def process_request(self, req): acctmgr = self.acctmgr if req.authname != 'anonymous': req.redirect(req.href.prefs('account')) action = req.args.get('action') name = req.args.get('name', '').strip() username = acctmgr.handle_username_casing(req.args.get('username', '').strip()) data = { '_dgettext': dgettext, 'acctmgr': dict(name=name, username=username), 'ignore_auth_case': self.config.getbool('trac', 'ignore_auth_case') } verify_enabled = is_enabled(self.env, EmailVerificationModule) and \ EmailVerificationModule(self.env).verify_email data['verify_account_enabled'] = verify_enabled if req.method == 'POST' and action == 'create': try: # Check request and prime account on success. acctmgr.validate_account(req, True) except RegistrationError, e: # Attempt deferred translation. message = gettext(e.message) # Check for (matching number of) message arguments before # attempting string substitution. if e.msg_args and \ len(e.msg_args) == len(re.findall('%s', message)): message = message % e.msg_args chrome.add_warning(req, Markup(message)) else: if self.require_approval: set_user_attribute(self.env, username, 'approval', N_('pending')) # Notify admin user about registration pending for review. acctmgr._notify('registration_approval_required', username) chrome.add_notice(req, Markup(tag.span(Markup(_( "Your username has been registered successfully, but " "your account requires administrative approval. " "Please proceed according to local policy.")))) ) if verify_enabled: chrome.add_notice(req, Markup(tag.span(Markup(_( """Your username has been successfully registered but your account still requires activation. Please login as user %(user)s, and follow the instructions.""", user=tag.b(username))))) ) req.redirect(req.href.login()) chrome.add_notice(req, Markup(tag.span(Markup(_( """Registration has been finished successfully. You may log in as user %(user)s now.""", user=tag.b(username))))) ) req.redirect(req.href.login())
def pre_process_request(self, req, handler): if not req.session.authenticated: # Permissions for anonymous users remain unchanged. return handler elif req.path_info == '/prefs' and req.method == 'POST' and \ not 'restore' in req.args: try: EmailCheck(self.env).validate_registration(req) # Check passed without error: New email address seems good. except RegistrationError, e: # Attempt to change email to an empty or invalid # address detected, resetting to previously stored value. chrome.add_warning(req, Markup(gettext(e.message))) req.redirect(req.href.prefs(None))
def process_request(self, req): acctmgr = self.acctmgr if req.authname != 'anonymous': req.redirect(req.href.prefs('account')) action = req.args.get('action') name = req.args.get('name', '').strip() username = acctmgr.handle_username_casing( req.args.get('username', '').strip()) data = { '_dgettext': dgettext, 'acctmgr': dict(name=name, username=username), 'ignore_auth_case': self.config.getbool('trac', 'ignore_auth_case') } verify_enabled = is_enabled(self.env, EmailVerificationModule) and \ acctmgr.verify_email data['verify_account_enabled'] = verify_enabled if req.method == 'POST' and action == 'create': try: # Check request and prime account on success. acctmgr.validate_registration(req) except RegistrationError, e: # Attempt deferred translation. message = gettext(e.message) # Check for (matching number of) message arguments before # attempting string substitution. if e.msg_args and \ len(e.msg_args) == len(re.findall('%s', message)): message = message % e.msg_args chrome.add_warning(req, Markup(message)) else: if verify_enabled: chrome.add_notice( req, Markup( tag.span( Markup( _("""Your username has been successfully registered but your account still requires activation. Please login as user %(user)s, and follow the instructions.""", user=tag.b(username)))))) req.redirect(req.href.login()) chrome.add_notice( req, Markup( tag.span( Markup( _("""Registration has been finished successfully. You may log in as user %(user)s now.""", user=tag.b(username)))))) req.redirect(req.href.login())
def pre_process_request(self, req, handler): if not req.session.authenticated: # Permissions for anonymous users remain unchanged. return handler elif req.path_info == '/prefs' and req.method == 'POST' and \ not 'restore' in req.args: try: EmailCheck(self.env).validate_registration(req) # Check passed without error: New email address seems good. except RegistrationError, e: # Attempt to change email to an empty or invalid # address detected, resetting to previously stored value. chrome.add_warning( req, Markup(gettext(e.message))) req.redirect(req.href.prefs(None))
def pre_process_request(self, req, handler): if not req.authname or req.authname == 'anonymous': # Permissions for anonymous users remain unchanged. return handler elif req.path_info == '/prefs' and req.method == 'POST' and \ not 'restore' in req.args: try: AccountManager(self.env).validate_account(req) # Check passed without error: New email address seems good. except RegistrationError, e: # Always warn about issues. chrome.add_warning( req, Markup(gettext(e.message))) # Look, if the issue existed before. attributes = get_user_attribute(self.env, req.authname, attribute='email') email = req.authname in attributes and \ attributes[req.authname][1].get('email') or None new_email = req.args.get('email', '').strip() if (email or new_email) and email != new_email: # Attempt to change email to an empty or invalid # address detected, resetting to previously stored value. req.redirect(req.href.prefs(None))
def pre_process_request(self, req, handler): if not req.authname or req.authname == 'anonymous': # Permissions for anonymous users remain unchanged. return handler elif req.path_info == '/prefs' and req.method == 'POST' and \ not 'restore' in req.args: try: AccountManager(self.env).validate_account(req) # Check passed without error: New email address seems good. except RegistrationError, e: # Always warn about issues. chrome.add_warning(req, Markup(gettext(e.message))) # Look, if the issue existed before. attributes = get_user_attribute(self.env, req.authname, attribute='email') email = req.authname in attributes and \ attributes[req.authname][1].get('email') or None new_email = req.args.get('email', '').strip() if (email or new_email) and email != new_email: # Attempt to change email to an empty or invalid # address detected, resetting to previously stored value. req.redirect(req.href.prefs(None))
def _do_config(self, req): stores = StoreOrder(stores=self.acctmgr.stores, list=self.acctmgr.password_store) if req.method == 'POST': if req.args.get('restart'): del_user_attribute(self.env, attribute='password_refreshed') req.redirect(req.href.admin('accounts', 'config', done='restart')) _setorder(req, stores) self.config.set('account-manager', 'password_store', ','.join(stores.get_enabled_store_names())) for store in stores.get_all_stores(): for attr, option in _getoptions(store): cls_name = store.__class__.__name__ newvalue = req.args.get('%s.%s' % (cls_name, attr)) self.log.debug("%s.%s: %s" % (cls_name, attr, newvalue)) if newvalue is not None: self.config.set(option.section, option.name, newvalue) self.config.save() self.config.set('account-manager', 'force_passwd_change', req.args.get('force_passwd_change', False)) self.config.set('account-manager', 'persistent_sessions', req.args.get('persistent_sessions', False)) self.config.set('account-manager', 'verify_email', req.args.get('verify_email', False)) self.config.set('account-manager', 'refresh_passwd', req.args.get('refresh_passwd', False)) self.config.save() sections = [] for store in self.acctmgr.stores: if store.__class__.__name__ == "ResetPwStore": # Exclude special store, that is used strictly internally and # inherits configuration from SessionStore anyway. continue options = [] for attr, option in _getoptions(store): opt_val = option.__get__(store, store) opt_val = isinstance(opt_val, Component) and \ opt_val.__class__.__name__ or opt_val options.append( {'label': attr, 'name': '%s.%s' % (store.__class__.__name__, attr), 'value': opt_val, 'doc': gettext(option.__doc__) }) continue sections.append( {'name': store.__class__.__name__, 'classname': store.__class__.__name__, 'order': stores[store], 'options' : options, }) continue sections = sorted(sections, key=lambda i: i['name']) numstores = range(0, stores.numstores() + 1) data = { '_': _, 'sections': sections, 'numstores': numstores, 'force_passwd_change': self.acctmgr.force_passwd_change, 'persistent_sessions': self.acctmgr.persistent_sessions, 'verify_email': self.acctmgr.verify_email, 'refresh_passwd': self.acctmgr.refresh_passwd, } result = req.args.get('done') if result == 'restart': data['result'] = _("Password hash refresh procedure restarted.") return 'admin_accountsconfig.html', data
def _do_users(self, req): env = self.env perm = PermissionSystem(env) acctmgr = self.acctmgr acctmod = AccountModule(env) guard = self.guard listing_enabled = acctmgr.supports('get_users') create_enabled = acctmgr.supports('set_password') password_change_enabled = acctmgr.supports('set_password') password_reset_enabled = acctmod.reset_password_enabled delete_enabled = acctmgr.supports('delete_user') verify_enabled = acctmgr.verify_email and \ EmailVerificationModule(env).email_enabled account = dict(email=req.args.get('email', '').strip(), name=req.args.get('name', '').strip(), username=acctmgr.handle_username_casing( req.args.get('username', '').strip())) data = { '_dgettext': dgettext, 'acctmgr': account, 'email_approved': True, 'listing_enabled': listing_enabled, 'create_enabled': create_enabled, 'delete_enabled': delete_enabled, 'verify_enabled': verify_enabled, 'ignore_auth_case': self.config.getbool('trac', 'ignore_auth_case'), 'password_change_enabled': password_change_enabled, 'password_reset_enabled': password_reset_enabled } if req.method == 'GET': if 'user' in req.args.iterkeys(): return self._do_acct_details(req) elif req.args.get('max_per_page'): return self._do_db_cleanup(req) if req.method == 'POST': email_approved = req.args.get('email_approved') # Preserve selection during a series of requests. data['email_approved'] = email_approved if req.args.get('add'): # Add new user account. if create_enabled: # Check request and prime account on success. try: acctmgr.validate_registration(req) # Account email approval for authoritative action. if verify_enabled and email_approved and \ account['email']: set_user_attribute(env, account['username'], 'email_verification_sent_to', account['email']) # User editor form clean-up. data['acctmgr'] = {} except RegistrationError, e: # Attempt deferred translation. message = gettext(e.message) # Check for (matching number of) message arguments # before attempting string substitution. if e.msg_args and \ len(e.msg_args) == len(re.findall('%s', message)): message = message % e.msg_args data['editor_error'] = Markup(message) else: data['editor_error'] = _( "The password store does not support creating users.") elif req.args.get('reset') and req.args.get('sel'): # Password reset for one or more accounts. if password_reset_enabled: sel = req.args.get('sel') sel = isinstance(sel, list) and sel or [sel] for username, name, email in env.get_known_users(): if username in sel: acctmod._reset_password(username, email) else: data['deletion_error'] = _( "The password reset procedure is not enabled.") elif req.args.get('remove') and req.args.get('sel'): # Delete one or more accounts. if delete_enabled: sel = req.args.get('sel') sel = isinstance(sel, list) and sel or [sel] for account in sel: acctmgr.delete_user(account) else: data['deletion_error'] = _( "The password store does not support deleting users.") elif req.args.get('change'): # Change attributes and or password of existing user account. attributes = { 'email': _("Email Address"), 'name': _("Pre-/Surname (Nickname)"), 'password': _("Password") } data['success'] = [] error = TracError('') username = acctmgr.handle_username_casing( req.args.get('username').strip()) try: if not username: error.account = {'username' : username} error.message = _("Username cannot be empty.") raise error if not acctmgr.has_user(username): error.account = {'username' : username} error.message = _("Unknown user %(user)s.", user=username) raise error password = req.args.get('password') if password and (password.strip() != ''): if password_change_enabled: if password != req.args.get('password_confirm'): error.message = _("The passwords must match.") raise error acctmgr.set_password(username, password) data['success'].append(attributes.get('password')) else: data['editor_error'] = _( """The password store does not support changing passwords. """) for attribute in ('name', 'email'): value = req.args.get(attribute, '').strip() if value: set_user_attribute(env, username, attribute, value) data['success'].append(attributes.get(attribute)) # Account email approval for authoritative action. if attribute == 'email' and verify_enabled and \ email_approved: set_user_attribute(env, username, 'email_verification_sent_to', value) # User editor form clean-up on success. data['acctmgr'] = {} except TracError, e: data['editor_error'] = e.message data['acctmgr'] = getattr(e, 'account', '')
def _do_config(self, req): stores = StoreOrder(stores=self.acctmgr.stores, list=self.acctmgr.password_store) if req.method == 'POST': if req.args.get('restart'): del_user_attribute(self.env, attribute='password_refreshed') req.redirect(req.href.admin('accounts', 'config', done='restart')) _setorder(req, stores) self.config.set('account-manager', 'password_store', ','.join(stores.get_enabled_store_names())) for store in stores.get_all_stores(): for attr, option in _getoptions(store): cls_name = store.__class__.__name__ newvalue = req.args.get('%s.%s' % (cls_name, attr)) self.log.debug("%s.%s: %s" % (cls_name, attr, newvalue)) if newvalue is not None: self.config.set(option.section, option.name, newvalue) self.config.save() self.config.set('account-manager', 'force_passwd_change', req.args.get('force_passwd_change', False)) self.config.set('account-manager', 'persistent_sessions', req.args.get('persistent_sessions', False)) self.config.set('account-manager', 'verify_email', req.args.get('verify_email', False)) self.config.set('account-manager', 'refresh_passwd', req.args.get('refresh_passwd', False)) self.config.save() sections = [] for store in self.acctmgr.stores: if store.__class__.__name__ == "ResetPwStore": # Exclude special store, that is used strictly internally and # inherits configuration from SessionStore anyway. continue options = [] for attr, option in _getoptions(store): error = None opt_val = None value = None try: opt_val = option.__get__(store, store) except AttributeError, e: self.env.log.error(e) error = _("""Error while reading configuration - Hint: Enable/install the required component.""") pass if opt_val: value = isinstance(opt_val, Component) and \ opt_val.__class__.__name__ or opt_val opt_sel = None try: interface = option.xtnpt.interface opt_sel = {'options': [], 'selected': None} except AttributeError: # No ExtensionOption / Interface undefined pass if opt_sel: for impl in option.xtnpt.extensions(self.env): extension = impl.__class__.__name__ opt_sel['options'].append(extension) if opt_val and extension == value: opt_sel['selected'] = extension if len(opt_sel['options']) == 0 and error: opt_sel['error'] = error value = opt_sel options.append( {'label': attr, 'name': '%s.%s' % (store.__class__.__name__, attr), 'value': value, 'doc': gettext(option.__doc__) }) continue sections.append( {'name': store.__class__.__name__, 'classname': store.__class__.__name__, 'order': stores[store], 'options' : options, }) continue
def _do_users(self, req): env = self.env perm = PermissionSystem(env) acctmgr = self.acctmgr acctmod = AccountModule(env) guard = self.guard listing_enabled = acctmgr.supports('get_users') create_enabled = acctmgr.supports('set_password') password_change_enabled = acctmgr.supports('set_password') password_reset_enabled = acctmod.reset_password_enabled delete_enabled = acctmgr.supports('delete_user') verify_enabled = acctmgr.verify_email and \ EmailVerificationModule(env).email_enabled account = dict(email=req.args.get('email', '').strip(), name=req.args.get('name', '').strip(), username=acctmgr.handle_username_casing( req.args.get('username', '').strip())) data = { '_dgettext': dgettext, 'acctmgr': account, 'email_approved': True, 'listing_enabled': listing_enabled, 'create_enabled': create_enabled, 'delete_enabled': delete_enabled, 'verify_enabled': verify_enabled, 'ignore_auth_case': self.config.getbool('trac', 'ignore_auth_case'), 'password_change_enabled': password_change_enabled, 'password_reset_enabled': password_reset_enabled } if req.method == 'GET': if 'user' in req.args.iterkeys(): return self._do_acct_details(req) elif req.args.get('max_per_page'): return self._do_db_cleanup(req) if req.method == 'POST': email_approved = req.args.get('email_approved') # Preserve selection during a series of requests. data['email_approved'] = email_approved if req.args.get('add'): # Add new user account. if create_enabled: # Check request and prime account on success. try: acctmgr.validate_registration(req) # Account email approval for authoritative action. if verify_enabled and email_approved and \ account['email']: set_user_attribute(env, account['username'], 'email_verification_sent_to', account['email']) # User editor form clean-up. data['acctmgr'] = {} except RegistrationError, e: # Attempt deferred translation. message = gettext(e.message) # Check for (matching number of) message arguments # before attempting string substitution. if e.msg_args and \ len(e.msg_args) == len(re.findall('%s', message)): message = message % e.msg_args data['editor_error'] = Markup(message) else: data['editor_error'] = _( "The password store does not support creating users.") elif req.args.get('reset') and req.args.get('sel'): # Password reset for one or more accounts. if password_reset_enabled: sel = req.args.get('sel') sel = isinstance(sel, list) and sel or [sel] for username, name, email in env.get_known_users(): if username in sel: acctmod._reset_password(username, email) else: data['deletion_error'] = _( "The password reset procedure is not enabled.") elif req.args.get('remove') and req.args.get('sel'): # Delete one or more accounts. if delete_enabled: sel = req.args.get('sel') sel = isinstance(sel, list) and sel or [sel] for account in sel: acctmgr.delete_user(account) else: data['deletion_error'] = _( "The password store does not support deleting users.") elif req.args.get('change'): # Change attributes and or password of existing user account. attributes = { 'email': _("Email Address"), 'name': _("Pre-/Surname (Nickname)"), 'password': _("Password") } data['success'] = [] error = TracError('') username = acctmgr.handle_username_casing( req.args.get('username').strip()) try: if not username: error.account = {'username': username} error.message = _("Username cannot be empty.") raise error if not acctmgr.has_user(username): error.account = {'username': username} error.message = _("Unknown user %(user)s.", user=username) raise error password = req.args.get('password') if password and (password.strip() != ''): if password_change_enabled: if password != req.args.get('password_confirm'): error.message = _("The passwords must match.") raise error acctmgr.set_password(username, password) data['success'].append(attributes.get('password')) else: data['editor_error'] = _( """The password store does not support changing passwords. """) for attribute in ('name', 'email'): value = req.args.get(attribute, '').strip() if value: set_user_attribute(env, username, attribute, value) data['success'].append(attributes.get(attribute)) # Account email approval for authoritative action. if attribute == 'email' and verify_enabled and \ email_approved: set_user_attribute( env, username, 'email_verification_sent_to', value) # User editor form clean-up on success. data['acctmgr'] = {} except TracError, e: data['editor_error'] = e.message data['acctmgr'] = getattr(e, 'account', '')
def _do_config(self, req): stores = StoreOrder(stores=self.acctmgr.stores, list=self.acctmgr.password_store) if req.method == 'POST': if req.args.get('restart'): del_user_attribute(self.env, attribute='password_refreshed') req.redirect( req.href.admin('accounts', 'config', done='restart')) _setorder(req, stores) self.config.set('account-manager', 'password_store', ','.join(stores.get_enabled_store_names())) for store in stores.get_all_stores(): for attr, option in _getoptions(store): cls_name = store.__class__.__name__ newvalue = req.args.get('%s.%s' % (cls_name, attr)) self.log.debug("%s.%s: %s" % (cls_name, attr, newvalue)) if newvalue is not None: self.config.set(option.section, option.name, newvalue) self.config.save() self.config.set('account-manager', 'force_passwd_change', req.args.get('force_passwd_change', False)) self.config.set('account-manager', 'persistent_sessions', req.args.get('persistent_sessions', False)) self.config.set('account-manager', 'verify_email', req.args.get('verify_email', False)) self.config.set('account-manager', 'refresh_passwd', req.args.get('refresh_passwd', False)) self.config.save() sections = [] for store in self.acctmgr.stores: if store.__class__.__name__ == "ResetPwStore": # Exclude special store, that is used strictly internally and # inherits configuration from SessionStore anyway. continue options = [] for attr, option in _getoptions(store): error = None opt_val = None value = None try: opt_val = option.__get__(store, store) except AttributeError, e: self.env.log.error(e) error = _("""Error while reading configuration - Hint: Enable/install the required component.""") pass if opt_val: value = isinstance(opt_val, Component) and \ opt_val.__class__.__name__ or opt_val opt_sel = None try: interface = option.xtnpt.interface opt_sel = {'options': [], 'selected': None} except AttributeError: # No ExtensionOption / Interface undefined pass if opt_sel: for impl in option.xtnpt.extensions(self.env): extension = impl.__class__.__name__ opt_sel['options'].append(extension) if opt_val and extension == value: opt_sel['selected'] = extension if len(opt_sel['options']) == 0 and error: opt_sel['error'] = error value = opt_sel options.append({ 'label': attr, 'name': '%s.%s' % (store.__class__.__name__, attr), 'value': value, 'doc': gettext(option.__doc__) }) continue sections.append({ 'name': store.__class__.__name__, 'classname': store.__class__.__name__, 'order': stores[store], 'options': options, }) continue
def process_request(self, req): acctmgr = self.acctmgr if req.authname != 'anonymous': req.redirect(req.href.prefs('account')) action = req.args.get('action') name = req.args.get('name', '').strip() username = acctmgr.handle_username_casing(req.args.get('username', '').strip()) data = { '_dgettext': dgettext, 'acctmgr': dict(name=name, username=username), 'ignore_auth_case': self.config.getbool('trac', 'ignore_auth_case') } verify_enabled = is_enabled(self.env, EmailVerificationModule) and \ EmailVerificationModule(self.env).verify_email data['verify_account_enabled'] = verify_enabled if req.method == 'POST' and action == 'create': try: try: # Check request and prime account on success. acctmgr.validate_account(req, True) except NotificationError, e: chrome.add_warning(req, _( "Error raised while sending a change notification." ) + _("You should report that issue to a Trac admin.")) self.log.error( 'Unable to send registration notification: %s', exception_to_unicode(e, traceback=True)) except RegistrationError, e: # Attempt deferred translation. message = gettext(e.message) # Check for (matching number of) message arguments before # attempting string substitution. if e.msg_args and \ len(e.msg_args) == len(re.findall('%s', message)): message = message % e.msg_args chrome.add_warning(req, Markup(message)) else: if self.require_approval: set_user_attribute(self.env, username, 'approval', N_('pending')) # Notify admin user about registration pending for review. try: acctmgr._notify('registration_approval_required', username) except NotificationError, e: chrome.add_warning(req, _( "Error raised while sending a change " "notification.") + _("You should report that " "issue to a Trac admin.")) self.log.error('Unable to send admin notification: %s', exception_to_unicode(e, traceback=True)) else: chrome.add_notice(req, Markup(tag.span(Markup(_( "Your username has been registered successfully, " "but your account requires administrative " "approval. Please proceed according to local " "policy.")))) ) if verify_enabled: chrome.add_notice(req, Markup(tag.span(Markup(_( """Your username has been successfully registered but your account still requires activation. Please login as user %(user)s, and follow the instructions.""", user=tag.b(username))))) ) req.redirect(req.href.login()) chrome.add_notice(req, Markup(tag.span(Markup(_( """Registration has been finished successfully. You may log in as user %(user)s now.""", user=tag.b(username))))) ) req.redirect(req.href.login())