Esempio n. 1
0
def _create_nologin_cookie(request):
    try:
        cookie = Cookie.SimpleCookie(request.saved_cookie)
    except Cookie.CookieError:
        # ignore invalid cookies, else user can't relogin
        cookie = None
    if cookie and cookie.has_key(user.COOKIE_NOT_LOGGED_IN):
        return

    cookie_dir = config.web_dir
    if not cookie_dir: cookie_dir = '/'
    cookie_value = '%s="1"' % user.COOKIE_NOT_LOGGED_IN

    wiki_domain = wikiutil.getCookieDomain(request)
    domain = "domain=%s;" % wiki_domain
    
    now = time.time()
    # ten minutes until we check if we've logged in to the farm hub
    expire = now + 10*60 
    loc=locale.setlocale(locale.LC_TIME, 'C')
    expirestr = time.strftime("%A, %d-%b-%Y %H:%M:%S GMT", time.gmtime(expire))
    locale.setlocale(locale.LC_TIME, loc)

    cookie_header = ("Set-Cookie", 
                     "%s; expires=%s;%sPath=%s" % (cookie_value, expirestr,
                                                   domain, cookie_dir))
    request.setHttpHeader(cookie_header)
Esempio n. 2
0
    def handleData(self, new_user=None):
        from Sycamore.Page import MAX_PAGENAME_LENGTH as MAX_USERNAME_LENGTH
        _ = self._
        form = self.request.form
        msg = ''
    
        isdisabled = False
        if form.get('disabled', [0])[0] == '1':
                isdisabled = True

        self.from_wiki = None
        if self.request.form.has_key('from_wiki'):
          self.from_wiki = self.request.form['from_wiki'][0].lower().strip()
          if not wikiutil.isInFarm(self.from_wiki, self.request):
            self.from_wiki = None

        new_user = int(form.get('new_user', [0])[0])
        # wiki farm authentication

        # we want them to be able to sign back in right after they
        # click the 'logout' GET link, hence this test
        is_form_logout = (form.has_key('qs') and 
                          urllib.unquote(form['qs'][0]) == 
                            'action=userform&logout=Logout')

        if (self.request.form.has_key('badlogin') and
            self.request.form['badlogin'][0]):
            _create_nologin_cookie(self.request)
            if config.wiki_farm:
                wiki_base_url = farm.getBaseFarmURL(self.request)
            else:
                wiki_base_url = '%s/' % self.request.getScriptname()
    
            return_string = ('Unknown username or wrong password.<br/><br/>'
                             'New user?  <a href="%s%s?new_user=1">Click here '
                             'to create an account!</a><br/><br/>'
                             'Forgot your password?  We\'ll email it to you.'
                             '<form action="%s" method="POST">'
                             '<input type="hidden" name="action" '
                                     'value="userform">'
                             'Email address: <input class="formfields" '
                                                    'type="text" name="email">'
                             '&nbsp;<input type="submit" class="formbutton" '
                                           'name="login_sendmail" '
                                           'value="Mail me my account data">'
                             '</form>' % (
                             wiki_base_url,
                             wikiutil.quoteWikiname(
                                config.page_user_preferences),
                             wiki_base_url))
            return return_string


        if (form.has_key('login_check') and form['login_check'][0] and
            form.has_key('backto_wiki') and form.has_key('backto_page')):
            backto_wiki = form['backto_wiki'][0]
            backto_page = form['backto_page'][0].encode(config.charset)
            if form.has_key('qs') and not is_form_logout:
                q_query_string = form['qs'][0]
            else:
                q_query_string = ''

            if self.request.user.valid:
                secret, stored_expire_time, session = \
                    self.request.user.cookie_dough
                if q_query_string:
                    url = ('%s?action=userform&backto_page=%s&qs=%s'
                           '&secret=%s&expire_time=%s&uid=%s&session=%s' % (
                            backto_page, urllib.quote(backto_page),
                            urllib.quote(q_query_string), urllib.quote(secret),
                            stored_expire_time, self.request.user.id,
                            urllib.quote(session)))
                else:
                     url = ('%s?action=userform&backto_page=%s&secret=%s'
                            '&expire_time=%s&uid=%s&session=%s' % (
                            backto_page, urllib.quote(backto_page),
                            urllib.quote(secret), stored_expire_time,
                            self.request.user.id, urllib.quote(session)))
            else:
                if q_query_string:
                    url = ('%s?action=userform&backto_page=%s&not_logged_in=1'
                           '&qs=%s' % (backto_page, urllib.quote(backto_page),
                                       urllib.quote(q_query_string)))
                else:
                     url = ('%s?action=userform&backto_page=%s&not_logged_in=1'
                            % (backto_page, urllib.quote(backto_page)))

            self.request.http_redirect(url) 
            return 

        # bounce-back wiki farm authentication
        if form.has_key('not_logged_in') and form.has_key('backto_page'):
            backto = urllib.unquote(form['backto_page'][0].encode(
                config.charset))
            if form.has_key('qs') and not is_form_logout:
                query_string = '?%s' % (urllib.unquote(form['qs'][0]
                                         ).encode(config.charset))
            else:
                query_string = ''
            url = '%s%s' % (backto, query_string)
            _create_nologin_cookie(self.request)
            self.request.http_redirect(url)
            return
        # bounce-back wiki farm authentication
        elif (form.has_key('uid') and form.has_key('secret') and
              form.has_key('session') and form.has_key('expire_time')):
            uid = form['uid'][0]
            secret = urllib.unquote(form['secret'][0])
            session = form['session'][0]
            expire_time = float(form['expire_time'][0])
            if form.has_key('backto_page'):
                backto_page = form['backto_page'][0]
            else:
                backto_page = '/' 
            if form.has_key('qs') and not is_form_logout:
                query_string = '?%s' % urllib.unquote(form['qs'][0])
            else:
                query_string = ''
            url = '%s%s' % (backto_page, query_string)
    
            self.request.http_redirect(url)
            self.request.user.sendCookie(self.request, expire=expire_time,
                                         sessionid=session, secret=secret,
                                         id=uid) 
            self.request.user.clearNologinCookie(self.request)
            return 

        if form.has_key('logout') or isdisabled:
            msg = ''
            if isdisabled:
                if not self.request.isPOST():
                    return "Use the interactive interface to change settings!"
                # disable the account
                self.request.user.disabled = 1
                # save user's profile
                self.request.user.save()
                msg = '<p>%s</p>' % _("Your account has been disabled.")

            # clear the cookie in the browser and locally
            try:
                cookie = Cookie.SimpleCookie(self.request.saved_cookie)
            except Cookie.CookieError:
                # ignore invalid cookies
                cookie = None
            else:
                if config.wiki_farm:
                    cookie_id = wikiutil.quoteCookiename(
                        config.wiki_base_domain + ',ID')
                else:
                    cookie_id = wikiutil.quoteCookiename(
                        config.sitename + ',ID')

                if cookie.has_key(cookie_id):
                    self.removeSession(cookie[cookie_id].value)
                    cookie_dir = config.web_dir
                    if not cookie_dir: cookie_dir = '/'
                    domain = wikiutil.getCookieDomain(self.request)
                    expirestr = time.strftime("%A, %d-%b-%Y %H:%M:%S GMT",
                                              time.gmtime(0))
                    self.request.setHttpHeader(('Set-Cookie',
                        ('%s="%s"; domain=%s; path=%s; '
                         'expires=%s' % (
                         (cookie_id, cookie[cookie_id].value,
                          domain, cookie_dir, expirestr)))))

            self.request.saved_cookie = ''
            self.request.auth_username = ''
            self.request.user = user.User(self.request)
            return msg + _("Cookie deleted. You are now logged out.")
    
        if form.has_key('login_sendmail'):
            if not self.request.isPOST():
                return "Use the interactive interface to change settings!"
            if not config.mail_smarthost:
                return _('This wiki is not enabled for mail processing. '
                        'Contact the owner of the wiki, who can either enable '
                        'email, or remove the "Subscribe" icon.')
            try:
                email = form['email'][0]
            except KeyError:
                return _("Please provide a valid email address!")
    
            text = ''
            uid = user.getUserIdByEmail(email, self.request)
            if uid:
                theuser = user.User(self.request, uid)
                if theuser.valid:
                    code = self.createCode(theuser.id)
                    sitename = farm.getBaseWikiFullName(self.request)
                    if config.wiki_farm:
                        url = farm.getBaseFarmURL(self.request)
                    else:
                        url = '%s/' % self.request.getBaseURL()
                    text = ("Go here to automatically log into %s: "
                            "%s%s?action=userform&uid=%s&code=%s\n"
                            "Once you're logged in, you should change your "
                            "password in your settings "
                            "(you forgot your password, right?).\n\n"
                            "(The link in this email is good for "
                            "one use only.)" % (
                            sitename, url,
                            wikiutil.quoteWikiname(
                                config.page_user_preferences),
                            theuser.id, code))

            if not text:
                return _("Found no account matching the given email address "
                         "'%(email)s'!") % {'email': email}


            mailok, msg = util.mail.sendmail(self.request, [email], 
                'Your wiki account data', text, mail_from=config.mail_from)
            return wikiutil.escape(msg)

        if form.has_key('login') or form.has_key('uid'):
            uid = None

            if form.has_key('code') and form.has_key('uid'):
               given_uid = form['uid'][0].strip()
               given_code = form['code'][0].strip()
        
               given_code
               if self.isValidCode(given_uid, given_code):
                  uid = given_uid

            if uid:
                # we were given account information so let's
                # create an account -> log them in
                theuser = user.User(self.request, id=uid)
                msg = _("You are now logged in!  "
                        "Please change your password below!")
                # send the cookie
                theuser.sendCookie(self.request)
                self.request.user = theuser
                return msg
            else:
                # we weren't given information, so let's see
                # if they gave us a login/password

                # try to get the user name
                try:
                    name = form['username'][0].replace('\t', ' ').strip()
                except KeyError:
                    name = ''

                # try to get the password
                password = form.get('password',[''])[0]

                # load the user data and check for validness
                if name:
                    theuser = user.User(self.request, name=name,
                                        password=password, is_login=True)
                else:
                    theuser = user.User(self.request, id=uid, name=name,
                                        password=password, is_login=True)

                if config.wiki_farm:
                    wiki_base_url = farm.getBaseFarmURL(self.request)
                else:
                    wiki_base_url = '%s/' % self.request.getScriptname()

                if not theuser.valid:
                    if (not self.request.form.has_key('backto_wiki') or not
                        self.request.form['backto_wiki'][0]):
                        return_string = ('Unknown username or wrong password.'
                                         '<br/><br/>New user?  '
                                         '<a href="%s%s?new_user=1">'
                                         'Click here to create an account!</a>'
                                         '<br/><br/>Forgot your password?  '
                                         'We\'ll email it to you.'
                                         '<form action="%s" method="POST">'
                                         '<input type="hidden" name="action" '
                                                 'value="userform">'
                                         'Email address: '
                                         '<input class="formfields" '
                                                 'type="text" name="email">'
                                         '&nbsp;'
                                         '<input type="submit" '
                                                 'class="formbutton" '
                                                 'name="login_sendmail" '
                                                 'value="Mail me my account '
                                                         'data">'
                                         '</form>' % (
                                         wiki_base_url,
                                         wikiutil.quoteWikiname(
                                            config.page_user_preferences),
                                         wiki_base_url))

                        return return_string
                    else:
                        self.request.http_redirect(
                            urllib.unquote(
                                self.request.form['backto_page'][0].encode(
                                    config.charset)) +
                            '?action=userform&badlogin=1')
                        return

            # send the cookie
            theuser.sendCookie(self.request)
            self.request.user = theuser
            send_back_home(self.request, msg="You are now logged in!")
        else:
            if not self.request.isPOST():
                return """Use the interactive interface to change settings!"""
            # save user's profile, first get user instance
            theuser = user.User(self.request)
    
            # try to get the name
            # if name is empty or missing, return an error msg
            if (form.has_key('username') and
                form['username'][0].replace('\t', '').strip()):
                theuser.propercased_name = \
                    form['username'][0].replace('\t', ' ').strip()
                theuser.name = theuser.propercased_name.lower()
            elif form.has_key('username'):
                raise BadData, (_("Please enter a user name!"), new_user)
    
            if (self.request.user.name and
                (self.request.user.name != theuser.name)):
              # they are still logged on and are trying to make a new account
              raise BadData, (_("Please log out before creating an account."),
                              new_user)
            if user.getUserId(theuser.name, self.request):
                if theuser.name != self.request.user.name:
                    raise BadData, (_("User name already exists!"), new_user)
                else:
                    new_user = False

            if form.has_key('save') and form['save'][0] == 'Change password':
                # change password setting 

                # try to get the password and pw repeat
                password = form.get('password', [''])[0]
                password2 = form.get('password2',[''])[0]

                # Check if password is given and matches with password repeat
                if password != password2:
                    raise BadData, (_("Passwords don't match!"), new_user)
                if not password and new_user:
                    raise BadData, (_("Please specify a password!"), new_user)
                if password:
                    theuser.enc_password = user.generate_hash(password)

                self._clear_all_sessions_except_current()

                msg = _("Password changed!")
            else:
                # process general settings

                # tr to get the email
                theuser.email = form.get('email', [''])[0]

                if theuser.email:
                    email_user_id = user.getUserIdByEmail(theuser.email,
                                                          self.request)
                else:
                    email_user_id = None
                if not theuser.email or not re.match(".+@.+\..{2,}",
                                                     theuser.email):
                    raise BadData, (_("Please provide your email address - "
                                      "without that you could not "
                                      "get your login data via email just in "
                                      "case you lose it."), new_user)
                elif email_user_id and email_user_id != theuser.id:
                    raise BadData, (_("Somebody else has already registered "
                                      "with the email address \"%s\", please "
                                      "pick something else." % theuser.email),
                                    new_user)
        
                # editor size
                theuser.edit_rows = util.web.getIntegerInput(self.request,
                    'edit_rows', theuser.edit_rows, 10, 60)
                theuser.edit_cols = util.web.getIntegerInput(self.request,
                    'edit_cols', theuser.edit_cols, 30, 100)
        
                # time zone
                tz = form.get('tz', theuser.tz)[0]
                if tz not in pytz.common_timezones:
                    tz = theuser.tz
                theuser.tz = tz
        
                wiki_for_userpage = form.get('wiki_for_userpage',
                                             [''])[0].lower()
                if (wiki_for_userpage and not
                    wikiutil.isInFarm(wiki_for_userpage, self.request)):
                    raise BadData, (_('"%s" is not the name of a wiki.' % (
                                      wiki_for_userpage)), new_user)
                if wiki_for_userpage != theuser.wiki_for_userpage:
                    # they have changed the wiki! time to do
                    # something differently
                    msg = _("<p>User preferences saved!</p>"
                            "<p><strong>Note:</strong> It may take a bit for "
                            "all links to your name to point to the "
                            "new wiki.</p>")
                    theuser.wiki_for_userpage = wiki_for_userpage

                # User CSS URL
                theuser.css_url = form.get('css_url', [''])[0]
        
                # try to get the (optional) preferred language
                #theuser.language = form.get('language', [''])[0]
    
                # checkbox options
                keys = []
                for key in user_checkbox_fields:
                    value = form.get(key, [0])[0]
                    try:
                        value = int(value)
                    except ValueError:
                        pass
                    setattr(theuser, key, value)
        
            if new_user:
                # strip spaces, we don't allow them anyway
                theuser.propercased_name = theuser.propercased_name.strip() 
                theuser.name = theuser.propercased_name.lower()
                if not theuser.name.strip():
                    raise BadData, (_("Please provide a user name!"), new_user)
                elif theuser.propercased_name.find(' ') != -1:
                    raise BadData, (_("Invalid username: spaces are not "
                                      "allowed in user names"), new_user)
                elif re.search('[%s]' % re.escape(USER_NOT_ALLOWED_CHARS),
                               theuser.propercased_name):
                    raise BadData, (_("Invalid username: the characters "
                                      "%s are not allowed in usernames." % (
                                      wikiutil.escape(
                                        USER_NOT_ALLOWED_CHARS))),
                                    new_user)
                # messes up subpages. 
                # '/' isn't allowed, so we just disallow this and we're cool.
                elif theuser.name == '..' or theuser.name == '.': 
                    raise BadData, (_("Invalid username: okay, seriously, "
                                      "that's a pretty lame name.  "
                                      "Pick something better!"), new_user)
                elif len(theuser.propercased_name) > MAX_USERNAME_LENGTH:
                    raise BadData, (_("Invalid username: a username can be "
                                      "at most %s characters long." % (
                                      MAX_USERNAME_LEGNTH)), new_user)
                elif (not theuser.email or not
                      re.match(".+@.+\..{2,}", theuser.email)):
                    raise BadData, (_("Please provide your email address - "
                                      "without that you could not get your " 
                                      "login data via email just in case you "
                                      "lose it."), new_user)
                name_exists = user.getUserId(theuser.name, self.request)
                if name_exists:
                    raise BadData, (_("This user name already belongs to "
                                      "somebody else."), new_user)
                email_exists = user.getUserIdByEmail(theuser.email,
                                                     self.request)
                if email_exists:
                    raise BadData, (_("This email already belongs to somebody "
                                      "else."), new_user)

                # try to get the password and pw repeat
                password = form.get('password', [''])[0]
                password2 = form.get('password2',[''])[0]

                # Check if password is given and matches with password repeat
                if password != password2:
                    raise BadData, (_("Passwords don't match!"), new_user)
                if not password and new_user:
                    raise BadData, (_("Please specify a password!"), new_user)
                if password:
                    theuser.enc_password = user.generate_hash(password)

                theuser.anonymous = False


            # save data and send cookie
            theuser.save(new_user=new_user)
            theuser.sendCookie(self.request)
            self.request.user = theuser
    

            from Sycamore.formatter.text_html import Formatter
            formatter = Formatter(self.request)

            if not new_user:
              if not msg:
                msg = _("User preferences saved!")
              if self.from_wiki:
                go_back_to_wiki = farm.link_to_wiki(self.from_wiki, formatter)
                msg = ('%s<br/><br/>Wanna go '
                       'back to %s?' % (msg, go_back_to_wiki))
            else:
              msg = _("Account created!  You are now logged in.")
              self.request.user.valid = 1
              if (self.from_wiki and self.from_wiki.lower() !=
                                     farm.getBaseWikiName()):
                go_back_to_wiki = farm.link_to_wiki(self.from_wiki, formatter)
                msg = ('%s<br/><br/>Head back over to %s and your new account '
                      'should work there!' % (msg, go_back_to_wiki))
            if _debug:
                msg = msg + util.dumpFormData(form)
            return msg