From bc57f2c9a1fcbf70f35498dd10d1edb721151521 Mon Sep 17 00:00:00 2001 From: richard Date: Thu, 10 Apr 2003 05:12:42 +0000 Subject: [PATCH] set new email rego user password to random string git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/trunk@1655 57a73879-2fb5-44c3-a270-3262357dd7e2 --- roundup/cgi/client.py | 11 ++++++----- roundup/mailgw.py | 6 +++--- roundup/password.py | 8 ++++++-- roundup/templates/classic/dbinit.py | 9 ++++++--- roundup/templates/classic/html/style.css | 4 ---- 5 files changed, 21 insertions(+), 17 deletions(-) diff --git a/roundup/cgi/client.py b/roundup/cgi/client.py index ffeca51..3c59776 100644 --- a/roundup/cgi/client.py +++ b/roundup/cgi/client.py @@ -1,4 +1,4 @@ -# $Id: client.py,v 1.112 2003-04-10 04:32:46 richard Exp $ +# $Id: client.py,v 1.113 2003-04-10 05:12:41 richard Exp $ __doc__ = """ WWW request handler (also used in the stand-alone server). @@ -31,6 +31,8 @@ class NotModified(HTTPException): # this var must contain a file to write the mail to SENDMAILDEBUG = os.environ.get('SENDMAILDEBUG', '') +# used by a couple of routines +chars = string.letters+string.digits # XXX actually _use_ FormError class FormError(ValueError): @@ -694,7 +696,6 @@ class Client: # Let the user know what's going on self.ok_message.append(_('You are logged out')) - chars = string.letters+string.digits def registerAction(self): '''Attempt to create a new user based on the contents of the form and then set the cookie. @@ -721,7 +722,7 @@ class Client: pass # generate the one-time-key and store the props for later - otk = ''.join([random.choice(self.chars) for x in range(32)]) + otk = ''.join([random.choice(chars) for x in range(32)]) for propname, proptype in self.db.user.getprops().items(): value = props.get(propname, None) if value is None: @@ -885,7 +886,7 @@ please visit the following URL: self.opendb('admin') # change the password - newpw = ''.join([random.choice(self.chars) for x in range(8)]) + newpw = password.generatePassword() cl = self.db.user # XXX we need to make the "default" page be able to display errors! @@ -939,7 +940,7 @@ Your password is now: %(password)s return # generate the one-time-key and store the props for later - otk = ''.join([random.choice(self.chars) for x in range(32)]) + otk = ''.join([random.choice(chars) for x in range(32)]) self.db.otks.set(otk, uid=uid, __time=time.time()) # send the email diff --git a/roundup/mailgw.py b/roundup/mailgw.py index 94594de..468a3b7 100644 --- a/roundup/mailgw.py +++ b/roundup/mailgw.py @@ -73,15 +73,14 @@ are calling the create() method to create a new node). If an auditor raises an exception, the original message is bounced back to the sender with the explanatory message given in the exception. -$Id: mailgw.py,v 1.113 2003-03-24 02:54:35 richard Exp $ +$Id: mailgw.py,v 1.114 2003-04-10 05:12:41 richard Exp $ ''' import string, re, os, mimetools, cStringIO, smtplib, socket, binascii, quopri import time, random, sys import traceback, MimeWriter, rfc822 -import hyperdb, date, password -import rfc2822 +from roundup import hyperdb, date, password, rfc2822 SENDMAILDEBUG = os.environ.get('SENDMAILDEBUG', '') @@ -1026,6 +1025,7 @@ def uidFromAddress(db, address, create=1, **user_props): if create: return db.user.create(username=address, address=address, realname=realname, roles=db.config.NEW_EMAIL_USER_ROLES, + password=password.Password(password.generatePassword()), **user_props) else: return 0 diff --git a/roundup/password.py b/roundup/password.py index 8400f67..a2f01f5 100644 --- a/roundup/password.py +++ b/roundup/password.py @@ -15,13 +15,13 @@ # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE, # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. # -# $Id: password.py,v 1.8 2002-12-18 23:57:09 richard Exp $ +# $Id: password.py,v 1.9 2003-04-10 05:12:41 richard Exp $ __doc__ = """ Password handling (encoding, decoding). """ -import sha, re, string +import sha, re, string, random try: import crypt except: @@ -48,6 +48,10 @@ def encodePassword(plaintext, scheme, other=None): raise ValueError, 'Unknown encryption scheme "%s"'%scheme return s +def generatePassword(length=8): + chars = string.letters+string.digits + return ''.join([random.choice(chars) for x in range(length)]) + class Password: '''The class encapsulates a Password property type value in the database. diff --git a/roundup/templates/classic/dbinit.py b/roundup/templates/classic/dbinit.py index 4be969b..0bd0bf3 100644 --- a/roundup/templates/classic/dbinit.py +++ b/roundup/templates/classic/dbinit.py @@ -15,7 +15,7 @@ # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE, # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. # -# $Id: dbinit.py,v 1.33 2003-01-27 16:40:37 kedder Exp $ +# $Id: dbinit.py,v 1.34 2003-04-10 05:12:42 richard Exp $ import os @@ -96,20 +96,23 @@ def open(name=None): # # SECURITY SETTINGS # - # new permissions for this schema + # See the configuration and customisation document for information + # about security setup. + # Add new Permissions for this schema for cl in 'issue', 'file', 'msg', 'user', 'query', 'keyword': db.security.addPermission(name="Edit", klass=cl, description="User is allowed to edit "+cl) db.security.addPermission(name="View", klass=cl, description="User is allowed to access "+cl) - # Assign the access and edit permissions for issue, file and message + # Assign the access and edit Permissions for issue, file and message # to regular users now for cl in 'issue', 'file', 'msg', 'query', 'keyword': p = db.security.getPermission('View', cl) db.security.addPermissionToRole('User', p) p = db.security.getPermission('Edit', cl) db.security.addPermissionToRole('User', p) + # and give the regular users access to the web and email interface p = db.security.getPermission('Web Access') db.security.addPermissionToRole('User', p) diff --git a/roundup/templates/classic/html/style.css b/roundup/templates/classic/html/style.css index 3360fe0..da5c4c6 100644 --- a/roundup/templates/classic/html/style.css +++ b/roundup/templates/classic/html/style.css @@ -7,10 +7,6 @@ a[href]:hover { color:blue; text-decoration: underline; } a[href]:link { color:blue; text-decoration: none; } a[href] { color:blue; text-decoration: none; } -a.classhelp:hover { font-weight: bold; } -a.classhelp:link { font-weight: bold; } -a.classhelp { font-weight: bold; } - table.body { border: 0; padding: 0; -- 2.30.2