コード例 #1
0
def admin_user(request, test_session):
    """A User fixture with R_SYSADMIN role"""

    from assembl.models import User, Username, UserRole, Role
    u = User(name=u"Mr. Administrator", type="user",
        verified=True, last_assembl_login=datetime.utcnow())
    u.username_p = "mr_admin_user"
    from assembl.models import EmailAccount
    account = EmailAccount(email="*****@*****.**", profile=u, verified=True)

    test_session.add(u)
    test_session.add(account)
    r = Role.get_role(R_SYSADMIN, test_session)
    ur = UserRole(user=u, role=r)
    test_session.add(ur)
    test_session.flush()
    uid = u.id

    def fin():
        print("finalizer admin_user")
        # I often get expired objects here, and I need to figure out why
        user = test_session.query(User).get(uid)
        user_role = user.roles[0]
        test_session.delete(user_role)
        account = user.accounts[0]
        test_session.delete(account)
        test_session.delete(user.username)
        test_session.delete(user)
        test_session.flush()
    request.addfinalizer(fin)
    return u
コード例 #2
0
ファイル: user.py プロジェクト: shangxor/assembl 
def participant1_user(request, test_session, discussion):
    """A User fixture with R_PARTICIPANT global role and with R_PARTICIPANT local role in discussion `discussion`"""

    from assembl.models import User, UserRole, Role, EmailAccount
    u = User(name=u"A. Barking Loon",
             type="user",
             password="******",
             verified=True,
             last_assembl_login=datetime.utcnow())

    email = EmailAccount(email="*****@*****.**", profile=u, verified=True)
    test_session.add(u)
    r = Role.get_role(R_PARTICIPANT, test_session)
    ur = UserRole(user=u, role=r)
    test_session.add(ur)
    u.subscribe(discussion)
    test_session.flush()

    def fin():
        print "finalizer participant1_user"
        test_session.delete(u)
        test_session.flush()

    request.addfinalizer(fin)
    return u
コード例 #3
0
def upgrade(pyramid_env):
    with context.begin_transaction():
        op.add_column('post', sa.Column(
            u'creator_id', sa.Integer, sa.ForeignKey('agent_profile.id')))
    SQLAlchemyBaseModel.metadata.bind = op.get_bind()

    # Do stuff with the app's models here.
    from assembl.models import Email, EmailAccount
    db = Email.db()
    with transaction.manager:
        for mail in db.query(Email).all():
            sender_name, sender_email = parseaddr(mail.sender)
            account = EmailAccount.get_or_make_profile(
                db, sender_email, sender_name)
            mail.post.creator = account.profile
コード例 #4
0
ファイル: pytest_fixtures.py プロジェクト: rmoorman/assembl 
def participant1_user(request, test_session, discussion):
    from assembl.models import User, UserRole, Role, EmailAccount
    u = User(name=u"A. Barking Loon", type="user", password="******", verified=True)
    email = EmailAccount(email="*****@*****.**", profile=u, verified=True)
    test_session.add(u)
    r = Role.get_role(R_PARTICIPANT, test_session)
    ur = UserRole(user=u, role=r)
    test_session.add(ur)
    u.subscribe(discussion)
    test_session.flush()

    def fin():
        print "finalizer participant1_user"
        test_session.delete(u)
        test_session.flush()
    request.addfinalizer(fin)
    return u
コード例 #5
0
ファイル: views.py プロジェクト: iilab/assembl 
def confirm_emailid_sent(request):
    # TODO: How to make this not become a spambot?
    id = int(request.matchdict.get('email_account_id'))
    email = EmailAccount.get(id)
    if not email:
        raise HTTPNotFound()
    if email.verified:
        # TODO!: Your email is fine, why do you want to confirm it?
        # Unlog and redirect to login.
        pass
    send_confirmation_email(request, email)
    localizer = request.localizer
    slug = request.matchdict.get('discussion_slug', None)
    slug_prefix = "/" + slug if slug else ""
    return dict(
        get_default_context(request),
        slug_prefix=slug_prefix,
        profile_id=email.profile_id,
        email_account_id=request.matchdict.get('email_account_id'),
        title=localizer.translate(_('Confirmation requested')),
        description=localizer.translate(_(
            'We have sent you a confirmation email. '
            'Please use the link to confirm your email to Assembl')))
コード例 #6
0
ファイル: user.py プロジェクト: shangxor/assembl 
def moderator_user(request, test_session, discussion):
    """A User fixture with R_MODERATOR role"""

    from assembl.models import User, UserRole, Role, EmailAccount
    u = User(name=u"Jane Doe",
             type="user",
             password="******",
             verified=True,
             last_assembl_login=datetime.utcnow())
    email = EmailAccount(email="*****@*****.**", profile=u, verified=True)
    test_session.add(u)
    r = Role.get_role(R_MODERATOR, test_session)
    ur = UserRole(user=u, role=r)
    test_session.add(ur)
    u.subscribe(discussion)
    test_session.flush()

    def fin():
        print "finalizer moderator_user"
        test_session.delete(u)
        test_session.flush()

    request.addfinalizer(fin)
    return u
コード例 #7
0
def assembl_register_view(request):
    slug = request.matchdict.get('discussion_slug', "")
    next_view = handle_next_view(request)
    if not request.params.get('email'):
        if request.scheme == "http"\
                and asbool(config.get("accept_secure_connection")):
            return HTTPFound(get_global_base_url(True) + request.path_qs)
        response = get_login_context(request)
        return response
    forget(request)
    session = AgentProfile.default_db
    localizer = request.localizer
    name = request.params.get('name', '').strip()
    if not name or len(name) < 3:
        return dict(get_default_context(request),
            error=localizer.translate(_(
                "Please use a name of at least 3 characters")))
    password = request.params.get('password', '').strip()
    password2 = request.params.get('password2', '').strip()
    email = request.params.get('email', '').strip()
    if not is_email(email):
        return dict(get_default_context(request),
                    error=localizer.translate(_(
                        "This is not a valid email")))
    email = EmailString.normalize_email_case(email)
    # Find agent account to avoid duplicates!
    if session.query(AbstractAgentAccount).filter_by(
            email_ci=email, verified=True).count():
        return dict(get_default_context(request),
                    error=localizer.translate(_(
                        "We already have a user with this email.")))
    if password != password2:
        return dict(get_default_context(request),
                    error=localizer.translate(_(
                        "The passwords should be identical")))

    # TODO: Validate password quality
    # otherwise create.
    validate_registration = asbool(config.get(
        'assembl.validate_registration_emails'))

    user = User(
        name=name,
        password=password,
        verified=not validate_registration,
        creation_date=datetime.utcnow()
    )
    email_account = EmailAccount(
        email=email,
        verified=not validate_registration,
        profile=user
    )
    session.add(user)
    session.add(email_account)
    discussion = discussion_from_request(request)
    if discussion:
        permissions = get_permissions(Everyone, discussion.id)
        if not (P_SELF_REGISTER in permissions or
                P_SELF_REGISTER_REQUEST in permissions):
            discussion = None
    if discussion:
        _now = datetime.utcnow()
        agent_status = AgentStatusInDiscussion(
            agent_profile=user, discussion=discussion,
            first_visit=_now, last_visit=_now,
            user_created_on_this_discussion=True)
        session.add(agent_status)
    session.flush()
    if not validate_registration:
        if asbool(config.get('pyramid.debug_authorization')):
            # for debugging purposes
            from assembl.auth.password import email_token
            print "email token:", request.route_url(
                'user_confirm_email', token=email_token(email_account))
        headers = remember(request, user.id)
        user.last_login = datetime.utcnow()
        request.response.headerlist.extend(headers)
        if discussion:
            maybe_auto_subscribe(user, discussion)
        # TODO: Tell them to expect an email.
        return HTTPFound(location=next_view)
    return HTTPFound(location=maybe_contextual_route(
        request, 'confirm_emailid_sent', email_account_id=email_account.id))
コード例 #8
0
def assembl_profile(request):
    session = AgentProfile.default_db
    localizer = request.localizer
    profile = get_profile(request)
    id_type = request.matchdict.get('type').strip()
    logged_in = authenticated_userid(request)
    save = request.method == 'POST'
    # if some other user
    if not profile or not logged_in or logged_in != profile.id:
        if save:
            raise HTTPUnauthorized()
        # Add permissions to view a profile?
        return render_to_response(
            'assembl:templates/view_profile.jinja2',
            dict(get_default_context(request),
                 profile=profile,
                 user=logged_in and session.query(User).get(logged_in)))

    confirm_email = request.params.get('confirm_email', None)
    if confirm_email:
        return HTTPTemporaryRedirect(location=request.route_url(
            'confirm_emailid_sent', email_account_id=int(confirm_email)))
    errors = []
    if save:
        user_id = profile.id
        redirect = False
        username = request.params.get('username', '').strip()
        if username and (
                profile.username is None
                or username != profile.username.username):
            # check if exists
            if session.query(Username).filter_by(username=username).count():
                errors.append(localizer.translate(_(
                    'The username %s is already used')) % (username,))
            else:
                old_username = profile.username
                if old_username is not None:
                    # free existing username
                    session.delete(old_username)
                    session.flush()
                # add new username
                session.add(Username(username=username, user=profile))

                if id_type == 'u':
                    redirect = True
        name = request.params.get('name', '').strip()
        if name:
            profile.name = name
        p1, p2 = (request.params.get('password1', '').strip(),
                  request.params.get('password2', '').strip())
        if p1 != p2:
            errors.append(localizer.translate(_(
                'The passwords are not identical')))
        elif p1:
            profile.password_p = p1
        add_email = request.params.get('add_email', '').strip()
        if add_email:
            if not is_email(add_email):
                return dict(get_default_context(request),
                            error=localizer.translate(_(
                                "This is not a valid email")))
            # No need to check presence since not validated yet
            email = EmailAccount(
                email=add_email, profile=profile)
            session.add(email)
        if redirect:
            return HTTPFound(location=request.route_url(
                'profile_user', type='u', identifier=username))
        profile = session.query(User).get(user_id)
    unverified_emails = [
        (ea, session.query(AbstractAgentAccount).filter_by(
            email_ci=ea.email_ci, verified=True).first())
        for ea in profile.email_accounts if not ea.verified]
    get_route = create_get_route(request)
    providers = get_provider_data(get_route)
    return render_to_response(
        'assembl:templates/profile.jinja2',
        dict(get_default_context(request),
             error='<br />'.join(errors),
             unverified_emails=unverified_emails,
             providers=providers,
             providers_json=json.dumps(providers),
             google_consumer_key=request.registry.settings.get(
                 'google.consumer_key', ''),
             the_user=profile,
             user=session.query(User).get(logged_in)))
コード例 #9
0
ファイル: views.py プロジェクト: rmoorman/assembl 
def velruse_login_complete_view(request):
    # TODO: Write tests. Situations are a combinatorics of the folloing:
    # 1. User action:
    #     A. Social login
    #     B. Logged in, add social account
    #     C. Logged in, add email account (does not happen here)
    # 2. Is there an existing account with that email?
    #     A. No.
    #     B. The social account already exists
    #     C. A valid email account
    #     D. An invalid email account, sole account of profile
    #     E. An invalid email account, but profile has other accounts
    #     F. A social account from a different provider
    # 3. When we're logged in (1B, 1C), is the existing account
    #     on the logged in profile or another?
    # 4. If gmail account, is it an enterprise account?

    session = AgentProfile.default_db
    context = request.context
    now = datetime.utcnow()
    velruse_profile = context.profile
    discussion = None
    slug = request.session.get('discussion', None)
    if not slug:
        discussion = discussion_from_request(request)
        if discussion:
            slug = discussion.slug
    if slug and not discussion:
        discussion = session.query(Discussion).filter_by(slug=slug).first()
    next_view = handle_next_view(request, True)
    logged_in = authenticated_userid(request)
    if logged_in:
        logged_in = User.get(logged_in)
    base_profile = logged_in
    provider = get_identity_provider(request)
    # find or create IDP_Accounts
    idp_accounts = []
    new_idp_account = None
    velruse_accounts = velruse_profile['accounts']
    old_autoflush = session.autoflush
    # sqla mislikes creating accounts before profiles, so delay
    session.autoflush = False
    # Search for this social account
    for velruse_account in velruse_accounts:
        if 'userid' in velruse_account:
            idp_accounts.extend(
                session.query(IdentityProviderAccount).filter_by(
                    provider=provider,
                    domain=velruse_account['domain'],
                    userid=velruse_account['userid']).all())
        elif 'username' in velruse_account:
            idp_accounts.extend(
                session.query(IdentityProviderAccount).filter_by(
                    provider=provider,
                    domain=velruse_account['domain'],
                    username=velruse_account['username']).all())
        else:
            log.error("account needs username or email" + velruse_account)
            raise HTTPServerError("account needs username or userid")
    trusted_emails = set()
    if idp_accounts:
        for idp_account in idp_accounts:
            idp_account.profile_info_json = velruse_profile
        if len(idp_accounts) > 1:
            log.warn("multiple idp_accounts:" +
                     ','.join((a.id for a in idp_accounts)) + " for " +
                     velruse_accounts)
            # We will just the last one from the loop for now.
        trusted_emails.update([
            a.email for a in idp_accounts
            if a.provider.trust_emails and a.email
        ])
    else:
        # Create it if not found
        idp_class = IdentityProviderAccount
        for cls in idp_class.get_subclasses():
            if cls == idp_class:
                continue
            if cls.account_provider_name == provider.name:
                idp_class = cls
                break
        idp_account = idp_class(provider=provider,
                                profile_info_json=velruse_profile,
                                domain=velruse_account.get('domain'),
                                userid=velruse_account.get('userid'),
                                verified=True,
                                username=velruse_account.get('username'))
        idp_accounts.append(idp_account)
        new_idp_account = base_account = idp_account
        session.add(idp_account)
    for account in idp_accounts:
        if account.provider.trust_emails:
            profile = (velruse_profile if account == new_idp_account else
                       account.profile_info_json)
            email = profile.get('verifiedEmail', None)
            if email:
                if account == new_idp_account:
                    account.email = email
                trusted_emails.add(email)
            for email in profile.get('emails', ()):
                if isinstance(email, dict):
                    email = email.get('value', None)
                if isinstance(email, (str, unicode)) and email:
                    trusted_emails.add(email)
                    if account == new_idp_account and not account.email:
                        account.email = email
        # else we have created an email-less account. Treat accordingly.
    conflicting_profiles = {a.profile for a in idp_accounts if a.profile}
    # Are there other accounts/profiles than the ones we know?
    conflicting_accounts = set()
    for email in trusted_emails:
        other_accounts = session.query(AbstractAgentAccount).filter_by(
            email=email)
        for account in other_accounts:
            conflicting_accounts.add(account)
            if account.verified or len(account.profile.accounts) == 1:
                conflicting_profiles.add(account.profile)
    # choose best known profile for base_account
    # prefer profiles with verified users, then users, then oldest profiles
    profile_list = list(conflicting_profiles)
    profile_list.sort(key=lambda p: (not (isinstance(p, User) and p.verified),
                                     not isinstance(p, User), p.id))
    if new_idp_account and profile_list:
        base_profile = profile_list[0]
    elif not new_idp_account:
        # Take first appropriate. Should be the first, somehow not.
        for profile in profile_list:
            accounts = [a for a in idp_accounts if a.profile == profile]
            if accounts:
                base_account = accounts[0]
                break
        if not logged_in:
            base_profile = base_account.profile
    new_profile = None
    if new_idp_account:
        if not base_profile:
            # Create a new user
            base_profile = new_profile = User(name=velruse_profile.get(
                'displayName', ''),
                                              verified=True,
                                              creation_date=now)
            session.add(new_profile)
        # Upgrade a AgentProfile
        if not isinstance(base_profile, User):
            base_profile = base_profile.change_class(User, None, verified=True)
        new_idp_account.profile = base_profile
        base_profile.last_login = now
        base_profile.verified = True
        if not base_profile.name:
            base_profile.name = velruse_profile.get('displayName', None)
        # TODO (needs parsing)
        # base_profile.timezone=velruse_profile['utcOffset']
    # Now all accounts have a profile
    session.autoflush = old_autoflush
    session.flush()
    # Merge other profiles with the same (validated) email
    # TODO: Ask the user about doing this.
    conflicting_profiles.discard(base_profile)
    conflicting_accounts.discard(base_account)
    for conflicting_profile in conflicting_profiles:
        base_profile.merge(conflicting_profile)
        session.delete(conflicting_profile)

    # If base_profile is still an AgentProfile at this point
    # then it needs to be upgraded to a User
    if not isinstance(base_profile, User):
        base_profile = base_profile.change_class(User,
                                                 None,
                                                 verified=True,
                                                 last_login=now)
    # Set username
    if not base_profile.username:
        username = None
        usernames = set((a['preferredUsername'] for a in velruse_accounts
                         if 'preferredUsername' in a))
        for u in usernames:
            if not session.query(Username).filter_by(username=u).count():
                username = u
                break
        if username:
            session.add(Username(username=username, user=base_profile))
    # Create AgentStatusInDiscussion
    if new_profile and discussion:
        agent_status = AgentStatusInDiscussion(
            agent_profile=base_profile,
            discussion=discussion,
            user_created_on_this_discussion=True)
        session.add(agent_status)
    if maybe_auto_subscribe(base_profile, discussion):
        next_view = "/%s/" % (slug, )
    # Delete other (email) accounts
    if base_account.provider.trust_emails:
        for account in conflicting_accounts:
            # Merge may have been confusing
            session.expire(account)
            account = AbstractAgentAccount.get(account.id)
            if account.profile == base_profile:
                if account.email == base_account.email:
                    if isinstance(account, EmailAccount):
                        account.delete()
                        if account.verified and account.preferred:
                            base_account.preferred = True
                    elif isinstance(account, IdentityProviderAccount):
                        if account.provider_id == base_account.provider_id:
                            log.error("This should have been caught earlier")
                            account.delete()
                        else:
                            log.warning("Two accounts with same email," +
                                        "different provider: %d, %d" %
                                        (account.id, base_account.id))
            else:
                # If they're verified, they should have been merged.
                if account.verified:
                    log.error("account %d should not exist: " % (account.id, ))
                else:
                    other_profile = account.profile
                    account.delete()
                    session.flush()
                    session.expire(other_profile, ["accounts"])
                    if not len(other_profile.accounts):
                        log.warning("deleting profile %d" % other_profile.id)
                        other_profile.delete()
    session.expire(base_profile, ['accounts', 'email_accounts'])
    # create an email account for other emails.
    known_emails = {a.email for a in base_profile.accounts}
    for email in trusted_emails:
        if email not in known_emails:
            email = EmailAccount(email=email,
                                 profile=base_profile,
                                 verified=base_account.provider.trust_emails)
            session.add(email)

    session.flush()

    base_profile.last_login = now
    headers = remember(request, base_profile.id)
    request.response.headerlist.extend(headers)
    if discussion:
        request.session['discussion'] = discussion.slug
    return HTTPFound(location=next_view)
コード例 #10
0
ファイル: views.py プロジェクト: rmoorman/assembl 
def assembl_register_view(request):
    slug = request.matchdict.get('discussion_slug', "")
    p_slug = "/" + slug if slug else ""
    next_view = handle_next_view(request)
    if not request.params.get('email'):
        if request.scheme == "http"\
                and asbool(config.get("accept_secure_connection")):
            raise HTTPFound("https://" + request.host + request.path_qs)
        response = dict(get_default_context(request), slug_prefix=p_slug)
        if request.GET.get('error', None):
            response['error'] = request.GET['error']
        return response
    forget(request)
    session = AgentProfile.default_db
    localizer = request.localizer
    name = request.params.get('name', '').strip()
    password = request.params.get('password', '').strip()
    password2 = request.params.get('password2', '').strip()
    email = request.params.get('email', '').strip()
    if not is_email(email):
        return dict(get_default_context(request),
                    slug_prefix=p_slug,
                    error=localizer.translate(_("This is not a valid email")))
    # Find agent account to avoid duplicates!
    if session.query(AbstractAgentAccount).filter_by(email=email,
                                                     verified=True).count():
        return dict(get_default_context(request),
                    slug_prefix=p_slug,
                    error=localizer.translate(
                        _("We already have a user with this email.")))
    if password != password2:
        return dict(get_default_context(request),
                    slug_prefix=p_slug,
                    error=localizer.translate(
                        _("The passwords should be identical")))

    # TODO: Validate password quality
    # otherwise create.
    validate_registration = asbool(
        config.get('assembl.validate_registration_emails'))

    user = User(name=name,
                password=password,
                verified=not validate_registration,
                creation_date=datetime.utcnow())
    email_account = EmailAccount(email=email,
                                 verified=not validate_registration,
                                 profile=user)
    session.add(user)
    session.add(email_account)
    discussion = discussion_from_request(request)
    if discussion:
        now = datetime.utcnow()
        agent_status = AgentStatusInDiscussion(
            agent_profile=user,
            discussion=discussion,
            user_created_on_this_discussion=True)
        session.add(agent_status)
    session.flush()
    if not validate_registration:
        if asbool(config.get('pyramid.debug_authorization')):
            # for debugging purposes
            from assembl.auth.password import email_token
            print "email token:", request.route_url(
                'user_confirm_email', ticket=email_token(email_account))
        headers = remember(request, user.id)
        user.last_login = datetime.utcnow()
        request.response.headerlist.extend(headers)
        # TODO: Tell them to expect an email.
        request.session.pop('next_view')
        return HTTPFound(location=next_view)
    return HTTPFound(location=maybe_contextual_route(
        request, 'confirm_emailid_sent', email_account_id=email_account.id))