valitydev/redash
14
0
Fork 0
mirror of https://github.com/valitydev/redash.git synced 2024-11-07 01:25:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Verify address when users change their e-mail (#3504)

Browse Source 
* re-verify e-mail address on change

* send verification e-mail to the new address
This commit is contained in:
Omer Lachish 2019-02-27 12:17:20 +02:00 committed by GitHub
parent fbaded4548
commit e9c88ea176
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
redash/handlers/users.py
View File

@ -13,7 +13,7 @@ from redash.permissions import require_permission, require_admin_or_owner, is_ad
require_permission_or_owner, require_admin
from redash.handlers.base import BaseResource, require_fields, get_object_or_404, paginate, order_results as _order_results
from redash.authentication.account import invite_link_for_user, send_invite_email, send_password_reset_email
from redash.authentication.account import invite_link_for_user, send_invite_email, send_password_reset_email, send_verify_email
from redash.settings import parse_boolean
@ -225,10 +225,17 @@ class UserResource(BaseResource):
if domain.lower() in blacklist or domain.lower() == 'qq.com':
abort(400, message='Bad email address.')
email_changed = 'email' in params and params['email'] != user.email
if email_changed:
user.is_email_verified = False
try:
self.update_model(user, params)
models.db.session.commit()
if email_changed:
send_verify_email(user, self.current_org)
# The user has updated their email or password. This should invalidate all _other_ sessions,
# forcing them to log in again. Since we don't want to force _this_ session to have to go
# through login again, we call `login_user` in order to update the session with the new identity details.

6
tests/handlers/test_users.py
View File

@ -202,6 +202,12 @@ class TestUserResourcePost(BaseTestCase):
rv = self.make_request('post', "/api/users/{}".format(self.factory.user.id), data={"name": "New Name"})
self.assertEqual(rv.status_code, 200)
def test_marks_email_as_not_verified_when_changed(self):
user = self.factory.user
user.is_email_verified = True
rv = self.make_request('post', "/api/users/{}".format(user.id), data={"email": "donald@trump.biz"})
self.assertFalse(user.is_email_verified)
def test_returns_200_for_admin_changing_other_user(self):
admin = self.factory.create_admin()