def test_login_succeeds_if_suspension_duration_has_expired(): user_id = db_utils.create_user(password=raw_password, username=user_name) d.engine.execute("UPDATE login SET settings = 's' WHERE userid = %(id)s", id=user_id) release_date = d.convert_unixdate(31, 12, 2015) d.engine.execute("INSERT INTO suspension VALUES (%(id)s, %(reason)s, %(rel)s)", id=user_id, reason='test', rel=release_date) result = login.authenticate_bcrypt(username=user_name, password=raw_password, request=None) assert result == (user_id, None)
def test_login_succeeds_if_suspension_duration_has_expired(): user_id = db_utils.create_user(password=raw_password, username=user_name) release_date = d.convert_unixdate(31, 12, 2015) db_utils.create_suspenduser(userid=user_id, reason="Testing", release=release_date) result = login.authenticate_bcrypt(username=user_name, password=raw_password, request=None) assert result == (user_id, None)
def test_login_succeeds_if_suspension_duration_has_expired(): user_id = db_utils.create_user(password=raw_password, username=user_name) d.engine.execute("UPDATE login SET settings = 's' WHERE userid = %(id)s", id=user_id) release_date = d.convert_unixdate(31, 12, 2015) d.engine.execute( "INSERT INTO suspension VALUES (%(id)s, %(reason)s, %(rel)s)", id=user_id, reason='test', rel=release_date) result = login.authenticate_bcrypt(username=user_name, password=raw_password, request=None) assert result == (user_id, None)
def do_manage(my_userid, userid, username=None, full_name=None, catchphrase=None, birthday=None, gender=None, country=None, remove_social=None, permission_tag=None): """Updates a user's information from the admin user management page. After updating the user it records all the changes into the mod notes. If an argument is None it will not be updated. Args: my_userid (int): ID of user making changes to other user. userid (int): ID of user to modify. username (str): New username for user. Defaults to None. full_name (str): New full name for user. Defaults to None. catchphrase (str): New catchphrase for user. Defaults to None. birthday (str): New birthday for user, in HTML5 date format (ISO 8601 yyyy-mm-dd). Defaults to None. gender (str): New gender for user. Defaults to None. country (str): New country for user. Defaults to None. remove_social (list): Items to remove from the user's social/contact links. Defaults to None. permission_tag (bool): New tagging permission for user. Defaults to None. Returns: Does not return. """ updates = [] # Username if username is not None: login.change_username( acting_user=my_userid, target_user=userid, bypass_limit=True, new_username=username, ) updates.append('- Username: %s' % (username, )) # Full name if full_name is not None: d.engine.execute( "UPDATE profile SET full_name = %(full_name)s WHERE userid = %(user)s", full_name=full_name, user=userid) updates.append('- Full name: %s' % (full_name, )) # Catchphrase if catchphrase is not None: d.engine.execute( "UPDATE profile SET catchphrase = %(catchphrase)s WHERE userid = %(user)s", catchphrase=catchphrase, user=userid) updates.append('- Catchphrase: %s' % (catchphrase, )) # Birthday if birthday is not None: # HTML5 date format is yyyy-mm-dd split = birthday.split("-") if len(split) != 3 or d.convert_unixdate( day=split[2], month=split[1], year=split[0]) is None: raise WeasylError("birthdayInvalid") unixtime = d.convert_unixdate(day=split[2], month=split[1], year=split[0]) age = d.convert_age(unixtime) d.execute("UPDATE userinfo SET birthday = %i WHERE userid = %i", [unixtime, userid]) if age < ratings.EXPLICIT.minimum_age: max_rating = ratings.GENERAL.code rating_flag = "" else: max_rating = ratings.EXPLICIT.code if d.get_rating(userid) > max_rating: d.engine.execute( """ UPDATE profile SET config = REGEXP_REPLACE(config, '[ap]', '', 'g') || %(rating_flag)s WHERE userid = %(user)s """, rating_flag=rating_flag, user=userid, ) d._get_all_config.invalidate(userid) updates.append('- Birthday: %s' % (birthday, )) # Gender if gender is not None: d.engine.execute( "UPDATE userinfo SET gender = %(gender)s WHERE userid = %(user)s", gender=gender, user=userid) updates.append('- Gender: %s' % (gender, )) # Location if country is not None: d.engine.execute( "UPDATE userinfo SET country = %(country)s WHERE userid = %(user)s", country=country, user=userid) updates.append('- Country: %s' % (country, )) # Social and contact links if remove_social: for social_link in remove_social: d.engine.execute( "DELETE FROM user_links WHERE userid = %(userid)s AND link_type = %(link)s", userid=userid, link=social_link) updates.append('- Removed social link for %s' % (social_link, )) # Permissions if permission_tag is not None: if permission_tag: query = ( "UPDATE profile SET config = replace(config, 'g', '') " "WHERE userid = %(user)s AND position('g' in config) != 0") else: query = ("UPDATE profile SET config = config || 'g' " "WHERE userid = %(user)s AND position('g' in config) = 0") if d.engine.execute(query, user=userid).rowcount != 0: updates.append('- Permission to tag: ' + ('yes' if permission_tag else 'no')) d._get_all_config.invalidate(userid) if updates: from weasyl import moderation moderation.note_about(my_userid, userid, 'The following fields were changed:', '\n'.join(updates))
def setusermode(userid, form): form.userid = profile.resolve(None, form.userid, form.username) if not form.userid: raise WeasylError('noUser') form.reason = form.reason.strip() if form.mode == "s": if form.datetype == "r": # Relative date magnitude = int(form.duration) if magnitude < 0: raise WeasylError("releaseInvalid") basedate = datetime.datetime.now() if form.durationunit == "y": basedate += datetime.timedelta(days=magnitude * 365) elif form.durationunit == "m": basedate += datetime.timedelta(days=magnitude * 30) elif form.durationunit == "w": basedate += datetime.timedelta(weeks=magnitude) else: # Catchall, days basedate += datetime.timedelta(days=magnitude) form.release = d.convert_unixdate(basedate.day, basedate.month, basedate.year) else: # Absolute date if datetime.date(int(form.year), int(form.month), int(form.day)) < datetime.date.today(): raise WeasylError("releaseInvalid") form.release = d.convert_unixdate(form.day, form.month, form.year) else: form.release = None if userid not in staff.MODS: raise WeasylError("Unexpected") elif form.userid in staff.MODS: raise WeasylError("InsufficientPermissions") if form.mode == "b": query = d.execute( "UPDATE login SET settings = REPLACE(REPLACE(settings, 'b', ''), 's', '') || 'b' WHERE userid = %i" " RETURNING userid", [form.userid]) if query: d.execute("DELETE FROM permaban WHERE userid = %i", [form.userid]) d.execute("DELETE FROM suspension WHERE userid = %i", [form.userid]) d.execute("INSERT INTO permaban VALUES (%i, '%s')", [form.userid, form.reason]) elif form.mode == "s": if not form.release: raise WeasylError("releaseInvalid") query = d.execute( "UPDATE login SET settings = REPLACE(REPLACE(settings, 'b', ''), 's', '') || 's' WHERE userid = %i" " RETURNING userid", [form.userid]) if query: d.execute("DELETE FROM permaban WHERE userid = %i", [form.userid]) d.execute("DELETE FROM suspension WHERE userid = %i", [form.userid]) d.execute("INSERT INTO suspension VALUES (%i, '%s', %i)", [form.userid, form.reason, form.release]) elif form.mode == "x": query = d.execute("UPDATE login SET settings = REPLACE(REPLACE(settings, 's', ''), 'b', '') WHERE userid = %i", [form.userid]) d.execute("DELETE FROM permaban WHERE userid = %i", [form.userid]) d.execute("DELETE FROM suspension WHERE userid = %i", [form.userid]) action = _mode_to_action_map.get(form.mode) if action is not None: isoformat_release = None message = form.reason if form.release is not None: isoformat_release = d.datetime.datetime.fromtimestamp(form.release).isoformat() message = '#### Release date: %s\n\n%s' % (isoformat_release, message) d.append_to_log( 'staff.actions', userid=userid, action=action, target=form.userid, reason=form.reason, release=isoformat_release) d.get_login_settings.invalidate(form.userid) note_about(userid, form.userid, 'User mode changed: action was %r' % (action,), message)
def setusermode(userid, form): form.userid = profile.resolve(None, form.userid, form.username) if not form.userid: raise WeasylError('noUser') form.reason = form.reason.strip() if form.mode == "s": if form.datetype == "r": # Relative date magnitude = int(form.duration) if magnitude < 0: raise WeasylError("releaseInvalid") basedate = datetime.datetime.now() if form.durationunit == "y": basedate += datetime.timedelta(days=magnitude * 365) elif form.durationunit == "m": basedate += datetime.timedelta(days=magnitude * 30) elif form.durationunit == "w": basedate += datetime.timedelta(weeks=magnitude) else: # Catchall, days basedate += datetime.timedelta(days=magnitude) form.release = d.convert_unixdate(basedate.day, basedate.month, basedate.year) else: # Absolute date if datetime.date(int(form.year), int(form.month), int(form.day)) < datetime.date.today(): raise WeasylError("releaseInvalid") form.release = d.convert_unixdate(form.day, form.month, form.year) else: form.release = None if userid not in staff.MODS: raise WeasylError("Unexpected") elif form.userid in staff.MODS: raise WeasylError("InsufficientPermissions") if form.mode == "b": # Ban user with d.engine.begin() as db: db.execute("DELETE FROM permaban WHERE userid = %(target)s", target=form.userid) db.execute("DELETE FROM suspension WHERE userid = %(target)s", target=form.userid) db.execute("INSERT INTO permaban VALUES (%(target)s, %(reason)s)", target=form.userid, reason=form.reason) elif form.mode == "s": # Suspend user if not form.release: raise WeasylError("releaseInvalid") with d.engine.begin() as db: db.execute("DELETE FROM permaban WHERE userid = %(target)s", target=form.userid) db.execute("DELETE FROM suspension WHERE userid = %(target)s", target=form.userid) db.execute("INSERT INTO suspension VALUES (%(target)s, %(reason)s, %(release)s)", target=form.userid, reason=form.reason, release=form.release) elif form.mode == "x": # Unban/Unsuspend with d.engine.begin() as db: db.execute("DELETE FROM permaban WHERE userid = %(target)s", target=form.userid) db.execute("DELETE FROM suspension WHERE userid = %(target)s", target=form.userid) action = _mode_to_action_map.get(form.mode) if action is not None: isoformat_release = None message = form.reason if form.release is not None: isoformat_release = d.datetime.datetime.fromtimestamp(form.release).isoformat() message = '#### Release date: %s\n\n%s' % (isoformat_release, message) d.append_to_log( 'staff.actions', userid=userid, action=action, target=form.userid, reason=form.reason, release=isoformat_release) d._get_all_config.invalidate(form.userid) note_about(userid, form.userid, 'User mode changed: action was %r' % (action,), message)
def setusermode(userid, form): form.userid = profile.resolve(None, form.userid, form.username) if not form.userid: raise WeasylError('noUser') form.reason = form.reason.strip() if form.mode == "s": if form.datetype == "r": # Relative date magnitude = int(form.duration) if magnitude < 0: raise WeasylError("releaseInvalid") basedate = datetime.datetime.now() if form.durationunit == "y": basedate += datetime.timedelta(days=magnitude * 365) elif form.durationunit == "m": basedate += datetime.timedelta(days=magnitude * 30) elif form.durationunit == "w": basedate += datetime.timedelta(weeks=magnitude) else: # Catchall, days basedate += datetime.timedelta(days=magnitude) form.release = d.convert_unixdate(basedate.day, basedate.month, basedate.year) else: # Absolute date if datetime.date(int(form.year), int(form.month), int( form.day)) < datetime.date.today(): raise WeasylError("releaseInvalid") form.release = d.convert_unixdate(form.day, form.month, form.year) else: form.release = None if userid not in staff.MODS: raise WeasylError("Unexpected") elif form.userid in staff.MODS: raise WeasylError("InsufficientPermissions") if form.mode == "b": query = d.execute( "UPDATE login SET settings = REPLACE(REPLACE(settings, 'b', ''), 's', '') || 'b' WHERE userid = %i" " RETURNING userid", [form.userid]) if query: d.execute("DELETE FROM permaban WHERE userid = %i", [form.userid]) d.execute("DELETE FROM suspension WHERE userid = %i", [form.userid]) d.execute("INSERT INTO permaban VALUES (%i, '%s')", [form.userid, form.reason]) elif form.mode == "s": if not form.release: raise WeasylError("releaseInvalid") query = d.execute( "UPDATE login SET settings = REPLACE(REPLACE(settings, 'b', ''), 's', '') || 's' WHERE userid = %i" " RETURNING userid", [form.userid]) if query: d.execute("DELETE FROM permaban WHERE userid = %i", [form.userid]) d.execute("DELETE FROM suspension WHERE userid = %i", [form.userid]) d.execute("INSERT INTO suspension VALUES (%i, '%s', %i)", [form.userid, form.reason, form.release]) elif form.mode == "x": query = d.execute( "UPDATE login SET settings = REPLACE(REPLACE(settings, 's', ''), 'b', '') WHERE userid = %i", [form.userid]) d.execute("DELETE FROM permaban WHERE userid = %i", [form.userid]) d.execute("DELETE FROM suspension WHERE userid = %i", [form.userid]) action = _mode_to_action_map.get(form.mode) if action is not None: isoformat_release = None message = form.reason if form.release is not None: isoformat_release = d.datetime.datetime.fromtimestamp( form.release).isoformat() message = '#### Release date: %s\n\n%s' % (isoformat_release, message) d.append_to_log('staff.actions', userid=userid, action=action, target=form.userid, reason=form.reason, release=isoformat_release) d.get_login_settings.invalidate(form.userid) note_about(userid, form.userid, 'User mode changed: action was %r' % (action, ), message)