1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
|
import re
from django import forms
from django.contrib.auth.models import User
from django.conf import settings
from django.http import Http404
from django.shortcuts import get_object_or_404
from django.utils.translation import ugettext_lazy as _
from django.utils.safestring import mark_safe
from askbot.conf import settings as askbot_settings
from askbot.utils.slug import slugify
from askbot.utils.functions import split_list
from askbot import const
from longerusername import MAX_USERNAME_LENGTH
import logging
import urllib
DEFAULT_NEXT = '/' + getattr(settings, 'ASKBOT_URL')
def clean_next(next, default = None):
if next is None or not next.startswith('/'):
if default:
return default
else:
return DEFAULT_NEXT
if isinstance(next, str):
next = unicode(urllib.unquote(next), 'utf-8', 'replace')
next = next.strip()
logging.debug('next url is %s' % next)
return next
def get_next_url(request, default = None):
return clean_next(request.REQUEST.get('next'), default)
def get_db_object_or_404(params):
"""a utility function that returns an object
in return to the model_name and object_id
only specific models are accessible
"""
from askbot import models
try:
model_name = params['model_name']
assert(model_name=='Group')
model = models.get_model(model_name)
obj_id = forms.IntegerField().clean(params['object_id'])
return get_object_or_404(model, id=obj_id)
except Exception:
#need catch-all b/c of the nature of the function
raise Http404
def format_errors(error_list):
"""If there is only one error - returns a string
corresponding to that error, to remove the <ul> tag.
If there is > 1 error - then convert the error_list into
a string.
"""
if len(error_list) == 1:
return unicode(error_list[0])
else:
return unicode(error_list)
class StrippedNonEmptyCharField(forms.CharField):
def clean(self, value):
value = value.strip()
if self.required and value == '':
raise forms.ValidationError(_('this field is required'))
return value
class NextUrlField(forms.CharField):
def __init__(self):
super(
NextUrlField,
self
).__init__(
max_length = 255,
widget = forms.HiddenInput(),
required = False
)
def clean(self,value):
return clean_next(value)
login_form_widget_attrs = { 'class': 'required login' }
class UserNameField(StrippedNonEmptyCharField):
RESERVED_NAMES = (u'fuck', u'shit', u'ass', u'sex', u'add',
u'edit', u'save', u'delete', u'manage', u'update', 'remove', 'new')
def __init__(
self,
db_model=User,
db_field='username',
must_exist=False,
skip_clean=False,
label=_('Choose a screen name'),
widget_attrs=None,
**kw
):
self.must_exist = must_exist
self.skip_clean = skip_clean
self.db_model = db_model
self.db_field = db_field
self.user_instance = None
error_messages={
'required': _('user name is required'),
'taken': _('sorry, this name is taken, please choose another'),
'forbidden': _('sorry, this name is not allowed, please choose another'),
'missing': _('sorry, there is no user with this name'),
'multiple-taken': _('sorry, we have a serious error - user name is taken by several users'),
'invalid': _('user name can only consist of letters, empty space and underscore'),
'meaningless': _('please use at least some alphabetic characters in the user name'),
'noemail': _('symbol "@" is not allowed')
}
if 'error_messages' in kw:
error_messages.update(kw['error_messages'])
del kw['error_messages']
if widget_attrs:
widget_attrs.update(login_form_widget_attrs)
else:
widget_attrs = login_form_widget_attrs
max_length = MAX_USERNAME_LENGTH()
super(UserNameField,self).__init__(
max_length=max_length,
widget=forms.TextInput(attrs=widget_attrs),
label=label,
error_messages=error_messages,
**kw
)
def clean(self,username):
""" validate username """
if self.skip_clean == True:
logging.debug('username accepted with no validation')
return username
if self.user_instance is None:
pass
elif isinstance(self.user_instance, User):
if username == self.user_instance.username:
logging.debug('username valid')
return username
else:
raise TypeError('user instance must be of type User')
try:
username = super(UserNameField, self).clean(username)
except forms.ValidationError:
raise forms.ValidationError(self.error_messages['required'])
username_re_string = const.USERNAME_REGEX_STRING
#attention: here we check @ symbol in two places: input and the regex
if askbot_settings.ALLOW_EMAIL_ADDRESS_IN_USERNAME is False:
if '@' in username:
raise forms.ValidationError(self.error_messages['noemail'])
username_re_string = username_re_string.replace('@', '')
username_regex = re.compile(username_re_string, re.UNICODE)
if self.required and not username_regex.search(username):
raise forms.ValidationError(self.error_messages['invalid'])
if username in self.RESERVED_NAMES:
raise forms.ValidationError(self.error_messages['forbidden'])
if slugify(username) == '':
raise forms.ValidationError(self.error_messages['meaningless'])
try:
user = self.db_model.objects.get(
**{'%s' % self.db_field : username}
)
if user:
if self.must_exist:
logging.debug('user exists and name accepted b/c here we validate existing user')
return username
else:
raise forms.ValidationError(self.error_messages['taken'])
except self.db_model.DoesNotExist:
if self.must_exist:
logging.debug('user must exist, so raising the error')
raise forms.ValidationError(self.error_messages['missing'])
else:
logging.debug('user name valid!')
return username
except self.db_model.MultipleObjectsReturned:
logging.debug('error - user with this name already exists')
raise forms.ValidationError(self.error_messages['multiple-taken'])
def email_is_allowed(
email, allowed_emails='', allowed_email_domains=''
):
"""True, if email address is pre-approved or matches a allowed
domain"""
if allowed_emails:
email_list = split_list(allowed_emails)
allowed_emails = ' ' + ' '.join(email_list) + ' '
email_match_re = re.compile(r'\s%s\s' % email)
if email_match_re.search(allowed_emails):
return True
if allowed_email_domains:
email_domain = email.split('@')[1]
domain_list = split_list(allowed_email_domains)
domain_match_re = re.compile(r'\s%s\s' % email_domain)
allowed_email_domains = ' ' + ' '.join(domain_list) + ' '
return domain_match_re.search(allowed_email_domains)
return False
class UserEmailField(forms.EmailField):
def __init__(self, skip_clean=False, **kw):
self.skip_clean = skip_clean
hidden = kw.pop('hidden', False)
if hidden is True:
widget_class = forms.HiddenInput
else:
widget_class = forms.TextInput
super(UserEmailField,self).__init__(
widget=widget_class(
attrs=dict(login_form_widget_attrs, maxlength=200)
),
label=mark_safe(_('Your email <i>(never shared)</i>')),
error_messages={
'required':_('email address is required'),
'invalid':_('please enter a valid email address'),
'taken':_('this email is already used by someone else, please choose another'),
'unauthorized':_('this email address is not authorized')
},
**kw
)
def clean(self, email):
""" validate if email exist in database
from legacy register
return: raise error if it exist """
email = super(UserEmailField,self).clean(email.strip())
if self.skip_clean:
return email
allowed_domains = askbot_settings.ALLOWED_EMAIL_DOMAINS.strip()
allowed_emails = askbot_settings.ALLOWED_EMAILS.strip()
if allowed_emails or allowed_domains:
if not email_is_allowed(
email,
allowed_emails=allowed_emails,
allowed_email_domains=allowed_domains
):
raise forms.ValidationError(self.error_messages['unauthorized'])
try:
user = User.objects.get(email__iexact=email)
logging.debug('email taken')
raise forms.ValidationError(self.error_messages['taken'])
except User.DoesNotExist:
logging.debug('email valid')
return email
except User.MultipleObjectsReturned:
logging.critical('email taken many times over')
raise forms.ValidationError(self.error_messages['taken'])
class SetPasswordForm(forms.Form):
password1 = forms.CharField(widget=forms.PasswordInput(attrs=login_form_widget_attrs),
label=_('Password'),
error_messages={'required':_('password is required')},
)
password2 = forms.CharField(widget=forms.PasswordInput(attrs=login_form_widget_attrs),
label=mark_safe(_('Password <i>(please retype)</i>')),
error_messages={'required':_('please, retype your password'),
'nomatch':_('sorry, entered passwords did not match, please try again')},
)
def __init__(self, data=None, user=None, *args, **kwargs):
super(SetPasswordForm, self).__init__(data, *args, **kwargs)
def clean_password2(self):
"""
Validates that the two password inputs match.
"""
if 'password1' in self.cleaned_data:
if self.cleaned_data['password1'] == self.cleaned_data['password2']:
self.password = self.cleaned_data['password2']
self.cleaned_data['password'] = self.cleaned_data['password2']
return self.cleaned_data['password2']
else:
del self.cleaned_data['password2']
raise forms.ValidationError(self.fields['password2'].error_messages['nomatch'])
else:
return self.cleaned_data['password2']
|
