This repository has been archived by the owner on Feb 8, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 308
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add controller to generate signin link
- Loading branch information
1 parent
6713c9a
commit c4b3052
Showing
3 changed files
with
96 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
{{ _("Sign in to Gratipay") }} | ||
|
||
[---] text/html | ||
{{ _( "Click the button below to sign in to Gratipay. " | ||
"This link will expire in 1 hour and can only be used once.") }} | ||
<br> | ||
<br> | ||
<a href="{{ signin_link }}" style="{{ button_style }}">{{ _("Sign in to Gratipay") }}</a> | ||
|
||
[---] text/plain | ||
|
||
{{ _( "Click the link below to sign in to Gratipay. " | ||
"This link will expire in 1 hour and can only be used once.") }} | ||
|
||
{{ signin_link }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
# -*- coding: utf-8 -*- | ||
from __future__ import absolute_import, division, print_function, unicode_literals | ||
|
||
import json | ||
|
||
from gratipay.testing import Harness | ||
from gratipay.testing.email import QueuedEmailHarness | ||
|
||
|
||
class TestSendLink(Harness): | ||
def test_returns_json(self): | ||
self.make_participant('alice', email_address='[email protected]') | ||
response = self.client.POST('/auth/email/send_link.json', {'email_address': '[email protected]'}) | ||
|
||
message = json.loads(response.body)['message'] | ||
assert message == "We've sent you a link to sign in. Please check your inbox." | ||
|
||
def test_only_allows_post(self): | ||
response = self.client.GxT('/auth/email/send_link.json') | ||
|
||
assert response.code == 405 | ||
|
||
def test_400_for_no_email_address_parameter(self): | ||
response = self.client.PxST('/auth/email/send_link.json') | ||
|
||
assert response.code == 400 | ||
|
||
def test_400_for_invalid_email(self): | ||
response = self.client.PxST('/auth/email/send_link.json', {'email_address': '[email protected]'}) | ||
|
||
# TODO: Change this when signup links are supported | ||
|
||
assert response.code == 400 | ||
|
||
class TestSendLinkEmail(QueuedEmailHarness): | ||
def test_sends_email(self): | ||
self.make_participant('alice', email_address='[email protected]') | ||
self.client.POST('/auth/email/send_link.json', {'email_address': '[email protected]'}) | ||
|
||
assert self.get_last_email()['to'] == 'alice <[email protected]>' | ||
assert 'Click the link below to sign in to Gratipay' in self.get_last_email()['body_text'] | ||
assert 'Click the button below to sign in to Gratipay' in self.get_last_email()['body_html'] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
from aspen import Response | ||
|
||
from gratipay.models.participant import Participant | ||
from gratipay.security.authentication.email import create_signin_nonce | ||
from gratipay.utils import encode_for_querystring | ||
|
||
[---] | ||
|
||
request.allow("POST") | ||
|
||
if "email_address" not in request.body: | ||
raise Response(400, "no 'email_address' in body") | ||
|
||
email_address = request.body["email_address"] | ||
|
||
participant = Participant.from_email(email_address) | ||
|
||
if participant: | ||
nonce = create_signin_nonce(website.db, email_address) | ||
|
||
# TODO: Catch throttled! | ||
|
||
encoded_email = encode_for_querystring(email_address) | ||
|
||
signin_link = "%s/auth/email/verify.html?nonce=%s&email=%s" % (website.base_url, nonce, encoded_email) | ||
website.app.email_queue.put( participant | ||
, "signin_link" | ||
, _user_initiated=True | ||
, include_unsubscribe=False | ||
, email=email_address | ||
, signin_link=signin_link | ||
) | ||
message = _("We've sent you a link to sign in. Please check your inbox.") | ||
else: | ||
# TODO: Create sign-up link! | ||
raise Response(400, "no participant exists by this address") | ||
|
||
[---] application/json via json_dump | ||
{"message": message} |