general: remove "user hash" stuff (#13840)
This commit is contained in:
parent
2702aca978
commit
12124f14ab
|
@ -39,8 +39,6 @@ réservé aux usages internes.
|
|||
<item><p><var>id</var> : identifiant interne</p></item>
|
||||
<item><p><var>id_display</var> : identifiant externe, le cas échéant</p></item>
|
||||
<item><p><var>user_id</var> : identifiant de l'utilisateur</p></item>
|
||||
<item><p><var>user_hash</var> : <em>hash</em> de l'utilisateur, quand ce
|
||||
mode est activé</p></item>
|
||||
<item><p><var>receipt_time</var> : date et heure de réception</p></item>
|
||||
<item><p><var>status</var> : statut courant</p></item>
|
||||
<item><p><var>is_at_endpoint</var> : indicateur de fin de traitement</p></item>
|
||||
|
|
|
@ -18,7 +18,6 @@ import copy
|
|||
import cStringIO
|
||||
import hashlib
|
||||
import mimetypes
|
||||
import random
|
||||
import os
|
||||
import urllib2
|
||||
try:
|
||||
|
@ -77,23 +76,13 @@ class IdentificationDirectory(Directory):
|
|||
inline=False,
|
||||
required=True)
|
||||
|
||||
form.add(CheckboxWidget, 'use_user_hash', title=_('One-way association between user and forms'),
|
||||
value=bool(identification_cfg.get('use_user_hash', False)),
|
||||
required=False)
|
||||
|
||||
form.add_submit('submit', _('Submit'))
|
||||
form.add_submit('cancel', _('Cancel'))
|
||||
if form.get_widget('cancel').parse():
|
||||
return redirect('..')
|
||||
|
||||
if form.is_submitted() and not form.has_errors():
|
||||
cfg_submit(form, 'identification', ['methods', 'use_user_hash'])
|
||||
if not identification_cfg.get('user_hash_secret_key') and form.get_widget('use_user_hash').parse():
|
||||
identification_cfg = get_cfg('identification', {})
|
||||
identification_cfg[str('user_hash_secret_key')] = \
|
||||
str(random.SystemRandom().getrandbits(64))
|
||||
get_publisher().cfg[str('identification')] = identification_cfg
|
||||
get_publisher().write_cfg()
|
||||
cfg_submit(form, 'identification', ['methods'])
|
||||
if not form.has_errors():
|
||||
return redirect('..')
|
||||
|
||||
|
|
|
@ -438,11 +438,6 @@ class ApiUserDirectory(Directory):
|
|||
for formdef in formdefs:
|
||||
user_forms.extend(formdef.data_class().get_with_indexed_value(
|
||||
'user_id', user.id))
|
||||
try:
|
||||
user_forms.extend(formdef.data_class().get_with_indexed_value(
|
||||
'user_hash', user.hash))
|
||||
except AttributeError:
|
||||
pass
|
||||
user_forms.sort(lambda x, y: cmp(x.receipt_time, y.receipt_time))
|
||||
return user_forms
|
||||
|
||||
|
|
|
@ -183,13 +183,12 @@ class Evolution(object):
|
|||
|
||||
class FormData(StorableObject):
|
||||
_names = 'XX'
|
||||
_hashed_indexes = ['user_id', 'user_hash', 'status', 'workflow_roles',
|
||||
_hashed_indexes = ['user_id', 'status', 'workflow_roles',
|
||||
'concerned_roles', 'actions_roles']
|
||||
|
||||
id_display = None
|
||||
|
||||
user_id = None
|
||||
user_hash = None
|
||||
receipt_time = None
|
||||
status = None
|
||||
anonymised = None
|
||||
|
@ -256,15 +255,10 @@ class FormData(StorableObject):
|
|||
return None
|
||||
|
||||
def set_user(self, user):
|
||||
self.user_hash = None
|
||||
try:
|
||||
self.user_hash = user.hash
|
||||
if user:
|
||||
self.user_id = user.id
|
||||
else:
|
||||
self.user_id = None
|
||||
except AttributeError:
|
||||
if user:
|
||||
self.user_id = user.id
|
||||
else:
|
||||
self.user_id = None
|
||||
user = property(get_user, set_user)
|
||||
|
||||
def has_empty_data(self):
|
||||
|
@ -648,11 +642,6 @@ class FormData(StorableObject):
|
|||
def is_submitter(self, user):
|
||||
if self.user_id and user and str(self.user_id) == str(user.id):
|
||||
return True
|
||||
try:
|
||||
if self.user_hash and self.user_hash == user.hash:
|
||||
return True
|
||||
except AttributeError:
|
||||
return False
|
||||
if get_session() and get_session().is_anonymous_submitter(self):
|
||||
return True
|
||||
return False
|
||||
|
@ -734,7 +723,6 @@ class FormData(StorableObject):
|
|||
|
||||
self.anonymised = datetime.datetime.now()
|
||||
self.user_id = None
|
||||
self.user_hash = None
|
||||
self.editable_by = None
|
||||
self.workflow_data = None
|
||||
self.workflow_roles = None
|
||||
|
|
|
@ -1053,9 +1053,6 @@ class FormDef(StorableObject):
|
|||
if evo.who == '_submitter':
|
||||
if formdata.user_id:
|
||||
evo_who = formdata.user_id
|
||||
elif formdata.user_hash and get_request() and (
|
||||
get_request().user and formdata.is_submitter(get_request().user)):
|
||||
evo_who = get_request().user.id
|
||||
else:
|
||||
evo_who = evo.who
|
||||
if evo_who:
|
||||
|
|
|
@ -73,11 +73,7 @@ def get_user_forms(formdef):
|
|||
user = session.get_user()
|
||||
user_forms = []
|
||||
if user and not user.anonymous:
|
||||
user_forms.extend(formdef.data_class().get_with_indexed_value('user_id', user.id))
|
||||
try:
|
||||
user_forms.extend(formdef.data_class().get_with_indexed_value('user_hash', user.hash))
|
||||
except AttributeError:
|
||||
pass
|
||||
user_forms = formdef.data_class().get_with_indexed_value('user_id', user.id)
|
||||
return user_forms
|
||||
|
||||
from wcs.forms.common import FormStatusPage
|
||||
|
@ -1010,10 +1006,7 @@ class FormPage(Directory):
|
|||
filled.data = self.formdef.get_data(form)
|
||||
session = get_session()
|
||||
if session and session.user and not str(session.user).startswith('anonymous-'):
|
||||
try:
|
||||
filled.user_hash = get_request().user.hash
|
||||
except AttributeError:
|
||||
filled.user_id = get_request().user.id
|
||||
filled.user_id = get_request().user.id
|
||||
|
||||
if get_request().get_path().startswith('/backoffice/'):
|
||||
filled.user_id = None
|
||||
|
|
12
wcs/sql.py
12
wcs/sql.py
|
@ -320,7 +320,6 @@ def do_formdef_tables(formdef, conn=None, cur=None, rebuild_views=False, rebuild
|
|||
if cur.fetchone()[0] == 0:
|
||||
cur.execute('''CREATE TABLE %s (id serial PRIMARY KEY,
|
||||
user_id varchar,
|
||||
user_hash varchar,
|
||||
receipt_time timestamp,
|
||||
anonymised timestamptz,
|
||||
status varchar,
|
||||
|
@ -340,7 +339,7 @@ def do_formdef_tables(formdef, conn=None, cur=None, rebuild_views=False, rebuild
|
|||
WHERE table_name = %s''', (table_name,))
|
||||
existing_fields = set([x[0] for x in cur.fetchall()])
|
||||
|
||||
needed_fields = set(['id', 'user_id', 'user_hash', 'receipt_time',
|
||||
needed_fields = set(['id', 'user_id', 'receipt_time',
|
||||
'status', 'workflow_data', 'id_display', 'fts', 'page_no',
|
||||
'anonymised', 'workflow_roles', 'workflow_roles_array',
|
||||
'concerned_roles_array', 'tracking_code',
|
||||
|
@ -601,7 +600,7 @@ def get_view_fields(formdef):
|
|||
view_fields = []
|
||||
view_fields.append(("int '%s'" % (formdef.category_id or 0), 'category_id'))
|
||||
view_fields.append(("int '%s'" % (formdef.id or 0), 'formdef_id'))
|
||||
for field in ('id', 'user_id', 'user_hash', 'receipt_time', 'status',
|
||||
for field in ('id', 'user_id', 'receipt_time', 'status',
|
||||
'id_display', 'submission_channel', 'backoffice_submission',
|
||||
'last_update_time'):
|
||||
view_fields.append((field, field))
|
||||
|
@ -1037,7 +1036,6 @@ class SqlFormData(SqlMixin, wcs.formdata.FormData):
|
|||
_table_static_fields = [
|
||||
('id', 'serial'),
|
||||
('user_id', 'varchar'),
|
||||
('user_hash', 'varchar'),
|
||||
('receipt_time', 'timestamp'),
|
||||
('status', 'varchar'),
|
||||
('page_no', 'varchar'),
|
||||
|
@ -1136,7 +1134,6 @@ class SqlFormData(SqlMixin, wcs.formdata.FormData):
|
|||
def store(self):
|
||||
sql_dict = {
|
||||
'user_id': self.user_id,
|
||||
'user_hash': self.user_hash,
|
||||
'status': self.status,
|
||||
'page_no': self.page_no,
|
||||
'workflow_data': bytearray(cPickle.dumps(self.workflow_data)),
|
||||
|
@ -1851,7 +1848,7 @@ def get_yearly_totals(period_start=None, period_end=None, criterias=None):
|
|||
return result
|
||||
|
||||
|
||||
SQL_LEVEL = 19
|
||||
SQL_LEVEL = 20
|
||||
|
||||
def migrate_global_views(conn, cur):
|
||||
cur.execute('''SELECT COUNT(*) FROM information_schema.tables
|
||||
|
@ -1885,7 +1882,7 @@ def migrate():
|
|||
raise RuntimeError()
|
||||
if sql_level < 1: # 1: introduction of tracking_code table
|
||||
do_tracking_code_table()
|
||||
if sql_level < 19:
|
||||
if sql_level < 20:
|
||||
# 2: introduction of formdef_id in views
|
||||
# 5: add concerned_roles_array, is_at_endpoint and fts to views
|
||||
# 7: add backoffice_submission to tables
|
||||
|
@ -1897,6 +1894,7 @@ def migrate():
|
|||
# 14: add criticality_level to tables & views
|
||||
# 15: add geolocation to formdata
|
||||
# 19: add geolocation to views
|
||||
# 20: remove user hash stuff
|
||||
migrate_views(conn, cur)
|
||||
if sql_level < 16:
|
||||
# 3: introduction of _structured for user fields
|
||||
|
|
15
wcs/users.py
15
wcs/users.py
|
@ -14,9 +14,6 @@
|
|||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
import hashlib
|
||||
import hmac
|
||||
|
||||
from qommon.storage import StorableObject
|
||||
from qommon import get_cfg
|
||||
import wcs.qommon.storage as st
|
||||
|
@ -46,18 +43,6 @@ class User(StorableObject):
|
|||
self.verified_fields = []
|
||||
self.roles = []
|
||||
|
||||
def get_hash(self):
|
||||
if not self.id:
|
||||
raise AttributeError('No hash for anonymous user')
|
||||
identification_cfg = get_cfg('identification', {})
|
||||
if not identification_cfg.get('use_user_hash'):
|
||||
raise AttributeError('User hash is not enabled')
|
||||
secret_key = identification_cfg.get('user_hash_secret_key')
|
||||
if not secret_key:
|
||||
raise AttributeError('No user hash secret key defined')
|
||||
return hmac.new(secret_key, str(self.id), hashlib.sha256).hexdigest()
|
||||
hash = property(get_hash)
|
||||
|
||||
def migrate(self):
|
||||
changed = False
|
||||
|
||||
|
|
|
@ -67,7 +67,7 @@ class AddRoleWorkflowStatusItem(WorkflowStatusItem):
|
|||
return
|
||||
self.role_id = str(self.role_id)
|
||||
if not formdata.user_id:
|
||||
# we can't work on anonymous or user_hash'ed forms
|
||||
# we can't work on anonymous forms
|
||||
return
|
||||
user = get_publisher().user_class.get(formdata.user_id)
|
||||
self.perform_local(user, formdata)
|
||||
|
@ -127,7 +127,7 @@ class RemoveRoleWorkflowStatusItem(WorkflowStatusItem):
|
|||
return
|
||||
self.role_id = str(self.role_id)
|
||||
if not formdata.user_id:
|
||||
# we can't work on anonymous or user_hash'ed forms
|
||||
# we can't work on anonymous forms
|
||||
return
|
||||
user = get_publisher().user_class.get(formdata.user_id)
|
||||
self.perform_local(user, formdata)
|
||||
|
|
Loading…
Reference in New Issue