From e54802f0b1856e369d0fbfb964ea505bacace501 Mon Sep 17 00:00:00 2001 From: Alejandro Alonso Date: Fri, 12 Jun 2015 08:50:32 +0200 Subject: [PATCH] Now anonymous users can confirm the change of email even if they are not authenticated, some users update the email from a desktop browser but check the email from mobile --- taiga/users/permissions.py | 2 +- .../resources_permissions/test_users_resources.py | 12 +++++++----- tests/integration/test_users.py | 12 ++++++++++++ 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/taiga/users/permissions.py b/taiga/users/permissions.py index 168a9419..70cfa3b8 100644 --- a/taiga/users/permissions.py +++ b/taiga/users/permissions.py @@ -44,7 +44,7 @@ class UserPermission(TaigaResourcePermission): me_perms = IsAuthenticated() remove_avatar_perms = IsAuthenticated() starred_perms = AllowAny() - change_email_perms = IsTheSameUser() + change_email_perms = AllowAny() contacts_perms = AllowAny() diff --git a/tests/integration/resources_permissions/test_users_resources.py b/tests/integration/resources_permissions/test_users_resources.py index 5bcf3c4e..fada3a72 100644 --- a/tests/integration/resources_permissions/test_users_resources.py +++ b/tests/integration/resources_permissions/test_users_resources.py @@ -272,9 +272,10 @@ def test_user_action_password_recovery(client, data): def test_user_action_change_email(client, data): url = reverse('users-change-email') - data.registered_user.email_token = "test-token" - data.registered_user.new_email = "new@email.com" - data.registered_user.save() + def after_each_request(): + data.registered_user.email_token = "test-token" + data.registered_user.new_email = "new@email.com" + data.registered_user.save() users = [ None, @@ -283,5 +284,6 @@ def test_user_action_change_email(client, data): ] patch_data = json.dumps({"email_token": "test-token"}) - results = helper_test_http_method(client, 'post', url, patch_data, users) - assert results == [401, 204, 400] + after_each_request() + results = helper_test_http_method(client, 'post', url, patch_data, users, after_each_request=after_each_request) + assert results == [204, 204, 204] diff --git a/tests/integration/test_users.py b/tests/integration/test_users.py index 4682d5a2..1898aea8 100644 --- a/tests/integration/test_users.py +++ b/tests/integration/test_users.py @@ -93,6 +93,18 @@ def test_validate_requested_email_change(client): assert user.new_email is None assert user.email == "new@email.com" +def test_validate_requested_email_change_for_anonymous_user(client): + user = f.UserFactory.create(email_token="change_email_token", new_email="new@email.com") + url = reverse('users-change-email') + data = {"email_token": "change_email_token"} + + response = client.post(url, json.dumps(data), content_type="application/json") + + assert response.status_code == 204 + user = models.User.objects.get(pk=user.id) + assert user.email_token is None + assert user.new_email is None + assert user.email == "new@email.com" def test_validate_requested_email_change_without_token(client): user = f.UserFactory.create(email_token="change_email_token", new_email="new@email.com")