annotate MoinMoin/action/newaccount.py @ 5910:7e7e1cbb9d3f

security: fix remote code execution vulnerability in twikidraw/anywikidraw actions We have wikiutil.taintfilename() to make user supplied filenames safe, so that they can't contain any "special" characters like path separators, etc. It is used at many places in moin, but wasn't used here. :|
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Sat, 29 Dec 2012 15:05:29 +0100
parents bf0b4b96dcb4
children 25900eaeb864
rev   line source
2294
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
1 # -*- coding: iso-8859-1 -*-
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
2 """
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
3 MoinMoin - create account action
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
4
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
5 @copyright: 2007 MoinMoin:JohannesBerg
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
6 @license: GNU GPL, see COPYING for details.
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
7 """
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
8
4723
273ec9b3bf7d remove dumpFormData debug stuff, use logging.debug/repr/etc.
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4376
diff changeset
9 from MoinMoin import user, wikiutil
2294
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
10 from MoinMoin.Page import Page
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
11 from MoinMoin.widget import html
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2967
diff changeset
12 from MoinMoin.security.textcha import TextCha
3704
6b3274cd86c6 make recoverpass/newaccount refuse access unless MoinAuth is enabled
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3703
diff changeset
13 from MoinMoin.auth import MoinAuth
2294
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
14
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
15
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
16 def _create_user(request):
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
17 _ = request.getText
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
18 form = request.form
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
19
4186
126559845d4b Use Werkzeug-property names instead of old MoinMoin attribute names
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4176
diff changeset
20 if request.method != 'POST':
3331
104663b555ce newaccount: remove never-occurring message about UserPreferences
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3299
diff changeset
21 return
3070
ed1a433803c6 PEP8 fixes
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2997
diff changeset
22
5488
b0dfed9a569f merged moin/1.8
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 5252 5487
diff changeset
23 if not wikiutil.checkTicket(request, form.get('ticket', '')):
5484
7f5b3389a7e1 newaccount action: add ticket
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3704
diff changeset
24 return
7f5b3389a7e1 newaccount action: add ticket
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3704
diff changeset
25
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2967
diff changeset
26 if not TextCha(request).check_answer_from_form():
3122
a1322262398a refactored _() getText calls to match new api
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3070
diff changeset
27 return _('TextCha: Wrong answer! Go back and try again...')
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2967
diff changeset
28
2294
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
29 # Create user profile
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
30 theuser = user.User(request, auth_method="new-user")
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
31
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
32 # Require non-empty name
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
33 try:
4193
1e954e802ed2 Start to make auth work again with the new session layer
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4186
diff changeset
34 theuser.name = form['name']
2294
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
35 except KeyError:
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
36 return _("Empty user name. Please enter a user name.")
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
37
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
38 # Don't allow creating users with invalid names
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
39 if not user.isValidName(request, theuser.name):
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
40 return _("""Invalid user name {{{'%s'}}}.
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
41 Name may contain any Unicode alpha numeric character, with optional one
3122
a1322262398a refactored _() getText calls to match new api
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3070
diff changeset
42 space between words. Group page name is not allowed.""", wiki=True) % wikiutil.escape(theuser.name)
2294
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
43
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
44 # Name required to be unique. Check if name belong to another user.
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
45 if user.getUserId(request, theuser.name):
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
46 return _("This user name already belongs to somebody else.")
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
47
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
48 # try to get the password and pw repeat
4193
1e954e802ed2 Start to make auth work again with the new session layer
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4186
diff changeset
49 password = form.get('password1', '')
1e954e802ed2 Start to make auth work again with the new session layer
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4186
diff changeset
50 password2 = form.get('password2', '')
2294
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
51
2997
c5cc1a0db4b2 fix password_checker userform code (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2983
diff changeset
52 # Check if password is given and matches with password repeat
c5cc1a0db4b2 fix password_checker userform code (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2983
diff changeset
53 if password != password2:
c5cc1a0db4b2 fix password_checker userform code (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2983
diff changeset
54 return _("Passwords don't match!")
c5cc1a0db4b2 fix password_checker userform code (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2983
diff changeset
55 if not password:
c5cc1a0db4b2 fix password_checker userform code (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2983
diff changeset
56 return _("Please specify a password!")
c5cc1a0db4b2 fix password_checker userform code (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2983
diff changeset
57
2431
58260d360f5c password_checker (simple builtin test, optionally using python-crack lib)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2365
diff changeset
58 pw_checker = request.cfg.password_checker
58260d360f5c password_checker (simple builtin test, optionally using python-crack lib)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2365
diff changeset
59 if pw_checker:
4336
4f3d0b92d1c9 add i18n to the password checker result messages, add request param
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3846
diff changeset
60 pw_error = pw_checker(request, theuser.name, password)
2431
58260d360f5c password_checker (simple builtin test, optionally using python-crack lib)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2365
diff changeset
61 if pw_error:
5685
37306fba2189 Fixing security issues related to MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg (possible XSS)
Eugene Syromyatnikov <evgsyr@gmail.com>
parents: 5484
diff changeset
62 return _("Password not acceptable: %s") % wikiutil.escape(pw_error)
2431
58260d360f5c password_checker (simple builtin test, optionally using python-crack lib)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2365
diff changeset
63
2294
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
64 # Encode password
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
65 if password and not password.startswith('{SHA}'):
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
66 try:
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
67 theuser.enc_password = user.encodePassword(password)
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
68 except UnicodeError, err:
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
69 # Should never happen
5685
37306fba2189 Fixing security issues related to MoinMoinBugs/1.9.2UnescapedInputForThemeAddMsg (possible XSS)
Eugene Syromyatnikov <evgsyr@gmail.com>
parents: 5484
diff changeset
70 return "Can't encode password: %s" % wikiutil.escape(str(err))
2294
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
71
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
72 # try to get the email, for new users it is required
4193
1e954e802ed2 Start to make auth work again with the new session layer
Florian Krupicka <florian.krupicka@googlemail.com>
parents: 4186
diff changeset
73 email = wikiutil.clean_input(form.get('email', ''))
2294
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
74 theuser.email = email.strip()
3497
2d257a89548d Ignore empty emails if `email' is present in user_form_remove.
Federico G. Schwindt <fgsch@lodoss.net>
parents: 3331
diff changeset
75 if not theuser.email and 'email' not in request.cfg.user_form_remove:
2294
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
76 return _("Please provide your email address. If you lose your"
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
77 " login information, you can get it by email.")
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
78
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
79 # Email should be unique - see also MoinMoin/script/accounts/moin_usercheck.py
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
80 if theuser.email and request.cfg.user_email_unique:
2888
78d96fd775ba make newuser action check email using get_by_email_address
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2493
diff changeset
81 if user.get_by_email_address(request, theuser.email):
78d96fd775ba make newuser action check email using get_by_email_address
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2493
diff changeset
82 return _("This email already belongs to somebody else.")
2294
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
83
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
84 # save data
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
85 theuser.save()
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
86
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
87 result = _("User account created! You can use this account to login now...")
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
88 return result
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
89
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
90
2365
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
91 def _create_form(request):
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
92 _ = request.getText
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
93 url = request.page.url(request)
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
94 ret = html.FORM(action=url)
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
95 ret.append(html.INPUT(type='hidden', name='action', value='newaccount'))
5484
7f5b3389a7e1 newaccount action: add ticket
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3704
diff changeset
96
7f5b3389a7e1 newaccount action: add ticket
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3704
diff changeset
97 ticket = wikiutil.createTicket(request)
7f5b3389a7e1 newaccount action: add ticket
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3704
diff changeset
98 ret.append(html.INPUT(type="hidden", name="ticket", value="%s" % ticket))
7f5b3389a7e1 newaccount action: add ticket
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3704
diff changeset
99
2365
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
100 lang_attr = request.theme.ui_lang_attr()
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
101 ret.append(html.Raw('<div class="userpref"%s>' % lang_attr))
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
102 tbl = html.TABLE(border="0")
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
103 ret.append(tbl)
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
104 ret.append(html.Raw('</div>'))
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
105
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
106 row = html.TR()
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
107 tbl.append(row)
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
108 row.append(html.TD().append(html.STRONG().append(
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
109 html.Text(_("Name")))))
3703
a2fd6dceccd2 add "Use FirstnameLastname" message to newaccount form
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3497
diff changeset
110 cell = html.TD()
a2fd6dceccd2 add "Use FirstnameLastname" message to newaccount form
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3497
diff changeset
111 row.append(cell)
a2fd6dceccd2 add "Use FirstnameLastname" message to newaccount form
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3497
diff changeset
112 cell.append(html.INPUT(type="text", size="36", name="name"))
a2fd6dceccd2 add "Use FirstnameLastname" message to newaccount form
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3497
diff changeset
113 cell.append(html.Text(' ' + _("(Use FirstnameLastname)")))
2365
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
114
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
115 row = html.TR()
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
116 tbl.append(row)
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
117 row.append(html.TD().append(html.STRONG().append(
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
118 html.Text(_("Password")))))
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
119 row.append(html.TD().append(html.INPUT(type="password", size="36",
3252
67cd62f8493f avoid browsers filling in the user's password into first pw field (2)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 3175
diff changeset
120 name="password1")))
2365
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
121
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
122 row = html.TR()
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
123 tbl.append(row)
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
124 row.append(html.TD().append(html.STRONG().append(
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
125 html.Text(_("Password repeat")))))
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
126 row.append(html.TD().append(html.INPUT(type="password", size="36",
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
127 name="password2")))
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
128
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
129 row = html.TR()
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
130 tbl.append(row)
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
131 row.append(html.TD().append(html.STRONG().append(html.Text(_("Email")))))
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
132 row.append(html.TD().append(html.INPUT(type="text", size="36",
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
133 name="email")))
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
134
3299
34d225168d14 fix textcha in newaccount action
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3252
diff changeset
135 textcha = TextCha(request)
34d225168d14 fix textcha in newaccount action
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3252
diff changeset
136 if textcha.is_enabled():
34d225168d14 fix textcha in newaccount action
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3252
diff changeset
137 row = html.TR()
34d225168d14 fix textcha in newaccount action
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3252
diff changeset
138 tbl.append(row)
34d225168d14 fix textcha in newaccount action
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3252
diff changeset
139 row.append(html.TD().append(html.STRONG().append(
34d225168d14 fix textcha in newaccount action
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3252
diff changeset
140 html.Text(_('TextCha (required)')))))
34d225168d14 fix textcha in newaccount action
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3252
diff changeset
141 td = html.TD()
34d225168d14 fix textcha in newaccount action
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3252
diff changeset
142 if textcha:
34d225168d14 fix textcha in newaccount action
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3252
diff changeset
143 td.append(textcha.render())
34d225168d14 fix textcha in newaccount action
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3252
diff changeset
144 row.append(td)
2983
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2967
diff changeset
145
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2967
diff changeset
146 row = html.TR()
7b0aadb97d01 new antispam stuff: textchas (text CAPTCHAs), cleanup AttachFile handler (port from 1.6)
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 2967
diff changeset
147 tbl.append(row)
2365
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
148 row.append(html.TD())
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
149 td = html.TD()
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
150 row.append(td)
3846
92ae3d3f0a31 newaccount: remove useless create+email button
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3704
diff changeset
151 td.append(html.INPUT(type="submit", name="create",
2365
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
152 value=_('Create Profile')))
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
153
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
154 return unicode(ret)
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
155
2294
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
156 def execute(pagename, request):
3704
6b3274cd86c6 make recoverpass/newaccount refuse access unless MoinAuth is enabled
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3703
diff changeset
157 found = False
6b3274cd86c6 make recoverpass/newaccount refuse access unless MoinAuth is enabled
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3703
diff changeset
158 for auth in request.cfg.auth:
6b3274cd86c6 make recoverpass/newaccount refuse access unless MoinAuth is enabled
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3703
diff changeset
159 if isinstance(auth, MoinAuth):
6b3274cd86c6 make recoverpass/newaccount refuse access unless MoinAuth is enabled
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3703
diff changeset
160 found = True
6b3274cd86c6 make recoverpass/newaccount refuse access unless MoinAuth is enabled
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3703
diff changeset
161 break
6b3274cd86c6 make recoverpass/newaccount refuse access unless MoinAuth is enabled
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3703
diff changeset
162
6b3274cd86c6 make recoverpass/newaccount refuse access unless MoinAuth is enabled
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3703
diff changeset
163 if not found:
6b3274cd86c6 make recoverpass/newaccount refuse access unless MoinAuth is enabled
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3703
diff changeset
164 # we will not have linked, so forbid access
5252
6f6736e7683c makeForbidden403() is makeForbidden(403, ...) now
Thomas Waldmann <tw AT waldmann-edv DOT de>
parents: 4723
diff changeset
165 request.makeForbidden(403, 'No MoinAuth in auth list')
3704
6b3274cd86c6 make recoverpass/newaccount refuse access unless MoinAuth is enabled
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3703
diff changeset
166 return
6b3274cd86c6 make recoverpass/newaccount refuse access unless MoinAuth is enabled
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3703
diff changeset
167
2294
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
168 page = Page(request, pagename)
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
169 _ = request.getText
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
170 form = request.form
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
171
3846
92ae3d3f0a31 newaccount: remove useless create+email button
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 3704
diff changeset
172 submitted = form.has_key('create')
2294
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
173
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
174 if submitted: # user pressed create button
2967
a310264ad186 Added a few add_msg calls (by Federico Lorenzi).
Alexander Schremmer <alex AT alexanderweb DOT de>
parents: 2888
diff changeset
175 request.theme.add_msg(_create_user(request), "dialog")
a310264ad186 Added a few add_msg calls (by Federico Lorenzi).
Alexander Schremmer <alex AT alexanderweb DOT de>
parents: 2888
diff changeset
176 return page.send_page()
2294
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
177 else: # show create form
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
178 request.theme.send_title(_("Create Account"), pagename=pagename)
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
179
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
180 request.write(request.formatter.startContent("content"))
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
181
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
182 # THIS IS A BIG HACK. IT NEEDS TO BE CLEANED UP
2365
b9feee61d28e split newaccount form from prefs
Johannes Berg <johannes AT sipsolutions DOT net>
parents: 2294
diff changeset
183 request.write(_create_form(request))
2294
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
184
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
185 request.write(request.formatter.endContent())
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
186
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
187 request.theme.send_footer(pagename)
22749e92a461 new userprefs handling including plugins; todo: refactor prefs.py
Johannes Berg <johannes AT sipsolutions DOT net>
parents:
diff changeset
188 request.theme.send_closing_html()
3070
ed1a433803c6 PEP8 fixes
Reimar Bauer <rb.proj AT googlemail DOT com>
parents: 2997
diff changeset
189