def validate_name_candidate(cls, name):
"""
Check if a name is available, returning one of several error codes, or None if all is okay:
* ``blank``: No name supplied
* ``invalid``: Invalid characters in name
* ``long``: Name is longer than allowed size
* ``reserved``: Name is reserved
* ``user``: Name is assigned to a user
* ``org``: Name is assigned to an organization
"""
if not name:
return 'blank'
elif not valid_username(name):
return 'invalid'
elif len(name) > cls.__name_length__:
return 'long'
existing = cls.get(name)
if existing:
if existing.reserved:
return 'reserved'
elif existing.user_id:
return 'user'
elif existing.org_id:
return 'org'
def is_valid_name(self, value):
if not valid_username(value):
return False
existing = Name.get(value)
if existing and existing.owner != self:
return False
return True
def validate(self):
rv = super(PermissionForm, self).validate()
if not rv:
return False
if not valid_username(self.name.data):
self.name.errors.append(_("Name contains invalid characters"))
return False
existing = Permission.get(name=self.name.data, allusers=True)
if existing and existing.id != self.edit_id:
self.name.errors.append(_("A global permission with that name already exists"))
return False
if self.context.data == self.edit_user.buid:
existing = Permission.get(name=self.name.data, user=self.edit_user)
else:
org = Organization.get(buid=self.context.data)
if org:
existing = Permission.get(name=self.name.data, org=org)
else:
existing = None
if existing and existing.id != self.edit_id:
self.name.errors.append(_("You have another permission with the same name"))
return False
return True
def validate(self):
rv = super(PermissionForm, self).validate()
if not rv:
return False
if not valid_username(self.name.data):
self.name.errors.append("Name contains invalid characters")
return False
existing = Permission.get(name=self.name.data, allusers=True)
if existing and existing.id != self.edit_id:
self.name.errors.append(
"A global permission with that name already exists")
return False
if self.context.data == self.edit_user.userid:
existing = Permission.get(name=self.name.data, user=self.edit_user)
else:
org = Organization.get(userid=self.context.data)
if org:
existing = Permission.get(name=self.name.data, org=org)
else:
existing = None
if existing and existing.id != self.edit_id:
self.name.errors.append(
"You have another permission with the same name")
return False
return True
def validate_name(self, field):
if not valid_username(field.data):
raise wtforms.ValidationError("Name contains invalid characters.")
existing = self.edit_resource.get_action(field.data)
if existing and existing.id != self.edit_id:
raise wtforms.ValidationError("An action with that name already exists for this resource")
def is_valid_name(self, value):
if not valid_username(value):
return False
existing = AccountName.get(value)
if existing and existing.owner != self:
return False
return True
def validate_name_candidate(cls, name):
"""
Check if a name is available, returning one of several error codes, or None if all is okay:
* ``blank``: No name supplied
* ``invalid``: Invalid characters in name
* ``long``: AccountName is longer than allowed size
* ``reserved``: AccountName is reserved
* ``user``: AccountName is assigned to a user
* ``org``: AccountName is assigned to an organization
"""
if not name:
return 'blank'
elif not valid_username(name):
return 'invalid'
elif len(name) > cls.__name_length__:
return 'long'
existing = cls.get(name)
if existing:
if existing.reserved:
return 'reserved'
elif existing.user_id:
return 'user'
elif existing.organization_id:
return 'org'
def validate_username(self, field):
if field.data in current_app.config['RESERVED_USERNAMES']:
raise forms.ValidationError, _("This name is reserved")
if not valid_username(field.data):
raise forms.ValidationError(_(u"Invalid characters in name. Names must be made of ‘a-z’, ‘0-9’ and ‘-’, without trailing dashes"))
existing = User.get(username=field.data)
if existing is not None:
raise forms.ValidationError(_("This username is taken"))
def permission_validator(form, field):
permlist = field.data.split()
for perm in permlist:
if not valid_username(perm):
raise forms.ValidationError(
_("Permission ‘{perm}’ is malformed").format(perm=perm))
permlist.sort()
field.data = ' '.join(permlist)
def validate_name(self, key, value):
if not valid_username(value):
raise ValueError("Invalid username: " + value)
# We don't check for existence in the db since this validator only
# checks for valid syntax. To confirm the name is actually available,
# the caller must call :meth:`is_available_name` or attempt to commit
# to the db and catch IntegrityError.
return value
def validate_name(self, field):
if not valid_username(field.data):
raise wtforms.ValidationError("Name contains invalid characters.")
existing = self.edit_resource.get_action(field.data)
if existing and existing.id != self.edit_id:
raise wtforms.ValidationError(
"An action with that name already exists for this resource")
def validate_name(self, key, value):
if not valid_username(value):
raise ValueError("Invalid username: " + value)
# We don't check for existence in the db since this validator only
# checks for valid syntax. To confirm the name is actually available,
# the caller must call :meth:`is_available_name` or attempt to commit
# to the db and catch IntegrityError.
return value
def validate_username(self, field):
if field.data in current_app.config['RESERVED_USERNAMES']:
raise forms.ValidationError, _("This name is reserved")
if not valid_username(field.data):
raise forms.ValidationError(
_(u"Invalid characters in name. Names must be made of ‘a-z’, ‘0-9’ and ‘-’, without trailing dashes"
))
existing = User.get(username=field.data)
if existing is not None:
raise forms.ValidationError(_("This username is taken"))
def validate_name(self, field):
if not valid_username(field.data):
raise wtforms.ValidationError("Name contains invalid characters.")
if field.data in resource_registry:
raise wtforms.ValidationError("This name is reserved for internal use")
existing = Resource.get(name=field.data, client=self.client)
if existing and existing.id != self.edit_id:
raise wtforms.ValidationError("A resource with that name already exists")
def valid_name(self, value):
if not valid_username(value):
return False
existing = Organization.get(name=value)
if existing and existing.id != self.id:
return False
existing = User.query.filter_by(username=value).first() # Avoid User.get to skip status check
if existing:
return False
return True
def valid_name(self, value):
if not valid_username(value):
return False
existing = Organization.get(name=value)
if existing and existing.id != self.id:
return False
existing = User.query.filter_by(username=value).first() # Avoid User.get to skip status check
if existing:
return False
return True
def validate_name(self, field):
field.data = field.data.lower()
if not valid_username(field.data):
raise forms.ValidationError(_("Name contains invalid characters"))
if field.data in resource_registry:
raise forms.ValidationError(_("This name is reserved for internal use"))
existing = Resource.get(name=field.data, client=self.client)
if existing and existing.id != self.edit_id:
raise forms.ValidationError(_("A resource with that name already exists"))
def is_valid_username(self, value):
if not valid_username(value):
return False
existing = User.query.filter(
db.or_(User.username == value, User.buid ==
value)).first() # Avoid User.get to skip status check
if existing and existing.id != self.id:
return False
existing = Organization.get(name=value)
if existing:
return False
return True
def validate_username(self, field):
# # Usernames are now mandatory. This should be commented out:
# if not field.data:
# field.data = None
# return
field.data = field.data.lower() # Usernames can only be lowercase
if not valid_username(field.data):
raise forms.ValidationError(_("Usernames can only have alphabets, numbers and dashes (except at the ends)"))
if field.data in current_app.config.get('RESERVED_USERNAMES', []):
raise forms.ValidationError(_("This name is reserved"))
if not self.edit_user.is_valid_username(field.data):
raise forms.ValidationError(_("This username is taken"))
def is_valid_username(self, value):
if not valid_username(value):
return False
existing = User.query.filter(db.or_(
User.username == value,
User.userid == value)).first() # Avoid User.get to skip status check
if existing and existing.id != self.id:
return False
existing = Organization.get(name=value)
if existing:
return False
return True
def validate_name(self, field):
if not valid_username(field.data):
raise forms.ValidationError(_("Invalid characters in name"))
if field.data in current_app.config['RESERVED_USERNAMES']:
raise forms.ValidationError(_("This name is reserved"))
existing = User.get(username=field.data)
if existing is not None:
if existing == current_auth.user:
raise forms.ValidationError(Markup(_(u"This is <em>your</em> current username. "
u'You must change it first from <a href="{profile}">your profile</a> '
u"before you can assign it to an organization").format(
profile=url_for('profile'))))
else:
raise forms.ValidationError(_("This name is taken"))
existing = Organization.get(name=field.data)
if existing is not None and existing.id != self.edit_id:
raise forms.ValidationError(_("This name is taken"))
def is_available_name(cls, name):
if valid_username(name) and len(name) <= cls.__name_length__:
if cls.query.filter(
db.func.lower(cls.name) == db.func.lower(name)).isempty():
return True
return False
def login_service_postcallback(service, userdata):
"""
Called from :func:login_service_callback after receiving data from the upstream login service
"""
# 1. Check whether we have an existing UserExternalId
user, extid, useremail = get_user_extid(service, userdata)
# If extid is not None, user.extid == user, guaranteed.
# If extid is None but useremail is not None, user == useremail.user
# However, if both extid and useremail are present, they may be different users
if extid is not None:
extid.oauth_token = userdata.get('oauth_token')
extid.oauth_token_secret = userdata.get('oauth_token_secret')
extid.oauth_token_type = userdata.get('oauth_token_type')
extid.username = userdata.get('username')
# TODO: Save refresh token and expiry date where present
extid.oauth_refresh_token = userdata.get('oauth_refresh_token')
extid.oauth_expiry_date = userdata.get('oauth_expiry_date')
extid.oauth_refresh_expiry = userdata.get('oauth_refresh_expiry') # TODO: Check this
extid.last_used_at = db.func.utcnow()
else:
# New external id. Register it.
extid = UserExternalId(
user=user, # This may be None right now. Will be handled below
service=service,
userid=userdata['userid'],
username=userdata.get('username'),
oauth_token=userdata.get('oauth_token'),
oauth_token_secret=userdata.get('oauth_token_secret'),
oauth_token_type=userdata.get('oauth_token_type'),
last_used_at=db.func.utcnow()
# TODO: Save refresh token
)
if user is None:
if current_auth:
# Attach this id to currently logged-in user
user = current_auth.user
extid.user = user
else:
# Register a new user
user = register_internal(None, userdata.get('fullname'), None)
extid.user = user
if userdata.get('username'):
if valid_username(userdata['username']) and user.is_valid_name(userdata['username']):
# Set a username for this user if it's available
user.username = userdata['username']
else: # We have an existing user account from extid or useremail
if current_auth and current_auth.user != user:
# Woah! Account merger handler required
# Always confirm with user before doing an account merger
session['merge_buid'] = user.buid
elif useremail and useremail.user != user:
# Once again, account merger required since the extid and useremail are linked to different users
session['merge_buid'] = useremail.user.buid
# Check for new email addresses
if userdata.get('email') and not useremail:
user.add_email(userdata['email'])
# If there are multiple email addresses, add any that are not already claimed.
# If they are already claimed by another user, this calls for an account merge
# request, but we can only merge two users at a time. Ask for a merge if there
# isn't already one pending
if userdata.get('emails'):
for email in userdata['emails']:
existing = UserEmail.get(email)
if existing:
if existing.user != user and 'merge_buid' not in session:
session['merge_buid'] = existing.user.buid
else:
user.add_email(email)
if userdata.get('emailclaim'):
emailclaim = UserEmailClaim(user=user, email=userdata['emailclaim'])
db.session.add(emailclaim)
send_email_verify_link(emailclaim)
# Is the user's fullname missing? Populate it.
if not user.fullname and userdata.get('fullname'):
user.fullname = userdata['fullname']
if not current_auth: # If a user isn't already logged in, login now.
login_internal(user)
flash(_(u"You have logged in via {service}").format(service=login_registry[service].title), 'success')
next_url = get_next_url(session=True)
db.session.add(extid) # If we made a new extid, add it to the session now
db.session.commit()
# Finally: set a login method cookie and send user on their way
if not current_auth.user.is_profile_complete():
login_next = url_for('.account_new', next=next_url)
else:
login_next = next_url
if 'merge_buid' in session:
return set_loginmethod_cookie(redirect(url_for('.account_merge', next=login_next), code=303), service)
else:
return set_loginmethod_cookie(redirect(login_next, code=303), service)
def is_available_name(cls, name):
if valid_username(name) and len(name) <= cls.__name_length__:
if cls.query.filter(db.func.lower(cls.name) == db.func.lower(name)).isempty():
return True
return False
def login_service_postcallback(service, userdata):
"""
Called from :func:login_service_callback after receiving data from the upstream login service
"""
# 1. Check whether we have an existing UserExternalId
user, extid, useremail = get_user_extid(service, userdata)
# If extid is not None, user.extid == user, guaranteed.
# If extid is None but useremail is not None, user == useremail.user
# However, if both extid and useremail are present, they may be different users
if extid is not None:
extid.oauth_token = userdata.get('oauth_token')
extid.oauth_token_secret = userdata.get('oauth_token_secret')
extid.oauth_token_type = userdata.get('oauth_token_type')
extid.username = userdata.get('username')
# TODO: Save refresh token and expiry date where present
extid.oauth_refresh_token = userdata.get('oauth_refresh_token')
extid.oauth_expiry_date = userdata.get('oauth_expiry_date')
extid.oauth_refresh_expiry = userdata.get(
'oauth_refresh_expiry') # TODO: Check this
extid.last_used_at = db.func.utcnow()
else:
# New external id. Register it.
extid = UserExternalId(
user=user, # This may be None right now. Will be handled below
service=service,
userid=userdata['userid'],
username=userdata.get('username'),
oauth_token=userdata.get('oauth_token'),
oauth_token_secret=userdata.get('oauth_token_secret'),
oauth_token_type=userdata.get('oauth_token_type'),
last_used_at=db.func.utcnow()
# TODO: Save refresh token
)
if user is None:
if current_auth:
# Attach this id to currently logged-in user
user = current_auth.user
extid.user = user
else:
# Register a new user
user = register_internal(None, userdata.get('fullname'), None)
extid.user = user
if userdata.get('username'):
if valid_username(userdata['username']) and user.is_valid_name(
userdata['username']):
# Set a username for this user if it's available
user.username = userdata['username']
else: # We have an existing user account from extid or useremail
if current_auth and current_auth.user != user:
# Woah! Account merger handler required
# Always confirm with user before doing an account merger
session['merge_buid'] = user.buid
elif useremail and useremail.user != user:
# Once again, account merger required since the extid and useremail are linked to different users
session['merge_buid'] = useremail.user.buid
# Check for new email addresses
if userdata.get('email') and not useremail:
user.add_email(userdata['email'])
# If there are multiple email addresses, add any that are not already claimed.
# If they are already claimed by another user, this calls for an account merge
# request, but we can only merge two users at a time. Ask for a merge if there
# isn't already one pending
if userdata.get('emails'):
for email in userdata['emails']:
existing = UserEmail.get(email)
if existing:
if existing.user != user and 'merge_buid' not in session:
session['merge_buid'] = existing.user.buid
else:
user.add_email(email)
if userdata.get('emailclaim'):
emailclaim = UserEmailClaim(user=user, email=userdata['emailclaim'])
db.session.add(emailclaim)
send_email_verify_link(emailclaim)
# Is the user's fullname missing? Populate it.
if not user.fullname and userdata.get('fullname'):
user.fullname = userdata['fullname']
if not current_auth: # If a user isn't already logged in, login now.
login_internal(user)
flash(
_("You have logged in via {service}").format(
service=login_registry[service].title),
'success',
)
next_url = get_next_url(session=True)
db.session.add(extid) # If we made a new extid, add it to the session now
db.session.commit()
# Finally: set a login method cookie and send user on their way
if not current_auth.user.is_profile_complete():
login_next = url_for('.account_new', next=next_url)
else:
login_next = next_url
if 'merge_buid' in session:
return set_loginmethod_cookie(
redirect(url_for('.account_merge', next=login_next), code=303),
service)
else:
return set_loginmethod_cookie(redirect(login_next, code=303), service)
def login_service_postcallback(service, userdata):
user, extid, useremail = get_user_extid(service, userdata)
if extid is not None:
extid.oauth_token = userdata.get("oauth_token")
extid.oauth_token_secret = userdata.get("oauth_token_secret")
extid.oauth_token_type = userdata.get("oauth_token_type")
extid.username = userdata.get("username")
# TODO: Save refresh token and expiry date where present
extid.oauth_refresh_token = userdata.get("oauth_refresh_token")
extid.oauth_expiry_date = userdata.get("oauth_expiry_date")
extid.oauth_refresh_expiry = userdata.get("oauth_refresh_expiry") # TODO: Check this
else:
# New external id. Register it.
extid = UserExternalId(
user=user, # This may be None right now. Will be handled below
service=service,
userid=userdata["userid"],
username=userdata.get("username"),
oauth_token=userdata.get("oauth_token"),
oauth_token_secret=userdata.get("oauth_token_secret"),
oauth_token_type=userdata.get("oauth_token_type")
# TODO: Save refresh token
)
db.session.add(extid)
if user is None:
if g.user:
# Attach this id to currently logged-in user
user = g.user
extid.user = user
else:
# Register a new user
user = register_internal(None, userdata.get("fullname"), None)
extid.user = user
if userdata.get("username"):
if valid_username(userdata["username"]) and user.is_valid_username(userdata["username"]):
# Set a username for this user if it's available
user.username = userdata["username"]
else: # This id is attached to a user
if g.user and g.user != user:
# Woah! Account merger handler required
# Always confirm with user before doing an account merger
session["merge_userid"] = user.userid
# Check for new email addresses
if userdata.get("email") and not useremail:
user.add_email(userdata["email"])
# If there are multiple email addresses, add any that are not already claimed.
# If they are already claimed by another user, this calls for an account merge
# request, but we can only merge two users at a time. Ask for a merge if there
# isn't already one pending
if userdata.get("emails"):
for email in userdata["emails"]:
existing = UserEmail.get(email)
if existing:
if existing.user != user and "merge_userid" not in session:
session["merge_userid"] = existing.user.userid
else:
user.add_email(email)
if userdata.get("emailclaim"):
emailclaim = UserEmailClaim(user=user, email=userdata["emailclaim"])
db.session.add(emailclaim)
send_email_verify_link(emailclaim)
# Is the user's fullname missing? Populate it.
if not user.fullname and userdata.get("fullname"):
user.fullname = userdata["fullname"]
if not g.user: # If a user isn't already logged in, login now.
login_internal(user)
flash(_(u"You have logged in via {service}").format(service=login_registry[service].title), "success")
next_url = get_next_url(session=True)
db.session.commit()
# Finally: set a login method cookie and send user on their way
if not user.is_profile_complete():
login_next = url_for(".profile_new", next=next_url)
else:
login_next = next_url
if "merge_userid" in session:
return set_loginmethod_cookie(redirect(url_for(".profile_merge", next=login_next), code=303), service)
else:
return set_loginmethod_cookie(redirect(login_next, code=303), service)
