From 5e0e7ea9cc24846e9a682a70a2e9d3f8f55952e5 Mon Sep 17 00:00:00 2001
From: Marian Sigler <m@qjym.de>
Date: Wed, 26 Sep 2012 20:43:54 +0200
Subject: check for unique mail addresses

---
 app.py               | 15 +++++++++++++--
 forms.py             |  5 +++++
 templates/about.html |  6 ++++++
 templates/index.html |  4 +++-
 4 files changed, 27 insertions(+), 3 deletions(-)
 create mode 100644 templates/about.html

diff --git a/app.py b/app.py
index 7c2a1cf..3715cac 100644
--- a/app.py
+++ b/app.py
@@ -165,7 +165,6 @@ def settings():
 
         if request.form.get('submit_main'):
             if form.mail.data and form.mail.data != g.user.mail:
-                #TODO: check for uniqueness
                 confirm_token = make_confirmation('change_mail', (g.user.uid, form.mail.data))
                 confirm_link = url_for('change_mail', token=confirm_token, _external=True)
 
@@ -213,11 +212,16 @@ def settings():
 @app.route('/settings/change_mail/<token>')
 @login_required
 def change_mail(token):
-    #TODO: check for uniqueness
     username, mail = http_verify_confirmation('change_mail', token.encode('ascii'), timeout=3*24*60*60)
 
     if g.user.uid != username:
         raise Forbidden(u'Bitte logge dich als der Benutzer ein, dessen E-Mail-Adresse du ändern willst.')
+
+    results = g.ldap.find_by_mail(mail)
+    for user in results:
+        if user.uid != g.user.uid:
+            raise Forbidden(u'Diese E-Mail-Adresse wird schon von einem anderen account benutzt!')
+
     g.user.change_email(mail)
     g.ldap.update(g.user)
 
@@ -232,6 +236,13 @@ def logout():
     return redirect(url_for('index'))
 
 
+@app.route('/about')
+@templated('about.html')
+def about():
+    return {}
+
+
+
 @app.route('/debug')
 def debug():
     raise Exception()
diff --git a/forms.py b/forms.py
index a58f98b..75f7be1 100644
--- a/forms.py
+++ b/forms.py
@@ -43,6 +43,11 @@ class SettingsForm(Form):
     password_confirm = PasswordField(u'Passwort bestätigen')
     mail = TextField('E-Mail-Adresse', [validators.Optional(), validators.Email(), validators.Length(min=6, max=50)])
 
+    def validate_mail(form, field):
+        results = g.ldap.find_by_mail(field.data)
+        for user in results:
+            if user.uid != g.user.uid:
+                raise ValidationError(u'Diese E-Mail-Adresse wird schon von einem anderen account benutzt!')
 
     def get_servicepassword(self, service_id):
         return getattr(self, 'password_%s' % service_id)
diff --git a/templates/about.html b/templates/about.html
new file mode 100644
index 0000000..3cd96a5
--- /dev/null
+++ b/templates/about.html
@@ -0,0 +1,6 @@
+{%- extends 'base.html' %}
+{%- from '_macros.html' import render_field %}
+{%- set title = 'Über spline accounts' %}
+{%- block content %}
+<p>
+{%- endblock %}
diff --git a/templates/index.html b/templates/index.html
index b3bd93c..d652313 100644
--- a/templates/index.html
+++ b/templates/index.html
@@ -9,7 +9,9 @@
   <h2>Login</h2>
   <p>
     Willkommen bei <strong>spline accounts</strong>.
-    Melde dich an, informier dich, oder leg einen account an.
+    Melde dich an,
+    <a href="{{ url_for('about') }}">informier dich</a>, oder
+    <a href="{{ url_for('register') }}">leg einen account an</a>.
   </p>
   {{ render_field(form.username, autofocus="autofocus") }}
   {{ render_field(form.password) }}
-- 
cgit v1.2.3-1-g7c22