[ckan-changes] commit/ckan: dread: [controllers, model]: #1191 fix for unicode user passwords.
Bitbucket
commits-noreply at bitbucket.org
Fri Jun 17 12:17:47 UTC 2011
1 new changeset in ckan:
http://bitbucket.org/okfn/ckan/changeset/d02a7c4a2646/
changeset: d02a7c4a2646
branch: release-v1.4.1
user: dread
date: 2011-06-17 14:17:38
summary: [controllers,model]: #1191 fix for unicode user passwords.
affected #: 4 files (2.5 KB)
--- a/ckan/controllers/user.py Fri Jun 17 12:31:41 2011 +0100
+++ b/ckan/controllers/user.py Fri Jun 17 13:17:38 2011 +0100
@@ -3,6 +3,7 @@
import genshi
from sqlalchemy import or_, func, desc
+from urllib import quote
import ckan.misc
from ckan.lib.base import *
@@ -82,9 +83,12 @@
c.email = request.params.getone('email')
if not c.login:
h.flash_error(_("Please enter a login name."))
- return render("user/register.html")
+ return render("user/register.html")
+ if not model.User.check_name_valid(c.login):
+ h.flash_error(_('That login name is not valid. It must be at least 3 characters, restricted to alphanumerics and these symbols: %s') % '_\-')
+ return render("user/register.html")
if not model.User.check_name_available(c.login):
- h.flash_error(_("That username is not available."))
+ h.flash_error(_("That login name is not available."))
return render("user/register.html")
if not request.params.getone('password1'):
h.flash_error(_("Please enter a password."))
@@ -99,7 +103,8 @@
model.Session.add(user)
model.Session.commit()
model.Session.remove()
- h.redirect_to(str('/login_generic?login=%s&password=%s' % (c.login, password.encode('utf-8'))))
+ h.redirect_to('/login_generic?login=%s&password=%s' % (str(c.login), quote(password.encode('utf-8'))))
+
return render('user/register.html')
def login(self):
--- a/ckan/lib/authenticator.py Fri Jun 17 12:31:41 2011 +0100
+++ b/ckan/lib/authenticator.py Fri Jun 17 13:17:38 2011 +0100
@@ -14,10 +14,10 @@
# TODO: Implement a mask to ask for an alternative user
# name instead of just using the OpenID identifier.
name = identity.get('repoze.who.plugins.openid.nickname')
+ if not User.check_name_valid(name):
+ name = openid
if not User.check_name_available(name):
name = openid
- if User.by_name(name):
- name = openid
user = User(openid=openid, name=name,
fullname=identity.get('repoze.who.plugins.openid.fullname'),
email=identity.get('repoze.who.plugins.openid.email'))
--- a/ckan/model/user.py Fri Jun 17 12:31:41 2011 +0100
+++ b/ckan/model/user.py Fri Jun 17 13:17:38 2011 +0100
@@ -107,12 +107,16 @@
password = property(_get_password, _set_password)
@classmethod
+ def check_name_valid(cls, name):
+ if not name \
+ or not len(name.strip()) \
+ or not cls.VALID_NAME.match(name):
+ return False
+ return True
+
+ @classmethod
def check_name_available(cls, name):
- if not name \
- or not len(name.strip()) \
- or not cls.VALID_NAME.match(name):
- return False
- return cls.by_name(name)==None
+ return cls.by_name(name) == None
def as_dict(self):
_dict = DomainObject.as_dict(self)
--- a/ckan/tests/functional/test_user.py Fri Jun 17 12:31:41 2011 +0100
+++ b/ckan/tests/functional/test_user.py Fri Jun 17 13:17:38 2011 +0100
@@ -28,6 +28,10 @@
def teardown_class(self):
model.repo.rebuild_db()
+ def teardown(self):
+ # just ensure we're not logged in
+ self.app.get('/user/logout')
+
def test_user_read(self):
user = model.User.by_name(u'annafan')
offset = '/user/%s' % user.id
@@ -48,7 +52,6 @@
assert 'Revision History' in res, res
def test_user_read_without_id(self):
- res = self.app.get('/user/logout') # just ensure we're not logged in
offset = '/user/'
res = self.app.get(offset, status=302)
@@ -209,6 +212,44 @@
assert_equal(user.fullname, fullname)
assert user.password
+ def test_user_create_unicode(self):
+ # create/register user
+ username = u'testcreate4'
+ fullname = u'Test Create\xc2\xa0'
+ password = u'testpassword\xc2\xa0'
+ assert not model.User.by_name(username)
+
+ offset = url_for(controller='user', action='register')
+ res = self.app.get(offset, status=200)
+ main_res = self.main_div(res)
+ assert 'Register' in main_res, main_res
+ fv = res.forms['register_form']
+ fv['login'] = username
+ fv['fullname'] = fullname.encode('utf8')
+ fv['password1'] = password.encode('utf8')
+ fv['password2'] = password.encode('utf8')
+ res = fv.submit('signup')
+
+ # view user
+ assert res.status == 302, self.main_div(res).encode('utf8')
+ res = res.follow()
+ if res.status == 302:
+ res = res.follow()
+ if res.status == 302:
+ res = res.follow()
+ if res.status == 302:
+ res = res.follow()
+ assert res.status == 200, res
+ main_res = self.main_div(res)
+ assert username in main_res, main_res
+ assert fullname in main_res, main_res
+
+ user = model.User.by_name(unicode(username))
+ assert user
+ assert_equal(user.name, username)
+ assert_equal(user.fullname, fullname)
+ assert user.password
+
def test_user_create_no_name(self):
# create/register user
password = u'testpassword'
@@ -225,6 +266,25 @@
main_res = self.main_div(res)
assert 'Please enter a login name' in main_res, main_res
+ def test_user_create_bad_name(self):
+ # create/register user
+ username = u'%%%%%%' # characters not allowed
+ password = 'testpass'
+
+ offset = url_for(controller='user', action='register')
+ res = self.app.get(offset, status=200)
+ main_res = self.main_div(res)
+ assert 'Register' in main_res, main_res
+ fv = res.forms['register_form']
+ fv['login'] = username
+ fv['password1'] = password
+ fv['password2'] = password
+ res = fv.submit('signup')
+ assert res.status == 200, res
+ main_res = self.main_div(res)
+ assert 'login name is not valid' in main_res, main_res
+ self.check_named_element(main_res, 'input', 'name="login"', 'value="%s"' % username)
+
def test_user_create_bad_password(self):
# create/register user
username = 'testcreate2'
Repository URL: https://bitbucket.org/okfn/ckan/
--
This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.
More information about the ckan-changes
mailing list