def runAction(self, node, op=""):
node.set("key", mkKey())
db.session.commit()
self.forward(node, True)
def createShareKey(self):
k = mkKey()
self.set("key", k)
return k
def show_workflow_step(self, req):
typenames = self.get("newnodetype").split(";")
wfnode = self.getParents()[0]
redirect = ""
message = ""
# check existence of metadata types listed in the definition of the start node
mdts = tree.getRoot("metadatatypes")
for schema in typenames:
if not mdts.hasChild(schema.strip().split("/")[-1]):
return ("<i>%s: %s </i>") % (schema, t(lang(req), "permission_denied"))
if "workflow_start" in req.params:
switch_language(req, req.params.get("workflow_language"))
node = tree.Node(name="", type=req.params.get("selected_schema"))
self.addChild(node)
node.setAccess("read", "{user workflow}")
node.set("creator", "workflow-" + self.getParents()[0].getName())
node.set("creationtime", date.format_date())
node.set("system.wflanguage", req.params.get("workflow_language", req.session.get("language")))
node.set("key", mkKey())
node.set("system.key", node.get("key")) # initial key identifier
req.session["key"] = node.get("key")
return self.forwardAndShow(node, True, req)
elif "workflow_start_auth" in req.params: # auth node by id and key
try:
node = tree.getNode(req.params.get("nodeid"))
# startkey, but protected
if node.get("system.key") == req.params.get("nodekey") and node.get("key") != req.params.get("nodekey"):
message = "workflow_start_err_protected"
elif node.get("key") == req.params.get("nodekey"):
redirect = "/pnode?id=%s&key=%s" % (node.id, node.get("key"))
else:
message = "workflow_start_err_wrongkey"
except:
message = "workflow_start_err_wrongkey"
types = []
for a in typenames:
if a:
m = getMetaType(a)
# we could now check m.isActive(), but for now let's
# just take all specified metatypes, so that edit area
# and workflow are independent on this
types += [(m, a)]
cookie_error = t(lang(req), "Your browser doesn't support cookies")
js = (
"""
<script language="javascript">
function cookie_test() {
if (document.cookie=="")
document.cookie = "CookieTest=Erfolgreich";
if (document.cookie=="") {
alert("%s");
}
}
cookie_test();
</script>"""
% cookie_error
)
return req.getTAL(
"workflow/start.html",
{
"types": types,
"id": self.id,
"js": js,
"starttext": self.get("starttext"),
"languages": self.getParents()[0].getLanguages(),
"currentlang": lang(req),
"sidebartext": self.getSidebarText(lang(req)),
"redirect": redirect,
"message": message,
"allowcontinue": self.get("allowcontinue"),
},
macro="workflow_start",
)
def show_workflow_step(self, req):
typenames = self.get("newnodetype").split(";")
wfnode = self.parents[0]
redirect = ""
message = ""
# check existence of metadata types listed in the definition of the start node
mdts = q(Metadatatypes).one()
for schema in typenames:
if not mdts.children.filter_by(name=schema.strip().split("/")[-1]).scalar():
return ('<i>%s: %s </i>') % (schema, t(lang(req), "permission_denied"))
if "workflow_start" in req.params:
switch_language(req, req.params.get('workflow_language'))
content_class = Node.get_class_for_typestring(req.params.get('selected_schema').split('/')[0])
node = content_class(name=u'', schema=req.params.get('selected_schema').split('/')[1])
self.children.append(node)
# create user group named '_workflow' if it doesn't exist
workflow_group = q(UserGroup).filter_by(name=u'_workflow').scalar()
if workflow_group is None:
workflow_group = UserGroup(name=u'_workflow', description=u'internal dummy group for nodes in workflows')
db.session.add(workflow_group)
# create access rule with '_workflow' user group
workflow_rule = get_or_add_access_rule(group_ids=[workflow_group.id])
special_access_ruleset = node.get_or_add_special_access_ruleset(ruletype=u'read')
special_access_ruleset.rule_assocs.append(AccessRulesetToRule(rule=workflow_rule))
node.set("creator", "workflow-" + self.parents[0].name)
node.set("creationtime", date.format_date())
node.set("system.wflanguage", req.params.get('workflow_language', req.Cookies.get('language')))
node.set("key", mkKey())
node.set("system.key", node.get("key")) # initial key identifier
req.session["key"] = node.get("key")
db.session.commit()
return self.forwardAndShow(node, True, req)
elif "workflow_start_auth" in req.params: # auth node by id and key
try:
node = q(Node).get(req.params.get('nodeid'))
# startkey, but protected
if node.get('system.key') == req.params.get('nodekey') and node.get('key') != req.params.get('nodekey'):
message = "workflow_start_err_protected"
elif node.get('key') == req.params.get('nodekey'):
redirect = "/pnode?id=%s&key=%s" % (node.id, node.get('key'))
else:
message = "workflow_start_err_wrongkey"
except:
logg.exception("exception in workflow step start (workflow_start_auth)")
message = "workflow_start_err_wrongkey"
types = []
for a in typenames:
if a:
m = getMetaType(a)
# we could now check m.isActive(), but for now let's
# just take all specified metatypes, so that edit area
# and workflow are independent on this
types += [(m, a)]
cookie_error = t(lang(req), "Your browser doesn't support cookies")
js = """
<script language="javascript">
function cookie_test() {
if (document.cookie=="")
document.cookie = "CookieTest=Erfolgreich";
if (document.cookie=="") {
alert("%s");
}
}
cookie_test();
</script>""" % cookie_error
return req.getTAL("workflow/start.html",
{'types': types,
'id': self.id,
'js': js,
'starttext': self.get('starttext'),
'languages': self.parents[0].getLanguages(),
'currentlang': lang(req),
'sidebartext': self.getSidebarText(lang(req)),
'redirect': redirect,
'message': message,
'allowcontinue': self.get('allowcontinue'),
"csrf": req.csrf_token.current_token,},
macro="workflow_start")
def show_workflow_step(self, req):
typenames = self.get("newnodetype").split(";")
wfnode = self.getParents()[0]
redirect = ""
message = ""
# check existence of metadata types listed in the definition of the start node
mdts = tree.getRoot("metadatatypes")
for schema in typenames:
if not mdts.hasChild(schema.strip().split("/")[-1]):
return ('<i>%s: %s </i>') % (schema,
t(lang(req), "permission_denied"))
if "workflow_start" in req.params:
switch_language(req, req.params.get('workflow_language'))
node = tree.Node(name="", type=req.params.get('selected_schema'))
self.addChild(node)
node.setAccess("read", "{user workflow}")
node.set("creator", "workflow-" + self.getParents()[0].getName())
node.set("creationtime", date.format_date())
node.set(
"system.wflanguage",
req.params.get('workflow_language',
req.session.get('language')))
node.set("key", mkKey())
node.set("system.key", node.get("key")) # initial key identifier
req.session["key"] = node.get("key")
return self.forwardAndShow(node, True, req)
elif "workflow_start_auth" in req.params: # auth node by id and key
try:
node = tree.getNode(req.params.get('nodeid'))
# startkey, but protected
if node.get('system.key') == req.params.get(
'nodekey'
) and node.get('key') != req.params.get('nodekey'):
message = "workflow_start_err_protected"
elif node.get('key') == req.params.get('nodekey'):
redirect = "/pnode?id=%s&key=%s" % (node.id,
node.get('key'))
else:
message = "workflow_start_err_wrongkey"
except:
message = "workflow_start_err_wrongkey"
types = []
for a in typenames:
if a:
m = getMetaType(a)
# we could now check m.isActive(), but for now let's
# just take all specified metatypes, so that edit area
# and workflow are independent on this
types += [(m, a)]
cookie_error = t(lang(req), "Your browser doesn't support cookies")
js = """
<script language="javascript">
function cookie_test() {
if (document.cookie=="")
document.cookie = "CookieTest=Erfolgreich";
if (document.cookie=="") {
alert("%s");
}
}
cookie_test();
</script>""" % cookie_error
return req.getTAL("workflow/start.html", {
'types': types,
'id': self.id,
'js': js,
'starttext': self.get('starttext'),
'languages': self.getParents()[0].getLanguages(),
'currentlang': lang(req),
'sidebartext': self.getSidebarText(lang(req)),
'redirect': redirect,
'message': message,
'allowcontinue': self.get('allowcontinue')
},
macro="workflow_start")
def runAction(self, node, op=""):
node.set("key", mkKey())
db.session.commit()
self.forward(node, True)
def runAction(self, node, op=""):
node.set("key", mkKey())
self.forward(node, True)
def show_workflow_step(self, req):
typenames = self.get("newnodetype").split(";")
wfnode = self.parents[0]
redirect = ""
message = ""
# check existence of metadata types listed in the definition of the start node
mdts = q(Metadatatypes).one()
for schema in typenames:
if not mdts.children.filter_by(
name=schema.strip().split("/")[-1]).scalar():
return ('<i>%s: %s </i>') % (schema,
t(lang(req), "permission_denied"))
if "workflow_start" in req.params:
switch_language(req, req.params.get('workflow_language'))
content_class = Node.get_class_for_typestring(
req.params.get('selected_schema').split('/')[0])
node = content_class(
name=u'',
schema=req.params.get('selected_schema').split('/')[1])
self.children.append(node)
# create user group named '_workflow' if it doesn't exist
workflow_group = q(UserGroup).filter_by(name=u'_workflow').scalar()
if workflow_group is None:
workflow_group = UserGroup(
name=u'_workflow',
description=u'internal dummy group for nodes in workflows')
db.session.add(workflow_group)
# create access rule with '_workflow' user group
workflow_rule = get_or_add_access_rule(
group_ids=[workflow_group.id])
special_access_ruleset = node.get_or_add_special_access_ruleset(
ruletype=u'read')
special_access_ruleset.rule_assocs.append(
AccessRulesetToRule(rule=workflow_rule))
node.set("creator", "workflow-" + self.parents[0].name)
node.set("creationtime", date.format_date())
node.set(
"system.wflanguage",
req.params.get('workflow_language',
req.Cookies.get('language')))
node.set("key", mkKey())
node.set("system.key", node.get("key")) # initial key identifier
req.session["key"] = node.get("key")
db.session.commit()
return self.forwardAndShow(node, True, req)
elif "workflow_start_auth" in req.params: # auth node by id and key
try:
node = q(Node).get(req.params.get('nodeid'))
# startkey, but protected
if node.get('system.key') == req.params.get(
'nodekey'
) and node.get('key') != req.params.get('nodekey'):
message = "workflow_start_err_protected"
elif node.get('key') == req.params.get('nodekey'):
redirect = "/pnode?id=%s&key=%s" % (node.id,
node.get('key'))
else:
message = "workflow_start_err_wrongkey"
except:
logg.exception(
"exception in workflow step start (workflow_start_auth)")
message = "workflow_start_err_wrongkey"
types = []
for a in typenames:
if a:
m = getMetaType(a)
# we could now check m.isActive(), but for now let's
# just take all specified metatypes, so that edit area
# and workflow are independent on this
types += [(m, a)]
cookie_error = t(lang(req), "Your browser doesn't support cookies")
js = """
<script language="javascript">
function cookie_test() {
if (document.cookie=="")
document.cookie = "CookieTest=Erfolgreich";
if (document.cookie=="") {
alert("%s");
}
}
cookie_test();
</script>""" % cookie_error
return req.getTAL("workflow/start.html", {
'types': types,
'id': self.id,
'js': js,
'starttext': self.get('starttext'),
'languages': self.parents[0].getLanguages(),
'currentlang': lang(req),
'sidebartext': self.getSidebarText(lang(req)),
'redirect': redirect,
'message': message,
'allowcontinue': self.get('allowcontinue'),
"csrf": req.csrf_token.current_token,
},
macro="workflow_start")
def pwdforgotten(req):
if len(req.params) > 3: # user changed to browsing
return buildURL(req)
navframe = frame.getNavigationFrame(req)
navframe.feedback(req)
if req.params.get("action",
"") == "activate": # do activation of new password
id, key = req.params.get("key").replace("/", "").split('-')
targetuser = users.getUser(id)
if targetuser.get("newpassword.activation_key") == key:
newpassword = targetuser.get("newpassword.password")
if newpassword:
targetuser.set("password", newpassword)
print "password reset for user '%s' (id=%s) reset" % (
targetuser.getName(), targetuser.id)
targetuser.removeAttribute("newpassword.password")
targetuser.set("newpassword.time_activated",
date.format_date())
logging.getLogger('usertracing').info(
"new password activated for user: %s - was requested: %s by %s"
% (targetuser.getName(),
targetuser.get("newpassword.time_requested"),
targetuser.get("newpassword.request_ip")))
navframe.write(
req,
req.getTAL(theme.getTemplate("login.html"),
{"username": targetuser.getName()},
macro="pwdforgotten_password_activated"))
return httpstatus.HTTP_OK
else:
print "invalid key: wrong key or already used key"
navframe.write(
req,
req.getTAL(
theme.getTemplate("login.html"),
{"message": "pwdforgotten_password_invalid_key"},
macro="pwdforgotten_message"))
return httpstatus.HTTP_OK
elif "user" in req.params: # create email with activation information
username = req.params.get("user", "")
if username == '':
req.params['error'] = "pwdforgotten_noentry"
else:
targetuser = users.getUser(username)
if not targetuser or not targetuser.canChangePWD():
logging.getLogger('usertracing').info(
"new password requested for non-existing user: "******"pwdforgotten_nosuchuser"
else:
password = users.makeRandomPassword()
randomkey = mkKey()
targetuser.set("newpassword.password",
hashlib.md5(password).hexdigest())
targetuser.set("newpassword.time_requested",
date.format_date())
targetuser.set("newpassword.activation_key", randomkey)
targetuser.set("newpassword.request_ip", req.ip)
v = {}
v["name"] = targetuser.getName()
v["host"] = config.get("host.name")
v["login"] = targetuser.getName()
v["language"] = lang(req)
v["activationlink"] = v[
"host"] + "/pwdforgotten?action=activate&key=%s-%s" % (
targetuser.id, randomkey)
v["email"] = targetuser.getEmail()
v["userid"] = targetuser.getName()
# going to send the mail
try:
mailtext = req.getTAL(theme.getTemplate("login.html"),
v,
macro="emailtext")
mailtext = mailtext.strip().replace(
"[$newpassword]",
password).replace("[wird eingesetzt]", password)
mail.sendmail(config.get("email.admin"),
targetuser.getEmail(),
t(lang(req), "pwdforgotten_email_subject"),
mailtext)
logging.getLogger('usertracing').info(
"new password requested for user: %s - activation email sent"
% username)
navframe.write(
req,
req.getTAL(theme.getTemplate("login.html"),
{"message": "pwdforgotten_butmailnowsent"},
macro="pwdforgotten_message"))
return httpstatus.HTTP_OK
except mail.SocketError:
print "Socket error while sending mail"
logging.getLogger('usertracing').info(
"new password requested for user: %s - failed to send activation email"
% username)
return req.getTAL(
theme.getTemplate("login.html"),
{"message": "pwdforgotten_emailsenderror"},
macro="pwdforgotten_message")
# standard operation
navframe.write(
req,
req.getTAL(theme.getTemplate("login.html"), {
"error": req.params.get("error"),
"user": users.getUserFromRequest(req)
},
macro="pwdforgotten"))
return httpstatus.HTTP_OK
def pwdforgotten(req):
if len(req.params) > 3: # user changed to browsing
return buildURL(req)
navframe = frame.getNavigationFrame(req)
navframe.feedback(req)
if req.params.get("action", "") == "activate": # do activation of new password
id, key = req.params.get("key").replace("/", "").split('-')
targetuser = users.getUser(id)
if targetuser.get("newpassword.activation_key") == key:
newpassword = targetuser.get("newpassword.password")
if newpassword:
targetuser.set("password", newpassword)
print "password reset for user '%s' (id=%s) reset" % (targetuser.getName(), targetuser.id)
targetuser.removeAttribute("newpassword.password")
targetuser.set("newpassword.time_activated", date.format_date())
logging.getLogger('usertracing').info(
"new password activated for user: %s - was requested: %s by %s" %
(targetuser.getName(),
targetuser.get("newpassword.time_requested"),
targetuser.get("newpassword.request_ip")))
navframe.write(
req, req.getTAL(
theme.getTemplate("login.html"), {
"username": targetuser.getName()}, macro="pwdforgotten_password_activated"))
return httpstatus.HTTP_OK
else:
print "invalid key: wrong key or already used key"
navframe.write(
req, req.getTAL(
theme.getTemplate("login.html"), {
"message": "pwdforgotten_password_invalid_key"}, macro="pwdforgotten_message"))
return httpstatus.HTTP_OK
elif "user" in req.params: # create email with activation information
username = req.params.get("user", "")
if username == '':
req.params['error'] = "pwdforgotten_noentry"
else:
targetuser = users.getUser(username)
if not targetuser or not targetuser.canChangePWD():
logging.getLogger('usertracing').info("new password requested for non-existing user: "******"pwdforgotten_nosuchuser"
else:
password = users.makeRandomPassword()
randomkey = mkKey()
targetuser.set("newpassword.password", hashlib.md5(password).hexdigest())
targetuser.set("newpassword.time_requested", date.format_date())
targetuser.set("newpassword.activation_key", randomkey)
targetuser.set("newpassword.request_ip", req.ip)
v = {}
v["name"] = targetuser.getName()
v["host"] = config.get("host.name")
v["login"] = targetuser.getName()
v["language"] = lang(req)
v["activationlink"] = v["host"] + "/pwdforgotten?action=activate&key=%s-%s" % (targetuser.id, randomkey)
v["email"] = targetuser.getEmail()
v["userid"] = targetuser.getName()
# going to send the mail
try:
mailtext = req.getTAL(theme.getTemplate("login.html"), v, macro="emailtext")
mailtext = mailtext.strip().replace("[$newpassword]", password).replace("[wird eingesetzt]", password)
mail.sendmail(config.get("email.admin"), targetuser.getEmail(), t(lang(req), "pwdforgotten_email_subject"), mailtext)
logging.getLogger('usertracing').info("new password requested for user: %s - activation email sent" % username)
navframe.write(
req, req.getTAL(
theme.getTemplate("login.html"), {
"message": "pwdforgotten_butmailnowsent"}, macro="pwdforgotten_message"))
return httpstatus.HTTP_OK
except mail.SocketError:
print "Socket error while sending mail"
logging.getLogger('usertracing').info(
"new password requested for user: %s - failed to send activation email" % username)
return req.getTAL(
theme.getTemplate("login.html"), {"message": "pwdforgotten_emailsenderror"}, macro="pwdforgotten_message")
# standard operation
navframe.write(req, req.getTAL(theme.getTemplate("login.html"), {
"error": req.params.get("error"), "user": users.getUserFromRequest(req)}, macro="pwdforgotten"))
return httpstatus.HTTP_OK
def createShareKey(self):
k = mkKey()
self.set("key", k)
return k