kallithea Changeset - 9225597688f4

Changeset - 9225597688f4

Parent rev.

Child rev.

[Not reviewed]

beta

0 5 0

Marcin Kuzminski - 13 years ago 2012-06-18 21:25:49
marcin@python-works.com

Added validation into user email map

5 files changed with 29 insertions and 13 deletions:

rhodecode/controllers/admin/users.py

rhodecode/lib/auth.py

rhodecode/model/forms.py

rhodecode/model/user.py

rhodecode/model/validators.py

0 comments (0 inline, 0 general)

rhodecode/controllers/admin/users.py

➞

Show inline comments

@@ @@ -122,18 +122,21 @@ class UsersController(BaseController): @@
             usr = form_result['username']
             action_logger(self.rhodecode_user, 'admin_updated_user:%s' % usr,
                           None, self.ip_addr, self.sa)
             h.flash(_('User updated successfully'), category='success')
             Session.commit()
         except formencode.Invalid, errors:
             c.user_email_map = UserEmailMap.query()\
                             .filter(UserEmailMap.user == c.user).all()
             defaults = errors.value
             e = errors.error_dict or {}
             perm = Permission.get_by_key('hg.create.repository')
-            e.update({'create_repo_perm': user_model.has_perm(id, perm)})
+            defaults.update({'create_repo_perm': user_model.has_perm(id, perm)})
             return htmlfill.render(
                 render('admin/users/user_edit.html'),
-                defaults=errors.value,
+                defaults=defaults,
                 errors=e,
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occurred during update of user %s') \
@@ @@ -228,12 +231,15 @@ class UsersController(BaseController): @@
         user_model = UserModel()
         try:
             user_model.add_extra_email(id, email)
             Session.commit()
             h.flash(_("Added email %s to user" % email), category='success')
         except formencode.Invalid, error:
             msg = error.error_dict['email']
             h.flash(msg, category='error')
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('An error occurred during email saving'),
                     category='error')
         return redirect(url('edit_user', id=id))

rhodecode/lib/auth.py

➞

Show inline comments

@@ @@ -35,17 +35,12 @@ from pylons import config, url, request @@
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from rhodecode import __platform__, PLATFORM_WIN, PLATFORM_OTHERS
 from rhodecode.model.meta import Session
 if __platform__ in PLATFORM_WIN:
     from hashlib import sha256
 if __platform__ in PLATFORM_OTHERS:
     import bcrypt
 from rhodecode.lib.utils2 import str2bool, safe_unicode
 from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError
 from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug
 from rhodecode.lib.auth_ldap import AuthLdap
 from rhodecode.model import meta
@@ @@ -95,14 +90,16 @@ class RhodeCodeCrypto(object): @@
         Cryptographic function used for password hashing based on pybcrypt
         or pycrypto in windows
         :param password: password to hash
         """
         if __platform__ in PLATFORM_WIN:
             from hashlib import sha256
             return sha256(str_).hexdigest()
         elif __platform__ in PLATFORM_OTHERS:
             import bcrypt
             return bcrypt.hashpw(str_, bcrypt.gensalt(10))
         else:
             raise Exception('Unknown or unsupported platform %s' \
                             % __platform__)
     @classmethod
@@ @@ -113,14 +110,16 @@ class RhodeCodeCrypto(object): @@
         :param password: password
         :param hashed: password in hashed form
         """
         if __platform__ in PLATFORM_WIN:
             from hashlib import sha256
             return sha256(password).hexdigest() == hashed
         elif __platform__ in PLATFORM_OTHERS:
             import bcrypt
             return bcrypt.hashpw(password, hashed) == hashed
         else:
             raise Exception('Unknown or unsupported platform %s' \
                             % __platform__)

rhodecode/model/forms.py

➞

Show inline comments

@@ @@ -296,6 +296,13 @@ def LdapSettingsForm(tls_reqcert_choices @@
+        )
         ldap_attr_firstname = v.UnicodeString(strip=True,)
         ldap_attr_lastname = v.UnicodeString(strip=True,)
         ldap_attr_email = v.UnicodeString(strip=True,)
     return _LdapSettingsForm
 def UserExtraEmailForm():
     class _UserExtraEmailForm(formencode.Schema):
         email = All(v.UniqSystemEmail(), v.Email)
     return _UserExtraEmailForm
@@ \ No newline at end of file @@

rhodecode/model/user.py

➞

Show inline comments

@@ @@ -26,26 +26,25 @@ @@
 import logging
 import traceback
 from pylons import url
 from pylons.i18n.translation import _
 from sqlalchemy.exc import DatabaseError
 from sqlalchemy.orm import joinedload
 from rhodecode.lib.utils2 import safe_unicode, generate_api_key
 from rhodecode.lib.caching_query import FromCache
 from rhodecode.model import BaseModel
 from rhodecode.model.db import User, UserRepoToPerm, Repository, Permission, \
     UserToPerm, UsersGroupRepoToPerm, UsersGroupToPerm, UsersGroupMember, \
     Notification, RepoGroup, UserRepoGroupToPerm, UsersGroupRepoGroupToPerm, \
     UserEmailMap
 from rhodecode.lib.exceptions import DefaultUserException, \
     UserOwnsReposException
 from sqlalchemy.exc import DatabaseError
 from sqlalchemy.orm import joinedload
 log = logging.getLogger(__name__)
 PERM_WEIGHTS = {
     'repository.none': 0,
@@ @@ -590,16 +589,20 @@ class UserModel(BaseModel): @@
         """
         Adds email address to UserEmailMap
         :param user:
         :param email:
         """
         from rhodecode.model import forms
         form = forms.UserExtraEmailForm()()
         data = form.to_python(dict(email=email))
         user = self._get_user(user)
         obj = UserEmailMap()
         obj.user = user
         obj.email = email
+        obj.email = data['email']
         self.sa.add(obj)
         return obj
     def delete_extra_email(self, user, email_id):
         """
         Removes email address from UserEmailMap

rhodecode/model/validators.py

➞

Show inline comments

@@ @@ -11,13 +11,12 @@ from webhelpers.pylonslib.secure_form im @@
 from formencode.validators import (
     UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set
+)
 from rhodecode.lib.utils import repo_name_slug
 from rhodecode.model.db import RepoGroup, Repository, UsersGroup, User
 from rhodecode.lib.auth import authenticate
 from rhodecode.lib.exceptions import LdapImportError
 from rhodecode.config.routing import ADMIN_PREFIX
 # silence warnings and pylint
 UnicodeString, OneOf, Int, Number, Regex, Email, Bool, StringBoolean, Set
 log = logging.getLogger(__name__)
@@ @@ -238,12 +237,14 @@ def ValidAuth(): @@
             'invalid_password': _(u'invalid password'),
             'invalid_username': _(u'invalid user name'),
             'disabled_account': _(u'Your account is disabled')
+        }
         def validate_python(self, value, state):
             from rhodecode.lib.auth import authenticate
             password = value['password']
             username = value['username']
             if not authenticate(username, password):
                 user = User.get_by_username(username)
                 if user and user.active is False:

0 comments (0 inline, 0 general)