def list_listinfo(mlist, lang):
# Generate list specific listinfo
doc = HeadlessDocument()
doc.set_language(lang)
replacements = mlist.GetStandardReplacements(lang)
if not mlist.digestable or not mlist.nondigestable:
replacements['<mm-digest-radio-button>'] = ""
replacements['<mm-undigest-radio-button>'] = ""
replacements['<mm-digest-question-start>'] = '<!-- '
replacements['<mm-digest-question-end>'] = ' -->'
else:
replacements['<mm-digest-radio-button>'] = mlist.FormatDigestButton()
replacements['<mm-undigest-radio-button>'] = \
mlist.FormatUndigestButton()
replacements['<mm-digest-question-start>'] = ''
replacements['<mm-digest-question-end>'] = ''
replacements['<mm-plain-digests-button>'] = \
mlist.FormatPlainDigestsButton()
replacements['<mm-mime-digests-button>'] = mlist.FormatMimeDigestsButton()
replacements['<mm-subscribe-box>'] = mlist.FormatBox('email', size=30)
replacements['<mm-subscribe-button>'] = mlist.FormatButton(
'email-button', text=_('Subscribe'))
replacements['<mm-new-password-box>'] = mlist.FormatSecureBox('pw')
replacements['<mm-confirm-password>'] = mlist.FormatSecureBox('pw-conf')
replacements['<mm-subscribe-form-start>'] = mlist.FormatFormStart(
'subscribe')
if mm_cfg.SUBSCRIBE_FORM_SECRET:
now = str(int(time.time()))
replacements['<mm-subscribe-form-start>'] += (
'<input type="hidden" name="sub_form_token" value="%s:%s">\n' %
(now,
Utils.sha_new(
mm_cfg.SUBSCRIBE_FORM_SECRET + now + mlist.internal_name() +
os.environ.get('REMOTE_HOST',
os.environ.get('REMOTE_ADDR', 'w.x.y.z'))).
hexdigest()))
# Roster form substitutions
replacements['<mm-roster-form-start>'] = mlist.FormatFormStart('roster')
replacements['<mm-roster-option>'] = mlist.FormatRosterOptionForUser(lang)
# Options form substitutions
replacements['<mm-options-form-start>'] = mlist.FormatFormStart('options')
replacements['<mm-editing-options>'] = mlist.FormatEditingOption(lang)
replacements['<mm-info-button>'] = SubmitButton(
'UserOptions', _('Edit Options')).Format()
# If only one language is enabled for this mailing list, omit the choice
# buttons.
if len(mlist.GetAvailableLanguages()) == 1:
displang = ''
else:
displang = mlist.FormatButton('displang-button',
text=_("View this page in"))
replacements['<mm-displang-box>'] = displang
replacements['<mm-lang-form-start>'] = mlist.FormatFormStart('listinfo')
replacements['<mm-fullname-box>'] = mlist.FormatBox('fullname', size=30)
# Do the expansion.
doc.AddItem(mlist.ParseTags('listinfo.html', replacements, lang))
print doc.Format()
def create(self, email):
if self.exists:
raise ListAlreadyExists
langs = [mm_cfg.DEFAULT_SERVER_LANGUAGE]
pw = Utils.MakeRandomPassword()
pw_hashed = Utils.sha_new(pw).hexdigest()
urlhost = mm_cfg.DEFAULT_URL_HOST
host_name = mm_cfg.DEFAULT_EMAIL_HOST
web_page_url = mm_cfg.DEFAULT_URL_PATTERN % urlhost
# TODO: Add some atomicity. We should roll back changes using
# a try/else if something (like MTA alias update) fails
# before the function terminates.
try:
oldmask = os.umask(002)
self.mlist.Create(self.name, email, pw_hashed, langs=langs,
emailhost=host_name, urlhost=urlhost)
self.mlist.preferred_language = langs[0]
# Reply-To set to list address
self.mlist.reply_goes_to_list = 2
self.mlist.reply_to_address = "%s@%s" % (self.list, self.domain)
# Allow messages from listname@domain
self.mlist.acceptable_aliases = "%s@%s\n" % (self.list, self.domain)
self.mlist.subject_prefix = "[%s] " % (self.list)
self.mlist.msg_footer = ""
self.mlist.subscribe_policy = 2 # Confirm and approve
self.mlist.max_message_size = 20480 # 20M
self.mlist.Save()
finally:
os.umask(oldmask)
self.mlist.Unlock()
if mm_cfg.MTA:
modname = 'Mailman.MTA.' + mm_cfg.MTA
__import__(modname)
sys.modules[modname].create(self.mlist)
siteowner = Utils.get_site_email(self.mlist.host_name, 'owner')
text = Utils.maketext(
'newlist.txt',
{'listname' : self.name,
'password' : pw,
'admin_url' : self.mlist.GetScriptURL('admin', absolute=1),
'listinfo_url': self.mlist.GetScriptURL('listinfo', absolute=1),
'requestaddr' : self.mlist.GetRequestEmail(),
'siteowner' : siteowner,
}, mlist=self.mlist)
msg = Message.UserNotification(email, siteowner, 'Your new mailing list: %s' % self.name,
text, self.mlist.preferred_language)
msg.send(self.mlist)
def set_list_password(name, password):
'''
Set the list admin password
'''
l = MailList.MailList(name.lower(), lock=0)
if len(password) < 1:
return False, 'Empty passwords are not allowed'
shapassword = Utils.sha_new(password).hexdigest()
l.Lock()
try:
l.password = shapassword
l.Save()
finally:
l.Unlock()
return True
def create_list(listname):
"""Create an email list.
**Method**: POST
**URI**: /v2/lists/<listname>
**Parameters**:
* `admin`: email of list admin
* `password`: list admin password
* `subscribe_policy`: 1) Confirm; 2) Approval; 3)Confirm and approval.
Default is Confirm (1)
* `archive_private`: 0) Public; 1) Private. Default is Public (0) """
admin = request.forms.get('admin')
password = request.forms.get('password')
subscribe_policy = request.forms.get('subscribe_policy', 1)
archive_private = request.forms.get('archive_private', 0)
try:
subscribe_policy = int(subscribe_policy)
archive_private = int(archive_private)
except ValueError:
return jsonify(ERRORS_CODE['InvalidParams'])
if subscribe_policy < 1 or subscribe_policy > 3:
subscribe_policy = 1
if archive_private < 0 or archive_private > 1:
archive_private = 0
result = jsonify(ERRORS_CODE['Ok'])
if password == '':
return jsonify(ERRORS_CODE['InvalidPassword'])
else:
password = Utils.sha_new(password).hexdigest()
mail_list = MailList.MailList()
try:
mail_list.Create(listname, admin, password)
mail_list.archive_private = archive_private
mail_list.subscribe_policy = subscribe_policy
mail_list.Save()
except (Errors.BadListNameError, AssertionError,
Errors.MMBadEmailError, Errors.MMListAlreadyExistsError), e:
result = jsonify(ERRORS_CODE[e.__class__.__name__])
def create_list(listname):
"""Create an email list.
**Method**: PUT
**URI**: /v3/<listname>
**Parameters**:
* `admin`: email of list admin
* `password`: list admin password
* `subscribe_policy`: 1) Confirm; 2) Approval; 3)Confirm and approval.
Default is Confirm (1)
* `archive_private`: 0) Public; 1) Private. Default is Public (0) """
admin = request.forms.get('admin')
password = request.forms.get('password')
subscribe_policy = request.forms.get('subscribe_policy', 1)
archive_private = request.forms.get('archive_private', 0)
try:
subscribe_policy = int(subscribe_policy)
archive_private = int(archive_private)
except ValueError:
return jsonify(ERRORS_CODE['InvalidParams'])
if subscribe_policy < 1 or subscribe_policy > 3:
subscribe_policy = 1
if archive_private < 0 or archive_private > 1:
archive_private = 0
result = jsonify(ERRORS_CODE['Ok'])
if password == '':
return jsonify(ERRORS_CODE['InvalidPassword'])
else:
password = Utils.sha_new(password).hexdigest()
mail_list = MailList.MailList()
try:
mail_list.Create(listname, admin, password)
mail_list.archive_private = archive_private
mail_list.subscribe_policy = subscribe_policy
mail_list.Save()
except (Errors.BadListNameError, AssertionError,
Errors.MMBadEmailError, Errors.MMListAlreadyExistsError), e:
result = jsonify(ERRORS_CODE[e.__class__.__name__])
def process_form(mlist, doc, cgidata, lang):
listowner = mlist.GetOwnerEmail()
realname = mlist.real_name
results = []
# The email address being subscribed, required
email = cgidata.getvalue('email', '').strip()
if not email:
results.append(_('You must supply a valid email address.'))
fullname = cgidata.getvalue('fullname', '')
# Canonicalize the full name
fullname = Utils.canonstr(fullname, lang)
# Who was doing the subscribing?
remote = os.environ.get('HTTP_FORWARDED_FOR',
os.environ.get('HTTP_X_FORWARDED_FOR',
os.environ.get('REMOTE_ADDR',
'unidentified origin')))
# Are we checking the hidden data?
if mm_cfg.SUBSCRIBE_FORM_SECRET:
now = int(time.time())
# Try to accept a range in case of load balancers, etc. (LP: #1447445)
if remote.find('.') >= 0:
# ipv4 - drop last octet
remote1 = remote.rsplit('.', 1)[0]
else:
# ipv6 - drop last 16 (could end with :: in which case we just
# drop one : resulting in an invalid format, but it's only
# for our hash so it doesn't matter.
remote1 = remote.rsplit(':', 1)[0]
try:
ftime, fhash = cgidata.getvalue('sub_form_token', '').split(':')
then = int(ftime)
except ValueError:
ftime = fhash = ''
then = 0
token = Utils.sha_new(mm_cfg.SUBSCRIBE_FORM_SECRET +
ftime +
mlist.internal_name() +
remote1).hexdigest()
if ftime and now - then > mm_cfg.FORM_LIFETIME:
results.append(_('The form is too old. Please GET it again.'))
if ftime and now - then < mm_cfg.SUBSCRIBE_FORM_MIN_TIME:
results.append(
_('Please take a few seconds to fill out the form before submitting it.'))
if ftime and token != fhash:
results.append(
_("The hidden token didn't match. Did your IP change?"))
if not ftime:
results.append(
_('There was no hidden token in your submission or it was corrupted.'))
results.append(_('You must GET the form before submitting it.'))
# Was an attempt made to subscribe the list to itself?
if email == mlist.GetListEmail():
syslog('mischief', 'Attempt to self subscribe %s: %s', email, remote)
results.append(_('You may not subscribe a list to itself!'))
# If the user did not supply a password, generate one for him
password = cgidata.getvalue('pw', '').strip()
confirmed = cgidata.getvalue('pw-conf', '').strip()
if not password and not confirmed:
password = Utils.MakeRandomPassword()
elif not password or not confirmed:
results.append(_('If you supply a password, you must confirm it.'))
elif password <> confirmed:
results.append(_('Your passwords did not match.'))
# Get the digest option for the subscription.
digestflag = cgidata.getvalue('digest')
if digestflag:
try:
digest = int(digestflag)
except (TypeError, ValueError):
digest = 0
else:
digest = mlist.digest_is_default
# Sanity check based on list configuration. BAW: It's actually bogus that
# the page allows you to set the digest flag if you don't really get the
# choice. :/
if not mlist.digestable:
digest = 0
elif not mlist.nondigestable:
digest = 1
if results:
print_results(mlist, ERRORSEP.join(results), doc, lang)
return
# If this list has private rosters, we have to be careful about the
# message that gets printed, otherwise the subscription process can be
# used to mine for list members. It may be inefficient, but it's still
# possible, and that kind of defeats the purpose of private rosters.
# We'll use this string for all successful or unsuccessful subscription
# results.
if mlist.private_roster == 0:
# Public rosters
privacy_results = ''
else:
privacy_results = _("""\
Your subscription request has been received, and will soon be acted upon.
Depending on the configuration of this mailing list, your subscription request
may have to be first confirmed by you via email, or approved by the list
moderator. If confirmation is required, you will soon get a confirmation
email which contains further instructions.""")
try:
userdesc = UserDesc(email, fullname, password, digest, lang)
mlist.AddMember(userdesc, remote)
results = ''
# Check for all the errors that mlist.AddMember can throw options on the
# web page for this cgi
except Errors.MembershipIsBanned:
results = _("""The email address you supplied is banned from this
mailing list. If you think this restriction is erroneous, please
contact the list owners at %(listowner)s.""")
except Errors.MMBadEmailError:
results = _("""\
The email address you supplied is not valid. (E.g. it must contain an
`@'.)""")
except Errors.MMHostileAddress:
results = _("""\
Your subscription is not allowed because the email address you gave is
insecure.""")
except Errors.MMSubscribeNeedsConfirmation:
# Results string depends on whether we have private rosters or not
if privacy_results:
results = privacy_results
else:
results = _("""\
Confirmation from your email address is required, to prevent anyone from
subscribing you without permission. Instructions are being sent to you at
%(email)s. Please note your subscription will not start until you confirm
your subscription.""")
except Errors.MMNeedApproval, x:
# Results string depends on whether we have private rosters or not
if privacy_results:
results = privacy_results
else:
# We need to interpolate into x.__str__()
x = _(str(x))
results = _("""\
Your subscription request was deferred because %(x)s. Your request has been
forwarded to the list moderator. You will receive email informing you of the
moderator's decision when they get to your request.""")
# ipv4 - drop last octet
remote1 = remote.rsplit('.', 1)[0]
else:
# ipv6 - drop last 16 (could end with :: in which case we just
# drop one : resulting in an invalid format, but it's only
# for our hash so it doesn't matter.
remote1 = remote.rsplit(':', 1)[0]
try:
ftime, fcaptcha_idx, fhash = cgidata.getfirst('sub_form_token', '').split(':')
then = int(ftime)
except ValueError:
ftime = fcaptcha_idx = fhash = ''
then = 0
token = Utils.sha_new(mm_cfg.SUBSCRIBE_FORM_SECRET + ":" +
ftime + ":" +
fcaptcha_idx + ":" +
mlist.internal_name() + ":" +
remote1).hexdigest()
if ftime and now - then > mm_cfg.FORM_LIFETIME:
results.append(_('The form is too old. Please GET it again.'))
if ftime and now - then < mm_cfg.SUBSCRIBE_FORM_MIN_TIME:
results.append(
_('Please take a few seconds to fill out the form before submitting it.'))
if ftime and token != fhash:
results.append(
_("The hidden token didn't match. Did your IP change?"))
if not ftime:
results.append(
_('There was no hidden token in your submission or it was corrupted.'))
results.append(_('You must GET the form before submitting it.'))
# Check captcha
def ssha_password(password):
salt = os.urandom(SALT_LENGTH)
h = Utils.sha_new(password)
h.update(salt)
return '{SSHA}' + base64.b64encode(h.digest() + salt)
def sha_password(password):
h = Utils.sha_new(password)
return '{SHA}' + base64.b64encode(h.digest())
def ssha_password(password):
salt = os.urandom(SALT_LENGTH)
h = Utils.sha_new(password)
h.update(salt)
return '{SSHA}' + base64.b64encode(h.digest() + salt)
def sha_password(password):
h = Utils.sha_new(password)
return '{SHA}' + base64.b64encode(h.digest())
def process_form(mlist, doc, cgidata, lang):
listowner = mlist.GetOwnerEmail()
realname = mlist.real_name
results = []
# The email address being subscribed, required
email = cgidata.getvalue('email', '').strip()
if not email:
results.append(_('You must supply a valid email address.'))
fullname = cgidata.getvalue('fullname', '')
# Canonicalize the full name
fullname = Utils.canonstr(fullname, lang)
# Who was doing the subscribing?
remote = os.environ.get(
'REMOTE_HOST', os.environ.get('REMOTE_ADDR', 'unidentified origin'))
# Are we checking the hidden data?
if mm_cfg.SUBSCRIBE_FORM_SECRET:
now = int(time.time())
try:
ftime, fhash = cgidata.getvalue('sub_form_token', '').split(':')
then = int(ftime)
except ValueError:
ftime = fhash = ''
then = now
token = Utils.sha_new(mm_cfg.SUBSCRIBE_FORM_SECRET + ftime +
mlist.internal_name() + remote).hexdigest()
if now - then > mm_cfg.FORM_LIFETIME:
results.append(_('The form is too old. Please GET it again.'))
if now - then < mm_cfg.SUBSCRIBE_FORM_MIN_TIME:
results.append(
_('Please take a few seconds to fill out the form before submitting it.'
))
if token != fhash:
results.append(_('You must GET the form before submitting it.'))
# Was an attempt made to subscribe the list to itself?
if email == mlist.GetListEmail():
syslog('mischief', 'Attempt to self subscribe %s: %s', email, remote)
results.append(_('You may not subscribe a list to itself!'))
# If the user did not supply a password, generate one for him
password = cgidata.getvalue('pw', '').strip()
confirmed = cgidata.getvalue('pw-conf', '').strip()
if not password and not confirmed:
password = Utils.MakeRandomPassword()
elif not password or not confirmed:
results.append(_('If you supply a password, you must confirm it.'))
elif password <> confirmed:
results.append(_('Your passwords did not match.'))
# Get the digest option for the subscription.
digestflag = cgidata.getvalue('digest')
if digestflag:
try:
digest = int(digestflag)
except ValueError:
digest = 0
else:
digest = mlist.digest_is_default
# Sanity check based on list configuration. BAW: It's actually bogus that
# the page allows you to set the digest flag if you don't really get the
# choice. :/
if not mlist.digestable:
digest = 0
elif not mlist.nondigestable:
digest = 1
if results:
print_results(mlist, ERRORSEP.join(results), doc, lang)
return
# If this list has private rosters, we have to be careful about the
# message that gets printed, otherwise the subscription process can be
# used to mine for list members. It may be inefficient, but it's still
# possible, and that kind of defeats the purpose of private rosters.
# We'll use this string for all successful or unsuccessful subscription
# results.
if mlist.private_roster == 0:
# Public rosters
privacy_results = ''
else:
privacy_results = _("""\
Your subscription request has been received, and will soon be acted upon.
Depending on the configuration of this mailing list, your subscription request
may have to be first confirmed by you via email, or approved by the list
moderator. If confirmation is required, you will soon get a confirmation
email which contains further instructions.""")
try:
userdesc = UserDesc(email, fullname, password, digest, lang)
mlist.AddMember(userdesc, remote)
results = ''
# Check for all the errors that mlist.AddMember can throw options on the
# web page for this cgi
except Errors.MembershipIsBanned:
results = _("""The email address you supplied is banned from this
mailing list. If you think this restriction is erroneous, please
contact the list owners at %(listowner)s.""")
except Errors.MMBadEmailError:
results = _("""\
The email address you supplied is not valid. (E.g. it must contain an
`@'.)""")
except Errors.MMHostileAddress:
results = _("""\
Your subscription is not allowed because the email address you gave is
insecure.""")
except Errors.MMSubscribeNeedsConfirmation:
# Results string depends on whether we have private rosters or not
if privacy_results:
results = privacy_results
else:
results = _("""\
Confirmation from your email address is required, to prevent anyone from
subscribing you without permission. Instructions are being sent to you at
%(email)s. Please note your subscription will not start until you confirm
your subscription.""")
except Errors.MMNeedApproval, x:
# Results string depends on whether we have private rosters or not
if privacy_results:
results = privacy_results
else:
# We need to interpolate into x.__str__()
x = _(str(x))
results = _("""\
Your subscription request was deferred because %(x)s. Your request has been
forwarded to the list moderator. You will receive email informing you of the
moderator's decision when they get to your request.""")
def list_listinfo(mlist, lang):
# Generate list specific listinfo
doc = HeadlessDocument()
doc.set_language(lang)
replacements = mlist.GetStandardReplacements(lang)
if not mlist.digestable or not mlist.nondigestable:
replacements['<mm-digest-radio-button>'] = ""
replacements['<mm-undigest-radio-button>'] = ""
replacements['<mm-digest-question-start>'] = '<!-- '
replacements['<mm-digest-question-end>'] = ' -->'
else:
replacements['<mm-digest-radio-button>'] = mlist.FormatDigestButton()
replacements['<mm-undigest-radio-button>'] = \
mlist.FormatUndigestButton()
replacements['<mm-digest-question-start>'] = ''
replacements['<mm-digest-question-end>'] = ''
replacements['<mm-plain-digests-button>'] = \
mlist.FormatPlainDigestsButton()
replacements['<mm-mime-digests-button>'] = mlist.FormatMimeDigestsButton()
replacements['<mm-subscribe-box>'] = mlist.FormatBox('email', size=30)
replacements['<mm-subscribe-button>'] = mlist.FormatButton(
'email-button', text=_('Subscribe'))
replacements['<mm-new-password-box>'] = mlist.FormatSecureBox('pw')
replacements['<mm-confirm-password>'] = mlist.FormatSecureBox('pw-conf')
replacements['<mm-subscribe-form-start>'] = mlist.FormatFormStart(
'subscribe')
if mm_cfg.SUBSCRIBE_FORM_SECRET:
now = str(int(time.time()))
remote = os.environ.get(
'HTTP_FORWARDED_FOR',
os.environ.get('HTTP_X_FORWARDED_FOR',
os.environ.get('REMOTE_ADDR', 'w.x.y.z')))
# Try to accept a range in case of load balancers, etc. (LP: #1447445)
if remote.find('.') >= 0:
# ipv4 - drop last octet
remote = remote.rsplit('.', 1)[0]
else:
# ipv6 - drop last 16 (could end with :: in which case we just
# drop one : resulting in an invalid format, but it's only
# for our hash so it doesn't matter.
remote = remote.rsplit(':', 1)[0]
replacements['<mm-subscribe-form-start>'] += (
'<input type="hidden" name="sub_form_token" value="%s:%s">\n' %
(now,
Utils.sha_new(mm_cfg.SUBSCRIBE_FORM_SECRET + now +
mlist.internal_name() + remote).hexdigest()))
# Roster form substitutions
replacements['<mm-roster-form-start>'] = mlist.FormatFormStart('roster')
replacements['<mm-roster-option>'] = mlist.FormatRosterOptionForUser(lang)
# Options form substitutions
replacements['<mm-options-form-start>'] = mlist.FormatFormStart('options')
replacements['<mm-editing-options>'] = mlist.FormatEditingOption(lang)
replacements['<mm-info-button>'] = SubmitButton(
'UserOptions', _('Edit Options')).Format()
# If only one language is enabled for this mailing list, omit the choice
# buttons.
if len(mlist.GetAvailableLanguages()) == 1:
displang = ''
else:
displang = mlist.FormatButton('displang-button',
text=_("View this page in"))
replacements['<mm-displang-box>'] = displang
replacements['<mm-lang-form-start>'] = mlist.FormatFormStart('listinfo')
replacements['<mm-fullname-box>'] = mlist.FormatBox('fullname', size=30)
# If reCAPTCHA is enabled, display its user interface
if mm_cfg.RECAPTCHA_SITE_KEY:
replacements['<mm-recaptcha-ui>'] = ("""<tr><td> </td><td>
<script src="https://www.google.com/recaptcha/api.js?hl=%s">
</script>
<div class="g-recaptcha" data-sitekey="%s"></div>
</td></tr>""" % (lang, mm_cfg.RECAPTCHA_SITE_KEY))
else:
replacements['<mm-recaptcha-ui>'] = ''
# Do the expansion.
doc.AddItem(mlist.ParseTags('listinfo.html', replacements, lang))
print doc.Format()
def process_form(mlist, doc, cgidata, lang):
listowner = mlist.GetOwnerEmail()
realname = mlist.real_name
results = []
# The email address being subscribed, required
email = cgidata.getfirst('email', '').strip()
if not email:
results.append(_('You must supply a valid email address.'))
fullname = cgidata.getfirst('fullname', '')
# Canonicalize the full name
fullname = Utils.canonstr(fullname, lang)
# Who was doing the subscribing?
remote = os.environ.get('HTTP_FORWARDED_FOR',
os.environ.get('HTTP_X_FORWARDED_FOR',
os.environ.get('REMOTE_ADDR',
'unidentified origin')))
# Check reCAPTCHA submission, if enabled
if mm_cfg.RECAPTCHA_SECRET_KEY:
request = urllib2.Request(
url = 'https://www.google.com/recaptcha/api/siteverify',
data = urllib.urlencode({
'secret': mm_cfg.RECAPTCHA_SECRET_KEY,
'response': cgidata.getvalue('g-recaptcha-response', ''),
'remoteip': remote}))
try:
httpresp = urllib2.urlopen(request)
captcha_response = json.load(httpresp)
httpresp.close()
if not captcha_response['success']:
e_codes = COMMASPACE.join(captcha_response['error-codes'])
results.append(_('reCAPTCHA validation failed: %(e_codes)s'))
except urllib2.URLError as e:
e_reason = e.reason
results.append(_('reCAPTCHA could not be validated: %(e_reason)s'))
# Are we checking the hidden data?
if mm_cfg.SUBSCRIBE_FORM_SECRET:
now = int(time.time())
# Try to accept a range in case of load balancers, etc. (LP: #1447445)
if remote.find('.') >= 0:
# ipv4 - drop last octet
remote1 = remote.rsplit('.', 1)[0]
else:
# ipv6 - drop last 16 (could end with :: in which case we just
# drop one : resulting in an invalid format, but it's only
# for our hash so it doesn't matter.
remote1 = remote.rsplit(':', 1)[0]
try:
ftime, fhash = cgidata.getfirst('sub_form_token', '').split(':')
then = int(ftime)
except ValueError:
ftime = fhash = ''
then = 0
token = Utils.sha_new(mm_cfg.SUBSCRIBE_FORM_SECRET +
ftime +
mlist.internal_name() +
remote1).hexdigest()
if ftime and now - then > mm_cfg.FORM_LIFETIME:
results.append(_('The form is too old. Please GET it again.'))
if ftime and now - then < mm_cfg.SUBSCRIBE_FORM_MIN_TIME:
results.append(
_('Please take a few seconds to fill out the form before submitting it.'))
if ftime and token != fhash:
results.append(
_("The hidden token didn't match. Did your IP change?"))
if not ftime:
results.append(
_('There was no hidden token in your submission or it was corrupted.'))
results.append(_('You must GET the form before submitting it.'))
# Was an attempt made to subscribe the list to itself?
if email == mlist.GetListEmail():
syslog('mischief', 'Attempt to self subscribe %s: %s', email, remote)
results.append(_('You may not subscribe a list to itself!'))
# If the user did not supply a password, generate one for him
password = cgidata.getfirst('pw', '').strip()
confirmed = cgidata.getfirst('pw-conf', '').strip()
if not password and not confirmed:
password = Utils.MakeRandomPassword()
elif not password or not confirmed:
results.append(_('If you supply a password, you must confirm it.'))
elif password <> confirmed:
results.append(_('Your passwords did not match.'))
# Get the digest option for the subscription.
digestflag = cgidata.getfirst('digest')
if digestflag:
try:
digest = int(digestflag)
except (TypeError, ValueError):
digest = 0
else:
digest = mlist.digest_is_default
# Sanity check based on list configuration. BAW: It's actually bogus that
# the page allows you to set the digest flag if you don't really get the
# choice. :/
if not mlist.digestable:
digest = 0
elif not mlist.nondigestable:
digest = 1
if results:
print_results(mlist, ERRORSEP.join(results), doc, lang)
return
# If this list has private rosters, we have to be careful about the
# message that gets printed, otherwise the subscription process can be
# used to mine for list members. It may be inefficient, but it's still
# possible, and that kind of defeats the purpose of private rosters.
# We'll use this string for all successful or unsuccessful subscription
# results.
if mlist.private_roster == 0:
# Public rosters
privacy_results = ''
else:
privacy_results = _("""\
Your subscription request has been received, and will soon be acted upon.
Depending on the configuration of this mailing list, your subscription request
may have to be first confirmed by you via email, or approved by the list
moderator. If confirmation is required, you will soon get a confirmation
email which contains further instructions.""")
try:
userdesc = UserDesc(email, fullname, password, digest, lang)
mlist.AddMember(userdesc, remote)
results = ''
# Check for all the errors that mlist.AddMember can throw options on the
# web page for this cgi
except Errors.MembershipIsBanned:
results = _("""The email address you supplied is banned from this
mailing list. If you think this restriction is erroneous, please
contact the list owners at %(listowner)s.""")
except Errors.MMBadEmailError:
results = _("""\
The email address you supplied is not valid. (E.g. it must contain an
`@'.)""")
except Errors.MMHostileAddress:
results = _("""\
Your subscription is not allowed because the email address you gave is
insecure.""")
except Errors.MMSubscribeNeedsConfirmation:
# Results string depends on whether we have private rosters or not
if privacy_results:
results = privacy_results
else:
results = _("""\
Confirmation from your email address is required, to prevent anyone from
subscribing you without permission. Instructions are being sent to you at
%(email)s. Please note your subscription will not start until you confirm
your subscription.""")
except Errors.MMNeedApproval, x:
# Results string depends on whether we have private rosters or not
if privacy_results:
results = privacy_results
else:
# We need to interpolate into x.__str__()
x = _(str(x))
results = _("""\
Your subscription request was deferred because %(x)s. Your request has been
forwarded to the list moderator. You will receive email informing you of the
moderator's decision when they get to your request.""")
def list_listinfo(mlist, lang):
# Generate list specific listinfo
doc = HeadlessDocument()
doc.set_language(lang)
replacements = mlist.GetStandardReplacements(lang)
if not mlist.digestable or not mlist.nondigestable:
replacements['<mm-digest-radio-button>'] = ""
replacements['<mm-undigest-radio-button>'] = ""
replacements['<mm-digest-question-start>'] = '<!-- '
replacements['<mm-digest-question-end>'] = ' -->'
else:
replacements['<mm-digest-radio-button>'] = mlist.FormatDigestButton()
replacements['<mm-undigest-radio-button>'] = \
mlist.FormatUndigestButton()
replacements['<mm-digest-question-start>'] = ''
replacements['<mm-digest-question-end>'] = ''
replacements['<mm-plain-digests-button>'] = \
mlist.FormatPlainDigestsButton()
replacements['<mm-mime-digests-button>'] = mlist.FormatMimeDigestsButton()
replacements['<mm-subscribe-box>'] = mlist.FormatBox('email', size=30)
replacements['<mm-subscribe-button>'] = mlist.FormatButton(
'email-button', text=_('Subscribe'))
replacements['<mm-new-password-box>'] = mlist.FormatSecureBox('pw')
replacements['<mm-confirm-password>'] = mlist.FormatSecureBox('pw-conf')
replacements['<mm-subscribe-form-start>'] = mlist.FormatFormStart(
'subscribe')
if mm_cfg.SUBSCRIBE_FORM_SECRET:
now = str(int(time.time()))
remote = os.environ.get('REMOTE_HOST',
os.environ.get('REMOTE_ADDR',
'w.x.y.z'))
# Try to accept a range in case of load balancers, etc. (LP: #1447445)
if remote.find('.') >= 0:
# ipv4 - drop last octet
remote = remote.rsplit('.', 1)[0]
else:
# ipv6 - drop last 16 (could end with :: in which case we just
# drop one : resulting in an invalid format, but it's only
# for our hash so it doesn't matter.
remote = remote.rsplit(':', 1)[0]
replacements['<mm-subscribe-form-start>'] += (
'<input type="hidden" name="sub_form_token" value="%s:%s">\n'
% (now, Utils.sha_new(mm_cfg.SUBSCRIBE_FORM_SECRET +
now +
mlist.internal_name() +
remote
).hexdigest()
)
)
# Roster form substitutions
replacements['<mm-roster-form-start>'] = mlist.FormatFormStart('roster')
replacements['<mm-roster-option>'] = mlist.FormatRosterOptionForUser(lang)
# Options form substitutions
replacements['<mm-options-form-start>'] = mlist.FormatFormStart('options')
replacements['<mm-editing-options>'] = mlist.FormatEditingOption(lang)
replacements['<mm-info-button>'] = SubmitButton('UserOptions',
_('Edit Options')).Format()
# If only one language is enabled for this mailing list, omit the choice
# buttons.
if len(mlist.GetAvailableLanguages()) == 1:
displang = ''
else:
displang = mlist.FormatButton('displang-button',
text = _("View this page in"))
replacements['<mm-displang-box>'] = displang
replacements['<mm-lang-form-start>'] = mlist.FormatFormStart('listinfo')
replacements['<mm-fullname-box>'] = mlist.FormatBox('fullname', size=30)
# Do the expansion.
doc.AddItem(mlist.ParseTags('listinfo.html', replacements, lang))
print doc.Format()
