Changeset - 00f883abdb0c
Parent rev.
Child rev.
[Not reviewed]
default
0 1 0
Marcin Kuzminski - 15 years ago 2010-09-05 13:55:47
marcin@python-works.com
fixed a bug when given wrong username at login
broken in last reimplemntation of forms
1 file changed with 1 insertions and 4 deletions:
pylons_app/model/forms.py
1
4
0 comments (0 inline, 0 general)
pylons_app/model/forms.py
Show inline comments
 
@@ -50,101 +50,98 @@ class ValidAuthToken(formencode.validato
 

			




	
	
	
		
 
    def validate_python(self, value, state):

			




	
	
	
		
 

			




	
	
	
		
 
        if value != authentication_token():

			




	
	
	
		
 
            raise formencode.Invalid(self.message('invalid_token', state,

			




	
	
	
		
 
                                            search_number=value), value, state)

			




	
	
	
		
 
            

			




	
	
	
		
 
def ValidUsername(edit, old_data):             

			




	
	
	
		
 
    class _ValidUsername(formencode.validators.FancyValidator):

			




	
	
	
		
 
    

			




	
	
	
		
 
        def validate_python(self, value, state):

			




	
	
	
		
 
            if value in ['default', 'new_user']:

			




	
	
	
		
 
                raise formencode.Invalid(_('Invalid username'), value, state)

			




	
	
	
		
 
            #check if user is uniq

			




	
	
	
		
 
            sa = meta.Session

			




	
	
	
		
 
            old_un = None

			




	
	
	
		
 
            if edit:

			




	
	
	
		
 
                old_un = sa.query(User).get(old_data.get('user_id')).username

			




	
	
	
		
 
                

			




	
	
	
		
 
            if old_un != value or not edit:    

			




	
	
	
		
 
                if sa.query(User).filter(User.username == value).scalar():

			




	
	
	
		
 
                    raise formencode.Invalid(_('This username already exists') ,

			




	
	
	
		
 
                                             value, state)

			




	
	
	
		
 
            meta.Session.remove()

			




	
	
	
		
 
                            

			




	
	
	
		
 
    return _ValidUsername   

			




	
	
	
		
 
    

			




	
	
	
		
 
class ValidPassword(formencode.validators.FancyValidator):

			




	
	
	
		
 
    

			




	
	
	
		
 
    def to_python(self, value, state):

			




	
	
	
		
 
        if value:

			




	
	
	
		
 
            return get_crypt_password(value)

			




	
	
	
		
 
        

			




	
	
	
		
 
class ValidAuth(formencode.validators.FancyValidator):

			




	
	
	
		
 
    messages = {

			




	
	
	
		
 
            'invalid_password':_('invalid password'),

			




	
	
	
		
 
            'invalid_login':_('invalid user name'),

			




	
	
	
		
 
            'disabled_account':_('Your acccount is disabled')

			




	
	
	
		
 
            

			




	
	
	
		
 
            }

			




	
	
	
		
 
    #error mapping

			




	
	
	
		
 
    e_dict = {'username':messages['invalid_login'],

			




	
	
	
		
 
              'password':messages['invalid_password']}

			




	
	
	
		
 
    e_dict_disable = {'username':messages['disabled_account']}

			




	
	
	
		
 
    

			




	
	
	
		
 
    def validate_python(self, value, state):

			




	
	
	
		
 
        password = value['password']

			




	
	
	
		
 
        username = value['username']

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            user = UserModel().get_user_by_name(username)

			




	
	
	
		
 
        except (NoResultFound, MultipleResultsFound, OperationalError) as e:

			




	
	
	
		
 
            log.error(e)

			




	
	
	
		
 
            user = None

			




	
	
	
		
 
        if user is None:

			




	
	
	
		
 
            raise formencode.Invalid(self.message('invalid_password',

			




	
	
	
		
 
                                     state=State_obj), value, state,

			




	
	
	
		
 
                                     error_dict=self.e_dict)            

			




	
	
	
		
 
        if user:

			




	
	
	
		
 
            if user.active:

			




	
	
	
		
 
                if user.username == username and check_password(password, 

			




	
	
	
		
 
                                                                user.password):

			




	
	
	
		
 
                    return value

			




	
	
	
		
 
                else:

			




	
	
	
		
 
                    log.warning('user %s not authenticated', username)

			




	
	
	
		
 
                    raise formencode.Invalid(self.message('invalid_password',

			




	
	
	
		
 
                                             state=State_obj), value, state,

			




	
	
	
		
 
                                             error_dict=self.e_dict)

			




	
	
	
		
 
            else:

			




	
	
	
		
 
                log.warning('user %s is disabled', username)

			




	
	
	
		
 
                raise formencode.Invalid(self.message('disabled_account',

			




	
	
	
		
 
                                         state=State_obj),

			




	
	
	
		
 
                                         value, state,

			




	
	
	
		
 
                                         error_dict=self.e_dict_disable)

			




	
	
	
		
 
                   

			




	
	
	
		
 
class ValidRepoUser(formencode.validators.FancyValidator):

			




	
	
	
		
 
            

			




	
	
	
		
 
    def to_python(self, value, state):

			




	
	
	
		
 
        try:

			




	
	
	
		
 
            self.user_db = meta.Session.query(User)\

			




	
	
	
		
 
                .filter(User.active == True)\

			




	
	
	
		
 
                .filter(User.username == value).one()

			




	
	
	
		
 
        except Exception:

			




	
	
	
		
 
            raise formencode.Invalid(_('This username is not valid'),

			




	
	
	
		
 
                                     value, state)

			




	
	
	
		
 
        finally:

			




	
	
	
		
 
            meta.Session.remove()

			




	
	
	
		
 
                        

			




	
	
	
		
 
        return self.user_db.user_id

			




	
	
	
		
 

			




	
	
	
		
 
def ValidRepoName(edit, old_data):    

			




	
	
	
		
 
    class _ValidRepoName(formencode.validators.FancyValidator):

			




	
	
	
		
 
            

			




	
	
	
		
 
        def to_python(self, value, state):

			




	
	
	
		
 
            slug = h.repo_name_slug(value)

			




	
	
	
		
 
            if slug in ['_admin']:

			




	
	
	
		
 
                raise formencode.Invalid(_('This repository name is disallowed'),

			




	
	
	
		
 
                                         value, state)

			




	
	
	
		
 
            if old_data.get('repo_name') != value or not edit:    

			




	
	
	
		
 
                sa = meta.Session

			




	
	
	
		
 
                if sa.query(Repository).filter(Repository.repo_name == slug).scalar():

			




	
	
	
		
 
                    raise formencode.Invalid(_('This repository already exists') ,

			




	
	
	
		
 
                                             value, state)

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.