.hex is what we need to access to get at the ascii (hex) version
anyway. Also, not sure why the previous version grabbed starting at
the index of 1... just grab the first characters instead.
Use inspect_table in the new migration. Makes code more
readable, really.
And make the default for the preferred license be None.
This is a userspace thing, so we can even change the
migration here. Changing the migration means, that people
running the migration before this commit get a "" in
User.license_preference, while people running the migration
now get a None. Both values are okay.
None has been designated as "Use the site's default". We're
not actually having a site default right now. Which means
no license is selected in the dropdown.
While "" means "All rights reserved" being chosen by the
user.
Side note: Having no license being selected in the submit
dropdown is as "worse" as before and does not really hurt
much. MediaEntry.license==None means "All rights reserved"
as does "" also do.
tags used to be global, you could only browse media by tag for all users.
This patch implements a view that allows us to browse only a user's tagged
media.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
If we send a POST request to the login page which contained form errors
(e.g. a too short password), the variable "login_failed" was not set to
true. This condition was tested by the test suite however, so we should
make sure that login_failed is set even if the form failed to validate.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
1) Remove mongo limitations (no 'or' when querying for either username
or email).
2) Lost password function revealed if an user name or email address
is registered, which can be considered a data leak.
Leaking user names is OK, they are public anyway, but don't reveal
lookup success in case the lookup happened by email address.
Simply respond: "If you have an account here, we have send you
your email"?
3) username and email search was case sensitive. Made username search
case insensitive (they are always stored lowercase in the db).
Keep email-address search case sensitive for now. This might need
further discussion
4) Remove a whole bunch of indention in the style of:
if no error:
...
if no error:
...
if no error:
actually do something in the regular case
by restructuring the function.
5) Outsource the sanity checking for username and email fields into the
validator function. This way, we get automatic case sanity checking
and sanitizing for all required fields.
6) Require 5-char password and fix tests
Originally, the Change password form required a password between 6-30
chars while the registration and login form did not require anything
special. This commit introduces a common minimum limit for all forms
which breaks the test suite which uses a 5 char password by
default. :-). As 5 chars seem sensible enough to enforce (people
should be picking much longer ones anyway), just reduce the limit to
5 chars, thereby making all tests pass.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
We were case normalizing the email address for registration, but not at
all for the forgotten password retrieval. Make a
tools.mail.normalize_email helper that can be used to normalize the
email in the same way in all places.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Previously we allowed EVERYTHING, even slashes as slug when editing the media.
Make sure we slugify the input to sanitize it.
(+ string formdata is unicode, so there is no need to convert it)
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
This test fails, because it tries to set a slug with an "="
in it. And tests that the "=" gets replaced by "-".
Well, it currently is not being replaced.
The next (cherry picked) commit by Sebastian Spaeth fixes
this test!
nosetests runs everything that even vaguely looks like a
test case... even our get_test_app. And as it is imported
everywhere... it is run everywhere as a test case. Renaming
it saves us about 10+ tests and a few seconds of time.
When rendering a comment, we had a lot of whitespace. And
some of it made it into the rendered page:
"""<a href=...>abc </a>""" the trailing space gets
rendered and looks ugly.
when linking to a comment in a MediaEntry, the page did not
contain a <a name="comment"> because, well:
We fetched a string comment-id from the routing. And the
pagination code tried to compare that to the int id on the
comment.
Fix is to let routing fetch an int from the url. Easy.
Relatedly remove duplicated comment_id fetching from the
URL in the view.
schendje rightly pointed out that we should not return to the media
homepage if we did not select a collection on the "collect" page, but
should actually return to the collect page.
This is an improvement of the user experience ;-)
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
This feature is absolutely necessary. Now a user can simply define
their default license and quickly go through a form, as opposed to
stopping to click on the select and choosing the same option over
and over again.
Also added DB migration for the field, so that's working now, too.
Rebased by Sebastian and made the default value to be unicode.
Reviewed-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Improve the "delete my account" link location by not placing it outside the
main content bar. It still might require more tweaks.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Delete a user via web interface and see if it works. TODO: this does not test
that related entries are also cleaned up and we should extend the test to
do so.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Add a "Delete user account" template and link to it from the user
account settings page.
Create a delete_account function and fill in most blanks. We can now
successfully delete our own account.
Thanks to Elrond for catching a stray csrf_exempt in a previous iteration
of this patch.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Merging an old branch, I reintroduced an import of db.sql.util rather than
db.util. Fixing the glitch.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Set User.collections to her Collections using the backref feature.
This way we can iterate a user's collections and delete them all.
Delete all MediaEntries/Files/attachments/comments/collections etc
before finally deleting the User object. This is the backend work for
issue 302 (allow a user to delete ones own account)
Deleting a MediaEntry instance will automatically
delete all related comments and files/attachments. This moves
implementation logic out of views.py and allows to make use of this
functionality when e.g. deleting a User() account.
Whenever a MediaEntry entry is deleted, this will also sql-delete
the corresponding MediaFile entry.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
We were reading the complete "medium" "thumbnail" and "original"
in RAM via dst.write(src.read()). Just call the appropriate storage
methods copy_local_to_storage which are responsible for streaming
local files efficiently.
The efficiency of this patch depends on the separate branch that
actually implements chunked copying for Storage().copy_local_to_storage()
1) destroy_self() is a horrible function name, make it "destroy".
workbench.destroy() is descriptive enough.
2) WorkbenchManager.create_workbench() -> WorkbenchManager.create()
We use the pattern "with workbench_manager.create() as workbench:"
No need to mention workbenches three times in a row...
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
This makes workbench getting more convenient by eliminating some
boilerplate and more robust by cleaning the workbench up even if processing
ends with an Exception.
Finally, this fixes the bugs in the ascii and video backends to never call
workbench.destroy, so those workbenches were never cleaned up.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
This passes in a Workbench() via the 'workbench' keyword argument, and
conveniently cleans it up after the function has finished. 2 out of our 5
backends forgot to clean up their workbench, so this is clearly needed :-).
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
