Show More
@@ -127,8 +127,8 b' class AdminUsersView(BaseAppView, DataGr' | |||
|
127 | 127 | users_data.append({ |
|
128 | 128 | "username": h.gravatar_with_user(user.username), |
|
129 | 129 | "email": user.email, |
|
130 |
"first_name": |
|
|
131 |
"last_name": |
|
|
130 | "first_name": user.first_name, | |
|
131 | "last_name": user.last_name, | |
|
132 | 132 | "last_login": h.format_date(user.last_login), |
|
133 | 133 | "last_activity": h.format_date(user.last_activity), |
|
134 | 134 | "active": h.bool2icon(user.active), |
@@ -111,8 +111,8 b' class TestHomeController(TestController)' | |||
|
111 | 111 | user_util.create_repo(owner=username) |
|
112 | 112 | |
|
113 | 113 | response = self.app.get(route_path('home')) |
|
114 |
response.mustcontain(h.html_escape( |
|
|
115 |
response.mustcontain(h.html_escape( |
|
|
114 | response.mustcontain(h.html_escape(user.first_name)) | |
|
115 | response.mustcontain(h.html_escape(user.last_name)) | |
|
116 | 116 | |
|
117 | 117 | @pytest.mark.parametrize("name, state", [ |
|
118 | 118 | ('Disabled', False), |
@@ -36,8 +36,8 b' def reviewer_as_json(user, reasons=None,' | |||
|
36 | 36 | 'reasons': reasons or [], |
|
37 | 37 | 'mandatory': mandatory, |
|
38 | 38 | 'username': user.username, |
|
39 | 'firstname': user.firstname, | |
|
40 | 'lastname': user.lastname, | |
|
39 | 'first_name': user.first_name, | |
|
40 | 'last_name': user.last_name, | |
|
41 | 41 | 'gravatar_link': h.gravatar_url(user.email, 14), |
|
42 | 42 | } |
|
43 | 43 |
@@ -493,8 +493,8 b' class UserGroupsController(BaseControlle' | |||
|
493 | 493 | group_members = [ |
|
494 | 494 | { |
|
495 | 495 | 'id': user.user_id, |
|
496 | 'first_name': user.name, | |
|
497 | 'last_name': user.lastname, | |
|
496 | 'first_name': user.first_name, | |
|
497 | 'last_name': user.last_name, | |
|
498 | 498 | 'username': user.username, |
|
499 | 499 | 'icon_link': h.gravatar_url(user.email, 30), |
|
500 | 500 | 'value_display': h.person(user.email), |
@@ -21,8 +21,6 b'' | |||
|
21 | 21 | """ |
|
22 | 22 | pull requests controller for rhodecode for initializing pull requests |
|
23 | 23 | """ |
|
24 | import types | |
|
25 | ||
|
26 | 24 | import peppercorn |
|
27 | 25 | import formencode |
|
28 | 26 | import logging |
@@ -33,6 +31,7 b' from pylons import request, tmpl_context' | |||
|
33 | 31 | from pylons.controllers.util import redirect |
|
34 | 32 | from pylons.i18n.translation import _ |
|
35 | 33 | from pyramid.threadlocal import get_current_registry |
|
34 | from pyramid.httpexceptions import HTTPFound | |
|
36 | 35 | from sqlalchemy.sql import func |
|
37 | 36 | from sqlalchemy.sql.expression import or_ |
|
38 | 37 |
@@ -807,6 +807,8 b' class AuthUser(object):' | |||
|
807 | 807 | self.ip_addr = ip_addr |
|
808 | 808 | self.name = '' |
|
809 | 809 | self.lastname = '' |
|
810 | self.first_name = '' | |
|
811 | self.last_name = '' | |
|
810 | 812 | self.email = '' |
|
811 | 813 | self.is_authenticated = False |
|
812 | 814 | self.admin = False |
@@ -77,8 +77,8 b' def get_user_data(user_id):' | |||
|
77 | 77 | return { |
|
78 | 78 | 'id': user.user_id, |
|
79 | 79 | 'username': user.username, |
|
80 | 'first_name': user.name, | |
|
81 | 'last_name': user.lastname, | |
|
80 | 'first_name': user.first_name, | |
|
81 | 'last_name': user.last_name, | |
|
82 | 82 | 'icon_link': h.gravatar_url(user.email, 60), |
|
83 | 83 | 'display_name': h.person(user, 'username_or_name_or_email'), |
|
84 | 84 | 'display_link': h.link_to_user(user), |
@@ -893,9 +893,9 b' def author_string(email):' | |||
|
893 | 893 | if email: |
|
894 | 894 | user = User.get_by_email(email, case_insensitive=True, cache=True) |
|
895 | 895 | if user: |
|
896 | if user.firstname or user.lastname: | |
|
896 | if user.first_name or user.last_name: | |
|
897 | 897 | return '%s %s <%s>' % ( |
|
898 |
|
|
|
898 | user.first_name, user.last_name, email) | |
|
899 | 899 | else: |
|
900 | 900 | return email |
|
901 | 901 | else: |
@@ -1144,14 +1144,14 b' class InitialsGravatar(object):' | |||
|
1144 | 1144 | # first push the email initials |
|
1145 | 1145 | prefix, server = email_address.split('@', 1) |
|
1146 | 1146 | |
|
1147 | # check if prefix is maybe a 'firstname.lastname' syntax | |
|
1147 | # check if prefix is maybe a 'first_name.last_name' syntax | |
|
1148 | 1148 | _dot_split = prefix.rsplit('.', 1) |
|
1149 | 1149 | if len(_dot_split) == 2: |
|
1150 | 1150 | initials = [_dot_split[0][0], _dot_split[1][0]] |
|
1151 | 1151 | else: |
|
1152 | 1152 | initials = [prefix[0], server[0]] |
|
1153 | 1153 | |
|
1154 | # then try to replace either firtname or lastname | |
|
1154 | # then try to replace either first_name or last_name | |
|
1155 | 1155 | fn_letter = (first_name or " ")[0].strip() |
|
1156 | 1156 | ln_letter = (last_name.split(' ', 1)[-1] or " ")[0].strip() |
|
1157 | 1157 |
@@ -574,12 +574,16 b' class User(Base, BaseModel):' | |||
|
574 | 574 | @hybrid_property |
|
575 | 575 | def first_name(self): |
|
576 | 576 | from rhodecode.lib import helpers as h |
|
577 | if self.name: | |
|
577 | 578 | return h.escape(self.name) |
|
579 | return self.name | |
|
578 | 580 | |
|
579 | 581 | @hybrid_property |
|
580 | 582 | def last_name(self): |
|
581 | 583 | from rhodecode.lib import helpers as h |
|
584 | if self.lastname: | |
|
582 | 585 | return h.escape(self.lastname) |
|
586 | return self.lastname | |
|
583 | 587 | |
|
584 | 588 | @hybrid_property |
|
585 | 589 | def api_key(self): |
@@ -700,7 +704,7 b' class User(Base, BaseModel):' | |||
|
700 | 704 | |
|
701 | 705 | @property |
|
702 | 706 | def username_and_name(self): |
|
703 | return '%s (%s %s)' % (self.username, self.firstname, self.lastname) | |
|
707 | return '%s (%s %s)' % (self.username, self.first_name, self.last_name) | |
|
704 | 708 | |
|
705 | 709 | @property |
|
706 | 710 | def username_or_name_or_email(self): |
@@ -709,20 +713,20 b' class User(Base, BaseModel):' | |||
|
709 | 713 | |
|
710 | 714 | @property |
|
711 | 715 | def full_name(self): |
|
712 | return '%s %s' % (self.firstname, self.lastname) | |
|
716 | return '%s %s' % (self.first_name, self.last_name) | |
|
713 | 717 | |
|
714 | 718 | @property |
|
715 | 719 | def full_name_or_username(self): |
|
716 | return ('%s %s' % (self.firstname, self.lastname) | |
|
717 | if (self.firstname and self.lastname) else self.username) | |
|
720 | return ('%s %s' % (self.first_name, self.last_name) | |
|
721 | if (self.first_name and self.last_name) else self.username) | |
|
718 | 722 | |
|
719 | 723 | @property |
|
720 | 724 | def full_contact(self): |
|
721 | return '%s %s <%s>' % (self.firstname, self.lastname, self.email) | |
|
725 | return '%s %s <%s>' % (self.first_name, self.last_name, self.email) | |
|
722 | 726 | |
|
723 | 727 | @property |
|
724 | 728 | def short_contact(self): |
|
725 | return '%s %s' % (self.firstname, self.lastname) | |
|
729 | return '%s %s' % (self.first_name, self.last_name) | |
|
726 | 730 | |
|
727 | 731 | @property |
|
728 | 732 | def is_admin(self): |
@@ -1291,8 +1291,8 b' class PullRequestModel(BaseModel):' | |||
|
1291 | 1291 | 'user': { |
|
1292 | 1292 | 'user_id': repo.user.user_id, |
|
1293 | 1293 | 'username': repo.user.username, |
|
1294 | 'firstname': repo.user.firstname, | |
|
1295 | 'lastname': repo.user.lastname, | |
|
1294 | 'firstname': repo.user.first_name, | |
|
1295 | 'lastname': repo.user.last_name, | |
|
1296 | 1296 | 'gravatar_link': h.gravatar_url(repo.user.email, 14), |
|
1297 | 1297 | }, |
|
1298 | 1298 | 'description': h.chop_at_smart(repo.description, '\n'), |
@@ -70,8 +70,8 b' class UserModel(BaseModel):' | |||
|
70 | 70 | |
|
71 | 71 | return { |
|
72 | 72 | 'id': user.user_id, |
|
73 |
'first_name': |
|
|
74 |
'last_name': |
|
|
73 | 'first_name': user.first_name, | |
|
74 | 'last_name': user.last_name, | |
|
75 | 75 | 'username': user.username, |
|
76 | 76 | 'email': user.email, |
|
77 | 77 | 'icon_link': h.gravatar_url(user.email, 30), |
@@ -679,6 +679,11 b' class UserModel(BaseModel):' | |||
|
679 | 679 | # TODO: johbo: Think about this and find a clean solution |
|
680 | 680 | user_data = dbuser.get_dict() |
|
681 | 681 | user_data.update(dbuser.get_api_data(include_secrets=True)) |
|
682 | user_data.update({ | |
|
683 | # set explicit the safe escaped values | |
|
684 | 'first_name': dbuser.first_name, | |
|
685 | 'last_name': dbuser.last_name, | |
|
686 | }) | |
|
682 | 687 | |
|
683 | 688 | for k, v in user_data.iteritems(): |
|
684 | 689 | # properties of auth user we dont update |
@@ -227,8 +227,8 b' ReviewersController = function () {' | |||
|
227 | 227 | for (var i = 0; i < data.reviewers.length; i++) { |
|
228 | 228 | var reviewer = data.reviewers[i]; |
|
229 | 229 | self.addReviewMember( |
|
230 | reviewer.user_id, reviewer.firstname, | |
|
231 | reviewer.lastname, reviewer.username, | |
|
230 | reviewer.user_id, reviewer.first_name, | |
|
231 | reviewer.last_name, reviewer.username, | |
|
232 | 232 | reviewer.gravatar_link, reviewer.reasons, |
|
233 | 233 | reviewer.mandatory); |
|
234 | 234 | } |
@@ -32,7 +32,7 b'' | |||
|
32 | 32 | ${_('First Name')}: |
|
33 | 33 | </div> |
|
34 | 34 | <div class="right-content"> |
|
35 | ${c.user.firstname} | |
|
35 | ${c.user.first_name} | |
|
36 | 36 | </div> |
|
37 | 37 | </div> |
|
38 | 38 | <div class="fieldset"> |
@@ -40,7 +40,7 b'' | |||
|
40 | 40 | ${_('Last Name')}: |
|
41 | 41 | </div> |
|
42 | 42 | <div class="right-content"> |
|
43 | ${c.user.lastname} | |
|
43 | ${c.user.last_name} | |
|
44 | 44 | </div> |
|
45 | 45 | </div> |
|
46 | 46 | <div class="fieldset"> |
@@ -12,8 +12,8 b" if getattr(c, 'rhodecode_user', None) an" | |||
|
12 | 12 | c.template_context['rhodecode_user']['username'] = c.rhodecode_user.username |
|
13 | 13 | c.template_context['rhodecode_user']['email'] = c.rhodecode_user.email |
|
14 | 14 | c.template_context['rhodecode_user']['notification_status'] = c.rhodecode_user.get_instance().user_data.get('notification_status', True) |
|
15 | c.template_context['rhodecode_user']['first_name'] = c.rhodecode_user.name | |
|
16 | c.template_context['rhodecode_user']['last_name'] = c.rhodecode_user.lastname | |
|
15 | c.template_context['rhodecode_user']['first_name'] = c.rhodecode_user.first_name | |
|
16 | c.template_context['rhodecode_user']['last_name'] = c.rhodecode_user.last_name | |
|
17 | 17 | |
|
18 | 18 | c.template_context['visual']['default_renderer'] = h.get_visual_attr(c, 'default_renderer') |
|
19 | 19 | c.template_context['default_user'] = { |
@@ -10,7 +10,7 b' RhodeCode new user registration: ${user.' | |||
|
10 | 10 | A new user `${user.username}` has registered on ${h.format_date(date)} |
|
11 | 11 | |
|
12 | 12 | - Username: ${user.username} |
|
13 | - Full Name: ${user.firstname} ${user.lastname} | |
|
13 | - Full Name: ${user.first_name} ${user.last_name} | |
|
14 | 14 | - Email: ${user.email} |
|
15 | 15 | - Profile link: ${h.route_url('user_profile', username=user.username)} |
|
16 | 16 | |
@@ -21,7 +21,7 b' A new user `${user.username}` has regist' | |||
|
21 | 21 | <table style="text-align:left;vertical-align:middle;"> |
|
22 | 22 | <tr><td colspan="2" style="width:100%;padding-bottom:15px;border-bottom:1px solid #dbd9da;"><h4><a href="${h.route_url('user_profile', username=user.username)}" style="color:#427cc9;text-decoration:none;cursor:pointer">${_('New user %(user)s has registered on %(date)s') % {'user': user.username, 'date': h.format_date(date)}}</a></h4></td></tr> |
|
23 | 23 | <tr><td style="padding-right:20px;padding-top:20px;">${_('Username')}</td><td style="line-height:1;padding-top:20px;"><img style="margin-bottom:-5px;text-align:left;border:1px solid #dbd9da" src="${h.gravatar_url(user.email, 16)}" height="16" width="16"> ${user.username}</td></tr> |
|
24 | <tr><td style="padding-right:20px;">${_('Full Name')}</td><td>${user.firstname} ${user.lastname}</td></tr> | |
|
24 | <tr><td style="padding-right:20px;">${_('Full Name')}</td><td>${user.first_name} ${user.last_name}</td></tr> | |
|
25 | 25 | <tr><td style="padding-right:20px;">${_('Email')}</td><td>${user.email}</td></tr> |
|
26 | 26 | <tr><td style="padding-right:20px;">${_('Profile')}</td><td><a href="${h.route_url('user_profile', username=user.username)}">${h.route_url('user_profile', username=user.username)}</a></td></tr> |
|
27 | 27 | </table> No newline at end of file |
@@ -35,7 +35,7 b'' | |||
|
35 | 35 | ${_('First name')}: |
|
36 | 36 | </div> |
|
37 | 37 | <div class="right-content"> |
|
38 | ${c.user.firstname} | |
|
38 | ${c.user.first_name} | |
|
39 | 39 | </div> |
|
40 | 40 | </div> |
|
41 | 41 | <div class="fieldset"> |
@@ -43,7 +43,7 b'' | |||
|
43 | 43 | ${_('Last name')}: |
|
44 | 44 | </div> |
|
45 | 45 | <div class="right-content"> |
|
46 | ${c.user.lastname} | |
|
46 | ${c.user.last_name} | |
|
47 | 47 | </div> |
|
48 | 48 | </div> |
|
49 | 49 | <div class="fieldset"> |
@@ -336,9 +336,7 b' class TestGistsController(TestController' | |||
|
336 | 336 | |
|
337 | 337 | def test_user_first_name_is_escaped(self, user_util, create_gist): |
|
338 | 338 | xss_atack_string = '"><script>alert(\'First Name\')</script>' |
|
339 | xss_escaped_string = ( | |
|
340 | '"><script>alert('First Name')</script' | |
|
341 | '>') | |
|
339 | xss_escaped_string = h.html_escape(h.escape(xss_atack_string)) | |
|
342 | 340 | password = 'test' |
|
343 | 341 | user = user_util.create_user( |
|
344 | 342 | firstname=xss_atack_string, password=password) |
@@ -348,8 +346,7 b' class TestGistsController(TestController' | |||
|
348 | 346 | |
|
349 | 347 | def test_user_last_name_is_escaped(self, user_util, create_gist): |
|
350 | 348 | xss_atack_string = '"><script>alert(\'Last Name\')</script>' |
|
351 | xss_escaped_string = ( | |
|
352 | '"><script>alert('Last Name')</script>') | |
|
349 | xss_escaped_string = h.html_escape(h.escape(xss_atack_string)) | |
|
353 | 350 | password = 'test' |
|
354 | 351 | user = user_util.create_user( |
|
355 | 352 | lastname=xss_atack_string, password=password) |
General Comments 0
You need to be logged in to leave comments.
Login now