def update(self, user_id, form_data, skip_attrs=[]):

        from kallithea.lib.auth import get_crypt_password

        user = self.get(user_id, cache=False)

        if user.username == User.DEFAULT_USER:

            raise DefaultUserException(

                            _("You can't Edit this user since it's "

                              "crucial for entire application"))

        for k, v in form_data.items():

            if k in skip_attrs:

                continue

            if k == 'new_password' and v:

                user.password = get_crypt_password(v)

            else:

                # old legacy thing orm models store firstname as name,

                # need proper refactor to username

                if k == 'firstname':

                    k = 'name'

                setattr(user, k, v)

        self.sa.add(user)

    def update_user(self, user, **kwargs):

        from kallithea.lib.auth import get_crypt_password

        user = self._get_user(user)

        if user.username == User.DEFAULT_USER:

            raise DefaultUserException(

                _("You can't Edit this user since it's"

                  " crucial for entire application")

            )

        for k, v in kwargs.items():

            if k == 'password' and v:

                v = get_crypt_password(v)

            setattr(user, k, v)

        self.sa.add(user)

        return user

    def delete(self, user, cur_user=None):

        if not cur_user:

            cur_user = getattr(get_current_authuser(), 'username', None)

        user = self._get_user(user)

        if user.username == User.DEFAULT_USER:

            raise DefaultUserException(

        if user.repositories:

            repos = [x.repo_name for x in user.repositories]

            raise UserOwnsReposException(

                _('User "%s" still owns %s repositories and cannot be '

                  'removed. Switch owners or remove those repositories: %s')

                % (user.username, len(repos), ', '.join(repos)))

        if user.repo_groups:

            repogroups = [x.group_name for x in user.repo_groups]

            raise UserOwnsReposException(_(

                'User "%s" still owns %s repository groups and cannot be '

                'removed. Switch owners or remove those repository groups: %s')

                % (user.username, len(repogroups), ', '.join(repogroups)))

        if user.user_groups:

            usergroups = [x.users_group_name for x in user.user_groups]

            raise UserOwnsReposException(

                _('User "%s" still owns %s user groups and cannot be '

                  'removed. Switch owners or remove those user groups: %s')

                % (user.username, len(usergroups), ', '.join(usergroups)))

        self.sa.delete(user)

        from kallithea.lib.hooks import log_delete_user

        log_delete_user(user.get_dict(), cur_user)

    def reset_password_link(self, data):

        from kallithea.lib.celerylib import tasks, run_task

        from kallithea.model.notification import EmailNotificationModel

        import kallithea.lib.helpers as h

        user_email = data['email']

        user = User.get_by_email(user_email)

        if user:

            log.debug('password reset user found %s' % user)

            link = h.canonical_url('reset_password_confirmation',

                                   key=user.api_key)

            reg_type = EmailNotificationModel.TYPE_PASSWORD_RESET

            body = EmailNotificationModel().get_email_tmpl(

                reg_type, 'txt',

                user=user.short_contact,

                reset_url=link)

            html_body = EmailNotificationModel().get_email_tmpl(

                reg_type, 'html',

                user=user.short_contact,

                reset_url=link)

            log.debug('sending email')

            run_task(tasks.send_email, [user_email],

                     _("Password reset link"), body, html_body)

            log.info('send new password mail to %s' % user_email)

        else:

    this is needed to translate the messages using _() in validators

    """

    _ = staticmethod(_)

def M(self, key, state=None, **kwargs):

    """

    returns string from self.message based on given key,

    passed kw params are used to substitute %(named)s params inside

    translated strings

    :param msg:

    :param state:

    """

    if state is None:

        state = StateObj()

    else:

        state._ = staticmethod(_)

    #inject validator into state object

    return self.message(key, state, **kwargs)

def UniqueListFromString():

    class _UniqueListFromString(formencode.FancyValidator):

        """

        Split value on ',' and make unique while preserving order

        """

        messages = dict(

            empty=_('Value cannot be an empty list'),

            missing_value=_('Value cannot be an empty list'),

        )

        def _to_python(self, value, state):

            value = aslist(value, ',')

            seen = set()

            return [c for c in value if not (c in seen or seen.add(c))]

        def empty_value(self, value):

            return []

    return _UniqueListFromString

def ValidUsername(edit=False, old_data={}):

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'username_exists': _('Username "%(username)s" already exists'),

            'system_invalid_username':

            'invalid_username':

                _('Username may only contain alphanumeric characters '

                    'alphanumeric character or underscore')

        }

        def validate_python(self, value, state):

            if value in ['default', 'new_user']:

                msg = M(self, 'system_invalid_username', state, username=value)

                raise formencode.Invalid(msg, value, state)

            #check if user is unique

            old_un = None

            if edit:

                old_un = User.get(old_data.get('user_id')).username

            if old_un != value or not edit:

                if User.get_by_username(value, case_insensitive=True):

                    msg = M(self, 'username_exists', state, username=value)

                    raise formencode.Invalid(msg, value, state)

            if re.match(r'^[a-zA-Z0-9\_]{1}[a-zA-Z0-9\-\_\.]*$', value) is None:

                msg = M(self, 'invalid_username', state)

                raise formencode.Invalid(msg, value, state)

    return _validator

def ValidRegex(msg=None):

    class _validator(formencode.validators.Regex):

        messages = dict(invalid=msg or _('The input is not valid'))

    return _validator

def ValidRepoUser():

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'invalid_username': _('Username %(username)s is not valid')

        }

        def validate_python(self, value, state):

            try:

                User.query().filter(User.active == True)\

                    .filter(User.username == value).one()

            except sqlalchemy.exc.InvalidRequestError: # NoResultFound/MultipleResultsFound

                msg = M(self, 'invalid_username', state, username=value)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(username=msg)

                )

    return _validator

                _('Invalid characters (non-ascii) in password')

        }

        def validate_python(self, value, state):

            try:

                (value or '').decode('ascii')

            except UnicodeError:

                msg = M(self, 'invalid_password', state)

                raise formencode.Invalid(msg, value, state,)

    return _validator

def ValidOldPassword(username):

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'invalid_password': _('Invalid old password')

        }

        def validate_python(self, value, state):

            from kallithea.lib import auth_modules

            if not auth_modules.authenticate(username, value, ''):

                msg = M(self, 'invalid_password', state)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(current_password=msg)

                )

    return _validator

def ValidPasswordsMatch(passwd='new_password', passwd_confirmation='password_confirmation'):

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'password_mismatch': _('Passwords do not match'),

        }

        def validate_python(self, value, state):

            pass_val = value.get('password') or value.get(passwd)

            if pass_val != value[passwd_confirmation]:

                msg = M(self, 'password_mismatch', state)

                raise formencode.Invalid(msg, value, state,

                     error_dict={passwd:msg, passwd_confirmation: msg}

                )

    return _validator

def ValidAuth():

    class _validator(formencode.validators.FancyValidator):

        messages = {

        }

        def validate_python(self, value, state):

            from kallithea.lib import auth_modules

            password = value['password']

            username = value['username']

            if not auth_modules.authenticate(username, password):

                user = User.get_by_username(username)

                if user and not user.active:

                    log.warning('user %s is disabled' % username)

                    msg = M(self, 'disabled_account', state)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(username=msg)

                    )

                else:

                    log.warning('user %s failed to authenticate' % username)

                    msg = M(self, 'invalid_username', state)

                    msg2 = M(self, 'invalid_password', state)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(username=msg, password=msg2)

                    )

    return _validator

def ValidAuthToken():

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'invalid_token': _('Token mismatch')

        }

        def validate_python(self, value, state):

            if value != authentication_token():

                msg = M(self, 'invalid_token', state)

                raise formencode.Invalid(msg, value, state)

    return _validator

def ValidRepoName(edit=False, old_data={}):

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'invalid_repo_name':

            'repository_exists':

                _('Repository named %(repo)s already exists'),

            'repository_in_group_exists': _('Repository "%(repo)s" already '

                                            'exists in group "%(group)s"'),

            'same_group_exists': _('Repository group with name "%(repo)s" '

                                   'already exists')

        }

        def _to_python(self, value, state):

            repo_name = repo_name_slug(value.get('repo_name', ''))

            repo_group = value.get('repo_group')

            if repo_group:

                gr = RepoGroup.get(repo_group)

                group_path = gr.full_path

                group_name = gr.group_name

                # value needs to be aware of group name in order to check

                # db key This is an actual just the name to store in the

                # database

                repo_name_full = group_path + RepoGroup.url_sep() + repo_name

            else:

                group_name = group_path = ''

                repo_name_full = repo_name

            value['repo_name'] = repo_name

            value['repo_name_full'] = repo_name_full

            value['group_path'] = group_path

            value['group_name'] = group_name

            return value

        def validate_python(self, value, state):

            repo_name = value.get('repo_name')

            repo_name_full = value.get('repo_name_full')

            group_path = value.get('group_path')

            group_name = value.get('group_name')

            if repo_name in [ADMIN_PREFIX, '']:

                msg = M(self, 'invalid_repo_name', state, repo=repo_name)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(repo_name=msg)

                )

            rename = old_data.get('repo_name') != repo_name_full

            create = not edit

            if rename or create:

                if group_path != '':

                    if Repository.get_by_repo_name(repo_name_full):

                    msg = M(self, 'perm_new_member_type', state)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(perm_new_member_name=msg)

                    )

            return value

    return _validator

def ValidSettings():

    class _validator(formencode.validators.FancyValidator):

        def _to_python(self, value, state):

            # settings  form for users that are not admin

            # can't edit certain parameters, it's extra backup if they mangle

            # with forms

            forbidden_params = [

                'user', 'repo_type', 'repo_enable_locking',

                'repo_enable_downloads', 'repo_enable_statistics'

            ]

            for param in forbidden_params:

                if param in value:

                    del value[param]

            return value

        def validate_python(self, value, state):

            pass

    return _validator

def ValidPath():

    class _validator(formencode.validators.FancyValidator):

        messages = {

            'invalid_path': _('This is not a valid path')

        }

        def validate_python(self, value, state):

            if not os.path.isdir(value):

                msg = M(self, 'invalid_path', state)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(paths_root_path=msg)

                )

    return _validator

def UniqSystemEmail(old_data={}):

    class _validator(formencode.validators.FancyValidator):

        messages = {

        }

        def _to_python(self, value, state):

            return value.lower()

        def validate_python(self, value, state):

            if (old_data.get('email') or '').lower() != value:

                user = User.get_by_email(value, case_insensitive=True)

                if user:

                    msg = M(self, 'email_taken', state)

                    raise formencode.Invalid(msg, value, state,

                        error_dict=dict(email=msg)

                    )

    return _validator

def ValidSystemEmail():

    class _validator(formencode.validators.FancyValidator):

        messages = {

        }

        def _to_python(self, value, state):

            return value.lower()

        def validate_python(self, value, state):

            user = User.get_by_email(value, case_insensitive=True)

            if user is None:

                msg = M(self, 'non_existing_email', state, email=value)

                raise formencode.Invalid(msg, value, state,

                    error_dict=dict(email=msg)

                )

    return _validator

def LdapLibValidator():

    class _validator(formencode.validators.FancyValidator):

        messages = {

        }

        def validate_python(self, value, state):

            try:

                import ldap

                ldap  # pyflakes silence !

            except ImportError:

                raise LdapImportError()

    return _validator

def AttrLoginValidator():

    class _validator(formencode.validators.UnicodeString):

        messages = {

            'invalid_cn':

                  _('The LDAP Login attribute of the CN must be specified - '

                    'this is the name of the attribute that is equivalent '

                    'to "username"')

        }

        messages['empty'] = messages['invalid_cn']

    return _validator

def ValidIp():

    class _validator(CIDR):

        messages = dict(

            badFormat=_('Please enter a valid IPv4 or IPv6 address'),

            illegalBits=_('The network size (bits) must be within the range'

                ' of 0-32 (not %(bits)r)')

        )

        def to_python(self, value, state):

            v = super(_validator, self).to_python(value, state)

            v = v.strip()

            net = ipaddr.IPNetwork(address=v)

            if isinstance(net, ipaddr.IPv4Network):

                #if IPv4 doesn't end with a mask, add /32

                if '/' not in value:

                    v += '/32'

            if isinstance(net, ipaddr.IPv6Network):

                #if IPv6 doesn't end with a mask, add /128

                if '/' not in value:

                    v += '/128'

            return v

        def validate_python(self, value, state):

            try:

                addr = value.strip()

                #this raises an ValueError if address is not IPv4 or IPv6

                ipaddr.IPNetwork(address=addr)

            except ValueError:

                raise formencode.Invalid(self.message('badFormat', state),

                                         value, state)

    return _validator

def FieldKey():

    class _validator(formencode.validators.FancyValidator):

        messages = dict(

            badFormat=_('Key name can only consist of letters, '

                        'underscore, dash or numbers')

        )

        def validate_python(self, value, state):

            if not re.match('[a-zA-Z0-9_-]+$', value):

                raise formencode.Invalid(self.message('badFormat', state),

                                         value, state)

    return _validator

    def test_logout(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username': TEST_USER_REGULAR_LOGIN,

                                  'password': TEST_USER_REGULAR_PASS})

        # Verify that a login session has been established.

        response = self.app.get(url(controller='login', action='index'))

        response = response.follow()

        self.assertIn('authuser', response.session)

        response.click('Log Out')

        # Verify that the login session has been terminated.

        response = self.app.get(url(controller='login', action='index'))

        self.assertNotIn('authuser', response.session)

    @parameterized.expand([

          ('data:text/html,<script>window.alert("xss")</script>',),

          ('mailto:test@example.com',),

          ('file:///etc/passwd',),

          ('ftp://some.ftp.server',),

          ('http://other.domain/bl%C3%A5b%C3%A6rgr%C3%B8d',),

    ])

    def test_login_bad_came_froms(self, url_came_from):

        response = self.app.post(url(controller='login', action='index',

                                     came_from=url_came_from),

                                 {'username': TEST_USER_ADMIN_LOGIN,

                                  'password': TEST_USER_ADMIN_PASS})

        self.assertEqual(response.status, '302 Found')

        self.assertEqual(response._environ['paste.testing_variables']

                         ['tmpl_context'].came_from, '/')

        response = response.follow()

        self.assertEqual(response.status, '200 OK')

    def test_login_short_password(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username': TEST_USER_ADMIN_LOGIN,

                                  'password': 'as'})

        self.assertEqual(response.status, '200 OK')

        response.mustcontain('Enter 3 characters or more')

    def test_login_wrong_username_password(self):

        response = self.app.post(url(controller='login', action='index'),

                                 {'username': 'error',

                                  'password': 'test12'})

    # verify that get arguments are correctly passed along login redirection

    @parameterized.expand([

        ({'foo':'one', 'bar':'two'}, ('foo=one', 'bar=two')),

        ({'blue': u'blå'.encode('utf-8'), 'green':u'grøn'},

             ('blue=bl%C3%A5', 'green=gr%C3%B8n')),

    ])

    def test_redirection_to_login_form_preserves_get_args(self, args, args_encoded):

        with fixture.anon_access(False):

            response = self.app.get(url(controller='summary', action='index',

                                        repo_name=HG_REPO,

                                        **args))

            self.assertEqual(response.status, '302 Found')

            for encoded in args_encoded:

                self.assertIn(encoded, response.location)

    @parameterized.expand([

        ({'foo':'one', 'bar':'two'}, ('foo=one', 'bar=two')),

        ({'blue': u'blå'.encode('utf-8'), 'green':u'grøn'},

             ('blue=bl%C3%A5', 'green=gr%C3%B8n')),

    ])

    def test_login_form_preserves_get_args(self, args, args_encoded):

        response = self.app.get(url(controller='login', action='index',

                                    came_from = '/_admin/users',

                                    **args))

        for encoded in args_encoded:

            self.assertIn(encoded, response.form.action)

    @parameterized.expand([

        ({'foo':'one', 'bar':'two'}, ('foo=one', 'bar=two')),

        ({'blue': u'blå'.encode('utf-8'), 'green':u'grøn'},

             ('blue=bl%C3%A5', 'green=gr%C3%B8n')),

    ])

    def test_redirection_after_successful_login_preserves_get_args(self, args, args_encoded):

        response = self.app.post(url(controller='login', action='index',

                                     came_from = '/_admin/users',

                                     **args),

                                 {'username': TEST_USER_ADMIN_LOGIN,

                                  'password': TEST_USER_ADMIN_PASS})

        self.assertEqual(response.status, '302 Found')

        for encoded in args_encoded:

            self.assertIn(encoded, response.location)

    @parameterized.expand([

        ({'foo':'one', 'bar':'two'}, ('foo=one', 'bar=two')),

        ({'blue': u'blå'.encode('utf-8'), 'green':u'grøn'},

             ('blue=bl%C3%A5', 'green=gr%C3%B8n')),

    ])

    def test_login_form_after_incorrect_login_preserves_get_args(self, args, args_encoded):

        response = self.app.post(url(controller='login', action='index',

                                     came_from = '/_admin/users',

                                     **args),

                                 {'username': 'error',

                                  'password': 'test12'})

        for encoded in args_encoded:

            self.assertIn(encoded, response.form.action)

    #==========================================================================

    # REGISTRATIONS

    #==========================================================================

    def test_register(self):

        response = self.app.get(url(controller='login', action='register'))

        response.mustcontain('Sign Up')

    def test_register_err_same_username(self):

        uname = TEST_USER_ADMIN_LOGIN

        response = self.app.post(url(controller='login', action='register'),

                                            {'username': uname,

                                             'password': 'test12',

                                             'password_confirmation': 'test12',

                                             'email': 'goodmail@domain.com',

                                             'firstname': 'test',

                                             'lastname': 'test'})

        msg = validators.ValidUsername()._messages['username_exists']

        msg = h.html_escape(msg % {'username': uname})

        response.mustcontain(msg)

    def test_register_err_same_email(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username': 'test_admin_0',

                                             'password': 'test12',

                                             'password_confirmation': 'test12',

                                             'email': TEST_USER_ADMIN_EMAIL,

                                             'firstname': 'test',

                                             'lastname': 'test'})

        msg = validators.UniqSystemEmail()()._messages['email_taken']

        response.mustcontain(msg)

    def test_register_err_same_email_case_sensitive(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username': 'test_admin_1',

                                             'password': 'test12',

                                             'password_confirmation': 'test12',

                                             'email': TEST_USER_ADMIN_EMAIL.title(),

                                             'firstname': 'test',

                                             'lastname': 'test'})

        msg = validators.UniqSystemEmail()()._messages['email_taken']

        response.mustcontain(msg)

    def test_register_err_wrong_data(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username': 'xs',

                                             'password': 'test',

                                             'password_confirmation': 'test',

                                             'email': 'goodmailm',

                                             'firstname': 'test',

                                             'lastname': 'test'})

        self.assertEqual(response.status, '200 OK')

        response.mustcontain('An email address must contain a single @')

        response.mustcontain('Enter a value 6 characters long or more')

    def test_register_err_username(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username': 'error user',

                                             'password': 'test12',

                                             'password_confirmation': 'test12',

                                             'email': 'goodmailm',

                                             'firstname': 'test',

                                             'lastname': 'test'})

        response.mustcontain('An email address must contain a single @')

        response.mustcontain('Username may only contain '

                'alphanumeric characters underscores, '

                'alphanumeric character')

    def test_register_err_case_sensitive(self):

        usr = TEST_USER_ADMIN_LOGIN.title()

        response = self.app.post(url(controller='login', action='register'),

                                            {'username': usr,

                                             'password': 'test12',

                                             'password_confirmation': 'test12',

                                             'email': 'goodmailm',

                                             'firstname': 'test',

                                             'lastname': 'test'})

        response.mustcontain('An email address must contain a single @')

        msg = validators.ValidUsername()._messages['username_exists']

        msg = h.html_escape(msg % {'username': usr})

        response.mustcontain(msg)

    def test_register_special_chars(self):

        response = self.app.post(url(controller='login', action='register'),

                                        {'username': 'xxxaxn',

                                         'password': 'ąćźżąśśśś',

                                         'password_confirmation': 'ąćźżąśśśś',

                                         'email': 'goodmailm@test.plx',

                                         'firstname': 'test',

                                         'lastname': 'test'})

        msg = validators.ValidPassword()._messages['invalid_password']

        response.mustcontain(msg)

    def test_register_password_mismatch(self):

        response = self.app.post(url(controller='login', action='register'),

                                            {'username': 'xs',

                                             'password': '123qwe',

                                             'password_confirmation': 'qwe123',

                                             'email': 'goodmailm@test.plxa',

                                             'firstname': 'test',

                                             'lastname': 'test'})

        msg = validators.ValidPasswordsMatch()._messages['password_mismatch']

        response.mustcontain(msg)

    def test_register_ok(self):

        username = 'test_regular4'

        password = 'qweqwe'

        email = 'username@test.com'

        name = 'testname'

        lastname = 'testlastname'

        response = self.app.post(url(controller='login', action='register'),

from kallithea.lib import helpers as h

from kallithea.model.user import UserModel

from kallithea.model.meta import Session

fixture = Fixture()

class TestMyAccountController(TestController):

    test_user_1 = 'testme'

    @classmethod

    def teardown_class(cls):

        if User.get_by_username(cls.test_user_1):

            UserModel().delete(cls.test_user_1)

            Session().commit()

    def test_my_account(self):

        self.log_user()

        response = self.app.get(url('my_account'))

        response.mustcontain('value="%s' % TEST_USER_ADMIN_LOGIN)

    def test_my_account_my_repos(self):

        self.log_user()

        response = self.app.get(url('my_account_repos'))

        cnt = Repository.query().filter(Repository.user ==

                           User.get_by_username(TEST_USER_ADMIN_LOGIN)).count()

        response.mustcontain('"totalRecords": %s' % cnt)

    def test_my_account_my_watched(self):

        self.log_user()

        response = self.app.get(url('my_account_watched'))

        cnt = UserFollowing.query().filter(UserFollowing.user ==

                            User.get_by_username(TEST_USER_ADMIN_LOGIN)).count()

        response.mustcontain('"totalRecords": %s' % cnt)

    def test_my_account_my_emails(self):

        self.log_user()

        response = self.app.get(url('my_account_emails'))

        response.mustcontain('No additional emails specified')

    def test_my_account_my_emails_add_existing_email(self):

        self.log_user()

        response = self.app.get(url('my_account_emails'))

        response.mustcontain('No additional emails specified')

        response = self.app.post(url('my_account_emails'),

                                 {'new_email': TEST_USER_REGULAR_EMAIL, '_authentication_token': self.authentication_token()})

    def test_my_account_my_emails_add_mising_email_in_form(self):

        self.log_user()

        response = self.app.get(url('my_account_emails'))

        response.mustcontain('No additional emails specified')

        response = self.app.post(url('my_account_emails'),)

        self.checkSessionFlash(response, 'Please enter an email address')

    def test_my_account_my_emails_add_remove(self):

        self.log_user()

        response = self.app.get(url('my_account_emails'))

        response.mustcontain('No additional emails specified')

        response = self.app.post(url('my_account_emails'),

                                 {'new_email': 'foo@barz.com', '_authentication_token': self.authentication_token()})

        response = self.app.get(url('my_account_emails'))

        from kallithea.model.db import UserEmailMap

        email_id = UserEmailMap.query()\

            .filter(UserEmailMap.user == User.get_by_username(TEST_USER_ADMIN_LOGIN))\

            .filter(UserEmailMap.email == 'foo@barz.com').one().email_id

        response.mustcontain('foo@barz.com')

        response.mustcontain('<input id="del_email_id" name="del_email_id" type="hidden" value="%s" />' % email_id)

        response = self.app.post(url('my_account_emails'),

                                 {'del_email_id': email_id, '_method': 'delete', '_authentication_token': self.authentication_token()})

        self.checkSessionFlash(response, 'Removed email from user')

        response = self.app.get(url('my_account_emails'))