def test_login_succeeds_if_suspension_duration_has_expired():
user_id = db_utils.create_user(password=raw_password, username=user_name)
d.engine.execute("UPDATE login SET settings = 's' WHERE userid = %(id)s", id=user_id)
release_date = d.convert_unixdate(31, 12, 2015)
d.engine.execute("INSERT INTO suspension VALUES (%(id)s, %(reason)s, %(rel)s)",
id=user_id, reason='test', rel=release_date)
result = login.authenticate_bcrypt(username=user_name, password=raw_password, request=None)
assert result == (user_id, None)
def test_login_succeeds_if_suspension_duration_has_expired():
user_id = db_utils.create_user(password=raw_password, username=user_name)
release_date = d.convert_unixdate(31, 12, 2015)
db_utils.create_suspenduser(userid=user_id,
reason="Testing",
release=release_date)
result = login.authenticate_bcrypt(username=user_name,
password=raw_password,
request=None)
assert result == (user_id, None)
def test_login_succeeds_if_suspension_duration_has_expired():
user_id = db_utils.create_user(password=raw_password, username=user_name)
d.engine.execute("UPDATE login SET settings = 's' WHERE userid = %(id)s",
id=user_id)
release_date = d.convert_unixdate(31, 12, 2015)
d.engine.execute(
"INSERT INTO suspension VALUES (%(id)s, %(reason)s, %(rel)s)",
id=user_id,
reason='test',
rel=release_date)
result = login.authenticate_bcrypt(username=user_name,
password=raw_password,
request=None)
assert result == (user_id, None)
def do_manage(my_userid,
userid,
username=None,
full_name=None,
catchphrase=None,
birthday=None,
gender=None,
country=None,
remove_social=None,
permission_tag=None):
"""Updates a user's information from the admin user management page.
After updating the user it records all the changes into the mod notes.
If an argument is None it will not be updated.
Args:
my_userid (int): ID of user making changes to other user.
userid (int): ID of user to modify.
username (str): New username for user. Defaults to None.
full_name (str): New full name for user. Defaults to None.
catchphrase (str): New catchphrase for user. Defaults to None.
birthday (str): New birthday for user, in HTML5 date format (ISO 8601 yyyy-mm-dd). Defaults to None.
gender (str): New gender for user. Defaults to None.
country (str): New country for user. Defaults to None.
remove_social (list): Items to remove from the user's social/contact links. Defaults to None.
permission_tag (bool): New tagging permission for user. Defaults to None.
Returns:
Does not return.
"""
updates = []
# Username
if username is not None:
login.change_username(
acting_user=my_userid,
target_user=userid,
bypass_limit=True,
new_username=username,
)
updates.append('- Username: %s' % (username, ))
# Full name
if full_name is not None:
d.engine.execute(
"UPDATE profile SET full_name = %(full_name)s WHERE userid = %(user)s",
full_name=full_name,
user=userid)
updates.append('- Full name: %s' % (full_name, ))
# Catchphrase
if catchphrase is not None:
d.engine.execute(
"UPDATE profile SET catchphrase = %(catchphrase)s WHERE userid = %(user)s",
catchphrase=catchphrase,
user=userid)
updates.append('- Catchphrase: %s' % (catchphrase, ))
# Birthday
if birthday is not None:
# HTML5 date format is yyyy-mm-dd
split = birthday.split("-")
if len(split) != 3 or d.convert_unixdate(
day=split[2], month=split[1], year=split[0]) is None:
raise WeasylError("birthdayInvalid")
unixtime = d.convert_unixdate(day=split[2],
month=split[1],
year=split[0])
age = d.convert_age(unixtime)
d.execute("UPDATE userinfo SET birthday = %i WHERE userid = %i",
[unixtime, userid])
if age < ratings.EXPLICIT.minimum_age:
max_rating = ratings.GENERAL.code
rating_flag = ""
else:
max_rating = ratings.EXPLICIT.code
if d.get_rating(userid) > max_rating:
d.engine.execute(
"""
UPDATE profile
SET config = REGEXP_REPLACE(config, '[ap]', '', 'g') || %(rating_flag)s
WHERE userid = %(user)s
""",
rating_flag=rating_flag,
user=userid,
)
d._get_all_config.invalidate(userid)
updates.append('- Birthday: %s' % (birthday, ))
# Gender
if gender is not None:
d.engine.execute(
"UPDATE userinfo SET gender = %(gender)s WHERE userid = %(user)s",
gender=gender,
user=userid)
updates.append('- Gender: %s' % (gender, ))
# Location
if country is not None:
d.engine.execute(
"UPDATE userinfo SET country = %(country)s WHERE userid = %(user)s",
country=country,
user=userid)
updates.append('- Country: %s' % (country, ))
# Social and contact links
if remove_social:
for social_link in remove_social:
d.engine.execute(
"DELETE FROM user_links WHERE userid = %(userid)s AND link_type = %(link)s",
userid=userid,
link=social_link)
updates.append('- Removed social link for %s' % (social_link, ))
# Permissions
if permission_tag is not None:
if permission_tag:
query = (
"UPDATE profile SET config = replace(config, 'g', '') "
"WHERE userid = %(user)s AND position('g' in config) != 0")
else:
query = ("UPDATE profile SET config = config || 'g' "
"WHERE userid = %(user)s AND position('g' in config) = 0")
if d.engine.execute(query, user=userid).rowcount != 0:
updates.append('- Permission to tag: ' +
('yes' if permission_tag else 'no'))
d._get_all_config.invalidate(userid)
if updates:
from weasyl import moderation
moderation.note_about(my_userid, userid,
'The following fields were changed:',
'\n'.join(updates))
def setusermode(userid, form):
form.userid = profile.resolve(None, form.userid, form.username)
if not form.userid:
raise WeasylError('noUser')
form.reason = form.reason.strip()
if form.mode == "s":
if form.datetype == "r":
# Relative date
magnitude = int(form.duration)
if magnitude < 0:
raise WeasylError("releaseInvalid")
basedate = datetime.datetime.now()
if form.durationunit == "y":
basedate += datetime.timedelta(days=magnitude * 365)
elif form.durationunit == "m":
basedate += datetime.timedelta(days=magnitude * 30)
elif form.durationunit == "w":
basedate += datetime.timedelta(weeks=magnitude)
else: # Catchall, days
basedate += datetime.timedelta(days=magnitude)
form.release = d.convert_unixdate(basedate.day, basedate.month, basedate.year)
else:
# Absolute date
if datetime.date(int(form.year), int(form.month), int(form.day)) < datetime.date.today():
raise WeasylError("releaseInvalid")
form.release = d.convert_unixdate(form.day, form.month, form.year)
else:
form.release = None
if userid not in staff.MODS:
raise WeasylError("Unexpected")
elif form.userid in staff.MODS:
raise WeasylError("InsufficientPermissions")
if form.mode == "b":
query = d.execute(
"UPDATE login SET settings = REPLACE(REPLACE(settings, 'b', ''), 's', '') || 'b' WHERE userid = %i"
" RETURNING userid", [form.userid])
if query:
d.execute("DELETE FROM permaban WHERE userid = %i", [form.userid])
d.execute("DELETE FROM suspension WHERE userid = %i", [form.userid])
d.execute("INSERT INTO permaban VALUES (%i, '%s')", [form.userid, form.reason])
elif form.mode == "s":
if not form.release:
raise WeasylError("releaseInvalid")
query = d.execute(
"UPDATE login SET settings = REPLACE(REPLACE(settings, 'b', ''), 's', '') || 's' WHERE userid = %i"
" RETURNING userid", [form.userid])
if query:
d.execute("DELETE FROM permaban WHERE userid = %i", [form.userid])
d.execute("DELETE FROM suspension WHERE userid = %i", [form.userid])
d.execute("INSERT INTO suspension VALUES (%i, '%s', %i)", [form.userid, form.reason, form.release])
elif form.mode == "x":
query = d.execute("UPDATE login SET settings = REPLACE(REPLACE(settings, 's', ''), 'b', '') WHERE userid = %i",
[form.userid])
d.execute("DELETE FROM permaban WHERE userid = %i", [form.userid])
d.execute("DELETE FROM suspension WHERE userid = %i", [form.userid])
action = _mode_to_action_map.get(form.mode)
if action is not None:
isoformat_release = None
message = form.reason
if form.release is not None:
isoformat_release = d.datetime.datetime.fromtimestamp(form.release).isoformat()
message = '#### Release date: %s\n\n%s' % (isoformat_release, message)
d.append_to_log(
'staff.actions',
userid=userid, action=action, target=form.userid, reason=form.reason,
release=isoformat_release)
d.get_login_settings.invalidate(form.userid)
note_about(userid, form.userid, 'User mode changed: action was %r' % (action,), message)
def setusermode(userid, form):
form.userid = profile.resolve(None, form.userid, form.username)
if not form.userid:
raise WeasylError('noUser')
form.reason = form.reason.strip()
if form.mode == "s":
if form.datetype == "r":
# Relative date
magnitude = int(form.duration)
if magnitude < 0:
raise WeasylError("releaseInvalid")
basedate = datetime.datetime.now()
if form.durationunit == "y":
basedate += datetime.timedelta(days=magnitude * 365)
elif form.durationunit == "m":
basedate += datetime.timedelta(days=magnitude * 30)
elif form.durationunit == "w":
basedate += datetime.timedelta(weeks=magnitude)
else: # Catchall, days
basedate += datetime.timedelta(days=magnitude)
form.release = d.convert_unixdate(basedate.day, basedate.month, basedate.year)
else:
# Absolute date
if datetime.date(int(form.year), int(form.month), int(form.day)) < datetime.date.today():
raise WeasylError("releaseInvalid")
form.release = d.convert_unixdate(form.day, form.month, form.year)
else:
form.release = None
if userid not in staff.MODS:
raise WeasylError("Unexpected")
elif form.userid in staff.MODS:
raise WeasylError("InsufficientPermissions")
if form.mode == "b":
# Ban user
with d.engine.begin() as db:
db.execute("DELETE FROM permaban WHERE userid = %(target)s", target=form.userid)
db.execute("DELETE FROM suspension WHERE userid = %(target)s", target=form.userid)
db.execute("INSERT INTO permaban VALUES (%(target)s, %(reason)s)", target=form.userid, reason=form.reason)
elif form.mode == "s":
# Suspend user
if not form.release:
raise WeasylError("releaseInvalid")
with d.engine.begin() as db:
db.execute("DELETE FROM permaban WHERE userid = %(target)s", target=form.userid)
db.execute("DELETE FROM suspension WHERE userid = %(target)s", target=form.userid)
db.execute("INSERT INTO suspension VALUES (%(target)s, %(reason)s, %(release)s)", target=form.userid, reason=form.reason, release=form.release)
elif form.mode == "x":
# Unban/Unsuspend
with d.engine.begin() as db:
db.execute("DELETE FROM permaban WHERE userid = %(target)s", target=form.userid)
db.execute("DELETE FROM suspension WHERE userid = %(target)s", target=form.userid)
action = _mode_to_action_map.get(form.mode)
if action is not None:
isoformat_release = None
message = form.reason
if form.release is not None:
isoformat_release = d.datetime.datetime.fromtimestamp(form.release).isoformat()
message = '#### Release date: %s\n\n%s' % (isoformat_release, message)
d.append_to_log(
'staff.actions',
userid=userid, action=action, target=form.userid, reason=form.reason,
release=isoformat_release)
d._get_all_config.invalidate(form.userid)
note_about(userid, form.userid, 'User mode changed: action was %r' % (action,), message)
def setusermode(userid, form):
form.userid = profile.resolve(None, form.userid, form.username)
if not form.userid:
raise WeasylError('noUser')
form.reason = form.reason.strip()
if form.mode == "s":
if form.datetype == "r":
# Relative date
magnitude = int(form.duration)
if magnitude < 0:
raise WeasylError("releaseInvalid")
basedate = datetime.datetime.now()
if form.durationunit == "y":
basedate += datetime.timedelta(days=magnitude * 365)
elif form.durationunit == "m":
basedate += datetime.timedelta(days=magnitude * 30)
elif form.durationunit == "w":
basedate += datetime.timedelta(weeks=magnitude)
else: # Catchall, days
basedate += datetime.timedelta(days=magnitude)
form.release = d.convert_unixdate(basedate.day, basedate.month,
basedate.year)
else:
# Absolute date
if datetime.date(int(form.year), int(form.month), int(
form.day)) < datetime.date.today():
raise WeasylError("releaseInvalid")
form.release = d.convert_unixdate(form.day, form.month, form.year)
else:
form.release = None
if userid not in staff.MODS:
raise WeasylError("Unexpected")
elif form.userid in staff.MODS:
raise WeasylError("InsufficientPermissions")
if form.mode == "b":
query = d.execute(
"UPDATE login SET settings = REPLACE(REPLACE(settings, 'b', ''), 's', '') || 'b' WHERE userid = %i"
" RETURNING userid", [form.userid])
if query:
d.execute("DELETE FROM permaban WHERE userid = %i", [form.userid])
d.execute("DELETE FROM suspension WHERE userid = %i",
[form.userid])
d.execute("INSERT INTO permaban VALUES (%i, '%s')",
[form.userid, form.reason])
elif form.mode == "s":
if not form.release:
raise WeasylError("releaseInvalid")
query = d.execute(
"UPDATE login SET settings = REPLACE(REPLACE(settings, 'b', ''), 's', '') || 's' WHERE userid = %i"
" RETURNING userid", [form.userid])
if query:
d.execute("DELETE FROM permaban WHERE userid = %i", [form.userid])
d.execute("DELETE FROM suspension WHERE userid = %i",
[form.userid])
d.execute("INSERT INTO suspension VALUES (%i, '%s', %i)",
[form.userid, form.reason, form.release])
elif form.mode == "x":
query = d.execute(
"UPDATE login SET settings = REPLACE(REPLACE(settings, 's', ''), 'b', '') WHERE userid = %i",
[form.userid])
d.execute("DELETE FROM permaban WHERE userid = %i", [form.userid])
d.execute("DELETE FROM suspension WHERE userid = %i", [form.userid])
action = _mode_to_action_map.get(form.mode)
if action is not None:
isoformat_release = None
message = form.reason
if form.release is not None:
isoformat_release = d.datetime.datetime.fromtimestamp(
form.release).isoformat()
message = '#### Release date: %s\n\n%s' % (isoformat_release,
message)
d.append_to_log('staff.actions',
userid=userid,
action=action,
target=form.userid,
reason=form.reason,
release=isoformat_release)
d.get_login_settings.invalidate(form.userid)
note_about(userid, form.userid,
'User mode changed: action was %r' % (action, ), message)
