def _do_create(self, req):
mgr = AccountManager(self.env)
user = req.args.get('user')
if not user:
req.hdf['registration.error'] = 'Username cannot be empty.'
return
if mgr.has_user(user):
req.hdf['registration.error'] = \
'Another account with that name already exists.'
return
# disallow registration of accounts which have existing permissions
permission_system = perm.PermissionSystem(self.env)
if permission_system.get_user_permissions(user) != \
permission_system.get_user_permissions('authenticated'):
req.hdf['registration.error'] = \
'Another account with that name already exists.'
return
password = req.args.get('password')
if not password:
req.hdf['registration.error'] = 'Password cannot be empty.'
return
if password != req.args.get('password_confirm'):
req.hdf['registration.error'] = 'The passwords must match.'
return
mgr.set_password(user, password)
req.redirect(self.env.href.login())
def process_request(self, req):
if 'email_verification_token' not in req.session:
chrome.add_notice(req, 'Your email is already verified')
elif req.method != 'POST':
pass
elif 'resend' in req.args:
mgr = AccountManager(self.env)
mgr._notify(
'email_verification_requested',
req.authname,
req.session['email_verification_token']
)
chrome.add_notice(req,
'A notification email has been resent to %s.',
req.session.get('email'))
elif 'verify' in req.args:
if req.args['token'] == req.session['email_verification_token']:
del req.session['email_verification_token']
chrome.add_notice(req, 'Thank you for verifying your email address')
else:
chrome.add_warning(req, 'Invalid verification token')
data = {}
if 'token' in req.args:
data['token'] = req.args['token']
return 'verify_email.html', data, None
def _do_create(self, req):
mgr = AccountManager(self.env)
user = req.args.get('user')
if not user:
req.hdf['registration.error'] = 'Username cannot be empty.'
return
if mgr.has_user(user):
req.hdf['registration.error'] = \
'Another account with that name already exists.'
return
# disallow registration of accounts which have existing permissions
permission_system = perm.PermissionSystem(self.env)
if permission_system.get_user_permissions(user) != \
permission_system.get_user_permissions('authenticated'):
req.hdf['registration.error'] = \
'Another account with that name already exists.'
return
password = req.args.get('password')
if not password:
req.hdf['registration.error'] = 'Password cannot be empty.'
return
if password != req.args.get('password_confirm'):
req.hdf['registration.error'] = 'The passwords must match.'
return
mgr.set_password(user, password)
req.redirect(self.env.href.login())
def _create_user(req, env, check_permissions=True):
mgr = AccountManager(env)
user = req.args.get('user')
name = req.args.get('name')
email = req.args.get('email')
acctmgr = {'username' : user,
'name' : name,
'email' : email,
}
error = TracError('')
error.acctmgr = acctmgr
if not user:
error.message = 'Username cannot be empty.'
raise error
if mgr.has_user(user):
error.message = 'Another account with that name already exists.'
raise error
if check_permissions:
# disallow registration of accounts which have existing permissions
permission_system = perm.PermissionSystem(env)
if permission_system.get_user_permissions(user) != \
permission_system.get_user_permissions('authenticated'):
error.message = 'Another account with that name already exists.'
raise error
# password = req.args.get('password')
# if not password:
# error.message = 'Password cannot be empty.'
# raise error
# if password != req.args.get('password_confirm'):
# error.message = 'The passwords must match.'
# raise error
db = env.get_db_cnx()
cursor = db.cursor()
cursor.execute("REPLACE INTO session "
"(sid, authenticated, last_visit) "
"VALUES (%s, 1, 0)",
(user,))
for key in ('name', 'email'):
value = req.args.get(key)
if not value:
continue
cursor.execute("REPLACE INTO session_attribute "
"(sid,authenticated,name,value) "
"VALUES (%s,1,%s,%s)",
(user, key, value))
db.commit()
try:
mgr.set_password(user, "setinldap")
except TracError, e:
e.acctmgr = acctmgr
raise e
def _do_delete(self, req):
user = req.authname
mgr = AccountManager(self.env)
password = req.args.get('password')
if not password:
return {'delete_error': 'Password cannot be empty.'}
if not mgr.check_password(user, password):
return {'delete_error': 'Password is incorrect.'}
mgr.delete_user(user)
req.redirect(req.href.logout())
def _do_delete(self, req):
user = req.authname
mgr = AccountManager(self.env)
password = req.args.get('password')
if not password:
req.hdf['account.delete_error'] = 'Password cannot be empty.'
return
if not mgr.check_password(user, password):
req.hdf['account.delete_error'] = 'Password is incorrect.'
return
mgr.delete_user(user)
req.redirect(self.env.href.logout())
def _create_user(req, env, check_permissions=True):
mgr = AccountManager(env)
user = req.args.get('user')
if not user:
raise TracError('Username cannot be empty.')
if mgr.has_user(user):
raise TracError('Another account with that name already exists.')
if check_permissions:
# disallow registration of accounts which have existing permissions
permission_system = perm.PermissionSystem(env)
if permission_system.get_user_permissions(user) != \
permission_system.get_user_permissions('authenticated'):
raise TracError('Another account with that name already exists.')
password = req.args.get('password')
if not password:
raise TracError('Password cannot be empty.')
if password != req.args.get('password_confirm'):
raise TracError('The passwords must match.')
mgr.set_password(user, password)
db = env.get_db_cnx()
cursor = db.cursor()
cursor.execute(
"SELECT count(*) FROM session "
"WHERE sid=%s AND authenticated=1", (user, ))
exists, = cursor.fetchone()
if not exists:
cursor.execute(
"INSERT INTO session "
"(sid, authenticated, last_visit) "
"VALUES (%s, 1, 0)", (user, ))
for key in ('name', 'email'):
value = req.args.get(key)
if not value:
continue
cursor.execute(
"UPDATE session_attribute SET value=%s "
"WHERE name=%s AND sid=%s AND authenticated=1", (value, key, user))
if not cursor.rowcount:
cursor.execute(
"INSERT INTO session_attribute "
"(sid,authenticated,name,value) "
"VALUES (%s,1,%s,%s)", (user, key, value))
db.commit()
def _create_user(req, env, check_permissions=True):
mgr = AccountManager(env)
user = req.args.get('user')
if not user:
raise TracError('Username cannot be empty.')
if mgr.has_user(user):
raise TracError('Another account with that name already exists.')
if check_permissions:
# disallow registration of accounts which have existing permissions
permission_system = perm.PermissionSystem(env)
if permission_system.get_user_permissions(user) != \
permission_system.get_user_permissions('authenticated'):
raise TracError('Another account with that name already exists.')
password = req.args.get('password')
if not password:
raise TracError('Password cannot be empty.')
if password != req.args.get('password_confirm'):
raise TracError('The passwords must match.')
mgr.set_password(user, password)
db = env.get_db_cnx()
cursor = db.cursor()
cursor.execute("SELECT count(*) FROM session "
"WHERE sid=%s AND authenticated=1",
(user,))
exists, = cursor.fetchone()
if not exists:
cursor.execute("INSERT INTO session "
"(sid, authenticated, last_visit) "
"VALUES (%s, 1, 0)",
(user,))
for key in ('name', 'email'):
value = req.args.get(key)
if not value:
continue
cursor.execute("UPDATE session_attribute SET value=%s "
"WHERE name=%s AND sid=%s AND authenticated=1",
(value, key, user))
if not cursor.rowcount:
cursor.execute("INSERT INTO session_attribute "
"(sid,authenticated,name,value) "
"VALUES (%s,1,%s,%s)",
(user, key, value))
db.commit()
def _do_reset_password(self, req):
if req.authname != 'anonymous':
req.hdf['reset.logged_in'] = True
req.hdf['account_href'] = req.href.account()
return
if req.method == 'POST':
username = req.args.get('username')
email = req.args.get('email')
if not username:
req.hdf['reset.error'] = 'Username is required'
return
if not email:
req.hdf['reset.error'] = 'Email is required'
return
for username_, name, email_ in self.env.get_known_users():
if username_ == username and email_ == email:
break
else:
req.hdf['reset.error'] = 'Username and email must match.'
return
notifier = PasswordResetNotification(self.env)
if email != notifier.email_map.get(username):
req.hdf['reset.error'] = 'The email and username do not ' \
'match a known account.'
return
new_password = self._random_password()
notifier.notify(username, new_password)
AccountManager(self.env).set_password(username, new_password)
req.hdf['reset.sent_to_email'] = email
def _remote_user(self, req):
user = req.args.get('user')
password = req.args.get('password')
if not user or not password:
return None
if AccountManager(self.env).check_password(user, password):
return user
return None
def _create_user(req, env, check_permissions=True):
mgr = AccountManager(env)
user = req.args.get('user')
name = req.args.get('name')
email = req.args.get('email')
acctmgr = {'username' : user,
'name' : name,
'email' : email,
}
error = TracError('')
error.acctmgr = acctmgr
if not user:
error.message = 'Username cannot be empty.'
raise error
if mgr.has_user(user):
error.message = 'Another account with that name already exists.'
raise error
if check_permissions:
# disallow registration of accounts which have existing permissions
permission_system = perm.PermissionSystem(env)
if permission_system.get_user_permissions(user) != \
permission_system.get_user_permissions('authenticated'):
error.message = 'Another account with that name already exists.'
raise error
password = req.args.get('password')
if not password:
error.message = 'Password cannot be empty.'
raise error
if password != req.args.get('password_confirm'):
error.message = 'The passwords must match.'
raise error
if not email:
error.message = 'You must provide an Email';
raise error
try:
mgr.set_password(user, password)
except TracError, e:
e.acctmge = acctmgr
raise e
def _do_reset_password(self, req):
if req.authname and req.authname != 'anonymous':
return {'logged_in': True}
if req.method != 'POST':
return {}
username = req.args.get('username')
email = req.args.get('email')
if not username:
return {'error': 'Username is required'}
if not email:
return {'error': 'Email is required'}
new_password = self._random_password()
mgr = AccountManager(self.env)
try:
mgr._notify('password_reset', username, email, new_password)
except Exception, e:
return {'error': ','.join(e.args)}
def _do_change_password(self, req):
user = req.authname
mgr = AccountManager(self.env)
old_password = req.args.get('old_password')
if not old_password:
return {'save_error': 'Old Password cannot be empty.'}
if not mgr.check_password(user, old_password):
return {'save_error': 'Old Password is incorrect.'}
password = req.args.get('password')
if not password:
return {'save_error': 'Password cannot be empty.'}
if password != req.args.get('password_confirm'):
return {'save_error': 'The passwords must match.'}
mgr.set_password(user, password)
return {'message': 'Password successfully updated.'}
def _do_account(self, req):
if req.authname == 'anonymous':
req.redirect(self.env.href.wiki())
action = req.args.get('action')
delete_enabled = AccountManager(self.env).supports('delete_user')
req.hdf['delete_enabled'] = delete_enabled
if req.method == 'POST':
if action == 'change_password':
self._do_change_password(req)
elif action == 'delete':
self._do_delete(req)
def _enable_check(self, log=False):
writable = AccountManager(self.env).supports('set_password')
ignore_case = auth.LoginModule(self.env).ignore_case
if log:
if not writable:
self.log.warn('RegistrationModule is disabled because the '
'password store does not support writing.')
if ignore_case:
self.log.warn('RegistrationModule is disabled because '
'ignore_auth_case is enabled in trac.ini. '
'This setting needs disabled to support '
'registration.')
return writable and not ignore_case
def _do_change_password(self, req):
user = req.authname
mgr = AccountManager(self.env)
old_password = req.args.get('old_password')
if not old_password:
req.hdf['account.save_error'] = 'Old Password cannot be empty.'
return
if not mgr.check_password(user, old_password):
req.hdf['account.save_error'] = 'Old Password is incorrect.'
return
password = req.args.get('password')
if not password:
req.hdf['account.save_error'] = 'Password cannot be empty.'
return
if password != req.args.get('password_confirm'):
req.hdf['account.save_error'] = 'The passwords must match.'
return
mgr.set_password(user, password)
req.hdf['account.message'] = 'Password successfully updated.'
def _do_change_password(self, req):
user = req.authname
password = req.args.get('password')
if not password:
req.hdf['account.error'] = 'Password cannot be empty.'
return
if password != req.args.get('password_confirm'):
req.hdf['account.error'] = 'The passwords must match.'
return
AccountManager(self.env).set_password(user, password)
req.hdf['account.message'] = 'Password successfully updated.'
def _do_reset_password(self, req):
if req.authname and req.authname != 'anonymous':
return {'logged_in': True}
if req.method != 'POST':
return {}
username = req.args.get('username')
email = req.args.get('email')
if not username:
return {'error': 'Username is required'}
if not email:
return {'error': 'Email is required'}
notifier = PasswordResetNotification(self.env)
if email != notifier.email_map.get(username):
return {'error': 'The email and username do not '
'match a known account.'}
new_password = self._random_password()
notifier.notify(username, new_password)
mgr = AccountManager(self.env)
mgr.set_password(username, new_password)
if mgr.force_passwd_change:
db = self.env.get_db_cnx()
cursor = db.cursor()
cursor.execute("UPDATE session_attribute SET value=%s "
"WHERE name=%s AND sid=%s AND authenticated=1",
(1, "force_change_passwd", username))
if not cursor.rowcount:
cursor.execute("INSERT INTO session_attribute "
"(sid,authenticated,name,value) "
"VALUES (%s,1,%s,%s)",
(username, "force_change_passwd", 1))
db.commit()
return {'sent_to_email': email}
def post_process_request(self, req, template, data, content_type):
if not req.session.authenticated:
# Anonymous users should register and perms should be tweaked so
# that anonymous users can't edit wiki pages and change or create
# tickets. As such, this email verifying code won't be used on them
return template, data, content_type
email = req.session.get('email')
# Only send verification if the user actually entered en email address.
if email and email != req.session.get('email_verification_sent_to'):
req.session['email_verification_token'] = self._gen_token()
req.session['email_verification_sent_to'] = email
mgr = AccountManager(self.env)
mgr._notify(
'email_verification_requested',
req.authname,
req.session['email_verification_token']
)
chrome.add_notice(req, Markup(tag.span(
'An email has been sent to ', email,
' with a token to ',
tag.a(href=req.href.verify_email())(
'verify your new email address'))))
return template, data, content_type
def _write_check(self, log=False):
writable = AccountManager(self.env).supports('set_password')
if not writable and log:
self.log.warn('AccountModule is disabled because the password '
'store does not support writing.')
return writable
def _do_delete(self, req):
user = req.authname
AccountManager(self.env).delete_user(user)
req.redirect(self.env.href.logout())
