"Fossies" - the Fresh Open Source Software Archive

Member "roundup-2.0.0/share/roundup/templates/jinja2/detectors/userauditor.py" (25 Oct 2019, 4415 Bytes) of package /linux/www/roundup-2.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Python source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "userauditor.py": 1.6.1_vs_2.0.0.

    1 # Copyright (c) 2003 Richard Jones (richard@mechanicalcat.net)
    2 #
    3 # Permission is hereby granted, free of charge, to any person obtaining a copy
    4 # of this software and associated documentation files (the "Software"), to deal
    5 # in the Software without restriction, including without limitation the rights
    6 # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    7 # copies of the Software, and to permit persons to whom the Software is
    8 # furnished to do so, subject to the following conditions:
    9 #
   10 #   The above copyright notice and this permission notice shall be included in
   11 #   all copies or substantial portions of the Software.
   12 #
   13 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
   14 # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   15 # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
   16 # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
   17 # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
   18 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
   19 # SOFTWARE.
   20 #
   21 
   22 import re
   23 
   24 # regular expression thanks to: http://www.regular-expressions.info/email.html
   25 # this is the "99.99% solution for syntax only".
   26 email_regexp = (r"[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*", r"(localhost|(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9]))")
   27 email_rfc = re.compile('^' + email_regexp[0] + '@' + email_regexp[1] + '$', re.IGNORECASE)
   28 email_local = re.compile('^' + email_regexp[0] + '$', re.IGNORECASE)
   29 
   30 valid_username = re.compile('^[a-z0-9_@!%.+-]+$', re.IGNORECASE)
   31 
   32 def valid_address(address):
   33     ''' If we see an @-symbol in the address then check against the full
   34         RFC syntax. Otherwise it is a local-only address so only check
   35         the local part of the RFC syntax.
   36     '''
   37     if '@' in address:
   38         return email_rfc.match(address)
   39     else:
   40         return email_local.match(address)
   41 
   42 def get_addresses(user):
   43     ''' iterate over all known addresses in a newvalues dict
   44         this takes of the address/alterate_addresses handling
   45     '''
   46     if 'address' in user:
   47         yield user['address']
   48     if user.get('alternate_addresses', None):
   49         for address in user['alternate_addresses'].split('\n'):
   50             yield address
   51 
   52 def audit_user_fields(db, cl, nodeid, newvalues):
   53     ''' Make sure user properties are valid.
   54 
   55         - email address is syntactically valid
   56         - email address is unique
   57         - roles specified exist
   58         - timezone is valid
   59         - username matches A-z0-9_-.@!+% (email symbols)
   60     '''
   61 
   62     if 'username' in newvalues:
   63         if not valid_username.match(newvalues['username']):
   64             raise ValueError("Username/Login Name must consist only of the letters a-z (any case), digits 0-9 and the symbols: @._-!+%")
   65         
   66     for address in get_addresses(newvalues):
   67         if not valid_address(address):
   68             raise ValueError('Email address syntax is invalid "%s"'%address)
   69 
   70         check_main = db.user.stringFind(address=address)
   71         # make sure none of the alts are owned by anyone other than us (x!=nodeid)
   72         check_alts = [x for x in db.user.filter(None, {'alternate_addresses' : address}) if x != nodeid]
   73         if check_main or check_alts:
   74             raise ValueError('Email address %s already in use' % address)
   75 
   76     newroles = newvalues.get('roles')
   77     if newroles:
   78         for rolename in [r.lower().strip() for r in newroles.split(',')]:
   79             if rolename and rolename not in db.security.role:
   80                 raise ValueError('Role "%s" does not exist'%rolename)
   81 
   82     tz = newvalues.get('timezone', None)
   83     if tz:
   84         # if they set a new timezone validate the timezone by attempting to
   85         # use it before we store it to the db.
   86         import roundup.date
   87         import datetime
   88         try:
   89             TZ = roundup.date.get_timezone(tz)
   90             dt = datetime.datetime.now()
   91             local = TZ.localize(dt).utctimetuple()
   92         except IOError:
   93             raise ValueError('Timezone "%s" does not exist' % tz)
   94         except ValueError:
   95             raise ValueError('Timezone "%s" exceeds valid range [-23...23]' % tz)
   96 
   97 def init(db):
   98     # fire before changes are made
   99     db.user.audit('set', audit_user_fields)
  100     db.user.audit('create', audit_user_fields)
  101 
  102 # vim: sts=4 sw=4 et si