Commit f499648c authored by Denis Laxalde's avatar Denis Laxalde
Browse files

Drop usage of deprecated __secure__ and secure arguments and https-url config

This fixes the following warnings:

  DeprecationWarning: [3.25] __secure__ argument is deprecated
  DeprecationWarning: [3.25] secure argument is deprecated

Accordingly, we now require cubicweb >= 3.25.

Notice that we drop a test case which sole purpose was to check that
things work with https-url option. Since this option does not exist
anymore, the test is now meaningless. On the other hand, we extend the
remaing tests for notification view (test_reset_password) to now check
for the presence of instance URL in sent email.
parent 353809ff753b
...@@ -20,7 +20,7 @@ classifiers = [ ...@@ -20,7 +20,7 @@ classifiers = [
'Programming Language :: JavaScript', 'Programming Language :: JavaScript',
] ]
__depends__ = {'cubicweb': '>= 3.19.0', __depends__ = {'cubicweb': '>= 3.25.0',
'pycrypto': None, 'pycrypto': None,
'Pillow': None, 'Pillow': None,
} }
......
...@@ -52,7 +52,7 @@ See you soon on %(base_url)s ! ...@@ -52,7 +52,7 @@ See you soon on %(base_url)s !
''') ''')
def subject(self): def subject(self):
return self._cw._(u'[%s] Request to change your password' % self._cw.base_url(secure=True)) return self._cw._(u'[%s] Request to change your password' % self._cw.base_url())
def recipients(self): def recipients(self):
fpasswd = self.cw_rset.get_entity(self.cw_row or 0, self.cw_col or 0) fpasswd = self.cw_rset.get_entity(self.cw_row or 0, self.cw_col or 0)
...@@ -67,7 +67,6 @@ See you soon on %(base_url)s ! ...@@ -67,7 +67,6 @@ See you soon on %(base_url)s !
data['revocation_id'] = fpasswd.revocation_id data['revocation_id'] = fpasswd.revocation_id
key = encrypt(data, self._cw.vreg.config['forgotpwd-cypher-seed']) key = encrypt(data, self._cw.vreg.config['forgotpwd-cypher-seed'])
url = self._cw.build_url('forgottenpasswordrequest', url = self._cw.build_url('forgottenpasswordrequest',
__secure__=True,
key=key,) key=key,)
return { return {
'resetlink': url, 'resetlink': url,
...@@ -75,6 +74,6 @@ See you soon on %(base_url)s ! ...@@ -75,6 +74,6 @@ See you soon on %(base_url)s !
# NOTE: it would probably be better to display the expiration date # NOTE: it would probably be better to display the expiration date
# (with correct timezone) # (with correct timezone)
'limit': self._cw.vreg.config['revocation-limit'], 'limit': self._cw.vreg.config['revocation-limit'],
'base_url': self._cw.base_url(secure=True), 'base_url': self._cw.base_url(),
} }
...@@ -25,8 +25,7 @@ class ForgotPasswordLinkWidget(wdg.FieldWidget): ...@@ -25,8 +25,7 @@ class ForgotPasswordLinkWidget(wdg.FieldWidget):
def render(self, form, field, renderer): def render(self, form, field, renderer):
req = form._cw req = form._cw
ret = u'<span class="forgotpwdLink"><a href="%s">%s</a></span>' % ( ret = u'<span class="forgotpwdLink"><a href="%s">%s</a></span>' % (
xml_escape(req.build_url('forgottenpassword', xml_escape(req.build_url('forgottenpassword')),
__secure__=True)),
req._('Forgot your password?')) req._('Forgot your password?'))
return ret return ret
...@@ -43,7 +42,7 @@ class ForgottenPasswordForm(forms.FieldsForm): ...@@ -43,7 +42,7 @@ class ForgottenPasswordForm(forms.FieldsForm):
form_buttons = [wdg.SubmitButton()] form_buttons = [wdg.SubmitButton()]
@property @property
def action(self): def action(self):
return self._cw.build_url(u'forgottenpassword_sendmail', __secure__=True) return self._cw.build_url(u'forgottenpassword_sendmail')
use_email = ff.StringField(widget=wdg.TextInput(), required=True, label=_(u'your email address')) use_email = ff.StringField(widget=wdg.TextInput(), required=True, label=_(u'your email address'))
captcha = ff.StringField(widget=captcha.CaptchaWidget(), required=True, captcha = ff.StringField(widget=captcha.CaptchaWidget(), required=True,
...@@ -75,7 +74,7 @@ class ForgottenPasswordSendMailController(controller.Controller): ...@@ -75,7 +74,7 @@ class ForgottenPasswordSendMailController(controller.Controller):
msg = unicode(exc) msg = unicode(exc)
else: else:
msg = self._cw._(u'An email has been sent, follow instructions in there to change your password.') msg = self._cw._(u'An email has been sent, follow instructions in there to change your password.')
raise Redirect(self._cw.build_url('pwdsent', __message=msg, __secure__=True)) raise Redirect(self._cw.build_url('pwdsent', __message=msg))
def checked_data(self): def checked_data(self):
'''only basic data check here (required attributes and password '''only basic data check here (required attributes and password
...@@ -116,7 +115,7 @@ class ForgottenPasswordRequestForm(forms.FieldsForm): ...@@ -116,7 +115,7 @@ class ForgottenPasswordRequestForm(forms.FieldsForm):
form_buttons = [wdg.SubmitButton()] form_buttons = [wdg.SubmitButton()]
@property @property
def action(self): def action(self):
return self._cw.build_url(u'forgottenpassword-requestconfirm', __secure__=True) return self._cw.build_url(u'forgottenpassword-requestconfirm')
upassword = ff.StringField(widget=wdg.PasswordInput(), required=True) upassword = ff.StringField(widget=wdg.PasswordInput(), required=True)
...@@ -130,7 +129,7 @@ class ForgottenPasswordRequestView(form.FormViewMixIn, StartupView): ...@@ -130,7 +129,7 @@ class ForgottenPasswordRequestView(form.FormViewMixIn, StartupView):
self._cw.vreg.config['forgotpwd-cypher-seed']) self._cw.vreg.config['forgotpwd-cypher-seed'])
except: except:
msg = self._cw._(u'Invalid link. Please try again.') msg = self._cw._(u'Invalid link. Please try again.')
raise Redirect(self._cw.build_url(u'forgottenpassword', __message=msg, __secure__=True)) raise Redirect(self._cw.build_url(u'forgottenpassword', __message=msg))
def call(self): def call(self):
key = self.check_key() key = self.check_key()
...@@ -151,7 +150,7 @@ class ForgottenPasswordRequestConfirm(controller.Controller): ...@@ -151,7 +150,7 @@ class ForgottenPasswordRequestConfirm(controller.Controller):
'forgotpwd_change_passwd', use_email=data['use_email'], 'forgotpwd_change_passwd', use_email=data['use_email'],
revocation_id=data['revocation_id'], upassword=data['upassword']) revocation_id=data['revocation_id'], upassword=data['upassword'])
cnx.commit() cnx.commit()
raise Redirect(self._cw.build_url('pwdreset', __message=msg, __secure__=True)) raise Redirect(self._cw.build_url('pwdreset', __message=msg))
def checked_data(self): def checked_data(self):
cw = self._cw cw = self._cw
......
...@@ -13,7 +13,7 @@ Homepage: http://www.cubicweb.org/project/cubicweb-forgotpwd ...@@ -13,7 +13,7 @@ Homepage: http://www.cubicweb.org/project/cubicweb-forgotpwd
Package: cubicweb-forgotpwd Package: cubicweb-forgotpwd
Architecture: all Architecture: all
Depends: Depends:
python-cubicweb (>= 3.24), python-cubicweb (>= 3.25),
python-crypto, python-crypto,
python-imaging, python-imaging,
${python:Depends}, ${python:Depends},
......
...@@ -20,25 +20,12 @@ class ForgotTC(CubicWebTC): ...@@ -20,25 +20,12 @@ class ForgotTC(CubicWebTC):
def test_reset_password(self): def test_reset_password(self):
MAILBOX[:] = [] MAILBOX[:] = []
self.assertEqual(len(MAILBOX), 0) self.assertEqual(len(MAILBOX), 0)
self.config.global_set_option('base-url', 'http://babar.com/')
with self.repo.internal_cnx() as cnx: with self.repo.internal_cnx() as cnx:
cnx.call_service('forgotpwd_send_email', use_email=u'test_user1@logilab.fr') cnx.call_service('forgotpwd_send_email', use_email=u'test_user1@logilab.fr')
cnx.commit() cnx.commit()
self.assertEqual(len(MAILBOX), 1) self.assertEqual(len(MAILBOX), 1)
self.assertNotIn('None', MAILBOX[0].content) self.assertIn('http://babar.com', MAILBOX[0].content)
def test_reset_https(self):
MAILBOX[:] = []
self.config.global_set_option('base-url', 'http://babar.com/')
with self.repo.internal_cnx() as cnx:
cnx.call_service('forgotpwd_send_email', use_email=u'test_user2@logilab.fr')
cnx.commit()
self.assertIn('http://babar.com/', MAILBOX[0].content)
self.config.global_set_option('https-url', 'https://babar.com/')
with self.repo.internal_cnx() as cnx:
cnx.call_service('forgotpwd_send_email', use_email=u'test_user3@logilab.fr')
cnx.commit()
self.assertIn('https://babar.com/', MAILBOX[1].content)
if __name__ == '__main__': if __name__ == '__main__':
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment