From fa5539fd75d6e562fbb9ff9aca026e551f06fa6f Mon Sep 17 00:00:00 2001 From: Emmanuel Viennet Date: Sat, 25 Sep 2021 22:42:44 +0200 Subject: [PATCH] =?UTF-8?q?Am=C3=A9liore=20script=20import=20users=20ScoDo?= =?UTF-8?q?c7?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/auth/models.py | 2 +- app/scodoc/sco_utils.py | 27 +++++++++++++++++++++++++-- tools/import_scodoc7_user_db.py | 7 ++++++- 3 files changed, 32 insertions(+), 4 deletions(-) diff --git a/app/auth/models.py b/app/auth/models.py index 8b359756..d71ecf3f 100644 --- a/app/auth/models.py +++ b/app/auth/models.py @@ -25,7 +25,7 @@ from app.scodoc.sco_roles_default import SCO_ROLES_DEFAULTS import app.scodoc.sco_utils as scu from app.scodoc import sco_etud # a deplacer dans scu -VALID_LOGIN_EXP = re.compile(r"^[a-zA-Z0-9@\\\-_\\\.]+$") +VALID_LOGIN_EXP = re.compile(r"^[a-zA-Z0-9@\\\-_\.]+$") class User(UserMixin, db.Model): diff --git a/app/scodoc/sco_utils.py b/app/scodoc/sco_utils.py index 4862714c..eb453b56 100644 --- a/app/scodoc/sco_utils.py +++ b/app/scodoc/sco_utils.py @@ -477,6 +477,22 @@ def suppress_accents(s): return s # may be int +class PurgeChars: + """delete all chars except those belonging to the specified string""" + + def __init__(self, allowed_chars=""): + self.allowed_chars_set = {ord(c) for c in allowed_chars} + + def __getitem__(self, x): + if x not in self.allowed_chars_set: + return None + raise LookupError() + + +def purge_chars(s, allowed_chars=""): + return s.translate(PurgeChars(allowed_chars=allowed_chars)) + + def sanitize_string(s): """s is an ordinary string, encoding given by SCO_ENCODING" suppress accents and chars interpreted in XML @@ -564,7 +580,9 @@ class ScoDocJSONEncoder(json.JSONEncoder): def sendJSON(data, attached=False): js = json.dumps(data, indent=1, cls=ScoDocJSONEncoder) - return send_file(js, filename="sco_data.json", mime=JSON_MIMETYPE, attached=attached) + return send_file( + js, filename="sco_data.json", mime=JSON_MIMETYPE, attached=attached + ) def sendXML(data, tagname=None, force_outer_xml_tag=True, attached=False): @@ -581,7 +599,12 @@ def sendResult(data, name=None, format=None, force_outer_xml_tag=True, attached= if (format is None) or (format == "html"): return data elif format == "xml": # name is outer tagname - return sendXML(data, tagname=name, force_outer_xml_tag=force_outer_xml_tag, attached=attached) + return sendXML( + data, + tagname=name, + force_outer_xml_tag=force_outer_xml_tag, + attached=attached, + ) elif format == "json": return sendJSON(data, attached=attached) else: diff --git a/tools/import_scodoc7_user_db.py b/tools/import_scodoc7_user_db.py index 199f23e2..91049ca9 100644 --- a/tools/import_scodoc7_user_db.py +++ b/tools/import_scodoc7_user_db.py @@ -27,6 +27,11 @@ def import_scodoc7_user_db(scodoc7_db="dbname=SCOUSERS"): cursor.execute("SELECT * FROM sco_users;") for u7 in cursor: user_name = scu.sanitize_string(u7["user_name"].strip()) + # ensure that user_name will match VALID_LOGIN_EXP + user_name = scu.purge_chars( + user_name, + allowed_chars="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ@\\-_.", + ) if user_name != u7["user_name"]: msg = f"""Changing login '{u7["user_name"]}' to '{user_name}'""" current_app.logger.warning(msg) @@ -83,4 +88,4 @@ def import_scodoc7_user_db(scodoc7_db="dbname=SCOUSERS"): db.session.add(u) current_app.logger.info("imported user {}".format(u)) db.session.commit() - return messages \ No newline at end of file + return messages