Send an email to the user when they change email address

This PR changes the flow to change an email address.
Once the user enter their password, they are told "Check your email".
An email has been sent to them containing a link to notify which contains an encrypted token.
The encrypted token contains the user id and new email address. Once the link is clicked the user's email address is updated to the new email address.
They are redirected to the /user-profile page.

Also in this commit is an update from flask.ext.login to flask_login.
This commit is contained in:
Rebecca Law
2016-10-13 17:05:37 +01:00
parent daa848f4c5
commit a0e7d569e9
11 changed files with 87 additions and 38 deletions

View File

@@ -1,12 +1,8 @@
import markdown
import os
from flask import (render_template, url_for, redirect, Markup, request, abort)
from flask import (render_template, url_for, redirect, request, abort)
from app.main import main
from app import convert_to_boolean
from flask_login import login_required
from flask_login import (login_required, current_user)
from flask.ext.login import current_user
from mdx_gfm import GithubFlavoredMarkdownExtension
from notifications_utils.renderers import HTMLEmail

View File

@@ -8,11 +8,10 @@ from flask import (
redirect,
session,
abort,
url_for,
flash
url_for
)
from flask.ext.login import current_user
from flask_login import current_user
from app.main import main

View File

@@ -9,7 +9,7 @@ from flask import (
Markup
)
from flask.ext.login import (
from flask_login import (
current_user,
login_fresh,
confirm_login

View File

@@ -4,7 +4,7 @@ from flask import (
session
)
from flask.ext.login import logout_user
from flask_login import logout_user
from app.main import main

View File

@@ -1,19 +1,21 @@
import json
from flask import (
render_template,
redirect,
url_for,
session
)
session,
current_app)
from flask_login import login_required, current_user
from notifications_utils.url_safe_token import check_token
from flask.ext.login import current_user
from flask_login import login_required
from app.main import main
from app.main.forms import (
ChangePasswordForm,
ChangeNameForm,
ChangeEmailForm,
ConfirmEmailForm,
ChangeMobileNumberForm,
ConfirmMobileNumberForm,
ConfirmPasswordForm
@@ -82,10 +84,9 @@ def user_profile_email_authenticate():
return redirect('main.user_profile_email')
if form.validate_on_submit():
current_user.email_address = session[NEW_EMAIL]
del session[NEW_EMAIL]
user_api_client.update_user(current_user)
return redirect(url_for('.user_profile'))
user_api_client.send_change_email_verification(current_user.id, session[NEW_EMAIL])
return render_template('views/change-email-continue.html',
new_email=session[NEW_EMAIL])
return render_template(
'views/user-profile/authenticate.html',
@@ -95,6 +96,26 @@ def user_profile_email_authenticate():
)
@main.route("/user-profile/email/confirm/<token>", methods=['GET'])
@login_required
def user_profile_email_confirm(token):
token_data = check_token(token,
current_app.config['SECRET_KEY'],
current_app.config['DANGEROUS_SALT'],
current_app.config['EMAIL_EXPIRY_SECONDS'])
token_data = json.loads(token_data)
user_id = token_data['user_id']
new_email = token_data['email']
user = user_api_client.get_user(user_id)
user.email_address = new_email
user_api_client.update_user(user)
if session.get(NEW_EMAIL, None):
del session[NEW_EMAIL]
return redirect(url_for('.user_profile'))
@main.route("/user-profile/mobile-number", methods=['GET', 'POST'])
@login_required
def user_profile_mobile_number():

View File

@@ -1,4 +1,4 @@
from flask.ext.login import current_user
from flask_login import current_user
def _attach_current_user(data):

View File

@@ -1,4 +1,4 @@
from flask.ext.login import (UserMixin, login_fresh)
from flask_login import (UserMixin, login_fresh)
class User(UserMixin):

View File

@@ -127,3 +127,8 @@ class UserApiClient(BaseAPIClient):
return self.update_user(user)
else:
return user
def send_change_email_verification(self, user_id, new_email):
endpoint = '/user/{}/change-email-verification'.format(user_id)
data = {'email': new_email}
self.post(endpoint, data)

View File

@@ -0,0 +1,13 @@
{% extends "withoutnav_template.html" %}
{% block page_title %}
Check your email GOV.UK Notify
{% endblock %}
{% block maincolumn_content %}
<h1 class="heading-large">Check your email</h1>
<p>An email has been sent to {{ new_email }}.</p>
<p>Click the link in the email to confirm the change to your email address.</p>
{% endblock %}

View File

@@ -1,5 +1,6 @@
import json
from flask import url_for
from notifications_utils.url_safe_token import generate_token
def test_should_show_overview_page(app_,
@@ -65,8 +66,6 @@ def test_should_show_email_page(app_,
def test_should_redirect_after_email_change(app_,
api_user_active,
mock_login,
mock_get_user,
mock_get_user_by_email_not_found,
mock_is_email_unique):
with app_.test_request_context():
with app_.test_client() as client:
@@ -83,9 +82,7 @@ def test_should_redirect_after_email_change(app_,
def test_should_show_authenticate_after_email_change(app_,
api_user_active,
mock_login,
mock_get_user,
mock_verify_password):
mock_login):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)
@@ -93,31 +90,44 @@ def test_should_show_authenticate_after_email_change(app_,
session['new-email'] = 'new_notify@notify.gov.uk'
response = client.get(url_for('main.user_profile_email_authenticate'))
assert response.status_code == 200
assert 'Change your email address' in response.get_data(as_text=True)
assert 'Confirm' in response.get_data(as_text=True)
assert response.status_code == 200
def test_should_redirect_to_profile_after_email_change_confirm(app_,
api_user_active,
mock_login,
mock_get_user,
mock_verify_password,
mock_send_verify_code,
mock_is_email_unique):
def test_should_render_change_email_continue_after_authenticate_email(app_,
api_user_active,
mock_login,
mock_verify_password,
mock_send_change_email_verification):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)
data = {'email-code': '12345'}
data = {'password': '12345'}
with client.session_transaction() as session:
session['new-email'] = 'new_notify@notify.gov.uk'
response = client.post(
url_for('main.user_profile_email_authenticate'),
data=data)
assert response.status_code == 200
assert 'Click the link in the email to confirm the change to your email address.' \
in response.get_data(as_text=True)
def test_should_redirect_to_user_profile_when_user_confirms_email_link(app_,
api_user_active,
mock_login
):
with app_.test_request_context():
with app_.test_client() as client:
client.login(api_user_active)
token = generate_token(payload=json.dumps({'user_id': api_user_active.id, 'email': 'new_email@gov.uk'}),
secret=app_.config['SECRET_KEY'], salt=app_.config['DANGEROUS_SALT'])
response = client.get(url_for('main.user_profile_email_confirm', token=token))
assert response.status_code == 302
assert response.location == url_for(
'main.user_profile', _external=True)
assert response.location == url_for('main.user_profile', _external=True)
def test_should_show_mobile_number_page(app_,

View File

@@ -580,6 +580,11 @@ def api_user_changed_password(fake_uuid):
return user
@pytest.fixture(scope='function')
def mock_send_change_email_verification(mocker):
return mocker.patch('app.user_api_client.send_change_email_verification')
@pytest.fixture(scope='function')
def mock_register_user(mocker, api_user_pending):
def _register(name, email_address, mobile_number, password):