Change password view

di · di · commit 0a48e316f5f2 · 2018-02-16T11:32:05.000-06:00
diff --git a/tests/unit/manage/test_forms.py b/tests/unit/manage/test_forms.py
@@ -78,3 +78,12 @@ def test_creation(self):
         form = forms.AddEmailForm(user_service=user_service)
 
         assert form.user_service is user_service
+
+
+class TestChangePasswordForm:
+
+    def test_creation(self):
+        user_service = pretend.stub()
+        form = forms.ChangePasswordForm(user_service=user_service)
+
+        assert form.user_service is user_service
diff --git a/tests/unit/manage/test_views.py b/tests/unit/manage/test_views.py
@@ -42,14 +42,21 @@ def test_default_response(self, monkeypatch):
         save_profile_obj = pretend.stub()
         save_profile_cls = pretend.call_recorder(lambda **kw: save_profile_obj)
         monkeypatch.setattr(views, 'SaveProfileForm', save_profile_cls)
+
         add_email_obj = pretend.stub()
-        add_email_cls = pretend.call_recorder(lambda *a, **kw: add_email_obj)
+        add_email_cls = pretend.call_recorder(lambda **kw: add_email_obj)
         monkeypatch.setattr(views, 'AddEmailForm', add_email_cls)
+
+        change_pass_obj = pretend.stub()
+        change_pass_cls = pretend.call_recorder(lambda **kw: change_pass_obj)
+        monkeypatch.setattr(views, 'ChangePasswordForm', change_pass_cls)
+
         view = views.ManageProfileViews(request)
 
         assert view.default_response == {
             'save_profile_form': save_profile_obj,
             'add_email_form': add_email_obj,
+            'change_password_form': change_pass_obj,
         }
         assert view.request == request
         assert view.user_service == user_service
@@ -59,6 +66,9 @@ def test_default_response(self, monkeypatch):
         assert add_email_cls.calls == [
             pretend.call(user_service=user_service),
         ]
+        assert change_pass_cls.calls == [
+            pretend.call(user_service=user_service),
+        ]
 
     def test_manage_profile(self, monkeypatch):
         user_service = pretend.stub()
@@ -386,7 +396,7 @@ def test_reverify_email(self, monkeypatch):
                 flash=pretend.call_recorder(lambda *a, **kw: None)
             ),
             find_service=lambda *a, **kw: pretend.stub(),
-            user=pretend.stub(id=pretend.stub),
+            user=pretend.stub(id=pretend.stub()),
         )
         send_email = pretend.call_recorder(lambda *a: None)
         monkeypatch.setattr(views, 'send_email_verification_email', send_email)
@@ -419,7 +429,7 @@ def raise_no_result():
                 flash=pretend.call_recorder(lambda *a, **kw: None)
             ),
             find_service=lambda *a, **kw: pretend.stub(),
-            user=pretend.stub(id=pretend.stub),
+            user=pretend.stub(id=pretend.stub()),
         )
         send_email = pretend.call_recorder(lambda *a: None)
         monkeypatch.setattr(views, 'send_email_verification_email', send_email)
@@ -448,7 +458,7 @@ def test_reverify_email_already_verified(self, monkeypatch):
                 flash=pretend.call_recorder(lambda *a, **kw: None)
             ),
             find_service=lambda *a, **kw: pretend.stub(),
-            user=pretend.stub(id=pretend.stub),
+            user=pretend.stub(id=pretend.stub()),
         )
         send_email = pretend.call_recorder(lambda *a: None)
         monkeypatch.setattr(views, 'send_email_verification_email', send_email)
@@ -463,6 +473,100 @@ def test_reverify_email_already_verified(self, monkeypatch):
         ]
         assert send_email.calls == []
 
+    def test_change_password(self, monkeypatch):
+        old_password = '0ld_p455w0rd'
+        new_password = 'n3w_p455w0rd'
+        user_service = pretend.stub(
+            update_user=pretend.call_recorder(lambda *a, **kw: None)
+        )
+        request = pretend.stub(
+            POST={
+                'password': old_password,
+                'new_password': new_password,
+                'password_confirm': new_password,
+            },
+            session=pretend.stub(
+                flash=pretend.call_recorder(lambda *a, **kw: None)
+            ),
+            find_service=lambda *a, **kw: user_service,
+            user=pretend.stub(
+                id=pretend.stub(),
+                username=pretend.stub(),
+                email=pretend.stub(),
+                name=pretend.stub(),
+            ),
+        )
+        change_pwd_obj = pretend.stub(
+            validate=lambda: True,
+            new_password=pretend.stub(data=new_password),
+        )
+        change_pwd_cls = pretend.call_recorder(lambda *a, **kw: change_pwd_obj)
+        monkeypatch.setattr(views, 'ChangePasswordForm', change_pwd_cls)
+
+        send_email = pretend.call_recorder(lambda *a: None)
+        monkeypatch.setattr(views, 'send_password_change_email', send_email)
+        monkeypatch.setattr(
+            views.ManageProfileViews, 'default_response', {'_': pretend.stub()}
+        )
+        view = views.ManageProfileViews(request)
+
+        assert view.change_password() == {
+            **view.default_response,
+            'change_password_form': change_pwd_obj,
+        }
+        assert request.session.flash.calls == [
+            pretend.call('Password updated.', queue='success'),
+        ]
+        assert send_email.calls == [pretend.call(request, request.user)]
+        assert user_service.update_user.calls == [
+            pretend.call(request.user.id, password=new_password),
+        ]
+
+    def test_change_password_validation_fails(self, monkeypatch):
+        old_password = '0ld_p455w0rd'
+        new_password = 'n3w_p455w0rd'
+        user_service = pretend.stub(
+            update_user=pretend.call_recorder(lambda *a, **kw: None)
+        )
+        request = pretend.stub(
+            POST={
+                'password': old_password,
+                'new_password': new_password,
+                'password_confirm': new_password,
+            },
+            session=pretend.stub(
+                flash=pretend.call_recorder(lambda *a, **kw: None)
+            ),
+            find_service=lambda *a, **kw: user_service,
+            user=pretend.stub(
+                id=pretend.stub(),
+                username=pretend.stub(),
+                email=pretend.stub(),
+                name=pretend.stub(),
+            ),
+        )
+        change_pwd_obj = pretend.stub(
+            validate=lambda: False,
+            new_password=pretend.stub(data=new_password),
+        )
+        change_pwd_cls = pretend.call_recorder(lambda *a, **kw: change_pwd_obj)
+        monkeypatch.setattr(views, 'ChangePasswordForm', change_pwd_cls)
+
+        send_email = pretend.call_recorder(lambda *a: None)
+        monkeypatch.setattr(views, 'send_password_change_email', send_email)
+        monkeypatch.setattr(
+            views.ManageProfileViews, 'default_response', {'_': pretend.stub()}
+        )
+        view = views.ManageProfileViews(request)
+
+        assert view.change_password() == {
+            **view.default_response,
+            'change_password_form': change_pwd_obj,
+        }
+        assert request.session.flash.calls == []
+        assert send_email.calls == []
+        assert user_service.update_user.calls == []
+
 
 class TestManageProjects:
 
diff --git a/tests/unit/test_email.py b/tests/unit/test_email.py
@@ -217,3 +217,47 @@ def test_email_verification_email(
         assert send_email.delay.calls == [
             pretend.call('Email Body', [stub_email.email], 'Email Subject'),
         ]
+
+
+class TestPasswordChangeEmail:
+
+    def test_password_change_email(
+            self, pyramid_request, pyramid_config, monkeypatch):
+
+        stub_user = pretend.stub(
+            email='email',
+            username='username',
+        )
+        subject_renderer = pyramid_config.testing_add_renderer(
+            'email/password-change.subject.txt'
+        )
+        subject_renderer.string_response = 'Email Subject'
+        body_renderer = pyramid_config.testing_add_renderer(
+            'email/password-change.body.txt'
+        )
+        body_renderer.string_response = 'Email Body'
+
+        send_email = pretend.stub(
+            delay=pretend.call_recorder(lambda *args, **kwargs: None)
+        )
+        pyramid_request.task = pretend.call_recorder(
+            lambda *args, **kwargs: send_email
+        )
+        monkeypatch.setattr(email, 'send_email', send_email)
+
+        result = email.send_password_change_email(
+            pyramid_request,
+            user=stub_user,
+        )
+
+        assert result == {
+            'username': stub_user.username,
+        }
+        subject_renderer.assert_()
+        body_renderer.assert_(username=stub_user.username)
+        assert pyramid_request.task.calls == [
+            pretend.call(send_email),
+        ]
+        assert send_email.delay.calls == [
+            pretend.call('Email Body', [stub_user.email], 'Email Subject'),
+        ]
diff --git a/warehouse/email.py b/warehouse/email.py
@@ -51,15 +51,11 @@ def send_password_reset_email(request, user):
     }
 
     subject = render(
-        'email/password-reset.subject.txt',
-        fields,
-        request=request,
+        'email/password-reset.subject.txt', fields, request=request
     )
 
     body = render(
-        'email/password-reset.body.txt',
-        fields,
-        request=request,
+        'email/password-reset.body.txt', fields, request=request
     )
 
     request.task(send_email).delay(body, [user.email], subject)
@@ -84,17 +80,31 @@ def send_email_verification_email(request, email):
     }
 
     subject = render(
-        'email/verify-email.subject.txt',
-        fields,
-        request=request,
+        'email/verify-email.subject.txt', fields, request=request
     )
 
     body = render(
-        'email/verify-email.body.txt',
-        fields,
-        request=request,
+        'email/verify-email.body.txt', fields, request=request
     )
 
     request.task(send_email).delay(body, [email.email], subject)
 
     return fields
+
+
+def send_password_change_email(request, user):
+    fields = {
+        'username': user.username,
+    }
+
+    subject = render(
+        'email/password-change.subject.txt', fields, request=request
+    )
+
+    body = render(
+        'email/password-change.body.txt', fields, request=request
+    )
+
+    request.task(send_email).delay(body, [user.email], subject)
+
+    return fields
diff --git a/warehouse/manage/forms.py b/warehouse/manage/forms.py
@@ -13,7 +13,9 @@
 import wtforms
 
 from warehouse import forms
-from warehouse.accounts.forms import NewEmailMixin
+from warehouse.accounts.forms import (
+    NewEmailMixin, NewPasswordMixin, PasswordMixin,
+)
 
 
 class RoleNameMixin:
@@ -72,3 +74,12 @@ class AddEmailForm(NewEmailMixin, forms.Form):
     def __init__(self, *args, user_service, **kwargs):
         super().__init__(*args, **kwargs)
         self.user_service = user_service
+
+
+class ChangePasswordForm(PasswordMixin, NewPasswordMixin, forms.Form):
+
+    __params__ = ['password', 'new_password', 'password_confirm']
+
+    def __init__(self, *args, user_service, **kwargs):
+        super().__init__(*args, **kwargs)
+        self.user_service = user_service
diff --git a/warehouse/manage/views.py b/warehouse/manage/views.py
@@ -20,9 +20,12 @@
 
 from warehouse.accounts.interfaces import IUserService
 from warehouse.accounts.models import User, Email
-from warehouse.email import send_email_verification_email
+from warehouse.email import (
+    send_email_verification_email, send_password_change_email,
+)
 from warehouse.manage.forms import (
-    AddEmailForm, CreateRoleForm, ChangeRoleForm, SaveProfileForm
+    AddEmailForm, ChangePasswordForm, CreateRoleForm, ChangeRoleForm,
+    SaveProfileForm,
 )
 from warehouse.packaging.models import JournalEntry, Role, File
 from warehouse.utils.project import confirm_project, remove_project
@@ -46,6 +49,9 @@ def default_response(self):
         return {
             'save_profile_form': SaveProfileForm(name=self.request.user.name),
             'add_email_form': AddEmailForm(user_service=self.user_service),
+            'change_password_form': ChangePasswordForm(
+                user_service=self.user_service
+            ),
         }
 
     @view_config(request_method="GET")
@@ -189,6 +195,34 @@ def reverify_email(self):
 
         return self.default_response
 
+    @view_config(
+        request_method='POST',
+        request_param=ChangePasswordForm.__params__,
+    )
+    def change_password(self):
+        form = ChangePasswordForm(
+            **self.request.POST,
+            username=self.request.user.username,
+            full_name=self.request.user.name,
+            email=self.request.user.email,
+            user_service=self.user_service,
+        )
+
+        if form.validate():
+            self.user_service.update_user(
+                self.request.user.id,
+                password=form.new_password.data,
+            )
+            send_password_change_email(self.request, self.request.user)
+            self.request.session.flash(
+                'Password updated.', queue='success'
+            )
+
+        return {
+            **self.default_response,
+            'change_password_form': form,
+        }
+
 
 @view_config(
     route_name="manage.projects",
diff --git a/warehouse/templates/email/password-change.body.txt b/warehouse/templates/email/password-change.body.txt
@@ -0,0 +1,5 @@
+Someone, perhaps you, has changed the password for your PyPI account
+'{{ username }}'.
+
+If you did not make this change, you can reply to this email directly to
+communicate with the PyPI administrators.
diff --git a/warehouse/templates/email/password-change.subject.txt b/warehouse/templates/email/password-change.subject.txt
@@ -0,0 +1 @@
+PyPI Password Change Notification
diff --git a/warehouse/templates/manage/profile.html b/warehouse/templates/manage/profile.html
@@ -207,4 +207,26 @@ <h2>Account Emails</h2>
       </div>
     </div>
   </form>
+
+  {{ form_error_anchor(change_password_form) }}
+  <h2>Change password</h2>
+  <form method="POST" action="#errors">
+    <input name="csrf_token" type="hidden" value="{{ request.session.get_csrf_token() }}">
+    {{ form_errors(change_password_form) }}
+    <div class="form-group">
+      <label class="form-group__label" for="name">Old password</label>
+      {{ change_password_form.password }}
+      {{ field_errors(change_password_form.password) }}
+      <label class="form-group__label" for="name">New password</label>
+      {{ change_password_form.new_password }}
+      {{ field_errors(change_password_form.new_password) }}
+      <label class="form-group__label" for="name">Confirm new password</label>
+      {{ change_password_form.password_confirm }}
+      {{ field_errors(change_password_form.password_confirm) }}
+    </div>
+    <input value="Update password" class="button button--primary" type="submit">
+    <a href="{{ request.route_path("accounts.request-password-reset") }}">
+      I forgot my password
+    </a>
+  </form>
 {% endblock %}
