Mathis/allianceauth
1
0
Fork 0
mirror of https://gitlab.com/allianceauth/allianceauth.git synced 2025-07-12 14:00:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply username sanitizing upon creation

Browse Source 
Prevent purging of character ownerships when logging in
Listen to state permission changes for service access verification
This commit is contained in:
Adarnof 2017-03-26 17:45:32 -04:00
parent 06f78a7518
commit aaf196b477
3 changed files with 41 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
authentication/backends.py
View File

@ -58,6 +58,8 @@ class StateBackend(ModelBackend):
@staticmethod
def iterate_username(name):
name = str.replace(name, "'", "")
name = str.replace(name, ' ', '_')
if User.objects.filter(username__startswith=name).exists():
u = User.objects.filter(username__startswith=name)
num = len(u)

7
authentication/signals.py
View File

@ -71,9 +71,12 @@ def create_required_models(sender, instance, created, *args, **kwargs):
@receiver(post_save, sender=Token)
def record_character_ownership(sender, instance, created, *args, **kwargs):
if created:
if instance.user:
query = Q(owner_hash=instance.character_owner_hash) & Q(user=instance.user)
else:
query = Q(owner_hash=instance.character_owner_hash)
# purge ownership records if the hash or auth user account has changed
CharacterOwnership.objects.filter(character__character_id=instance.character_id).exclude(Q(
owner_hash=instance.character_owner_hash) & Q(user=instance.user)).delete()
CharacterOwnership.objects.filter(character__character_id=instance.character_id).exclude(query).delete()
# create character if needed
if EveCharacter.objects.filter(character_id=instance.character_id).exists() is False:
EveManager.create_character(instance.character_id)

34
services/signals.py
View File

@ -11,6 +11,7 @@ from django.dispatch import receiver
from services.hooks import ServicesHook
from services.tasks import disable_user
from authentication.models import State
logger = logging.getLogger(__name__)
@ -88,6 +89,39 @@ def m2m_changed_group_permissions(sender, instance, action, pk_set, *args, **kwa
logger.debug("Permission change for group {} was not service permission, ignoring".format(instance))
@receiver(m2m_changed, sender=State.permissions.through)
def m2m_changed_state_permissions(sender, instance, action, pk_set, *args, **kwargs):
logger.debug("Received m2m_changed from state %s permissions with action %s" % (instance, action))
if instance.pk and (action == "post_remove" or action == "post_clear"):
logger.debug("Checking if service permission changed for state {}".format(instance))
# As validating an entire groups service could lead to many thousands of permission checks
# first we check that one of the permissions changed is, in fact, a service permission.
perms = Permission.objects.filter(pk__in=pk_set)
got_change = False
service_perms = [svc.access_perm for svc in ServicesHook.get_services()]
for perm in perms:
natural_key = perm.natural_key()
path_perm = "{}.{}".format(natural_key[1], natural_key[0])
if path_perm not in service_perms:
# Not a service permission, keep searching
continue
for svc in ServicesHook.get_services():
if svc.access_perm == path_perm:
logger.debug("Permissions changed for state {} on "
"service {}, re-validating services for state users".format(instance, svc))
def validate_all_state_users_for_service():
logger.debug("Performing validation for service {}".format(svc))
for profile in instance.userprofile_set.all():
svc.validate_user(profile.user)
transaction.on_commit(validate_all_state_users_for_service)
got_change = True
break # Found service, break out of services iteration and go back to permission iteration
if not got_change:
logger.debug("Permission change for state {} was not service permission, ignoring".format(instance))
@receiver(pre_delete, sender=User)
def pre_delete_user(sender, instance, *args, **kwargs):
logger.debug("Received pre_delete from %s" % instance)