Mercurial > libervia-backend
view frontends/src/tools/strings.py @ 1030:15f43b54d697
core, memory, bridge: added profile password + password encryption:
/!\ This changeset updates the database version to 2 and modify the database content!
Description:
- new parameter General / Password to store the profile password
- profile password is initialized with XMPP password value, it is stored hashed
- bridge methods asyncCreateProfile/asyncConnect takes a new argument "password" (default = "")
- bridge method asyncConnect returns a boolean (True = connection already established, False = connection initiated)
- profile password is checked before initializing the XMPP connection
- new private individual parameter to store the personal encryption key of each profile
- personal key is randomly generated and encrypted with the profile password
- personal key is decrypted after profile authentification and stored in a Sessions instance
- personal key is used to encrypt/decrypt other passwords when they need to be retrieved/modified
- modifying the profile password re-encrypt the personal key
- Memory.setParam now returns a Deferred (the bridge method "setParam" is unchanged)
- Memory.asyncGetParamA eventually decrypts the password, Memory.getParamA would fail on a password parameter
TODO:
- if profile authentication is OK but XMPP authentication is KO, prompt the user for another XMPP password
- fix the method "registerNewAccount" (and move it to a plugin)
- remove bridge method "connect", sole "asyncConnect" should be used
| author | souliane <souliane@mailoo.org> |
|---|---|
| date | Wed, 07 May 2014 16:02:23 +0200 |
| parents | 429c6a0ef73d |
| children | 069ad98b360d |
line wrap: on
line source
#!/usr/bin/python # -*- coding: utf-8 -*- # SAT helpers methods for plugins # Copyright (C) 2013, 2014 Adrien Cossa (souliane@mailoo.org) # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import re def getURLParams(url): """This comes from pyjamas.Location.makeUrlDict with a small change to also parse full URLs, and parameters with no value specified (in that case the default value "" is used). @param url: any URL with or without parameters @return: a dictionary of the parameters, if any was given, or {} """ dict_ = {} if "/" in url: # keep the part after the last "/" url = url[url.rindex("/") + 1:] if url.startswith("?"): # remove the first "?" url = url[1:] pairs = url.split("&") for pair in pairs: if len(pair) < 3: continue kv = pair.split("=", 1) dict_[kv[0]] = kv[1] if len(kv) > 1 else "" return dict_ def addURLToText(string): """Check a text for what looks like an URL and make it clickable. Regexp from http://daringfireball.net/2010/07/improved_regex_for_matching_urls""" def repl(match): url = match.group(0) if not re.match(r"""[a-z]{3,}://|mailto:|xmpp:""", url): url = "http://" + url return '<a href="%s" target="_blank" class="url">%s</a>' % (url, match.group(0)) pattern = r"""(?i)\b((?:[a-z]{3,}://|(www|ftp)\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,4}/|mailto:|xmpp:)(?:[^\s()<>]+|\(([^\s()<>]+|(\([^\s()<>]+\)))*\))+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:'".,<>?]))""" return re.sub(pattern, repl, string) def addURLToImage(string): """Check a XHTML text for what looks like an imageURL and make it clickable""" def repl(match): url = match.group(1) return '<a href="%s" target="_blank">%s</a>' % (url, match.group(0)) pattern = r"""<img[^>]* src="([^"]+)"[^>]*>""" return re.sub(pattern, repl, string)