def func(self): """ Uses the Django admin api. Note that unlogged-in commands have a unique position in that their func() receives a session object instead of a source_object like all other types of logged-in commands (this is because there is no object yet before the account has logged in) """ session = self.caller address = session.address args = self.args # extract double quote parts parts = [ part.strip() for part in re.split(r"\"", args) if part.strip() ] if len(parts) <= 1: # this was (hopefully) due to no double quotes being found, or a guest login # parts = parts[0].split(None, 1) # Guest login # if len(parts) == 1 and parts[0].lower() == "guest": # Get Guest typeclass Guest = class_from_module(settings.BASE_GUEST_TYPECLASS) account, errors = Guest.authenticate(ip=address, zone=session.zone) if account: session.sessionhandler.login(session, account) return else: session.msg("|R%s|n" % "\n".join(errors)) return if len(parts) != 2: session.msg("\n\r Usage (without <>): connect <name> <password>") return # Get account class Account = class_from_module(settings.BASE_ACCOUNT_TYPECLASS) name, password = parts account, errors = Account.authenticate(username=name, password=password, ip=address, session=session) if account: session.sessionhandler.login(session, account) else: session.msg("|R%s|n" % "\n".join(errors))
def setUp(self): super(ChannelDetailTest, self).setUp() klass = class_from_module(self.channel_typeclass) # Create a channel klass.create("demo")
class CharacterMixin(TypeclassMixin): """ This is a "mixin", a modifier of sorts. Any view class with this in its inheritance list will be modified to work with Character objects instead of generic Objects or otherwise. """ # -- Django constructs -- model = class_from_module(settings.BASE_CHARACTER_TYPECLASS) form_class = website_forms.CharacterForm success_url = reverse_lazy("character-manage") def get_queryset(self): """ This method will override the Django get_queryset method to only return a list of characters associated with the current authenticated user. Returns: queryset (QuerySet): Django queryset for use in the given view. """ # Get IDs of characters owned by account account = self.request.user ids = [getattr(x, "id") for x in account.characters if x] # Return a queryset consisting of those characters return self.typeclass.objects.filter(id__in=ids).order_by( Lower("db_key"))
def create_guest_account(session): """ Creates a guest account/character for this session, if one is available. Args: session (Session): the session which will use the guest account/character. Returns: GUEST_ENABLED (boolean), account (Account): the boolean is whether guest accounts are enabled at all. the Account which was created from an available guest name. """ enabled = settings.GUEST_ENABLED address = session.address # Get account class Guest = class_from_module(settings.BASE_GUEST_TYPECLASS) # Get an available guest account # authenticate() handles its own throttling account, errors = Guest.authenticate(ip=address) if account: return enabled, account else: session.msg("|R%s|n" % "\n".join(errors)) return enabled, None
def create_normal_account(session, name, password): """ Creates an account with the given name and password. Args: session (Session): the session which is requesting to create an account. name (str): the name that the account wants to use for login. password (str): the password desired by this account, for login. Returns: account (Account): the account which was created from the name and password. """ # Get account class Account = class_from_module(settings.BASE_ACCOUNT_TYPECLASS) address = session.address # Match account name and check password # authenticate() handles all its own throttling account, errors = Account.authenticate(username=name, password=password, ip=address, session=session) if not account: # No accountname or password match session.msg("|R%s|n" % "\n".join(errors)) return None return account
def setUp(self): super(ChannelDetailTest, self).setUp() klass = class_from_module(self.channel_typeclass, fallback=settings.FALLBACK_CHANNEL_TYPECLASS) # Create a channel klass.create("demo")
def _gamestats(): # Some misc. configurable stuff. # TODO: Move this to either SQL or settings.py based configuration. fpage_account_limit = 4 # A QuerySet of the most recently connected accounts. recent_users = AccountDB.objects.get_recently_connected_accounts( )[:fpage_account_limit] nplyrs_conn_recent = len(recent_users) or "none" nplyrs = AccountDB.objects.num_total_accounts() or "none" nplyrs_reg_recent = len( AccountDB.objects.get_recently_created_accounts()) or "none" nsess = SESSION_HANDLER.account_count() # nsess = len(AccountDB.objects.get_connected_accounts()) or "no one" nobjs = ObjectDB.objects.count() nobjs = nobjs or 1 # fix zero-div error with empty database Character = class_from_module( settings.BASE_CHARACTER_TYPECLASS, fallback=settings.FALLBACK_CHARACTER_TYPECLASS) nchars = Character.objects.all_family().count() Room = class_from_module(settings.BASE_ROOM_TYPECLASS, fallback=settings.FALLBACK_ROOM_TYPECLASS) nrooms = Room.objects.all_family().count() Exit = class_from_module(settings.BASE_EXIT_TYPECLASS, fallback=settings.FALLBACK_EXIT_TYPECLASS) nexits = Exit.objects.all_family().count() nothers = nobjs - nchars - nrooms - nexits pagevars = { "page_title": "Front Page", "accounts_connected_recent": recent_users, "num_accounts_connected": nsess or "no one", "num_accounts_registered": nplyrs or "no", "num_accounts_connected_recent": nplyrs_conn_recent or "no", "num_accounts_registered_recent": nplyrs_reg_recent or "no one", "num_rooms": nrooms or "none", "num_exits": nexits or "no", "num_objects": nobjs or "none", "num_characters": nchars or "no", "num_others": nothers or "no", } return pagevars
class ObjectCreateView(LoginRequiredMixin, EvenniaCreateView): """ This is an important view. Any view you write that deals with creating a specific object will want to inherit from this. It provides the mechanisms by which to make sure the user requesting creation of an object is authenticated, and provides a sane default title for the page. """ model = class_from_module(settings.BASE_OBJECT_TYPECLASS)
class AccountMixin(TypeclassMixin): """ This is a "mixin", a modifier of sorts. Any view class with this in its inheritance list will be modified to work with Account objects instead of generic Objects or otherwise. """ # -- Django constructs -- model = class_from_module(settings.BASE_ACCOUNT_TYPECLASS) form_class = website_forms.AccountForm
class Meta: """ This is a Django construct that provides additional configuration to the form. """ # The model/typeclass this form creates model = class_from_module(settings.BASE_ACCOUNT_TYPECLASS) # The fields to display on the form, in the given order fields = ("username", "email") # Any overrides of field classes field_classes = {'username': UsernameField}
class Meta: """ This is a Django construct that provides additional configuration to the form. """ # Get the correct object model model = class_from_module(settings.BASE_CHARACTER_TYPECLASS) # Allow entry of the 'key' field fields = ("db_key", ) # Rename 'key' to something more intelligible labels = {"db_key": "Name"}
class Meta: """ This is a Django construct that provides additional configuration to the form. """ # The model/typeclass this form creates model = class_from_module(settings.BASE_OBJECT_TYPECLASS) # The fields to display on the form, in the given order fields = ("db_key", ) # This lets us rename ugly db-specific keys to something more human labels = {"db_key": "Name"}
def func(self): """Do checks and create account""" session = self.caller args = self.args.strip() address = session.address # Get account class Account = class_from_module(settings.BASE_ACCOUNT_TYPECLASS) # extract double quoted parts parts = [part.strip() for part in re.split(r"\"", args) if part.strip()] if len(parts) == 1: # this was (hopefully) due to no quotes being found parts = parts[0].split(None, 1) if len(parts) != 2: string = ( "\n Utilisation (sans <>): @inscription <nom d'utilisateur> <mot de passe>" "\nSi <nom d'utilisateur> ou <mot de passe> contiennent des espaces, mettez des guillements." ) session.msg(string) return username, password = parts # everything's ok. Create the new account account. account, errors = Account.create( username=username, password=password, ip=address, session=session ) if not account: session.msg("|R{}|n".format("\n".join(errors))) return new_account_chunk = f"Un nouveau compte {username} a été créé. Bienvenue!" double_quotes_chunk = f"\n\nVous pouvez désormais vous connecter avec la commande '|w@connexion \"{username}\" <votre mot de passe>|n'." no_double_quotes_chunk = f"\n\nVous pouvez désormais vous connecter avec la commande '|w@connexion {username} <votre mot de passe>|n'." chunks = [new_account_chunk, ] # tell the caller everything went well. if " " in username: chunks.append(double_quotes_chunk) else: chunks.append(no_double_quotes_chunk) session.msg("".join(chunks))
class ChannelMixin(TypeclassMixin): """ This is a "mixin", a modifier of sorts. Any view class with this in its inheritance list will be modified to work with HelpEntry objects instead of generic Objects or otherwise. """ # -- Django constructs -- model = class_from_module(settings.BASE_CHANNEL_TYPECLASS, fallback=settings.FALLBACK_CHANNEL_TYPECLASS) # -- Evennia constructs -- page_title = "Channels" # What lock type to check for the requesting user, authenticated or not. # https://github.com/evennia/evennia/wiki/Locks#valid-access_types access_type = "listen" def get_queryset(self): """ Django hook; here we want to return a list of only those Channels and other documentation that the current user is allowed to see. Returns: queryset (QuerySet): List of Channels available to the user. """ account = self.request.user # Get list of all Channels channels = self.typeclass.objects.all().iterator() # Now figure out which ones the current user is allowed to see bucket = [ channel.id for channel in channels if channel.access(account, "listen") ] # Re-query and set a sorted list filtered = self.typeclass.objects.filter(id__in=bucket).order_by( Lower("db_key")) return filtered
def func(self): """Do checks and create account""" session = self.caller args = self.args.strip() address = session.address # Get account class Account = class_from_module(settings.BASE_ACCOUNT_TYPECLASS) # extract double quoted parts parts = [ part.strip() for part in re.split(r"\"", args) if part.strip() ] if len(parts) == 1: # this was (hopefully) due to no quotes being found parts = parts[0].split(None, 1) if len(parts) != 2: string = ( "\n Usage (without <>): create <name> <password>" "\nIf <name> or <password> contains spaces, enclose it in double quotes." ) session.msg(string) return username, password = parts # everything's ok. Create the new account account. account, errors = Account.create(username=username, password=password, ip=address, session=session) if account: # tell the caller everything went well. string = "A new account '%s' was created. Welcome!" if " " in username: string += ( "\n\nYou can now log in with the command 'connect \"%s\" <your password>'." ) else: string += "\n\nYou can now log with the command 'connect %s <your password>'." session.msg(string % (username, username)) else: session.msg("|R%s|n" % "\n".join(errors))
class ObjectDeleteView(LoginRequiredMixin, ObjectDetailView, EvenniaDeleteView): """ This is an important view for obvious reasons! Any view you write that deals with deleting a specific object will want to inherit from this. It provides the mechanisms by which to make sure the user requesting deletion of an object is authenticated, and that they have permissions to delete the requested object. """ # -- Django constructs -- model = class_from_module(settings.BASE_OBJECT_TYPECLASS, fallback=settings.FALLBACK_OBJECT_TYPECLASS) template_name = "website/object_confirm_delete.html" # -- Evennia constructs -- access_type = "delete" def delete(self, request, *args, **kwargs): """ Calls the delete() method on the fetched object and then redirects to the success URL. We extend this so we can capture the name for the sake of confirmation. """ # Get the object in question. ObjectDetailView.get_object() will also # check to make sure the current user (authenticated or not) has # permission to delete it! obj = str(self.get_object()) # Perform the actual deletion (the parent class handles this, which will # in turn call the delete() method on the object) response = super(ObjectDeleteView, self).delete(request, *args, **kwargs) # Notify the user of the deletion messages.success(request, "Successfully deleted '%s'." % obj) return response
""" Admin commands """ import time import re from django.conf import settings from evennia.server.sessionhandler import SESSIONS from evennia.server.models import ServerConfig from evennia.utils import prettytable, search, class_from_module COMMAND_DEFAULT_CLASS = class_from_module(settings.COMMAND_DEFAULT_CLASS) PERMISSION_HIERARCHY = [p.lower() for p in settings.PERMISSION_HIERARCHY] # limit members for API inclusion __all__ = ("CmdBoot", "CmdBan", "CmdUnban", "CmdDelPlayer", "CmdEmit", "CmdNewPassword", "CmdPerm", "CmdWall") class CmdBoot(COMMAND_DEFAULT_CLASS): """ kick a player from the server. Usage @boot[/switches] <player obj> [: reason] Switches: quiet - Silently boot without informing player
def func(self): """Do checks and create account""" session = self.caller args = self.args.strip() # Rate-limit account creation. address = session.address if isinstance(address, tuple): address = address[0] if CREATION_THROTTLE.check(address): session.msg( "|RYou are creating too many accounts. Try again in a few minutes.|n" ) return # extract double quoted parts parts = [ part.strip() for part in re.split(r"\"", args) if part.strip() ] if len(parts) == 1: # this was (hopefully) due to no quotes being found parts = parts[0].split(None, 1) if len(parts) != 2: string = "\n Usage (without <>): create <name> <password>" \ "\nIf <name> or <password> contains spaces, enclose it in double quotes." session.msg(string) return accountname, password = parts # sanity checks if not re.findall(r"^[\w. @+\-']+$", accountname) or not (0 < len(accountname) <= 30): # this echoes the restrictions made by django's auth # module (except not allowing spaces, for convenience of # logging in). string = "\n\r Accountname can max be 30 characters or fewer. Letters, spaces, digits and @/./+/-/_/' only." session.msg(string) return # strip excessive spaces in accountname accountname = re.sub(r"\s+", " ", accountname).strip() if AccountDB.objects.filter(username__iexact=accountname): # account already exists (we also ignore capitalization here) session.msg( "Sorry, there is already an account with the name '%s'." % accountname) return # Reserve accountnames found in GUEST_LIST if settings.GUEST_LIST and accountname.lower() in ( guest.lower() for guest in settings.GUEST_LIST): string = "\n\r That name is reserved. Please choose another Accountname." session.msg(string) return # Validate password Account = utils.class_from_module(settings.BASE_ACCOUNT_TYPECLASS) # Have to create a dummy Account object to check username similarity valid, error = Account.validate_password( password, account=Account(username=accountname)) if error: errors = [e for suberror in error.messages for e in error.messages] string = "\n".join(errors) session.msg(string) return # Check IP and/or name bans bans = ServerConfig.objects.conf("server_bans") if bans and (any(tup[0] == accountname.lower() for tup in bans) or any(tup[2].match(session.address) for tup in bans if tup[2])): # this is a banned IP or name! string = "|rYou have been banned and cannot continue from here." \ "\nIf you feel this ban is in error, please email an admin.|x" session.msg(string) session.sessionhandler.disconnect(session, "Good bye! Disconnecting.") return # everything's ok. Create the new account account. try: permissions = settings.PERMISSION_ACCOUNT_DEFAULT typeclass = settings.BASE_CHARACTER_TYPECLASS new_account = _create_account(session, accountname, password, permissions) if new_account: if MULTISESSION_MODE < 2: default_home = ObjectDB.objects.get_id( settings.DEFAULT_HOME) _create_character(session, new_account, typeclass, default_home, permissions) # Update the throttle to indicate a new account was created from this IP CREATION_THROTTLE.update(address) # tell the caller everything went well. string = "A new account '%s' was created. Welcome!" if " " in accountname: string += "\n\nYou can now log in with the command 'connect \"%s\" <your password>'." else: string += "\n\nYou can now log with the command 'connect %s <your password>'." session.msg(string % (accountname, accountname)) except Exception: # We are in the middle between logged in and -not, so we have # to handle tracebacks ourselves at this point. If we don't, # we won't see any errors at all. session.msg( "An error occurred. Please e-mail an admin if the problem persists." ) logger.log_trace()
class ObjectUpdateView(LoginRequiredMixin, ObjectDetailView, EvenniaUpdateView): """ This is an important view. Any view you write that deals with updating a specific object will want to inherit from this. It provides the mechanisms by which to make sure the user requesting editing of an object is authenticated, and that they have permissions to edit the requested object. This functions slightly different from default Django UpdateViews in that it does not update core model fields, *only* object attributes! """ # -- Django constructs -- model = class_from_module(settings.BASE_OBJECT_TYPECLASS) # -- Evennia constructs -- access_type = "edit" def get_success_url(self): """ Django hook. Can be overridden to return any URL you want to redirect the user to after the object is successfully updated, but by default it goes to the object detail page so the user can see their changes reflected. """ if self.success_url: return self.success_url return self.object.web_get_detail_url() def get_initial(self): """ Django hook, modified for Evennia. Prepopulates the update form field values based on object db attributes. Returns: data (dict): Dictionary of key:value pairs containing initial form data. """ # Get the object we want to update obj = self.get_object() # Get attributes data = {k: getattr(obj.db, k, "") for k in self.form_class.base_fields} # Get model fields data.update( {k: getattr(obj, k, "") for k in self.form_class.Meta.fields}) return data def form_valid(self, form): """ Override of Django hook. Updates object attributes based on values submitted. This is run when the form is submitted and the data on it is deemed valid-- all values are within expected ranges, all strings contain valid characters and lengths, etc. This method is only called if all values for the fields submitted passed form validation, so at this point we can assume the data is validated and sanitized. """ # Get the attributes after they've been cleaned and validated data = { k: v for k, v in form.cleaned_data.items() if k not in self.form_class.Meta.fields } # Update the object attributes for key, value in data.items(): self.object.attributes.add(key, value) messages.success( self.request, "Successfully updated '%s' for %s." % (key, self.object)) # Do not return super().form_valid; we don't want to update the model # instance, just its attributes. return HttpResponseRedirect(self.get_success_url())
""" Admin commands """ import time import re from django.conf import settings from evennia.server.sessionhandler import SESSIONS from evennia.server.models import ServerConfig from evennia.utils import evtable, search, class_from_module COMMAND_DEFAULT_CLASS = class_from_module(settings.COMMAND_DEFAULT_CLASS) PERMISSION_HIERARCHY = [p.lower() for p in settings.PERMISSION_HIERARCHY] # limit members for API inclusion __all__ = ("CmdBoot", "CmdBan", "CmdUnban", "CmdDelPlayer", "CmdEmit", "CmdNewPassword", "CmdPerm", "CmdWall") class CmdBoot(COMMAND_DEFAULT_CLASS): """ kick a player from the server. Usage @boot[/switches] <player obj> [: reason] Switches: quiet - Silently boot without informing player
class ObjectDetailView(EvenniaDetailView): """ This is an important view. Any view you write that deals with displaying, updating or deleting a specific object will want to inherit from this. It provides the mechanisms by which to retrieve the object and make sure the user requesting it has permissions to actually *do* things to it. """ # -- Django constructs -- # # Choose what class of object this view will display. Note that this should # be an actual Python class (i.e. do `from typeclasses.characters import # Character`, then put `Character`), not an Evennia typeclass path # (i.e. `typeclasses.characters.Character`). # # So when you extend it, this line should look simple, like: # model = Object model = class_from_module(settings.BASE_OBJECT_TYPECLASS) # What HTML template you wish to use to display this page. template_name = "website/object_detail.html" # -- Evennia constructs -- # # What lock type to check for the requesting user, authenticated or not. # https://github.com/evennia/evennia/wiki/Locks#valid-access_types access_type = "view" # What attributes of the object you wish to display on the page. Model-level # attributes will take precedence over identically-named db.attributes! # The order you specify here will be followed. attributes = ["name", "desc"] def get_context_data(self, **kwargs): """ Adds an 'attributes' list to the request context consisting of the attributes specified at the class level, and in the order provided. Django views do not provide a way to reference dynamic attributes, so we have to grab them all before we render the template. Returns: context (dict): Django context object """ # Get the base Django context object context = super(ObjectDetailView, self).get_context_data(**kwargs) # Get the object in question obj = self.get_object() # Create an ordered dictionary to contain the attribute map attribute_list = OrderedDict() for attribute in self.attributes: # Check if the attribute is a core fieldname (name, desc) if attribute in self.typeclass._meta._property_names: attribute_list[attribute.title()] = getattr(obj, attribute, "") # Check if the attribute is a db attribute (char1.db.favorite_color) else: attribute_list[attribute.title()] = getattr( obj.db, attribute, "") # Add our attribute map to the Django request context, so it gets # displayed on the template context["attribute_list"] = attribute_list # Return the comprehensive context object return context def get_object(self, queryset=None): """ Override of Django hook that provides some important Evennia-specific functionality. Evennia does not natively store slugs, so where a slug is provided, calculate the same for the object and make sure it matches. This also checks to make sure the user has access to view/edit/delete this object! """ # A queryset can be provided to pre-emptively limit what objects can # possibly be returned. For example, you can supply a queryset that # only returns objects whose name begins with "a". if not queryset: queryset = self.get_queryset() # Get the object, ignoring all checks and filters for now obj = self.typeclass.objects.get(pk=self.kwargs.get("pk")) # Check if this object was requested in a valid manner if slugify(obj.name) != self.kwargs.get(self.slug_url_kwarg): raise HttpResponseBadRequest( "No %(verbose_name)s found matching the query" % {"verbose_name": queryset.model._meta.verbose_name}) # Check if the requestor account has permissions to access object account = self.request.user if not obj.access(account, self.access_type): raise PermissionDenied( "You are not authorized to %s this object." % self.access_type) # Get the object, if it is in the specified queryset obj = super(ObjectDetailView, self).get_object(queryset) return obj