dinislage/web2py
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: dinislage:R-2.13.1
Branches Tags
dinislage:master dinislage:dev-ah dinislage:ah-stable dinislage:patch-json-handoff dinislage:patch-2 dinislage:issue-2274 dinislage:fake_migrate dinislage:patch-1 dinislage:migrator-pr dinislage:fix-missing-folders-in-script dinislage:modular dinislage:jwt_allow_decorator_fix dinislage:testing dinislage:mdipierro dinislage:mdipierro-test1 dinislage:eb2py.crt dinislage:admin2 dinislage:experimental
dinislage:2.18.4 dinislage:R-2.18.3 dinislage:R-2.18.2 dinislage:R-2.17.2 dinislage:R-2.17.1 dinislage:R-2.16.1 dinislage:R-2.15.4 dinislage:R-2.15.3 dinislage:R-2.15.2 dinislage:R-2.15.1 dinislage:R-2.15.0b2 dinislage:R-2.16.0b1 dinislage:R-2.14.6 dinislage:latest dinislage:R-2.14.5 dinislage:R-2.14.4 dinislage:R-2.14.3 dinislage:R-2.14.2 dinislage:R-2.14.1 dinislage:R-2.13.4 dinislage:R-2.13.3 dinislage:R-2.13.2 dinislage:R-2.13.1 dinislage:R-2.12.3 dinislage:R-2.12.2 dinislage:R-2.12.1 dinislage:R-2.11.2 dinislage:R-2.11.1 dinislage:R-2.10.4 dinislage:R-2.10.4.beta dinislage:R-2.10.3 dinislage:R-2.10.2 dinislage:R-2.10.1 dinislage:R-2.9.12 dinislage:R-2.9.11 dinislage:R-2.9.10 dinislage:R-2.9.9 dinislage:R-2.9.8 dinislage:R-2.9.7 dinislage:R-2.9.6 dinislage:R-2.9.5 dinislage:R-2.9.4 dinislage:R-2.9.3 dinislage:R-2.9.2 dinislage:R-2.8.2 dinislage:R-2.8.1 dinislage:R-2.7.4 dinislage:R-2.7.3 dinislage:R-2.7.2 dinislage:R-2.7.1 dinislage:R-2.6.4 dinislage:R-2.6.3 dinislage:R-2.6.2 dinislage:R-2.6.1 dinislage:R-2.5.1 dinislage:R-2.4.7 dinislage:R-2.4.6 dinislage:R-2.4.5 dinislage:R-2.4.4 dinislage:R-2.4.3 dinislage:R-2.4.2 dinislage:R-2.3.2 dinislage:R-2.3.1 dinislage:R-2.2.1 dinislage:R-2.1.1 dinislage:R-2.0.9 dinislage:R-2.0.8 dinislage:R-2.0.7 dinislage:R-2.0.5 dinislage:R-2.0.6 dinislage:R-2.0.4 dinislage:R-2.0.2
...
compare: dinislage:R-2.13.2
Branches Tags
dinislage:dev-ah dinislage:ah-stable dinislage:patch-json-handoff dinislage:master dinislage:patch-2 dinislage:issue-2274 dinislage:fake_migrate dinislage:patch-1 dinislage:migrator-pr dinislage:fix-missing-folders-in-script dinislage:modular dinislage:jwt_allow_decorator_fix dinislage:testing dinislage:mdipierro dinislage:mdipierro-test1 dinislage:eb2py.crt dinislage:admin2 dinislage:experimental
dinislage:2.18.4 dinislage:R-2.18.3 dinislage:R-2.18.2 dinislage:R-2.17.2 dinislage:R-2.17.1 dinislage:R-2.16.1 dinislage:R-2.15.4 dinislage:R-2.15.3 dinislage:R-2.15.2 dinislage:R-2.15.1 dinislage:R-2.15.0b2 dinislage:R-2.16.0b1 dinislage:R-2.14.6 dinislage:latest dinislage:R-2.14.5 dinislage:R-2.14.4 dinislage:R-2.14.3 dinislage:R-2.14.2 dinislage:R-2.14.1 dinislage:R-2.13.4 dinislage:R-2.13.3 dinislage:R-2.13.2 dinislage:R-2.13.1 dinislage:R-2.12.3 dinislage:R-2.12.2 dinislage:R-2.12.1 dinislage:R-2.11.2 dinislage:R-2.11.1 dinislage:R-2.10.4 dinislage:R-2.10.4.beta dinislage:R-2.10.3 dinislage:R-2.10.2 dinislage:R-2.10.1 dinislage:R-2.9.12 dinislage:R-2.9.11 dinislage:R-2.9.10 dinislage:R-2.9.9 dinislage:R-2.9.8 dinislage:R-2.9.7 dinislage:R-2.9.6 dinislage:R-2.9.5 dinislage:R-2.9.4 dinislage:R-2.9.3 dinislage:R-2.9.2 dinislage:R-2.8.2 dinislage:R-2.8.1 dinislage:R-2.7.4 dinislage:R-2.7.3 dinislage:R-2.7.2 dinislage:R-2.7.1 dinislage:R-2.6.4 dinislage:R-2.6.3 dinislage:R-2.6.2 dinislage:R-2.6.1 dinislage:R-2.5.1 dinislage:R-2.4.7 dinislage:R-2.4.6 dinislage:R-2.4.5 dinislage:R-2.4.4 dinislage:R-2.4.3 dinislage:R-2.4.2 dinislage:R-2.3.2 dinislage:R-2.3.1 dinislage:R-2.2.1 dinislage:R-2.1.1 dinislage:R-2.0.9 dinislage:R-2.0.8 dinislage:R-2.0.7 dinislage:R-2.0.5 dinislage:R-2.0.6 dinislage:R-2.0.4 dinislage:R-2.0.2

5 Commits
R-2.13.1 ... R-2.13.2

Author SHA1 Message Date
mdipierro
b67edb083e fixed compileapp problem in appveyor test (2nd attempt) 2015-12-18 04:44:03 -06:00
mdipierro
4125a97ce1 fixed compileapp problem in appveyor test 2015-12-18 04:39:51 -06:00
mdipierro
78cf55bf9a R-2.13.2 2015-12-18 04:28:16 -06:00
mdipierro
931daaff89 fixed security issue in reset password when registration_requires_authorization, thanks Giovanni Verde 2015-12-18 04:11:26 -06:00
mdipierro
c6550f0adc fixed a condition that allows reset_password if a reset link is sent before a user is blocked 2015-12-18 03:40:12 -06:00
3 changed files with 20 additions and 9 deletions
Expand all files Collapse all files

2
Makefile
View File

@@ -32,7 +32,7 @@ update:
echo "remember that pymysql was tweaked"
src:
### Use semantic versioning
echo 'Version 2.13.1-stable+timestamp.'`date +%Y.%m.%d.%H.%M.%S` > VERSION
echo 'Version 2.13.2-stable+timestamp.'`date +%Y.%m.%d.%H.%M.%S` > VERSION
### rm -f all junk files
make clean
### clean up baisc apps

6
gluon/compileapp.py
View File

@@ -476,11 +476,11 @@ def compile_views(folder, skip_failed_views=False):
data = parse_template(fname, path)
except Exception, e:
if skip_failed_views:
failed_views.append(file)
failed_views.append(fname)
else:
raise Exception("%s in %s" % (e, file))
raise Exception("%s in %s" % (e, fname))
else:
filename = ('views/%s.py' % file).replace('/', '_').replace('\\', '_')
filename = ('views/%s.py' % fname).replace('/', '_').replace('\\', '_')
filename = pjoin(folder, 'compiled', filename)
write_file(filename, data)
save_pyc(filename)

21
gluon/tools.py
View File

@@ -2652,8 +2652,8 @@ class Auth(object):
user = table_user(**{username: entered_username})
if user:
# user in db, check if registration pending or disabled
temp_user = user
if temp_user.registration_key == 'pending':
temp_user = user
if (temp_user.registration_key or '').startswith('pending'):
response.flash = self.messages.registration_pending
return form
elif temp_user.registration_key in ('disabled', 'blocked'):
@@ -3028,7 +3028,11 @@ class Auth(object):
DIV(_id="pre-reg", *self.settings.pre_registration_div),
'', formstyle, '')
table_user.registration_key.default = key = web2py_uuid()
key = web2py_uuid()
if self.settings.registration_requires_approval:
key = 'pending-'+key
table_user.registration_key.default = key
if form.accepts(request, session if self.csrf_prevention else None,
formname='register',
onvalidation=onvalidation,
@@ -3242,11 +3246,12 @@ class Auth(object):
formname='retrieve_password', dbio=False,
onvalidation=onvalidation, hideerror=self.settings.hideerror):
user = table_user(email=form.vars.email)
key = user.registration_key
if not user:
current.session.flash = \
self.messages.invalid_email
redirect(self.url(args=request.args))
elif user.registration_key in ('pending', 'disabled', 'blocked'):
elif key in ('pending', 'disabled', 'blocked') or (key or '').startswith('pending'):
current.session.flash = \
self.messages.registration_pending
redirect(self.url(args=request.args))
@@ -3450,6 +3455,11 @@ class Auth(object):
except Exception:
session.flash = self.messages.invalid_reset_password
redirect(next, client_side=self.settings.client_side)
key = user.registration_key
if key in ('pending', 'disabled', 'blocked') or (key or '').startswith('pending'):
session.flash = self.messages.registration_pending
redirect(next, client_side=self.settings.client_side)
if onvalidation is DEFAULT:
onvalidation = self.settings.reset_password_onvalidation
@@ -3544,11 +3554,12 @@ class Auth(object):
onvalidation=onvalidation,
hideerror=self.settings.hideerror):
user = table_user(**{userfield:form.vars.get(userfield)})
key = user.registration_key
if not user:
session.flash = self.messages['invalid_%s' % userfield]
redirect(self.url(args=request.args),
client_side=self.settings.client_side)
elif user.registration_key in ('pending', 'disabled', 'blocked'):
elif key in ('pending', 'disabled', 'blocked') or (key or '').startswith('pending'):
session.flash = self.messages.registration_pending
redirect(self.url(args=request.args),
client_side=self.settings.client_side)