diff --git a/gratipay/models/participant.py b/gratipay/models/participant.py index 04fdf9d8c7..7cc12a2f82 100644 --- a/gratipay/models/participant.py +++ b/gratipay/models/participant.py @@ -579,9 +579,11 @@ def change_email(self, email): return result def verify_email(self, hash_string): + confirmed = self.email.confirmed if hasattr(self.email, 'confirmed') else '' + if confirmed: + return 0 # Verified original_hash = self.email.hash if hasattr(self.email, 'hash') else '' email_ctime = self.email.ctime if hasattr(self.email, 'ctime') else '' - confirmed = self.email.confirmed if hasattr(self.email, 'confirmed') else '' if (original_hash == hash_string) and ((utcnow() - email_ctime) < timedelta(hours=24)): self.update_email(self.email.address,True) return 0 # Verified @@ -596,7 +598,6 @@ def get_verification_link(self): link = "%s://%s/%s/verify-email.html?hash=%s" % (gratipay.canonical_scheme, gratipay.canonical_host, username, hash_string) return link - def update_goal(self, goal): typecheck(goal, (Decimal, None)) with self.db.get_cursor() as c: diff --git a/tests/py/test_participant.py b/tests/py/test_participant.py index 5d8ee50aa4..40e0f95336 100644 --- a/tests/py/test_participant.py +++ b/tests/py/test_participant.py @@ -209,22 +209,27 @@ def test_john_is_plural(self): assert actual == expected def test_can_change_email(self): - self.alice.update_email('alice@gratipay.com') + self.alice.change_email('alice@gratipay.com') expected = 'alice@gratipay.com' actual = self.alice.email.address assert actual == expected - def test_cannot_confirm_email_in_one_step(self): - self.alice.update_email('alice@gratipay.com', True) - actual = self.alice.email.confirmed - assert actual == False - - def test_can_confirm_email_in_second_step(self): + def test_can_verify_email(self): self.alice.update_email('alice@gratipay.com') - self.alice.update_email('alice@gratipay.com', True) - actual = self.alice.email.confirmed + hash_string = Participant.from_username('alice').email.hash + self.alice.verify_email(hash_string) + actual = Participant.from_username('alice').email.confirmed assert actual == True + def test_cannot_verify_email_with_wrong_hash(self): + self.alice.update_email('alice@gratipay.com') + hash_string = "some wrong hash" + self.alice.verify_email(hash_string) + actual = Participant.from_username('alice').email.confirmed + assert actual == False + + # TODO - Add a test for expired hashes. (We don't have control over the ctime of emails) + def test_cant_take_over_claimed_participant_without_confirmation(self): with self.assertRaises(NeedConfirmation): self.alice.take_over(('twitter', str(self.bob.id)))