def validate_name_candidate(cls, name): """ Check if a name is available, returning one of several error codes, or None if all is okay: * ``blank``: No name supplied * ``invalid``: Invalid characters in name * ``long``: Name is longer than allowed size * ``reserved``: Name is reserved * ``user``: Name is assigned to a user * ``org``: Name is assigned to an organization """ if not name: return 'blank' elif not valid_username(name): return 'invalid' elif len(name) > cls.__name_length__: return 'long' existing = cls.get(name) if existing: if existing.reserved: return 'reserved' elif existing.user_id: return 'user' elif existing.org_id: return 'org'
def is_valid_name(self, value): if not valid_username(value): return False existing = Name.get(value) if existing and existing.owner != self: return False return True
def validate(self): rv = super(PermissionForm, self).validate() if not rv: return False if not valid_username(self.name.data): self.name.errors.append(_("Name contains invalid characters")) return False existing = Permission.get(name=self.name.data, allusers=True) if existing and existing.id != self.edit_id: self.name.errors.append(_("A global permission with that name already exists")) return False if self.context.data == self.edit_user.buid: existing = Permission.get(name=self.name.data, user=self.edit_user) else: org = Organization.get(buid=self.context.data) if org: existing = Permission.get(name=self.name.data, org=org) else: existing = None if existing and existing.id != self.edit_id: self.name.errors.append(_("You have another permission with the same name")) return False return True
def validate(self): rv = super(PermissionForm, self).validate() if not rv: return False if not valid_username(self.name.data): self.name.errors.append("Name contains invalid characters") return False existing = Permission.get(name=self.name.data, allusers=True) if existing and existing.id != self.edit_id: self.name.errors.append( "A global permission with that name already exists") return False if self.context.data == self.edit_user.userid: existing = Permission.get(name=self.name.data, user=self.edit_user) else: org = Organization.get(userid=self.context.data) if org: existing = Permission.get(name=self.name.data, org=org) else: existing = None if existing and existing.id != self.edit_id: self.name.errors.append( "You have another permission with the same name") return False return True
def validate_name(self, field): if not valid_username(field.data): raise wtforms.ValidationError("Name contains invalid characters.") existing = self.edit_resource.get_action(field.data) if existing and existing.id != self.edit_id: raise wtforms.ValidationError("An action with that name already exists for this resource")
def is_valid_name(self, value): if not valid_username(value): return False existing = AccountName.get(value) if existing and existing.owner != self: return False return True
def validate_name_candidate(cls, name): """ Check if a name is available, returning one of several error codes, or None if all is okay: * ``blank``: No name supplied * ``invalid``: Invalid characters in name * ``long``: AccountName is longer than allowed size * ``reserved``: AccountName is reserved * ``user``: AccountName is assigned to a user * ``org``: AccountName is assigned to an organization """ if not name: return 'blank' elif not valid_username(name): return 'invalid' elif len(name) > cls.__name_length__: return 'long' existing = cls.get(name) if existing: if existing.reserved: return 'reserved' elif existing.user_id: return 'user' elif existing.organization_id: return 'org'
def validate_username(self, field): if field.data in current_app.config['RESERVED_USERNAMES']: raise forms.ValidationError, _("This name is reserved") if not valid_username(field.data): raise forms.ValidationError(_(u"Invalid characters in name. Names must be made of ‘a-z’, ‘0-9’ and ‘-’, without trailing dashes")) existing = User.get(username=field.data) if existing is not None: raise forms.ValidationError(_("This username is taken"))
def permission_validator(form, field): permlist = field.data.split() for perm in permlist: if not valid_username(perm): raise forms.ValidationError( _("Permission ‘{perm}’ is malformed").format(perm=perm)) permlist.sort() field.data = ' '.join(permlist)
def validate_name(self, key, value): if not valid_username(value): raise ValueError("Invalid username: " + value) # We don't check for existence in the db since this validator only # checks for valid syntax. To confirm the name is actually available, # the caller must call :meth:`is_available_name` or attempt to commit # to the db and catch IntegrityError. return value
def validate_name(self, field): if not valid_username(field.data): raise wtforms.ValidationError("Name contains invalid characters.") existing = self.edit_resource.get_action(field.data) if existing and existing.id != self.edit_id: raise wtforms.ValidationError( "An action with that name already exists for this resource")
def validate_username(self, field): if field.data in current_app.config['RESERVED_USERNAMES']: raise forms.ValidationError, _("This name is reserved") if not valid_username(field.data): raise forms.ValidationError( _(u"Invalid characters in name. Names must be made of ‘a-z’, ‘0-9’ and ‘-’, without trailing dashes" )) existing = User.get(username=field.data) if existing is not None: raise forms.ValidationError(_("This username is taken"))
def validate_name(self, field): if not valid_username(field.data): raise wtforms.ValidationError("Name contains invalid characters.") if field.data in resource_registry: raise wtforms.ValidationError("This name is reserved for internal use") existing = Resource.get(name=field.data, client=self.client) if existing and existing.id != self.edit_id: raise wtforms.ValidationError("A resource with that name already exists")
def valid_name(self, value): if not valid_username(value): return False existing = Organization.get(name=value) if existing and existing.id != self.id: return False existing = User.query.filter_by(username=value).first() # Avoid User.get to skip status check if existing: return False return True
def validate_name(self, field): field.data = field.data.lower() if not valid_username(field.data): raise forms.ValidationError(_("Name contains invalid characters")) if field.data in resource_registry: raise forms.ValidationError(_("This name is reserved for internal use")) existing = Resource.get(name=field.data, client=self.client) if existing and existing.id != self.edit_id: raise forms.ValidationError(_("A resource with that name already exists"))
def is_valid_username(self, value): if not valid_username(value): return False existing = User.query.filter( db.or_(User.username == value, User.buid == value)).first() # Avoid User.get to skip status check if existing and existing.id != self.id: return False existing = Organization.get(name=value) if existing: return False return True
def validate_username(self, field): # # Usernames are now mandatory. This should be commented out: # if not field.data: # field.data = None # return field.data = field.data.lower() # Usernames can only be lowercase if not valid_username(field.data): raise forms.ValidationError(_("Usernames can only have alphabets, numbers and dashes (except at the ends)")) if field.data in current_app.config.get('RESERVED_USERNAMES', []): raise forms.ValidationError(_("This name is reserved")) if not self.edit_user.is_valid_username(field.data): raise forms.ValidationError(_("This username is taken"))
def is_valid_username(self, value): if not valid_username(value): return False existing = User.query.filter(db.or_( User.username == value, User.userid == value)).first() # Avoid User.get to skip status check if existing and existing.id != self.id: return False existing = Organization.get(name=value) if existing: return False return True
def validate_name(self, field): if not valid_username(field.data): raise forms.ValidationError(_("Invalid characters in name")) if field.data in current_app.config['RESERVED_USERNAMES']: raise forms.ValidationError(_("This name is reserved")) existing = User.get(username=field.data) if existing is not None: if existing == current_auth.user: raise forms.ValidationError(Markup(_(u"This is <em>your</em> current username. " u'You must change it first from <a href="{profile}">your profile</a> ' u"before you can assign it to an organization").format( profile=url_for('profile')))) else: raise forms.ValidationError(_("This name is taken")) existing = Organization.get(name=field.data) if existing is not None and existing.id != self.edit_id: raise forms.ValidationError(_("This name is taken"))
def is_available_name(cls, name): if valid_username(name) and len(name) <= cls.__name_length__: if cls.query.filter( db.func.lower(cls.name) == db.func.lower(name)).isempty(): return True return False
def login_service_postcallback(service, userdata): """ Called from :func:login_service_callback after receiving data from the upstream login service """ # 1. Check whether we have an existing UserExternalId user, extid, useremail = get_user_extid(service, userdata) # If extid is not None, user.extid == user, guaranteed. # If extid is None but useremail is not None, user == useremail.user # However, if both extid and useremail are present, they may be different users if extid is not None: extid.oauth_token = userdata.get('oauth_token') extid.oauth_token_secret = userdata.get('oauth_token_secret') extid.oauth_token_type = userdata.get('oauth_token_type') extid.username = userdata.get('username') # TODO: Save refresh token and expiry date where present extid.oauth_refresh_token = userdata.get('oauth_refresh_token') extid.oauth_expiry_date = userdata.get('oauth_expiry_date') extid.oauth_refresh_expiry = userdata.get('oauth_refresh_expiry') # TODO: Check this extid.last_used_at = db.func.utcnow() else: # New external id. Register it. extid = UserExternalId( user=user, # This may be None right now. Will be handled below service=service, userid=userdata['userid'], username=userdata.get('username'), oauth_token=userdata.get('oauth_token'), oauth_token_secret=userdata.get('oauth_token_secret'), oauth_token_type=userdata.get('oauth_token_type'), last_used_at=db.func.utcnow() # TODO: Save refresh token ) if user is None: if current_auth: # Attach this id to currently logged-in user user = current_auth.user extid.user = user else: # Register a new user user = register_internal(None, userdata.get('fullname'), None) extid.user = user if userdata.get('username'): if valid_username(userdata['username']) and user.is_valid_name(userdata['username']): # Set a username for this user if it's available user.username = userdata['username'] else: # We have an existing user account from extid or useremail if current_auth and current_auth.user != user: # Woah! Account merger handler required # Always confirm with user before doing an account merger session['merge_buid'] = user.buid elif useremail and useremail.user != user: # Once again, account merger required since the extid and useremail are linked to different users session['merge_buid'] = useremail.user.buid # Check for new email addresses if userdata.get('email') and not useremail: user.add_email(userdata['email']) # If there are multiple email addresses, add any that are not already claimed. # If they are already claimed by another user, this calls for an account merge # request, but we can only merge two users at a time. Ask for a merge if there # isn't already one pending if userdata.get('emails'): for email in userdata['emails']: existing = UserEmail.get(email) if existing: if existing.user != user and 'merge_buid' not in session: session['merge_buid'] = existing.user.buid else: user.add_email(email) if userdata.get('emailclaim'): emailclaim = UserEmailClaim(user=user, email=userdata['emailclaim']) db.session.add(emailclaim) send_email_verify_link(emailclaim) # Is the user's fullname missing? Populate it. if not user.fullname and userdata.get('fullname'): user.fullname = userdata['fullname'] if not current_auth: # If a user isn't already logged in, login now. login_internal(user) flash(_(u"You have logged in via {service}").format(service=login_registry[service].title), 'success') next_url = get_next_url(session=True) db.session.add(extid) # If we made a new extid, add it to the session now db.session.commit() # Finally: set a login method cookie and send user on their way if not current_auth.user.is_profile_complete(): login_next = url_for('.account_new', next=next_url) else: login_next = next_url if 'merge_buid' in session: return set_loginmethod_cookie(redirect(url_for('.account_merge', next=login_next), code=303), service) else: return set_loginmethod_cookie(redirect(login_next, code=303), service)
def is_available_name(cls, name): if valid_username(name) and len(name) <= cls.__name_length__: if cls.query.filter(db.func.lower(cls.name) == db.func.lower(name)).isempty(): return True return False
def login_service_postcallback(service, userdata): """ Called from :func:login_service_callback after receiving data from the upstream login service """ # 1. Check whether we have an existing UserExternalId user, extid, useremail = get_user_extid(service, userdata) # If extid is not None, user.extid == user, guaranteed. # If extid is None but useremail is not None, user == useremail.user # However, if both extid and useremail are present, they may be different users if extid is not None: extid.oauth_token = userdata.get('oauth_token') extid.oauth_token_secret = userdata.get('oauth_token_secret') extid.oauth_token_type = userdata.get('oauth_token_type') extid.username = userdata.get('username') # TODO: Save refresh token and expiry date where present extid.oauth_refresh_token = userdata.get('oauth_refresh_token') extid.oauth_expiry_date = userdata.get('oauth_expiry_date') extid.oauth_refresh_expiry = userdata.get( 'oauth_refresh_expiry') # TODO: Check this extid.last_used_at = db.func.utcnow() else: # New external id. Register it. extid = UserExternalId( user=user, # This may be None right now. Will be handled below service=service, userid=userdata['userid'], username=userdata.get('username'), oauth_token=userdata.get('oauth_token'), oauth_token_secret=userdata.get('oauth_token_secret'), oauth_token_type=userdata.get('oauth_token_type'), last_used_at=db.func.utcnow() # TODO: Save refresh token ) if user is None: if current_auth: # Attach this id to currently logged-in user user = current_auth.user extid.user = user else: # Register a new user user = register_internal(None, userdata.get('fullname'), None) extid.user = user if userdata.get('username'): if valid_username(userdata['username']) and user.is_valid_name( userdata['username']): # Set a username for this user if it's available user.username = userdata['username'] else: # We have an existing user account from extid or useremail if current_auth and current_auth.user != user: # Woah! Account merger handler required # Always confirm with user before doing an account merger session['merge_buid'] = user.buid elif useremail and useremail.user != user: # Once again, account merger required since the extid and useremail are linked to different users session['merge_buid'] = useremail.user.buid # Check for new email addresses if userdata.get('email') and not useremail: user.add_email(userdata['email']) # If there are multiple email addresses, add any that are not already claimed. # If they are already claimed by another user, this calls for an account merge # request, but we can only merge two users at a time. Ask for a merge if there # isn't already one pending if userdata.get('emails'): for email in userdata['emails']: existing = UserEmail.get(email) if existing: if existing.user != user and 'merge_buid' not in session: session['merge_buid'] = existing.user.buid else: user.add_email(email) if userdata.get('emailclaim'): emailclaim = UserEmailClaim(user=user, email=userdata['emailclaim']) db.session.add(emailclaim) send_email_verify_link(emailclaim) # Is the user's fullname missing? Populate it. if not user.fullname and userdata.get('fullname'): user.fullname = userdata['fullname'] if not current_auth: # If a user isn't already logged in, login now. login_internal(user) flash( _("You have logged in via {service}").format( service=login_registry[service].title), 'success', ) next_url = get_next_url(session=True) db.session.add(extid) # If we made a new extid, add it to the session now db.session.commit() # Finally: set a login method cookie and send user on their way if not current_auth.user.is_profile_complete(): login_next = url_for('.account_new', next=next_url) else: login_next = next_url if 'merge_buid' in session: return set_loginmethod_cookie( redirect(url_for('.account_merge', next=login_next), code=303), service) else: return set_loginmethod_cookie(redirect(login_next, code=303), service)
def login_service_postcallback(service, userdata): user, extid, useremail = get_user_extid(service, userdata) if extid is not None: extid.oauth_token = userdata.get("oauth_token") extid.oauth_token_secret = userdata.get("oauth_token_secret") extid.oauth_token_type = userdata.get("oauth_token_type") extid.username = userdata.get("username") # TODO: Save refresh token and expiry date where present extid.oauth_refresh_token = userdata.get("oauth_refresh_token") extid.oauth_expiry_date = userdata.get("oauth_expiry_date") extid.oauth_refresh_expiry = userdata.get("oauth_refresh_expiry") # TODO: Check this else: # New external id. Register it. extid = UserExternalId( user=user, # This may be None right now. Will be handled below service=service, userid=userdata["userid"], username=userdata.get("username"), oauth_token=userdata.get("oauth_token"), oauth_token_secret=userdata.get("oauth_token_secret"), oauth_token_type=userdata.get("oauth_token_type") # TODO: Save refresh token ) db.session.add(extid) if user is None: if g.user: # Attach this id to currently logged-in user user = g.user extid.user = user else: # Register a new user user = register_internal(None, userdata.get("fullname"), None) extid.user = user if userdata.get("username"): if valid_username(userdata["username"]) and user.is_valid_username(userdata["username"]): # Set a username for this user if it's available user.username = userdata["username"] else: # This id is attached to a user if g.user and g.user != user: # Woah! Account merger handler required # Always confirm with user before doing an account merger session["merge_userid"] = user.userid # Check for new email addresses if userdata.get("email") and not useremail: user.add_email(userdata["email"]) # If there are multiple email addresses, add any that are not already claimed. # If they are already claimed by another user, this calls for an account merge # request, but we can only merge two users at a time. Ask for a merge if there # isn't already one pending if userdata.get("emails"): for email in userdata["emails"]: existing = UserEmail.get(email) if existing: if existing.user != user and "merge_userid" not in session: session["merge_userid"] = existing.user.userid else: user.add_email(email) if userdata.get("emailclaim"): emailclaim = UserEmailClaim(user=user, email=userdata["emailclaim"]) db.session.add(emailclaim) send_email_verify_link(emailclaim) # Is the user's fullname missing? Populate it. if not user.fullname and userdata.get("fullname"): user.fullname = userdata["fullname"] if not g.user: # If a user isn't already logged in, login now. login_internal(user) flash(_(u"You have logged in via {service}").format(service=login_registry[service].title), "success") next_url = get_next_url(session=True) db.session.commit() # Finally: set a login method cookie and send user on their way if not user.is_profile_complete(): login_next = url_for(".profile_new", next=next_url) else: login_next = next_url if "merge_userid" in session: return set_loginmethod_cookie(redirect(url_for(".profile_merge", next=login_next), code=303), service) else: return set_loginmethod_cookie(redirect(login_next, code=303), service)