def _do_users(self, req):
env = self.env
perm = PermissionSystem(env)
acctmgr = self.acctmgr
acctmod = AccountModule(env)
guard = self.guard
listing_enabled = acctmgr.supports('get_users')
create_enabled = acctmgr.supports('set_password')
password_change_enabled = acctmgr.supports('set_password')
password_reset_enabled = acctmod.reset_password_enabled
delete_enabled = acctmgr.supports('delete_user')
verify_enabled = acctmgr.verify_email and \
EmailVerificationModule(env).email_enabled
account = dict(email=req.args.get('email', '').strip(),
name=req.args.get('name', '').strip(),
username=acctmgr.handle_username_casing(
req.args.get('username', '').strip()))
data = {
'_dgettext': dgettext,
'acctmgr': account,
'email_approved': True,
'listing_enabled': listing_enabled,
'create_enabled': create_enabled,
'delete_enabled': delete_enabled,
'verify_enabled': verify_enabled,
'ignore_auth_case': self.config.getbool('trac',
'ignore_auth_case'),
'password_change_enabled': password_change_enabled,
'password_reset_enabled': password_reset_enabled
}
if req.method == 'GET':
if 'user' in req.args.iterkeys():
return self._do_acct_details(req)
elif req.args.get('max_per_page'):
return self._do_db_cleanup(req)
if req.method == 'POST':
email_approved = req.args.get('email_approved')
# Preserve selection during a series of requests.
data['email_approved'] = email_approved
if req.args.get('add'):
# Add new user account.
if create_enabled:
# Check request and prime account on success.
try:
acctmgr.validate_registration(req)
# Account email approval for authoritative action.
if verify_enabled and email_approved and \
account['email']:
set_user_attribute(env, account['username'],
'email_verification_sent_to', account['email'])
# User editor form clean-up.
data['acctmgr'] = {}
except RegistrationError, e:
# Attempt deferred translation.
message = gettext(e.message)
# Check for (matching number of) message arguments
# before attempting string substitution.
if e.msg_args and \
len(e.msg_args) == len(re.findall('%s',
message)):
message = message % e.msg_args
data['editor_error'] = Markup(message)
else:
data['editor_error'] = _(
"The password store does not support creating users.")
elif req.args.get('reset') and req.args.get('sel'):
# Password reset for one or more accounts.
if password_reset_enabled:
sel = req.args.get('sel')
sel = isinstance(sel, list) and sel or [sel]
for username, name, email in env.get_known_users():
if username in sel:
acctmod._reset_password(username, email)
else:
data['deletion_error'] = _(
"The password reset procedure is not enabled.")
elif req.args.get('remove') and req.args.get('sel'):
# Delete one or more accounts.
if delete_enabled:
sel = req.args.get('sel')
sel = isinstance(sel, list) and sel or [sel]
for account in sel:
acctmgr.delete_user(account)
else:
data['deletion_error'] = _(
"The password store does not support deleting users.")
elif req.args.get('change'):
# Change attributes and or password of existing user account.
attributes = {
'email': _("Email Address"),
'name': _("Pre-/Surname (Nickname)"),
'password': _("Password")
}
data['success'] = []
error = TracError('')
username = acctmgr.handle_username_casing(
req.args.get('username').strip())
try:
if not username:
error.account = {'username' : username}
error.message = _("Username cannot be empty.")
raise error
if not acctmgr.has_user(username):
error.account = {'username' : username}
error.message = _("Unknown user %(user)s.",
user=username)
raise error
password = req.args.get('password')
if password and (password.strip() != ''):
if password_change_enabled:
if password != req.args.get('password_confirm'):
error.message = _("The passwords must match.")
raise error
acctmgr.set_password(username, password)
data['success'].append(attributes.get('password'))
else:
data['editor_error'] = _(
"""The password store does not support
changing passwords.
""")
for attribute in ('name', 'email'):
value = req.args.get(attribute, '').strip()
if value:
set_user_attribute(env, username,
attribute, value)
data['success'].append(attributes.get(attribute))
# Account email approval for authoritative action.
if attribute == 'email' and verify_enabled and \
email_approved:
set_user_attribute(env, username,
'email_verification_sent_to', value)
# User editor form clean-up on success.
data['acctmgr'] = {}
except TracError, e:
data['editor_error'] = e.message
data['acctmgr'] = getattr(e, 'account', '')
def _do_users(self, req):
env = self.env
perm = PermissionSystem(env)
acctmgr = self.acctmgr
acctmod = AccountModule(env)
guard = self.guard
listing_enabled = acctmgr.supports('get_users')
create_enabled = acctmgr.supports('set_password')
password_change_enabled = acctmgr.supports('set_password')
password_reset_enabled = acctmod.reset_password_enabled
delete_enabled = acctmgr.supports('delete_user')
verify_enabled = acctmgr.verify_email and \
EmailVerificationModule(env).email_enabled
account = dict(email=req.args.get('email', '').strip(),
name=req.args.get('name', '').strip(),
username=acctmgr.handle_username_casing(
req.args.get('username', '').strip()))
data = {
'_dgettext': dgettext,
'acctmgr': account,
'email_approved': True,
'listing_enabled': listing_enabled,
'create_enabled': create_enabled,
'delete_enabled': delete_enabled,
'verify_enabled': verify_enabled,
'ignore_auth_case': self.config.getbool('trac',
'ignore_auth_case'),
'password_change_enabled': password_change_enabled,
'password_reset_enabled': password_reset_enabled
}
if req.method == 'GET':
if 'user' in req.args.iterkeys():
return self._do_acct_details(req)
elif req.args.get('max_per_page'):
return self._do_db_cleanup(req)
if req.method == 'POST':
email_approved = req.args.get('email_approved')
# Preserve selection during a series of requests.
data['email_approved'] = email_approved
if req.args.get('add'):
# Add new user account.
if create_enabled:
# Check request and prime account on success.
try:
acctmgr.validate_registration(req)
# Account email approval for authoritative action.
if verify_enabled and email_approved and \
account['email']:
set_user_attribute(env, account['username'],
'email_verification_sent_to',
account['email'])
# User editor form clean-up.
data['acctmgr'] = {}
except RegistrationError, e:
# Attempt deferred translation.
message = gettext(e.message)
# Check for (matching number of) message arguments
# before attempting string substitution.
if e.msg_args and \
len(e.msg_args) == len(re.findall('%s',
message)):
message = message % e.msg_args
data['editor_error'] = Markup(message)
else:
data['editor_error'] = _(
"The password store does not support creating users.")
elif req.args.get('reset') and req.args.get('sel'):
# Password reset for one or more accounts.
if password_reset_enabled:
sel = req.args.get('sel')
sel = isinstance(sel, list) and sel or [sel]
for username, name, email in env.get_known_users():
if username in sel:
acctmod._reset_password(username, email)
else:
data['deletion_error'] = _(
"The password reset procedure is not enabled.")
elif req.args.get('remove') and req.args.get('sel'):
# Delete one or more accounts.
if delete_enabled:
sel = req.args.get('sel')
sel = isinstance(sel, list) and sel or [sel]
for account in sel:
acctmgr.delete_user(account)
else:
data['deletion_error'] = _(
"The password store does not support deleting users.")
elif req.args.get('change'):
# Change attributes and or password of existing user account.
attributes = {
'email': _("Email Address"),
'name': _("Pre-/Surname (Nickname)"),
'password': _("Password")
}
data['success'] = []
error = TracError('')
username = acctmgr.handle_username_casing(
req.args.get('username').strip())
try:
if not username:
error.account = {'username': username}
error.message = _("Username cannot be empty.")
raise error
if not acctmgr.has_user(username):
error.account = {'username': username}
error.message = _("Unknown user %(user)s.",
user=username)
raise error
password = req.args.get('password')
if password and (password.strip() != ''):
if password_change_enabled:
if password != req.args.get('password_confirm'):
error.message = _("The passwords must match.")
raise error
acctmgr.set_password(username, password)
data['success'].append(attributes.get('password'))
else:
data['editor_error'] = _(
"""The password store does not support
changing passwords.
""")
for attribute in ('name', 'email'):
value = req.args.get(attribute, '').strip()
if value:
set_user_attribute(env, username, attribute, value)
data['success'].append(attributes.get(attribute))
# Account email approval for authoritative action.
if attribute == 'email' and verify_enabled and \
email_approved:
set_user_attribute(
env, username,
'email_verification_sent_to', value)
# User editor form clean-up on success.
data['acctmgr'] = {}
except TracError, e:
data['editor_error'] = e.message
data['acctmgr'] = getattr(e, 'account', '')
def _create_user(req, env, check_permissions=True):
acctmgr = AccountManager(env)
username = acctmgr.handle_username_casing(req.args.get('username').strip())
name = req.args.get('name')
email = req.args.get('email').strip()
account = {
'username': username,
'name': name,
'email': email,
}
error = TracError('')
error.account = account
if not username:
error.message = _("Username cannot be empty.")
raise error
# Prohibit some user names that are important for Trac and therefor
# reserved, even if they're not in the permission store for some reason.
if username in ['authenticated', 'anonymous']:
error.message = _("Username %s is not allowed.") % username
raise error
# NOTE: A user may exist in the password store but not in the permission
# store. I.e. this happens, when the user (from the password store)
# never logged in into Trac. So we have to perform this test here
# and cannot just check for the user being in the permission store.
# And obfuscate whether an existing user or group name
# was responsible for rejection of this user name.
if acctmgr.has_user(username):
error.message = _(
"Another account or group named %s already exists.") % username
raise error
# Check whether there is also a user or a group with that name.
if check_permissions:
# NOTE: We can't use 'get_user_permissions(username)' here
# as this always returns a list - even if the user doesn't exist.
# In this case the permissions of "anonymous" are returned.
#
# Also note that we can't simply compare the result of
# 'get_user_permissions(username)' to some known set of permission,
# i.e. "get_user_permissions('authenticated') as this is always
# false when 'username' is the name of an existing permission group.
#
# And again obfuscate whether an existing user or group name
# was responsible for rejection of this username.
for (perm_user, perm_action) in \
perm.PermissionSystem(env).get_all_permissions():
if perm_user == username:
error.message = _(
"Another account or group named %s already exists.") \
% username
raise error
# Always exclude some special characters, i.e.
# ':' can't be used in HtPasswdStore
# '[' and ']' can't be used in SvnServePasswordStore
blacklist = acctmgr.username_char_blacklist
if containsAny(username, blacklist):
pretty_blacklist = ''
for c in blacklist:
if pretty_blacklist == '':
pretty_blacklist = tag(' \'', tag.b(c), '\'')
else:
pretty_blacklist = tag(pretty_blacklist, ', \'', tag.b(c),
'\'')
error.message = tag(
_("The username must not contain any of these characters:"),
pretty_blacklist)
raise error
# Validation of username passed.
password = req.args.get('password')
if not password:
error.message = _("Password cannot be empty.")
raise error
if password != req.args.get('password_confirm'):
error.message = _("The passwords must match.")
raise error
# Validation of password passed.
if if_enabled(EmailVerificationModule) and acctmgr.verify_email:
if not email:
error.message = _("You must specify a valid email address.")
raise error
elif not re.match('^[A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,6}$',
email, re.IGNORECASE):
error.message = _("""The email address specified appears to be
invalid. Please specify a valid email address.
""")
raise error
elif acctmgr.has_email(email):
error.message = _("""The email address specified is already in
use. Please specify a different one.
""")
raise error
# Validation of email address passed.
acctmgr.set_password(username, password)
# INSERT new sid, needed as foreign key in some db schemata later on,
# at least for PostgreSQL.
db = env.get_db_cnx()
cursor = db.cursor()
cursor.execute(
"""
SELECT COUNT(*)
FROM session
WHERE sid=%s
""", (username, ))
exists = cursor.fetchone()
if not exists:
cursor.execute(
"""
INSERT INTO session
(sid,authenticated,last_visit)
VALUES (%s,0,0)
""", (username, ))
for attribute in ('name', 'email'):
value = req.args.get(attribute)
if not value:
continue
set_user_attribute(env, username, attribute, value)
def _create_user(req, env, check_permissions=True):
acctmgr = AccountManager(env)
username = acctmgr.handle_username_casing(
req.args.get('username').strip())
name = req.args.get('name')
email = req.args.get('email').strip()
account = {'username' : username,
'name' : name,
'email' : email,
}
error = TracError('')
error.account = account
if not username:
error.message = _("Username cannot be empty.")
raise error
# Prohibit some user names that are important for Trac and therefor
# reserved, even if they're not in the permission store for some reason.
if username in ['authenticated', 'anonymous']:
error.message = _("Username %s is not allowed.") % username
raise error
# NOTE: A user may exist in the password store but not in the permission
# store. I.e. this happens, when the user (from the password store)
# never logged in into Trac. So we have to perform this test here
# and cannot just check for the user being in the permission store.
# And obfuscate whether an existing user or group name
# was responsible for rejection of this user name.
if acctmgr.has_user(username):
error.message = _(
"Another account or group named %s already exists.") % username
raise error
# Check whether there is also a user or a group with that name.
if check_permissions:
# NOTE: We can't use 'get_user_permissions(username)' here
# as this always returns a list - even if the user doesn't exist.
# In this case the permissions of "anonymous" are returned.
#
# Also note that we can't simply compare the result of
# 'get_user_permissions(username)' to some known set of permission,
# i.e. "get_user_permissions('authenticated') as this is always
# false when 'username' is the name of an existing permission group.
#
# And again obfuscate whether an existing user or group name
# was responsible for rejection of this username.
for (perm_user, perm_action) in \
perm.PermissionSystem(env).get_all_permissions():
if perm_user == username:
error.message = _(
"Another account or group named %s already exists.") \
% username
raise error
# Always exclude some special characters, i.e.
# ':' can't be used in HtPasswdStore
# '[' and ']' can't be used in SvnServePasswordStore
blacklist = acctmgr.username_char_blacklist
if containsAny(username, blacklist):
pretty_blacklist = ''
for c in blacklist:
if pretty_blacklist == '':
pretty_blacklist = tag(' \'', tag.b(c), '\'')
else:
pretty_blacklist = tag(pretty_blacklist,
', \'', tag.b(c), '\'')
error.message = tag(_(
"The username must not contain any of these characters:"),
pretty_blacklist)
raise error
# Validation of username passed.
password = req.args.get('password')
if not password:
error.message = _("Password cannot be empty.")
raise error
if password != req.args.get('password_confirm'):
error.message = _("The passwords must match.")
raise error
# Validation of password passed.
if if_enabled(EmailVerificationModule) and acctmgr.verify_email:
if not email:
error.message = _("You must specify a valid email address.")
raise error
elif not re.match('^[A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,6}$',
email, re.IGNORECASE):
error.message = _("""The email address specified appears to be
invalid. Please specify a valid email address.
""")
raise error
elif acctmgr.has_email(email):
error.message = _("""The email address specified is already in
use. Please specify a different one.
""")
raise error
# Validation of email address passed.
acctmgr.set_password(username, password)
# INSERT new sid, needed as foreign key in some db schemata later on,
# at least for PostgreSQL.
db = env.get_db_cnx()
cursor = db.cursor()
cursor.execute("""
SELECT COUNT(*)
FROM session
WHERE sid=%s
""", (username,))
exists = cursor.fetchone()
if not exists:
cursor.execute("""
INSERT INTO session
(sid,authenticated,last_visit)
VALUES (%s,0,0)
""", (username,))
for attribute in ('name', 'email'):
value = req.args.get(attribute)
if not value:
continue
set_user_attribute(env, username, attribute, value)
