Mercurial > moin > 1.9

changeset 5517:2c992293ece4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merged moin/1.8
author Thomas Waldmann <tw AT waldmann-edv DOT de>
date Mon, 08 Feb 2010 00:18:20 +0100
parents ab0f9e5996ef (current diff) 5359bfdf91ba (diff)
children b23b1d2b1391
files MoinMoin/action/Despam.py MoinMoin/action/SyncPages.py MoinMoin/script/old/xmlrpc-tools/WhoAmI.py MoinMoin/script/old/xmlrpc-tools/wikibackup.py MoinMoin/script/old/xmlrpc-tools/wikirestore.py MoinMoin/userprefs/oid.py MoinMoin/xmlrpc/__init__.py
diffstat 7 files changed, 46 insertions(+), 134 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/action/Despam.py	Sun Feb 07 23:59:11 2010 +0300
+++ b/MoinMoin/action/Despam.py	Mon Feb 08 00:18:20 2010 +0100
@@ -107,13 +107,20 @@
     request.write('''
 </table>
 <p>
-<form method="post" action="%s">
+<form method="post" action="%(url)s">
 <input type="hidden" name="action" value="Despam">
-<input type="hidden" name="editor" value="%s">
-<input type="submit" name="ok" value="%s">
+<input type="hidden" name="ticket" value="%(ticket)s">
+<input type="hidden" name="editor" value="%(editor)s">
+<input type="submit" name="ok" value="%(label)s">
 </form>
 </p>
-''' % (request.href(pagename), wikiutil.url_quote(editor), _("Revert all!")))
+''' % dict(
+        url=request.href(pagename),
+        ticket=wikiutil.createTicket(request),
+        editor=wikiutil.url_quote(editor),
+        label=_("Revert all!"),
+    ))
+
 
 def revert_page(request, pagename, editor):
     if not request.user.may.revert(pagename):
@@ -194,7 +201,8 @@
     # Start content (important for RTL support)
     request.write(request.formatter.startContent("content"))
 
-    if ok:
+    if (request.method == 'POST' and ok and
+        wikiutil.checkTicket(request, request.form.get('ticket', ''))):
         revert_pages(request, editor, timestamp)
     elif editor:
         show_pages(request, pagename, editor, timestamp)
--- a/MoinMoin/action/SyncPages.py	Sun Feb 07 23:59:11 2010 +0300
+++ b/MoinMoin/action/SyncPages.py	Mon Feb 08 00:18:20 2010 +0100
@@ -102,8 +102,8 @@
             "pageList": None,
             "groupList": None,
             "direction": "foo", # is defaulted below
-            "user": None, # XXX should be refactored into a password agent or OpenID like solution
-            "password": None,
+            "user": "", # XXX should be refactored into a password agent or OpenID like solution
+            "password": "",
         }
 
         options.update(self.request.dicts[self.pagename])
@@ -120,10 +120,6 @@
 
     def fix_params(self, params):
         """ Does some fixup on the parameters. """
-        # Load the password
-        if "password" in self.request.values:
-            params["password"] = self.request.values["password"]
-
         # merge the pageList case into the pageMatch case
         if params["pageList"] is not None:
             params["pageMatch"] = u'|'.join([r'^%s$' % re.escape(name)
@@ -139,10 +135,14 @@
 
         return params
 
-    def show_password_form(self):
+    def show_password_form(self, name, password):
         _ = self.request.getText
         d = {"message": _(r"Please enter your password of your account at the remote wiki below. <<BR>> /!\ You should trust both wikis because the password could be read by the particular administrators.", wiki=True),
+             "namelabel": _("Name"),
+             "name": name,
              "passwordlabel": _("Password"),
+             "password": password,
+             "ticket": wikiutil.createTicket(self.request),
              "submit": _("Login"),
              "cancel": _("Cancel"),
         }
@@ -151,8 +151,13 @@
 <form method="post">
 <div>
 <input type="hidden" name="action" value="SyncPages">
+<input type="hidden" name="ticket" value="%(ticket)s">
+<label for="iName" style="font-weight: bold;">%(namelabel)s:</label>
+<input type="text" name="name" id="iName" size="32" value="%(name)s">
+</div>
+<div>
 <label for="iPassword" style="font-weight: bold;">%(passwordlabel)s:</label>
-<input type="password" name="password" id="iPassword" size="20">
+<input type="password" name="password" id="iPassword" size="32" value="%(password)s">
 </div>
 <div style="margin-top:1em; margin-bottom:1em;">
 <div style="float:left">
@@ -176,10 +181,20 @@
 
         params = self.fix_params(self.parse_page())
 
+        if self.request.method != 'POST':
+            # display the username / password dialog if we were just called by a GET request
+            return self.show_password_form(params["user"], params["password"])
+
         try:
             if "cancel" in self.request.values:
                 raise ActionStatus(_("Operation was canceled."), "error")
 
+            if not wikiutil.checkTicket(self.request, self.request.form.get('ticket', '')):
+                raise ActionStatus(_('Please use the interactive user interface to use action %(actionname)s!') % {'actionname': 'SyncPages' })
+
+            name = self.request.form.get('name', '')
+            password = self.request.form.get('password', '')
+
             if params["direction"] == UP:
                 raise ActionStatus(_("The only supported directions are BOTH and DOWN."), "error")
 
@@ -191,15 +206,12 @@
 
             local = MoinLocalWiki(self.request, params["localPrefix"], params["pageList"])
             try:
-                remote = MoinRemoteWiki(self.request, params["remoteWiki"], params["remotePrefix"], params["pageList"], params["user"], params["password"], verbose=debug)
+                remote = MoinRemoteWiki(self.request, params["remoteWiki"], params["remotePrefix"], params["pageList"], name, password, verbose=debug)
             except (UnsupportedWikiException, NotAllowedException), (msg, ):
                 raise ActionStatus(msg, "error")
 
             if not remote.valid:
                 raise ActionStatus(_("The ''remoteWiki'' is unknown.", wiki=True), "error")
-            # if only the username is supplied, we ask for the password
-            if params["user"] and not params["password"]:
-                return self.show_password_form()
         except ActionStatus, e:
             self.request.theme.add_msg(*e.args)
         else:
--- a/MoinMoin/script/old/xmlrpc-tools/WhoAmI.py	Sun Feb 07 23:59:11 2010 +0300
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,26 +0,0 @@
-#!/usr/bin/env python
-"""
-This script checks whether the wiki authenticates and trusts you.
-
-It calls the TrustMe.py xmlrpc plugin. To use http auth, you need to configure
-the srcwiki with auth = [http, moin_cookie] in its wikiconfig.
-
-GPL software, 2005 Thomas Waldmann
-"""
-
-def run():
-    user = "ThomasWaldmann"
-    password = "wrong"
-
-    import sys, xmlrpclib
-    sys.path.insert(0, '../../..')
-    from MoinMoin.support.BasicAuthTransport import BasicAuthTransport
-
-    srctrans = BasicAuthTransport(user, password)
-    srcwiki = xmlrpclib.ServerProxy("http://master.moinmo.in/?action=xmlrpc2", transport=srctrans)
-
-    print srcwiki.WhoAmI()
-
-if __name__ == "__main__":
-    run()
-
--- a/MoinMoin/script/old/xmlrpc-tools/wikibackup.py	Sun Feb 07 23:59:11 2010 +0300
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,45 +0,0 @@
-#!/usr/bin/env python
-"""
-This script gets all Pages from a wiki via xmlrpc and
-stores them into a backup file. We use wiki rpc v2 here.
-
-Important note:
-
-This script ONLY handles the current versions of the wiki pages.
-
-It does NOT handle:
-    * event or edit logs (page history)
-    * old versions of pages
-    * attachments
-    * user account data
-    * MoinMoin code or config running the wiki
-
-So this is definitely NOT a complete backup.
-
-GPL software, 2003-08-10 Thomas Waldmann
-"""
-def run():
-    import xmlrpclib
-    from MoinMoin.support.BasicAuthTransport import BasicAuthTransport
-    from MoinMoin.util import pickle, PICKLE_PROTOCOL
-
-    #user = "username"
-    #password = "xxxxxxxx"
-    #srctrans = BasicAuthTransport(user,password)
-    #srcwiki = xmlrpclib.ServerProxy("http://devel.linuxwiki.org/moin--cvs/__xmlrpc/?action=xmlrpc2", transport=srctrans)
-    srcwiki = xmlrpclib.ServerProxy("http://devel.linuxwiki.org/moin--cvs/?action=xmlrpc2")
-
-    backup = {}
-    allpages = srcwiki.getAllPages()
-    for pagename in allpages:
-        pagedata = srcwiki.getPage(pagename)
-        print "Got %s." % pagename
-        backup[pagename] = pagedata
-
-    backupfile = open("wikibackup.pickle", "w")
-    pickle.dump(backup, backupfile, PICKLE_PROTOCOL)
-    backupfile.close()
-
-if __name__ == "__main__":
-    run()
-
--- a/MoinMoin/script/old/xmlrpc-tools/wikirestore.py	Sun Feb 07 23:59:11 2010 +0300
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,44 +0,0 @@
-#!/usr/bin/env python
-"""
-This script reads a wikibackup.pickle file and puts
-all Pages contained there into a wiki via xmlrpc.
-We use wiki rpc v2 here.
-
-Important note:
-
-This script ONLY handles the current versions of the wiki pages.
-
-It does NOT handle:
-    * event or edit logs (page history)
-    * old versions of pages
-    * attachments
-    * user account data
-    * MoinMoin code or config running the wiki
-
-So this is definitely NOT a complete restore.
-
-GPL software, 2003-10-24 Thomas Waldmann
-"""
-def run():
-    import xmlrpclib
-    from MoinMoin.support.BasicAuthTransport import BasicAuthTransport
-    from MoinMoin.util import pickle
-
-    user = "ThomasWaldmann"
-    password = "xxxxxxxxxxxx"
-    dsttrans = BasicAuthTransport(user, password)
-    dstwiki = xmlrpclib.ServerProxy("http://devel.linuxwiki.org/moin--cvs/__xmlrpc/?action=xmlrpc2", transport=dsttrans)
-    #dstwiki = xmlrpclib.ServerProxy("http://devel.linuxwiki.org/moin--cvs/?action=xmlrpc2")
-
-    backupfile = open("wikibackup.pickle", "r")
-    backup = pickle.load(backupfile)
-    backupfile.close()
-
-    for pagename in backup:
-        pagedata = backup[pagename]
-        dstwiki.putPage(pagename, pagedata) # TODO: add error check
-        print "Put %s." % pagename
-
-if __name__ == "__main__":
-    run()
-
--- a/MoinMoin/userprefs/oid.py	Sun Feb 07 23:59:11 2010 +0300
+++ b/MoinMoin/userprefs/oid.py	Mon Feb 08 00:18:20 2010 +0100
@@ -142,19 +142,22 @@
         if self.request.method != 'POST':
             return
 
+        if not wikiutil.checkTicket(self.request, form.get('ticket', '')):
+            return
+
         if form.has_key('remove'):
             return self._handle_remove()
 
         if form.has_key('add'):
             return self._handle_add()
 
-        return
-
     def _make_form(self):
         action = "%s%s" % (self.request.script_root, self.request.path)
         _form = html.FORM(action=action)
         _form.append(html.INPUT(type="hidden", name="action", value="userprefs"))
         _form.append(html.INPUT(type="hidden", name="handler", value="oid"))
+        ticket = wikiutil.createTicket(self.request)
+        _form.append(html.INPUT(type="hidden", name="ticket", value=ticket))
         return _form
 
     def _make_row(self, label, cell, **kw):
--- a/MoinMoin/xmlrpc/__init__.py	Sun Feb 07 23:59:11 2010 +0300
+++ b/MoinMoin/xmlrpc/__init__.py	Mon Feb 08 00:18:20 2010 +0100
@@ -130,6 +130,10 @@
                 # we do not handle xmlrpc v1 and v2 differently
                 response = xmlrpclib.Fault(1, "This moin wiki does not allow xmlrpc method calls.")
             else:
+                # overwrite any user there might be, if you need a valid user for
+                # xmlrpc, you have to use multicall and getAuthToken / applyAuthToken
+                request.user = user.User(request, auth_method='xmlrpc:invalid')
+
                 data = request.in_data
 
                 try: