Added separate column for user ban status in the user table. Also

improved the unittests to not log out from the admin panel when traversing
the links.

SCHEMA_CHANGES

@@ -2,3 +2,4 @@ Schema changes from first release to development version.  This will
 later be integrated into a proper update script:
 
 alter table user_messages add column type varchar(10) after text;
+alter table users add column type boolean after is_admin;

solace/_openid_auth.py

@@ -141,7 +141,7 @@ def first_login(self, request):
 
         form = OpenIDRegistrationForm()
         if request.method == 'POST' and form.validate():
-            user = User(form['username'], form['email'], '!')
+            user = User(form['username'], form['email'])
             user.openid_logins.add(identity_url)
             self.after_register(request, user)
             session.commit()

solace/default_settings.cfg

@@ -120,6 +120,9 @@ SMTP_USE_TLS = False
 #: in the LANGUAGE_SECTIONS list.
 DEFAULT_LANGUAGE = 'en'
 
+#: if a user is unbanned, should he pick a new password?
+REQUIRE_NEW_PASSWORD_ON_UNBAN = False
+
 #: the languages for which sections exist.  Ideally we also have
 #: translations of the application for these languages, but if a
 #: language is missing in the UI it falls back to english.

solace/models.py

@@ -100,10 +100,6 @@ def active_in(self, locale):
         return self.filter(User.id.in_(select([ua.user_id],
                                               ua.locale == str(locale))))
 
-    def banned(self):
-        """Returns all the banned users."""
-        return self.filter_by(pw_hash=None)
-
 
 class User(RemoteObject):
     """Represents a user on the system."""
@@ -124,6 +120,7 @@ def __init__(self, username, email, password=None, is_admin=False):
         self.real_name = u''
         self.is_admin = is_admin
         self.is_active = True
+        self.is_banned = False
         self.last_login = None
         if password is not None:
             self.set_password(password)
@@ -157,11 +154,6 @@ def is_moderator(self):
         return self.is_admin or self.reputation >= \
             settings.REPUTATION_MAP['IS_MODERATOR']
 
-    @property
-    def is_banned(self):
-        """If the user does not have a password he's marked as banned."""
-        return self.pw_hash is None
-
     @property
     def display_name(self):
         return self.real_name or self.username

solace/schema.py

@@ -28,7 +28,9 @@
     # the email of the user.  If an external auth system is used, the
     # login code should update that information automatically on login
     Column('email', String(200), index=True),
-    # the password hash.  Probably only used for the builtin auth system.
+    # the password hash.  This might not be used by every auth system.
+    # the OpenID auth for example does not use it at all.  But also
+    # external auth systems might not store the password here.
     Column('pw_hash', String(60)),
     # the realname of the user
     Column('real_name', String(200)),
@@ -46,6 +48,8 @@
     Column('platin_badges', Integer, nullable=False),
     # true if the user is an administrator
     Column('is_admin', Boolean, nullable=False),
+    # true if the user is banned
+    Column('is_banned', Boolean, nullable=False),
     # the date of the last login
     Column('last_login', DateTime),
     # the user's activation key.  If this is NULL, the user is already

solace/templates/admin/bans.html

@@ -20,7 +20,7 @@ <h3>{{ _('Banned Users') }}</h3>
   <ul class="userlist">
   {%- for user in banned_users %}
     <li>{{ render_user(user, avatar_size=26) }}
-      <span class="action">[<a href="{{ url_for('admin.unban', user=user.username)
+      <span class="action">[<a href="{{ url_for('admin.unban_user', user=user.username)
         }}">{{ _('lift the ban') }}</a>]</span>
   {%- else %}
     <li>{{ _('No users are currently banned.') }}

solace/templates/mails/user_unbanned.txt

@@ -4,11 +4,14 @@
 Hi {{ user }}!
 
 Your ban on {{ site }} was lifted.
+{%- endtrans %}
+
+{%- if settings.REQUIRE_NEW_PASSWORD_ON_UNBAN %}{% trans %}
 
 In order to login again you have to follow the following
 link and pick a new password:
 
-{{ reset_url }}
+{{ reset_url }}{% endtrans %}{% endif %}
 
-See you soon on {{ site }}
+{% trans site=settings.WEBSITE_TITLE %}See you soon on {{ site }}
 {%- endtrans %}{% endblock %}

solace/tests/link_check.py

@@ -27,7 +27,9 @@ def test_only_valid_links(self):
         """Make sure that all links are valid"""
         settings.LANGUAGE_SECTIONS = ['en']
         user = models.User('user1', 'user1@example.com', 'default')
-        user.active = True
+        user.is_admin = True
+        banned_user = models.User('user2', 'user2@example.com', 'default')
+        banned_user.is_banned = True
         topic = models.Topic('en', 'This is a test topic', 'Foobar', user)
         post1 = models.Post(topic, user, 'meh1')
         post2 = models.Post(topic, user, 'meh2')
@@ -40,7 +42,9 @@ def visit(url):
             if not url.startswith(BASE_URL) or url in visited_links:
                 return
             visited_links.add(url)
-            path = url.split('/', 3)[-1]
+            path = '/' + url.split('/', 3)[-1]
+            if path.startswith('/logout?'):
+                return
             response = self.client.get(path, follow_redirects=True)
             self.assertEqual(response.status_code, 200)
             for link in response.html.xpath('//a[@href]'):

solace/utils/admin.py

@@ -8,6 +8,7 @@
     :copyright: (c) 2009 by Plurk Inc., see AUTHORS for more details.
     :license: BSD, see LICENSE for more details.
 """
+from solace import settings
 from solace.i18n import _
 from solace.application import url_for
 from solace.templating import render_template
@@ -22,7 +23,7 @@ def ban_user(user):
     if user.is_banned:
         return
 
-    user.pw_hash = None
+    user.is_banned = True
     send_email(_(u'User account banned'),
                render_template('mails/user_banned.txt', user=user),
                user.email)
@@ -37,9 +38,9 @@ def unban_user(user):
     if not user.is_banned:
         return
 
-    # special password value that will never validate but does not
-    # trigger a "user is deativated".
-    user.pw_hash = '!'
+    if settings.REQUIRE_NEW_PASSWORD_ON_UNBAN:
+        user.is_active = False
+    user.is_banned = False
     reset_url = url_for('core.reset_password', email=user.email,
                         key=user.password_reset_key, _external=True)
     send_email(_(u'Your ban was lifted'),

solace/views/admin.py

@@ -39,7 +39,7 @@ def status(request):
 def bans(request):
     """Manages banned users"""
     form = BanUserForm()
-    query = User.query.banned()
+    query = User.query.filter_by(is_banned=True)
     pagination = Pagination(request, query, request.args.get('page', type=int))
 
     if request.method == 'POST' and form.validate():