kallithea Changeset - ebdd1a89cdd9

Changeset - ebdd1a89cdd9

Parent rev.

Child rev.

[Not reviewed]

default

0 3 0

Marcin Kuzminski - 15 years ago 2010-07-24 00:46:29
marcin@python-works.com

Added extra validation in creating users.
new style errors for users

3 files changed with 47 insertions and 29 deletions:

pylons_app/controllers/admin/repos.py

pylons_app/controllers/admin/users.py

pylons_app/model/forms.py

0 comments (0 inline, 0 general)

pylons_app/controllers/admin/repos.py

➞

Show inline comments

@@ @@ -54,48 +54,45 @@ class ReposController(BaseController): @@
     def index(self, format='html'):
         """GET /repos: All items in the collection"""
         # url('repos')
         cached_repo_list = HgModel().get_repos()
         c.repos_list = sorted(cached_repo_list, key=itemgetter('name_sort'))
         return render('admin/repos/repos.html')
     def create(self):
         """POST /repos: Create a new item"""
         # url('repos')
         repo_model = RepoModel()
         _form = RepoForm()()
-        form_result = None
+        form_result = {}
         try:
             form_result = _form.to_python(dict(request.POST))
             repo_model.create(form_result, c.hg_app_user)
             invalidate_cache('cached_repo_list')
             h.flash(_('created repository %s') % form_result['repo_name'],
                     category='success')
         except formencode.Invalid as errors:
             c.new_repo = errors.value['repo_name']
             return htmlfill.render(
                 render('admin/repos/repo_add.html'),
                 defaults=errors.value,
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             if form_result:
                 msg = _('error occured during creation of repository %s') \
                     % form_result['repo_name']
             else:
                 msg = _('error occured during creation of repository')
             msg = _('error occured during creation of repository %s') \
                     % form_result.get('repo_name')
             h.flash(msg, category='error')
         return redirect('repos')
     def new(self, format='html'):
         """GET /repos/new: Form to create a new item"""
         new_repo = request.GET.get('repo', '')
         c.new_repo = h.repo_name_slug(new_repo)
         return render('admin/repos/repo_add.html')
     def update(self, repo_name):

pylons_app/controllers/admin/users.py

➞

Show inline comments

 #!/usr/bin/env python
 # encoding: utf-8
 # users controller for pylons
 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
+#
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; version 2
 # of the License or (at your opinion) any later version of the license.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 # MA  02110-1301, USA.
 """
 Created on April 4, 2010
 users controller for pylons
 @author: marcink
 """
 from formencode import htmlfill
 from pylons import request, session, tmpl_context as c, url
 from pylons.controllers.util import abort, redirect
 from pylons.i18n.translation import _
 from pylons_app.lib import helpers as h
 from pylons_app.lib.auth import LoginRequired, HasPermissionAllDecorator
 from pylons_app.lib.base import BaseController, render
 from pylons_app.model.db import User, UserLog
 from pylons_app.model.forms import UserForm
 from pylons_app.model.user_model import UserModel, DefaultUserException
 import formencode
 import logging
 import traceback
 """
 Created on April 4, 2010
 users controller for pylons
 @author: marcink
 """
 log = logging.getLogger(__name__)
 class UsersController(BaseController):
     """REST Controller styled on the Atom Publishing Protocol"""
     # To properly map this controller, ensure your config/routing.py
     # file has a resource setup:
     #     map.resource('user', 'users')
     @LoginRequired()
     @HasPermissionAllDecorator('hg.admin')
     def __before__(self):
@@ @@ -61,64 +62,69 @@ class UsersController(BaseController): @@
     def create(self):
         """POST /users: Create a new item"""
         # url('users')
         user_model = UserModel()
         login_form = UserForm()()
         try:
             form_result = login_form.to_python(dict(request.POST))
             user_model.create(form_result)
             h.flash(_('created user %s') % form_result['username'],
                     category='success')
         except formencode.Invalid as errors:
             c.form_errors = errors.error_dict
             return htmlfill.render(
-                 render('admin/users/user_add.html'),
                 render('admin/users/user_add.html'),
                 defaults=errors.value,
                 encoding="UTF-8")
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             h.flash(_('error occured during creation of user') \
             log.error(traceback.format_exc())
             h.flash(_('error occured during creation of user %s') \
                     % request.POST.get('username'), category='error')
         return redirect(url('users'))
     def new(self, format='html'):
         """GET /users/new: Form to create a new item"""
         # url('new_user')
         return render('admin/users/user_add.html')
     def update(self, id):
         """PUT /users/id: Update an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="PUT" />
         # Or using helpers:
         #    h.form(url('user', id=ID),
         #           method='put')
         # url('user', id=ID)
         user_model = UserModel()
         _form = UserForm(edit=True)()
         _form = UserForm(edit=True, old_data={'user_id':id})()
         form_result = {}
         try:
             form_result = _form.to_python(dict(request.POST))
             user_model.update(id, form_result)
             h.flash(_('User updated succesfully'), category='success')
         except formencode.Invalid as errors:
             c.user = user_model.get_user(id)
             c.form_errors = errors.error_dict
             return htmlfill.render(
-                 render('admin/users/user_edit.html'),
                 render('admin/users/user_edit.html'),
                 defaults=errors.value,
                 encoding="UTF-8")
                 errors=errors.error_dict or {},
                 prefix_error=False,
                 encoding="UTF-8")
         except Exception:
             log.error(traceback.format_exc())
             h.flash(_('error occured during update of user %s') \
-                    % form_result['username'], category='error')
+                    % form_result.get('username'), category='error')
         return redirect(url('users'))
     def delete(self, id):
         """DELETE /users/id: Delete an existing item"""
         # Forms posted to this method should contain a hidden field:
         #    <input type="hidden" name="_method" value="DELETE" />
         # Or using helpers:
         #    h.form(url('user', id=ID),
         #           method='delete')
         # url('user', id=ID)
         user_model = UserModel()

pylons_app/model/forms.py

➞

Show inline comments

@@ @@ -43,29 +43,44 @@ class State_obj(object): @@
 #===============================================================================
 # VALIDATORS
 #===============================================================================
 class ValidAuthToken(formencode.validators.FancyValidator):
     messages = {'invalid_token':_('Token mismatch')}
     def validate_python(self, value, state):
         if value != authentication_token():
             raise formencode.Invalid(self.message('invalid_token', state,
                                             search_number=value), value, state)
 class ValidUsername(formencode.validators.FancyValidator):
     def validate_python(self, value, state):
         if value in ['default', 'new_user']:
             raise formencode.Invalid(_('Invalid username'), value, state)
 def ValidUsername(edit, old_data):
     class _ValidUsername(formencode.validators.FancyValidator):
         def validate_python(self, value, state):
             if value in ['default', 'new_user']:
                 raise formencode.Invalid(_('Invalid username'), value, state)
             #check if user is uniq
             sa = meta.Session
             old_un = None
             if edit:
                 old_un = sa.query(User).get(old_data.get('user_id')).username
             if old_un != value or not edit:
                 if sa.query(User).filter(User.username == value).scalar():
                     raise formencode.Invalid(_('This username already exists') ,
                                              value, state)
             meta.Session.remove()
     return _ValidUsername
 class ValidPassword(formencode.validators.FancyValidator):
     def to_python(self, value, state):
         if value:
             return get_crypt_password(value)
 class ValidAuth(formencode.validators.FancyValidator):
     messages = {
             'invalid_password':_('invalid password'),
             'invalid_login':_('invalid user name'),
             'disabled_account':_('Your acccount is disabled')
@@ @@ -224,34 +239,34 @@ class LoginForm(formencode.Schema): @@
                             strip=True,
                             min=3,
                             not_empty=True,
                             messages={
                                       'empty':_('Please enter a password'),
                                       'tooShort':_('Enter a value %(min)i characters long or more')}
+                                )
     #chained validators have access to all data
     chained_validators = [ValidAuth]
 def UserForm(edit=False):
+def UserForm(edit=False, old_data={}):
     class _UserForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = True
         username = All(UnicodeString(strip=True, min=3, not_empty=True), ValidUsername)
+        username = All(UnicodeString(strip=True, min=3, not_empty=True), ValidUsername(edit, old_data))
         if edit:
             new_password = All(UnicodeString(strip=True, min=3, not_empty=False), ValidPassword)
             admin = StringBoolean(if_missing=False)
         else:
-            password = All(UnicodeString(strip=True, min=3, not_empty=False), ValidPassword)
+            password = All(UnicodeString(strip=True, min=8, not_empty=True), ValidPassword)
         active = StringBoolean(if_missing=False)
         name = UnicodeString(strip=True, min=3, not_empty=True)
         lastname = UnicodeString(strip=True, min=3, not_empty=True)
         email = Email(not_empty=True)
     return _UserForm
 def RepoForm(edit=False, old_data={}):
     class _RepoForm(formencode.Schema):
         allow_extra_fields = True
         filter_extra_fields = False
         repo_name = All(UnicodeString(strip=True, min=1, not_empty=True), ValidRepoName(edit, old_data))

0 comments (0 inline, 0 general)