def settings(request): """ View configuration for the personal settings view. Only logged in user can reach this page. :param request: current request of the server :return: dictionary with title and project name as well as a value, weather the user is logged in """ LOG.debug("Show settings %s", request.params) ui_locales = get_language_from_cookie(request) old_pw, new_pw, confirm_pw, message = '', '', '', '' success, error = False, False db_user: User = request.validated['user'] if 'form.passwordchange.submitted' in request.params: old_pw = escape_string(request.params['passwordold']) new_pw = escape_string(request.params['password']) confirm_pw = escape_string(request.params['passwordconfirm']) message, success = change_password(db_user, old_pw, new_pw, confirm_pw, ui_locales) error = not success settings_dict = DictionaryHelper(ui_locales).prepare_settings_dict(success, old_pw, new_pw, confirm_pw, error, message, db_user, request.application_url, request.decorated['extras']['use_with_ldap']) prep_dict = main_dict(request, Translator(ui_locales).get(_.settings)) prep_dict.update({ 'settings': settings_dict }) return prep_dict
def create_issue_after_validation(request): LOG.debug("Set a new issue: %s", request.json_body) info = escape_string(request.validated['info']) long_info = escape_string(request.validated['long_info']) title = escape_string(request.validated['title']) lang = request.validated['lang'] is_public = request.validated['is_public'] is_read_only = request.validated['is_read_only'] return issue_handler.set_issue(request.validated['user'], info, long_info, title, lang, is_public, is_read_only)
def send_news(request): """ ajax interface for settings news :param request: current request of the server :return: json-set with new news """ LOG.debug("Set news via AJAX: %s", request.json_body) title = escape_string(request.validated['title']) text = escape_string(request.validated['text']) db_user = request.validated['user'] return news_handler.set_news(title, text, db_user, request.registry.settings['pyramid.default_locale_name'], request.application_url)
def set_references(request): """ Sets a reference for a statement or an arguments :param request: current request of the server :return: json-dict() """ LOG.debug("Set a reference for a statement or an argument. Request: %s", request.json_body) db_statement = request.validated['statement'] text = escape_string(request.validated['text']) source = escape_string(request.validated['ref_source']) db_user = request.validated['user'] db_issue = request.validated['issue'] return set_reference(text, source, db_user, db_statement, db_issue.uid)
def test_escape_string(self): self.assertEqual('', lib.escape_string(text='')) # normal string self.assertEqual('str', lib.escape_string(text='str')) # strings with html special chars self.assertEqual('&', lib.escape_string(text='&')) self.assertEqual('" str & str2', lib.escape_string(text='" str & str2')) long_str_with_special_char = 'str' + '"' * 1000 long_str_without_special_char = 'str' + '"' * 1000 self.assertEqual(long_str_without_special_char, lib.escape_string(long_str_with_special_char))
def set_references(request): """ Sets a reference for a statement or an arguments :param request: current request of the server :return: json-dict() """ logger('views', 'main: {}'.format(request.json_body)) db_statement = request.validated['statement'] reference = escape_string(request.validated['reference']) source = escape_string(request.validated['ref_source']) db_user = request.validated['user'] return set_reference(reference, source, db_user, db_statement, db_statement.issue_uid)
def set_statement(text: str, db_user: User, is_position: bool, db_issue: Issue) -> Tuple[Statement, bool]: """ Saves statement for user :param text: given statement :param db_user: User of given user :param is_position: if it is a start statement :param db_issue: Issue :return: Statement, is_duplicate or -1, False on error """ LOG.debug("User_id: %s, text: %s, issue: %s", db_user.uid, text, db_issue.uid) # escaping and cleaning text = escape_string(' '.join(text.strip().split())) _tn = Translator(db_issue.lang) if text.startswith(_tn.get(_.because).lower() + ' '): text = text[len(_tn.get(_.because) + ' '):] while text.endswith(('.', '?', '!', ',')): text = text[:-1] # check, if the text already exists db_dupl = __check_duplicate(db_issue, text) if db_dupl: return db_dupl, True db_statement = __add_statement(is_position) __add_textversion(text, db_user.uid, db_statement.uid) __add_statement2issue(db_statement.uid, db_issue.uid) return db_statement, False
def set_new_issue(request): """ :param request: current request of the server :return: """ LOG.debug("Set a new issue: %s", request.json_body) info = escape_string(request.validated['info']) long_info = escape_string(request.validated['long_info']) title = escape_string(request.validated['title']) lang = request.validated['lang'] is_public = request.validated['is_public'] is_read_only = request.validated['is_read_only'] return issue_handler.set_issue(request.validated['user'], info, long_info, title, lang, is_public, is_read_only)
def set_new_issue(request): """ :param request: current request of the server :return: """ logger('views', 'main {}'.format(request.json_body)) info = escape_string(request.validated['info']) long_info = escape_string(request.validated['long_info']) title = escape_string(request.validated['title']) lang = request.validated['lang'] is_public = request.validated['is_public'] is_read_only = request.validated['is_read_only'] return issue_handler.set_issue(request.validated['user'], info, long_info, title, lang, is_public, is_read_only)
def escape_if_string(data: dict, key: str): """ Escape string if key exists. :param data: :param key: :return: Return escaped value if it was a string """ val = data.get(key) if val and isinstance(val, str): return escape_string(val) return val
def store_reference(reference: str, host: str, path: str, user: User, statement: Statement, issue: Issue) -> StatementReference: """ Store reference to database. :param reference: String from external website :param user: user which adds the reference :param host: external website, where the reference comes from :param path: path on website to reference :param statement: assign reference to this statement :param issue: assign issue to reference :return: newly stored reference """ reference_text = escape_string(reference) log.debug("New Reference for Statement.uid {}: {}".format(statement.uid, reference_text)) db_ref: StatementReference = StatementReference(escape_string(reference_text), host, path, user.uid, statement.uid, issue.uid) DBDiscussionSession.add(db_ref) DBDiscussionSession.flush() transaction.commit() return db_ref
def register_user_with_json_data(data, lang, mailer: Mailer): """ Consume the ajax data for an login attempt :param data: validated params of webserver's request :param lang: language :param mailer: Mailer :return: Boolean, String, User """ _tn = Translator(lang) success = '' firstname = escape_string(data.get('firstname', '')) lastname = escape_string(data.get('lastname', '')) nickname = escape_string(data.get('nickname', '')) email = escape_string(data.get('email', '')) gender = escape_string(data.get('gender', "")) password = escape_string(data.get('password', '')) passwordconfirm = escape_string(data.get('passwordconfirm', '')) db_new_user = None msg = __check_login_params(firstname, lastname, nickname, email, password, passwordconfirm) if msg: return success, _tn.get(msg), db_new_user # getting the authors group db_group = DBDiscussionSession.query(Group).filter_by(name="users").first() # does the group exists? if not db_group: msg = _tn.get(_.errorTryLateOrContant) LOG.debug("Error occured") return success, msg, db_new_user user_data = { 'firstname': firstname, 'lastname': lastname, 'nickname': nickname, 'gender': gender, 'email': email } ret_dict = user.set_new_user(mailer, user_data, password, _tn) success = ret_dict['success'] error = ret_dict['error'] db_new_user = ret_dict['user'] msg = error if success: msg = _tn.get(_.accountWasAdded).format(nickname) return success, msg, db_new_user
def valid_q_parameter(request): """ Validate that a q-GET parameter is given. :param request: Request :return: """ query_string: str = request.params.get('q') if not query_string: add_error( request, 'GET-Parameter \'q\' is missing or empty', 'Provide a \'q\'-GET Parameter, which is the query-string to search in the database', location='querystring') return False request.validated['query'] = escape_string(query_string) return True
def send_notification(from_user, to_user, topic, content, mainpage): """ Sends message to an user and places a copy in the outbox of current user. Returns the uid and timestamp :param from_user: User :param to_user: User :param topic: String :param content: String :param mainpage: String :return: """ content = escape_string(content) notification_in = Message(from_author_uid=from_user.uid, to_author_uid=to_user.uid, topic=topic, content=content, is_inbox=True) notification_out = Message(from_author_uid=from_user.uid, to_author_uid=to_user.uid, topic=topic, content=content, is_inbox=False, read=True) DBDiscussionSession.add_all([notification_in, notification_out]) DBDiscussionSession.flush() transaction.commit() db_settings = to_user.settings if db_settings.should_send_notifications: user_lang = DBDiscussionSession.query(Language).get( db_settings.lang_uid).ui_locales _t_user = Translator(user_lang) send_request_for_info_popup_to_socketio(to_user.nickname, _t_user.get(_.newNotification), mainpage + '/notifications', increase_counter=True) db_inserted_notification = DBDiscussionSession.query(Message).filter( Message.from_author_uid == from_user.uid, Message.to_author_uid == to_user.uid, Message.topic == topic, Message.content == content, Message.is_inbox == True).order_by(Message.uid.desc()).first() return db_inserted_notification
def set_statement(text: str, db_user: User, is_start: bool, db_issue: Issue) -> Tuple[Statement, bool]: """ Saves statement for user :param text: given statement :param db_user: User of given user :param is_start: if it is a start statement :param db_issue: Issue :return: Statement, is_duplicate or -1, False on error """ logger('StatementsHelper', 'user: '******', user_id: ' + str(db_user.uid) + ', text: ' + str(text) + ', issue: ' + str(db_issue.uid)) # escaping and cleaning text = text.strip() text = ' '.join(text.split()) text = escape_string(text) _tn = Translator(db_issue.lang) if text.startswith(_tn.get(_.because).lower() + ' '): text = text[len(_tn.get(_.because) + ' '):] while text.endswith(('.', '?', '!', ',')): text = text[:-1] # check, if the text already exists db_duplicate = DBDiscussionSession.query(TextVersion).filter( func.lower(TextVersion.content) == text.lower()).first() if db_duplicate: db_statement = DBDiscussionSession.query(Statement).filter(Statement.uid == db_duplicate.statement_uid, Statement.issue_uid == db_issue.uid).one() return db_statement, True # add text statement = Statement(is_position=is_start, issue=db_issue.uid) DBDiscussionSession.add(statement) DBDiscussionSession.flush() # add textversion textversion = TextVersion(content=text, author=db_user.uid, statement_uid=statement.uid) DBDiscussionSession.add(textversion) DBDiscussionSession.flush() transaction.commit() return statement, False