You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@allura.apache.org by br...@apache.org on 2020/03/17 19:16:06 UTC

[allura] branch db/user_admin_details_improvements created (now 2a81940)

This is an automated email from the ASF dual-hosted git repository.

brondsem pushed a change to branch db/user_admin_details_improvements
in repository https://gitbox.apache.org/repos/asf/allura.git.


      at 2a81940  Site admin: only show pwd reset related buttons if user is enabled

This branch includes the following new commits:

     new 9d9d659  Nicer formatting of user audit log details (make message bold)
     new 2a81940  Site admin: only show pwd reset related buttons if user is enabled

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[allura] 01/02: Nicer formatting of user audit log details (make message bold)

Posted by br...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

brondsem pushed a commit to branch db/user_admin_details_improvements
in repository https://gitbox.apache.org/repos/asf/allura.git

commit 9d9d6597ecdbf63e5e39b44c504d4e2400b606e9
Author: Dave Brondsema <da...@brondsema.net>
AuthorDate: Tue Mar 17 14:55:54 2020 -0400

    Nicer formatting of user audit log details (make message bold)
---
 Allura/allura/ext/admin/templates/widgets/audit.html |  4 ++--
 Allura/allura/model/auth.py                          | 17 +++++++++++++++++
 Allura/allura/tests/model/test_auth.py               | 20 +++++++++++++++++++-
 3 files changed, 38 insertions(+), 3 deletions(-)

diff --git a/Allura/allura/ext/admin/templates/widgets/audit.html b/Allura/allura/ext/admin/templates/widgets/audit.html
index 1e52df7..8b2705d 100644
--- a/Allura/allura/ext/admin/templates/widgets/audit.html
+++ b/Allura/allura/ext/admin/templates/widgets/audit.html
@@ -34,10 +34,10 @@
         <tr>
           <td style="white-space: nowrap">{{ entry.timestamp_str }}</td>
           <td>{{ entry.user and entry.user.username or 'Unknown' }}</td>
-          <td>{{ entry.url_str }}</td>
+          <td class="auditlog_url">{{ entry.url_str }}</td>
         </tr>
         <tr>
-          <td></td><td colspan="2">{{ entry.message|nl2br }}</td>
+          <td></td><td colspan="2" class="auditlog_message">{{ entry.message_html }}</td>
         </tr>
         {% endfor %}
       </tbody>
diff --git a/Allura/allura/model/auth.py b/Allura/allura/model/auth.py
index c951edf..e2f1679 100644
--- a/Allura/allura/model/auth.py
+++ b/Allura/allura/model/auth.py
@@ -19,6 +19,8 @@ from __future__ import unicode_literals
 from __future__ import absolute_import
 import logging
 import calendar
+
+from markupsafe import Markup
 from six.moves.urllib.parse import urlparse
 from email import header
 from hashlib import sha256
@@ -985,6 +987,21 @@ class AuditLog(object):
         return self.timestamp.strftime('%Y-%m-%d %H:%M:%S')
 
     @property
+    def message_html(self):
+        standard_metadata_prefixes = (
+            'Done by user:',
+            'IP Address:',
+            'User-Agent:',
+        )
+        with_br = h.nl2br_jinja_filter(self.message)
+        message_bold = '<br>\n'.join([
+            line if line.startswith(standard_metadata_prefixes) else '<b>{}</b>'.format(line)
+            for line in
+            with_br.split('<br>\n')
+        ])
+        return Markup(message_bold)
+
+    @property
     def url_str(self):
         scheme, netloc, path, params, query, fragment = urlparse(self.url)
         s = path
diff --git a/Allura/allura/tests/model/test_auth.py b/Allura/allura/tests/model/test_auth.py
index 039a969..6e2c43f 100644
--- a/Allura/allura/tests/model/test_auth.py
+++ b/Allura/allura/tests/model/test_auth.py
@@ -22,6 +22,10 @@ Model tests for auth
 """
 from __future__ import unicode_literals
 from __future__ import absolute_import
+
+import textwrap
+from datetime import datetime, timedelta
+
 from nose.tools import (
     with_setup,
     assert_equal,
@@ -33,7 +37,7 @@ from nose.tools import (
 from tg import tmpl_context as c, app_globals as g, request
 from webob import Request
 from mock import patch, Mock
-from datetime import datetime, timedelta
+from markupsafe import Markup
 
 from ming.orm.ormsession import ThreadLocalORMSession
 from ming.odm import session
@@ -444,3 +448,17 @@ def test_user_backfill_login_details():
     assert_equal(details[0].ua, 'TestBrowser/56')
     assert_equal(details[1].ip, '127.0.0.1')
     assert_equal(details[1].ua, 'TestBrowser/57')
+
+
+class TestAuditLog(object):
+
+    def test_message_html(self):
+        al = h.auditlog_user('our message <script>alert(1)</script>')
+        assert_equal(al.message, textwrap.dedent('''\
+            IP Address: 127.0.0.1
+            User-Agent: None
+            our message <script>alert(1)</script>'''))
+        assert_equal(al.message_html, textwrap.dedent('''\
+            IP Address: 127.0.0.1<br>
+            User-Agent: None<br>
+            <b>our message &lt;script&gt;alert(1)&lt;/script&gt;</b>'''))

[allura] 02/02: Site admin: only show pwd reset related buttons if user is enabled

Posted by br...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

brondsem pushed a commit to branch db/user_admin_details_improvements
in repository https://gitbox.apache.org/repos/asf/allura.git

commit 2a81940109e0b0723e872d021071020e2e20e71f
Author: Dave Brondsema <da...@brondsema.net>
AuthorDate: Tue Mar 17 14:56:53 2020 -0400

    Site admin: only show pwd reset related buttons if user is enabled
---
 Allura/allura/templates/site_admin_user_details.html | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Allura/allura/templates/site_admin_user_details.html b/Allura/allura/templates/site_admin_user_details.html
index 38e4a5f..d491307 100644
--- a/Allura/allura/templates/site_admin_user_details.html
+++ b/Allura/allura/templates/site_admin_user_details.html
@@ -42,15 +42,16 @@
 
         <div class="grid-6">
         <form action='/nf/admin/user/set_status' method="POST">
-          <div class='grid-6'>
+          Account Status:<br>
             <label><input type="radio" name="status" value="enable"{% if status == 'enabled' %} checked="checked"{% endif %}>Enabled</label><br>
             <label><input type="radio" name="status" value="disable"{% if status == 'disabled' %} checked="checked"{% endif %}>Disabled</label><br>
             <label><input type="radio" name="status" value="pending"{% if status == 'pending' %} checked="checked"{% endif %}>Pending</label>
-          </div>
           <input type='hidden' name='username' value='{{ user.username }}'>
           {{lib.csrf_token()}}
         </form>
 
+        {% if status == 'enabled' %}
+        <br>
         <form action='/nf/admin/user/set_random_password' method="POST">
           <input type="submit" value="Set random password">
           <input type='hidden' name='username' value='{{ user.username }}'>
@@ -75,6 +76,7 @@
             <a href="#" id="password_reset_url_copy">copy</a>
             <p>Whenever you regenerate a new password reset URL, previous URLs are invalidated.</p>
         </div>
+        {% endif %}
 
         </div>
       </fieldset>