Done using isort[1], with the following command:
```
isort -rc ./app ./tests
```
Adds linting to the `run_tests.sh` script to stop badly-sorted imports
getting re-introduced.
Chosen style is ‘Vertical Hanging Indent’ with trailing commas, because
I think it gives the cleanest diffs, eg:
```
from third_party import (
lib1,
lib2,
lib3,
lib4,
)
```
1. https://pypi.python.org/pypi/isort
* if the service issuing the invite does not have permission to edit
auth types, don't let them do anything. This will stop them turning
existing email_auth users back to sms auth
* if the user hasn't got a mobile number, but the invite is for sms
login, don't do anything either. They won't have a phone number if
they signed up via an email_auth invite previously.
in these cases, we accept the invite and add the user to the service
as normal, however, just don't update the user's auth type.
specifically, the 2FA page when you first create an account is different to the login 2FA page
and also the 2FA page when you change your phone number is different as well
This PR changes the flow to change an email address.
Once the user enter their password, they are told "Check your email".
An email has been sent to them containing a link to notify which contains an encrypted token.
The encrypted token contains the user id and new email address. Once the link is clicked the user's email address is updated to the new email address.
They are redirected to the /user-profile page.
Also in this commit is an update from flask.ext.login to flask_login.
- it tried to send a verify code which no longer is applicable
- one stage of process removed and tests update properly
Flow is:
- Change email
- Confirm with password
- Done
when visited sends sms code for second step of account verification.
At that second step user enters just sms code sent to users mobile
number.
Also moved dao calls that simply proxied calls to client to calling
client directly.
There is still a place where a user will be a sent a code for
verification to their email namely if they update email address.
This commit adds an extra page or field for confirming your current password
when making important changes
Name | Email address | Mobile number | Password
---------------------|-------------------|-------------------|------------
No password required | As second page | As second page | On same page as new password
This commit adds a page or series of pages for changing your:
Name | Email address | Mobile number | Password
------------------|-------------------|-------------------|------------
Enter new value | Enter new value | Enter new value | Enter new value
| Enter 2fa code | Enter 2fa code |
Return to profile | Return to profile | Return to profile | Return to profile
(each row is a page)
