class UserCreateForm(formencode.Schema):
allow_extra_fields = True
user_name = formencode.All(validators.PlainText(not_empty=True),
forms.UniqueUsername(), forms.ContainsChar())
email = formencode.All(validators.Email(), forms.UniqueEmail())
password = validators.String(not_empty=True)
password_confirm = validators.String(not_empty=True)
password_confirm = validators.String(not_empty=True)
chained_validators = [
validators.FieldsMatch('password', 'password_confirm')
]
class ShibbolethRegisterForm(formencode.Schema):
_tok = formencode.validators.String()
if not config.get_bool('adhocracy.force_randomized_user_names'):
username = formencode.All(
formencode.validators.PlainText(not_empty=True),
forms.UniqueUsername(), forms.ContainsChar())
if config.get_bool('adhocracy.set_display_name_on_register'):
display_name = formencode.validators.String(not_empty=False,
if_missing=None)
email = formencode.All(
formencode.validators.Email(
not_empty=config.get_bool('adhocracy.require_email')),
forms.UniqueEmail())
class OpenIDUsernameForm(formencode.Schema):
login = formencode.All(validators.PlainText(not_empty=True),
forms.UniqueUsername(), forms.ContainsChar())
def verify(self):
if not openid_login_allowed():
ret_abort(_("OpenID login has been disabled on this installation"),
code=403)
self.consumer = create_consumer(self.openid_session)
info = self.consumer.complete(
request.params, h.base_url('/openid/verify', absolute=True))
if not info.status == SUCCESS:
return self._failure(info.identity_url, _("OpenID login failed."))
email = None
user_name = None
# evaluate Simple Registration Extension data
srep = sreg.SRegResponse.fromSuccessResponse(info)
if srep:
if srep.get('nickname'):
user_name = srep.get('nickname').strip()
if srep.get('email'):
email = srep.get('email')
# evaluate Attribute Exchange data
# TBD: AXSCHEMA friendlyName
# TBD: SignedMembership
axrep = ax.FetchResponse.fromSuccessResponse(info)
if axrep:
ax_mail_schema = get_ax_mail_schema(info.identity_url)
try:
email = axrep.getSingle(ax_mail_schema) or email
except ValueError:
email = axrep.get(ax_mail_schema)[0]
except KeyError:
email = email
if 'openid_session' in session:
self.delete_session()
oid = model.OpenID.find(info.identity_url)
if oid:
if c.user:
if oid.user == c.user:
return self._failure(
info.identity_url,
_("You have already claimed this OpenID."))
else:
return self._failure(
info.identity_url,
_("OpenID %s is already connected to an account.") %
(info.identity_url, oid.user.name))
else:
self._login(oid.user)
# returns
else:
if c.user:
oid = model.OpenID(unicode(info.identity_url), c.user)
model.meta.Session.add(oid)
model.meta.Session.commit()
h.flash(_("Successfully added OpenID to user account."),
'success')
redirect(h.entity_url(c.user, member='settings/login'))
else:
if not h.allow_user_registration():
h.flash(
_("OpenID %s doesn't belong to an existing user account "
"and user registration is disabled in this "
"installation." % info.identity_url), 'warning')
redirect(h.base_url('/login'))
user_by_email = model.User.find_by_email(email)
if user_by_email is not None:
if is_trusted_provider(info.identity_url):
# A user with the email returned by the OpenID provider
# exists. As we trust the OpenID provider, we log in
# that account and assign the OpenID to this user.
oid = model.OpenID(unicode(info.identity_url),
user_by_email)
model.meta.Session.add(oid)
model.meta.Session.commit()
h.flash(
_("Successfully added OpenID to user account."),
'success')
self._login(user_by_email)
else:
# A user with the email returned by the OpenID provider
# exists. As we don't trust the OpenID provider, we
# demand that the user needs to login first.
#
# Note: We could store the successful OpenID
# authentication in the session and assign it after
# login. However probably more is gained if the
# list of trusted OpenID providers is extended.
h.flash(
_("The email address %s which was returned by the "
"OpenID provider already belongs to a different "
"user account. Please login with that account "
"or use the forgot password functionality, and "
"add the OpenID in your user profile settings "
"afterwards. Sorry for the inconvenience." %
email), 'warning')
redirect(h.base_url('/login'))
try:
forms.UniqueUsername(not_empty=True).to_python(user_name)
formencode.All(validators.PlainText(not_empty=True),
forms.UniqueUsername(),
forms.ContainsChar())
except:
session['openid_req'] = (info.identity_url, user_name,
email)
session.save()
redirect(h.base_url('/openid/username'))
user = self._create(user_name, email, info.identity_url)
h.flash(
_("Successfully created new user account %s" % user_name),
'success')
self._login(user, register=True)