Skip to content
This repository has been archived by the owner on Feb 8, 2018. It is now read-only.

Commit

Permalink
Add controller to generate signin link
Browse files Browse the repository at this point in the history
  • Loading branch information
rohitpaulk committed Jul 13, 2017
1 parent 6713c9a commit c4b3052
Show file tree
Hide file tree
Showing 3 changed files with 96 additions and 0 deletions.
15 changes: 15 additions & 0 deletions emails/signin_link.spt
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
{{ _("Sign in to Gratipay") }}

[---] text/html
{{ _( "Click the button below to sign in to Gratipay. "
"This link will expire in 1 hour and can only be used once.") }}
<br>
<br>
<a href="{{ signin_link }}" style="{{ button_style }}">{{ _("Sign in to Gratipay") }}</a>

[---] text/plain

{{ _( "Click the link below to sign in to Gratipay. "
"This link will expire in 1 hour and can only be used once.") }}

{{ signin_link }}
42 changes: 42 additions & 0 deletions tests/py/test_www_email_auth.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
# -*- coding: utf-8 -*-
from __future__ import absolute_import, division, print_function, unicode_literals

import json

from gratipay.testing import Harness
from gratipay.testing.email import QueuedEmailHarness


class TestSendLink(Harness):
def test_returns_json(self):
self.make_participant('alice', email_address='[email protected]')
response = self.client.POST('/auth/email/send_link.json', {'email_address': '[email protected]'})

message = json.loads(response.body)['message']
assert message == "We've sent you a link to sign in. Please check your inbox."

def test_only_allows_post(self):
response = self.client.GxT('/auth/email/send_link.json')

assert response.code == 405

def test_400_for_no_email_address_parameter(self):
response = self.client.PxST('/auth/email/send_link.json')

assert response.code == 400

def test_400_for_invalid_email(self):
response = self.client.PxST('/auth/email/send_link.json', {'email_address': '[email protected]'})

# TODO: Change this when signup links are supported

assert response.code == 400

class TestSendLinkEmail(QueuedEmailHarness):
def test_sends_email(self):
self.make_participant('alice', email_address='[email protected]')
self.client.POST('/auth/email/send_link.json', {'email_address': '[email protected]'})

assert self.get_last_email()['to'] == 'alice <[email protected]>'
assert 'Click the link below to sign in to Gratipay' in self.get_last_email()['body_text']
assert 'Click the button below to sign in to Gratipay' in self.get_last_email()['body_html']
39 changes: 39 additions & 0 deletions www/auth/email/send_link.json.spt
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
from aspen import Response

from gratipay.models.participant import Participant
from gratipay.security.authentication.email import create_signin_nonce
from gratipay.utils import encode_for_querystring

[---]

request.allow("POST")

if "email_address" not in request.body:
raise Response(400, "no 'email_address' in body")

email_address = request.body["email_address"]

participant = Participant.from_email(email_address)

if participant:
nonce = create_signin_nonce(website.db, email_address)

# TODO: Catch throttled!

encoded_email = encode_for_querystring(email_address)

signin_link = "%s/auth/email/verify.html?nonce=%s&email=%s" % (website.base_url, nonce, encoded_email)
website.app.email_queue.put( participant
, "signin_link"
, _user_initiated=True
, include_unsubscribe=False
, email=email_address
, signin_link=signin_link
)
message = _("We've sent you a link to sign in. Please check your inbox.")
else:
# TODO: Create sign-up link!
raise Response(400, "no participant exists by this address")

[---] application/json via json_dump
{"message": message}

0 comments on commit c4b3052

Please sign in to comment.