1) Remove mongo limitations (no 'or' when querying for either username
or email).
2) Lost password function revealed if an user name or email address
is registered, which can be considered a data leak.
Leaking user names is OK, they are public anyway, but don't reveal
lookup success in case the lookup happened by email address.
Simply respond: "If you have an account here, we have send you
your email"?
3) username and email search was case sensitive. Made username search
case insensitive (they are always stored lowercase in the db).
Keep email-address search case sensitive for now. This might need
further discussion
4) Remove a whole bunch of indention in the style of:
if no error:
...
if no error:
...
if no error:
actually do something in the regular case
by restructuring the function.
5) Outsource the sanity checking for username and email fields into the
validator function. This way, we get automatic case sanity checking
and sanitizing for all required fields.
6) Require 5-char password and fix tests
Originally, the Change password form required a password between 6-30
chars while the registration and login form did not require anything
special. This commit introduces a common minimum limit for all forms
which breaks the test suite which uses a 5 char password by
default. :-). As 5 chars seem sensible enough to enforce (people
should be picking much longer ones anyway), just reduce the limit to
5 chars, thereby making all tests pass.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
We were case normalizing the email address for registration, but not at
all for the forgotten password retrieval. Make a
tools.mail.normalize_email helper that can be used to normalize the
email in the same way in all places.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Previously we allowed EVERYTHING, even slashes as slug when editing the media.
Make sure we slugify the input to sanitize it.
(+ string formdata is unicode, so there is no need to convert it)
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
This test fails, because it tries to set a slug with an "="
in it. And tests that the "=" gets replaced by "-".
Well, it currently is not being replaced.
The next (cherry picked) commit by Sebastian Spaeth fixes
this test!
nosetests runs everything that even vaguely looks like a
test case... even our get_test_app. And as it is imported
everywhere... it is run everywhere as a test case. Renaming
it saves us about 10+ tests and a few seconds of time.
When rendering a comment, we had a lot of whitespace. And
some of it made it into the rendered page:
"""<a href=...>abc </a>""" the trailing space gets
rendered and looks ugly.
when linking to a comment in a MediaEntry, the page did not
contain a <a name="comment"> because, well:
We fetched a string comment-id from the routing. And the
pagination code tried to compare that to the int id on the
comment.
Fix is to let routing fetch an int from the url. Easy.
Relatedly remove duplicated comment_id fetching from the
URL in the view.
schendje rightly pointed out that we should not return to the media
homepage if we did not select a collection on the "collect" page, but
should actually return to the collect page.
This is an improvement of the user experience ;-)
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
This feature is absolutely necessary. Now a user can simply define
their default license and quickly go through a form, as opposed to
stopping to click on the select and choosing the same option over
and over again.
Also added DB migration for the field, so that's working now, too.
Rebased by Sebastian and made the default value to be unicode.
Reviewed-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Improve the "delete my account" link location by not placing it outside the
main content bar. It still might require more tweaks.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Delete a user via web interface and see if it works. TODO: this does not test
that related entries are also cleaned up and we should extend the test to
do so.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Add a "Delete user account" template and link to it from the user
account settings page.
Create a delete_account function and fill in most blanks. We can now
successfully delete our own account.
Thanks to Elrond for catching a stray csrf_exempt in a previous iteration
of this patch.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Merging an old branch, I reintroduced an import of db.sql.util rather than
db.util. Fixing the glitch.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Set User.collections to her Collections using the backref feature.
This way we can iterate a user's collections and delete them all.
Delete all MediaEntries/Files/attachments/comments/collections etc
before finally deleting the User object. This is the backend work for
issue 302 (allow a user to delete ones own account)
Deleting a MediaEntry instance will automatically
delete all related comments and files/attachments. This moves
implementation logic out of views.py and allows to make use of this
functionality when e.g. deleting a User() account.
Whenever a MediaEntry entry is deleted, this will also sql-delete
the corresponding MediaFile entry.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
We were reading the complete "medium" "thumbnail" and "original"
in RAM via dst.write(src.read()). Just call the appropriate storage
methods copy_local_to_storage which are responsible for streaming
local files efficiently.
The efficiency of this patch depends on the separate branch that
actually implements chunked copying for Storage().copy_local_to_storage()
1) destroy_self() is a horrible function name, make it "destroy".
workbench.destroy() is descriptive enough.
2) WorkbenchManager.create_workbench() -> WorkbenchManager.create()
We use the pattern "with workbench_manager.create() as workbench:"
No need to mention workbenches three times in a row...
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
This makes workbench getting more convenient by eliminating some
boilerplate and more robust by cleaning the workbench up even if processing
ends with an Exception.
Finally, this fixes the bugs in the ascii and video backends to never call
workbench.destroy, so those workbenches were never cleaned up.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
This passes in a Workbench() via the 'workbench' keyword argument, and
conveniently cleans it up after the function has finished. 2 out of our 5
backends forgot to clean up their workbench, so this is clearly needed :-).
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
This allows us to use "with Workbench() as foo: do_stuff..."
No consumers have been switched yet though.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
- made the mistake of copying some commit message things into the
docstring. Fixed.
- elrond points out that += is nicer and we don't need u"" in this
case since we're not concatenating a variable, we're concatenating
a known ascii string.
This one does not *force* slugs, but usually it will probably result
in a niceish one.
The end *result* of the algorithm will (presumably, I have not tested
it) result in these resolutions for these situations:
- If we have a slug, make sure it's clean and sanitized, and if it's
unique, we'll use that.
- If we have a title, slugify it, and if it's unique, we'll use that.
- If we can't get any sort of thing that looks like it'll be a useful
slug out of a title or an existing slug, bail, and don't set the
slug at all. Don't try to create something just because. Make
sure we have a reasonable basis for a slug first.
- If we have a reasonable basis for a slug (either based on existing
slug or slugified title) but it's not unique, first try appending
the entry's id, if that exists
- If that doesn't result in something unique, tack on some randomly
generated bits until it's unique. That'll be a little bit of junk,
but at least it has the *basis* of a nice slug!
- add a route at /u/<user>/collections/ (note trailing 's') that lists
all existing collections
- move there the "Create new collection" link, if the user is logged in
- add a new link "Browse collections" from root.html
generate_slug could assign "none" as slug. Make sure it assigns a unique
slug in any case. We now try based on:
a) existing slug values
b) media.title
c) media.id
d) random garbage
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
Previously we allowed EVERYTHING, even slashes as slug when editing the media.
Make sure we slugify the input to sanitize it.
(+ string formdata is unicode, so there is no need to convert it)
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
