def get_new_ticket_RT_info(uid, recId): response = {} response["resultCode"] = 0 if BIBCATALOG_SYSTEM is None: response["description"] = "<!--No ticket system configured-->" elif BIBCATALOG_SYSTEM and uid: bibcat_resp = BIBCATALOG_SYSTEM.check_system(uid) if bibcat_resp == "": # add available owners users = [] users_list = list_registered_users() for user_tuple in users_list: try: user = {"username": get_user_preferences(user_tuple[0])["bibcatalog_username"], "id": user_tuple[0]} except KeyError: continue users.append(user) response["users"] = users # add available queues response["queues"] = BIBCATALOG_SYSTEM.get_queues(uid) # add user email response["email"] = get_email(uid) # TODO try catch response["ticketTemplates"] = load_ticket_templates(recId) response["resultCode"] = 1 else: # put something in the tickets container, for debug response["description"] = "Error connecting to RT<!--" + bibcat_resp + "-->" return response
def get_new_ticket_RT_info(uid, recId): response = {} response['resultCode'] = 0 if BIBCATALOG_SYSTEM is None: response['description'] = "<!--No ticket system configured-->" elif BIBCATALOG_SYSTEM and uid: bibcat_resp = BIBCATALOG_SYSTEM.check_system(uid) if bibcat_resp == "": # add available owners users = [] users_list = list_registered_users() for user_tuple in users_list: try: user = {'username': get_user_preferences(user_tuple[0])['bibcatalog_username'], 'id': user_tuple[0]} except KeyError: continue users.append(user) response['users'] = users # add available queues response['queues'] = BIBCATALOG_SYSTEM.get_queues(uid) # add user email response['email'] = get_email(uid) # TODO try catch response['ticketTemplates'] = load_ticket_templates(recId) response['resultCode'] = 1 else: # put something in the tickets container, for debug response['description'] = "Error connecting to RT<!--" + bibcat_resp + "-->" return response
def __call__(self, req, form): argd = wash_search_urlargd(form) argd['recid'] = self.recid if self.format is not None: argd['of'] = self.format req.argd = argd uid = getUid(req) if uid == -1: return page_not_authorized(req, "../", text="You are not authorized to view this record.", navmenuid='search') elif uid > 0: pref = get_user_preferences(uid) try: if 'rg' not in form: # fetch user rg preference only if not overridden via URL argd['rg'] = int(pref['websearch_group_records']) except (KeyError, ValueError): pass # Check if the record belongs to a restricted primary # collection. If yes, redirect to the authenticated URL. user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_record(user_info, self.recid) if argd['rg'] > CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS and acc_authorize_action(req, 'runbibedit')[0] != 0: argd['rg'] = CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS #check if the user has rights to set a high wildcard limit #if not, reduce the limit set by user, with the default one if CFG_WEBSEARCH_WILDCARD_LIMIT > 0 and (argd['wl'] > CFG_WEBSEARCH_WILDCARD_LIMIT or argd['wl'] == 0): if acc_authorize_action(req, 'runbibedit')[0] != 0: argd['wl'] = CFG_WEBSEARCH_WILDCARD_LIMIT # only superadmins can use verbose parameter for obtaining debug information if not isUserSuperAdmin(user_info): argd['verbose'] = 0 if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : guess_primary_collection_of_a_record(self.recid)}) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : CFG_SITE_SECURE_URL + req.unparsed_uri}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text=auth_msg, \ navmenuid='search') # mod_python does not like to return [] in case when of=id: out = perform_request_search(req, **argd) if isinstance(out, intbitset): return out.fastdump() elif out == []: return str(out) else: return out
def __call__(self, req, form): argd = wash_search_urlargd(form) argd['recid'] = self.recid if self.format is not None: argd['of'] = self.format req.argd = argd uid = getUid(req) user_info = collect_user_info(req) if uid == -1: return page_not_authorized(req, "../", text="You are not authorized to view this record.", navmenuid='search') elif uid > 0: pref = get_user_preferences(uid) try: if 'rg' not in form: # fetch user rg preference only if not overridden via URL argd['rg'] = int(pref['websearch_group_records']) except (KeyError, ValueError): pass if argd['rg'] > CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS and acc_authorize_action(req, 'runbibedit')[0] != 0: argd['rg'] = CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS #check if the user has rights to set a high wildcard limit #if not, reduce the limit set by user, with the default one if CFG_WEBSEARCH_WILDCARD_LIMIT > 0 and (argd['wl'] > CFG_WEBSEARCH_WILDCARD_LIMIT or argd['wl'] == 0): if acc_authorize_action(req, 'runbibedit')[0] != 0: argd['wl'] = CFG_WEBSEARCH_WILDCARD_LIMIT # only superadmins can use verbose parameter for obtaining debug information if not isUserSuperAdmin(user_info): argd['verbose'] = 0 record_primary_collection = guess_primary_collection_of_a_record(self.recid) if collection_restricted_p(record_primary_collection): (auth_code, dummy) = acc_authorize_action(user_info, VIEWRESTRCOLL, collection=record_primary_collection) if auth_code: return page_not_authorized(req, "../", text="You are not authorized to view this record.", navmenuid='search') # Keep all the arguments, they might be reused in the # record page itself to derivate other queries req.argd = argd # mod_python does not like to return [] in case when of=id: out = perform_request_search(req, **argd) if isinstance(out, intbitset): return out.fastdump() elif out == []: return str(out) else: return out
def authenticate(self, req, form): """Restricted search results pages.""" argd = wash_search_urlargd(form) user_info = collect_user_info(req) for coll in argd['c'] + [argd['cc']]: if collection_restricted_p(coll): (auth_code, auth_msg) = acc_authorize_action(user_info, VIEWRESTRCOLL, collection=coll) if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : coll}) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : CFG_SITE_SECURE_URL + req.unparsed_uri}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text=auth_msg, \ navmenuid='search') #check if the user has rights to set a high wildcard limit #if not, reduce the limit set by user, with the default one if CFG_WEBSEARCH_WILDCARD_LIMIT > 0 and (argd['wl'] > CFG_WEBSEARCH_WILDCARD_LIMIT or argd['wl'] == 0): auth_code, auth_message = acc_authorize_action(req, 'runbibedit') if auth_code != 0: argd['wl'] = CFG_WEBSEARCH_WILDCARD_LIMIT # only superadmins can use verbose parameter for obtaining debug information if not isUserSuperAdmin(user_info): argd['verbose'] = 0 # Keep all the arguments, they might be reused in the # search_engine itself to derivate other queries req.argd = argd uid = getUid(req) if uid > 0: pref = get_user_preferences(uid) try: if 'rg' not in form: # fetch user rg preference only if not overridden via URL argd['rg'] = int(pref['websearch_group_records']) except (KeyError, ValueError): pass # mod_python does not like to return [] in case when of=id: out = perform_request_search(req, **argd) if isinstance(out, intbitset): return out.fastdump() elif out == []: return str(out) else: return out
def _notify_error_user(email_user, original_filename, recid, submission_title, ln=invenio.config.CFG_SITE_LANG): """Sends an error notification to the specified address of the user. Is called by process_batch_job() if an error occured during the processing. @param email_user: email address of the user @type email_user: string @param email_admin: email address of the admin @type email_admin: string """ if not email_user: return uid = emailUnique(email_user) if uid != -1 and uid != 0: language = getval(get_user_preferences(uid), "language") if language: ln = language _ = gettext_set_language(ln) rec_url = invenio.config.CFG_SITE_URL + "/record/" + str(recid) template = ( "<br/>" + _("We are sorry, a problem has occured during the processing of" " your video upload%(submission_title)s.") + "<br/><br/>" + _("The file you uploaded was %(input_filename)s.") + "<br/><br/>" + _("Your video might not be fully available until intervention.") + "<br/>" + _("You can check the status of your video here: %(record_url)s.") + "<br/>" + _("You might want to take a look at " " %(guidelines_url)s" " and modify or redo your submission.")) text = template % { "input_filename": "%s" % original_filename, "submission_title": " %s" % submission_title, "record_url": "%s" % rec_url, "guidelines_url": "localhost" } text = text.replace("<br/>", "\n") html_text = template % { "input_filename": "<strong>%s</strong>" % original_filename, "submission_title": " <strong>%s</strong>" % submission_title, "record_url": "<a href=\"%s\">%s</a>" % (rec_url, rec_url), "guidelines_url": "<a href=\"locahost\">%s</a>" % _("the video guidelines") } send_email(fromaddr=invenio.config.CFG_SITE_ADMIN_EMAIL, toaddr=email_user, subject="Problem during the processing of your video", content=text, html_content=html_text)
def get_bibcat_from_prefs(uid): """gets username and pw from user prefs as a tuple. if not successfull, returns None @param uid: user id @type uid: number @return: ('bibcatalog_username', 'bibcatalog_password') @rtype: tuple """ user_pref = get_user_preferences(uid) if 'bibcatalog_username' not in user_pref: return (None, None) if 'bibcatalog_password' not in user_pref: return (None, None) return (user_pref['bibcatalog_username'], user_pref['bibcatalog_password'])
def display_collection(req, c, aas, verbose, ln, em=""): """Display search interface page for collection c by looking in the collection cache.""" _ = gettext_set_language(ln) req.argd = drop_default_urlargd({'aas': aas, 'verbose': verbose, 'ln': ln, 'em' : em}, search_interface_default_urlargd) if em != "": em = em.split(",") # get user ID: try: uid = getUid(req) user_preferences = {} if uid == -1: return page_not_authorized(req, "../", text="You are not authorized to view this collection", navmenuid='search') elif uid > 0: user_preferences = get_user_preferences(uid) except Error: register_exception(req=req, alert_admin=True) return page(title=_("Internal Error"), body=create_error_box(req, verbose=verbose, ln=ln), description="%s - Internal Error" % CFG_SITE_NAME, keywords="%s, Internal Error" % CFG_SITE_NAME, language=ln, req=req, navmenuid='search') # deduce collection id: collection = Collection.query.filter_by(name=c).first() colID = collection.id if collection else None normalised_name = collection.name if collection else c if type(colID) is not int: page_body = '<p>' + (_("Sorry, collection %(x_colname)s does not seem to exist.", x_colname='<strong>' + str(c) + '</strong>',)) + '</p>' page_body = '<p>' + (_("You may want to start browsing from %(x_sitehref)s.", x_sitehref='<a href="' + CFG_SITE_URL + '?ln=' + ln + '">' + get_coll_i18nname(CFG_SITE_NAME, ln) + '</a>')) + '</p>' if req.method == 'HEAD': raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND return page(title=_("Collection %(x_colname)s Not Found", x_colname=cgi.escape(c)), body=page_body, description=(CFG_SITE_NAME + ' - ' + _("Not found") + ': ' + cgi.escape(str(c))), keywords="%s" % CFG_SITE_NAME, uid=uid, language=ln, req=req, navmenuid='search') from flask import redirect, url_for return redirect(url_for('collections.collection', name=collection.name))
def _notify_success_user(email_user, original_filename, recid, submission_title, ln=invenio.config.CFG_SITE_LANG): """Sends an success notification to the specified address of the user. Is called by process_batch_job() if the processing was successful. @param email_user: email address of the user @type email_user: string @param email_admin: email address of the admin @type email_admin: string """ uid = emailUnique(email_user) if uid != -1 and uid != 0: language = getval(get_user_preferences(uid), "language") if language: ln = language _ = gettext_set_language(ln) rec_url = invenio.config.CFG_SITE_URL + "/record/" + str(recid) template = ( "<br/>" + _("Your video submission%(submission_title)s was successfully processed.") + "<br/><br/>" + _("The file you uploaded was %(input_filename)s.") + "<br/><br/>" + _("Your video is now available here: %(record_url)s.") + "<br/>" + _( "If the videos quality is not as expected, you might want to take " "a look at %(guidelines_url)s" " and modify or redo your submission." ) ) text = template % { "input_filename": "%s" % original_filename, "submission_title": " %s" % submission_title, "record_url": "%s" % rec_url, "guidelines_url": "localhost", } text = text.replace("<br/>", "\n") html_text = template % { "input_filename": "<strong>%s</strong>" % original_filename, "submission_title": " <strong>%s</strong>" % submission_title, "record_url": '<a href="%s">%s</a>' % (rec_url, rec_url), "guidelines_url": '<a href="locahost">%s</a>' % _("the video guidelines"), } send_email( fromaddr=invenio.config.CFG_SITE_ADMIN_EMAIL, toaddr=email_user, subject="Your video submission is now complete", content=text, html_content=html_text, )
def _notify_error_user(email_user, original_filename, recid, submission_title, ln=invenio.config.CFG_SITE_LANG): """Sends an error notification to the specified address of the user. Is called by process_batch_job() if an error occured during the processing. @param email_user: email address of the user @type email_user: string @param email_admin: email address of the admin @type email_admin: string """ if not email_user: return uid = emailUnique(email_user) if uid != -1 and uid != 0: language = getval(get_user_preferences(uid), "language") if language: ln = language _ = gettext_set_language(ln) rec_url = invenio.config.CFG_SITE_URL + "/record/" + str(recid) template = ( "<br/>" + _("We are sorry, a problem has occured during the processing of" " your video upload%(submission_title)s.") + "<br/><br/>" + _("The file you uploaded was %(input_filename)s.") + "<br/><br/>" + _("Your video might not be fully available until intervention.") + "<br/>" + _("You can check the status of your video here: %(record_url)s.") + "<br/>" + _("You might want to take a look at " " %(guidelines_url)s" " and modify or redo your submission.") ) text = template % { "input_filename": "%s" % original_filename, "submission_title": " %s" % submission_title, "record_url": "%s" % rec_url, "guidelines_url": "localhost", } text = text.replace("<br/>", "\n") html_text = template % { "input_filename": "<strong>%s</strong>" % original_filename, "submission_title": " <strong>%s</strong>" % submission_title, "record_url": '<a href="%s">%s</a>' % (rec_url, rec_url), "guidelines_url": '<a href="locahost">%s</a>' % _("the video guidelines"), } send_email( fromaddr=invenio.config.CFG_SITE_ADMIN_EMAIL, toaddr=email_user, subject="Problem during the processing of your video", content=text, html_content=html_text, )
def _notify_success_user(email_user, original_filename, recid, submission_title, ln=invenio.config.CFG_SITE_LANG): """Sends an success notification to the specified address of the user. Is called by process_batch_job() if the processing was successful. @param email_user: email address of the user @type email_user: string @param email_admin: email address of the admin @type email_admin: string """ uid = emailUnique(email_user) if uid != -1 and uid != 0: language = getval(get_user_preferences(uid), "language") if language: ln = language _ = gettext_set_language(ln) rec_url = invenio.config.CFG_SITE_URL + "/record/" + str(recid) template = ( "<br/>" + _("Your video submission%(submission_title)s was successfully processed." ) + "<br/><br/>" + _("The file you uploaded was %(input_filename)s.") + "<br/><br/>" + _("Your video is now available here: %(record_url)s.") + "<br/>" + _("If the videos quality is not as expected, you might want to take " "a look at %(guidelines_url)s" " and modify or redo your submission.")) text = template % { "input_filename": "%s" % original_filename, "submission_title": " %s" % submission_title, "record_url": "%s" % rec_url, "guidelines_url": "localhost" } text = text.replace("<br/>", "\n") html_text = template % { "input_filename": "<strong>%s</strong>" % original_filename, "submission_title": " <strong>%s</strong>" % submission_title, "record_url": "<a href=\"%s\">%s</a>" % (rec_url, rec_url), "guidelines_url": "<a href=\"locahost\">%s</a>" % _("the video guidelines") } send_email(fromaddr=invenio.config.CFG_SITE_ADMIN_EMAIL, toaddr=email_user, subject="Your video submission is now complete", content=text, html_content=html_text)
def __call__(self, req, form): """ Perform a search. """ argd = wash_search_urlargd(form) _ = gettext_set_language(argd['ln']) if req.method == 'POST': raise apache.SERVER_RETURN, apache.HTTP_METHOD_NOT_ALLOWED uid = getUid(req) user_info = collect_user_info(req) if uid == -1: return page_not_authorized(req, "../", text=_("You are not authorized to view this area."), navmenuid='search') elif uid > 0: pref = get_user_preferences(uid) try: if 'rg' not in form: # fetch user rg preference only if not overridden via URL argd['rg'] = int(pref['websearch_group_records']) except (KeyError, ValueError): pass if argd['rg'] > CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS and acc_authorize_action(req, 'runbibedit')[0] != 0: argd['rg'] = CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS involved_collections = set() involved_collections.update(argd['c']) involved_collections.add(argd['cc']) if argd['id'] > 0: argd['recid'] = argd['id'] if argd['idb'] > 0: argd['recidb'] = argd['idb'] if argd['sysno']: tmp_recid = find_record_from_sysno(argd['sysno']) if tmp_recid: argd['recid'] = tmp_recid if argd['sysnb']: tmp_recid = find_record_from_sysno(argd['sysnb']) if tmp_recid: argd['recidb'] = tmp_recid if argd['recid'] > 0: if argd['recidb'] > argd['recid']: # Hack to check if among the restricted collections # at least a record of the range is there and # then if the user is not authorized for that # collection. recids = intbitset(xrange(argd['recid'], argd['recidb'])) restricted_collection_cache.recreate_cache_if_needed() for collname in restricted_collection_cache.cache: (auth_code, auth_msg) = acc_authorize_action(user_info, VIEWRESTRCOLL, collection=collname) if auth_code and user_info['email'] == 'guest': coll_recids = get_collection_reclist(collname) if coll_recids & recids: cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : collname}) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : CFG_SITE_SECURE_URL + req.unparsed_uri}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text=auth_msg, \ navmenuid='search') else: involved_collections.add(guess_primary_collection_of_a_record(argd['recid'])) # If any of the collection requires authentication, redirect # to the authentication form. for coll in involved_collections: if collection_restricted_p(coll): (auth_code, auth_msg) = acc_authorize_action(user_info, VIEWRESTRCOLL, collection=coll) if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : coll}) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : CFG_SITE_SECURE_URL + req.unparsed_uri}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text=auth_msg, \ navmenuid='search') #check if the user has rights to set a high wildcard limit #if not, reduce the limit set by user, with the default one if CFG_WEBSEARCH_WILDCARD_LIMIT > 0 and (argd['wl'] > CFG_WEBSEARCH_WILDCARD_LIMIT or argd['wl'] == 0): auth_code, auth_message = acc_authorize_action(req, 'runbibedit') if auth_code != 0: argd['wl'] = CFG_WEBSEARCH_WILDCARD_LIMIT # only superadmins can use verbose parameter for obtaining debug information if not isUserSuperAdmin(user_info): argd['verbose'] = 0 # Keep all the arguments, they might be reused in the # search_engine itself to derivate other queries req.argd = argd # mod_python does not like to return [] in case when of=id: out = perform_request_search(req, **argd) if isinstance(out, intbitset): return out.fastdump() elif out == []: return str(out) else: return out
def __call__(self, req, form): argd = wash_search_urlargd(form) argd['recid'] = self.recid argd['tab'] = self.tab # do we really enter here ? if self.format is not None: argd['of'] = self.format req.argd = argd uid = getUid(req) if uid == -1: return page_not_authorized(req, "../", text="You are not authorized to view this record.", navmenuid='search') elif uid > 0: pref = get_user_preferences(uid) try: if 'rg' not in form: # fetch user rg preference only if not overridden via URL argd['rg'] = int(pref['websearch_group_records']) except (KeyError, ValueError): pass user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_record(user_info, self.recid) if argd['rg'] > CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS and acc_authorize_action(req, 'runbibedit')[0] != 0: argd['rg'] = CFG_WEBSEARCH_MAX_RECORDS_IN_GROUPS #check if the user has rights to set a high wildcard limit #if not, reduce the limit set by user, with the default one if CFG_WEBSEARCH_WILDCARD_LIMIT > 0 and (argd['wl'] > CFG_WEBSEARCH_WILDCARD_LIMIT or argd['wl'] == 0): if acc_authorize_action(req, 'runbibedit')[0] != 0: argd['wl'] = CFG_WEBSEARCH_WILDCARD_LIMIT # only superadmins can use verbose parameter for obtaining debug information if not isUserSuperAdmin(user_info): argd['verbose'] = 0 if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : guess_primary_collection_of_a_record(self.recid)}) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : CFG_SITE_SECURE_URL + req.unparsed_uri}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text=auth_msg, \ navmenuid='search') from invenio.legacy.search_engine import record_exists, get_merged_recid # check if the current record has been deleted # and has been merged, case in which the deleted record # will be redirect to the new one record_status = record_exists(argd['recid']) merged_recid = get_merged_recid(argd['recid']) if record_status == -1 and merged_recid: url = CFG_SITE_URL + '/' + CFG_SITE_RECORD + '/%s?ln=%s' url %= (str(merged_recid), argd['ln']) redirect_to_url(req, url) elif record_status == -1: req.status = apache.HTTP_GONE ## The record is gone! # mod_python does not like to return [] in case when of=id: out = perform_request_search(req, **argd) if isinstance(out, intbitset): return out.fastdump() elif out == []: return str(out) else: return out
def perform_set(email, ln, can_config_bibcatalog = False, verbose = 0): """Perform_set(email,password): edit your account parameters, email and password. If can_config_bibcatalog is True, show the bibcatalog dialog (if configured). """ try: res = run_sql("SELECT id, nickname FROM user WHERE email=%s", (email,)) uid = res[0][0] nickname = res[0][1] except: uid = 0 nickname = "" CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL = CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS prefs = get_user_preferences(uid) if prefs['login_method'] in CFG_EXTERNAL_AUTHENTICATION and CFG_EXTERNAL_AUTHENTICATION[prefs['login_method']] is not None: CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL = 3 out = websession_templates.tmpl_user_preferences( ln = ln, email = email, email_disabled = (CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 2), password_disabled = (CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 3), nickname = nickname, ) if len(CFG_EXTERNAL_AUTHENTICATION) > 1: try: uid = run_sql("SELECT id FROM user where email=%s", (email,)) uid = uid[0][0] except: uid = 0 current_login_method = prefs['login_method'] methods = CFG_EXTERNAL_AUTHENTICATION.keys() # Filtering out methods that don't provide user_exists to check if # a user exists in the external auth method before letting him/her # to switch. for method in methods: if CFG_EXTERNAL_AUTHENTICATION[method] is not None: try: if not CFG_EXTERNAL_AUTHENTICATION[method].user_exists(email): methods.remove(method) except (AttributeError, InvenioWebAccessExternalAuthError, NotImplementedError): methods.remove(method) methods.sort() if len(methods) > 1: out += websession_templates.tmpl_user_external_auth( ln = ln, methods = methods, current = current_login_method, method_disabled = (CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS >= 4) ) current_group_records = prefs.get('websearch_group_records', 10) show_latestbox = prefs.get('websearch_latestbox', True) show_helpbox = prefs.get('websearch_helpbox', True) out += websession_templates.tmpl_user_websearch_edit( ln = ln, current = current_group_records, show_latestbox = show_latestbox, show_helpbox = show_helpbox, ) preferred_lang = prefs.get('language', ln) out += websession_templates.tmpl_user_lang_edit( ln = ln, preferred_lang = preferred_lang ) keys_info = web_api_key.show_web_api_keys(uid=uid) out+=websession_templates.tmpl_user_api_key( ln = ln, keys_info = keys_info ) #show this dialog only if the system has been configured to use a ticket system from invenio.config import CFG_BIBCATALOG_SYSTEM if CFG_BIBCATALOG_SYSTEM and can_config_bibcatalog: bibcatalog_username = prefs.get('bibcatalog_username', "") bibcatalog_password = prefs.get('bibcatalog_password', "") out += websession_templates.tmpl_user_bibcatalog_auth(bibcatalog_username, \ bibcatalog_password, ln=ln) if verbose >= 9: for key, value in prefs.items(): out += "<b>%s</b>:%s<br />" % (key, value) out += perform_display_external_user_settings(prefs, ln) return out
def perform_set(email, ln, can_config_bibcatalog=False, can_config_profiling=False, verbose=0, csrf_token=''): """Perform_set(email,password): edit your account parameters, email and password. If can_config_bibcatalog is True, show the bibcatalog dialog (if configured). """ try: res = run_sql("SELECT id, nickname FROM user WHERE email=%s", (email,)) uid = res[0][0] nickname = res[0][1] except IndexError: uid = 0 nickname = "" CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL = CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS prefs = get_user_preferences(uid) if prefs['login_method'] in CFG_EXTERNAL_AUTHENTICATION and CFG_EXTERNAL_AUTHENTICATION[prefs['login_method']] is not None: CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL = 3 out = websession_templates.tmpl_user_preferences( ln = ln, email = email, email_disabled = (CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 2), password_disabled = (CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 3), nickname = nickname, csrf_token = csrf_token ) current_group_records = prefs.get('websearch_group_records', 10) show_latestbox = prefs.get('websearch_latestbox', True) show_helpbox = prefs.get('websearch_helpbox', True) out += websession_templates.tmpl_user_websearch_edit( ln = ln, current = current_group_records, show_latestbox = show_latestbox, show_helpbox = show_helpbox, csrf_token = csrf_token, ) preferred_lang = prefs.get('language', ln) out += websession_templates.tmpl_user_lang_edit( ln = ln, preferred_lang = preferred_lang, csrf_token = csrf_token, ) keys_info = web_api_key.show_web_api_keys(uid=uid) out+=websession_templates.tmpl_user_api_key( ln = ln, keys_info = keys_info, csrf_token = csrf_token, ) #show this dialog only if the system has been configured to use a ticket system from invenio.config import CFG_BIBCATALOG_SYSTEM if CFG_BIBCATALOG_SYSTEM and can_config_bibcatalog: bibcatalog_username = prefs.get('bibcatalog_username', "") bibcatalog_password = prefs.get('bibcatalog_password', "") out += websession_templates.tmpl_user_bibcatalog_auth(bibcatalog_username, bibcatalog_password, ln=ln, csrf_token=csrf_token) if can_config_profiling: out += websession_templates.tmpl_user_profiling_settings(ln=ln, enable_profiling=prefs.get('enable_profiling'), csrf_token=csrf_token) if verbose >= 9: for key, value in prefs.items(): out += "<b>%s</b>:%s<br />" % (key, value) out += perform_display_external_user_settings(prefs, ln) return out
def perform_set(email, ln, can_config_bibcatalog=False, can_config_profiling=False, verbose=0, csrf_token=''): """Perform_set(email,password): edit your account parameters, email and password. If can_config_bibcatalog is True, show the bibcatalog dialog (if configured). """ try: res = run_sql("SELECT id, nickname FROM user WHERE email=%s", (email, )) uid = res[0][0] nickname = res[0][1] except IndexError: uid = 0 nickname = "" CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL = CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS prefs = get_user_preferences(uid) if prefs[ 'login_method'] in CFG_EXTERNAL_AUTHENTICATION and CFG_EXTERNAL_AUTHENTICATION[ prefs['login_method']] is not None: CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL = 3 out = websession_templates.tmpl_user_preferences( ln=ln, email=email, email_disabled=(CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 2), password_disabled=(CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 3), nickname=nickname, csrf_token=csrf_token) current_group_records = prefs.get('websearch_group_records', 10) show_latestbox = prefs.get('websearch_latestbox', True) show_helpbox = prefs.get('websearch_helpbox', True) out += websession_templates.tmpl_user_websearch_edit( ln=ln, current=current_group_records, show_latestbox=show_latestbox, show_helpbox=show_helpbox, csrf_token=csrf_token, ) preferred_lang = prefs.get('language', ln) out += websession_templates.tmpl_user_lang_edit( ln=ln, preferred_lang=preferred_lang, csrf_token=csrf_token, ) keys_info = web_api_key.show_web_api_keys(uid=uid) out += websession_templates.tmpl_user_api_key( ln=ln, keys_info=keys_info, csrf_token=csrf_token, ) #show this dialog only if the system has been configured to use a ticket system from invenio.config import CFG_BIBCATALOG_SYSTEM if CFG_BIBCATALOG_SYSTEM and can_config_bibcatalog: bibcatalog_username = prefs.get('bibcatalog_username', "") bibcatalog_password = prefs.get('bibcatalog_password', "") out += websession_templates.tmpl_user_bibcatalog_auth( bibcatalog_username, bibcatalog_password, ln=ln, csrf_token=csrf_token) if can_config_profiling: out += websession_templates.tmpl_user_profiling_settings( ln=ln, enable_profiling=prefs.get('enable_profiling'), csrf_token=csrf_token) if verbose >= 9: for key, value in prefs.items(): out += "<b>%s</b>:%s<br />" % (key, value) out += perform_display_external_user_settings(prefs, ln) return out
def display_collection(req, c, aas, verbose, ln, em=""): """Display search interface page for collection c by looking in the collection cache.""" _ = gettext_set_language(ln) req.argd = drop_default_urlargd({'aas': aas, 'verbose': verbose, 'ln': ln, 'em' : em}, search_interface_default_urlargd) if em != "": em = em.split(",") # get user ID: try: uid = getUid(req) user_preferences = {} if uid == -1: return page_not_authorized(req, "../", text="You are not authorized to view this collection", navmenuid='search') elif uid > 0: user_preferences = get_user_preferences(uid) except Error: register_exception(req=req, alert_admin=True) return page(title=_("Internal Error"), body=create_error_box(req, verbose=verbose, ln=ln), description="%s - Internal Error" % CFG_SITE_NAME, keywords="%s, Internal Error" % CFG_SITE_NAME, language=ln, req=req, navmenuid='search') # start display: req.content_type = "text/html" req.send_http_header() # deduce collection id: colID = get_colID(get_coll_normalised_name(c)) if type(colID) is not int: page_body = '<p>' + (_("Sorry, collection %(x_colname)s does not seem to exist.", x_colname='<strong>' + str(c) + '</strong>',)) + '</p>' page_body = '<p>' + (_("You may want to start browsing from %(x_sitehref)s.", x_sitehref='<a href="' + CFG_SITE_URL + '?ln=' + ln + '">' + get_coll_i18nname(CFG_SITE_NAME, ln) + '</a>')) + '</p>' if req.method == 'HEAD': raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND return page(title=_("Collection %(x_colname)s Not Found", x_colname=cgi.escape(c)), body=page_body, description=(CFG_SITE_NAME + ' - ' + _("Not found") + ': ' + cgi.escape(str(c))), keywords="%s" % CFG_SITE_NAME, uid=uid, language=ln, req=req, navmenuid='search') c_body, c_navtrail, c_portalbox_lt, c_portalbox_rt, c_portalbox_tp, c_portalbox_te, \ c_last_updated = perform_display_collection(colID, c, aas, ln, em, user_preferences.get('websearch_helpbox', 1)) if em == "" or EM_REPOSITORY["body"] in em: try: title = get_coll_i18nname(c, ln) except: title = "" else: title = "" show_title_p = True body_css_classes = [] if c == CFG_SITE_NAME: # Do not display title on home collection show_title_p = False body_css_classes.append('home') if len(collection_reclist_cache.cache.keys()) == 1: # if there is only one collection defined, do not print its # title on the page as it would be displayed repetitively. show_title_p = False if aas == -1: show_title_p = False if CFG_INSPIRE_SITE == 1: # INSPIRE should never show title, but instead use css to # style collections show_title_p = False body_css_classes.append(nmtoken_from_string(c)) # RSS: rssurl = CFG_SITE_URL + '/rss' rssurl_params = [] if c != CFG_SITE_NAME: rssurl_params.append('cc=' + quote(c)) if ln != CFG_SITE_LANG and \ c in CFG_WEBSEARCH_RSS_I18N_COLLECTIONS: rssurl_params.append('ln=' + ln) if rssurl_params: rssurl += '?' + '&'.join(rssurl_params) if 'hb' in CFG_WEBSEARCH_USE_MATHJAX_FOR_FORMATS: metaheaderadd = get_mathjax_header(req.is_https()) else: metaheaderadd = '' return page(title=title, body=c_body, navtrail=c_navtrail, description="%s - %s" % (CFG_SITE_NAME, c), keywords="%s, %s" % (CFG_SITE_NAME, c), metaheaderadd=metaheaderadd, uid=uid, language=ln, req=req, cdspageboxlefttopadd=c_portalbox_lt, cdspageboxrighttopadd=c_portalbox_rt, titleprologue=c_portalbox_tp, titleepilogue=c_portalbox_te, lastupdated=c_last_updated, navmenuid='search', rssurl=rssurl, body_css_classes=body_css_classes, show_title_p=show_title_p, show_header=em == "" or EM_REPOSITORY["header"] in em, show_footer=em == "" or EM_REPOSITORY["footer"] in em)
def authenticate(user, authorization_action, authorization_msg=""): """Authenticate the user against the user database. Check for its password, if it exists. Check for authorization_action access rights. Return user name upon authorization success, do system exit upon authorization failure. """ #FIXME return user # With SSO it's impossible to check for pwd if CFG_EXTERNAL_AUTH_USING_SSO or os.path.basename(sys.argv[0]) in CFG_VALID_PROCESSES_NO_AUTH_NEEDED: return user if authorization_msg: print(authorization_msg) print("=" * len(authorization_msg)) if user == "": print("\rUsername: "******"\n") sys.exit(1) except KeyboardInterrupt: sys.stderr.write("\n") sys.exit(1) else: print("\rUsername:"******"select id from user where email=%s", (user,), 1) + \ run_sql("select id from user where nickname=%s", (user,), 1) if not res: print("Sorry, %s does not exist." % user) sys.exit(1) else: uid = res[0][0] ok = False login_method = get_user_preferences(uid)['login_method'] if not CFG_EXTERNAL_AUTHENTICATION[login_method]: #Local authentication, let's see if we want passwords. res = run_sql("select id from user where id=%s " "and password=AES_ENCRYPT(email,'')", (uid,), 1) if res: ok = True if not ok: try: password_entered = getpass.getpass() except EOFError: sys.stderr.write("\n") sys.exit(1) except KeyboardInterrupt: sys.stderr.write("\n") sys.exit(1) if not CFG_EXTERNAL_AUTHENTICATION[login_method]: res = run_sql("select id from user where id=%s " "and password=AES_ENCRYPT(email, %s)", (uid, password_entered), 1) if res: ok = True else: if CFG_EXTERNAL_AUTHENTICATION[login_method].auth_user(get_email(uid), password_entered): ok = True if not ok: print("Sorry, wrong credentials for %s." % user) sys.exit(1) else: ## secondly check authorization for the authorization_action: (auth_code, auth_message) = acc_authorize_action(uid, authorization_action) if auth_code != 0: print(auth_message) sys.exit(1) return user
def send_email(self, req, form): # set all the declared query fields as local variables args = wash_urlargd(form, {'p_email': (str, None)}) uid = webuser.getUid(req) # load the right message language _ = gettext_set_language(args['ln']) if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return webuser.page_not_authorized(req, "../youraccount/send_email", navmenuid='youraccount') user_prefs = webuser.get_user_preferences(webuser.emailUnique(args['p_email'])) if user_prefs: if user_prefs['login_method'] in CFG_EXTERNAL_AUTHENTICATION and \ CFG_EXTERNAL_AUTHENTICATION[user_prefs['login_method']] is not None: eMsg = _("Cannot send password reset request since you are using external authentication system.") return page(title=_("Your Account"), body=webaccount.perform_emailMessage(eMsg, args['ln']), description="%s Personalize, Main page" % CFG_SITE_NAME_INTL.get(args['ln'], CFG_SITE_NAME), keywords=_("%(x_name)s, personalize", x_name=CFG_SITE_NAME_INTL.get(args['ln'], CFG_SITE_NAME)), uid=uid, req=req, secure_page_p = 1, language=args['ln'], lastupdated='', navmenuid='youraccount') try: reset_key = mail_cookie_create_pw_reset(args['p_email'], cookie_timeout=timedelta(days=CFG_WEBSESSION_RESET_PASSWORD_EXPIRE_IN_DAYS)) except InvenioWebAccessMailCookieError: reset_key = None if reset_key is None: eMsg = _("The entered email address does not exist in the database.") return page(title=_("Your Account"), body=webaccount.perform_emailMessage(eMsg, args['ln']), description="%s Personalize, Main page" % CFG_SITE_NAME_INTL.get(args['ln'], CFG_SITE_NAME), keywords=_("%(x_name)s, personalize", x_name=CFG_SITE_NAME_INTL.get(args['ln'], CFG_SITE_NAME)), uid=uid, req=req, secure_page_p = 1, language=args['ln'], lastupdated='', navmenuid='youraccount') ip_address = req.remote_host or req.remote_ip if not send_email(CFG_SITE_SUPPORT_EMAIL, args['p_email'], "%s %s" % (_("Password reset request for"), CFG_SITE_NAME_INTL.get(args['ln'], CFG_SITE_NAME)), websession_templates.tmpl_account_reset_password_email_body( args['p_email'],reset_key, ip_address, args['ln'])): eMsg = _("The entered email address is incorrect, please check that it is written correctly (e.g. [email protected]).") return page(title=_("Incorrect email address"), body=webaccount.perform_emailMessage(eMsg, args['ln']), description="%s Personalize, Main page" % CFG_SITE_NAME_INTL.get(args['ln'], CFG_SITE_NAME), keywords=_("%(x_name)s, personalize", x_name=CFG_SITE_NAME_INTL.get(args['ln'], CFG_SITE_NAME)), uid=uid, req=req, secure_page_p = 1, language=args['ln'], lastupdated='', navmenuid='youraccount') return page(title=_("Reset password link sent"), body=webaccount.perform_emailSent(args['p_email'], args['ln']), description="%s Personalize, Main page" % CFG_SITE_NAME_INTL.get(args['ln'], CFG_SITE_NAME), keywords=_("%(x_name)s, personalize", x_name=CFG_SITE_NAME_INTL.get(args['ln'], CFG_SITE_NAME)), uid=uid, req=req, secure_page_p = 1, language=args['ln'], lastupdated='', navmenuid='youraccount')
def perform_set(email, ln, can_config_bibcatalog=False, can_config_profiling=False, verbose=0, csrf_token=''): """Perform_set(email,password): edit your account parameters, email and password. If can_config_bibcatalog is True, show the bibcatalog dialog (if configured). """ try: res = run_sql("SELECT id, nickname FROM user WHERE email=%s", (email, )) uid = res[0][0] nickname = res[0][1] except IndexError: uid = 0 nickname = "" CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL = CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS prefs = get_user_preferences(uid) if prefs[ 'login_method'] in CFG_EXTERNAL_AUTHENTICATION and CFG_EXTERNAL_AUTHENTICATION[ prefs['login_method']] is not None: CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL = 3 out = websession_templates.tmpl_user_preferences( ln=ln, email=email, email_disabled=(CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 2), password_disabled=(CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS_LOCAL >= 3), nickname=nickname, csrf_token=csrf_token) if len(CFG_EXTERNAL_AUTHENTICATION) > 1: try: uid = run_sql("SELECT id FROM user where email=%s", (email, )) uid = uid[0][0] except IndexError: uid = 0 current_login_method = prefs['login_method'] methods = CFG_EXTERNAL_AUTHENTICATION.keys() # Filtering out methods that don't provide user_exists to check if # a user exists in the external auth method before letting him/her # to switch. for method in methods: if CFG_EXTERNAL_AUTHENTICATION[method] is not None: try: if not CFG_EXTERNAL_AUTHENTICATION[method].user_exists( email): methods.remove(method) except (AttributeError, InvenioWebAccessExternalAuthError, NotImplementedError): methods.remove(method) methods.sort() if len(methods) > 1: out += websession_templates.tmpl_user_external_auth( ln=ln, methods=methods, current=current_login_method, method_disabled=(CFG_ACCESS_CONTROL_LEVEL_ACCOUNTS >= 4), csrf_token=csrf_token, ) current_group_records = prefs.get('websearch_group_records', 10) show_latestbox = prefs.get('websearch_latestbox', True) show_helpbox = prefs.get('websearch_helpbox', True) out += websession_templates.tmpl_user_websearch_edit( ln=ln, current=current_group_records, show_latestbox=show_latestbox, show_helpbox=show_helpbox, csrf_token=csrf_token, ) preferred_lang = prefs.get('language', ln) out += websession_templates.tmpl_user_lang_edit( ln=ln, preferred_lang=preferred_lang, csrf_token=csrf_token, ) keys_info = web_api_key.show_web_api_keys(uid=uid) out += websession_templates.tmpl_user_api_key( ln=ln, keys_info=keys_info, csrf_token=csrf_token, ) #show this dialog only if the system has been configured to use a ticket system from invenio.config import CFG_BIBCATALOG_SYSTEM if CFG_BIBCATALOG_SYSTEM and can_config_bibcatalog: bibcatalog_username = prefs.get('bibcatalog_username', "") bibcatalog_password = prefs.get('bibcatalog_password', "") out += websession_templates.tmpl_user_bibcatalog_auth( bibcatalog_username, bibcatalog_password, ln=ln, csrf_token=csrf_token) if can_config_profiling: out += websession_templates.tmpl_user_profiling_settings( ln=ln, enable_profiling=prefs.get('enable_profiling'), csrf_token=csrf_token) if verbose >= 9: for key, value in prefs.items(): out += "<b>%s</b>:%s<br />" % (key, value) out += perform_display_external_user_settings(prefs, ln) return out