Changeset - 1e079752b756
Parent rev.
Child rev.
[Not reviewed]
stable
0 1 0
Andrew Shadura - 11 years ago 2015-05-16 16:37:17
andrew@shadura.me
privacy: on password reset, don't tell strangers if email is valid or not

Password reset form might be used to check if users with specific email
addresses have accounts in the system by requesting their password to be
reset. It's probably not a good idea to give this sort of information to
complete strangers.
1 file changed with 1 insertions and 1 deletions:
kallithea/model/forms.py
1
1
0 comments (0 inline, 0 general)
kallithea/model/forms.py
Show inline comments
 
@@ -109,193 +109,193 @@ def UserForm(edit=False, old_data={}):
 
            )
 
            password_confirmation = All(
 
                v.ValidPassword(),
 
                v.UnicodeString(strip=False, min=6, not_empty=False)
 
            )
 

			




	
	
	
		
 
        active = v.StringBoolean(if_missing=False)

			




	
	
	
		
 
        firstname = v.UnicodeString(strip=True, min=1, not_empty=False)

			




	
	
	
		
 
        lastname = v.UnicodeString(strip=True, min=1, not_empty=False)

			




	
	
	
		
 
        email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))

			




	
	
	
		
 
        extern_name = v.UnicodeString(strip=True)

			




	
	
	
		
 
        extern_type = v.UnicodeString(strip=True)

			




	
	
	
		
 
        chained_validators = [v.ValidPasswordsMatch()]

			




	
	
	
		
 
    return _UserForm

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def UserGroupForm(edit=False, old_data={}, available_members=[]):

			




	
	
	
		
 
    class _UserGroupForm(formencode.Schema):

			




	
	
	
		
 
        allow_extra_fields = True

			




	
	
	
		
 
        filter_extra_fields = True

			




	
	
	
		
 

			




	
	
	
		
 
        users_group_name = All(

			




	
	
	
		
 
            v.UnicodeString(strip=True, min=1, not_empty=True),

			




	
	
	
		
 
            v.ValidUserGroup(edit, old_data)

			




	
	
	
		
 
        )

			




	
	
	
		
 
        user_group_description = v.UnicodeString(strip=True, min=1,

			




	
	
	
		
 
                                                 not_empty=False)

			




	
	
	
		
 

			




	
	
	
		
 
        users_group_active = v.StringBoolean(if_missing=False)

			




	
	
	
		
 

			




	
	
	
		
 
        if edit:

			




	
	
	
		
 
            users_group_members = v.OneOf(

			




	
	
	
		
 
                available_members, hideList=False, testValueList=True,

			




	
	
	
		
 
                if_missing=None, not_empty=False

			




	
	
	
		
 
            )

			




	
	
	
		
 

			




	
	
	
		
 
    return _UserGroupForm

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def RepoGroupForm(edit=False, old_data={}, available_groups=[],

			




	
	
	
		
 
                   can_create_in_root=False):

			




	
	
	
		
 
    class _RepoGroupForm(formencode.Schema):

			




	
	
	
		
 
        allow_extra_fields = True

			




	
	
	
		
 
        filter_extra_fields = False

			




	
	
	
		
 

			




	
	
	
		
 
        group_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),

			




	
	
	
		
 
                         v.SlugifyName(),

			




	
	
	
		
 
                         v.ValidRegex(msg=_('Name must not contain only digits'))(r'(?!^\d+$)^.+$'))

			




	
	
	
		
 
        group_description = v.UnicodeString(strip=True, min=1,

			




	
	
	
		
 
                                            not_empty=False)

			




	
	
	
		
 
        group_copy_permissions = v.StringBoolean(if_missing=False)

			




	
	
	
		
 

			




	
	
	
		
 
        if edit:

			




	
	
	
		
 
            #FIXME: do a special check that we cannot move a group to one of

			




	
	
	
		
 
            #its children

			




	
	
	
		
 
            pass

			




	
	
	
		
 
        group_parent_id = All(v.CanCreateGroup(can_create_in_root),

			




	
	
	
		
 
                              v.OneOf(available_groups, hideList=False,

			




	
	
	
		
 
                                      testValueList=True,

			




	
	
	
		
 
                                      if_missing=None, not_empty=True))

			




	
	
	
		
 
        enable_locking = v.StringBoolean(if_missing=False)

			




	
	
	
		
 
        chained_validators = [v.ValidRepoGroup(edit, old_data)]

			




	
	
	
		
 

			




	
	
	
		
 
    return _RepoGroupForm

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def RegisterForm(edit=False, old_data={}):

			




	
	
	
		
 
    class _RegisterForm(formencode.Schema):

			




	
	
	
		
 
        allow_extra_fields = True

			




	
	
	
		
 
        filter_extra_fields = True

			




	
	
	
		
 
        username = All(

			




	
	
	
		
 
            v.ValidUsername(edit, old_data),

			




	
	
	
		
 
            v.UnicodeString(strip=True, min=1, not_empty=True)

			




	
	
	
		
 
        )

			




	
	
	
		
 
        password = All(

			




	
	
	
		
 
            v.ValidPassword(),

			




	
	
	
		
 
            v.UnicodeString(strip=False, min=6, not_empty=True)

			




	
	
	
		
 
        )

			




	
	
	
		
 
        password_confirmation = All(

			




	
	
	
		
 
            v.ValidPassword(),

			




	
	
	
		
 
            v.UnicodeString(strip=False, min=6, not_empty=True)

			




	
	
	
		
 
        )

			




	
	
	
		
 
        active = v.StringBoolean(if_missing=False)

			




	
	
	
		
 
        firstname = v.UnicodeString(strip=True, min=1, not_empty=False)

			




	
	
	
		
 
        lastname = v.UnicodeString(strip=True, min=1, not_empty=False)

			




	
	
	
		
 
        email = All(v.Email(not_empty=True), v.UniqSystemEmail(old_data))

			




	
	
	
		
 

			




	
	
	
		
 
        chained_validators = [v.ValidPasswordsMatch()]

			




	
	
	
		
 

			




	
	
	
		
 
    return _RegisterForm

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def PasswordResetForm():

			




	
	
	
		
 
    class _PasswordResetForm(formencode.Schema):

			




	
	
	
		
 
        allow_extra_fields = True

			




	
	
	
		
 
        filter_extra_fields = True

			




	
	
	
		
 
        email = All(v.ValidSystemEmail(), v.Email(not_empty=True))

			




	
	
	
		
 
        email = v.Email(not_empty=True)

			




	
	
	
		
 
    return _PasswordResetForm

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def RepoForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),

			




	
	
	
		
 
             repo_groups=[], landing_revs=[]):

			




	
	
	
		
 
    class _RepoForm(formencode.Schema):

			




	
	
	
		
 
        allow_extra_fields = True

			




	
	
	
		
 
        filter_extra_fields = False

			




	
	
	
		
 
        repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),

			




	
	
	
		
 
                        v.SlugifyName())

			




	
	
	
		
 
        repo_group = All(v.CanWriteGroup(old_data),

			




	
	
	
		
 
                         v.OneOf(repo_groups, hideList=True))

			




	
	
	
		
 
        repo_type = v.OneOf(supported_backends, required=False,

			




	
	
	
		
 
                            if_missing=old_data.get('repo_type'))

			




	
	
	
		
 
        repo_description = v.UnicodeString(strip=True, min=1, not_empty=False)

			




	
	
	
		
 
        repo_private = v.StringBoolean(if_missing=False)

			




	
	
	
		
 
        repo_landing_rev = v.OneOf(landing_revs, hideList=True)

			




	
	
	
		
 
        repo_copy_permissions = v.StringBoolean(if_missing=False)

			




	
	
	
		
 
        clone_uri = All(v.UnicodeString(strip=True, min=1, not_empty=False))

			




	
	
	
		
 

			




	
	
	
		
 
        repo_enable_statistics = v.StringBoolean(if_missing=False)

			




	
	
	
		
 
        repo_enable_downloads = v.StringBoolean(if_missing=False)

			




	
	
	
		
 
        repo_enable_locking = v.StringBoolean(if_missing=False)

			




	
	
	
		
 

			




	
	
	
		
 
        if edit:

			




	
	
	
		
 
            #this is repo owner

			




	
	
	
		
 
            user = All(v.UnicodeString(not_empty=True), v.ValidRepoUser())

			




	
	
	
		
 
            clone_uri_change = v.UnicodeString(not_empty=False, if_missing=v.Missing)

			




	
	
	
		
 

			




	
	
	
		
 
        chained_validators = [v.ValidCloneUri(),

			




	
	
	
		
 
                              v.ValidRepoName(edit, old_data)]

			




	
	
	
		
 
    return _RepoForm

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def RepoPermsForm():

			




	
	
	
		
 
    class _RepoPermsForm(formencode.Schema):

			




	
	
	
		
 
        allow_extra_fields = True

			




	
	
	
		
 
        filter_extra_fields = False

			




	
	
	
		
 
        chained_validators = [v.ValidPerms(type_='repo')]

			




	
	
	
		
 
    return _RepoPermsForm

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def RepoGroupPermsForm(valid_recursive_choices):

			




	
	
	
		
 
    class _RepoGroupPermsForm(formencode.Schema):

			




	
	
	
		
 
        allow_extra_fields = True

			




	
	
	
		
 
        filter_extra_fields = False

			




	
	
	
		
 
        recursive = v.OneOf(valid_recursive_choices)

			




	
	
	
		
 
        chained_validators = [v.ValidPerms(type_='repo_group')]

			




	
	
	
		
 
    return _RepoGroupPermsForm

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def UserGroupPermsForm():

			




	
	
	
		
 
    class _UserPermsForm(formencode.Schema):

			




	
	
	
		
 
        allow_extra_fields = True

			




	
	
	
		
 
        filter_extra_fields = False

			




	
	
	
		
 
        chained_validators = [v.ValidPerms(type_='user_group')]

			




	
	
	
		
 
    return _UserPermsForm

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def RepoFieldForm():

			




	
	
	
		
 
    class _RepoFieldForm(formencode.Schema):

			




	
	
	
		
 
        filter_extra_fields = True

			




	
	
	
		
 
        allow_extra_fields = True

			




	
	
	
		
 

			




	
	
	
		
 
        new_field_key = All(v.FieldKey(),

			




	
	
	
		
 
                            v.UnicodeString(strip=True, min=3, not_empty=True))

			




	
	
	
		
 
        new_field_value = v.UnicodeString(not_empty=False, if_missing='')

			




	
	
	
		
 
        new_field_type = v.OneOf(['str', 'unicode', 'list', 'tuple'],

			




	
	
	
		
 
                                 if_missing='str')

			




	
	
	
		
 
        new_field_label = v.UnicodeString(not_empty=False)

			




	
	
	
		
 
        new_field_desc = v.UnicodeString(not_empty=False)

			




	
	
	
		
 

			




	
	
	
		
 
    return _RepoFieldForm

			




	
	
	
		
 

			




	
	
	
		
 

			




	
	
	
		
 
def RepoForkForm(edit=False, old_data={}, supported_backends=BACKENDS.keys(),

			




	
	
	
		
 
                 repo_groups=[], landing_revs=[]):

			




	
	
	
		
 
    class _RepoForkForm(formencode.Schema):

			




	
	
	
		
 
        allow_extra_fields = True

			




	
	
	
		
 
        filter_extra_fields = False

			




	
	
	
		
 
        repo_name = All(v.UnicodeString(strip=True, min=1, not_empty=True),

			




	
	
	
		
 
                        v.SlugifyName())

			




	
	
	
		
 
        repo_group = All(v.CanWriteGroup(),

			




	
	
	
		
 
                         v.OneOf(repo_groups, hideList=True))

			




	
	
	
		
 
        repo_type = All(v.ValidForkType(old_data), v.OneOf(supported_backends))

			




	
	
	
		
 
        description = v.UnicodeString(strip=True, min=1, not_empty=True)

			




	
	
	
		
 
        private = v.StringBoolean(if_missing=False)

			




	
	
	
		
 
        copy_permissions = v.StringBoolean(if_missing=False)

			




	
	
	
		
 
        update_after_clone = v.StringBoolean(if_missing=False)

			




	
	
	
		
 
        fork_parent_id = v.UnicodeString()

			




	
	
	
		
 
        chained_validators = [v.ValidForkName(edit, old_data)]

			




	
	
	
		
 
        landing_rev = v.OneOf(landing_revs, hideList=True)

			




	
	
	
		
 

			




	
	
	
		
 
    return _RepoForkForm

			




	
	
	
		
 

			




	
	
	
		
 

			




        

    



    


    



    



      

      





    
    0 comments (0 inline, 0 general)
    





    


  

  







  


    




    








    
        
    
    
        This site is powered by
            Kallithea 0.7.0,
        which is
        © 2010–2025 by various authors & licensed under GPLv3.