Now anonymous users can confirm the change of email even if they are not authenticated, some users update the email from a desktop browser but check the email from mobile
Alejandro Alonso
David Barragán Merino
parent
ccd1a9cdd9
commit
e54802f0b1
|
|
@ -44,7 +44,7 @@ class UserPermission(TaigaResourcePermission):
|
||||||
me_perms = IsAuthenticated()
|
me_perms = IsAuthenticated()
|
||||||
remove_avatar_perms = IsAuthenticated()
|
remove_avatar_perms = IsAuthenticated()
|
||||||
starred_perms = AllowAny()
|
starred_perms = AllowAny()
|
||||||
change_email_perms = IsTheSameUser()
|
change_email_perms = AllowAny()
|
||||||
contacts_perms = AllowAny()
|
contacts_perms = AllowAny()
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -272,9 +272,10 @@ def test_user_action_password_recovery(client, data):
|
||||||
def test_user_action_change_email(client, data):
|
def test_user_action_change_email(client, data):
|
||||||
url = reverse('users-change-email')
|
url = reverse('users-change-email')
|
||||||
|
|
||||||
data.registered_user.email_token = "test-token"
|
def after_each_request():
|
||||||
data.registered_user.new_email = "new@email.com"
|
data.registered_user.email_token = "test-token"
|
||||||
data.registered_user.save()
|
data.registered_user.new_email = "new@email.com"
|
||||||
|
data.registered_user.save()
|
||||||
|
|
||||||
users = [
|
users = [
|
||||||
None,
|
None,
|
||||||
|
|
@ -283,5 +284,6 @@ def test_user_action_change_email(client, data):
|
||||||
]
|
]
|
||||||
|
|
||||||
patch_data = json.dumps({"email_token": "test-token"})
|
patch_data = json.dumps({"email_token": "test-token"})
|
||||||
results = helper_test_http_method(client, 'post', url, patch_data, users)
|
after_each_request()
|
||||||
assert results == [401, 204, 400]
|
results = helper_test_http_method(client, 'post', url, patch_data, users, after_each_request=after_each_request)
|
||||||
|
assert results == [204, 204, 204]
|
||||||
|
|
|
||||||
|
|
@ -93,6 +93,18 @@ def test_validate_requested_email_change(client):
|
||||||
assert user.new_email is None
|
assert user.new_email is None
|
||||||
assert user.email == "new@email.com"
|
assert user.email == "new@email.com"
|
||||||
|
|
||||||
|
def test_validate_requested_email_change_for_anonymous_user(client):
|
||||||
|
user = f.UserFactory.create(email_token="change_email_token", new_email="new@email.com")
|
||||||
|
url = reverse('users-change-email')
|
||||||
|
data = {"email_token": "change_email_token"}
|
||||||
|
|
||||||
|
response = client.post(url, json.dumps(data), content_type="application/json")
|
||||||
|
|
||||||
|
assert response.status_code == 204
|
||||||
|
user = models.User.objects.get(pk=user.id)
|
||||||
|
assert user.email_token is None
|
||||||
|
assert user.new_email is None
|
||||||
|
assert user.email == "new@email.com"
|
||||||
|
|
||||||
def test_validate_requested_email_change_without_token(client):
|
def test_validate_requested_email_change_without_token(client):
|
||||||
user = f.UserFactory.create(email_token="change_email_token", new_email="new@email.com")
|
user = f.UserFactory.create(email_token="change_email_token", new_email="new@email.com")
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue