1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
|
# -*- coding: iso-8859-1 -*-
"""
MoinMoin - create account action
@copyright: 2007 MoinMoin:JohannesBerg
@license: GNU GPL, see COPYING for details.
"""
from MoinMoin import user, wikiutil
from MoinMoin.Page import Page
from MoinMoin.widget import html
from MoinMoin.security.textcha import TextCha
from MoinMoin.auth import MoinAuth
def _create_user(request):
_ = request.getText
form = request.form
if request.method != 'POST':
return
if not wikiutil.checkTicket(request, form.get('ticket', '')):
return
if not TextCha(request).check_answer_from_form():
return _('TextCha: Wrong answer! Go back and try again...')
# Create user profile
theuser = user.User(request, auth_method="new-user")
# Require non-empty name
try:
theuser.name = form['name']
except KeyError:
return _("Empty user name. Please enter a user name.")
# Don't allow creating users with invalid names
if not user.isValidName(request, theuser.name):
return _("""Invalid user name {{{'%s'}}}.
Name may contain any Unicode alpha numeric character, with optional one
space between words. Group page name is not allowed.""", wiki=True) % wikiutil.escape(theuser.name)
# Name required to be unique. Check if name belong to another user.
if user.getUserId(request, theuser.name):
return _("This user name already belongs to somebody else.")
# try to get the password and pw repeat
password = form.get('password1', '')
password2 = form.get('password2', '')
# Check if password is given and matches with password repeat
if password != password2:
return _("Passwords don't match!")
if not password:
return _("Please specify a password!")
pw_checker = request.cfg.password_checker
if pw_checker:
pw_error = pw_checker(request, theuser.name, password)
if pw_error:
return _("Password not acceptable: %s") % pw_error
# Encode password
if password and not password.startswith('{SHA}'):
try:
theuser.enc_password = user.encodePassword(password)
except UnicodeError, err:
# Should never happen
return "Can't encode password: %s" % str(err)
# try to get the email, for new users it is required
email = wikiutil.clean_input(form.get('email', ''))
theuser.email = email.strip()
if not theuser.email and 'email' not in request.cfg.user_form_remove:
return _("Please provide your email address. If you lose your"
" login information, you can get it by email.")
# Email should be unique - see also MoinMoin/script/accounts/moin_usercheck.py
if theuser.email and request.cfg.user_email_unique:
if user.get_by_email_address(request, theuser.email):
return _("This email already belongs to somebody else.")
# save data
theuser.save()
result = _("User account created! You can use this account to login now...")
return result
def _create_form(request):
_ = request.getText
url = request.page.url(request)
ret = html.FORM(action=url)
ret.append(html.INPUT(type='hidden', name='action', value='newaccount'))
ticket = wikiutil.createTicket(request)
ret.append(html.INPUT(type="hidden", name="ticket", value="%s" % ticket))
lang_attr = request.theme.ui_lang_attr()
ret.append(html.Raw('<div class="userpref"%s>' % lang_attr))
tbl = html.TABLE(border="0")
ret.append(tbl)
ret.append(html.Raw('</div>'))
row = html.TR()
tbl.append(row)
row.append(html.TD().append(html.STRONG().append(
html.Text(_("Name")))))
cell = html.TD()
row.append(cell)
cell.append(html.INPUT(type="text", size="36", name="name"))
cell.append(html.Text(' ' + _("(Use FirstnameLastname)")))
row = html.TR()
tbl.append(row)
row.append(html.TD().append(html.STRONG().append(
html.Text(_("Password")))))
row.append(html.TD().append(html.INPUT(type="password", size="36",
name="password1")))
row = html.TR()
tbl.append(row)
row.append(html.TD().append(html.STRONG().append(
html.Text(_("Password repeat")))))
row.append(html.TD().append(html.INPUT(type="password", size="36",
name="password2")))
row = html.TR()
tbl.append(row)
row.append(html.TD().append(html.STRONG().append(html.Text(_("Email")))))
row.append(html.TD().append(html.INPUT(type="text", size="36",
name="email")))
textcha = TextCha(request)
if textcha.is_enabled():
row = html.TR()
tbl.append(row)
row.append(html.TD().append(html.STRONG().append(
html.Text(_('TextCha (required)')))))
td = html.TD()
if textcha:
td.append(textcha.render())
row.append(td)
row = html.TR()
tbl.append(row)
row.append(html.TD())
td = html.TD()
row.append(td)
td.append(html.INPUT(type="submit", name="create",
value=_('Create Profile')))
return unicode(ret)
def execute(pagename, request):
found = False
for auth in request.cfg.auth:
if isinstance(auth, MoinAuth):
found = True
break
if not found:
# we will not have linked, so forbid access
request.makeForbidden(403, 'No MoinAuth in auth list')
return
page = Page(request, pagename)
_ = request.getText
form = request.form
submitted = form.has_key('create')
if submitted: # user pressed create button
request.theme.add_msg(_create_user(request), "dialog")
return page.send_page()
else: # show create form
request.theme.send_title(_("Create Account"), pagename=pagename)
request.write(request.formatter.startContent("content"))
# THIS IS A BIG HACK. IT NEEDS TO BE CLEANED UP
request.write(_create_form(request))
request.write(request.formatter.endContent())
request.theme.send_footer(pagename)
request.theme.send_closing_html()
|