def edit_signature(request):
if not request.user.acl['can_have_signature']:
raise Http404()
if request.method == "GET":
read_user_notification(request.user,
'usercp_signature_%s' % request.user.pk)
form = EditSignatureForm(instance=request.user)
if not request.user.is_signature_locked and request.method == 'POST':
form = EditSignatureForm(request.POST, instance=request.user)
if form.is_valid():
set_user_signature(
request, request.user, form.cleaned_data['signature'])
request.user.save(update_fields=[
'signature', 'signature_parsed', 'signature_checksum'
])
if form.cleaned_data['signature']:
messages.success(request, _("Your signature has been edited."))
else:
message = _("Your signature has been cleared.")
messages.success(request, message)
return redirect('misago:usercp_edit_signature')
acl = request.user.acl
editor = Editor(form['signature'],
allow_blocks=acl['allow_signature_blocks'],
allow_links=acl['allow_signature_links'],
allow_images=acl['allow_signature_images'])
return render(request, 'misago/usercp/edit_signature.html',
{'form': form, 'editor': editor})
def edit_signature(request, user):
serializer = EditSignatureSerializer(user, data=request.data)
if serializer.is_valid():
set_user_signature(request, user, serializer.validated_data['signature'])
user.save(update_fields=['signature', 'signature_parsed', 'signature_checksum'])
return get_signature_options(user)
else:
return Response({
'detail': serializer.errors['non_field_errors'][0]
},
status=status.HTTP_400_BAD_REQUEST)
def edit_signature(request, user):
form = EditSignatureForm(request.data, instance=user)
if form.is_valid():
set_user_signature(
request, user, form.cleaned_data['signature'])
user.save(update_fields=[
'signature', 'signature_parsed', 'signature_checksum'
])
return get_signature_options(user)
else:
return Response({'detail': form.non_field_errors()[0]},
status=status.HTTP_400_BAD_REQUEST)
def test_signature_change(self):
"""signature module allows for signature change"""
test_user = UserModel.objects.create_user('Bob', '*****@*****.**', 'pass123')
signatures.set_user_signature(MockRequest(), test_user, '')
self.assertEqual(test_user.signature, '')
self.assertEqual(test_user.signature_parsed, '')
self.assertEqual(test_user.signature_checksum, '')
signatures.set_user_signature(MockRequest(), test_user, 'Hello, world!')
self.assertEqual(test_user.signature, 'Hello, world!')
self.assertEqual(test_user.signature_parsed, '<p>Hello, world!</p>')
self.assertTrue(signatures.is_user_signature_valid(test_user))
test_user.signature_parsed = '<p>Injected evil HTML!</p>'
self.assertFalse(signatures.is_user_signature_valid(test_user))
def moderate_signature(request, user):
return_path = moderation_return_path(request, user)
form = ModerateSignatureForm(instance=user)
if request.method == 'POST':
form = ModerateSignatureForm(request.POST, instance=user)
if form.is_valid():
set_user_signature(request, user, form.cleaned_data['signature'])
user.save(update_fields=(
'signature',
'signature_parsed',
'signature_checksum',
'is_signature_locked',
'signature_lock_user_message',
'signature_lock_staff_message'
))
message = _("%(user)s's signature has been moderated.")
message = message % {'user': user.username}
messages.success(request, message)
notify_user(user,
_("%(user)s has moderated your signature."),
reverse('misago:usercp_edit_signature'),
"usercp_signature_%s" % user.pk,
formats={'user': request.user.username},
sender=request.user)
if 'stay' not in request.POST:
return redirect(return_path)
acl = user.acl
editor = Editor(form['signature'],
allow_blocks=acl['allow_signature_blocks'],
allow_links=acl['allow_signature_links'],
allow_images=acl['allow_signature_images'])
return render(request, 'misago/modusers/signature.html', {
'profile': user,
'form': form,
'editor': editor,
'return_path': return_path
})
def moderate_signature(request, user):
return_path = moderation_return_path(request, user)
form = ModerateSignatureForm(instance=user)
if request.method == 'POST':
form = ModerateSignatureForm(request.POST, instance=user)
if form.is_valid():
set_user_signature(request, user, form.cleaned_data['signature'])
user.save(update_fields=(
'signature',
'signature_parsed',
'signature_checksum',
'is_signature_locked',
'signature_lock_user_message',
'signature_lock_staff_message'
))
message = _("%(user)s's signature has been moderated.")
message = message % {'user': user.username}
messages.success(request, message)
notify_user(user,
_("%(user)s has moderated your signature."),
reverse('misago:usercp_edit_signature'),
"usercp_signature_%s" % user.pk,
formats={'user': request.user.username},
sender=request.user)
if 'stay' not in request.POST:
return redirect(return_path)
acl = user.acl
editor = Editor(form['signature'],
allow_blocks=acl['allow_signature_blocks'],
allow_links=acl['allow_signature_links'],
allow_images=acl['allow_signature_images'])
return render(request, 'misago/modusers/signature.html', {
'profile': user,
'form': form,
'editor': editor,
'return_path': return_path
})
def test_signature_change(self):
"""signature module allows for signature change"""
User = get_user_model()
test_user = User.objects.create_user('Bob', '*****@*****.**', 'pass123')
signatures.set_user_signature(test_user, '')
self.assertEqual(test_user.signature, '')
self.assertEqual(test_user.signature_parsed, '')
self.assertEqual(test_user.signature_checksum, '')
signatures.set_user_signature(test_user, 'Hello, world!')
self.assertEqual(test_user.signature, 'Hello, world!')
self.assertEqual(test_user.signature_parsed, '<p>Hello, world!</p>')
self.assertTrue(signatures.is_user_signature_valid(test_user))
test_user.signature_parsed = '<p>Injected evil HTML!</p>'
self.assertFalse(signatures.is_user_signature_valid(test_user))
def handle_form(self, form, request, target):
target.username = target.old_username
if target.username != form.cleaned_data.get('username'):
target.set_username(form.cleaned_data.get('username'),
changed_by=request.user)
if form.cleaned_data.get('new_password'):
target.set_password(form.cleaned_data['new_password'])
if target.pk == request.user.pk:
start_admin_session(request, target)
update_session_auth_hash(request, target)
if form.cleaned_data.get('email'):
target.set_email(form.cleaned_data['email'])
if target.pk == request.user.pk:
start_admin_session(request, target)
if form.cleaned_data.get('is_avatar_locked'):
if not target.old_is_avatar_locked:
set_dynamic_avatar(target)
if 'is_staff' in form.fields and 'is_superuser' in form.fields:
target.is_staff = form.cleaned_data.get('is_staff')
target.is_superuser = form.cleaned_data.get('is_superuser')
if 'is_active' in form.fields and 'is_active_staff_message' in form.fields:
target.is_active = form.cleaned_data.get('is_active')
target.is_active_staff_message = form.cleaned_data.get(
'is_active_staff_message')
target.rank = form.cleaned_data.get('rank')
target.roles.clear()
target.roles.add(*form.cleaned_data['roles'])
set_user_signature(request, target, form.cleaned_data.get('signature'))
target.update_acl_key()
target.save()
messages.success(request,
self.message_submit % {'user': target.username})
def handle_form(self, form, request, target):
target.username = target.old_username
if target.username != form.cleaned_data.get('username'):
target.set_username(form.cleaned_data.get('username'), changed_by=request.user)
if form.cleaned_data.get('new_password'):
target.set_password(form.cleaned_data['new_password'])
if target.pk == request.user.pk:
start_admin_session(request, target)
update_session_auth_hash(request, target)
if form.cleaned_data.get('email'):
target.set_email(form.cleaned_data['email'])
if target.pk == request.user.pk:
start_admin_session(request, target)
if form.cleaned_data.get('is_avatar_locked'):
if not target.old_is_avatar_locked:
set_dynamic_avatar(target)
if 'is_staff' in form.fields and 'is_superuser' in form.fields:
target.is_staff = form.cleaned_data.get('is_staff')
target.is_superuser = form.cleaned_data.get('is_superuser')
if 'is_active' in form.fields and 'is_active_staff_message' in form.fields:
target.is_active = form.cleaned_data.get('is_active')
target.is_active_staff_message = form.cleaned_data.get('is_active_staff_message')
target.rank = form.cleaned_data.get('rank')
target.roles.clear()
target.roles.add(*form.cleaned_data['roles'])
set_user_signature(request, target, form.cleaned_data.get('signature'))
profilefields.update_user_profile_fields(request, target, form)
target.update_acl_key()
target.save()
messages.success(request, self.message_submit % {'user': target.username})
def handle_form(self, form, request, target):
target.username = target.old_username
if target.username != form.cleaned_data.get('username'):
target.set_username(form.cleaned_data.get('username'),
changed_by=request.user)
if form.cleaned_data.get('new_password'):
target.set_password(form.cleaned_data['new_password'])
if target.pk == request.user.pk:
start_admin_session(request, target)
update_session_auth_hash(request, target)
if form.cleaned_data.get('email'):
target.set_email(form.cleaned_data['email'])
if target.pk == request.user.pk:
start_admin_session(request, target)
if form.cleaned_data.get('is_avatar_locked'):
if not target.old_is_avatar_locked:
set_dynamic_avatar(target)
if 'staff_level' in form.cleaned_data:
target.staff_level = form.cleaned_data['staff_level']
target.rank = form.cleaned_data.get('rank')
if form.cleaned_data.get('roles'):
target.roles.add(*form.cleaned_data['roles'])
set_user_signature(target, form.cleaned_data.get('signature'))
target.update_acl_key()
target.save()
messages.success(
request, self.message_submit % {'user': target.username})