def _do_users(self, req): env = self.env perm = PermissionSystem(env) acctmgr = self.acctmgr acctmod = AccountModule(env) guard = self.guard listing_enabled = acctmgr.supports('get_users') create_enabled = acctmgr.supports('set_password') password_change_enabled = acctmgr.supports('set_password') password_reset_enabled = acctmod.reset_password_enabled delete_enabled = acctmgr.supports('delete_user') verify_enabled = acctmgr.verify_email and \ EmailVerificationModule(env).email_enabled account = dict(email=req.args.get('email', '').strip(), name=req.args.get('name', '').strip(), username=acctmgr.handle_username_casing( req.args.get('username', '').strip())) data = { '_dgettext': dgettext, 'acctmgr': account, 'email_approved': True, 'listing_enabled': listing_enabled, 'create_enabled': create_enabled, 'delete_enabled': delete_enabled, 'verify_enabled': verify_enabled, 'ignore_auth_case': self.config.getbool('trac', 'ignore_auth_case'), 'password_change_enabled': password_change_enabled, 'password_reset_enabled': password_reset_enabled } if req.method == 'GET': if 'user' in req.args.iterkeys(): return self._do_acct_details(req) elif req.args.get('max_per_page'): return self._do_db_cleanup(req) if req.method == 'POST': email_approved = req.args.get('email_approved') # Preserve selection during a series of requests. data['email_approved'] = email_approved if req.args.get('add'): # Add new user account. if create_enabled: # Check request and prime account on success. try: acctmgr.validate_registration(req) # Account email approval for authoritative action. if verify_enabled and email_approved and \ account['email']: set_user_attribute(env, account['username'], 'email_verification_sent_to', account['email']) # User editor form clean-up. data['acctmgr'] = {} except RegistrationError, e: # Attempt deferred translation. message = gettext(e.message) # Check for (matching number of) message arguments # before attempting string substitution. if e.msg_args and \ len(e.msg_args) == len(re.findall('%s', message)): message = message % e.msg_args data['editor_error'] = Markup(message) else: data['editor_error'] = _( "The password store does not support creating users.") elif req.args.get('reset') and req.args.get('sel'): # Password reset for one or more accounts. if password_reset_enabled: sel = req.args.get('sel') sel = isinstance(sel, list) and sel or [sel] for username, name, email in env.get_known_users(): if username in sel: acctmod._reset_password(username, email) else: data['deletion_error'] = _( "The password reset procedure is not enabled.") elif req.args.get('remove') and req.args.get('sel'): # Delete one or more accounts. if delete_enabled: sel = req.args.get('sel') sel = isinstance(sel, list) and sel or [sel] for account in sel: acctmgr.delete_user(account) else: data['deletion_error'] = _( "The password store does not support deleting users.") elif req.args.get('change'): # Change attributes and or password of existing user account. attributes = { 'email': _("Email Address"), 'name': _("Pre-/Surname (Nickname)"), 'password': _("Password") } data['success'] = [] error = TracError('') username = acctmgr.handle_username_casing( req.args.get('username').strip()) try: if not username: error.account = {'username' : username} error.message = _("Username cannot be empty.") raise error if not acctmgr.has_user(username): error.account = {'username' : username} error.message = _("Unknown user %(user)s.", user=username) raise error password = req.args.get('password') if password and (password.strip() != ''): if password_change_enabled: if password != req.args.get('password_confirm'): error.message = _("The passwords must match.") raise error acctmgr.set_password(username, password) data['success'].append(attributes.get('password')) else: data['editor_error'] = _( """The password store does not support changing passwords. """) for attribute in ('name', 'email'): value = req.args.get(attribute, '').strip() if value: set_user_attribute(env, username, attribute, value) data['success'].append(attributes.get(attribute)) # Account email approval for authoritative action. if attribute == 'email' and verify_enabled and \ email_approved: set_user_attribute(env, username, 'email_verification_sent_to', value) # User editor form clean-up on success. data['acctmgr'] = {} except TracError, e: data['editor_error'] = e.message data['acctmgr'] = getattr(e, 'account', '')
def _do_users(self, req): env = self.env perm = PermissionSystem(env) acctmgr = self.acctmgr acctmod = AccountModule(env) guard = self.guard listing_enabled = acctmgr.supports('get_users') create_enabled = acctmgr.supports('set_password') password_change_enabled = acctmgr.supports('set_password') password_reset_enabled = acctmod.reset_password_enabled delete_enabled = acctmgr.supports('delete_user') verify_enabled = acctmgr.verify_email and \ EmailVerificationModule(env).email_enabled account = dict(email=req.args.get('email', '').strip(), name=req.args.get('name', '').strip(), username=acctmgr.handle_username_casing( req.args.get('username', '').strip())) data = { '_dgettext': dgettext, 'acctmgr': account, 'email_approved': True, 'listing_enabled': listing_enabled, 'create_enabled': create_enabled, 'delete_enabled': delete_enabled, 'verify_enabled': verify_enabled, 'ignore_auth_case': self.config.getbool('trac', 'ignore_auth_case'), 'password_change_enabled': password_change_enabled, 'password_reset_enabled': password_reset_enabled } if req.method == 'GET': if 'user' in req.args.iterkeys(): return self._do_acct_details(req) elif req.args.get('max_per_page'): return self._do_db_cleanup(req) if req.method == 'POST': email_approved = req.args.get('email_approved') # Preserve selection during a series of requests. data['email_approved'] = email_approved if req.args.get('add'): # Add new user account. if create_enabled: # Check request and prime account on success. try: acctmgr.validate_registration(req) # Account email approval for authoritative action. if verify_enabled and email_approved and \ account['email']: set_user_attribute(env, account['username'], 'email_verification_sent_to', account['email']) # User editor form clean-up. data['acctmgr'] = {} except RegistrationError, e: # Attempt deferred translation. message = gettext(e.message) # Check for (matching number of) message arguments # before attempting string substitution. if e.msg_args and \ len(e.msg_args) == len(re.findall('%s', message)): message = message % e.msg_args data['editor_error'] = Markup(message) else: data['editor_error'] = _( "The password store does not support creating users.") elif req.args.get('reset') and req.args.get('sel'): # Password reset for one or more accounts. if password_reset_enabled: sel = req.args.get('sel') sel = isinstance(sel, list) and sel or [sel] for username, name, email in env.get_known_users(): if username in sel: acctmod._reset_password(username, email) else: data['deletion_error'] = _( "The password reset procedure is not enabled.") elif req.args.get('remove') and req.args.get('sel'): # Delete one or more accounts. if delete_enabled: sel = req.args.get('sel') sel = isinstance(sel, list) and sel or [sel] for account in sel: acctmgr.delete_user(account) else: data['deletion_error'] = _( "The password store does not support deleting users.") elif req.args.get('change'): # Change attributes and or password of existing user account. attributes = { 'email': _("Email Address"), 'name': _("Pre-/Surname (Nickname)"), 'password': _("Password") } data['success'] = [] error = TracError('') username = acctmgr.handle_username_casing( req.args.get('username').strip()) try: if not username: error.account = {'username': username} error.message = _("Username cannot be empty.") raise error if not acctmgr.has_user(username): error.account = {'username': username} error.message = _("Unknown user %(user)s.", user=username) raise error password = req.args.get('password') if password and (password.strip() != ''): if password_change_enabled: if password != req.args.get('password_confirm'): error.message = _("The passwords must match.") raise error acctmgr.set_password(username, password) data['success'].append(attributes.get('password')) else: data['editor_error'] = _( """The password store does not support changing passwords. """) for attribute in ('name', 'email'): value = req.args.get(attribute, '').strip() if value: set_user_attribute(env, username, attribute, value) data['success'].append(attributes.get(attribute)) # Account email approval for authoritative action. if attribute == 'email' and verify_enabled and \ email_approved: set_user_attribute( env, username, 'email_verification_sent_to', value) # User editor form clean-up on success. data['acctmgr'] = {} except TracError, e: data['editor_error'] = e.message data['acctmgr'] = getattr(e, 'account', '')
def _create_user(req, env, check_permissions=True): acctmgr = AccountManager(env) username = acctmgr.handle_username_casing(req.args.get('username').strip()) name = req.args.get('name') email = req.args.get('email').strip() account = { 'username': username, 'name': name, 'email': email, } error = TracError('') error.account = account if not username: error.message = _("Username cannot be empty.") raise error # Prohibit some user names that are important for Trac and therefor # reserved, even if they're not in the permission store for some reason. if username in ['authenticated', 'anonymous']: error.message = _("Username %s is not allowed.") % username raise error # NOTE: A user may exist in the password store but not in the permission # store. I.e. this happens, when the user (from the password store) # never logged in into Trac. So we have to perform this test here # and cannot just check for the user being in the permission store. # And obfuscate whether an existing user or group name # was responsible for rejection of this user name. if acctmgr.has_user(username): error.message = _( "Another account or group named %s already exists.") % username raise error # Check whether there is also a user or a group with that name. if check_permissions: # NOTE: We can't use 'get_user_permissions(username)' here # as this always returns a list - even if the user doesn't exist. # In this case the permissions of "anonymous" are returned. # # Also note that we can't simply compare the result of # 'get_user_permissions(username)' to some known set of permission, # i.e. "get_user_permissions('authenticated') as this is always # false when 'username' is the name of an existing permission group. # # And again obfuscate whether an existing user or group name # was responsible for rejection of this username. for (perm_user, perm_action) in \ perm.PermissionSystem(env).get_all_permissions(): if perm_user == username: error.message = _( "Another account or group named %s already exists.") \ % username raise error # Always exclude some special characters, i.e. # ':' can't be used in HtPasswdStore # '[' and ']' can't be used in SvnServePasswordStore blacklist = acctmgr.username_char_blacklist if containsAny(username, blacklist): pretty_blacklist = '' for c in blacklist: if pretty_blacklist == '': pretty_blacklist = tag(' \'', tag.b(c), '\'') else: pretty_blacklist = tag(pretty_blacklist, ', \'', tag.b(c), '\'') error.message = tag( _("The username must not contain any of these characters:"), pretty_blacklist) raise error # Validation of username passed. password = req.args.get('password') if not password: error.message = _("Password cannot be empty.") raise error if password != req.args.get('password_confirm'): error.message = _("The passwords must match.") raise error # Validation of password passed. if if_enabled(EmailVerificationModule) and acctmgr.verify_email: if not email: error.message = _("You must specify a valid email address.") raise error elif not re.match('^[A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,6}$', email, re.IGNORECASE): error.message = _("""The email address specified appears to be invalid. Please specify a valid email address. """) raise error elif acctmgr.has_email(email): error.message = _("""The email address specified is already in use. Please specify a different one. """) raise error # Validation of email address passed. acctmgr.set_password(username, password) # INSERT new sid, needed as foreign key in some db schemata later on, # at least for PostgreSQL. db = env.get_db_cnx() cursor = db.cursor() cursor.execute( """ SELECT COUNT(*) FROM session WHERE sid=%s """, (username, )) exists = cursor.fetchone() if not exists: cursor.execute( """ INSERT INTO session (sid,authenticated,last_visit) VALUES (%s,0,0) """, (username, )) for attribute in ('name', 'email'): value = req.args.get(attribute) if not value: continue set_user_attribute(env, username, attribute, value)
def _create_user(req, env, check_permissions=True): acctmgr = AccountManager(env) username = acctmgr.handle_username_casing( req.args.get('username').strip()) name = req.args.get('name') email = req.args.get('email').strip() account = {'username' : username, 'name' : name, 'email' : email, } error = TracError('') error.account = account if not username: error.message = _("Username cannot be empty.") raise error # Prohibit some user names that are important for Trac and therefor # reserved, even if they're not in the permission store for some reason. if username in ['authenticated', 'anonymous']: error.message = _("Username %s is not allowed.") % username raise error # NOTE: A user may exist in the password store but not in the permission # store. I.e. this happens, when the user (from the password store) # never logged in into Trac. So we have to perform this test here # and cannot just check for the user being in the permission store. # And obfuscate whether an existing user or group name # was responsible for rejection of this user name. if acctmgr.has_user(username): error.message = _( "Another account or group named %s already exists.") % username raise error # Check whether there is also a user or a group with that name. if check_permissions: # NOTE: We can't use 'get_user_permissions(username)' here # as this always returns a list - even if the user doesn't exist. # In this case the permissions of "anonymous" are returned. # # Also note that we can't simply compare the result of # 'get_user_permissions(username)' to some known set of permission, # i.e. "get_user_permissions('authenticated') as this is always # false when 'username' is the name of an existing permission group. # # And again obfuscate whether an existing user or group name # was responsible for rejection of this username. for (perm_user, perm_action) in \ perm.PermissionSystem(env).get_all_permissions(): if perm_user == username: error.message = _( "Another account or group named %s already exists.") \ % username raise error # Always exclude some special characters, i.e. # ':' can't be used in HtPasswdStore # '[' and ']' can't be used in SvnServePasswordStore blacklist = acctmgr.username_char_blacklist if containsAny(username, blacklist): pretty_blacklist = '' for c in blacklist: if pretty_blacklist == '': pretty_blacklist = tag(' \'', tag.b(c), '\'') else: pretty_blacklist = tag(pretty_blacklist, ', \'', tag.b(c), '\'') error.message = tag(_( "The username must not contain any of these characters:"), pretty_blacklist) raise error # Validation of username passed. password = req.args.get('password') if not password: error.message = _("Password cannot be empty.") raise error if password != req.args.get('password_confirm'): error.message = _("The passwords must match.") raise error # Validation of password passed. if if_enabled(EmailVerificationModule) and acctmgr.verify_email: if not email: error.message = _("You must specify a valid email address.") raise error elif not re.match('^[A-Z0-9._%+-]+@(?:[A-Z0-9-]+\.)+[A-Z]{2,6}$', email, re.IGNORECASE): error.message = _("""The email address specified appears to be invalid. Please specify a valid email address. """) raise error elif acctmgr.has_email(email): error.message = _("""The email address specified is already in use. Please specify a different one. """) raise error # Validation of email address passed. acctmgr.set_password(username, password) # INSERT new sid, needed as foreign key in some db schemata later on, # at least for PostgreSQL. db = env.get_db_cnx() cursor = db.cursor() cursor.execute(""" SELECT COUNT(*) FROM session WHERE sid=%s """, (username,)) exists = cursor.fetchone() if not exists: cursor.execute(""" INSERT INTO session (sid,authenticated,last_visit) VALUES (%s,0,0) """, (username,)) for attribute in ('name', 'email'): value = req.args.get(attribute) if not value: continue set_user_attribute(env, username, attribute, value)