def process_request(self, req):
acctmgr = self.acctmgr
if req.authname != 'anonymous':
req.redirect(req.href.prefs('account'))
action = req.args.get('action')
name = req.args.get('name', '').strip()
username = acctmgr.handle_username_casing(req.args.get('username',
'').strip())
data = {
'_dgettext': dgettext,
'acctmgr': dict(name=name, username=username),
'ignore_auth_case': self.config.getbool('trac', 'ignore_auth_case')
}
verify_enabled = is_enabled(self.env, EmailVerificationModule) and \
EmailVerificationModule(self.env).verify_email
data['verify_account_enabled'] = verify_enabled
if req.method == 'POST' and action == 'create':
try:
# Check request and prime account on success.
acctmgr.validate_account(req, True)
except RegistrationError, e:
# Attempt deferred translation.
message = gettext(e.message)
# Check for (matching number of) message arguments before
# attempting string substitution.
if e.msg_args and \
len(e.msg_args) == len(re.findall('%s', message)):
message = message % e.msg_args
chrome.add_warning(req, Markup(message))
else:
if self.require_approval:
set_user_attribute(self.env, username, 'approval',
N_('pending'))
# Notify admin user about registration pending for review.
acctmgr._notify('registration_approval_required',
username)
chrome.add_notice(req, Markup(tag.span(Markup(_(
"Your username has been registered successfully, but "
"your account requires administrative approval. "
"Please proceed according to local policy."))))
)
if verify_enabled:
chrome.add_notice(req, Markup(tag.span(Markup(_(
"""Your username has been successfully registered but
your account still requires activation. Please login
as user %(user)s, and follow the instructions.""",
user=tag.b(username)))))
)
req.redirect(req.href.login())
chrome.add_notice(req, Markup(tag.span(Markup(_(
"""Registration has been finished successfully.
You may log in as user %(user)s now.""",
user=tag.b(username)))))
)
req.redirect(req.href.login())
def pre_process_request(self, req, handler):
if not req.session.authenticated:
# Permissions for anonymous users remain unchanged.
return handler
elif req.path_info == '/prefs' and req.method == 'POST' and \
not 'restore' in req.args:
try:
EmailCheck(self.env).validate_registration(req)
# Check passed without error: New email address seems good.
except RegistrationError, e:
# Attempt to change email to an empty or invalid
# address detected, resetting to previously stored value.
chrome.add_warning(req, Markup(gettext(e.message)))
req.redirect(req.href.prefs(None))
def process_request(self, req):
acctmgr = self.acctmgr
if req.authname != 'anonymous':
req.redirect(req.href.prefs('account'))
action = req.args.get('action')
name = req.args.get('name', '').strip()
username = acctmgr.handle_username_casing(
req.args.get('username', '').strip())
data = {
'_dgettext': dgettext,
'acctmgr': dict(name=name, username=username),
'ignore_auth_case': self.config.getbool('trac', 'ignore_auth_case')
}
verify_enabled = is_enabled(self.env, EmailVerificationModule) and \
acctmgr.verify_email
data['verify_account_enabled'] = verify_enabled
if req.method == 'POST' and action == 'create':
try:
# Check request and prime account on success.
acctmgr.validate_registration(req)
except RegistrationError, e:
# Attempt deferred translation.
message = gettext(e.message)
# Check for (matching number of) message arguments before
# attempting string substitution.
if e.msg_args and \
len(e.msg_args) == len(re.findall('%s', message)):
message = message % e.msg_args
chrome.add_warning(req, Markup(message))
else:
if verify_enabled:
chrome.add_notice(
req,
Markup(
tag.span(
Markup(
_("""Your username has been successfully registered but
your account still requires activation. Please login
as user %(user)s, and follow the instructions.""",
user=tag.b(username))))))
req.redirect(req.href.login())
chrome.add_notice(
req,
Markup(
tag.span(
Markup(
_("""Registration has been finished successfully.
You may log in as user %(user)s now.""",
user=tag.b(username))))))
req.redirect(req.href.login())
def pre_process_request(self, req, handler):
if not req.session.authenticated:
# Permissions for anonymous users remain unchanged.
return handler
elif req.path_info == '/prefs' and req.method == 'POST' and \
not 'restore' in req.args:
try:
EmailCheck(self.env).validate_registration(req)
# Check passed without error: New email address seems good.
except RegistrationError, e:
# Attempt to change email to an empty or invalid
# address detected, resetting to previously stored value.
chrome.add_warning(
req, Markup(gettext(e.message)))
req.redirect(req.href.prefs(None))
def pre_process_request(self, req, handler):
if not req.authname or req.authname == 'anonymous':
# Permissions for anonymous users remain unchanged.
return handler
elif req.path_info == '/prefs' and req.method == 'POST' and \
not 'restore' in req.args:
try:
AccountManager(self.env).validate_account(req)
# Check passed without error: New email address seems good.
except RegistrationError, e:
# Always warn about issues.
chrome.add_warning(
req, Markup(gettext(e.message)))
# Look, if the issue existed before.
attributes = get_user_attribute(self.env, req.authname,
attribute='email')
email = req.authname in attributes and \
attributes[req.authname][1].get('email') or None
new_email = req.args.get('email', '').strip()
if (email or new_email) and email != new_email:
# Attempt to change email to an empty or invalid
# address detected, resetting to previously stored value.
req.redirect(req.href.prefs(None))
def pre_process_request(self, req, handler):
if not req.authname or req.authname == 'anonymous':
# Permissions for anonymous users remain unchanged.
return handler
elif req.path_info == '/prefs' and req.method == 'POST' and \
not 'restore' in req.args:
try:
AccountManager(self.env).validate_account(req)
# Check passed without error: New email address seems good.
except RegistrationError, e:
# Always warn about issues.
chrome.add_warning(req, Markup(gettext(e.message)))
# Look, if the issue existed before.
attributes = get_user_attribute(self.env,
req.authname,
attribute='email')
email = req.authname in attributes and \
attributes[req.authname][1].get('email') or None
new_email = req.args.get('email', '').strip()
if (email or new_email) and email != new_email:
# Attempt to change email to an empty or invalid
# address detected, resetting to previously stored value.
req.redirect(req.href.prefs(None))
def _do_config(self, req):
stores = StoreOrder(stores=self.acctmgr.stores,
list=self.acctmgr.password_store)
if req.method == 'POST':
if req.args.get('restart'):
del_user_attribute(self.env, attribute='password_refreshed')
req.redirect(req.href.admin('accounts', 'config',
done='restart'))
_setorder(req, stores)
self.config.set('account-manager', 'password_store',
','.join(stores.get_enabled_store_names()))
for store in stores.get_all_stores():
for attr, option in _getoptions(store):
cls_name = store.__class__.__name__
newvalue = req.args.get('%s.%s' % (cls_name, attr))
self.log.debug("%s.%s: %s" % (cls_name, attr, newvalue))
if newvalue is not None:
self.config.set(option.section, option.name, newvalue)
self.config.save()
self.config.set('account-manager', 'force_passwd_change',
req.args.get('force_passwd_change', False))
self.config.set('account-manager', 'persistent_sessions',
req.args.get('persistent_sessions', False))
self.config.set('account-manager', 'verify_email',
req.args.get('verify_email', False))
self.config.set('account-manager', 'refresh_passwd',
req.args.get('refresh_passwd', False))
self.config.save()
sections = []
for store in self.acctmgr.stores:
if store.__class__.__name__ == "ResetPwStore":
# Exclude special store, that is used strictly internally and
# inherits configuration from SessionStore anyway.
continue
options = []
for attr, option in _getoptions(store):
opt_val = option.__get__(store, store)
opt_val = isinstance(opt_val, Component) and \
opt_val.__class__.__name__ or opt_val
options.append(
{'label': attr,
'name': '%s.%s' % (store.__class__.__name__, attr),
'value': opt_val,
'doc': gettext(option.__doc__)
})
continue
sections.append(
{'name': store.__class__.__name__,
'classname': store.__class__.__name__,
'order': stores[store],
'options' : options,
})
continue
sections = sorted(sections, key=lambda i: i['name'])
numstores = range(0, stores.numstores() + 1)
data = {
'_': _,
'sections': sections,
'numstores': numstores,
'force_passwd_change': self.acctmgr.force_passwd_change,
'persistent_sessions': self.acctmgr.persistent_sessions,
'verify_email': self.acctmgr.verify_email,
'refresh_passwd': self.acctmgr.refresh_passwd,
}
result = req.args.get('done')
if result == 'restart':
data['result'] = _("Password hash refresh procedure restarted.")
return 'admin_accountsconfig.html', data
def _do_users(self, req):
env = self.env
perm = PermissionSystem(env)
acctmgr = self.acctmgr
acctmod = AccountModule(env)
guard = self.guard
listing_enabled = acctmgr.supports('get_users')
create_enabled = acctmgr.supports('set_password')
password_change_enabled = acctmgr.supports('set_password')
password_reset_enabled = acctmod.reset_password_enabled
delete_enabled = acctmgr.supports('delete_user')
verify_enabled = acctmgr.verify_email and \
EmailVerificationModule(env).email_enabled
account = dict(email=req.args.get('email', '').strip(),
name=req.args.get('name', '').strip(),
username=acctmgr.handle_username_casing(
req.args.get('username', '').strip()))
data = {
'_dgettext': dgettext,
'acctmgr': account,
'email_approved': True,
'listing_enabled': listing_enabled,
'create_enabled': create_enabled,
'delete_enabled': delete_enabled,
'verify_enabled': verify_enabled,
'ignore_auth_case': self.config.getbool('trac',
'ignore_auth_case'),
'password_change_enabled': password_change_enabled,
'password_reset_enabled': password_reset_enabled
}
if req.method == 'GET':
if 'user' in req.args.iterkeys():
return self._do_acct_details(req)
elif req.args.get('max_per_page'):
return self._do_db_cleanup(req)
if req.method == 'POST':
email_approved = req.args.get('email_approved')
# Preserve selection during a series of requests.
data['email_approved'] = email_approved
if req.args.get('add'):
# Add new user account.
if create_enabled:
# Check request and prime account on success.
try:
acctmgr.validate_registration(req)
# Account email approval for authoritative action.
if verify_enabled and email_approved and \
account['email']:
set_user_attribute(env, account['username'],
'email_verification_sent_to', account['email'])
# User editor form clean-up.
data['acctmgr'] = {}
except RegistrationError, e:
# Attempt deferred translation.
message = gettext(e.message)
# Check for (matching number of) message arguments
# before attempting string substitution.
if e.msg_args and \
len(e.msg_args) == len(re.findall('%s',
message)):
message = message % e.msg_args
data['editor_error'] = Markup(message)
else:
data['editor_error'] = _(
"The password store does not support creating users.")
elif req.args.get('reset') and req.args.get('sel'):
# Password reset for one or more accounts.
if password_reset_enabled:
sel = req.args.get('sel')
sel = isinstance(sel, list) and sel or [sel]
for username, name, email in env.get_known_users():
if username in sel:
acctmod._reset_password(username, email)
else:
data['deletion_error'] = _(
"The password reset procedure is not enabled.")
elif req.args.get('remove') and req.args.get('sel'):
# Delete one or more accounts.
if delete_enabled:
sel = req.args.get('sel')
sel = isinstance(sel, list) and sel or [sel]
for account in sel:
acctmgr.delete_user(account)
else:
data['deletion_error'] = _(
"The password store does not support deleting users.")
elif req.args.get('change'):
# Change attributes and or password of existing user account.
attributes = {
'email': _("Email Address"),
'name': _("Pre-/Surname (Nickname)"),
'password': _("Password")
}
data['success'] = []
error = TracError('')
username = acctmgr.handle_username_casing(
req.args.get('username').strip())
try:
if not username:
error.account = {'username' : username}
error.message = _("Username cannot be empty.")
raise error
if not acctmgr.has_user(username):
error.account = {'username' : username}
error.message = _("Unknown user %(user)s.",
user=username)
raise error
password = req.args.get('password')
if password and (password.strip() != ''):
if password_change_enabled:
if password != req.args.get('password_confirm'):
error.message = _("The passwords must match.")
raise error
acctmgr.set_password(username, password)
data['success'].append(attributes.get('password'))
else:
data['editor_error'] = _(
"""The password store does not support
changing passwords.
""")
for attribute in ('name', 'email'):
value = req.args.get(attribute, '').strip()
if value:
set_user_attribute(env, username,
attribute, value)
data['success'].append(attributes.get(attribute))
# Account email approval for authoritative action.
if attribute == 'email' and verify_enabled and \
email_approved:
set_user_attribute(env, username,
'email_verification_sent_to', value)
# User editor form clean-up on success.
data['acctmgr'] = {}
except TracError, e:
data['editor_error'] = e.message
data['acctmgr'] = getattr(e, 'account', '')
def _do_config(self, req):
stores = StoreOrder(stores=self.acctmgr.stores,
list=self.acctmgr.password_store)
if req.method == 'POST':
if req.args.get('restart'):
del_user_attribute(self.env, attribute='password_refreshed')
req.redirect(req.href.admin('accounts', 'config',
done='restart'))
_setorder(req, stores)
self.config.set('account-manager', 'password_store',
','.join(stores.get_enabled_store_names()))
for store in stores.get_all_stores():
for attr, option in _getoptions(store):
cls_name = store.__class__.__name__
newvalue = req.args.get('%s.%s' % (cls_name, attr))
self.log.debug("%s.%s: %s" % (cls_name, attr, newvalue))
if newvalue is not None:
self.config.set(option.section, option.name, newvalue)
self.config.save()
self.config.set('account-manager', 'force_passwd_change',
req.args.get('force_passwd_change', False))
self.config.set('account-manager', 'persistent_sessions',
req.args.get('persistent_sessions', False))
self.config.set('account-manager', 'verify_email',
req.args.get('verify_email', False))
self.config.set('account-manager', 'refresh_passwd',
req.args.get('refresh_passwd', False))
self.config.save()
sections = []
for store in self.acctmgr.stores:
if store.__class__.__name__ == "ResetPwStore":
# Exclude special store, that is used strictly internally and
# inherits configuration from SessionStore anyway.
continue
options = []
for attr, option in _getoptions(store):
error = None
opt_val = None
value = None
try:
opt_val = option.__get__(store, store)
except AttributeError, e:
self.env.log.error(e)
error = _("""Error while reading configuration -
Hint: Enable/install the required component.""")
pass
if opt_val:
value = isinstance(opt_val, Component) and \
opt_val.__class__.__name__ or opt_val
opt_sel = None
try:
interface = option.xtnpt.interface
opt_sel = {'options': [], 'selected': None}
except AttributeError:
# No ExtensionOption / Interface undefined
pass
if opt_sel:
for impl in option.xtnpt.extensions(self.env):
extension = impl.__class__.__name__
opt_sel['options'].append(extension)
if opt_val and extension == value:
opt_sel['selected'] = extension
if len(opt_sel['options']) == 0 and error:
opt_sel['error'] = error
value = opt_sel
options.append(
{'label': attr,
'name': '%s.%s' % (store.__class__.__name__, attr),
'value': value,
'doc': gettext(option.__doc__)
})
continue
sections.append(
{'name': store.__class__.__name__,
'classname': store.__class__.__name__,
'order': stores[store],
'options' : options,
})
continue
def _do_users(self, req):
env = self.env
perm = PermissionSystem(env)
acctmgr = self.acctmgr
acctmod = AccountModule(env)
guard = self.guard
listing_enabled = acctmgr.supports('get_users')
create_enabled = acctmgr.supports('set_password')
password_change_enabled = acctmgr.supports('set_password')
password_reset_enabled = acctmod.reset_password_enabled
delete_enabled = acctmgr.supports('delete_user')
verify_enabled = acctmgr.verify_email and \
EmailVerificationModule(env).email_enabled
account = dict(email=req.args.get('email', '').strip(),
name=req.args.get('name', '').strip(),
username=acctmgr.handle_username_casing(
req.args.get('username', '').strip()))
data = {
'_dgettext': dgettext,
'acctmgr': account,
'email_approved': True,
'listing_enabled': listing_enabled,
'create_enabled': create_enabled,
'delete_enabled': delete_enabled,
'verify_enabled': verify_enabled,
'ignore_auth_case': self.config.getbool('trac',
'ignore_auth_case'),
'password_change_enabled': password_change_enabled,
'password_reset_enabled': password_reset_enabled
}
if req.method == 'GET':
if 'user' in req.args.iterkeys():
return self._do_acct_details(req)
elif req.args.get('max_per_page'):
return self._do_db_cleanup(req)
if req.method == 'POST':
email_approved = req.args.get('email_approved')
# Preserve selection during a series of requests.
data['email_approved'] = email_approved
if req.args.get('add'):
# Add new user account.
if create_enabled:
# Check request and prime account on success.
try:
acctmgr.validate_registration(req)
# Account email approval for authoritative action.
if verify_enabled and email_approved and \
account['email']:
set_user_attribute(env, account['username'],
'email_verification_sent_to',
account['email'])
# User editor form clean-up.
data['acctmgr'] = {}
except RegistrationError, e:
# Attempt deferred translation.
message = gettext(e.message)
# Check for (matching number of) message arguments
# before attempting string substitution.
if e.msg_args and \
len(e.msg_args) == len(re.findall('%s',
message)):
message = message % e.msg_args
data['editor_error'] = Markup(message)
else:
data['editor_error'] = _(
"The password store does not support creating users.")
elif req.args.get('reset') and req.args.get('sel'):
# Password reset for one or more accounts.
if password_reset_enabled:
sel = req.args.get('sel')
sel = isinstance(sel, list) and sel or [sel]
for username, name, email in env.get_known_users():
if username in sel:
acctmod._reset_password(username, email)
else:
data['deletion_error'] = _(
"The password reset procedure is not enabled.")
elif req.args.get('remove') and req.args.get('sel'):
# Delete one or more accounts.
if delete_enabled:
sel = req.args.get('sel')
sel = isinstance(sel, list) and sel or [sel]
for account in sel:
acctmgr.delete_user(account)
else:
data['deletion_error'] = _(
"The password store does not support deleting users.")
elif req.args.get('change'):
# Change attributes and or password of existing user account.
attributes = {
'email': _("Email Address"),
'name': _("Pre-/Surname (Nickname)"),
'password': _("Password")
}
data['success'] = []
error = TracError('')
username = acctmgr.handle_username_casing(
req.args.get('username').strip())
try:
if not username:
error.account = {'username': username}
error.message = _("Username cannot be empty.")
raise error
if not acctmgr.has_user(username):
error.account = {'username': username}
error.message = _("Unknown user %(user)s.",
user=username)
raise error
password = req.args.get('password')
if password and (password.strip() != ''):
if password_change_enabled:
if password != req.args.get('password_confirm'):
error.message = _("The passwords must match.")
raise error
acctmgr.set_password(username, password)
data['success'].append(attributes.get('password'))
else:
data['editor_error'] = _(
"""The password store does not support
changing passwords.
""")
for attribute in ('name', 'email'):
value = req.args.get(attribute, '').strip()
if value:
set_user_attribute(env, username, attribute, value)
data['success'].append(attributes.get(attribute))
# Account email approval for authoritative action.
if attribute == 'email' and verify_enabled and \
email_approved:
set_user_attribute(
env, username,
'email_verification_sent_to', value)
# User editor form clean-up on success.
data['acctmgr'] = {}
except TracError, e:
data['editor_error'] = e.message
data['acctmgr'] = getattr(e, 'account', '')
def _do_config(self, req):
stores = StoreOrder(stores=self.acctmgr.stores,
list=self.acctmgr.password_store)
if req.method == 'POST':
if req.args.get('restart'):
del_user_attribute(self.env, attribute='password_refreshed')
req.redirect(
req.href.admin('accounts', 'config', done='restart'))
_setorder(req, stores)
self.config.set('account-manager', 'password_store',
','.join(stores.get_enabled_store_names()))
for store in stores.get_all_stores():
for attr, option in _getoptions(store):
cls_name = store.__class__.__name__
newvalue = req.args.get('%s.%s' % (cls_name, attr))
self.log.debug("%s.%s: %s" % (cls_name, attr, newvalue))
if newvalue is not None:
self.config.set(option.section, option.name, newvalue)
self.config.save()
self.config.set('account-manager', 'force_passwd_change',
req.args.get('force_passwd_change', False))
self.config.set('account-manager', 'persistent_sessions',
req.args.get('persistent_sessions', False))
self.config.set('account-manager', 'verify_email',
req.args.get('verify_email', False))
self.config.set('account-manager', 'refresh_passwd',
req.args.get('refresh_passwd', False))
self.config.save()
sections = []
for store in self.acctmgr.stores:
if store.__class__.__name__ == "ResetPwStore":
# Exclude special store, that is used strictly internally and
# inherits configuration from SessionStore anyway.
continue
options = []
for attr, option in _getoptions(store):
error = None
opt_val = None
value = None
try:
opt_val = option.__get__(store, store)
except AttributeError, e:
self.env.log.error(e)
error = _("""Error while reading configuration -
Hint: Enable/install the required component.""")
pass
if opt_val:
value = isinstance(opt_val, Component) and \
opt_val.__class__.__name__ or opt_val
opt_sel = None
try:
interface = option.xtnpt.interface
opt_sel = {'options': [], 'selected': None}
except AttributeError:
# No ExtensionOption / Interface undefined
pass
if opt_sel:
for impl in option.xtnpt.extensions(self.env):
extension = impl.__class__.__name__
opt_sel['options'].append(extension)
if opt_val and extension == value:
opt_sel['selected'] = extension
if len(opt_sel['options']) == 0 and error:
opt_sel['error'] = error
value = opt_sel
options.append({
'label':
attr,
'name':
'%s.%s' % (store.__class__.__name__, attr),
'value':
value,
'doc':
gettext(option.__doc__)
})
continue
sections.append({
'name': store.__class__.__name__,
'classname': store.__class__.__name__,
'order': stores[store],
'options': options,
})
continue
def process_request(self, req):
acctmgr = self.acctmgr
if req.authname != 'anonymous':
req.redirect(req.href.prefs('account'))
action = req.args.get('action')
name = req.args.get('name', '').strip()
username = acctmgr.handle_username_casing(req.args.get('username',
'').strip())
data = {
'_dgettext': dgettext,
'acctmgr': dict(name=name, username=username),
'ignore_auth_case': self.config.getbool('trac', 'ignore_auth_case')
}
verify_enabled = is_enabled(self.env, EmailVerificationModule) and \
EmailVerificationModule(self.env).verify_email
data['verify_account_enabled'] = verify_enabled
if req.method == 'POST' and action == 'create':
try:
try:
# Check request and prime account on success.
acctmgr.validate_account(req, True)
except NotificationError, e:
chrome.add_warning(req, _(
"Error raised while sending a change notification."
) + _("You should report that issue to a Trac admin."))
self.log.error(
'Unable to send registration notification: %s',
exception_to_unicode(e, traceback=True))
except RegistrationError, e:
# Attempt deferred translation.
message = gettext(e.message)
# Check for (matching number of) message arguments before
# attempting string substitution.
if e.msg_args and \
len(e.msg_args) == len(re.findall('%s', message)):
message = message % e.msg_args
chrome.add_warning(req, Markup(message))
else:
if self.require_approval:
set_user_attribute(self.env, username, 'approval',
N_('pending'))
# Notify admin user about registration pending for review.
try:
acctmgr._notify('registration_approval_required',
username)
except NotificationError, e:
chrome.add_warning(req, _(
"Error raised while sending a change "
"notification.") + _("You should report that "
"issue to a Trac admin."))
self.log.error('Unable to send admin notification: %s',
exception_to_unicode(e, traceback=True))
else:
chrome.add_notice(req, Markup(tag.span(Markup(_(
"Your username has been registered successfully, "
"but your account requires administrative "
"approval. Please proceed according to local "
"policy."))))
)
if verify_enabled:
chrome.add_notice(req, Markup(tag.span(Markup(_(
"""Your username has been successfully registered but
your account still requires activation. Please login
as user %(user)s, and follow the instructions.""",
user=tag.b(username)))))
)
req.redirect(req.href.login())
chrome.add_notice(req, Markup(tag.span(Markup(_(
"""Registration has been finished successfully.
You may log in as user %(user)s now.""",
user=tag.b(username)))))
)
req.redirect(req.href.login())
