def main(cursor, error_id=-1): error_id = int(common_f.get_val("error", error_id)) sub_mode = common_f.get_val("sub_mode", "form") if sub_mode == "fix": return fix(cursor, error_id) if sub_mode == "delete": return delete(cursor, error_id) the_error = common_q.get_one(cursor, error.Error, id=error_id) the_user = common_q.get_one(cursor, user.User, id=the_error.user_id) output = [] http_args = the_error.args.replace("\n\n", "\n").replace(" ", "") http_args = "&".join(http_args.split("\n")) http_args = http_args.replace("mode=", "emulate_mode=") output.append( """ <div style="padding:10px;"> <span style="float:right;padding-right:20px;"> <a href="web.py?mode=edit_error&sub_mode=delete&error={error_id}">Delete</a> </span> <a href="web.py?mode=emulate_user&{http_args}&user_id={user_id}">Emulate</a> <br><br> <strong>Time:</strong> {timestamp} <strong>User:</strong> {user} <strong>Mode:</strong> <a href="web.py?mode=list_errors&filter={mode}">{mode}</a> <br> <strong>Data:</strong><br> <textarea rows="8" style="width:99%;">{args}</textarea> </div> <br> <div style="padding:0px;border-top:1px solid #AAA;"> {traceback} </div> """.format( error_id=int(error_id), user_id=the_user.id, user=the_user.username if the_user != None else "Not logged in", mode=the_error.mode, args=the_error.args, http_args=http_args, timestamp=common_f.display_date(the_error.timestamp, "%d of %B at %H:%M"), traceback=the_error.traceback, ) ) return "".join(output)
def attempt_login(cursor): username, password = "", "" # Try to get it from CGI, failing that try cookies # Don't try to get it from CGI if it's mode=edit_user if common_f.get_val('mode',"") != "edit_user": username = common_f.get_val('username', "") password = common_f.get_val('password', "") from_cookie = False # Cookies method if username == "" and password == "": username = html_f.get_cookie('profiteer_username', "") password = html_f.get_cookie('profiteer_password', "") from_cookie = True # Still nothing? if username == "" and password == "": if os.environ.get('REMOTE_ADDR') == "::1" or os.environ.get('REMOTE_ADDR') == None: u = common_q.get_one(cursor, User, id=1) common_f.cache['user'] = u return u return "" response = get_user(cursor, username, password, from_cookie) if type(response) == User: html_f.set_cookie("profiteer_username", username) html_f.set_cookie("profiteer_password", response.password) return response
def ttest_queries(self): cursor = database_f.get_test_cursor() self.test_targets.extend([common_q._make_query, common_q.id_list, common_q.get_one, common_q.get_all, common_q.get_where, common_q.get_last]) # ID List self.assertEqual(common_q.id_list(cursor, error.Error), [1,2,3,4,5]) # All self.assertEqual(len(common_q.get_all(cursor, error.Error)), 5) self.assertEqual(type(common_q.get_all(cursor, error.Error, where="id=1")[1]), error.Error) self.assertEqual(len(common_q.get_all(cursor, error.Error, where="id>3")), 2) # One result = common_q.get_one(cursor, error.Error, id=1) fake = error.Error({ "id": 1, "timestamp": 1000, "args": "a=1", "mode": "list_users", "user_id": 1, "exception_type": "Exception", "traceback": "traceback", }) if result != fake: print(result.compare(fake)) self.assertEqual(result, fake) # Where self.assertEqual( common_q.get_all(cursor, error.Error, where='"timestamp" = 3000'), common_q.get_where(cursor, error.Error, timestamp=3000) ) # Last self.assertEqual( common_q.get_all(cursor, error.Error, where='id = 5')[5], common_q.get_last(cursor, error.Error) )
def main(cursor, emulate_mode="", user_id=-1, mask_cursor=True): user_id = int(common_f.get_val("user_id", user_id)) emulate_mode = common_f.get_val("emulate_mode", emulate_mode) mask_cursor = bool(common_f.get_val("mask_cursor", mask_cursor)) if user_id < 1 and emulate_mode == "": return show_form(cursor) if user_id < 1: return "No user selected" if emulate_mode == "": return "No mode to emulate" # Allows us to test the traceback display force_error = bool(common_f.get_val("force_error", False)) if force_error: return force_error_func() # Set ourselves to fake the user that saw the bug real_user = common_f.cache['user'] the_user = common_q.get_one(cursor, user.User, id=user_id) common_f.cache['user'] = the_user output = [] # The two new lines are for our regex # the_error.args += "\n\n" # re_results = re.findall(r"([a-zA-Z_]*?) = (.*?\n\n)", the_error.args) # Now build the CGI form # cgi_fields = [(k, v.strip()) for k,v in re_results] # gui_test_utils.new_cgi_form(cgi_fields) # Alter the require function to suit our emulation needs user.require = error.emulate_require # Also stop our cursor from altering the database if mask_cursor: cursor.execute = error.emulate_execute(cursor.execute) # Lets try importing the page try: the_page = web.import_page(emulate_mode, handle_exception=False) except Exception: return " Unable to import page" + error.html_render(headers=False) # Some variables for displaying stuff output.append(""" <div style="padding:10px;"> <strong>Emulating:</strong> <a href="?mode=edit_user&user={user_id}">{user}</a> <strong>Mode:</strong> {mode} <a style="float:right;" href="web.py">Your dashboard</a> </div> <hr> <div style='padding:10px;'> <span class="stitle">Page output</span><br /><br /> """.format( user = the_user.username, user_id = the_user.id, mode = emulate_mode, )) # Good good, now lets try executing it try: page_output = the_page.main(cursor) except Exception: output.append(error.html_render(headers=False)) else: output.append(page_output) finally: output.append("</div>") # Reset the real user # common_f.cache['user'] = real_user return "".join(output)
def show_form(cursor, user_id): user_id = int(common_f.get_val('user', user_id)) the_user = common_q.get_one(cursor, user.User, id=user_id) if the_user == None: page_data["Padding"] = 0 return """ <div class='error'> No user selected, listing all users instead. </div> {}""".format(list_users.main(cursor)) permissions = [] i = 1 for p in user.permission_fields: if p == "root": continue # You can't edit attributes you don't have if not getattr(common_f.cache['user'], p) and not common_f.cache['user'].root: continue i += 1 permissions.append(""" <tr class="row{row}"> <td><label for="{name}">{name}</label></td> <td>{value}</td> </tr>""".format( row = i % 2, name = p, value = html_f.check_box(p, getattr(the_user, p), custom_id=p), )) output = [] output.append(""" <form action="web.py" method="post" accept-charset="utf-8"> <input type="hidden" name="mode" id="mode" value="edit_user" /> <input type="hidden" name="sub_mode" value="commit" /> <input type="hidden" name="id" value="{user_id}" /> <input type="hidden" name="salt" value="{salt}" /> {root} Editing: {name_text} <br /><br /> <table border="0" cellspacing="5" cellpadding="5"> <tr> <td><label for="password">New password:</label></td> <td style="padding: 1px;"><input type="password" name="password" id="password" value="" /></td> <td width="5"> </td> <td><label for="password2">Confirm password:</label></td> <td style="padding: 1px;"><input type="password" name="password2" id="password2" value="" /></td> </tr> <tr> <td colspan="2"> <table border="0" cellspacing="0" cellpadding="5"> <tr class="row2"> <th>Permission</th> <th>Value</th> </tr> {permissions} </table> </td> </tr> </table> <br /> <input type="submit" value="Perform edit" /> </form> <form id="delete_form" action="web.py" method="post" accept-charset="utf-8"> <input type="hidden" name="user" value="{user_id}" /> <input type="hidden" name="mode" value="edit_user" /> <input type="hidden" name="sub_mode" value="delete" /> <input style="float:right; margin-right:100px;" type="button" value="Delete user" onclick="var answer = confirm('Delete {name_safe}?') if (answer) $('#delete_form').submit();" /> </form> {onload} <br /><br />""".format( user_id = user_id, name_text = html_f.text_box("name", the_user.username, size=20, custom_id="user_name"), name_safe = html_f.js_name(the_user.username), onload = html_f.onload % "$('#user_name').focus();", root = '<input type="hidden" name="root" value="True" />' if the_user.root else "", salt = the_user.salt, permissions = "".join(permissions), )) page_data['Title'] = "Edit user ({})".format(the_user.username) return "".join(output)
def custom_func(cursor, class_type, func_name, **wheres): the_obj = common_q.get_one(cursor, class_type, **wheres) getattr(the_obj, func_name)(cursor) return the_obj
def delete(cursor, class_type, **wheres): the_obj = common_q.get_one(cursor, class_type, **wheres) the_obj.delete(cursor) return the_obj