예제 #1
0
파일: wikiacl.py 프로젝트: ivanov/sycamore
    def __contains__(self, username):
        self._init_groupdict()
        if self.name == 'All':
            return True
        elif self.name == 'Known':
            return user.User(self.request,
                             id=user.getUserId(username, self.request)).valid
 
        if self.groupdict.has_key(username):
            return True 

        return False
예제 #2
0
파일: wikiacl.py 프로젝트: ivanov/sycamore
 def users(self, proper_names=False):
   """
   Returns a list of the user names belonging to the group.
   """
   self._init_groupdict()
   if not proper_names:
      return self.groupdict.keys()
   
   proper_names = []
   for username in self.groupdict.keys():
         user_id = user.getUserId(username, self.request)
         if user_id:
             proper_names.append(
                 user.User(self.request, id=user_id).propercased_name)
         else:
             proper_names.append(username)
   return proper_names
예제 #3
0
파일: infobar.py 프로젝트: ivanov/sycamore
def isUserPage(request, page):
    if (config.user_page_prefix and
        page.page_name.startswith(config.user_page_prefix.lower())):
        username = page.page_name[len(config.user_page_prefix):]
        return getUserId(username, request)
예제 #4
0
    def handleData(self, new_user=None):
        from Sycamore.Page import MAX_PAGENAME_LENGTH as MAX_USERNAME_LENGTH
        _ = self._
        form = self.request.form
        msg = ''
    
        isdisabled = False
        if form.get('disabled', [0])[0] == '1':
                isdisabled = True

        self.from_wiki = None
        if self.request.form.has_key('from_wiki'):
          self.from_wiki = self.request.form['from_wiki'][0].lower().strip()
          if not wikiutil.isInFarm(self.from_wiki, self.request):
            self.from_wiki = None

        new_user = int(form.get('new_user', [0])[0])
        # wiki farm authentication

        # we want them to be able to sign back in right after they
        # click the 'logout' GET link, hence this test
        is_form_logout = (form.has_key('qs') and 
                          urllib.unquote(form['qs'][0]) == 
                            'action=userform&logout=Logout')

        if (self.request.form.has_key('badlogin') and
            self.request.form['badlogin'][0]):
            _create_nologin_cookie(self.request)
            if config.wiki_farm:
                wiki_base_url = farm.getBaseFarmURL(self.request)
            else:
                wiki_base_url = '%s/' % self.request.getScriptname()
    
            return_string = ('Unknown username or wrong password.<br/><br/>'
                             'New user?  <a href="%s%s?new_user=1">Click here '
                             'to create an account!</a><br/><br/>'
                             'Forgot your password?  We\'ll email it to you.'
                             '<form action="%s" method="POST">'
                             '<input type="hidden" name="action" '
                                     'value="userform">'
                             'Email address: <input class="formfields" '
                                                    'type="text" name="email">'
                             '&nbsp;<input type="submit" class="formbutton" '
                                           'name="login_sendmail" '
                                           'value="Mail me my account data">'
                             '</form>' % (
                             wiki_base_url,
                             wikiutil.quoteWikiname(
                                config.page_user_preferences),
                             wiki_base_url))
            return return_string


        if (form.has_key('login_check') and form['login_check'][0] and
            form.has_key('backto_wiki') and form.has_key('backto_page')):
            backto_wiki = form['backto_wiki'][0]
            backto_page = form['backto_page'][0].encode(config.charset)
            if form.has_key('qs') and not is_form_logout:
                q_query_string = form['qs'][0]
            else:
                q_query_string = ''

            if self.request.user.valid:
                secret, stored_expire_time, session = \
                    self.request.user.cookie_dough
                if q_query_string:
                    url = ('%s?action=userform&backto_page=%s&qs=%s'
                           '&secret=%s&expire_time=%s&uid=%s&session=%s' % (
                            backto_page, urllib.quote(backto_page),
                            urllib.quote(q_query_string), urllib.quote(secret),
                            stored_expire_time, self.request.user.id,
                            urllib.quote(session)))
                else:
                     url = ('%s?action=userform&backto_page=%s&secret=%s'
                            '&expire_time=%s&uid=%s&session=%s' % (
                            backto_page, urllib.quote(backto_page),
                            urllib.quote(secret), stored_expire_time,
                            self.request.user.id, urllib.quote(session)))
            else:
                if q_query_string:
                    url = ('%s?action=userform&backto_page=%s&not_logged_in=1'
                           '&qs=%s' % (backto_page, urllib.quote(backto_page),
                                       urllib.quote(q_query_string)))
                else:
                     url = ('%s?action=userform&backto_page=%s&not_logged_in=1'
                            % (backto_page, urllib.quote(backto_page)))

            self.request.http_redirect(url) 
            return 

        # bounce-back wiki farm authentication
        if form.has_key('not_logged_in') and form.has_key('backto_page'):
            backto = urllib.unquote(form['backto_page'][0].encode(
                config.charset))
            if form.has_key('qs') and not is_form_logout:
                query_string = '?%s' % (urllib.unquote(form['qs'][0]
                                         ).encode(config.charset))
            else:
                query_string = ''
            url = '%s%s' % (backto, query_string)
            _create_nologin_cookie(self.request)
            self.request.http_redirect(url)
            return
        # bounce-back wiki farm authentication
        elif (form.has_key('uid') and form.has_key('secret') and
              form.has_key('session') and form.has_key('expire_time')):
            uid = form['uid'][0]
            secret = urllib.unquote(form['secret'][0])
            session = form['session'][0]
            expire_time = float(form['expire_time'][0])
            if form.has_key('backto_page'):
                backto_page = form['backto_page'][0]
            else:
                backto_page = '/' 
            if form.has_key('qs') and not is_form_logout:
                query_string = '?%s' % urllib.unquote(form['qs'][0])
            else:
                query_string = ''
            url = '%s%s' % (backto_page, query_string)
    
            self.request.http_redirect(url)
            self.request.user.sendCookie(self.request, expire=expire_time,
                                         sessionid=session, secret=secret,
                                         id=uid) 
            self.request.user.clearNologinCookie(self.request)
            return 

        if form.has_key('logout') or isdisabled:
            msg = ''
            if isdisabled:
                if not self.request.isPOST():
                    return "Use the interactive interface to change settings!"
                # disable the account
                self.request.user.disabled = 1
                # save user's profile
                self.request.user.save()
                msg = '<p>%s</p>' % _("Your account has been disabled.")

            # clear the cookie in the browser and locally
            try:
                cookie = Cookie.SimpleCookie(self.request.saved_cookie)
            except Cookie.CookieError:
                # ignore invalid cookies
                cookie = None
            else:
                if config.wiki_farm:
                    cookie_id = wikiutil.quoteCookiename(
                        config.wiki_base_domain + ',ID')
                else:
                    cookie_id = wikiutil.quoteCookiename(
                        config.sitename + ',ID')

                if cookie.has_key(cookie_id):
                    self.removeSession(cookie[cookie_id].value)
                    cookie_dir = config.web_dir
                    if not cookie_dir: cookie_dir = '/'
                    domain = wikiutil.getCookieDomain(self.request)
                    expirestr = time.strftime("%A, %d-%b-%Y %H:%M:%S GMT",
                                              time.gmtime(0))
                    self.request.setHttpHeader(('Set-Cookie',
                        ('%s="%s"; domain=%s; path=%s; '
                         'expires=%s' % (
                         (cookie_id, cookie[cookie_id].value,
                          domain, cookie_dir, expirestr)))))

            self.request.saved_cookie = ''
            self.request.auth_username = ''
            self.request.user = user.User(self.request)
            return msg + _("Cookie deleted. You are now logged out.")
    
        if form.has_key('login_sendmail'):
            if not self.request.isPOST():
                return "Use the interactive interface to change settings!"
            if not config.mail_smarthost:
                return _('This wiki is not enabled for mail processing. '
                        'Contact the owner of the wiki, who can either enable '
                        'email, or remove the "Subscribe" icon.')
            try:
                email = form['email'][0]
            except KeyError:
                return _("Please provide a valid email address!")
    
            text = ''
            uid = user.getUserIdByEmail(email, self.request)
            if uid:
                theuser = user.User(self.request, uid)
                if theuser.valid:
                    code = self.createCode(theuser.id)
                    sitename = farm.getBaseWikiFullName(self.request)
                    if config.wiki_farm:
                        url = farm.getBaseFarmURL(self.request)
                    else:
                        url = '%s/' % self.request.getBaseURL()
                    text = ("Go here to automatically log into %s: "
                            "%s%s?action=userform&uid=%s&code=%s\n"
                            "Once you're logged in, you should change your "
                            "password in your settings "
                            "(you forgot your password, right?).\n\n"
                            "(The link in this email is good for "
                            "one use only.)" % (
                            sitename, url,
                            wikiutil.quoteWikiname(
                                config.page_user_preferences),
                            theuser.id, code))

            if not text:
                return _("Found no account matching the given email address "
                         "'%(email)s'!") % {'email': email}


            mailok, msg = util.mail.sendmail(self.request, [email], 
                'Your wiki account data', text, mail_from=config.mail_from)
            return wikiutil.escape(msg)

        if form.has_key('login') or form.has_key('uid'):
            uid = None

            if form.has_key('code') and form.has_key('uid'):
               given_uid = form['uid'][0].strip()
               given_code = form['code'][0].strip()
        
               given_code
               if self.isValidCode(given_uid, given_code):
                  uid = given_uid

            if uid:
                # we were given account information so let's
                # create an account -> log them in
                theuser = user.User(self.request, id=uid)
                msg = _("You are now logged in!  "
                        "Please change your password below!")
                # send the cookie
                theuser.sendCookie(self.request)
                self.request.user = theuser
                return msg
            else:
                # we weren't given information, so let's see
                # if they gave us a login/password

                # try to get the user name
                try:
                    name = form['username'][0].replace('\t', ' ').strip()
                except KeyError:
                    name = ''

                # try to get the password
                password = form.get('password',[''])[0]

                # load the user data and check for validness
                if name:
                    theuser = user.User(self.request, name=name,
                                        password=password, is_login=True)
                else:
                    theuser = user.User(self.request, id=uid, name=name,
                                        password=password, is_login=True)

                if config.wiki_farm:
                    wiki_base_url = farm.getBaseFarmURL(self.request)
                else:
                    wiki_base_url = '%s/' % self.request.getScriptname()

                if not theuser.valid:
                    if (not self.request.form.has_key('backto_wiki') or not
                        self.request.form['backto_wiki'][0]):
                        return_string = ('Unknown username or wrong password.'
                                         '<br/><br/>New user?  '
                                         '<a href="%s%s?new_user=1">'
                                         'Click here to create an account!</a>'
                                         '<br/><br/>Forgot your password?  '
                                         'We\'ll email it to you.'
                                         '<form action="%s" method="POST">'
                                         '<input type="hidden" name="action" '
                                                 'value="userform">'
                                         'Email address: '
                                         '<input class="formfields" '
                                                 'type="text" name="email">'
                                         '&nbsp;'
                                         '<input type="submit" '
                                                 'class="formbutton" '
                                                 'name="login_sendmail" '
                                                 'value="Mail me my account '
                                                         'data">'
                                         '</form>' % (
                                         wiki_base_url,
                                         wikiutil.quoteWikiname(
                                            config.page_user_preferences),
                                         wiki_base_url))

                        return return_string
                    else:
                        self.request.http_redirect(
                            urllib.unquote(
                                self.request.form['backto_page'][0].encode(
                                    config.charset)) +
                            '?action=userform&badlogin=1')
                        return

            # send the cookie
            theuser.sendCookie(self.request)
            self.request.user = theuser
            send_back_home(self.request, msg="You are now logged in!")
        else:
            if not self.request.isPOST():
                return """Use the interactive interface to change settings!"""
            # save user's profile, first get user instance
            theuser = user.User(self.request)
    
            # try to get the name
            # if name is empty or missing, return an error msg
            if (form.has_key('username') and
                form['username'][0].replace('\t', '').strip()):
                theuser.propercased_name = \
                    form['username'][0].replace('\t', ' ').strip()
                theuser.name = theuser.propercased_name.lower()
            elif form.has_key('username'):
                raise BadData, (_("Please enter a user name!"), new_user)
    
            if (self.request.user.name and
                (self.request.user.name != theuser.name)):
              # they are still logged on and are trying to make a new account
              raise BadData, (_("Please log out before creating an account."),
                              new_user)
            if user.getUserId(theuser.name, self.request):
                if theuser.name != self.request.user.name:
                    raise BadData, (_("User name already exists!"), new_user)
                else:
                    new_user = False

            if form.has_key('save') and form['save'][0] == 'Change password':
                # change password setting 

                # try to get the password and pw repeat
                password = form.get('password', [''])[0]
                password2 = form.get('password2',[''])[0]

                # Check if password is given and matches with password repeat
                if password != password2:
                    raise BadData, (_("Passwords don't match!"), new_user)
                if not password and new_user:
                    raise BadData, (_("Please specify a password!"), new_user)
                if password:
                    theuser.enc_password = user.generate_hash(password)

                self._clear_all_sessions_except_current()

                msg = _("Password changed!")
            else:
                # process general settings

                # tr to get the email
                theuser.email = form.get('email', [''])[0]

                if theuser.email:
                    email_user_id = user.getUserIdByEmail(theuser.email,
                                                          self.request)
                else:
                    email_user_id = None
                if not theuser.email or not re.match(".+@.+\..{2,}",
                                                     theuser.email):
                    raise BadData, (_("Please provide your email address - "
                                      "without that you could not "
                                      "get your login data via email just in "
                                      "case you lose it."), new_user)
                elif email_user_id and email_user_id != theuser.id:
                    raise BadData, (_("Somebody else has already registered "
                                      "with the email address \"%s\", please "
                                      "pick something else." % theuser.email),
                                    new_user)
        
                # editor size
                theuser.edit_rows = util.web.getIntegerInput(self.request,
                    'edit_rows', theuser.edit_rows, 10, 60)
                theuser.edit_cols = util.web.getIntegerInput(self.request,
                    'edit_cols', theuser.edit_cols, 30, 100)
        
                # time zone
                tz = form.get('tz', theuser.tz)[0]
                if tz not in pytz.common_timezones:
                    tz = theuser.tz
                theuser.tz = tz
        
                wiki_for_userpage = form.get('wiki_for_userpage',
                                             [''])[0].lower()
                if (wiki_for_userpage and not
                    wikiutil.isInFarm(wiki_for_userpage, self.request)):
                    raise BadData, (_('"%s" is not the name of a wiki.' % (
                                      wiki_for_userpage)), new_user)
                if wiki_for_userpage != theuser.wiki_for_userpage:
                    # they have changed the wiki! time to do
                    # something differently
                    msg = _("<p>User preferences saved!</p>"
                            "<p><strong>Note:</strong> It may take a bit for "
                            "all links to your name to point to the "
                            "new wiki.</p>")
                    theuser.wiki_for_userpage = wiki_for_userpage

                # User CSS URL
                theuser.css_url = form.get('css_url', [''])[0]
        
                # try to get the (optional) preferred language
                #theuser.language = form.get('language', [''])[0]
    
                # checkbox options
                keys = []
                for key in user_checkbox_fields:
                    value = form.get(key, [0])[0]
                    try:
                        value = int(value)
                    except ValueError:
                        pass
                    setattr(theuser, key, value)
        
            if new_user:
                # strip spaces, we don't allow them anyway
                theuser.propercased_name = theuser.propercased_name.strip() 
                theuser.name = theuser.propercased_name.lower()
                if not theuser.name.strip():
                    raise BadData, (_("Please provide a user name!"), new_user)
                elif theuser.propercased_name.find(' ') != -1:
                    raise BadData, (_("Invalid username: spaces are not "
                                      "allowed in user names"), new_user)
                elif re.search('[%s]' % re.escape(USER_NOT_ALLOWED_CHARS),
                               theuser.propercased_name):
                    raise BadData, (_("Invalid username: the characters "
                                      "%s are not allowed in usernames." % (
                                      wikiutil.escape(
                                        USER_NOT_ALLOWED_CHARS))),
                                    new_user)
                # messes up subpages. 
                # '/' isn't allowed, so we just disallow this and we're cool.
                elif theuser.name == '..' or theuser.name == '.': 
                    raise BadData, (_("Invalid username: okay, seriously, "
                                      "that's a pretty lame name.  "
                                      "Pick something better!"), new_user)
                elif len(theuser.propercased_name) > MAX_USERNAME_LENGTH:
                    raise BadData, (_("Invalid username: a username can be "
                                      "at most %s characters long." % (
                                      MAX_USERNAME_LEGNTH)), new_user)
                elif (not theuser.email or not
                      re.match(".+@.+\..{2,}", theuser.email)):
                    raise BadData, (_("Please provide your email address - "
                                      "without that you could not get your " 
                                      "login data via email just in case you "
                                      "lose it."), new_user)
                name_exists = user.getUserId(theuser.name, self.request)
                if name_exists:
                    raise BadData, (_("This user name already belongs to "
                                      "somebody else."), new_user)
                email_exists = user.getUserIdByEmail(theuser.email,
                                                     self.request)
                if email_exists:
                    raise BadData, (_("This email already belongs to somebody "
                                      "else."), new_user)

                # try to get the password and pw repeat
                password = form.get('password', [''])[0]
                password2 = form.get('password2',[''])[0]

                # Check if password is given and matches with password repeat
                if password != password2:
                    raise BadData, (_("Passwords don't match!"), new_user)
                if not password and new_user:
                    raise BadData, (_("Please specify a password!"), new_user)
                if password:
                    theuser.enc_password = user.generate_hash(password)

                theuser.anonymous = False


            # save data and send cookie
            theuser.save(new_user=new_user)
            theuser.sendCookie(self.request)
            self.request.user = theuser
    

            from Sycamore.formatter.text_html import Formatter
            formatter = Formatter(self.request)

            if not new_user:
              if not msg:
                msg = _("User preferences saved!")
              if self.from_wiki:
                go_back_to_wiki = farm.link_to_wiki(self.from_wiki, formatter)
                msg = ('%s<br/><br/>Wanna go '
                       'back to %s?' % (msg, go_back_to_wiki))
            else:
              msg = _("Account created!  You are now logged in.")
              self.request.user.valid = 1
              if (self.from_wiki and self.from_wiki.lower() !=
                                     farm.getBaseWikiName()):
                go_back_to_wiki = farm.link_to_wiki(self.from_wiki, formatter)
                msg = ('%s<br/><br/>Head back over to %s and your new account '
                      'should work there!' % (msg, go_back_to_wiki))
            if _debug:
                msg = msg + util.dumpFormData(form)
            return msg
예제 #5
0
def display_edits(request, userpage, on_pagename):
    def printNextPrev(request, pagename, last_edit, offset_given):
        """
        prints the next and previous links, if they're needed.
        """
        if last_edit == 1 and not offset_given:
            return 

        html = []
        if last_edit != 1:
            html.append(
                '<div class="actionBoxes" '
                     'style="margin-right:10px !important; '
                            'float: left !important;">'
                '<span>'
                    '<a href="%s/%s?action=userinfo&offset=%s">'
                        '&larr;previous edits'
                    '</a>'
                '</span></div>' %
                (request.getBaseURL(), pagename, offset_given+1))
        if offset_given:
            html.append(
                '<div class="actionBoxes" style="float: left !important;">'
                '<span>'
                '<a href="%s/%s?action=userinfo&offset=%s">'
                    'next edits&rarr;'
                '</a>'
                '</span></div>' %
                (request.getBaseURL(), pagename, offset_given-1))
        html.append('<div style="clear: both;"></div>')

        return [''.join(html)]


    _ = request.getText

    edits = TupleDataset()
    edits.columns = [
        Column('page', label=_('Page')),
        Column('mtime', label=_('Date'), align='right'),
        Column('ip', label=_('From IP')),
        Column('comment', label=_('Comment')),
    ]

    if config.wiki_farm:
        edits.columns.insert(1, Column('wiki', label=_('Wiki')))

    has_edits = False
    totalEdits = editedPages = 0
    editedWiki = 0

    this_edit = 0
    offset_given = int(request.form.get('offset', [0])[0])
    if not offset_given: 
        offset = 0
    else:
        offset = offset_given*100 - offset_given

    userid = getUserId(userpage, request)
    request.cursor.execute("""SELECT count(editTime) from allPages
                              where userEdited=%(userid)s""",
                           {'userid':userid})
    count_result = request.cursor.fetchone()

    if count_result: 
        totalEdits = count_result[0]

    request.cursor.execute("""SELECT count(DISTINCT name) from allPages
                              where userEdited=%(userid)s""",
                           {'userid':userid})
    count_result = request.cursor.fetchone()
    
    if count_result:
        editedPages = count_result[0]

    request.cursor.execute("""SELECT count(DISTINCT wiki_id) from allPages
                              where userEdited=%(userid)s""",
                           {'userid':userid})
    wiki_count_result = request.cursor.fetchone()
    if wiki_count_result:
        editedWikis = wiki_count_result[0]

    request.cursor.execute(
        """SELECT allPages.name, allPages.editTime, allPages.userIP,
                  allPages.editType, allPages.comment, wikis.name
           from allPages, wikis
           where allPages.userEdited=%(userid)s and
                 wikis.id=allPages.wiki_id
           order by editTime desc limit 100 offset %(offset)s""",
       {'userid':userid, 'offset':offset})
    results = request.cursor.fetchall()

    if results:
        has_edits = True
    
    count = 1
    original_wiki = request.config.wiki_name
    for edit in results:
        this_edit = 1 + totalEdits - count - offset

        pagename = edit[0]
        mtime = edit[1]
        userIp = '<a href="http://revip.info/ipinfo/%s" tooltip="%s">%s</a>' % (edit[2], edit[2], edit[2])
        editType = edit[3]
        comment = edit[4]
        wiki_name = edit[5]

        request.switch_wiki(wiki_name)
        page = Page(pagename, request, wiki_name=wiki_name)

        version = page.date_to_version_number(mtime)

        if request.user.may.read(page):
            may_read = True
            show_page = page.link_to(
                querystr='action=diff&amp;version2=%s&amp;version1=%s' %
                    (version, version-1),
                guess_case=True, absolute=True)
            formatted_mtime = request.user.getFormattedDateTime(mtime)
            comment = Comment(request, comment, editType).render()
        else:
            may_read = False
            show_page = """<em>hidden</em>"""
            userIp = '<em>hidden</em>'
            comment = '<em>hidden</em>'
            formatted_mtime = '<em>hidden</em>'
                     

        if config.wiki_farm:
            if may_read:
                farm_link = farm.link_to_wiki(wiki_name, request.formatter)
            else:
                farm_link = '<em>hidden</em>'
        
            edits.addRow((show_page,
                          farm_link,
                          formatted_mtime,
                          userIp,
                          comment))
        else:
            edits.addRow((show_page,
                          formatted_mtime,
                          userIp,
                          comment))
        count += 1

    request.switch_wiki(original_wiki)
    
    if has_edits:
        request.write('<p>This user has made <b>%d</b> edits to <b>%d</b> '
                      'pages' % (totalEdits, editedPages ))
        if config.wiki_farm:
            request.write(' on <b>%s</b> wikis' % editedWikis)
        request.write('.</p>')

        request.write('<div id="useredits">')
        edit_table = DataBrowserWidget(request)
        edit_table.setData(edits)
        edit_table.render(append=printNextPrev(request, on_pagename, this_edit,
                                               offset_given))
        request.write('</div>')
        request.write('<script type="text/javascript" src="/wiki/revipbox.js"></script>')
    else:
        request.write("<p>This user hasn't edited any pages.</p>")