You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2014/05/27 23:59:58 UTC
[1/8] git commit: [#7372] ticket:583 Implement account disabling
Repository: allura
Updated Branches:
refs/heads/master f9c8072f5 -> 04fb907a5
[#7372] ticket:583 Implement account disabling
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/202a6f1e
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/202a6f1e
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/202a6f1e
Branch: refs/heads/master
Commit: 202a6f1ef50c9c1ed3365af2bd54db884300c4ed
Parents: 9a9c3f6
Author: Igor Bondarenko <je...@gmail.com>
Authored: Thu May 15 12:21:23 2014 +0300
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Fri May 23 18:02:37 2014 +0000
----------------------------------------------------------------------
Allura/allura/controllers/auth.py | 13 +++++++++++--
Allura/allura/lib/plugin.py | 20 +++++++++++++++++++-
Allura/allura/lib/widgets/auth_widgets.py | 9 ++++++++-
Allura/allura/tests/functional/test_auth.py | 24 ++++++++++++++++++++++++
4 files changed, 62 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/202a6f1e/Allura/allura/controllers/auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/auth.py b/Allura/allura/controllers/auth.py
index 9bbaa23..e72ae8f 100644
--- a/Allura/allura/controllers/auth.py
+++ b/Allura/allura/controllers/auth.py
@@ -68,7 +68,7 @@ class F(object):
remove_inactive_period_form = forms.RemoveInactivePeriodForm()
save_skill_form = forms.AddUserSkillForm()
remove_skill_form = forms.RemoveSkillForm()
- disable_accont_form = DisableAccountForm()
+ disable_account_form = DisableAccountForm()
class AuthController(BaseController):
@@ -864,5 +864,14 @@ class DisableAccountController(BaseController):
return {
'menu': menu,
'my_projects': my_projects,
- 'form': F.disable_accont_form,
+ 'form': F.disable_account_form,
}
+
+ @expose()
+ @require_post()
+ @validate(F.disable_account_form, error_handler=index)
+ def do_disable(self, password):
+ provider = plugin.AuthenticationProvider.get(request)
+ provider.disable_user(c.user)
+ flash('Your account was successfully disabled!')
+ redirect('/')
http://git-wip-us.apache.org/repos/asf/allura/blob/202a6f1e/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index fcc3aea..e1a14bd 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -47,7 +47,7 @@ from paste.deploy.converters import asbool, asint
from ming.utils import LazyProperty
from ming.orm import state
-from ming.orm import ThreadLocalORMSession
+from ming.orm import ThreadLocalORMSession, session
from allura.lib import helpers as h
from allura.lib import security
@@ -133,6 +133,17 @@ class AuthenticationProvider(object):
self.session['userid'] = None
self.session.save()
+ def validate_password(self, user, password):
+ '''Check that provided password matches actual user password
+
+ :rtype: bool
+ '''
+ raise NotImplementedError, 'validate_password'
+
+ def disable_user(self, user):
+ '''Disable user account'''
+ raise NotImplementedError, 'disable_user'
+
def by_username(self, username):
'''
Find a user by username.
@@ -241,6 +252,13 @@ class LocalAuthenticationProvider(AuthenticationProvider):
raise exc.HTTPUnauthorized()
return user
+ def disable_user(self, user):
+ user.disabled = True
+ session(user).flush(user)
+
+ def validate_password(self, user, password):
+ return self._validate_password(user, password)
+
def _validate_password(self, user, password):
if user is None:
return False
http://git-wip-us.apache.org/repos/asf/allura/blob/202a6f1e/Allura/allura/lib/widgets/auth_widgets.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/widgets/auth_widgets.py b/Allura/allura/lib/widgets/auth_widgets.py
index b46ff21..f937e50 100644
--- a/Allura/allura/lib/widgets/auth_widgets.py
+++ b/Allura/allura/lib/widgets/auth_widgets.py
@@ -19,7 +19,7 @@ import ew as ew_core
import ew.jinja2_ew as ew
from ew.core import validator
-from pylons import request
+from pylons import request, tmpl_context as c
from formencode import Invalid
from webob import exc
@@ -84,3 +84,10 @@ class DisableAccountForm(ForgeForm):
class fields(ew_core.NameList):
password = ew.PasswordField(name='password', label='Account password')
+
+ @validator
+ def validate(self, value, state=None):
+ provider = plugin.AuthenticationProvider.get(request)
+ if not provider.validate_password(c.user, value['password']):
+ raise Invalid('Invalid password', {}, None)
+ return value
http://git-wip-us.apache.org/repos/asf/allura/blob/202a6f1e/Allura/allura/tests/functional/test_auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_auth.py b/Allura/allura/tests/functional/test_auth.py
index 8483cda..751d406 100644
--- a/Allura/allura/tests/functional/test_auth.py
+++ b/Allura/allura/tests/functional/test_auth.py
@@ -1042,6 +1042,14 @@ class TestOAuth(TestController):
class TestDisableAccount(TestController):
+ def test_not_authenticated(self):
+ r = self.app.get(
+ '/auth/disable/',
+ extra_environ={'username': '*anonymous'})
+ assert_equal(r.status_int, 302)
+ assert_equal(r.location,
+ 'http://localhost/auth/?return_to=%2Fauth%2Fdisable%2F')
+
def test_lists_user_projects(self):
r = self.app.get('/auth/disable/')
user = M.User.by_username('test-admin')
@@ -1053,3 +1061,19 @@ class TestDisableAccount(TestController):
r = self.app.get('/auth/disable/')
form = r.html.find('form', {'action': 'do_disable'})
assert form is not None
+
+ def test_bad_password(self):
+ r = self.app.post('/auth/disable/do_disable', {'password': 'bad'})
+ assert_in('Invalid password', r)
+ user = M.User.by_username('test-admin')
+ assert_equal(user.disabled, False)
+
+ def test_disable(self):
+ r = self.app.post('/auth/disable/do_disable', {'password': 'foo'})
+ assert_equal(r.status_int, 302)
+ assert_equal(r.location, 'http://localhost/')
+ flash = json.loads(self.webflash(r))
+ assert_equal(flash['status'], 'ok')
+ assert_equal(flash['message'], 'Your account was successfully disabled!')
+ user = M.User.by_username('test-admin')
+ assert_equal(user.disabled, True)
[5/8] git commit: [#7372] ticket:583 Disable account skeleton
Posted by br...@apache.org.
[#7372] ticket:583 Disable account skeleton
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/bab493a9
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/bab493a9
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/bab493a9
Branch: refs/heads/master
Commit: bab493a93281f3beda55f510d70c4da0c1129010
Parents: f9c8072
Author: Igor Bondarenko <je...@gmail.com>
Authored: Wed May 14 11:10:26 2014 +0300
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Fri May 23 18:02:37 2014 +0000
----------------------------------------------------------------------
Allura/allura/controllers/auth.py | 14 +++++++
.../allura/templates/user_disable_account.html | 39 ++++++++++++++++++++
Allura/allura/templates/user_prefs.html | 3 ++
3 files changed, 56 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/bab493a9/Allura/allura/controllers/auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/auth.py b/Allura/allura/controllers/auth.py
index a0d1848..6ebf2b0 100644
--- a/Allura/allura/controllers/auth.py
+++ b/Allura/allura/controllers/auth.py
@@ -76,6 +76,7 @@ class AuthController(BaseController):
self.user_info = UserInfoController()
self.subscriptions = SubscriptionsController()
self.oauth = OAuthController()
+ self.disable = DisableAccountController()
def __getattr__(self, name):
urls = plugin.UserPreferencesProvider.get().additional_urls()
@@ -845,3 +846,16 @@ class OAuthController(BaseController):
access_token.delete()
flash('Token revoked')
redirect('.')
+
+
+class DisableAccountController(BaseController):
+
+ def _check_security(self):
+ require_authenticated()
+
+ @with_trailing_slash
+ @expose('jinja:allura:templates/user_disable_account.html')
+ def index(self, **kw):
+ provider = plugin.AuthenticationProvider.get(request)
+ menu = provider.account_navigation()
+ return {'menu': menu}
http://git-wip-us.apache.org/repos/asf/allura/blob/bab493a9/Allura/allura/templates/user_disable_account.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/user_disable_account.html b/Allura/allura/templates/user_disable_account.html
new file mode 100644
index 0000000..631b7ef
--- /dev/null
+++ b/Allura/allura/templates/user_disable_account.html
@@ -0,0 +1,39 @@
+{#-
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-#}
+{% set hide_left_bar = True %}
+{% extends g.theme.master %}
+
+{% block title %}{{c.user.username}} / Disable account{% endblock %}
+
+{% block header %}Disable account for {{c.user.username}}{% endblock %}
+
+{% block content %}
+ <ul id="account-nav-menu" class="b-hornav droppy">
+ {% for item in menu -%}
+ <li id="{{ item.tabid }}">
+ <a href="{{ item.target }}">
+ {{ item.title }}
+ <div class="marker{% if item.target.rstrip('/') == request.path.rstrip('/') %} current{% endif %}"></div>
+ </a>
+ </li>
+ {%- endfor %}
+ </ul>
+
+ <h2>Disable account</h2>
+{% endblock %}
http://git-wip-us.apache.org/repos/asf/allura/blob/bab493a9/Allura/allura/templates/user_prefs.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/user_prefs.html b/Allura/allura/templates/user_prefs.html
index 97453cb..900c9f0 100644
--- a/Allura/allura/templates/user_prefs.html
+++ b/Allura/allura/templates/user_prefs.html
@@ -153,4 +153,7 @@
{{ lib.csrf_token() }}
</form>
</div>
+<div class="grid-20">
+ <p><a href="/auth/disable">Disable account</a></p>
+</div>
{% endblock %}
[6/8] git commit: [#7372] ticket:583 Add .ini option to allow users
to disable account
Posted by br...@apache.org.
[#7372] ticket:583 Add .ini option to allow users to disable account
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/e4398716
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/e4398716
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/e4398716
Branch: refs/heads/master
Commit: e4398716b91dc52c576b459f46a4621dfc544d59
Parents: 202a6f1
Author: Igor Bondarenko <je...@gmail.com>
Authored: Mon May 19 16:34:39 2014 +0300
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Fri May 23 18:03:05 2014 +0000
----------------------------------------------------------------------
Allura/allura/controllers/auth.py | 4 +++-
Allura/allura/templates/user_prefs.html | 8 +++++---
Allura/development.ini | 2 ++
Allura/test.ini | 1 +
4 files changed, 11 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/e4398716/Allura/allura/controllers/auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/auth.py b/Allura/allura/controllers/auth.py
index e72ae8f..d93e053 100644
--- a/Allura/allura/controllers/auth.py
+++ b/Allura/allura/controllers/auth.py
@@ -25,6 +25,7 @@ from tg.decorators import with_trailing_slash
from pylons import tmpl_context as c, app_globals as g
from pylons import request, response
from webob import exc as wexc
+from paste.deploy.converters import asbool
import allura.tasks.repo_tasks
from allura import model as M
@@ -78,7 +79,8 @@ class AuthController(BaseController):
self.user_info = UserInfoController()
self.subscriptions = SubscriptionsController()
self.oauth = OAuthController()
- self.disable = DisableAccountController()
+ if asbool(config.get('auth.allow_user_to_disable_account', False)):
+ self.disable = DisableAccountController()
def __getattr__(self, name):
urls = plugin.UserPreferencesProvider.get().additional_urls()
http://git-wip-us.apache.org/repos/asf/allura/blob/e4398716/Allura/allura/templates/user_prefs.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/user_prefs.html b/Allura/allura/templates/user_prefs.html
index 36a7463..25d1120 100644
--- a/Allura/allura/templates/user_prefs.html
+++ b/Allura/allura/templates/user_prefs.html
@@ -143,7 +143,9 @@
{{ lib.csrf_token() }}
</form>
</div>
-<div class="grid-20">
- <p><a href="/auth/disable">Disable account</a></p>
-</div>
+{% if h.asbool(tg.config.get('auth.allow_user_to_disable_account', False)) %}
+ <div class="grid-20">
+ <p><a href="/auth/disable">Disable account</a></p>
+ </div>
+{% endif %}
{% endblock %}
http://git-wip-us.apache.org/repos/asf/allura/blob/e4398716/Allura/development.ini
----------------------------------------------------------------------
diff --git a/Allura/development.ini b/Allura/development.ini
index 124afaa..e1e7c4a 100644
--- a/Allura/development.ini
+++ b/Allura/development.ini
@@ -83,6 +83,8 @@ auth.ldap.password.algorithm = 6
auth.ldap.password.rounds = 6000
auth.ldap.password.salt_len = 16
+auth.allow_user_to_disable_account = true
+
# In seconds
auth.recovery_hash_expiry_period = 600
http://git-wip-us.apache.org/repos/asf/allura/blob/e4398716/Allura/test.ini
----------------------------------------------------------------------
diff --git a/Allura/test.ini b/Allura/test.ini
index f6c9ae0..8d0f849 100644
--- a/Allura/test.ini
+++ b/Allura/test.ini
@@ -144,6 +144,7 @@ auth.ldap.password.algorithm = 6
auth.ldap.password.rounds = 6000
auth.ldap.password.salt_len = 16
+auth.allow_user_to_disable_account = true
[app:main_with_amqp]
use = main
[3/8] git commit: [#7372] ticket:583 Factor up menu for account
related pages
Posted by br...@apache.org.
[#7372] ticket:583 Factor up menu for account related pages
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/c4bc6059
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/c4bc6059
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/c4bc6059
Branch: refs/heads/master
Commit: c4bc60599a8e35f4970ad73c5d9df960221f77eb
Parents: bab493a
Author: Igor Bondarenko <je...@gmail.com>
Authored: Wed May 14 11:23:40 2014 +0300
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Fri May 23 18:02:37 2014 +0000
----------------------------------------------------------------------
Allura/allura/templates/oauth_applications.html | 14 ++-------
Allura/allura/templates/user_account_base.html | 33 ++++++++++++++++++++
Allura/allura/templates/user_availability.html | 14 ++-------
Allura/allura/templates/user_contacts.html | 14 ++-------
.../allura/templates/user_disable_account.html | 18 +++--------
Allura/allura/templates/user_info.html | 14 ++-------
Allura/allura/templates/user_prefs.html | 14 ++-------
Allura/allura/templates/user_skills.html | 14 ++-------
Allura/allura/templates/user_subs.html | 14 ++-------
9 files changed, 52 insertions(+), 97 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/c4bc6059/Allura/allura/templates/oauth_applications.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/oauth_applications.html b/Allura/allura/templates/oauth_applications.html
index 3742662..7506975 100644
--- a/Allura/allura/templates/oauth_applications.html
+++ b/Allura/allura/templates/oauth_applications.html
@@ -17,7 +17,7 @@
under the License.
-#}
{% set hide_left_bar = True %}
-{% extends g.theme.master %}
+{% extends "allura:templates/user_account_base.html" %}
{% block title %}{{c.user.username}} / Applications {% endblock %}
@@ -69,17 +69,7 @@
{% endblock %}
{% block content %}
- <ul id="account-nav-menu" class="b-hornav droppy">
- {% for item in menu -%}
- <li id="{{ item.tabid }}">
- <a href="{{ item.target }}">
- {{ item.title }}
- <div class="marker{% if item.target.rstrip('/') == request.path.rstrip('/') %} current{% endif %}"></div>
- </a>
- </li>
- {%- endfor %}
- </ul>
-
+ {{ super() }}
<h2>Authorized Applications</h2>
<p>
These are applications you have authorized to act on your behalf.
http://git-wip-us.apache.org/repos/asf/allura/blob/c4bc6059/Allura/allura/templates/user_account_base.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/user_account_base.html b/Allura/allura/templates/user_account_base.html
new file mode 100644
index 0000000..eb68667
--- /dev/null
+++ b/Allura/allura/templates/user_account_base.html
@@ -0,0 +1,33 @@
+{#-
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-#}
+{% set hide_left_bar = True %}
+{% extends g.theme.master %}
+
+{% block content %}
+ <ul id="account-nav-menu" class="b-hornav droppy">
+ {% for item in menu -%}
+ <li id="{{ item.tabid }}">
+ <a href="{{ item.target }}">
+ {{ item.title }}
+ <div class="marker{% if item.target.rstrip('/') == request.path.rstrip('/') %} current{% endif %}"></div>
+ </a>
+ </li>
+ {%- endfor %}
+ </ul>
+{% endblock %}
http://git-wip-us.apache.org/repos/asf/allura/blob/c4bc6059/Allura/allura/templates/user_availability.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/user_availability.html b/Allura/allura/templates/user_availability.html
index c10cdee..aa6b90b 100644
--- a/Allura/allura/templates/user_availability.html
+++ b/Allura/allura/templates/user_availability.html
@@ -17,24 +17,14 @@
under the License.
-#}
{% set hide_left_bar = True %}
-{% extends g.theme.master %}
+{% extends "allura:templates/user_account_base.html" %}
{% block title %}{{c.user.username}} / Availability{% endblock %}
{% block header %}Availability timeslots of {{c.user.username}} {% endblock %}
{% block content %}
- <ul id="account-nav-menu" class="b-hornav droppy">
- {% for item in menu -%}
- <li id="{{ item.tabid }}">
- <a href="{{ item.target }}">
- {{ item.title }}
- <div class="marker{% if item.target.rstrip('/') == request.path.rstrip('/') %} current{% endif %}"></div>
- </a>
- </li>
- {%- endfor %}
- </ul>
-
+ {{ super() }}
<div class="grid-20">
<h2>Availability</h2>
<div class="grid-18">
http://git-wip-us.apache.org/repos/asf/allura/blob/c4bc6059/Allura/allura/templates/user_contacts.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/user_contacts.html b/Allura/allura/templates/user_contacts.html
index 7495508..399a5c6 100644
--- a/Allura/allura/templates/user_contacts.html
+++ b/Allura/allura/templates/user_contacts.html
@@ -17,24 +17,14 @@
under the License.
-#}
{% set hide_left_bar = True %}
-{% extends g.theme.master %}
+{% extends "allura:templates/user_account_base.html" %}
{% block title %}{{c.user.username}} / Contacts{% endblock %}
{% block header %}Contacts of {{c.user.username}} {% endblock %}
{% block content %}
- <ul id="account-nav-menu" class="b-hornav droppy">
- {% for item in menu -%}
- <li id="{{ item.tabid }}">
- <a href="{{ item.target }}">
- {{ item.title }}
- <div class="marker{% if item.target.rstrip('/') == request.path.rstrip('/') %} current{% endif %}"></div>
- </a>
- </li>
- {%- endfor %}
- </ul>
-
+ {{ super() }}
<div class="grid-20">
<h2>Personal Contacts</h2>
<h3>Skype account</h3>
http://git-wip-us.apache.org/repos/asf/allura/blob/c4bc6059/Allura/allura/templates/user_disable_account.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/user_disable_account.html b/Allura/allura/templates/user_disable_account.html
index 631b7ef..6542902 100644
--- a/Allura/allura/templates/user_disable_account.html
+++ b/Allura/allura/templates/user_disable_account.html
@@ -17,23 +17,15 @@
under the License.
-#}
{% set hide_left_bar = True %}
-{% extends g.theme.master %}
+{% extends "allura:templates/user_account_base.html" %}
{% block title %}{{c.user.username}} / Disable account{% endblock %}
{% block header %}Disable account for {{c.user.username}}{% endblock %}
{% block content %}
- <ul id="account-nav-menu" class="b-hornav droppy">
- {% for item in menu -%}
- <li id="{{ item.tabid }}">
- <a href="{{ item.target }}">
- {{ item.title }}
- <div class="marker{% if item.target.rstrip('/') == request.path.rstrip('/') %} current{% endif %}"></div>
- </a>
- </li>
- {%- endfor %}
- </ul>
-
- <h2>Disable account</h2>
+ {{ super() }}
+ <div class='grid-20'>
+ <h2>Disable account</h2>
+ </div>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/allura/blob/c4bc6059/Allura/allura/templates/user_info.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/user_info.html b/Allura/allura/templates/user_info.html
index 7e49658..7d08900 100644
--- a/Allura/allura/templates/user_info.html
+++ b/Allura/allura/templates/user_info.html
@@ -17,24 +17,14 @@
under the License.
-#}
{% set hide_left_bar = True %}
-{% extends g.theme.master %}
+{% extends "allura:templates/user_account_base.html" %}
{% block title %}{{c.user.username}} / Preferences{% endblock %}
{% block header %}User Preferences for {{c.user.username}}{% endblock %}
{% block content %}
- <ul id="account-nav-menu" class="b-hornav droppy">
- {% for item in menu -%}
- <li id="{{ item.tabid }}">
- <a href="{{ item.target }}">
- {{ item.title }}
- <div class="marker{% if item.target.rstrip('/') == request.path.rstrip('/') %} current{% endif %}"></div>
- </a>
- </li>
- {%- endfor %}
- </ul>
-
+ {{ super() }}
<div style="clear:both" class="grid-20">
<h2>Personal Information</h2>
{{g.theme.personal_data_form.display(action="/auth/user_info/change_personal_data", user=c.user)}}
http://git-wip-us.apache.org/repos/asf/allura/blob/c4bc6059/Allura/allura/templates/user_prefs.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/user_prefs.html b/Allura/allura/templates/user_prefs.html
index 900c9f0..36a7463 100644
--- a/Allura/allura/templates/user_prefs.html
+++ b/Allura/allura/templates/user_prefs.html
@@ -17,24 +17,14 @@
under the License.
-#}
{% set hide_left_bar = True %}
-{% extends g.theme.master %}
+{% extends "allura:templates/user_account_base.html" %}
{% block title %}{{c.user.username}} / Preferences{% endblock %}
{% block header %}User Preferences for {{c.user.username}}{% endblock %}
{% block content %}
- <ul id="account-nav-menu" class="b-hornav droppy">
- {% for item in menu -%}
- <li id="{{ item.tabid }}">
- <a href="{{ item.target }}">
- {{ item.title }}
- <div class="marker{% if item.target.rstrip('/') == request.path.rstrip('/') %} current{% endif %}"></div>
- </a>
- </li>
- {%- endfor %}
- </ul>
-
+ {{ super() }}
<div class="grid-23">
<h2>Preferences</h2>
<form action="update" method="post">
http://git-wip-us.apache.org/repos/asf/allura/blob/c4bc6059/Allura/allura/templates/user_skills.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/user_skills.html b/Allura/allura/templates/user_skills.html
index cc5d02b..780916c 100644
--- a/Allura/allura/templates/user_skills.html
+++ b/Allura/allura/templates/user_skills.html
@@ -17,24 +17,14 @@
under the License.
-#}
{% set hide_left_bar = True %}
-{% extends g.theme.master %}
+{% extends "allura:templates/user_account_base.html" %}
{% block title %}{{c.user.username}} / Skills{% endblock %}
{% block header %}Skills manager for {{c.user.username}} {% endblock %}
{% block content %}
- <ul id="account-nav-menu" class="b-hornav droppy">
- {% for item in menu -%}
- <li id="{{ item.tabid }}">
- <a href="{{ item.target }}">
- {{ item.title }}
- <div class="marker{% if item.target.rstrip('/') == request.path.rstrip('/') %} current{% endif %}"></div>
- </a>
- </li>
- {%- endfor %}
- </ul>
-
+ {{ super() }}
<div class="grid-20">
{% if c.user.get_skills()|length > 0 %}
<h2>Your current skills list:</h2>
http://git-wip-us.apache.org/repos/asf/allura/blob/c4bc6059/Allura/allura/templates/user_subs.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/user_subs.html b/Allura/allura/templates/user_subs.html
index 7e90a17..15f3a7c 100644
--- a/Allura/allura/templates/user_subs.html
+++ b/Allura/allura/templates/user_subs.html
@@ -17,24 +17,14 @@
under the License.
-#}
{% set hide_left_bar = True %}
-{% extends g.theme.master %}
+{% extends "allura:templates/user_account_base.html" %}
{% block title %}{{c.user.username}} / Preferences{% endblock %}
{% block header %}User Preferences for {{c.user.username}}{% endblock %}
{% block content %}
- <ul id="account-nav-menu" class="b-hornav droppy">
- {% for item in menu -%}
- <li id="{{ item.tabid }}">
- <a href="{{ item.target }}">
- {{ item.title }}
- <div class="marker{% if item.target.rstrip('/') == request.path.rstrip('/') %} current{% endif %}"></div>
- </a>
- </li>
- {%- endfor %}
- </ul>
-
+ {{ super() }}
<h2>Subscriptions</h2>
{% if subscriptions %}
<p><em>Mark tools that you want to subscribe to. Unmark tools that you want to unsubscribe from. Press 'Save' button.</em></p>
[2/8] git commit: [#7372] ticket:583 List projects that belong to
user on disable account page
Posted by br...@apache.org.
[#7372] ticket:583 List projects that belong to user on disable account page
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/a6277fbf
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/a6277fbf
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/a6277fbf
Branch: refs/heads/master
Commit: a6277fbfe4d1c4eea29475c359449146b1885705
Parents: c4bc605
Author: Igor Bondarenko <je...@gmail.com>
Authored: Wed May 14 11:46:02 2014 +0300
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Fri May 23 18:02:37 2014 +0000
----------------------------------------------------------------------
Allura/allura/controllers/auth.py | 6 +++++-
Allura/allura/templates/user_disable_account.html | 11 +++++++++++
Allura/allura/tests/functional/test_auth.py | 10 ++++++++++
3 files changed, 26 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/a6277fbf/Allura/allura/controllers/auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/auth.py b/Allura/allura/controllers/auth.py
index 6ebf2b0..9d0af06 100644
--- a/Allura/allura/controllers/auth.py
+++ b/Allura/allura/controllers/auth.py
@@ -858,4 +858,8 @@ class DisableAccountController(BaseController):
def index(self, **kw):
provider = plugin.AuthenticationProvider.get(request)
menu = provider.account_navigation()
- return {'menu': menu}
+ my_projects = c.user.my_projects_by_role_name('Admin').all()
+ return {
+ 'menu': menu,
+ 'my_projects': my_projects,
+ }
http://git-wip-us.apache.org/repos/asf/allura/blob/a6277fbf/Allura/allura/templates/user_disable_account.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/user_disable_account.html b/Allura/allura/templates/user_disable_account.html
index 6542902..746f1be 100644
--- a/Allura/allura/templates/user_disable_account.html
+++ b/Allura/allura/templates/user_disable_account.html
@@ -27,5 +27,16 @@
{{ super() }}
<div class='grid-20'>
<h2>Disable account</h2>
+ {% if my_projects %}
+ <p>
+ Currently you are an admin of the following projects.
+ These projects would be orphaned unless they have another admin.
+ <ul>
+ {% for p in my_projects %}
+ <li><a href="{{ p.url() }}">{{ p.name }}</a></li>
+ {% endfor %}
+ </ul>
+ </p>
+ {% endif %}
</div>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/allura/blob/a6277fbf/Allura/allura/tests/functional/test_auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_auth.py b/Allura/allura/tests/functional/test_auth.py
index c4a4f84..f4f773a 100644
--- a/Allura/allura/tests/functional/test_auth.py
+++ b/Allura/allura/tests/functional/test_auth.py
@@ -1038,3 +1038,13 @@ class TestOAuth(TestController):
atok = parse_qs(r.body)
assert_equal(len(atok['oauth_token']), 1)
assert_equal(len(atok['oauth_token_secret']), 1)
+
+
+class TestDisableAccount(TestController):
+
+ def test_lists_user_projects(self):
+ r = self.app.get('/auth/disable/')
+ user = M.User.by_username('test-admin')
+ for p in user.my_projects_by_role_name('Admin'):
+ assert_in(p.name, r)
+ assert_in(p.url(), r)
[4/8] git commit: [#7372] ticket:583 Add form for asking password
Posted by br...@apache.org.
[#7372] ticket:583 Add form for asking password
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/9a9c3f6d
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/9a9c3f6d
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/9a9c3f6d
Branch: refs/heads/master
Commit: 9a9c3f6dd863bca2eba174528e5f549569b74dbd
Parents: a6277fb
Author: Igor Bondarenko <je...@gmail.com>
Authored: Thu May 15 11:30:00 2014 +0300
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Fri May 23 18:02:37 2014 +0000
----------------------------------------------------------------------
Allura/allura/controllers/auth.py | 5 ++++-
Allura/allura/lib/widgets/__init__.py | 2 +-
Allura/allura/lib/widgets/auth_widgets.py | 7 +++++++
Allura/allura/templates/user_disable_account.html | 5 +++++
Allura/allura/tests/functional/test_auth.py | 5 +++++
5 files changed, 22 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/9a9c3f6d/Allura/allura/controllers/auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/auth.py b/Allura/allura/controllers/auth.py
index 9d0af06..9bbaa23 100644
--- a/Allura/allura/controllers/auth.py
+++ b/Allura/allura/controllers/auth.py
@@ -39,7 +39,8 @@ from allura.lib.widgets import (
OAuthApplicationForm,
OAuthRevocationForm,
LoginForm,
- ForgottenPasswordForm)
+ ForgottenPasswordForm,
+ DisableAccountForm)
from allura.lib.widgets import forms
from allura.controllers import BaseController
@@ -67,6 +68,7 @@ class F(object):
remove_inactive_period_form = forms.RemoveInactivePeriodForm()
save_skill_form = forms.AddUserSkillForm()
remove_skill_form = forms.RemoveSkillForm()
+ disable_accont_form = DisableAccountForm()
class AuthController(BaseController):
@@ -862,4 +864,5 @@ class DisableAccountController(BaseController):
return {
'menu': menu,
'my_projects': my_projects,
+ 'form': F.disable_accont_form,
}
http://git-wip-us.apache.org/repos/asf/allura/blob/9a9c3f6d/Allura/allura/lib/widgets/__init__.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/widgets/__init__.py b/Allura/allura/lib/widgets/__init__.py
index cef0d29..6e13a39 100644
--- a/Allura/allura/lib/widgets/__init__.py
+++ b/Allura/allura/lib/widgets/__init__.py
@@ -18,5 +18,5 @@
from .discuss import Post, Thread, Discussion
from .subscriptions import SubscriptionForm
from .oauth_widgets import OAuthApplicationForm, OAuthRevocationForm
-from .auth_widgets import LoginForm, ForgottenPasswordForm
+from .auth_widgets import LoginForm, ForgottenPasswordForm, DisableAccountForm
from .vote import VoteForm
http://git-wip-us.apache.org/repos/asf/allura/blob/9a9c3f6d/Allura/allura/lib/widgets/auth_widgets.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/widgets/auth_widgets.py b/Allura/allura/lib/widgets/auth_widgets.py
index 034da45..b46ff21 100644
--- a/Allura/allura/lib/widgets/auth_widgets.py
+++ b/Allura/allura/lib/widgets/auth_widgets.py
@@ -77,3 +77,10 @@ class ForgottenPasswordForm(ForgeForm):
'Unable to recover password for this email',
{'email': email}, None)
return value
+
+
+class DisableAccountForm(ForgeForm):
+ submit_text = 'Disable'
+
+ class fields(ew_core.NameList):
+ password = ew.PasswordField(name='password', label='Account password')
http://git-wip-us.apache.org/repos/asf/allura/blob/9a9c3f6d/Allura/allura/templates/user_disable_account.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/user_disable_account.html b/Allura/allura/templates/user_disable_account.html
index 746f1be..502ef18 100644
--- a/Allura/allura/templates/user_disable_account.html
+++ b/Allura/allura/templates/user_disable_account.html
@@ -38,5 +38,10 @@
</ul>
</p>
{% endif %}
+ <p>
+ Are you really sure you want to disable your account?
+ If so, enter account password below to confirm.
+ </p>
+ {{ form.display(action='do_disable') }}
</div>
{% endblock %}
http://git-wip-us.apache.org/repos/asf/allura/blob/9a9c3f6d/Allura/allura/tests/functional/test_auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_auth.py b/Allura/allura/tests/functional/test_auth.py
index f4f773a..8483cda 100644
--- a/Allura/allura/tests/functional/test_auth.py
+++ b/Allura/allura/tests/functional/test_auth.py
@@ -1048,3 +1048,8 @@ class TestDisableAccount(TestController):
for p in user.my_projects_by_role_name('Admin'):
assert_in(p.name, r)
assert_in(p.url(), r)
+
+ def test_has_asks_password(self):
+ r = self.app.get('/auth/disable/')
+ form = r.html.find('form', {'action': 'do_disable'})
+ assert form is not None
[7/8] git commit: [#7372] implement validate_password for LDAP auth
provider
Posted by br...@apache.org.
[#7372] implement validate_password for LDAP auth provider
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/30458109
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/30458109
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/30458109
Branch: refs/heads/master
Commit: 30458109b408d0af670c4560db6d3009492b4281
Parents: e439871
Author: Dave Brondsema <db...@slashdotmedia.com>
Authored: Tue May 27 21:44:12 2014 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Tue May 27 21:51:48 2014 +0000
----------------------------------------------------------------------
Allura/allura/lib/plugin.py | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/30458109/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index e1a14bd..2d3039c 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -417,17 +417,22 @@ class LdapAuthenticationProvider(AuthenticationProvider):
if user is None:
log.debug('LdapAuth: no active user {} found in local mongo, not checking LDAP'.format(self.request.params['username']))
raise exc.HTTPUnauthorized()
+ if not self.validate_password(user, self.request.params['password']):
+ raise exc.HTTPUnauthorized()
+ return user
+
+ def validate_password(self, user, password):
try:
dn = 'uid=%s,%s' % (
- ldap.dn.escape_dn_chars(user.username),
- config['auth.ldap.suffix'])
+ ldap.dn.escape_dn_chars(user.username),
+ config['auth.ldap.suffix'])
con = ldap.initialize(config['auth.ldap.server'])
- con.bind_s(dn, self.request.params['password'])
+ con.bind_s(dn, password)
con.unbind_s()
+ return True
except (ldap.INVALID_CREDENTIALS, ldap.UNWILLING_TO_PERFORM):
log.debug('LdapAuth: could not authenticate {}'.format(user.username), exc_info=True)
- raise exc.HTTPUnauthorized()
- return user
+ return False
def user_project_shortname(self, user):
return 'u/' + user.username.replace('_', '-')
[8/8] git commit: [#7372] implement disable_user,
update other methods to mirror from Local provider impl
Posted by br...@apache.org.
[#7372] implement disable_user, update other methods to mirror from Local provider impl
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/04fb907a
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/04fb907a
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/04fb907a
Branch: refs/heads/master
Commit: 04fb907a543112a1fae7e1da367d19946a8ad757
Parents: 3045810
Author: Dave Brondsema <db...@slashdotmedia.com>
Authored: Tue May 27 21:51:38 2014 +0000
Committer: Dave Brondsema <db...@slashdotmedia.com>
Committed: Tue May 27 21:51:49 2014 +0000
----------------------------------------------------------------------
Allura/allura/lib/plugin.py | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/04fb907a/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index 2d3039c..f1e30e6 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -435,19 +435,20 @@ class LdapAuthenticationProvider(AuthenticationProvider):
return False
def user_project_shortname(self, user):
- return 'u/' + user.username.replace('_', '-')
+ return LocalAuthenticationProvider(None).user_project_shortname(user)
def user_by_project_shortname(self, shortname):
- from allura import model as M
- return M.User.query.get(username=shortname)
+ return LocalAuthenticationProvider(None).user_by_project_shortname(user)
def user_registration_date(self, user):
- if user._id:
- return user._id.generation_time
- return datetime.utcnow()
+ # could read this from an LDAP field?
+ return LocalAuthenticationProvider(None).user_registration_date(user)
def update_notifications(self, user):
- return ''
+ return LocalAuthenticationProvider(None).update_notifications(user)
+
+ def disable_user(self, user):
+ return LocalAuthenticationProvider(None).disable_user(user)
class ProjectRegistrationProvider(object):