def access():
"""Access."""
try:
mail = mail_cookie_check_mail_activation(request.values['mailcookie'])
u = User.query.filter(User.email == mail).one()
u.note = 1
try:
db.session.commit()
except SQLAlchemyError:
db.session.rollback()
flash(_('Authorization failled.'), 'error')
redirect('/')
if current_user.is_authenticated():
current_user.reload()
flash(_('Your email address has been validated'), 'success')
else:
UserInfo(u.id).reload()
flash(
_('Your email address has been validated, and you can '
'now proceed to sign-in.'), 'success')
except Exception:
current_app.logger.exception("Authorization failed.")
flash(_('The authorization token is invalid.'), 'error')
return redirect('/')
def test_change_password_password(self):
"""Test ChangePasswordForm password."""
from invenio_accounts.forms import ChangePasswordForm
from flask_login import login_user, logout_user
from invenio.ext.login import UserInfo
not_valid_pwd = "x" * (self.min_len - 1)
valid_pwd = "x" * self.min_len
login_user(UserInfo(self.user.id))
form = ChangePasswordForm(current_password=self.password,
password=valid_pwd,
password2=valid_pwd)
assert form.validate() is True
form = ChangePasswordForm(current_password=self.password,
password=not_valid_pwd,
password2=not_valid_pwd)
assert form.validate() is False
form = ChangePasswordForm(current_password=self.password,
password=valid_pwd,
password2=valid_pwd + 'different')
assert form.validate() is False
logout_user()
def oauth_register(account_info, form_data=None):
"""Register user if possible."""
from invenio.modules.accounts.models import User
email = account_info.get("email")
if form_data and form_data.get("email"):
email = form_data.get("email")
if email:
if not User.query.filter_by(email=email).first():
# Email does not already exists. so we can proceed to register
# user.
u = User(
nickname=account_info.get('nickname', ''),
email=email,
password=generate_secret_key(),
note='1', # Activated - assumes email is validated
)
try:
db.session.add(u)
db.session.commit()
return UserInfo(u.id)
except Exception:
current_app.logger.exception("Cannot create user")
return None
def oauth_register(account_info, form_data=None):
"""Register user if possible."""
from invenio_accounts.models import User
email = account_info.get("email")
if form_data and form_data.get("email"):
email = form_data.get("email")
if email:
note = '1'
if cfg['CFG_ACCESS_CONTROL_NOTIFY_USER_ABOUT_NEW_ACCOUNT']:
note = '2'
if not User.query.filter_by(email=email).first():
# Email does not already exists. so we can proceed to register
# user.
u = User(nickname=account_info.get('nickname', ''),
email=email,
password=None,
note=note)
try:
db.session.add(u)
db.session.commit()
except Exception:
current_app.logger.exception("Cannot create user")
return None
# verify the email
if note == '2':
u.verify_email()
return UserInfo(u.id)
return None
def setUp(self):
"""setting up helper variables for tests"""
from invenio.ext.login import UserInfo
self.user_info = {'email' : '*****@*****.**', 'uid': 1000,
'group' : ['patata', 'cetriolo'], 'remote_ip' : '127.0.0.1',
'guest' : '0'}
self.guest = UserInfo(None)
def test_profile_form_nickname(self):
"""Test ProfileForm nickname."""
from invenio_accounts.forms import ProfileForm
from flask_login import login_user, logout_user
from invenio.ext.login import UserInfo
form = ProfileForm(nickname=self.nickname,
email=self.email,
repeat_email=self.email)
assert form.validate() is False
form = ProfileForm(nickname=" nickname",
email=self.email,
repeat_email=self.email)
assert form.validate() is False
form = ProfileForm(nickname="nickname ",
email=self.email,
repeat_email=self.email)
assert form.validate() is False
form = ProfileForm(nickname="nick.name",
email=self.email,
repeat_email=self.email)
assert form.validate() is False
form = ProfileForm(nickname="nick@name",
email=self.email,
repeat_email=self.email)
assert form.validate() is False
form = ProfileForm(nickname="*****@*****.**",
email=self.email,
repeat_email=self.email)
assert form.validate() is False
form = ProfileForm(nickname="guest",
email=self.email,
repeat_email=self.email)
assert form.validate() is False
form = ProfileForm(nickname="Guest",
email=self.email,
repeat_email=self.email)
assert form.validate() is False
login_user(UserInfo(self.user.id))
form = ProfileForm(nickname=self.nickname,
email=self.email,
repeat_email=self.email)
assert form.validate() is True
self.delete_objects([self.user])
form = ProfileForm(nickname=self.nickname,
email=self.email,
repeat_email=self.email)
assert form.validate() is True
logout_user()
def merge(deposition, dest, a, b):
"""
Merge changes from editing a deposition.
"""
# A record might have been approved in communities since it was loaded,
# thus we "manually" merge communities
approved = set(a['communities']) & set(b['provisional_communities'])
communities = b['communities']
provisional = []
for c in b['provisional_communities']:
if c in approved:
if c not in communities:
communities.append(c)
else:
provisional.append(c)
# Ensure that no community is in two states
common = set(communities) & set(provisional)
for c in common:
provisional.pop(c)
b['communities'] = communities
b['provisional_communities'] = provisional
# Append Zenodo collection
if CFG_ZENODO_USER_COLLECTION_ID in dest['communities']:
a['communities'].append(CFG_ZENODO_USER_COLLECTION_ID)
b['communities'].append(CFG_ZENODO_USER_COLLECTION_ID)
elif CFG_ZENODO_USER_COLLECTION_ID in dest['provisional_communities']:
a['provisional_communities'].append(CFG_ZENODO_USER_COLLECTION_ID)
b['provisional_communities'].append(CFG_ZENODO_USER_COLLECTION_ID)
if CFG_ECFUNDED_USER_COLLECTION_ID in dest['communities']:
a['communities'].append(CFG_ECFUNDED_USER_COLLECTION_ID)
b['communities'].append(CFG_ECFUNDED_USER_COLLECTION_ID)
elif CFG_ECFUNDED_USER_COLLECTION_ID in dest['provisional_communities']:
a['provisional_communities'].append(CFG_ECFUNDED_USER_COLLECTION_ID)
b['provisional_communities'].append(CFG_ECFUNDED_USER_COLLECTION_ID)
# Now proceed, with normal merging.
data = merge_changes(deposition, dest, a, b)
if 'authors' in data and data['authors']:
data['_first_author'] = data['authors'][0]
data['_additional_authors'] = data['authors'][1:]
# Force ownership (owner of record (can edit/view the record))
user = UserInfo(deposition.user_id)
data['owner'].update(dict(
email=user.info.get('email', ''),
username=user.info.get('nickname', ''),
id=deposition.user_id,
deposition_id=deposition.id,
))
return data
def process_recjson_new(deposition, recjson):
"""
Process exported recjson for a new record
"""
process_recjson(deposition, recjson)
# ================
# Owner
# ================
# Owner of record (can edit/view the record)
user = UserInfo(deposition.user_id)
email = user.info.get('email', '')
recjson['owner'] = dict(
email=email,
username=user.info.get('nickname', ''),
id=deposition.user_id,
deposition_id=deposition.id,
)
# ===========
# Communities
# ===========
# Specific Zenodo user collection, used to curate content for
# Zenodo
if CFG_ZENODO_USER_COLLECTION_ID not in recjson['provisional_communities']:
recjson['provisional_communities'].append(
CFG_ZENODO_USER_COLLECTION_ID
)
# Specific Zenodo user collection for OpenAIRE (used to curate
# FP7 funded research)
if recjson.get('grants', []) and CFG_ECFUNDED_USER_COLLECTION_ID \
not in recjson['provisional_communities']:
recjson['provisional_communities'].append(
CFG_ECFUNDED_USER_COLLECTION_ID
)
# ==============================
# Files (sorting + restrictions)
# ==============================
fft_status = file_firerole(
email, recjson['access_right'], recjson.get('embargo_date', None)
)
# Calculate number of leading zeros needed in the comment.
file_commment_fmt = "%%0%dd" % len(str(len(recjson['fft'])))
for idx, f in enumerate(recjson['fft']):
f['restriction'] = fft_status
# Bibdocfile does not have any concept of ordering, nor will
# bibupload keep the order of FFT tags for the MARC field 8564.
# Hence, this trick stores the ordering of files for a record in
# the files comment, so files can be alphabetically sorted by their
# comment (i.e. we add leading zeros).
f['comment'] = file_commment_fmt % idx
return recjson
def is_no_quota_user(uid):
"""Return True if the user belongs to any of the no_quota roles."""
no_quota_role_ids = [
acc_get_role_id(role)
for role in cfg['CFG_WEBMESSAGE_ROLES_WITHOUT_QUOTA']
]
user_info = UserInfo(uid)
for role_id in no_quota_role_ids:
if acc_is_user_in_role(user_info, role_id):
return True
return False
def oauth_get_user(client_id, account_info=None, access_token=None):
"""Retrieve user object for the given request.
Uses either the access token or extracted account information to retrieve
the user object.
"""
if access_token:
token = RemoteToken.get_by_token(client_id, access_token)
if token:
return UserInfo(token.remote_account.user_id)
if account_info:
external_id = _get_external_id(account_info)
if external_id:
u = UserEXT.query.filter_by(id=external_id['id'],
method=external_id['method']).first()
if u:
return UserInfo(u.id_user)
if account_info.get('email'):
u = User.query.filter_by(email=account_info['email']).first()
if u:
return UserInfo(u.id)
return None
def setUp(self):
"""Setup."""
try:
self.clear('simple')
except Exception:
pass
from invenio.ext.login import UserInfo
from invenio_deposit import field_widgets
from invenio_deposit import fields
from invenio_deposit.form import WebDepositForm
from invenio_deposit.types import SimpleRecordDeposition
class SimpleRecordTestForm(WebDepositForm):
keywords = fields.DynamicFieldList(
fields.StringField(
widget_classes='form-control',
widget=field_widgets.ColumnInput(class_="col-xs-10"),
),
label='Keywords',
add_label='Add another keyword',
icon='fa fa-tags fa-fw',
widget_classes='',
min_entries=1,
)
publication_date = fields.Date(
label=_('Publication date'),
icon='fa fa-calendar fa-fw',
description='Required. Format: YYYY-MM-DD.',
default=date.today(),
validators=[],
widget=field_widgets.date_widget,
widget_classes='input-sm',
export_key='imprint.date',
)
class simple(SimpleRecordDeposition):
name = "Simple Test"
name_plural = "Simple Tests"
group = "Tests"
draft_definitions = {
'default': SimpleRecordTestForm,
}
@classmethod
def process_sip_metadata(cls, deposition, metadata):
self.assert_process_metadata(deposition, metadata)
self.register(simple)
UserInfo(1, force=True)
def collect_user_info(req, login_time=False, refresh=False):
"""Given the mod_python request object rec or a uid it returns a dictionary
containing at least the keys uid, nickname, email, groups, plus any external keys in
the user preferences (collected at login time and built by the different
external authentication plugins) and if the mod_python request object is
provided, also the remote_ip, remote_host, referer, agent fields.
NOTE: if req is a mod_python request object, the user_info dictionary
is saved into req._user_info (for caching purpouses)
setApacheUser & setUid will properly reset it.
"""
from flask_login import current_user
from invenio.ext.login import UserInfo
if (type(req) in [long, int] and current_user.get_id() != req) \
or req is None:
return UserInfo(req)
return current_user._get_current_object()
def acc_authorize_action(req, name_action, authorized_if_no_roles=False, batch_args=False, **arguments):
"""
Given the request object (or the user_info dictionary, or the uid), checks
if the user is allowed to run name_action with the given parameters.
If authorized_if_no_roles is True and no role exists (different
than superadmin) that are authorized to execute the given action, the
authorization will be granted.
Returns (0, msg) when the authorization is granted, (1, msg) when it's not.
"""
from invenio.ext.login import UserInfo
from werkzeug.local import LocalProxy
if isinstance(req, LocalProxy):
req = req._get_current_object()
if isinstance(req, UserInfo):
user_info = req
uid = user_info.get_id()
elif type(req) is dict:
uid = req.get("uid", None)
user_info = req
elif type(req) not in [int, long]:
uid = current_user.get_id()
user_info = UserInfo(uid) # FIXME
else:
user_info = current_user
roles_list = acc_find_possible_roles(name_action, always_add_superadmin=True, batch_args=batch_args, **arguments)
if not batch_args:
roles_list = [roles_list]
result = []
for roles in roles_list:
if acc_is_user_in_any_role(user_info, roles):
# User belong to at least one authorized role
# or User is SUPERADMIN
ret_val = (0, CFG_WEBACCESS_WARNING_MSGS[0])
elif len(roles) <= 1:
## No role is authorized for the given action/arguments
if authorized_if_no_roles:
# User is authorized because no authorization exists for the
# given action/arguments
ret_val = (0, CFG_WEBACCESS_WARNING_MSGS[0])
else:
# User is not authorized.
ret_val = (20, CFG_WEBACCESS_WARNING_MSGS[20] % cgi.escape(name_action))
else:
# User is not authorized
in_a_web_request_p = bool(user_info.get("uri", ""))
ret_val = (
1,
"%s %s"
% (
CFG_WEBACCESS_WARNING_MSGS[1],
(
in_a_web_request_p
and "%s %s" % (CFG_WEBACCESS_MSGS[0] % quote(user_info.get("uri", "")), CFG_WEBACCESS_MSGS[1])
or ""
),
),
)
result.append(ret_val)
# FIXME removed CERN specific hack!
return result if batch_args else result[0]
def acc_authorize_action(req,
name_action,
authorized_if_no_roles=False,
batch_args=False,
**arguments):
"""
Given the request object (or the user_info dictionary, or the uid), checks
if the user is allowed to run name_action with the given parameters.
If authorized_if_no_roles is True and no role exists (different
than superadmin) that are authorized to execute the given action, the
authorization will be granted.
Returns (0, msg) when the authorization is granted, (1, msg) when it's not.
"""
from invenio.ext.login import UserInfo
from werkzeug.local import LocalProxy
if isinstance(req, LocalProxy):
req = req._get_current_object()
if isinstance(req, UserInfo):
user_info = req
uid = user_info.get_id()
elif type(req) is dict:
uid = req.get('uid', None)
user_info = req
elif type(req) not in [int, long]:
uid = current_user.get_id()
user_info = UserInfo(uid) # FIXME
else:
user_info = current_user
roles_list = acc_find_possible_roles(name_action,
always_add_superadmin=True,
batch_args=batch_args,
**arguments)
if not batch_args:
roles_list = [roles_list]
result = []
for roles in roles_list:
if acc_is_user_in_any_role(user_info, roles):
# User belong to at least one authorized role
# or User is SUPERADMIN
ret_val = (0, CFG_WEBACCESS_WARNING_MSGS[0])
elif len(roles) <= 1:
## No role is authorized for the given action/arguments
if authorized_if_no_roles:
# User is authorized because no authorization exists for the
# given action/arguments
ret_val = (0, CFG_WEBACCESS_WARNING_MSGS[0])
else:
# User is not authorized.
ret_val = (20, CFG_WEBACCESS_WARNING_MSGS[20] %
cgi.escape(name_action))
else:
# User is not authorized
in_a_web_request_p = bool(user_info.get('uri', ''))
ret_val = (
1, "%s %s" %
(CFG_WEBACCESS_WARNING_MSGS[1],
(in_a_web_request_p and "%s %s" %
(CFG_WEBACCESS_MSGS[0] % quote(user_info.get('uri', '')),
CFG_WEBACCESS_MSGS[1]) or "")))
result.append(ret_val)
# FIXME removed CERN specific hack!
return result if batch_args else result[0]
