in Allura/allura/controllers/auth.py [0:0]
def _update_emails(self, user, admin=False, form_params={}):
# not using **kw in method signature, to ensure 'admin' can't be passed in via a form submit
kw = form_params
addr = kw.pop('addr', None)
new_addr = kw.pop('new_addr', None)
primary_addr = kw.pop('primary_addr', None)
old_primary_addr = user.preferences.email_address
provider = plugin.AuthenticationProvider.get(request)
for i, (old_a, data) in enumerate(zip(user.email_addresses, addr or [])):
obj = user.address_object(old_a)
if data.get('delete') or not obj:
if not admin and (not kw.get('password') or not provider.validate_password(user, kw.get('password'))):
flash('You must provide your current password to delete an email', 'error')
return
if primary_addr == user.email_addresses[i]:
if select_new_primary_addr(user, ignore_emails=[primary_addr]) is None \
and asbool(config.get('auth.require_email_addr', False)):
flash('You must have at least one verified email address.', 'error')
return
else:
# clear it now, a new one will get set below
user.set_pref('email_address', None)
primary_addr = None
user.set_tool_data('AuthPasswordReset', hash='', hash_expiry='')
h.auditlog_user('Email address deleted: %s', user.email_addresses[i], user=user)
if not admin:
email_body = g.jinja2_env.get_template('allura:templates/mail/email_removed.md').render(dict(
user=user,
config=config,
addr=user.email_addresses[i]
))
send_system_mail_to_user(user, 'Email Address Removed', email_body)
del user.email_addresses[i]
if obj:
obj.delete()
if new_addr.get('claim') or new_addr.get('addr'):
user.set_tool_data('AuthPasswordReset', hash='', hash_expiry='') # Clear password reset token
claimed_emails_limit = config.get('user_prefs.maximum_claimed_emails', None)
if claimed_emails_limit and len(user.email_addresses) >= int(claimed_emails_limit):
flash('You cannot claim more than %s email addresses.' % claimed_emails_limit, 'error')
return
if not admin and (not kw.get('password') or not provider.validate_password(user, kw.get('password'))):
flash('You must provide your current password to claim new email', 'error')
return
claimed_emails = M.EmailAddress.find({'email': new_addr['addr']}).all()
if any(email.claimed_by_user_id == user._id for email in claimed_emails):
flash('Email address already claimed', 'error')
elif mail_util.isvalid(new_addr['addr']):
em = M.EmailAddress.create(new_addr['addr'])
if em:
user.email_addresses.append(em.email)
em.claimed_by_user_id = user._id
confirmed_emails = [email for email in claimed_emails if email.confirmed]
if not confirmed_emails:
if not admin:
em.send_verification_link()
else:
AuthController()._verify_addr(em, do_auth_check=False)
else:
em.send_claim_attempt()
if not admin:
user.set_tool_data('AuthPasswordReset', hash='', hash_expiry='')
flash('A verification email has been sent. Please check your email and click to confirm.')
h.auditlog_user('New email address: %s', new_addr['addr'], user=user)
else:
flash('Email address %s is invalid' % new_addr['addr'], 'error')
else:
flash('Email address %s is invalid' % new_addr['addr'], 'error')
if not primary_addr and not user.get_pref('email_address') and user.email_addresses:
primary_addr = select_new_primary_addr(user)
if primary_addr:
if old_primary_addr != primary_addr:
if not admin and (not kw.get('password') or not provider.validate_password(user, kw.get('password'))):
flash('You must provide your current password to change primary address', 'error')
return
h.auditlog_user(
'Primary email changed: %s => %s',
user.get_pref('email_address'),
primary_addr,
user=user)
if not admin:
email_body = g.jinja2_env.get_template('allura:templates/mail/primary_email_changed.md').render(
dict(user=user, config=config, addr=primary_addr))
# send to previous primary addr
send_system_mail_to_user(old_primary_addr, 'Primary Email Address Changed', email_body)
user.set_pref('email_address', primary_addr)
user.set_tool_data('AuthPasswordReset', hash='', hash_expiry='')