# HG changeset patch # User Goffi # Date 1702229580 -3600 # Node ID 291a7026cb2b5318b48b633d38a0a20a34f846ef # Parent f1d09a4d38dc5ce4c93130596bf66262f8ccd059 server: handle new registration link feature, following backend implementation diff -r f1d09a4d38dc -r 291a7026cb2b libervia/web/pages/register/page_meta.py --- a/libervia/web/pages/register/page_meta.py Sun Dec 10 11:01:57 2023 +0100 +++ b/libervia/web/pages/register/page_meta.py Sun Dec 10 18:33:00 2023 +0100 @@ -1,23 +1,35 @@ #!/usr/bin/env python3 +from libervia.backend.core import exceptions +from libervia.backend.tools.common import data_format +from libervia.frontends.bridge.bridge_frontend import BridgeException from libervia.web.server.constants import Const as C from libervia.web.server import session_iface -from twisted.internet import defer from libervia.backend.core.log import getLogger log = getLogger(__name__) -"""SàT account registration page""" +"""Libervia account registration page""" name = "register" access = C.PAGES_ACCESS_PUBLIC template = "login/register.html" -def prepare_render(self, request): +def parse_url(self, request): + self.get_path_args( + request, + ("registration_id",), + ) + + +async def prepare_render(self, request): if not self.host.options["allow_registration"]: - self.page_error(request, C.HTTP_FORBIDDEN) + try: + await self.host.check_registration_id(request) + except exceptions.NotFound: + self.page_error(request, C.HTTP_FORBIDDEN) profile = self.get_profile(request) if profile is not None: self.page_redirect("/login/logged", request) @@ -36,14 +48,13 @@ template_data[k] = session_data.pop_page_data(self, k) -@defer.inlineCallbacks -def on_data_post(self, request): +async def on_data_post(self, request): type_ = self.get_posted_data(request, "type") if type_ == "register": login, email, password = self.get_posted_data( request, ("login", "email", "password") ) - status = yield self.host.register_new_account(request, login, password, email) + status = await self.host.register_new_account(request, login, password, email) session_data = self.host.get_session_data(request, session_iface.IWebSession) if status == C.REGISTRATION_SUCCEED: # we prefill login field for login page @@ -58,6 +69,6 @@ for k in ("login", "email", "password"): # we save fields so user doesn't have to enter them again session_data.set_page_data(self, k, l[k]) - defer.returnValue(C.POST_NO_CONFIRM) + return C.POST_NO_CONFIRM else: self.page_error(request, C.HTTP_BAD_REQUEST) diff -r f1d09a4d38dc -r 291a7026cb2b libervia/web/server/pages.py --- a/libervia/web/server/pages.py Sun Dec 10 11:01:57 2023 +0100 +++ b/libervia/web/server/pages.py Sun Dec 10 18:33:00 2023 +0100 @@ -867,13 +867,19 @@ return value - def get_path_args(self, request, names, min_args=0, **kwargs): - """get several path arguments at once + def get_path_args( + self, + request: server.Request, + names: list[str], + min_args: int = 0, + **kwargs + ) -> None: + """Get several path arguments at once. Arguments will be put in request data. Missing arguments will have None value - @param names(list[unicode]): list of arguments to get - @param min_args(int): if less than min_args are found, PageError is used with + @param names: list of arguments to get + @param min_args: if less than min_args are found, PageError is used with C.HTTP_BAD_REQUEST Use 0 to ignore @param **kwargs: special value or optional callback to use for arguments diff -r f1d09a4d38dc -r 291a7026cb2b libervia/web/server/server.py --- a/libervia/web/server/server.py Sun Dec 10 11:01:57 2023 +0100 +++ b/libervia/web/server/server.py Sun Dec 10 18:33:00 2023 +0100 @@ -980,13 +980,55 @@ state = yield defer.ensureDeferred(self._logged(profile, request)) defer.returnValue(state) - def register_new_account(self, request, login, password, email): + async def check_registration_id(self, request: server.Request) -> None: + """Check if a valid registration ID is found in request data + + @param request: request used for account registration + + @raise exceptions.NotFound: not valid registration ID has been found + """ + try: + r_data = request.data + registration_id = r_data["registration_id"] + except (AttributeError, KeyError): + log.warning("Can't find registration ID") + raise exceptions.NotFound + if registration_id is None: + raise exceptions.NotFound + try: + registration_link_data = data_format.deserialise( + await self.bridge_call( + "registration_link_get", + registration_id + ) + ) + except BridgeException as e: + if e.classname == "NotFound": + log.warning(f"Invalid registration ID: {registration_id!r}") + else: + log.exception(f"Can't get registration ID data: {e}") + raise exceptions.NotFound + else: + log.info( + f"Using registration ID {registration_id!r} (" + f"{registration_link_data['recipient']})." + ) + + + async def register_new_account( + self, + request: server.Request, + login: str, + password: str, + email: str + ) -> str: """Create a new account, or return error - @param request(server.Request): request linked to the session - @param login(unicode): new account requested login - @param email(unicode): new account email - @param password(unicode): new account password - @return(unicode): a constant indicating the state: + + @param request: request linked to the session + @param login: new account requested login + @param email: new account email + @param password: new account password + @return: a constant indicating the state: - C.BAD_REQUEST: something is wrong in the request (bad arguments) - C.INVALID_INPUT: one of the data is not valid - C.REGISTRATION_SUCCEED: new account has been successfully registered @@ -995,12 +1037,15 @@ @raise PermissionError: registration is now allowed in server configuration """ if not self.options["allow_registration"]: - log.warning( - _("Registration received while it is not allowed, hack attempt?") - ) - raise failure.Failure( - exceptions.PermissionError("Registration is not allowed on this server") - ) + try: + await self.check_registration_id(request) + except exceptions.NotFound: + log.warning( + _("Registration received while it is not allowed, hack attempt?") + ) + raise failure.Failure( + exceptions.PermissionError("Registration is not allowed on this server") + ) if ( not re.match(C.REG_LOGIN_RE, login) @@ -1009,12 +1054,10 @@ ): return C.INVALID_INPUT - def registered(result): - return C.REGISTRATION_SUCCEED - - def registering_error(failure_): - # FIXME: better error handling for bridge error is needed - status = failure_.value.fullname.split('.')[-1] + try: + await self.bridge_call("libervia_account_register", email, password, login) + except BridgeException as e: + status = e.classname if status == "ConflictError": return C.ALREADY_EXISTS elif status == "InvalidCertificate": @@ -1023,16 +1066,13 @@ return C.INTERNAL_ERROR else: log.error( - _("Unknown registering error status: {status}\n{traceback}").format( - status=status, traceback=failure_.value.message + _("Unknown registering error status: {status}\n{e}").format( + status=status, e=e ) ) return status - - d = self.bridge_call("libervia_account_register", email, password, login) - d.addCallback(registered) - d.addErrback(registering_error) - return d + else: + return C.REGISTRATION_SUCCEED def addCleanup(self, callback, *args, **kwargs): """Add cleaning method to call when service is stopped