From 39af3f7495514d80138d0d9e11801e79f5796c51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= Date: Fri, 10 Jul 2015 22:30:55 +0200 Subject: [PATCH] general: remove obsolete identification token feature (#7824) --- wcs/admin/settings.py | 5 +---- wcs/anonylink.py | 27 ------------------------- wcs/forms/common.py | 12 ++--------- wcs/forms/root.py | 35 ++++++-------------------------- wcs/root.py | 55 +-------------------------------------------------- wcs/sql.py | 13 ++++++------ wcs/users.py | 5 ----- 7 files changed, 16 insertions(+), 136 deletions(-) delete mode 100644 wcs/anonylink.py diff --git a/wcs/admin/settings.py b/wcs/admin/settings.py index 13af488..0c3a79c 100644 --- a/wcs/admin/settings.py +++ b/wcs/admin/settings.py @@ -756,9 +756,6 @@ class SettingsDirectory(QommonSettingsDirectory): def misc(self): misc_cfg = get_cfg('misc', {}) form = Form(enctype="multipart/form-data") - form.add(CheckboxWidget, 'do-not-token', - title = _('Do not show anything about identification tokens'), - value = misc_cfg.get('do-not-token', False)) form.add(WidgetDict, 'namespaces', title = _('Namespaces for prefilling'), value = misc_cfg.get('namespaces', {})) @@ -775,7 +772,7 @@ class SettingsDirectory(QommonSettingsDirectory): r += form.render() return r.getvalue() else: - cfg_submit(form, 'misc', ('do-not-token', 'namespaces')) + cfg_submit(form, 'misc', ('namespaces',)) return redirect('.') def export(self): diff --git a/wcs/anonylink.py b/wcs/anonylink.py deleted file mode 100644 index 1ec2449..0000000 --- a/wcs/anonylink.py +++ /dev/null @@ -1,27 +0,0 @@ -# w.c.s. - web application for online forms -# Copyright (C) 2005-2010 Entr'ouvert -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, see . - -from qommon.storage import StorableObject - -class AnonymityLink(StorableObject): - _names = 'anonylinks' - - key = None - name_identifier = None - formdata_type = None - formdata_def_id = None - formdata_id = None - diff --git a/wcs/forms/common.py b/wcs/forms/common.py index 3262535..1065f33 100644 --- a/wcs/forms/common.py +++ b/wcs/forms/common.py @@ -23,7 +23,6 @@ from wcs.fields import WidgetField from qommon import template from qommon import get_logger from qommon.form import * -from wcs.anonylink import AnonymityLink from qommon.strftime import strftime from qommon.admin.texts import TextsDirectory @@ -99,15 +98,8 @@ class FormStatusPage(Directory): user = get_user_from_api_query_string() or get_request().user else: user = get_request().user - if user: - if user.anonymous: - anonylink = AnonymityLink.select( - lambda x: x.name_identifier == session.name_identifier and - x.formdata_type == 'form' and - x.formdata_def_id == self.formdef.id) - if len(anonylink) == 1: - mine = True - elif self.filled.is_submitter(user): + if user and not user.anonymous: + if self.filled.is_submitter(user): mine = True else: if get_session() and get_session().is_anonymous_submitter(self.filled): diff --git a/wcs/forms/root.py b/wcs/forms/root.py index a91993a..285dfad 100644 --- a/wcs/forms/root.py +++ b/wcs/forms/root.py @@ -39,7 +39,6 @@ from qommon.form import * from qommon import tokens from qommon import emails -from wcs.anonylink import AnonymityLink from wcs.categories import Category from wcs.formdef import FormDef from wcs.formdata import FormData @@ -63,22 +62,12 @@ def get_user_forms(formdef): session = get_session() user = session.get_user() user_forms = [] - if user: - if user.anonymous: - anonylinks = AnonymityLink.select( - lambda x: x.name_identifier == session.name_identifier and - x.formdata_type == 'form') - for anonylink in anonylinks: - if anonylink.formdata_def_id != formdef.id: - continue - user_forms.append(formdef.data_class().get(anonylink.formdata_id)) - else: - user_forms.extend(formdef.data_class().get_with_indexed_value('user_id', user.id)) - try: - user_forms.extend(formdef.data_class().get_with_indexed_value('user_hash', user.hash)) - except AttributeError: - pass - + if user and not user.anonymous: + user_forms.extend(formdef.data_class().get_with_indexed_value('user_id', user.id)) + try: + user_forms.extend(formdef.data_class().get_with_indexed_value('user_hash', user.hash)) + except AttributeError: + pass return user_forms from wcs.forms.common import FormStatusPage @@ -809,15 +798,6 @@ class FormPage(Directory): self.keep_tracking_code(filled) session.remove_magictoken(get_request().form.get('magictoken')) - if not filled.user_id and existing_formdata is None: - a = AnonymityLink() - a.formdata_type = 'form' - a.formdata_def_id = self.formdef.id - a.formdata_id = filled.id - if session.name_identifier: - a.name_identifier = session.name_identifier - # XXX nothing with anonylink.key ? - a.store() get_logger().info('form %s - done (id: %s)' % (self.formdef.name, filled.id)) url = None if existing_formdata is None: @@ -1119,9 +1099,6 @@ class RootDirectory(AccessControlled, Directory): if user.can_go_in_backoffice(): r += htmltext('%s - ') % (root_url, _('Back Office')) if user.anonymous: - if not get_cfg('misc', {}).get('do-not-token', False): - r += htmltext('%s - ') % (root_url, _('Enter Identification Token')) - if get_cfg('saml_identities', {}).get('creation', 'admin') != 'admin': r += htmltext('%s - ') % (root_url, _('Register')) diff --git a/wcs/root.py b/wcs/root.py index 8c88947..520c2bf 100644 --- a/wcs/root.py +++ b/wcs/root.py @@ -48,7 +48,6 @@ from qommon.afterjobs import AfterJobStatusDirectory from categories import Category from data_sources import NamedDataSource from formdef import FormDef -from anonylink import AnonymityLink from roles import Role from wcs.api import get_user_from_api_query_string, ApiDirectory from myspace import MyspaceDirectory @@ -193,7 +192,7 @@ class RegisterDirectory(Directory): class RootDirectory(Directory): - _q_exports = ['admin', 'backoffice', 'forms', 'login', 'logout', 'token', 'saml', + _q_exports = ['admin', 'backoffice', 'forms', 'login', 'logout', 'saml', 'ident', 'register', 'afterjobs', 'themes', 'myspace', 'user', 'roles', 'pages', ('tmp-upload', 'tmp_upload'), 'api', '__version__', 'tryauth', 'auth', 'preview'] @@ -233,58 +232,6 @@ class RootDirectory(Directory): # (and to set it as none/get/soap?) return self.saml.slo_sp() - def token(self): - if not get_request().user: - raise errors.AccessUnauthorizedError() - - form = Form(enctype='multipart/form-data') - form.add(StringWidget, 'token', title = _('Identification Token'), - required = True, size = 30) - form.add_submit('submit', _('Submit')) - form.add_submit('cancel', _('Cancel')) - - if form.get_widget('cancel').parse(): - return redirect('.') - - if not form.is_submitted() or form.has_errors(): - template.html_top(_('Identification Token')) - # TODO: include explanation about identification token (?) - r = TemplateIO(html=True) - r += htmltext('

%s

') % _('Please enter your identification token.') - r += htmltext(form.render()) - return r.getvalue() - else: - session = get_session() - if get_request().user: - lasso_dump = get_request().user.lasso_dump - else: - return template.error_page('No Lasso Identity Dump (???)') - token = form.get_widget('token').parse() - users_with_token = list(get_publisher().user_class.get_users_with_identification_token(token)) - if len(users_with_token) == 0: - return template.error_page(_('Unknown Token')) - - user = users_with_token[0] - user.name_identifiers.append(session.name_identifier) - user.lasso_dump = str(lasso_dump) - user.identification_token = None - user.store() - - session.set_user(user.id) - - for anonylink in AnonymityLink.select( - lambda x: x.name_identifier == session.name_identifier): - if anonylink.formdata_type == 'form': - fdef = FormDef.get(anonylink.formdata_def_id) - else: - continue # ? - data = fdef.data_class().get(anonylink.formdata_id) - data.user_id = user.id - data.store() - anonylink.remove_self() - - return redirect('.') - def user(self): if get_request().is_json(): return self.user_json() diff --git a/wcs/sql.py b/wcs/sql.py index e121178..349c9ca 100644 --- a/wcs/sql.py +++ b/wcs/sql.py @@ -392,7 +392,6 @@ def do_user_table(): is_admin bool, anonymous bool, name_identifiers text[], - identification_token varchar, lasso_dump text, last_seen timestamp)''' % table_name) cur.execute('''SELECT column_name FROM information_schema.columns @@ -400,7 +399,7 @@ def do_user_table(): existing_fields = set([x[0] for x in cur.fetchall()]) needed_fields = set(['id', 'name', 'email', 'roles', 'is_admin', - 'anonymous', 'name_identifiers', 'identification_token', + 'anonymous', 'name_identifiers', 'lasso_dump', 'last_seen']) from admin.settings import UserFieldsFormDef @@ -1241,7 +1240,6 @@ class SqlUser(SqlMixin, wcs.users.User): ('is_admin', 'bool'), ('anonymous', 'bool'), ('name_identifiers', 'varchar[]'), - ('identification_token', 'varchar'), ('lasso_dump', 'text'), ('last_seen', 'timestamp') ] @@ -1262,7 +1260,6 @@ class SqlUser(SqlMixin, wcs.users.User): 'is_admin': self.is_admin, 'anonymous': self.anonymous, 'name_identifiers': self.name_identifiers, - 'identification_token': self.identification_token, 'lasso_dump': self.lasso_dump, 'last_seen': None, } @@ -1303,7 +1300,7 @@ class SqlUser(SqlMixin, wcs.users.User): def _row2ob(cls, row): o = cls() (o.id, o.name, o.email, o.roles, o.is_admin, o.anonymous, - o.name_identifiers, o.identification_token, o.lasso_dump, + o.name_identifiers, o.lasso_dump, o.last_seen) = tuple(row[:10]) if o.last_seen: o.last_seen = time.mktime(o.last_seen.timetuple()) @@ -1587,7 +1584,7 @@ def get_yearly_totals(period_start=None, period_end=None, criterias=None): return result -SQL_LEVEL = 3 +SQL_LEVEL = 4 def migrate_global_views(conn, cur): cur.execute('''SELECT COUNT(*) FROM information_schema.tables @@ -1620,7 +1617,9 @@ def migrate(): # make sure all formdefs have up-to-date views do_formdef_tables(formdef, conn=conn, cur=cur, rebuild_views=True) migrate_global_views(conn, cur) - if sql_level < 3: # 3: introduction of _structured for user fields + if sql_level < 4: + # 3: introduction of _structured for user fields + # 4: removal of identification_token do_user_table() cur.execute('''UPDATE wcs_meta SET value = %s WHERE key = %s''', ( diff --git a/wcs/users.py b/wcs/users.py index ccc6dc1..6de1b30 100644 --- a/wcs/users.py +++ b/wcs/users.py @@ -34,7 +34,6 @@ class User(StorableObject): form_data = None # dumping ground for custom fields name_identifiers = None - identification_token = None lasso_dump = None last_seen = None @@ -147,10 +146,6 @@ class User(StorableObject): return cls.select([st.Equal('email', email)]) get_users_with_email = classmethod(get_users_with_email) - def get_users_with_identification_token(cls, token): - return cls.select([st.Equal('identification_token', token)]) - get_users_with_identification_token = classmethod(get_users_with_identification_token) - def get_substitution_variables(self, prefix='session_'): d = { prefix+'user': self, -- 2.1.4