def populate_dwids(meta, cursor): """Take some dwids and populate the players table.""" # agh code for x in meta.getElementsByTagName('usermap'): dwid = int(x.getAttribute('id')) dwname = x.getAttribute('user') dwname = re.sub('_', '-', dwname) if hswcutil.player_exists(dwname, cursor): # then add the dwid to the player's line in the player table cursor.execute('UPDATE players set dwid=? where dwname=?', (dwid, dwname)) # else they are probably from last year or dropped or something if dwid_exists(dwid, cursor): cursor.execute('UPDATE dwids set dwid=? where dwname=?', (dwid, dwname)) else: cursor.execute('insert into dwids (dwid, dwname) values (?,?)', (dwid, dwname)) # I think we commit once per loop for locking reasons? dbconn.commit() # actually I think that's it? return
def doProcess(self): """Handle the redirect from the OpenID server. """ oidconsumer = self.getConsumer() # Ask the library to check the response that the server sent # us. Status is a code indicating the response type. info is # either None or a string containing more information about # the return type. # url = 'http://'+self.headers.get('Host')+self.path # rax: hardcoding this for maximum bullshit # this makes me not just a bad programmer but a bad person url = 'http://autumnfox.akrasiac.org/hswc/'+ self.path.strip('/') info = oidconsumer.complete(self.query, url) sreg_resp = None pape_resp = None css_class = 'error' display_identifier = info.getDisplayIdentifier() # There has to be a username. if not display_identifier: self.render('Please enter a Dreamwidth username.', css_class='error', form_contents=('','','','')) return dwname = (display_identifier.split('.')[0]).split('//')[1] openid_url = dwname pending_entry = hswc.retrieve_pending_entry(dwname, cursor) if not pending_entry: self.render('The software choked and lost your preferences, sorry. Kick rax.', css_class='error', form_contents=(dwname,'','','')) return email = pending_entry[1] team = pending_entry[2] flwilling = pending_entry[3] contentnotes = pending_entry[4] hswc.remove_pending_entry(dwname, cursor) dbconn.commit() if info.status == consumer.FAILURE and display_identifier: # In the case of failure, if info is non-None, it is the # URL that we were verifying. We include it in the error # message to help the user figure out what happened. fmt = "Verification of %s failed: %s" message = fmt % (cgi.escape(display_identifier), info.message) elif info.status == consumer.SUCCESS: # Success means that the transaction completed without # error. If info is None, it means that the user cancelled # the verification. css_class = 'alert' # This is a successful verification attempt. Since this # is now a real application, we do stuff with the form data. # Or at least will. fmt = "You have successfully signed up with %s as your identity." message = fmt % (cgi.escape(display_identifier),) # ACTUALLY DO SHIT #sreg_resp = sreg.SRegResponse.fromSuccessResponse(info) #pape_resp = pape.Response.fromSuccessResponse(info) # MAGIC MARKER # If they're not in the database yet at all, add them without a team. # This way they're logged even if their team falls through for some reason # and we can track them down. Plus we can now depend on them existing # for the rest of this code block. if not hswc.player_exists(openid_url, cursor): hswc.add_player_to_players(openid_url, email, contentnotes, cursor) dbconn.commit() teamclean = re.sub('<', '<', team) teamclean = re.sub('>', '>', teamclean) if flwilling == '0': flwilling = 0 if team == 'remove': currentteam = hswc.get_current_team(openid_url, cursor) if not currentteam: self.render('Cannot remove you from no team.', css_class='error', form_contents=(openid_url, email, team, contentnotes)) return currentteamclean = re.sub('<', '<', currentteam) currentteamclean = re.sub('>', '>', currentteamclean) hswc.remove_player_from_team(openid_url, currentteam, cursor) hswc.remove_player(openid_url, cursor) dbconn.commit() self.render('Removed you from team %s and the event.' % currentteamclean, css_class='alert', form_contents=(openid_url, email, team, contentnotes)) return #If the player is already on the team, just update if hswc.player_is_on_team(openid_url, team, cursor): # this got stringified by putting it into the db and taking it out again # THAT'S WHY NOTHING WAS WORKING if not flwilling: # they don't want to be friendleader so nothing changes unless they already are if hswc.get_friendleader(team, cursor) == openid_url: hswc.make_friendleader('', team, cursor) dbconn.commit() self.render('You are no longer the %s friendleader.' % teamclean, css_class='alert', form_contents=(openid_url, email, team, contentnotes)) return hswc.update_player(openid_url, email, contentnotes, team, cursor) dbconn.commit() self.render('No change to team, personal information updated.', css_class='alert', form_contents=(openid_url,email, team, contentnotes)) return else: # they do want to be friendleader so if no one else is, they get the slot if not hswc.team_has_friendleader(team, cursor): hswc.make_friendleader(openid_url, team, cursor) hswc.update_player(openid_url, email, contentnotes, team, cursor) dbconn.commit() self.render('Became friendleader of %s.' % teamclean, css_class='alert', form_contents=(openid_url, email, team, contentnotes)) return else: hswc.update_player(openid_url, email, contentnotes, team, cursor) dbconn.commit() self.render('No change to team, personal information updated.', css_class='alert', form_contents=(openid_url,email, team, contentnotes)) return # Try to add them to whatever team they want to be on. oldteam = hswc.get_current_team(openid_url, cursor) errorstatus = hswc.add_player_to_team(openid_url, team, flwilling, email, contentnotes, cursor) dbconn.commit() teamclean = re.sub('<', '<', team) teamclean = re.sub('>', '>', teamclean) if errorstatus: # some belunkus error got passed back, don't remove from old team self.render(errorstatus, css_class='alert', form_contents=(openid_url, email, team, contentnotes)) return if oldteam: if oldteam != team: hswc.remove_player_from_team(openid_url, oldteam, cursor) dbconn.commit() oldteamclean = re.sub('<', '<', oldteam) oldteamclean = re.sub('>', '>', oldteamclean) self.render('%s added to %s and removed from %s!' % (openid_url, teamclean, oldteamclean), css_class='alert', form_contents=(openid_url, email, team, contentnotes)) return self.render('Added %s to %s!' % (openid_url, teamclean), css_class='alert', form_contents=(openid_url, email, team, contentnotes)) return elif info.status == consumer.CANCEL: # cancelled message = 'Verification cancelled' elif info.status == consumer.SETUP_NEEDED: if info.setup_url: message = '<a href=%s>Setup needed</a>' % ( quoteattr(info.setup_url),) else: # This means auth didn't succeed, but you're welcome to try # non-immediate mode. message = 'Setup needed' else: # Either we don't understand the code or there is no # openid_url included with the error. Give a generic # failure message. The library should supply debug # information in a log. message = 'Verification failed.' self.render(message, css_class, display_identifier, sreg_data=sreg_resp, pape_data=pape_resp)
def doVerify(self): """Process the form submission, initating OpenID verification. """ # First, collect all the data. openid_url = self.query.get('username') openid_url = re.sub('_','-',openid_url) if openid_url: openid_url = openid_url.lower() email = self.query.get('email') team = self.query.get('team') contentnotes = self.query.get('contentnotes') if team: # everything depends on unicode type strings BUT # if someone tries to paste in unicode ship symbols everything goes to hell asciiteam = team.encode('ascii', 'ignore') convertedteam = unicode(asciiteam) if not team == convertedteam: self.render('Please do not use unicode characters in team names.', css_class='error', form_contents=(openid_url,email,team,contentnotes)) return team = hswc.scrub_team(team) if self.query.get('FL') == 'yes': flwilling = 1 else: # if they didn't check anything we assume they do not want to # be a friendleader. that seems best here. flwilling = 0 #contentnotes = self.query.get('content-tags') # You have to even enter the rules check. if not self.query.get('rules-check'): self.render('Please enter the rules check text.', css_class='error', form_contents=(openid_url,email,team,contentnotes)) return # You have to get the rules check right. if (self.query.get('rules-check')).strip() != 'I certify that I have read and will abide by the Rules and Regulations of the 2014 HSWC.': self.render('Please enter the correct rules check text.', css_class='error', form_contents=(openid_url,email,team,contentnotes)) return # There has to be a team name. if not team: self.render('Please enter a team name.', css_class='error', form_contents=(openid_url,email,team,contentnotes)) return if re.search('team', team) or re.search('/', team) or re.search('&', team) or re.search(';', team): self.render('Team formatted incorrectly, see <a href="http://hswc-announce.tumblr.com/post/49934185410/how-to-write-ship-names">How To Format Ship Names</a>.', css_class='error', form_contents=(openid_url,email,team,contentnotes)) return team = hswc.scrub_team(team) if not team: self.render('Please enter a valid team name.', css_class='error', form_contents=(openid_url,email,team,contentnotes)) return # There also has to be an email address! if not email: self.render('Please enter an email address.', css_class='error', form_contents=(openid_url,email,team,contentnotes)) return if not re.match(r'[^@]+@[^@]+\.[^@]+',email): self.render('Please enter a valid email address.', css_class='error', form_contents=(openid_url,email,team,contentnotes)) return # There has to be a username. if not openid_url: self.render('Please enter a Dreamwidth username.', css_class='error', form_contents=(openid_url,email,team,contentnotes)) return # If mode is switch, new players can only join noir, # players on sailing ships can only drop, # players on sinking ships can switch to sailing ones or drop if mode == "switch": if not hswc.player_exists(openid_url, cursor): if not team == 'noir': self.render('Sorry, new players can only join Team Noir at this point.', css_class='error', form_contents=(openid_url,email,team,contentnotes)) return currentteam = hswc.get_current_team(openid_url, cursor) if hswc.is_team_active(currentteam, cursor): print team if not team == 'remove': self.render('Sorry, players on sailing ships can only drop.', css_class='error', form_contents=(openid_url,email,team,contentnotes)) return if not hswc.is_team_active(team, cursor): if not team == 'remove': self.render('Sorry, you can only join a sailing ship.', css_class='error', form_contents=(openid_url,email,team,contentnotes)) return # If mode is drop, all you can do is drop. That's it. # if mode == "drop": if team != 'remove': self.render('Sorry, at this point in the event all you can do is drop.', css_class='error', form_contents=(openid_url,email,team,contentnotes)) return # The team can't be full. if hswc.get_team_members_count(team, cursor) >=13 and team != 'noir' and team != 'abstrata' and team != 'abstrata2' and team != 'abstrata3' and team != 'abstrata4': if not hswc.player_is_on_team(openid_url, team, cursor): self.render('That team is full, sorry. Try signing up for another one!', css_class='error', form_contents=(openid_url,email,team,contentnotes)) return # We want this to go through, so we make an entry in the pending table. hswc.make_pending_entry(openid_url, email, team, flwilling, contentnotes, cursor) dbconn.commit() # Now add the DW part of the string --- we don't want other OpenID # providers because they are cubeless and shall surely be put to # death. openid_url = openid_url + '.dreamwidth.org' # we're not using these parts of the example but I did not strip them # out on the theory that we might end up needing them for some reason #immediate = 'immediate' in self.query #use_sreg = 'use_sreg' in self.query #use_pape = 'use_pape' in self.query #use_stateless = 'use_stateless' in self.query immediate = 0 use_sreg = 0 use_pape = 0 use_stateless = 0 oidconsumer = self.getConsumer(stateless = use_stateless) try: request = oidconsumer.begin(openid_url) except consumer.DiscoveryFailure, exc: fetch_error_string = 'Error in discovery: %s' % ( cgi.escape(str(exc[0]))) self.render(fetch_error_string, css_class='error', form_contents=openid_url)