allura/allura/tests/functional/test_site_admin.py
@@ -382,7 +382,7 @@ class TestUserDetails(TestController):
                 extra_environ=dict(username='test-admin'))
         r = self.app.get('/nf/admin/user/test-user')
         assert_in('test@example.com', r)
-        em = M.EmailAddress.query.get(email='test@example.com')
+        em = M.EmailAddress.get(email='test@example.com')
         assert_equal(em.confirmed, True)
         user = M.User.query.get(username='test-user')
         assert_equal(user.get_pref('email_address'), 'test@example.com')
@@ -397,7 +397,7 @@ class TestUserDetails(TestController):
                 extra_environ=dict(username='test-admin'))
         r = self.app.get('/nf/admin/user/test-user')
         assert_in('test2@example.com', r)
-        em = M.EmailAddress.query.get(email='test2@example.com')
+        em = M.EmailAddress.get(email='test2@example.com')
         assert_equal(em.confirmed, True)
         user = M.User.query.get(username='test-user')
         assert_equal(user.get_pref('email_address'), 'test@example.com')

http://git-wip-us.apache.org/repos/asf/allura/blob/f5b4a833/Allura/allura/websetup/bootstrap.py
----------------------------------------------------------------------
diff --git a/Allura/allura/websetup/bootstrap.py b/Allura/allura/websetup/bootstrap.py
index 840f171..bb89995 100644
--- a/Allura/allura/websetup/bootstrap.py
+++ b/Allura/allura/websetup/bootstrap.py
@@ -214,7 +214,7 @@ def bootstrap(command, conf, vars):
         u_admin.claim_address('test-admin@users.localhost')
         ThreadLocalORMSession.flush_all()
 
-        admin_email = M.EmailAddress.query.get(email='test-admin@users.localhost')
+        admin_email = M.EmailAddress.get(email='test-admin@users.localhost')
         admin_email.confirmed = True
     else:
         u_admin = make_user('Admin 1', username='admin1')

http://git-wip-us.apache.org/repos/asf/allura/blob/f5b4a833/ForgeUserStats/forgeuserstats/tests/test_model.py
----------------------------------------------------------------------
diff --git a/ForgeUserStats/forgeuserstats/tests/test_model.py b/ForgeUserStats/forgeuserstats/tests/test_model.py
index 28b1a65..f741159 100644
--- a/ForgeUserStats/forgeuserstats/tests/test_model.py
+++ b/ForgeUserStats/forgeuserstats/tests/test_model.py
@@ -373,7 +373,7 @@ class TestUserStats(unittest.TestCase):
             self.user.set_password('testpassword')
         self.user.claim_address('rcopeland@geek.net')
 
-        addr = M.EmailAddress.query.get(email='rcopeland@geek.net')
+        addr = M.EmailAddress.get(email='rcopeland@geek.net')
         addr.confirmed = True
 
         repo_dir = pkg_resources.resource_filename(

http://git-wip-us.apache.org/repos/asf/allura/blob/f5b4a833/ForgeUserStats/forgeuserstats/tests/test_stats.py
----------------------------------------------------------------------
diff --git a/ForgeUserStats/forgeuserstats/tests/test_stats.py b/ForgeUserStats/forgeuserstats/tests/test_stats.py
index 3055b88..a13d5b4 100644
--- a/ForgeUserStats/forgeuserstats/tests/test_stats.py
+++ b/ForgeUserStats/forgeuserstats/tests/test_stats.py
@@ -196,7 +196,7 @@ class TestGitCommit(TestController, unittest.TestCase):
         user = User.by_username('test-admin')
         user.set_password('testpassword')
         user.claim_address('rcopeland@geek.net')
-        addr = M.EmailAddress.query.get(email='rcopeland@geek.net')
+        addr = M.EmailAddress.get(email='rcopeland@geek.net')
         addr.confirmed = True
         self.setup_with_tools()
 

http://git-wip-us.apache.org/repos/asf/allura/blob/f5b4a833/scripts/scrub-allura-data.py
----------------------------------------------------------------------
diff --git a/scripts/scrub-allura-data.py b/scripts/scrub-allura-data.py
index 337e8ae..c0e0828 100644
--- a/scripts/scrub-allura-data.py
+++ b/scripts/scrub-allura-data.py
@@ -116,7 +116,7 @@ def main(options):
             ThreadLocalORMSession.close_all()
 
     log.info('%s %s EmailAddress documents' %
-            (preamble, M.EmailAddress.query.find().count()))
+            (preamble, M.EmailAddress.find().count()))
     log.info('%s email addresses from %s User documents' %
             (preamble, M.User.query.find().count()))
     log.info('%s monitoring_email addresses from %s Forum documents' %


Mime
View raw message