def _reset_password_enabled(self, log=False):
try:
self.store.hash_method
except AttributeError:
return False
return is_enabled(self.env, self.__class__) and \
self.reset_password and (self._write_check(log) != []) and \
is_enabled(self.env, self.store.__class__) and \
self.store.hash_method and True or False
def _reset_password_enabled(self, log=False):
try:
self.store.hash_method
except AttributeError:
return False
return is_enabled(self.env, self.__class__) and \
self.reset_password and (self._write_check(log) != []) and \
is_enabled(self.env, self.store.__class__) and \
self.store.hash_method and True or False
def process_request(self, req):
if req.authname != 'anonymous':
req.redirect(req.href.prefs('account'))
action = req.args.get('action')
data = {
'acctmgr': {
'username': None,
'name': None,
'email': None,
},
'_dgettext': dgettext,
}
data['verify_account_enabled'] = is_enabled(
self.env, EmailVerificationModule) and self.acctmgr.verify_email
if req.method == 'POST' and action == 'create':
try:
_create_user(req, self.env)
except TracError, e:
data['registration_error'] = e.message
data['acctmgr'] = getattr(e, 'acctmgr', '')
else:
chrome.add_notice(
req,
Markup(
tag.span(
Markup(
_("""Registration has been finished successfully.
You may login as user %(user)s now.""",
user=tag.b(req.args.get('username')))))))
req.redirect(req.href.login())
def render_registration_fields(self, req, data):
"""Add an email address text input field to the registration form."""
# Preserve last input for editing on failure instead of typing
# everything again.
old_value = req.args.get('email', '').strip()
insert = tag.label(_("Email:"),
tag.input(type='text', name='email', size=20,
class_='textwidget', value=old_value)
)
# Deferred import required to aviod circular import dependencies.
from acct_mgr.web_ui import AccountModule
reset_password = AccountModule(self.env).reset_password_enabled
verify_account = is_enabled(self.env, EmailVerificationModule) and \
AccountManager(self.env).verify_email
if verify_account:
# TRANSLATOR: Registration form hints for a mandatory input field.
hint = tag.p(_("""The email address is required for Trac to send
you a verification token."""), class_='hint')
if reset_password:
hint = tag(hint, tag.p(_(
"""Entering your email address will also enable you
to reset your password if you ever forget it."""),
class_='hint')
)
return tag(insert, hint), data
elif reset_password:
# TRANSLATOR: Registration form hint, if email input is optional.
hint = tag.p(_("""Entering your email address will enable you to
reset your password if you ever forget it."""),
class_='hint')
return dict(optional=tag(insert, hint)), data
else:
# Always return the email text input itself as optional field.
return dict(optional=insert), data
def __init__(self, *args, **kwargs):
self.email_enabled = True
if self.config.getbool('announcer', 'email_enabled') != True and \
self.config.getbool('notification', 'smtp_enabled') != True:
self.email_enabled = False
if is_enabled(self.env, self.__class__) == True:
self.env.log.warn(self.__class__.__name__ + \
' can\'t work because of missing email setup.')
def __init__(self, *args, **kwargs):
self.email_enabled = True
if self.config.getbool('announcer', 'email_enabled') != True and \
self.config.getbool('notification', 'smtp_enabled') != True:
self.email_enabled = False
if is_enabled(self.env, self.__class__) == True:
self.env.log.warn(self.__class__.__name__ + \
' can\'t work because of missing email setup.')
def __init__(self):
c = self.config
if is_enabled(self.env, self.__class__) and \
is_enabled(self.env, auth.LoginModule):
# Disable auth.LoginModule to handle login requests alone.
self.env.log.info("Concurrent enabled login modules found, "
"fixing configuration ...")
c.set('components', 'trac.web.auth.loginmodule', 'disabled')
c.save()
self.env.log.info("trac.web.auth.LoginModule disabled, "
"giving preference to %s." % self.__class__)
self.cookie_lifetime = c.getint('trac', 'auth_cookie_lifetime', 0)
if not self.cookie_lifetime > 0:
# Set the session to expire after some time and not
# when the browser is closed - what is Trac core default).
self.cookie_lifetime = 86400 * 30 # AcctMgr default = 30 days
self.auth_share_participants = []
def validate_registration(self, req):
acctmgr = AccountManager(self.env)
username = acctmgr.handle_username_casing(
req.args.get('username', '').strip())
if self.username_regexp != "" and \
not re.match(self.username_regexp.strip(), username):
raise RegistrationError(
N_("Username %s doesn't match local naming policy."),
tag.b(username))
email = req.args.get('email', '').strip()
if acctmgr.verify_email and is_enabled(self.env, EmailCheck) and \
is_enabled(self.env, EmailVerificationModule):
if self.email_regexp.strip() != "" and \
not re.match(self.email_regexp.strip(), email):
raise RegistrationError(
N_("The email address specified appears to be invalid. "
"Please specify a valid email address."))
def validate_registration(self, req):
acctmgr = AccountManager(self.env)
username = acctmgr.handle_username_casing(
req.args.get('username', '').strip())
if self.username_regexp != "" and \
not re.match(self.username_regexp.strip(), username):
raise RegistrationError(N_(
"Username %s doesn't match local naming policy."),
tag.b(username)
)
email = req.args.get('email', '').strip()
if acctmgr.verify_email and is_enabled(self.env, EmailCheck) and \
is_enabled(self.env, EmailVerificationModule):
if self.email_regexp.strip() != "" and \
not re.match(self.email_regexp.strip(), email):
raise RegistrationError(N_(
"The email address specified appears to be invalid. "
"Please specify a valid email address.")
)
def validate_registration(self, req):
acctmgr = AccountManager(self.env)
email = req.args.get('email', '').strip()
if is_enabled(self.env, EmailVerificationModule) and \
acctmgr.verify_email:
if not email:
raise RegistrationError(
N_("You must specify a valid email address."))
elif email_associated(self.env, email):
raise RegistrationError(
N_("The email address specified is already in use. "
"Please specify a different one."))
def _enable_check(self, log=False):
env = self.env
writable = self.acctmgr.supports('set_password')
ignore_case = auth.LoginModule(env).ignore_case
if log:
if not writable:
self.log.warn('RegistrationModule is disabled because the '
'password store does not support writing.')
if ignore_case:
self.log.debug('RegistrationModule will allow lowercase '
'usernames only and convert them forcefully '
'as required, while \'ignore_auth_case\' is '
'enabled in [trac] section of your trac.ini.')
return is_enabled(env, self.__class__) and writable
def _enable_check(self, log=False):
env = self.env
writable = self.acctmgr.supports('set_password')
ignore_case = auth.LoginModule(env).ignore_case
if log:
if not writable:
self.log.warn('RegistrationModule is disabled because the '
'password store does not support writing.')
if ignore_case:
self.log.debug('RegistrationModule will allow lowercase '
'usernames only and convert them forcefully '
'as required, while \'ignore_auth_case\' is '
'enabled in [trac] section of your trac.ini.')
return is_enabled(env, self.__class__) and writable
def process_request(self, req):
acctmgr = self.acctmgr
if req.authname != 'anonymous':
req.redirect(req.href.prefs('account'))
action = req.args.get('action')
name = req.args.get('name', '').strip()
username = acctmgr.handle_username_casing(
req.args.get('username', '').strip())
data = {
'_dgettext': dgettext,
'acctmgr': dict(name=name, username=username),
'ignore_auth_case': self.config.getbool('trac', 'ignore_auth_case')
}
verify_enabled = is_enabled(self.env, EmailVerificationModule) and \
acctmgr.verify_email
data['verify_account_enabled'] = verify_enabled
if req.method == 'POST' and action == 'create':
try:
# Check request and prime account on success.
acctmgr.validate_registration(req)
except RegistrationError, e:
# Attempt deferred translation.
message = gettext(e.message)
# Check for (matching number of) message arguments before
# attempting string substitution.
if e.msg_args and \
len(e.msg_args) == len(re.findall('%s', message)):
message = message % e.msg_args
chrome.add_warning(req, Markup(message))
else:
if verify_enabled:
chrome.add_notice(
req,
Markup(
tag.span(
Markup(
_("""Your username has been successfully registered but
your account still requires activation. Please login
as user %(user)s, and follow the instructions.""",
user=tag.b(username))))))
req.redirect(req.href.login())
chrome.add_notice(
req,
Markup(
tag.span(
Markup(
_("""Registration has been finished successfully.
You may log in as user %(user)s now.""",
user=tag.b(username))))))
req.redirect(req.href.login())
def validate_registration(self, req):
acctmgr = AccountManager(self.env)
email = req.args.get('email', '').strip()
if is_enabled(self.env, EmailVerificationModule) and \
acctmgr.verify_email:
if not email:
raise RegistrationError(N_(
"You must specify a valid email address.")
)
elif email_associated(self.env, email):
raise RegistrationError(N_(
"The email address specified is already in use. "
"Please specify a different one.")
)
def process_request(self, req):
acctmgr = self.acctmgr
if req.authname != 'anonymous':
req.redirect(req.href.prefs('account'))
action = req.args.get('action')
name = req.args.get('name', '').strip()
username = acctmgr.handle_username_casing(req.args.get('username',
'').strip())
data = {
'_dgettext': dgettext,
'acctmgr': dict(name=name, username=username),
'ignore_auth_case': self.config.getbool('trac', 'ignore_auth_case')
}
verify_enabled = is_enabled(self.env, EmailVerificationModule) and \
acctmgr.verify_email
data['verify_account_enabled'] = verify_enabled
if req.method == 'POST' and action == 'create':
try:
# Check request and prime account on success.
acctmgr.validate_registration(req)
except RegistrationError, e:
# Attempt deferred translation.
message = gettext(e.message)
# Check for (matching number of) message arguments before
# attempting string substitution.
if e.msg_args and \
len(e.msg_args) == len(re.findall('%s', message)):
message = message % e.msg_args
chrome.add_warning(req, Markup(message))
else:
if verify_enabled:
chrome.add_notice(req, Markup(tag.span(Markup(_(
"""Your username has been successfully registered but
your account still requires activation. Please login
as user %(user)s, and follow the instructions.""",
user=tag.b(username)))))
)
req.redirect(req.href.login())
chrome.add_notice(req, Markup(tag.span(Markup(_(
"""Registration has been finished successfully.
You may log in as user %(user)s now.""",
user=tag.b(username)))))
)
req.redirect(req.href.login())
def render_registration_fields(self, req, data):
"""Add an email address text input field to the registration form."""
# Preserve last input for editing on failure instead of typing
# everything again.
old_value = req.args.get('email', '').strip()
insert = tag.label(
_("Email:"),
tag.input(type='text',
name='email',
size=20,
class_='textwidget',
value=old_value))
# Deferred import required to aviod circular import dependencies.
from acct_mgr.web_ui import AccountModule
reset_password = AccountModule(self.env).reset_password_enabled
verify_account = is_enabled(self.env, EmailVerificationModule) and \
AccountManager(self.env).verify_email
if verify_account:
# TRANSLATOR: Registration form hints for a mandatory input field.
hint = tag.p(_("""The email address is required for Trac to send
you a verification token."""),
class_='hint')
if reset_password:
hint = tag(
hint,
tag.p(_("""Entering your email address will also enable you
to reset your password if you ever forget it."""),
class_='hint'))
return tag(insert, hint), data
elif reset_password:
# TRANSLATOR: Registration form hint, if email input is optional.
hint = tag.p(_("""Entering your email address will enable you to
reset your password if you ever forget it."""),
class_='hint')
return dict(optional=tag(insert, hint)), data
else:
# Always return the email text input itself as optional field.
return dict(optional=insert), data
def process_request(self, req):
if req.authname != 'anonymous':
req.redirect(req.href.prefs('account'))
action = req.args.get('action')
data = {'acctmgr' : { 'username' : None,
'name' : None,
'email' : None,
},
'_dgettext': dgettext,
}
data['verify_account_enabled'] = is_enabled(
self.env, EmailVerificationModule) and self.acctmgr.verify_email
if req.method == 'POST' and action == 'create':
try:
_create_user(req, self.env)
except TracError, e:
data['registration_error'] = e.message
data['acctmgr'] = getattr(e, 'acctmgr', '')
else:
chrome.add_notice(req, Markup(tag.span(Markup(_(
"""Registration has been finished successfully.
You may login as user %(user)s now.""",
user=tag.b(req.args.get('username')))))))
req.redirect(req.href.login())
def _do_acct_details(self, req):
username = req.args.get('user')
if not username:
# Accessing user account details without username is not useful,
# so we revert such request immediately.
add_warning(
req,
Markup(
tag.span(
tag_(
"Please choose account by username from list to proceed."
))))
req.redirect(req.href.admin('accounts', 'users'))
acctmgr = self.acctmgr
guard = self.guard
if req.args.get('update'):
req.redirect(req.href.admin('accounts', 'users', user=username))
elif req.args.get('delete') or req.args.get('release'):
# delete failed login attempts, evaluating attempts count
if guard.failed_count(username, reset=True) > 0:
add_notice(
req,
Markup(
tag.span(
Markup(
_("Failed login attempts for user %(user)s deleted",
user=tag.b(username))))))
elif req.args.get('list'):
req.redirect(req.href.admin('accounts', 'users'))
data = {
'_dgettext': dgettext,
'user': username,
}
stores = StoreOrder(stores=acctmgr.stores, list=acctmgr.password_store)
user_store = acctmgr.find_user_store(username)
if not user_store is None:
data['user_store'] = user_store.__class__.__name__
data['store_order_num'] = stores[user_store]
data['ignore_auth_case'] = \
self.config.getbool('trac', 'ignore_auth_case')
for username_, name, email in self.env.get_known_users():
if username_ == username:
data['name'] = name
if email:
data['email'] = email
break
ts_seen = last_seen(self.env, username)
if ts_seen is not None:
data['last_visit'] = format_datetime(ts_seen[0][1], tzinfo=req.tz)
attempts = []
attempts_count = guard.failed_count(username, reset=None)
if attempts_count > 0:
for attempt in guard.get_failed_log(username):
t = format_datetime(to_datetime(attempt['time']),
tzinfo=req.tz)
attempts.append({'ipnr': attempt['ipnr'], 'time': t})
data['attempts'] = attempts
data['attempts_count'] = attempts_count
data['pretty_lock_time'] = guard.pretty_lock_time(username, next=True)
data['lock_count'] = guard.lock_count(username)
if guard.user_locked(username) is True:
data['user_locked'] = True
data['release_time'] = guard.pretty_release_time(req, username)
if is_enabled(self.env, EmailVerificationModule) and \
acctmgr.verify_email is True:
data['verification'] = 'enabled'
data['email_verified'] = email_verified(self.env, username, email)
self.log.debug('AcctMgr:admin:_do_acct_details for user \"' + \
username + '\", email \"' + str(email) + '\": ' + \
str(data['email_verified']))
add_stylesheet(req, 'acct_mgr/acct_mgr.css')
data['url'] = req.href.admin('accounts', 'users', user=username)
return 'account_details.html', data
def _do_acct_details(self, req):
username = req.args.get('user')
if not username:
# Accessing user account details without username is not useful,
# so we revert such request immediately.
add_warning(req, Markup(tag.span(tag_(
"Please choose account by username from list to proceed."
))))
req.redirect(req.href.admin('accounts', 'users'))
acctmgr = self.acctmgr
guard = self.guard
if req.args.get('update'):
req.redirect(req.href.admin('accounts', 'users',
user=username))
elif req.args.get('delete') or req.args.get('release'):
# delete failed login attempts, evaluating attempts count
if guard.failed_count(username, reset=True) > 0:
add_notice(req, Markup(tag.span(Markup(_(
"Failed login attempts for user %(user)s deleted",
user=tag.b(username)
)))))
elif req.args.get('list'):
req.redirect(req.href.admin('accounts', 'users'))
data = {'_': _,
'user': username,
}
stores = StoreOrder(stores=acctmgr.stores,
list=acctmgr.password_store)
user_store = acctmgr.find_user_store(username)
if not user_store is None:
data['user_store'] = user_store.__class__.__name__
data['store_order_num'] = stores[user_store]
data['ignore_auth_case'] = \
self.config.getbool('trac', 'ignore_auth_case')
for username_, name, email in self.env.get_known_users():
if username_ == username:
data['name'] = name
if email:
data['email'] = email
break
ts_seen = acctmgr.last_seen(username)
if ts_seen is not None:
data['last_visit'] = format_datetime(ts_seen[0][1], tzinfo=req.tz)
attempts = []
attempts_count = guard.failed_count(username, reset = None)
if attempts_count > 0:
for attempt in guard.get_failed_log(username):
t = format_datetime(to_datetime(
attempt['time']), tzinfo=req.tz)
attempts.append({'ipnr': attempt['ipnr'], 'time': t})
data['attempts'] = attempts
data['attempts_count'] = attempts_count
data['pretty_lock_time'] = guard.pretty_lock_time(username, next=True)
data['lock_count'] = guard.lock_count(username)
if guard.user_locked(username) is True:
data['user_locked'] = True
data['release_time'] = guard.pretty_release_time(req, username)
if is_enabled(self.env, EmailVerificationModule) and \
acctmgr.verify_email is True:
data['verification'] = 'enabled'
data['email_verified'] = acctmgr.email_verified(username, email)
self.log.debug('AcctMgr:admin:_do_acct_details for user \"' + \
username + '\", email \"' + str(email) + '\": ' + \
str(data['email_verified']))
add_stylesheet(req, 'acct_mgr/acct_mgr.css')
data['url'] = req.href.admin('accounts', 'users', user=username)
return 'account_details.html', data
def enabled(self):
# Admin must disable the built-in authentication to use this one.
return not is_enabled(self.env, auth.LoginModule)
def enabled(self):
# Admin must disable the built-in authentication to use this one.
return not is_enabled(self.env, auth.LoginModule)
def _reset_password_enabled(self, log=False):
return is_enabled(self.env, self.__class__) and \
self.reset_password and (self._write_check(log) != []) and \
is_enabled(self.env, self.store.__class__) and \
self.store.hash_method
def _reset_password_enabled(self, log=False):
return is_enabled(self.env, self.__class__) and \
self.reset_password and (self._write_check(log) != [])
def enabled(self):
# Trac built-in authentication must be disabled to use this one.
return is_enabled(self.env, self.__class__) and \
not is_enabled(self.env, auth.LoginModule)
