0003-manager-add-a-change-email-action-on-users-fixes-197.patch

Benjamin Dauvergne, 07 décembre 2017 11:54

Voir les différences: en ligne côte à côte

Subject: [PATCH 3/3] manager: add a change email action on users (fixes
 #19716)

It's only visible for OU with the validate_emails flag.

 src/authentic2/a2_rbac/models.py                   |  1 +
 src/authentic2/api_views.py                        |  3 +-
 src/authentic2/manager/forms.py                    | 10 ++++-
 .../authentic2/manager/user_change_email.html      | 11 ++++++
 .../user_change_email_notification_body.txt        | 35 ++++++++++++++++++
 .../user_change_email_notification_subject.txt     |  1 +
 src/authentic2/manager/urls.py                     |  6 +++
 src/authentic2/manager/user_views.py               | 43 ++++++++++++++++++++--
 src/authentic2/settings.py                         |  3 +-
 src/authentic2/utils.py                            |  2 +-
 src/authentic2/views.py                            |  2 +-
 tests/test_user_manager.py                         | 35 ++++++++++++++++++
 12 files changed, 142 insertions(+), 10 deletions(-)
 create mode 100644 src/authentic2/manager/templates/authentic2/manager/user_change_email.html
 create mode 100644 src/authentic2/manager/templates/authentic2/manager/user_change_email_notification_body.txt
 create mode 100644 src/authentic2/manager/templates/authentic2/manager/user_change_email_notification_subject.txt
 create mode 100644 tests/test_user_manager.py

src/authentic2/a2_rbac/models.py
247	247	CHANGE_PASSWORD_OP = Operation(name=_('Change password'), slug='change_password')
248	248	RESET_PASSWORD_OP = Operation(name=_('Reset password'), slug='reset_password')
249	249	ACTIVATE_OP = Operation(name=_('Activate'), slug='activate')
	250	CHANGE_EMAIL_OP = Operation(name=_('Change email'), slug='change_email')

         @detail_route(methods=['post'],
                       permission_classes=(DjangoPermission('custom_user.change_user'),))
         def email(self, request, uuid):
             from authentic2.views import EmailChangeView
             user = self.get_object()
             serializer = ChangeEmailSerializer(data=request.data)
             if not serializer.is_valid():
-...
                     'errors': serializer.errors
+                }
                 return Response(response, status.HTTP_400_BAD_REQUEST)
             EmailChangeView.send_email_change_email(request, user, serializer.validated_data['email'])
             utils.send_email_change_email(user, serializer.validated_data['email'], request=request)
             return Response({'result': 1})

         class Meta:
             model = get_ou_model()
             fields = ('name', 'default', 'username_is_unique', 'email_is_unique')
             fields = ('name', 'default', 'username_is_unique', 'email_is_unique', 'validate_emails')
     def get_role_form_class():
         if app_settings.ROLE_FORM_CLASS:
             return import_module_or_class(app_settings.ROLE_FORM_CLASS)
         return RoleEditForm
     class UserChangeEmailForm(CssClass, forms.ModelForm):
         def save(self, *args, **kwargs):
             return self.instance
         class Meta:
             fields = ('email',)

     {% extends "authentic2/manager/form.html" %}
     {% load i18n %}
     {% block beforeform %}
       <p>
           {% blocktrans %}User's email will not be changed immediately. First an email will be sent to this
           new email address containing a link on which the user's will have to click to verify that it owns
           the email address, then it will be changed.{% endblocktrans %}
       </p>
       {{ block.super }}
     {% endblock %}

     {% load i18n %}{% autoescape off %}{% if email_is_not_unique%}{% blocktrans with name=user.get_short_name old_email=user.email %}Hi {{ name }} !
     An administrator requested for changing your email on {{ domain }} from:
       {{ old_email }}
     to:
       {{ email }}
     But this email is already linked to another account.
     You can recover this account password using the password reset form:
       {{ password_reset_url }}
     --
     {{ domain }}{% endblocktrans %}{% else %}{% blocktrans with name=user.get_short_name old_email=user.email %}Hi {{ name }} !
     And administrator requested for changing your email on {{ domain }} from:
       {{ old_email }}
     to:
       {{ email }}
     To validate this change please click on the following link:
       {{ link }}
     This link will be valid for {{ token_lifetime }}.
     --
     {{ domain }}{% endblocktrans %}{% endif %}{% endautoescape %}

src/authentic2/manager/templates/authentic2/manager/user_change_email_notification_subject.txt
	1	{% load i18n %}{% autoescape off %}{% blocktrans %}Change email on {{ domain }} requested by an administrator{% endblocktrans %}{% endautoescape %}

             url(r'^users/(?P<pk>\d+)/change-password/$',
                 user_views.user_change_password,
                 name='a2-manager-user-change-password'),
             url(r'^users/(?P<pk>\d+)/change-email/$',
                 user_views.user_change_email,
                 name='a2-manager-user-change-email'),
             # by uuid
             url(r'^users/uuid:(?P<slug>[a-z0-9]+)/$', user_views.user_detail,
                 name='a2-manager-user-by-uuid-detail'),
-...
             url(r'^users/uuid:(?P<slug>[a-z0-9]+)/change-password/$',
                 user_views.user_change_password,
                 name='a2-manager-user-by-uuid-change-password'),
             url(r'^users/uuid:(?P<slug>[a-z0-9]+)/change-email/$',
                 user_views.user_change_email,
                 name='a2-manager-user-by-uuid-change-email'),
             # Authentic2 roles
             url(r'^roles/$', role_views.listing,

     from authentic2.constants import SWITCH_USER_SESSION_KEY
     from authentic2.models import Attribute, PasswordReset
     from authentic2.utils import switch_user, send_password_reset_mail, redirect
     from authentic2.utils import switch_user, send_password_reset_mail, redirect, send_email_change_email
     from authentic2.a2_rbac.utils import get_default_ou
     from authentic2 import hooks
     from django_rbac.utils import get_role_model, get_role_parenting_model, get_ou_model
-...
         BaseEditView, ActionMixin, OtherActionsMixin, Action, ExportMixin, \
         BaseSubTableView, HideOUColumnMixin, BaseDeleteView, BaseDetailView
     from .tables import UserTable, UserRolesTable, OuUserRolesTable
     from .forms import UserSearchForm, UserAddForm, UserEditForm, \
         UserChangePasswordForm, ChooseUserRoleForm, UserRoleSearchForm
     from .forms import (UserSearchForm, UserAddForm, UserEditForm,
         UserChangePasswordForm, ChooseUserRoleForm, UserRoleSearchForm, UserChangeEmailForm)
     from .resources import UserResource
     from . import app_settings
-...
                          permission='custom_user.change_password_user')
             if self.request.user.is_superuser:
                 yield Action('switch_user', _('Impersonate this user'))
             if self.object.ou and self.object.ou.validate_emails:
                 yield Action('change_email', _('Change user email'),
                              url_name='a2-manager-user-change-email',
                              permission='custom_user.change_email_user')
         def action_force_password_change(self, request, *args, **kwargs):
             PasswordReset.objects.get_or_create(user=self.object)
-...
         template_name = 'authentic2/manager/user_edit.html'
         form_class = UserEditForm
         permissions = ['custom_user.change_user']
         fields = ['username', 'ou', 'first_name', 'last_name', 'email']
         fields = ['username', 'ou', 'first_name', 'last_name']
         success_url = '..'
         slug_field = 'uuid'
         action = _('Change')
-...
         def get_fields(self):
             fields = list(self.fields)
             if not self.object.ou or not self.object.ou.validate_emails:
                 fields.append('email')
             for attribute in Attribute.objects.all():
                 fields.append(attribute.name)
             if self.request.user.is_superuser and \
-...
     user_change_password = UserChangePasswordView.as_view()
     class UserChangeEmailView(BaseEditView):
         template_name = 'authentic2/manager/user_change_email.html'
         model = get_user_model()
         form_class = UserChangeEmailForm
         permissions = ['custom_user.change_email_user']
         success_url = '..'
         slug_field = 'uuid'
         title = _('Change user email')
         def get_success_message(self, cleaned_data):
             return ugettext('A mail was sent to %s to verify it.') % cleaned_data['email']
         def get_form_kwargs(self):
             kwargs = super(UserChangeEmailView, self).get_form_kwargs()
             kwargs.setdefault('initial', {})['email'] = self.object.email
             return kwargs
         def form_valid(self, form):
             response = super(UserChangeEmailView, self).form_valid(form)
             email = form.cleaned_data['email']
             hooks.call_hooks('event', name='manager-change-email-request', user=self.request.user,
                              instance=form.instance, form=form, email=email)
             send_email_change_email(self.object, email, request=self.request,
                                    template_names=['authentic2/manager/user_change_email_notification'])
             return response
     user_change_email = UserChangeEmailView.as_view()
     class UserRolesView(HideOUColumnMixin, BaseSubTableView):
         model = get_user_model()
         form_class = ChooseUserRoleForm

     DJANGO_RBAC_PERMISSIONS_HIERARCHY = {
         'view': ['search'],
         'change_password': ['view', 'search'],
         'change_email': ['view', 'search'],
         'reset_password': ['view', 'search'],
         'activate': ['view', 'search'],
         'admin': ['change', 'delete', 'add', 'view', 'change_password', 'reset_password', 'activate',
                   'search'],
                   'search', 'change_email'],
         'change': ['view', 'search'],
         'delete': ['view', 'search'],
         'add': ['view', 'search'],

         return app_settings.LOGIN_URL or settings.LOGIN_URL
     def send_email_change_mail(user, email, request=None, context=None, template_names=None):
     def send_email_change_email(user, email, request=None, context=None, template_names=None):
         '''Send an email to verify that user can take email as its new email'''
         assert user
         assert email

         def form_valid(self, form):
             email = form.cleaned_data['email']
             utils.send_email_change_mail(self.request.user, email, request=self.request)
             utils.send_email_change_email(self.request.user, email, request=self.request)
             hooks.call_hooks('event', name='change-email', user=self.request.user, email=email)
             messages.info(
                 self.request,

     from django.core.urlresolvers import reverse
     from authentic2.a2_rbac.utils import get_default_ou
     from utils import login, get_link_from_mail
     def test_manager_user_change_email(app, superuser_or_admin, simple_user, mailoutbox):
         ou = get_default_ou()
         ou.validate_emails = True
         ou.save()
         response = login(app, superuser_or_admin,
                          reverse('a2-manager-user-by-uuid-detail',
                                  kwargs={'slug': unicode(simple_user.uuid)}))
         assert 'Change user email' in response.content
         # cannot click it's a submit button :/
         response = app.get(reverse('a2-manager-user-by-uuid-change-email',
                                    kwargs={'slug': unicode(simple_user.uuid)}))
         response.form.set('email', 'john.doe@example.com')
         assert len(mailoutbox) == 0
         response = response.form.submit().follow()
         assert 'A mail was sent to john.doe@example.com to verify it.' in response.content
         assert 'Change user email' in response.content
         # cannot click it's a submit button :/
         assert len(mailoutbox) == 1
         # logout
         app.session.flush()
         link = get_link_from_mail(mailoutbox[0])
         response = app.get(link).maybe_follow()
         assert (
             'your request for changing your email for john.doe@example.com is successful'
             in response.content)
         simple_user.refresh_from_db()
         assert simple_user.email == 'john.doe@example.com'
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0003-manager-add-a-change-email-action-on-users-fixes-197.patch