paul@2 | 1 | # Copyright (c) 2003 Richard Jones (richard@mechanicalcat.net) |
paul@2 | 2 | # |
paul@2 | 3 | # Permission is hereby granted, free of charge, to any person obtaining a copy |
paul@2 | 4 | # of this software and associated documentation files (the "Software"), to deal |
paul@2 | 5 | # in the Software without restriction, including without limitation the rights |
paul@2 | 6 | # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
paul@2 | 7 | # copies of the Software, and to permit persons to whom the Software is |
paul@2 | 8 | # furnished to do so, subject to the following conditions: |
paul@2 | 9 | # |
paul@2 | 10 | # The above copyright notice and this permission notice shall be included in |
paul@2 | 11 | # all copies or substantial portions of the Software. |
paul@2 | 12 | # |
paul@2 | 13 | # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
paul@2 | 14 | # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
paul@2 | 15 | # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
paul@2 | 16 | # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
paul@2 | 17 | # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
paul@2 | 18 | # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
paul@2 | 19 | # SOFTWARE. |
paul@2 | 20 | # |
paul@2 | 21 | #$Id: userauditor.py,v 1.9 2007-09-12 21:11:13 jpend Exp $ |
paul@2 | 22 | |
paul@2 | 23 | import re |
paul@2 | 24 | |
paul@2 | 25 | # regular expression thanks to: http://www.regular-expressions.info/email.html |
paul@2 | 26 | # this is the "99.99% solution for syntax only". |
paul@2 | 27 | email_regexp = (r"[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*", r"(localhost|(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9]))") |
paul@2 | 28 | email_rfc = re.compile('^' + email_regexp[0] + '@' + email_regexp[1] + '$', re.IGNORECASE) |
paul@2 | 29 | email_local = re.compile('^' + email_regexp[0] + '$', re.IGNORECASE) |
paul@2 | 30 | |
paul@2 | 31 | def valid_address(address): |
paul@2 | 32 | ''' If we see an @-symbol in the address then check against the full |
paul@2 | 33 | RFC syntax. Otherwise it is a local-only address so only check |
paul@2 | 34 | the local part of the RFC syntax. |
paul@2 | 35 | ''' |
paul@2 | 36 | if '@' in address: |
paul@2 | 37 | return email_rfc.match(address) |
paul@2 | 38 | else: |
paul@2 | 39 | return email_local.match(address) |
paul@2 | 40 | |
paul@2 | 41 | def get_addresses(user): |
paul@2 | 42 | ''' iterate over all known addresses in a newvalues dict |
paul@2 | 43 | this takes of the address/alterate_addresses handling |
paul@2 | 44 | ''' |
paul@2 | 45 | if user.has_key('address'): |
paul@2 | 46 | yield user['address'] |
paul@2 | 47 | if user.get('alternate_addresses', None): |
paul@2 | 48 | for address in user['alternate_addresses'].split('\n'): |
paul@2 | 49 | yield address |
paul@2 | 50 | |
paul@2 | 51 | def audit_user_fields(db, cl, nodeid, newvalues): |
paul@2 | 52 | ''' Make sure user properties are valid. |
paul@2 | 53 | |
paul@2 | 54 | - email address is syntactically valid |
paul@2 | 55 | - email address is unique |
paul@2 | 56 | - roles specified exist |
paul@2 | 57 | - timezone is valid |
paul@2 | 58 | ''' |
paul@2 | 59 | |
paul@2 | 60 | for address in get_addresses(newvalues): |
paul@2 | 61 | if not valid_address(address): |
paul@2 | 62 | raise ValueError, 'Email address syntax is invalid' |
paul@2 | 63 | |
paul@2 | 64 | check_main = db.user.stringFind(address=address) |
paul@2 | 65 | # make sure none of the alts are owned by anyone other than us (x!=nodeid) |
paul@2 | 66 | check_alts = [x for x in db.user.filter(None, {'alternate_addresses' : address}) if x != nodeid] |
paul@2 | 67 | if check_main or check_alts: |
paul@2 | 68 | raise ValueError, 'Email address %s already in use' % address |
paul@2 | 69 | |
paul@2 | 70 | for rolename in [r.lower().strip() for r in newvalues.get('roles', '').split(',')]: |
paul@2 | 71 | if rolename and not db.security.role.has_key(rolename): |
paul@2 | 72 | raise ValueError, 'Role "%s" does not exist'%rolename |
paul@2 | 73 | |
paul@2 | 74 | tz = newvalues.get('timezone', None) |
paul@2 | 75 | if tz: |
paul@2 | 76 | # if they set a new timezone validate the timezone by attempting to |
paul@2 | 77 | # use it before we store it to the db. |
paul@2 | 78 | import roundup.date |
paul@2 | 79 | import datetime |
paul@2 | 80 | try: |
paul@2 | 81 | TZ = roundup.date.get_timezone(tz) |
paul@2 | 82 | dt = datetime.datetime.now() |
paul@2 | 83 | local = TZ.localize(dt).utctimetuple() |
paul@2 | 84 | except IOError: |
paul@2 | 85 | raise ValueError, 'Timezone "%s" does not exist' % tz |
paul@2 | 86 | except ValueError: |
paul@2 | 87 | raise ValueError, 'Timezone "%s" exceeds valid range [-23...23]' % tz |
paul@2 | 88 | |
paul@2 | 89 | def init(db): |
paul@2 | 90 | # fire before changes are made |
paul@2 | 91 | db.user.audit('set', audit_user_fields) |
paul@2 | 92 | db.user.audit('create', audit_user_fields) |
paul@2 | 93 | |
paul@2 | 94 | # vim: sts=4 sw=4 et si |