##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

Added extra validation in creating users....
marcink -
r357:ebdd1a89 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -63,7 +63,7 b' class ReposController(BaseController):'
63 # url('repos')
63 # url('repos')
64 repo_model = RepoModel()
64 repo_model = RepoModel()
65 _form = RepoForm()()
65 _form = RepoForm()()
66 form_result = None
66 form_result = {}
67 try:
67 try:
68 form_result = _form.to_python(dict(request.POST))
68 form_result = _form.to_python(dict(request.POST))
69 repo_model.create(form_result, c.hg_app_user)
69 repo_model.create(form_result, c.hg_app_user)
@@ -82,11 +82,8 b' class ReposController(BaseController):'
82
82
83 except Exception:
83 except Exception:
84 log.error(traceback.format_exc())
84 log.error(traceback.format_exc())
85 if form_result:
85 msg = _('error occured during creation of repository %s') \
86 msg = _('error occured during creation of repository %s') \
86 % form_result.get('repo_name')
87 % form_result['repo_name']
88 else:
89 msg = _('error occured during creation of repository')
90 h.flash(msg, category='error')
87 h.flash(msg, category='error')
91
88
92 return redirect('repos')
89 return redirect('repos')
Show file before | Show file after | Hide comments
@@ -2,7 +2,7 b''
2 # encoding: utf-8
2 # encoding: utf-8
3 # users controller for pylons
3 # users controller for pylons
4 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
4 # Copyright (C) 2009-2010 Marcin Kuzminski <marcin@python-works.com>
5
5 #
6 # This program is free software; you can redistribute it and/or
6 # This program is free software; you can redistribute it and/or
7 # modify it under the terms of the GNU General Public License
7 # modify it under the terms of the GNU General Public License
8 # as published by the Free Software Foundation; version 2
8 # as published by the Free Software Foundation; version 2
@@ -17,11 +17,6 b''
17 # along with this program; if not, write to the Free Software
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
18 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
19 # MA 02110-1301, USA.
19 # MA 02110-1301, USA.
20 """
21 Created on April 4, 2010
22 users controller for pylons
23 @author: marcink
24 """
25 from formencode import htmlfill
20 from formencode import htmlfill
26 from pylons import request, session, tmpl_context as c, url
21 from pylons import request, session, tmpl_context as c, url
27 from pylons.controllers.util import abort, redirect
22 from pylons.controllers.util import abort, redirect
@@ -34,6 +29,12 b' from pylons_app.model.forms import UserF'
34 from pylons_app.model.user_model import UserModel, DefaultUserException
29 from pylons_app.model.user_model import UserModel, DefaultUserException
35 import formencode
30 import formencode
36 import logging
31 import logging
32 import traceback
33 """
34 Created on April 4, 2010
35 users controller for pylons
36 @author: marcink
37 """
37
38
38 log = logging.getLogger(__name__)
39 log = logging.getLogger(__name__)
39
40
@@ -70,13 +71,15 b' class UsersController(BaseController):'
70 h.flash(_('created user %s') % form_result['username'],
71 h.flash(_('created user %s') % form_result['username'],
71 category='success')
72 category='success')
72 except formencode.Invalid as errors:
73 except formencode.Invalid as errors:
73 c.form_errors = errors.error_dict
74 return htmlfill.render(
74 return htmlfill.render(
75 render('admin/users/user_add.html'),
75 render('admin/users/user_add.html'),
76 defaults=errors.value,
76 defaults=errors.value,
77 encoding="UTF-8")
77 errors=errors.error_dict or {},
78 prefix_error=False,
79 encoding="UTF-8")
78 except Exception:
80 except Exception:
79 h.flash(_('error occured during creation of user') \
81 log.error(traceback.format_exc())
82 h.flash(_('error occured during creation of user %s') \
80 % request.POST.get('username'), category='error')
83 % request.POST.get('username'), category='error')
81 return redirect(url('users'))
84 return redirect(url('users'))
82
85
@@ -94,7 +97,8 b' class UsersController(BaseController):'
94 # method='put')
97 # method='put')
95 # url('user', id=ID)
98 # url('user', id=ID)
96 user_model = UserModel()
99 user_model = UserModel()
97 _form = UserForm(edit=True)()
100 _form = UserForm(edit=True, old_data={'user_id':id})()
101 form_result = {}
98 try:
102 try:
99 form_result = _form.to_python(dict(request.POST))
103 form_result = _form.to_python(dict(request.POST))
100 user_model.update(id, form_result)
104 user_model.update(id, form_result)
@@ -102,14 +106,16 b' class UsersController(BaseController):'
102
106
103 except formencode.Invalid as errors:
107 except formencode.Invalid as errors:
104 c.user = user_model.get_user(id)
108 c.user = user_model.get_user(id)
105 c.form_errors = errors.error_dict
106 return htmlfill.render(
109 return htmlfill.render(
107 render('admin/users/user_edit.html'),
110 render('admin/users/user_edit.html'),
108 defaults=errors.value,
111 defaults=errors.value,
109 encoding="UTF-8")
112 errors=errors.error_dict or {},
113 prefix_error=False,
114 encoding="UTF-8")
110 except Exception:
115 except Exception:
116 log.error(traceback.format_exc())
111 h.flash(_('error occured during update of user %s') \
117 h.flash(_('error occured during update of user %s') \
112 % form_result['username'], category='error')
118 % form_result.get('username'), category='error')
113
119
114 return redirect(url('users'))
120 return redirect(url('users'))
115
121
Show file before | Show file after | Hide comments
@@ -52,11 +52,26 b' class ValidAuthToken(formencode.validato'
52 if value != authentication_token():
52 if value != authentication_token():
53 raise formencode.Invalid(self.message('invalid_token', state,
53 raise formencode.Invalid(self.message('invalid_token', state,
54 search_number=value), value, state)
54 search_number=value), value, state)
55 class ValidUsername(formencode.validators.FancyValidator):
55
56
56 def ValidUsername(edit, old_data):
57 def validate_python(self, value, state):
57 class _ValidUsername(formencode.validators.FancyValidator):
58 if value in ['default', 'new_user']:
58
59 raise formencode.Invalid(_('Invalid username'), value, state)
59 def validate_python(self, value, state):
60 if value in ['default', 'new_user']:
61 raise formencode.Invalid(_('Invalid username'), value, state)
62 #check if user is uniq
63 sa = meta.Session
64 old_un = None
65 if edit:
66 old_un = sa.query(User).get(old_data.get('user_id')).username
67
68 if old_un != value or not edit:
69 if sa.query(User).filter(User.username == value).scalar():
70 raise formencode.Invalid(_('This username already exists') ,
71 value, state)
72 meta.Session.remove()
73
74 return _ValidUsername
60
75
61 class ValidPassword(formencode.validators.FancyValidator):
76 class ValidPassword(formencode.validators.FancyValidator):
62
77
@@ -233,16 +248,16 b' class LoginForm(formencode.Schema):'
233 #chained validators have access to all data
248 #chained validators have access to all data
234 chained_validators = [ValidAuth]
249 chained_validators = [ValidAuth]
235
250
236 def UserForm(edit=False):
251 def UserForm(edit=False, old_data={}):
237 class _UserForm(formencode.Schema):
252 class _UserForm(formencode.Schema):
238 allow_extra_fields = True
253 allow_extra_fields = True
239 filter_extra_fields = True
254 filter_extra_fields = True
240 username = All(UnicodeString(strip=True, min=3, not_empty=True), ValidUsername)
255 username = All(UnicodeString(strip=True, min=3, not_empty=True), ValidUsername(edit, old_data))
241 if edit:
256 if edit:
242 new_password = All(UnicodeString(strip=True, min=3, not_empty=False), ValidPassword)
257 new_password = All(UnicodeString(strip=True, min=3, not_empty=False), ValidPassword)
243 admin = StringBoolean(if_missing=False)
258 admin = StringBoolean(if_missing=False)
244 else:
259 else:
245 password = All(UnicodeString(strip=True, min=3, not_empty=False), ValidPassword)
260 password = All(UnicodeString(strip=True, min=8, not_empty=True), ValidPassword)
246 active = StringBoolean(if_missing=False)
261 active = StringBoolean(if_missing=False)
247 name = UnicodeString(strip=True, min=3, not_empty=True)
262 name = UnicodeString(strip=True, min=3, not_empty=True)
248 lastname = UnicodeString(strip=True, min=3, not_empty=True)
263 lastname = UnicodeString(strip=True, min=3, not_empty=True)
General Comments 0
You need to be logged in to leave comments. Login now