Add expires to contributor claim. [skip ci]

CenterForOpenScience · Jul 15, 2016 · 14d7a1e · 14d7a1e
1 parent ae0c145
commit 14d7a1e
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 6 deletions.
diff --git a/framework/auth/core.py b/framework/auth/core.py
@@ -298,7 +298,7 @@ class User(GuidStoredObject, AddonModelMixin):
     is_invited = fields.BooleanField(default=False, index=True)
 
     # Per-project unclaimed user data:
-    # TODO: add validation
+    # TODO: add a validation function that ensures that all required keys are present in the input values for that field
     unclaimed_records = fields.DictionaryField(required=False)
     # Format: {
     #   <project_id>: {
@@ -325,10 +325,10 @@ class User(GuidStoredObject, AddonModelMixin):
     # The user into which this account was merged
     merged_by = fields.ForeignField('user', default=None, index=True)
 
-    # verification key used for resetting password
+    # verification key v1,
     verification_key = fields.StringField()
 
-    # verification key with expiration time
+    # verification key v2, with expiration time and one-time only
     verification_key_v2 = fields.DictionaryField(default=dict)
     # Format: {
     #   'token': <the verification key string>
@@ -643,7 +643,7 @@ def add_unclaimed_record(self, node, referrer, given_name, email=None):
             'name': given_name,
             'referrer_id': referrer_id,
             'token': generate_verification_key(),
-            'expires': dt.datetime.utcnow() + dt.timedelta(days=7),
+            'expires': dt.datetime.utcnow() + dt.timedelta(days=30),
             'email': clean_email
         }
         self.unclaimed_records[project_id] = record

diff --git a/website/project/views/contributor.py b/website/project/views/contributor.py
@@ -1,5 +1,6 @@
 # -*- coding: utf-8 -*-
 
+import datetime as dt
 import httplib as http
 
 from flask import request
@@ -189,8 +190,7 @@ def deserialize_contributors(node, user_dicts, auth, validate=False):
                 given_name=fullname,
                 email=email)
             contributor.save()
-            unreg_contributor_added.send(node, contributor=contributor,
-                auth=auth)
+            unreg_contributor_added.send(node, contributor=contributor, auth=auth)
 
         contribs.append({
             'user': contributor,
@@ -370,6 +370,7 @@ def send_claim_registered_email(claimer, unreg_user, node, throttle=24 * 3600):
             message_long='User account can only be claimed with an existing user once every 24 hours'
         ))
     unclaimed_record['token'] = generate_verification_key()
+    unclaimed_record['expires'] = dt.datetime.utcnow() + dt.timedelta(days=30)
     unclaimed_record['claimer_email'] = claimer.username
     unreg_user.save()
     referrer = User.load(unclaimed_record['referrer_id'])
@@ -426,6 +427,7 @@ def send_claim_email(email, user, node, notify=True, throttle=24 * 3600):
         to_addr = claimer_email
         unclaimed_record['claimer_email'] = claimer_email
         user.save()
+
     else:  # Otherwise have the referrer forward the email to the user
         # roll the valid token for each email, thus user cannot change email and approve a different email address
         timestamp = unclaimed_record.get('last_sent')
@@ -435,6 +437,7 @@ def send_claim_email(email, user, node, notify=True, throttle=24 * 3600):
             ))
         unclaimed_record['last_sent'] = get_timestamp()
         unclaimed_record['token'] = generate_verification_key()
+        unclaimed_record['expires'] = dt.datetime.utcnow() + dt.timedelta(days=30)
         unclaimed_record['claimer_email'] = claimer_email
         user.save()
         claim_url = user.get_claim_url(node._primary_key, external=True)
@@ -450,6 +453,7 @@ def send_claim_email(email, user, node, notify=True, throttle=24 * 3600):
             )
         mail_tpl = mails.FORWARD_INVITE
         to_addr = referrer.username
+
     mails.send_mail(
         to_addr,
         mail_tpl,