def lost(request, response):
"""Generates lost password email messages"""
email = request.POST.get('email')
username = request.POST.get('username')
if username:
user = User.find_user(username)
if not user:
raise BadRequest("Unknown user: "******"?pwchange=%s;%s" % (username, verify_code)
context = dict(username=username,
base_url=c.base_url,
change_url=change_url)
send_email_template(user.email,
"Requested password change for " + c.base_url,
"lost_password.txt", context)
elif email:
users = User.find_by_email(email)
context = dict(
email=email,
usernames=[dict(username=user.username) for user in users],
base_url=c.base_url)
send_email_template(email, "Your username for " + c.base_url,
"lost_username.txt", context)
else:
raise BadRequest("Username or email is required.")
return response()
def password_change(request, response):
"""Changes a user's password."""
username = request.kwargs.get('username')
user = User.find_user(username)
if not user:
raise BadRequest("Unknown user: "******"Invalid verification code for password change.")
user.password = User.generate_password(request.POST['newPassword'])
return response()
def import_from_url(request, response):
project_name = request.kwargs['project_name']
url = validate_url(request.body)
try:
resp = httplib2.Http().request(url, method="HEAD")
except httplib2.HttpLib2Error, e:
raise BadRequest(str(e))
def _perform_import(user, project_name, filename, fileobj):
project = get_project(user, user, project_name, clean=True)
if filename.endswith(".tgz") or filename.endswith(".tar.gz"):
func = project.import_tarball
elif filename.endswith(".zip"):
func = project.import_zipfile
else:
raise BadRequest(
"Import only supports .tar.gz, .tgz and .zip at this time.")
func(filename, fileobj)
return
def _split_path(request):
path = request.kwargs['path']
result = path.split('/', 1)
if len(result) < 2:
raise BadRequest("Project and path are both required.")
parts = result[0].partition('+')
if parts[1] == '':
result.insert(0, request.user)
else:
result.insert(0, User.find_user(parts[0]))
result[1] = parts[2]
return result
def keychain_setauth(request, response):
user = request.user
project_name = request.kwargs['project_name']
project = get_project(user, user, project_name)
try:
kcpass = request.POST['kcpass']
atype = request.POST['type']
remote_auth = request.POST['remoteauth']
except KeyError:
raise BadRequest("Request must include kcpass, type and remoteauth.")
if remote_auth != vcs.AUTH_WRITE and remote_auth != vcs.AUTH_BOTH:
raise BadRequest("Remote auth type must be %s or %s" %
(vcs.AUTH_WRITE, vcs.AUTH_BOTH))
keychain = vcs.KeyChain(user, kcpass)
body = ""
if atype == "password":
try:
username = request.POST['username']
password = request.POST['password']
except KeyError:
raise BadRequest("Request must include username and password")
keychain.set_credentials_for_project(project, remote_auth, username,
password)
elif atype == "ssh":
# set the project to use the SSH key and return the public key
body = keychain.set_ssh_for_project(project, remote_auth)[0]
else:
raise BadRequest("auth type must be ssh or password")
response.content_type = "application/json"
response.body = body
return response()
def new_user(request, response):
try:
username = request.kwargs['username']
email = request.POST['email']
password = request.POST['password']
except KeyError:
raise BadRequest("username, email and password are required.")
user = User.create_user(username, password, email)
settings_project = get_project(user, user, "BespinSettings", create=True)
settings_project.install_template('usertemplate')
response.content_type = "application/json"
response.body = "{}"
request.environ['paste.auth_tkt.set_user'](username)
return response()
def install_template(request, response):
user = request.user
project_name = request.kwargs['project_name']
data = simplejson.loads(request.body)
try:
template_name = data['templateName']
except KeyError:
raise BadRequest("templateName not provided in request")
project = get_project(user, user, project_name, create=True)
project.install_template(template_name, data)
response.content_type = "text/plain"
response.body = ""
return response()
def putfile(request, response):
user = request.user
owner, project, path = _split_path(request)
project = get_project(user, owner, project, create=True)
if path.endswith('/'):
if request.body != None and request.body != '':
raise BadRequest(
"Path ended in '/' indicating directory, but request contains "
)
project.create_directory(path)
elif path:
project.save_file(path, request.body)
return response()
def vcs_command(request, response):
user = request.user
project_name = request.kwargs['project_name']
request_info = simplejson.loads(request.body)
args = request_info['command']
log.debug("VCS command: %s", args)
kcpass = request_info.get('kcpass')
try:
taskname = "vcs %s command" % (args[0])
except IndexError:
taskname = "vcs command"
# special support for clone/checkout
if vcs.is_new_project_command(args):
raise BadRequest("Use /vcs/clone/ to create a new project")
else:
project = get_project(user, user, project_name)
jobid = vcs.run_command(user, project, args, kcpass)
response.content_type = "application/json"
response.body = simplejson.dumps(dict(jobid=jobid, taskname=taskname))
return response()
def mobwrite(request, response):
"""Handle a request for mobwrite synchronization.
We talk to mobwrite either in-process for development or using a socket
which would be more common in live."""
question = urllib.unquote(request.body)
# Hmmm do we need to handle 'p' requests? q.py does.
mode = None
if question.find("p=") == 0:
mode = "script"
elif question.find("q=") == 0:
mode = "text"
else:
raise BadRequest("Missing q= or p=")
question = question[2:]
question = "H:" + str(
request.user.username) + ":" + request.remote_addr + "\n" + question
if c.in_process_mobwrite:
worker = InProcessMobwriteWorker()
else:
worker = MobwriteWorkerProxy()
answer = worker.processRequest(question)
if mode == "text":
response.body = answer + "\n\n"
response.content_type = "text/plain"
else:
answer = answer.replace("\\", "\\\\").replace("\"", "\\\"")
answer = answer.replace("\n", "\\n").replace("\r", "\\r")
answer = "mobwrite.callback(\"%s\");" % answer
response.body = answer
response.content_type = "application/javascript"
return response()
def lookup_username(username):
user = User.find_user(username)
if user == None:
raise BadRequest("Username not found: %s" % username)
return user
def validate_url(url):
if not url.startswith("http://") and not url.startswith("https://"):
raise BadRequest("Invalid url: " + url)
return url
resp = httplib2.Http().request(url, method="HEAD")
except httplib2.HttpLib2Error, e:
raise BadRequest(str(e))
# check the content length to see if the user has enough quota
# available before we download the whole file
content_length = resp[0].get("content-length")
if content_length:
content_length = int(content_length)
if not request.user.check_save(content_length):
raise OverQuota()
try:
datafile = urllib2.urlopen(url)
except urllib2.URLError, e:
raise BadRequest(str(e))
tempdatafile = tempfile.NamedTemporaryFile()
tempdatafile.write(datafile.read())
datafile.close()
tempdatafile.seek(0)
url_parts = urlparse(url)
filename = os.path.basename(url_parts[2])
_perform_import(request.user, project_name, filename, tempdatafile)
tempdatafile.close()
return response()
@expose(r'^/project/export/(?P<project_name>.*(\.zip|\.tgz))')
def export_project(request, response):
user = request.user