Infrastructure/fedora-infrastructure
1
0
Fork 0
Code Issues 70 Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of ssh://git.fedorahosted.org/git/fedora-infrastructure

Browse source
This commit is contained in:
Toshio Kuratomi 2008-03-09 18:31:50 -07:00
commit 7b8c4f801b
9 changed files with 134 additions and 102 deletions
Download patch file Download diff file Expand all files Collapse all files

10
fas/client/fasClient.py
View file

@ -201,7 +201,7 @@ class MakeShellAccounts(BaseClient):
return '/sbin/nologin'
def install_aliases_txt(self):
move(self.temp + '/aliases', '/tmp/aliases')
move(self.temp + '/aliases', '/etc/aliases')
def passwd_text(self, people=None):
i = 0
@ -397,15 +397,21 @@ class MakeShellAccounts(BaseClient):
for group in self.groups:
name = group['name']
members = {}
members['member'] = []
for membership in self.memberships[name]:
role_type = membership['role_type']
person = usernames[membership['person_id']]
if role_type == 'user':
''' Legacy support '''
members['member'].append(person)
continue
members['member'].append(person)
try:
members[role_type].append(person)
except KeyError:
members[role_type] = [person]
for role in members:
print "%s-%s: %s" % (name, role, members[role])
email_file.write("%s-%ss: %s\n" % (name, role, ','.join(members[role])))
email_file.close()
def enable():

12
fas/dev.cfg
View file

@ -3,9 +3,6 @@
# Settings that are the same for both development and production
# (such as template engine, encodings, etc.) all go in
# fas/config/app.cfg
#mail.on = True
#mail.server = 'bastion.fedora.phx.redhat.com'
#base_url_filter.base_url = "http://192.168.2.101:8080"
mail.on = True
mail.server = 'localhost'
@ -13,8 +10,6 @@ mail.server = 'localhost'
mail.debug = False
mail.encoding = 'utf-8'
base_url_filter.use_x_forwarded_host = True
# DATABASE
# pick the form for your database
@ -25,7 +20,7 @@ base_url_filter.use_x_forwarded_host = True
# If you have sqlite, here's a simple default to get you started
# in development
sqlalchemy.dburi="postgres://fedora:bunbunbun@localhost/fas2"
sqlalchemy.echo=True
# if you are using a database or table type without transactions
# (MySQL default, for example), you should turn off transactions
@ -53,8 +48,9 @@ autoreload.package="fas"
tg.strict_parameters = True
server.webpath='/accounts'
base_url_filter.on=True
base_url_filter.base_url = "https://publictest10.fedoraproject.org"
base_url_filter.on = True
base_url_filter.use_x_forwarded_host = True
base_url_filter.base_url = "http://localhost:8088/accounts"
# Make the session cookie only return to the host over an SSL link
# Disabled for testing.

10
fas/fas/cla.py
View file

@ -9,6 +9,7 @@ import re
import gpgme
import StringIO
import subprocess
import turbomail
from fas.auth import *
@ -176,7 +177,14 @@ class CLA(controllers.Controller):
person.remove(cilckgroup, person)
except:
pass
# TODO: Email legal-cla-archive@fedoraproject.org
message = turbomail.Message(config.get('accounts_email'), config.get('legal_cla_email'), 'Fedora ICLA completed')
message.plain = '''
Fedora user %(username)s has signed a completed ICLA using their published GPG key, ID %(gpg_keyid)s,
that is associated with e-mail address %(email)s. The full signed ICLA is attached.
''' % {'username': person.username, 'gpg_keyid': person.gpg_keyid, 'email': person.emails['primary']}
signature.file.seek(0) # For another read()
message.attach(signature.file, signature.filename)
turbomail.enqueue(message)
turbogears.flash(_("You have successfully signed the CLA. You are now in the '%s' group.") % group.name)
turbogears.redirect('/cla/')
return dict()

11
fas/fas/config/app.cfg
View file

@ -153,9 +153,14 @@ identity.saprovider.model.group="fas.model.Groups"
# identity.saprovider.encryption_algorithm=None
accounts_mail = "accounts@fedoraproject.org"
#email_host = "fedoraproject.org"
email_host = "publictest10.fedoraproject.org"
# CHANGE ME:
accounts_email = "nobody@fedoraproject.org"
#accounts_email = "accounts@fedoraproject.org"
legal_cla_email = "nobody@fedoraproject.org"
#legal_cla_email = "legal-cla-archive@fedoraproject.org"
#email_host = "bastion.fedora.phx.redhat.com"
email_host = "localhost"
gpgexec = "/usr/bin/gpg"
gpghome = "/srv/fedora-infrastructure/fas/gnupg"

15
fas/fas/group.py
View file

@ -9,6 +9,7 @@ from fas.auth import *
from fas.user import KnownUser
import re
import turbomail
class KnownGroup(validators.FancyValidator):
'''Make sure that a group already exists'''
@ -287,11 +288,10 @@ class Group(controllers.Controller):
{'user': target.username, 'group': group.name, 'error': e})
turbogears.redirect('/group/view/%s' % group.name)
else:
import turbomail
# TODO: How do we handle gettext calls for these kinds of emails?
# TODO: CC to right place, put a bit more thought into how to most elegantly do this
# TODO: Maybe that @fedoraproject.org (and even -sponsors) should be configurable somewhere?
message = turbomail.Message(config.get('accounts_mail'), '%(group)s-sponsors@%(host)s' % {'group': group.name, 'host': config.get('email_host')}, \
message = turbomail.Message(config.get('accounts_email'), '%(group)s-sponsors@%(host)s' % {'group': group.name, 'host': config.get('email_host')}, \
"Fedora '%(group)s' sponsor needed for %(user)s" % {'user': target.username, 'group': group.name})
url = config.get('base_url_filter.base_url') + turbogears.url('/group/edit/%s' % groupname)
@ -331,7 +331,7 @@ Please go to %(url)s to take action.
turbogears.redirect('/group/view/%s' % group.name)
else:
import turbomail
message = turbomail.Message(config.get('accounts_mail'), target.emails['primary'], "Your Fedora '%s' membership has been sponsored" % group.name)
message = turbomail.Message(config.get('accounts_email'), target.emails['primary'], "Your Fedora '%s' membership has been sponsored" % group.name)
message.plain = _('''
%(name)s <%(email)s> has sponsored you for membership in the %(group)s
group of the Fedora account system. If applicable, this change should
@ -357,7 +357,7 @@ propagate into the e-mail aliases and CVS repository within an hour.
group = Groups.by_name(groupname)
if not canRemoveUser(person, group, target):
turbogears.flash(_("You cannot remove '%s'.") % target.username)
turbogears.flash(_("You cannot remove '%(user)s' from '%(group)s'.") % {'user': target.username, 'group': group.name})
turbogears.redirect('/group/view/%s' % group.name)
return dict()
else:
@ -368,8 +368,7 @@ propagate into the e-mail aliases and CVS repository within an hour.
{'user': target.username, 'group': group.name, 'error': e})
turbogears.redirect('/group/view/%s' % group.name)
else:
import turbomail
message = turbomail.Message(config.get('accounts_mail'), target.emails['primary'], "Your Fedora '%s' membership has been removed" % group.name)
message = turbomail.Message(config.get('accounts_email'), target.emails['primary'], "Your Fedora '%s' membership has been removed" % group.name)
message.plain = _('''
%(name)s <%(email)s> has removed you from the '%(group)s'
group of the Fedora Accounts System This change is effective
@ -406,7 +405,7 @@ aliases within an hour.
turbogears.redirect('/group/view/%s' % group.name)
else:
import turbomail
message = turbomail.Message(config.get('accounts_mail'), target.emails['primary'], "Your Fedora '%s' membership has been upgraded" % group.name)
message = turbomail.Message(config.get('accounts_email'), target.emails['primary'], "Your Fedora '%s' membership has been upgraded" % group.name)
# Should we make person.upgrade return this?
role = PersonRoles.query.filter_by(group=group, member=target).one()
status = role.role_type
@ -445,7 +444,7 @@ into the e-mail aliases within an hour.
turbogears.redirect('/group/view/%s' % group.name)
else:
import turbomail
message = turbomail.Message(config.get('accounts_mail'), target.emails['primary'], "Your Fedora '%s' membership has been downgraded" % group.name)
message = turbomail.Message(config.get('accounts_email'), target.emails['primary'], "Your Fedora '%s' membership has been downgraded" % group.name)
role = PersonRoles.query.filter_by(group=group, member=target).one()
status = role.role_type
message.plain = _('''

30
fas/fas/templates/group/view.html
View file

@ -4,7 +4,7 @@
xmlns:xi="http://www.w3.org/2001/XInclude">
<xi:include href="../master.html" />
<head>
<title>${_('Edit Group')}</title>
<title>${_('View Group')}</title>
</head>
<body>
<?python
@ -13,6 +13,8 @@
import pytz
person = People.by_username(tg.identity.user.username)
timezone = pytz.timezone(person.timezone)
can_admin = auth.canAdminGroup(person, group)
can_sponsor = auth.canSponsorGroup(person, group)
?>
<h2>${group.display_name} (${group.name})</h2>
<h3>
@ -29,7 +31,7 @@
</form>
<a py:if="group in person.memberships" href="${tg.url('/group/remove/%s/%s' % (group.name, person.username))}">${_('Remove me')}</a>
<script py:if="group in person.memberships" type="text/javascript">var hb7 = new HelpBalloon({dataURL: '${tg.url('/help/get_help/group_remove')}'});</script>
<h3>Group Details <a py:if="auth.canAdminGroup(person, group)" href="${tg.url('/group/edit/%s' % group.name)}">${_('(edit)')}</a></h3>
<h3>Group Details <a py:if="can_admin" href="${tg.url('/group/edit/%s' % group.name)}">${_('(edit)')}</a></h3>
<div class="userbox">
<dl>
<dt>${_('Name:')}</dt><dd>${group.name}&nbsp;</dd>
@ -49,14 +51,16 @@
<dd py:if="group.prerequisite">${group.prerequisite.name}&nbsp;</dd>
<dd py:if="not group.prerequisite">&nbsp;</dd>
<dt>${_('Created:')}</dt><dd>${group.creation}&nbsp;</dd>
<dt py:if="auth.canSponsorGroup(person, group)">${_('Add User:')}</dt>
<dd py:if="auth.canSponsorGroup(person, group)">
<py:if test="can_sponsor">
<dt>${_('Add User:')}</dt>
<dd>
<form action="${tg.url('/group/apply/%s' % group.name)}">
<input type='text' size='15' name='targetname'/>
<input type="submit" value="${('Add')}" />
<script type="text/javascript">var group_user_add = new HelpBalloon({dataURL: '${tg.url('/help/get_help/group_user_add')}'});</script>
</form>
</dd>
</py:if>
</dl>
</div>
<!--
@ -74,7 +78,7 @@
<th>${_('Date Approved')}</th>
<th>${_('Approval')}</th>
<th>${_('Role Type')}</th>
<th py:if="auth.canSponsorGroup(person, group)">${_('Action')}</th>
<th py:if="can_sponsor">${_('Action')}</th>
</tr>
</thead>
<tr py:for="role in group.roles">
@ -87,13 +91,17 @@
<td>${role.role_status}</td>
<td>${role.role_type}</td>
<!-- This section includes all action items -->
<td py:if="auth.canSponsorGroup(person, group)">
<td py:if="can_sponsor">
<ul class="actions">
<li py:if="group in role.member.unapproved_memberships">
<a py:if="group.needs_sponsor" href="${tg.url('/group/sponsor/%s/%s' % (group.name, role.member.username))}">${_('Sponsor')}</a>
<script py:if="group.needs_sponsor" type="text/javascript">var hb1 = new HelpBalloon({dataURL: '${tg.url('/help/get_help/group_sponsor')}'});</script>
<a py:if="not group.needs_sponsor" href="${tg.url('/group/sponsor/%s/%s' % (group.name, role.member.username))}">${_('Approve')}</a>
<script py:if="not group.needs_sponsor" type="text/javascript">var hb2 = new HelpBalloon({dataURL: '${tg.url('/help/get_help/group_approve')}'});</script>
<li py:if="role.role_status == 'unapproved'">
<py:if test="group.needs_sponsor">
<a href="${tg.url('/group/sponsor/%s/%s' % (group.name, role.member.username))}">${_('Sponsor')}</a>
<script type="text/javascript">var hb1 = new HelpBalloon({dataURL: '${tg.url('/help/get_help/group_sponsor')}'});</script>
</py:if>
<py:if test="not group.needs_sponsor">
<a href="${tg.url('/group/sponsor/%s/%s' % (group.name, role.member.username))}">${_('Approve')}</a>
<script type="text/javascript">var hb2 = new HelpBalloon({dataURL: '${tg.url('/help/get_help/group_approve')}'});</script>
</py:if>
</li>
<li py:if="auth.canRemoveUser(person, group, role.member)">
<a href="${tg.url('/group/remove/%s/%s' % (group.name, role.member.username))}">${_('Remove')}</a>

28
fas/fas/user.py
View file

@ -19,13 +19,12 @@ from fas.model import EmailPurposes
from fas.model import Log
from fas.auth import *
from fas.user_email import Email, NonFedoraEmail
#from fas.user_email import Email, NonFedoraEmail
from random import Random
import sha
from base64 import b64encode
class KnownUser(validators.FancyValidator):
'''Make sure that a user already exists'''
def _to_python(self, value, state):
@ -50,6 +49,14 @@ class UnknownUser(validators.FancyValidator):
raise validators.Invalid(_("'%s' already exists.") % value, value, state)
class NonFedoraEmail(validators.FancyValidator):
'''Make sure that an email address is not @fedoraproject.org'''
def _to_python(self, value, state):
return value.strip()
def validate_python(self, value, state):
if value.endswith('@fedoraproject.org'):
raise validators.Invalid(_("To prevent email loops, your email address cannot be @fedoraproject.org."), value, state)
class ValidSSHKey(validators.FancyValidator):
''' Make sure the ssh key uploaded is valid '''
def _to_python(self, value, state):
@ -84,10 +91,10 @@ class UserSave(validators.Schema):
validators.Regex(regex='^[^\n:<>]+$'),
)
ssh_key = ValidSSHKey(max=5000)
#mail = validators.All(
# validators.Email(not_empty=True, strip=True, max=128),
# NonFedoraEmail(not_empty=True, strip=True, max=128),
#)
email = validators.All(
validators.Email(not_empty=True, strip=True, max=128),
NonFedoraEmail(not_empty=True, strip=True, max=128),
)
#fedoraPersonBugzillaMail = validators.Email(strip=True, max=128)
#fedoraPersonKeyId- Save this one for later :)
postal_address = validators.String(max=512)
@ -148,7 +155,7 @@ def generate_salt(length=8):
class User(controllers.Controller):
email = Email()
#email = Email()
def __init__(self):
'''Create a User Controller.
@ -243,6 +250,9 @@ class User(controllers.Controller):
return dict()
try:
target.human_name = human_name
# FIXME: WARNING! This is deceptive. Remember that it
# changes the email object itself, not the email attached
# to the purpose.
target.emails['primary'] = email
# target.emails['bugzilla'] = bugzilla
target.ircnick = ircnick
@ -323,7 +333,7 @@ class User(controllers.Controller):
session.flush()
newpass = generate_password()
message = turbomail.Message(config.get('accounts_mail'), person.emails['primary'], _('Welcome to the Fedora Project!'))
message = turbomail.Message(config.get('accounts_email'), person.emails['primary'], _('Welcome to the Fedora Project!'))
message.plain = _('''
You have created a new Fedora account!
Your new password is: %s
@ -424,7 +434,7 @@ forward to working with you!
turbogears.flash(_("username + email combo unknown."))
return dict()
newpass = generate_password()
message = turbomail.Message(config.get('accounts_mail'), email, _('Fedora Project Password Reset'))
message = turbomail.Message(config.get('accounts_email'), email, _('Fedora Project Password Reset'))
mail = _('''
You have requested a password reset!
Your new password is: %s

2
fas/fas/user_email.py
View file

@ -238,7 +238,7 @@ class Email(controllers.Controller):
else:
# TODO: Make this email more friendly. Maybe escape the @ in email too?
validurl = config.get('base_url_filter.base_url') + turbogears.url('/user/email/verify/%s/%s/%s') % (target.username, email, validtoken)
message = turbomail.Message(config.get('accounts_mail'), email, _('Confirm this email address'))
message = turbomail.Message(config.get('accounts_email'), email, _('Confirm this email address'))
message.plain = _('''
Go to this URL to verify that you own this email address: %s
''') % validurl

118
fas/fas2.sql
View file

@ -282,65 +282,65 @@ create table visit_identity (
--
-- When a person's fedorabugs role is updated, add them to bugzilla queue.
--
create or replace function bugzilla_sync() returns trigger as $bz_sync$
# Decide which row we are operating on and the action to take
if TD['event'] == 'DELETE':
# 'r' for removing an entry from bugzilla
newaction = 'r'
row = TD['old']
else:
# insert or update
row = TD['new']
if row['role_status'] == 'approved':
# approved so add an entry to bugzilla
newaction = 'a'
else:
# no longer approved so remove the entry from bugzilla
newaction = 'r'
# Get the group id for fedorabugs
result = plpy.execute("select id from groups where name = 'fedorabugs'", 1)
if not result:
# Danger Will Robinson! A basic FAS group does not exist!
plpy.error('Basic FAS group fedorabugs does not exist')
# If this is not a fedorabugs role, no change needed
if row['group_id'] != result[0]['id']:
return None
# Retrieve the bugzilla email address
plan = plpy.prepare("select email, purpose from person_emails as pee,"
" email_purposes as epu"
" where epu.id = epu.email_id and pee.person_id = $1"
" and purpose in ('bugzilla', 'primary')",
('text',))
result = plpy.execute(plan, row['person_id'])
email = None
for record in result:
email = record['email']
if record['purpose'] == 'bugzilla':
break
if not email:
raise plpy.error('Cannot approve fedorabugs for person_id(%s) because they have no email address to use with bugzilla' % row['person_id'])
# If there is already a row in bugzilla_queue update, otherwise insert
plan = plpy.prepare("select email from bugzilla_queue where email = $1",
('text',))
result = plpy.execute(plan, (email,), 1)
if result:
plan = plpy.prepare("update bugzilla_queue set action = $1"
" where email = $2", ('char', 'text'))
plpy.execute(plan, (newaction, email))
else:
plan = plpy.prepare("insert into bugzilla_queue (email, group_id"
", person_id, action) values ($1, $2, $3, $4)",
('text', 'text', 'text', 'char'))
plpy.execute(plan, (email, row['group_id'], row['person_id'], newaction))
return None
$bz_sync$ language plpythonu;
create trigger role_bugzilla_sync before update or insert or delete
on person_roles
for each row execute procedure bugzilla_sync();
-- create or replace function bugzilla_sync() returns trigger as $bz_sync$
-- # Decide which row we are operating on and the action to take
-- if TD['event'] == 'DELETE':
-- # 'r' for removing an entry from bugzilla
-- newaction = 'r'
-- row = TD['old']
-- else:
-- # insert or update
-- row = TD['new']
-- if row['role_status'] == 'approved':
-- # approved so add an entry to bugzilla
-- newaction = 'a'
-- else:
-- # no longer approved so remove the entry from bugzilla
-- newaction = 'r'
--
-- # Get the group id for fedorabugs
-- result = plpy.execute("select id from groups where name = 'fedorabugs'", 1)
-- if not result:
-- # Danger Will Robinson! A basic FAS group does not exist!
-- plpy.error('Basic FAS group fedorabugs does not exist')
-- # If this is not a fedorabugs role, no change needed
-- if row['group_id'] != result[0]['id']:
-- return None
--
-- # Retrieve the bugzilla email address
-- plan = plpy.prepare("select email, purpose from person_emails as pee,"
-- " email_purposes as epu"
-- " where epu.id = epu.email_id and pee.person_id = $1"
-- " and purpose in ('bugzilla', 'primary')",
-- ('text',))
-- result = plpy.execute(plan, row['person_id'])
-- email = None
-- for record in result:
-- email = record['email']
-- if record['purpose'] == 'bugzilla':
-- break
-- if not email:
-- raise plpy.error('Cannot approve fedorabugs for person_id(%s) because they have no email address to use with bugzilla' % row['person_id'])
--
-- # If there is already a row in bugzilla_queue update, otherwise insert
-- plan = plpy.prepare("select email from bugzilla_queue where email = $1",
-- ('text',))
-- result = plpy.execute(plan, (email,), 1)
-- if result:
-- plan = plpy.prepare("update bugzilla_queue set action = $1"
-- " where email = $2", ('char', 'text'))
-- plpy.execute(plan, (newaction, email))
-- else:
-- plan = plpy.prepare("insert into bugzilla_queue (email, group_id"
-- ", person_id, action) values ($1, $2, $3, $4)",
-- ('text', 'text', 'text', 'char'))
-- plpy.execute(plan, (email, row['group_id'], row['person_id'], newaction))
-- return None
-- $bz_sync$ language plpythonu;
--
-- create trigger role_bugzilla_sync before update or insert or delete
-- on person_roles
-- for each row execute procedure bugzilla_sync();
--
-- When an email address changes, check whether it needs to be changed in