def agent_status_in_discussion_4(request, test_session, discussion,
participant2_user):
from assembl.models import AgentStatusInDiscussion
accepted_cookies = "ACCEPT_CGU, ACCEPT_SESSION_ON_DISCUSSION"
asid4 = AgentStatusInDiscussion(discussion=discussion,
agent_profile=participant2_user,
accepted_cookies=accepted_cookies)
test_session.add(asid4)
test_session.flush()
def fin():
print 'Finalizer agent_status_in_discussion for participant2_user'
test_session.delete(asid4)
test_session.flush()
request.addfinalizer(fin)
return asid4
def agent_status_in_discussion_2(request, test_session, discussion,
participant2_user):
"""A fixture of agent status in discussion related to participant2_user. The user has not accepted cookies."""
from assembl.models import AgentStatusInDiscussion
accepted_cookies = ""
asid2 = AgentStatusInDiscussion(discussion=discussion,
agent_profile=participant2_user,
accepted_cookies=accepted_cookies)
test_session.add(asid2)
test_session.flush()
def fin():
print 'Finalizer agent_status_in_discussion for participant2_user'
test_session.delete(asid2)
test_session.flush()
request.addfinalizer(fin)
return asid2
def agent_status_in_discussion_user2_visits(request, test_session, discussion,
participant2_user):
from assembl.models import AgentStatusInDiscussion
participant2_user.creation_date = datetime(year=2000, month=1, day=10)
asid = AgentStatusInDiscussion(discussion=discussion,
agent_profile=participant2_user,
first_visit=datetime(year=2000,
month=1,
day=10),
last_visit=datetime(year=2000,
month=1,
day=30))
test_session.add(asid)
test_session.flush()
def fin():
print('Finalizer agent_status_in_discussion for participant2_user')
test_session.delete(asid)
test_session.flush()
request.addfinalizer(fin)
return asid
def assembl_register_view(request):
slug = request.matchdict.get('discussion_slug', "")
next_view = handle_next_view(request)
if not request.params.get('email'):
if request.scheme == "http"\
and asbool(config.get("accept_secure_connection")):
return HTTPFound(get_global_base_url(True) + request.path_qs)
response = get_login_context(request)
return response
forget(request)
session = AgentProfile.default_db
localizer = request.localizer
name = request.params.get('name', '').strip()
if not name or len(name) < 3:
return dict(get_default_context(request),
error=localizer.translate(_(
"Please use a name of at least 3 characters")))
password = request.params.get('password', '').strip()
password2 = request.params.get('password2', '').strip()
email = request.params.get('email', '').strip()
if not is_email(email):
return dict(get_default_context(request),
error=localizer.translate(_(
"This is not a valid email")))
email = EmailString.normalize_email_case(email)
# Find agent account to avoid duplicates!
if session.query(AbstractAgentAccount).filter_by(
email_ci=email, verified=True).count():
return dict(get_default_context(request),
error=localizer.translate(_(
"We already have a user with this email.")))
if password != password2:
return dict(get_default_context(request),
error=localizer.translate(_(
"The passwords should be identical")))
# TODO: Validate password quality
# otherwise create.
validate_registration = asbool(config.get(
'assembl.validate_registration_emails'))
user = User(
name=name,
password=password,
verified=not validate_registration,
creation_date=datetime.utcnow()
)
email_account = EmailAccount(
email=email,
verified=not validate_registration,
profile=user
)
session.add(user)
session.add(email_account)
discussion = discussion_from_request(request)
if discussion:
permissions = get_permissions(Everyone, discussion.id)
if not (P_SELF_REGISTER in permissions or
P_SELF_REGISTER_REQUEST in permissions):
discussion = None
if discussion:
_now = datetime.utcnow()
agent_status = AgentStatusInDiscussion(
agent_profile=user, discussion=discussion,
first_visit=_now, last_visit=_now,
user_created_on_this_discussion=True)
session.add(agent_status)
session.flush()
if not validate_registration:
if asbool(config.get('pyramid.debug_authorization')):
# for debugging purposes
from assembl.auth.password import email_token
print "email token:", request.route_url(
'user_confirm_email', token=email_token(email_account))
headers = remember(request, user.id)
user.last_login = datetime.utcnow()
request.response.headerlist.extend(headers)
if discussion:
maybe_auto_subscribe(user, discussion)
# TODO: Tell them to expect an email.
return HTTPFound(location=next_view)
return HTTPFound(location=maybe_contextual_route(
request, 'confirm_emailid_sent', email_account_id=email_account.id))
def velruse_login_complete_view(request):
# TODO: Write tests. Situations are a combinatorics of the folloing:
# 1. User action:
# A. Social login
# B. Logged in, add social account
# C. Logged in, add email account (does not happen here)
# 2. Is there an existing account with that email?
# A. No.
# B. The social account already exists
# C. A valid email account
# D. An invalid email account, sole account of profile
# E. An invalid email account, but profile has other accounts
# F. A social account from a different provider
# 3. When we're logged in (1B, 1C), is the existing account
# on the logged in profile or another?
# 4. If gmail account, is it an enterprise account?
session = AgentProfile.default_db
context = request.context
now = datetime.utcnow()
velruse_profile = context.profile
discussion = None
slug = request.session.get('discussion', None)
if not slug:
discussion = discussion_from_request(request)
if discussion:
slug = discussion.slug
if slug and not discussion:
discussion = session.query(Discussion).filter_by(slug=slug).first()
next_view = handle_next_view(request, True)
logged_in = authenticated_userid(request)
if logged_in:
logged_in = User.get(logged_in)
base_profile = logged_in
provider = get_identity_provider(request)
# find or create IDP_Accounts
idp_accounts = []
new_idp_account = None
velruse_accounts = velruse_profile['accounts']
old_autoflush = session.autoflush
# sqla mislikes creating accounts before profiles, so delay
session.autoflush = False
# Search for this social account
for velruse_account in velruse_accounts:
if 'userid' in velruse_account:
idp_accounts.extend(
session.query(IdentityProviderAccount).filter_by(
provider=provider,
domain=velruse_account['domain'],
userid=velruse_account['userid']).all())
elif 'username' in velruse_account:
idp_accounts.extend(
session.query(IdentityProviderAccount).filter_by(
provider=provider,
domain=velruse_account['domain'],
username=velruse_account['username']).all())
else:
log.error("account needs username or email" + velruse_account)
raise HTTPServerError("account needs username or userid")
trusted_emails = set()
if idp_accounts:
for idp_account in idp_accounts:
idp_account.profile_info_json = velruse_profile
if len(idp_accounts) > 1:
log.warn("multiple idp_accounts:" +
','.join((a.id for a in idp_accounts)) + " for " +
velruse_accounts)
# We will just the last one from the loop for now.
trusted_emails.update([
a.email for a in idp_accounts
if a.provider.trust_emails and a.email
])
else:
# Create it if not found
idp_class = IdentityProviderAccount
for cls in idp_class.get_subclasses():
if cls == idp_class:
continue
if cls.account_provider_name == provider.name:
idp_class = cls
break
idp_account = idp_class(provider=provider,
profile_info_json=velruse_profile,
domain=velruse_account.get('domain'),
userid=velruse_account.get('userid'),
verified=True,
username=velruse_account.get('username'))
idp_accounts.append(idp_account)
new_idp_account = base_account = idp_account
session.add(idp_account)
for account in idp_accounts:
if account.provider.trust_emails:
profile = (velruse_profile if account == new_idp_account else
account.profile_info_json)
email = profile.get('verifiedEmail', None)
if email:
if account == new_idp_account:
account.email = email
trusted_emails.add(email)
for email in profile.get('emails', ()):
if isinstance(email, dict):
email = email.get('value', None)
if isinstance(email, (str, unicode)) and email:
trusted_emails.add(email)
if account == new_idp_account and not account.email:
account.email = email
# else we have created an email-less account. Treat accordingly.
conflicting_profiles = {a.profile for a in idp_accounts if a.profile}
# Are there other accounts/profiles than the ones we know?
conflicting_accounts = set()
for email in trusted_emails:
other_accounts = session.query(AbstractAgentAccount).filter_by(
email=email)
for account in other_accounts:
conflicting_accounts.add(account)
if account.verified or len(account.profile.accounts) == 1:
conflicting_profiles.add(account.profile)
# choose best known profile for base_account
# prefer profiles with verified users, then users, then oldest profiles
profile_list = list(conflicting_profiles)
profile_list.sort(key=lambda p: (not (isinstance(p, User) and p.verified),
not isinstance(p, User), p.id))
if new_idp_account and profile_list:
base_profile = profile_list[0]
elif not new_idp_account:
# Take first appropriate. Should be the first, somehow not.
for profile in profile_list:
accounts = [a for a in idp_accounts if a.profile == profile]
if accounts:
base_account = accounts[0]
break
if not logged_in:
base_profile = base_account.profile
new_profile = None
if new_idp_account:
if not base_profile:
# Create a new user
base_profile = new_profile = User(name=velruse_profile.get(
'displayName', ''),
verified=True,
creation_date=now)
session.add(new_profile)
# Upgrade a AgentProfile
if not isinstance(base_profile, User):
base_profile = base_profile.change_class(User, None, verified=True)
new_idp_account.profile = base_profile
base_profile.last_login = now
base_profile.verified = True
if not base_profile.name:
base_profile.name = velruse_profile.get('displayName', None)
# TODO (needs parsing)
# base_profile.timezone=velruse_profile['utcOffset']
# Now all accounts have a profile
session.autoflush = old_autoflush
session.flush()
# Merge other profiles with the same (validated) email
# TODO: Ask the user about doing this.
conflicting_profiles.discard(base_profile)
conflicting_accounts.discard(base_account)
for conflicting_profile in conflicting_profiles:
base_profile.merge(conflicting_profile)
session.delete(conflicting_profile)
# If base_profile is still an AgentProfile at this point
# then it needs to be upgraded to a User
if not isinstance(base_profile, User):
base_profile = base_profile.change_class(User,
None,
verified=True,
last_login=now)
# Set username
if not base_profile.username:
username = None
usernames = set((a['preferredUsername'] for a in velruse_accounts
if 'preferredUsername' in a))
for u in usernames:
if not session.query(Username).filter_by(username=u).count():
username = u
break
if username:
session.add(Username(username=username, user=base_profile))
# Create AgentStatusInDiscussion
if new_profile and discussion:
agent_status = AgentStatusInDiscussion(
agent_profile=base_profile,
discussion=discussion,
user_created_on_this_discussion=True)
session.add(agent_status)
if maybe_auto_subscribe(base_profile, discussion):
next_view = "/%s/" % (slug, )
# Delete other (email) accounts
if base_account.provider.trust_emails:
for account in conflicting_accounts:
# Merge may have been confusing
session.expire(account)
account = AbstractAgentAccount.get(account.id)
if account.profile == base_profile:
if account.email == base_account.email:
if isinstance(account, EmailAccount):
account.delete()
if account.verified and account.preferred:
base_account.preferred = True
elif isinstance(account, IdentityProviderAccount):
if account.provider_id == base_account.provider_id:
log.error("This should have been caught earlier")
account.delete()
else:
log.warning("Two accounts with same email," +
"different provider: %d, %d" %
(account.id, base_account.id))
else:
# If they're verified, they should have been merged.
if account.verified:
log.error("account %d should not exist: " % (account.id, ))
else:
other_profile = account.profile
account.delete()
session.flush()
session.expire(other_profile, ["accounts"])
if not len(other_profile.accounts):
log.warning("deleting profile %d" % other_profile.id)
other_profile.delete()
session.expire(base_profile, ['accounts', 'email_accounts'])
# create an email account for other emails.
known_emails = {a.email for a in base_profile.accounts}
for email in trusted_emails:
if email not in known_emails:
email = EmailAccount(email=email,
profile=base_profile,
verified=base_account.provider.trust_emails)
session.add(email)
session.flush()
base_profile.last_login = now
headers = remember(request, base_profile.id)
request.response.headerlist.extend(headers)
if discussion:
request.session['discussion'] = discussion.slug
return HTTPFound(location=next_view)
def assembl_register_view(request):
slug = request.matchdict.get('discussion_slug', "")
p_slug = "/" + slug if slug else ""
next_view = handle_next_view(request)
if not request.params.get('email'):
if request.scheme == "http"\
and asbool(config.get("accept_secure_connection")):
raise HTTPFound("https://" + request.host + request.path_qs)
response = dict(get_default_context(request), slug_prefix=p_slug)
if request.GET.get('error', None):
response['error'] = request.GET['error']
return response
forget(request)
session = AgentProfile.default_db
localizer = request.localizer
name = request.params.get('name', '').strip()
password = request.params.get('password', '').strip()
password2 = request.params.get('password2', '').strip()
email = request.params.get('email', '').strip()
if not is_email(email):
return dict(get_default_context(request),
slug_prefix=p_slug,
error=localizer.translate(_("This is not a valid email")))
# Find agent account to avoid duplicates!
if session.query(AbstractAgentAccount).filter_by(email=email,
verified=True).count():
return dict(get_default_context(request),
slug_prefix=p_slug,
error=localizer.translate(
_("We already have a user with this email.")))
if password != password2:
return dict(get_default_context(request),
slug_prefix=p_slug,
error=localizer.translate(
_("The passwords should be identical")))
# TODO: Validate password quality
# otherwise create.
validate_registration = asbool(
config.get('assembl.validate_registration_emails'))
user = User(name=name,
password=password,
verified=not validate_registration,
creation_date=datetime.utcnow())
email_account = EmailAccount(email=email,
verified=not validate_registration,
profile=user)
session.add(user)
session.add(email_account)
discussion = discussion_from_request(request)
if discussion:
now = datetime.utcnow()
agent_status = AgentStatusInDiscussion(
agent_profile=user,
discussion=discussion,
user_created_on_this_discussion=True)
session.add(agent_status)
session.flush()
if not validate_registration:
if asbool(config.get('pyramid.debug_authorization')):
# for debugging purposes
from assembl.auth.password import email_token
print "email token:", request.route_url(
'user_confirm_email', ticket=email_token(email_account))
headers = remember(request, user.id)
user.last_login = datetime.utcnow()
request.response.headerlist.extend(headers)
# TODO: Tell them to expect an email.
request.session.pop('next_view')
return HTTPFound(location=next_view)
return HTTPFound(location=maybe_contextual_route(
request, 'confirm_emailid_sent', email_account_id=email_account.id))
def assembl_register_user(request):
forget(request)
localizer = request.localizer
session = AgentProfile.default_db
json = request.json
logger = logging.getLogger()
discussion = discussion_from_request(request)
permissions = get_permissions(Everyone,
discussion.id if discussion else None)
name = json.get('real_name', '').strip()
errors = JSONError()
if not name or len(name) < 3:
errors.add_error(
localizer.translate(
_("Please use a name of at least 3 characters")),
ErrorTypes.SHORT_NAME)
password = json.get('password', '').strip()
# TODO: Check password strength. maybe pwdmeter?
email = None
for account in json.get('accounts', ()):
email = account.get('email', None)
if not is_email(email):
errors.add_error(
localizer.translate(_("This is not a valid email")),
ErrorTypes.INVALID_EMAIL)
continue
email = EmailString.normalize_email_case(email)
# Find agent account to avoid duplicates!
if session.query(AbstractAgentAccount).filter_by(
email_ci=email).count():
if not discussion.preferences['generic_errors']:
errors.add_error(
localizer.translate(
_("We already have a user with this email.")),
ErrorTypes.EXISTING_EMAIL, HTTPConflict.code)
else:
errors.add_error(localizer.translate(generic_error_message),
ErrorTypes.GENERIC, HTTPConflict.code)
logger.error(
"[User creation]: We already have a user with this email %s"
% email)
if not email:
errors.add_error(localizer.translate(_("No email.")),
ErrorTypes.INVALID_EMAIL)
username = json.get('username', None)
if username:
if session.query(Username).filter(
func.lower(Username.username) == username.lower()).count():
if not discussion.preferences['generic_errors']:
errors.add_error(
localizer.translate(
_("We already have a user with this username.")),
ErrorTypes.EXISTING_USERNAME, HTTPConflict.code)
else:
errors.add_error(localizer.translate(generic_error_message),
ErrorTypes.GENERIC, HTTPConflict.code)
logger.error("We already have a user with username %s" %
username)
if len(username) > 20:
errors.add_error(
localizer.translate(
_("The username must be less than 20 characters.")),
ErrorTypes.USERNAME_TOO_LONG, HTTPBadRequest.code)
if discussion:
check_subscription = discussion.preferences['whitelist_on_register']
whitelist = discussion.preferences['require_email_domain']
if check_subscription and whitelist:
status = discussion.check_email(email)
if not status:
admin_emails = discussion.get_admin_emails()
num = len(admin_emails)
errors.add_error(
localizer.pluralize(
_("Your email domain has not been approved for registration. Please contact ${emails} for support."
),
_("Your email domain has not been approved for registration. Please contact one of ${emails} for support."
),
num,
mapping={'emails': ", ".join(admin_emails)}))
if errors:
raise errors
# This logic needs to be above the JSONError checks to ensure that whitelisting is applied
# even if the discussion does not have a P_SELF_REGISTER on system.Everyone
if discussion and not (P_SELF_REGISTER in permissions
or P_SELF_REGISTER_REQUEST in permissions):
# Consider it without context
discussion = None
validate_registration = asbool(
config.get('assembl.validate_registration_emails'))
old_autoflush = session.autoflush
session.autoflush = False
try:
now = datetime.utcnow()
user = User(name=name,
password=password,
verified=not validate_registration,
creation_date=now)
session.add(user)
session.flush()
user.update_from_json(json, user_id=user.id)
account = user.accounts[0]
email = account.email
account.verified = not validate_registration
if discussion:
agent_status = AgentStatusInDiscussion(
agent_profile=user,
discussion=discussion,
first_visit=now,
last_visit=now,
user_created_on_this_discussion=True)
session.add(agent_status)
session.flush()
# create the profile fields for custom fields
for global_id, value in json.get('profileFields', {}).iteritems():
configurable_field_id = from_global_id(global_id)[1]
configurable_field = AbstractConfigurableField.get(
configurable_field_id)
profile_field = ProfileField(
agent_profile=user,
configurable_field=configurable_field,
discussion=configurable_field.discussion,
value_data={u'value': value})
session.add(profile_field)
session.flush()
if validate_registration:
send_confirmation_email(request, account)
else:
user.verified = True
for account in user.accounts:
account.verified = True
user.successful_login()
if asbool(config.get('pyramid.debug_authorization')):
# for debugging purposes
from assembl.auth.password import email_token
print "email token:", request.route_url(
'user_confirm_email', token=email_token(account))
if discussion:
check_subscription = discussion.preferences[
'whitelist_on_register']
maybe_auto_subscribe(user,
discussion,
check_authorization=check_subscription)
session.flush()
return CreationResponse(user, Everyone, permissions)
finally:
session.autoflush = old_autoflush
def assembl_register_user(request):
forget(request)
localizer = request.localizer
session = AgentProfile.default_db
json = request.json
discussion = discussion_from_request(request)
permissions = ctx.get_permissions()
name = json.get('real_name', '').strip()
errors = JSONError()
if not name or len(name) < 3:
errors.add_error(localizer.translate(_(
"Please use a name of at least 3 characters")),
ErrorTypes.SHORT_NAME)
password = json.get('password', '').strip()
# TODO: Check password strength. maybe pwdmeter?
email = None
for account in json.get('accounts', ()):
email = account.get('email', None)
if not is_email(email):
errors.add_error(localizer.translate(_(
"This is not a valid email")),
ErrorTypes.INVALID_EMAIL)
continue
email = EmailString.normalize_email_case(email)
# Find agent account to avoid duplicates!
if session.query(AbstractAgentAccount).filter_by(
email_ci=email, verified=True).count():
errors.add_error(localizer.translate(_(
"We already have a user with this email.")),
ErrorTypes.EXISTING_EMAIL,
HTTPConflict.code)
if not email:
errors.add_error(localizer.translate(_("No email.")),
ErrorTypes.INVALID_EMAIL)
username = json.get('username', None)
if username:
if session.query(User).filter_by(
username=username).count():
errors.add_error(localizer.translate(_(
"We already have a user with this username.")),
ErrorTypes.EXISTING_USERNAME,
HTTPConflict.code)
if errors:
raise errors
validate_registration = asbool(settings.get(
'assembl.validate_registration_emails'))
old_autoflush = session.autoflush
session.autoflush = False
try:
now = datetime.utcnow()
user = User(
name=name,
password=password,
verified=not validate_registration,
creation_date=now
)
session.add(user)
session.flush()
user.update_from_json(json, user_id=user.id)
if discussion and not (
P_SELF_REGISTER in permissions or
P_SELF_REGISTER_REQUEST in permissions):
# Consider it without context
discussion = None
if discussion:
agent_status = AgentStatusInDiscussion(
agent_profile=user, discussion=discussion,
first_visit=now, last_visit=now,
user_created_on_this_discussion=True)
session.add(agent_status)
session.flush()
account = user.accounts[0]
email = account.email
account.verified = not validate_registration
if validate_registration:
send_confirmation_email(request, account)
else:
user.verified = True
for account in user.accounts:
account.verified = True
if asbool(settings.get('pyramid.debug_authorization')):
# for debugging purposes
from assembl.auth.password import email_token
log.info("email token: " + request.route_url(
'user_confirm_email', token=email_token(account)))
if discussion:
maybe_auto_subscribe(user, discussion)
session.flush()
return CreationResponse(user, Everyone, permissions)
finally:
session.autoflush = old_autoflush