2 new commits in galaxy-central: https://bitbucket.org/galaxy/galaxy-central/commits/4b6b1d2d7407/ Changeset: 4b6b1d2d7407 Branch: next-stable User: natefoo Date: 2014-12-03 18:30:44+00:00 Summary: Merge stable changes to next-stable. Affected #: 9 files diff -r 3808622909a6bb561c46d2ff5a5675f1da589c8b -r 4b6b1d2d740732a982c922b264d2027ed2c90370 lib/galaxy/webapps/galaxy/controllers/user.py --- a/lib/galaxy/webapps/galaxy/controllers/user.py +++ b/lib/galaxy/webapps/galaxy/controllers/user.py @@ -28,7 +28,7 @@ from galaxy.web.base.controller import CreatesApiKeysMixin from galaxy.web.form_builder import CheckboxField from galaxy.web.form_builder import build_select_field -from galaxy.web.framework.helpers import time_ago, grids +from galaxy.web.framework.helpers import time_ago, grids, escape from datetime import datetime, timedelta from galaxy.util import hash_util, biostar @@ -164,7 +164,7 @@ user_openid.provider = openid_provider if trans.user: if user_openid.user and user_openid.user.id != trans.user.id: - message = "The OpenID <strong>%s</strong> is already associated with another Galaxy account, <strong>%s</strong>. Please disassociate it from that account before attempting to associate it with a new account." % ( display_identifier, user_openid.user.email ) + message = "The OpenID <strong>%s</strong> is already associated with another Galaxy account, <strong>%s</strong>. Please disassociate it from that account before attempting to associate it with a new account." % ( escape( display_identifier ), escape( user_openid.user.email ) ) if not trans.user.active and trans.app.config.user_activation_on: # Account activation is ON and the user is INACTIVE. if ( trans.app.config.activation_grace_period != 0 ): # grace period is ON if self.is_outside_grace_period( trans, trans.user.create_time ): # User is outside the grace period. Login is disabled and he will have the activation email resent. @@ -179,23 +179,23 @@ user_openid.session = trans.galaxy_session if not openid_provider_obj.never_associate_with_user: if not auto_associate and ( user_openid.user and user_openid.user.id == trans.user.id ): - message = "The OpenID <strong>%s</strong> is already associated with your Galaxy account, <strong>%s</strong>." % ( display_identifier, trans.user.email ) + message = "The OpenID <strong>%s</strong> is already associated with your Galaxy account, <strong>%s</strong>." % ( escape( display_identifier ), escape( trans.user.email ) ) status = "warning" else: - message = "The OpenID <strong>%s</strong> has been associated with your Galaxy account, <strong>%s</strong>." % ( display_identifier, trans.user.email ) + message = "The OpenID <strong>%s</strong> has been associated with your Galaxy account, <strong>%s</strong>." % ( escape( display_identifier ), escape( trans.user.email ) ) status = "done" user_openid.user = trans.user trans.sa_session.add( user_openid ) trans.sa_session.flush() trans.log_event( "User associated OpenID: %s" % display_identifier ) else: - message = "The OpenID <strong>%s</strong> cannot be used to log into your Galaxy account, but any post authentication actions have been performed." % ( openid_provider_obj.name ) + message = "The OpenID <strong>%s</strong> cannot be used to log into your Galaxy account, but any post authentication actions have been performed." % escape( openid_provider_obj.name ) status = "info" openid_provider_obj.post_authentication( trans, trans.app.openid_manager, info ) if redirect: - message = '%s<br>Click <a href="%s"><strong>here</strong></a> to return to the page you were previously viewing.' % ( message, redirect ) + message = '%s<br>Click <a href="%s"><strong>here</strong></a> to return to the page you were previously viewing.' % ( message, escape( self.__get_redirect_url( redirect ) ) ) if redirect and status != "error": - return trans.response.send_redirect( redirect ) + return trans.response.send_redirect( self.__get_redirect_url( redirect ) ) return trans.response.send_redirect( url_for( controller='user', action='openid_manage', use_panels=True, @@ -208,6 +208,7 @@ openid_provider_obj.post_authentication( trans, trans.app.openid_manager, info ) if not redirect: redirect = url_for( '/' ) + redirect = self.__get_redirect_url( redirect ) return trans.response.send_redirect( redirect ) trans.sa_session.add( user_openid ) trans.sa_session.flush() @@ -448,18 +449,9 @@ @web.expose def login( self, trans, refresh_frames=[], **kwd ): - """Handle Galaxy login""" - redirect = kwd.get( 'redirect', trans.request.referer ).strip() - root_url = url_for( '/', qualified=True ) - # Always start with redirect_url being empty. - redirect_url = '' - # Compare urls, to prevent a redirect from pointing (directly) - # outside of galaxy or to enter a logout/login loop. - if not util.compare_urls( root_url, redirect, compare_path=False ) or util.compare_urls( url_for( controller='user', action='logout', qualified=True ), redirect ): - redirect = root_url - if kwd.get( 'noredirect', False ): - # The referrer is explicitly asking not to redirect. - redirect = '' + '''Handle Galaxy Log in''' + redirect = self.__get_redirect_url( kwd.get( 'redirect', trans.request.referer ).strip() ) + redirect_url = '' # always start with redirect_url being empty use_panels = util.string_as_bool( kwd.get( 'use_panels', False ) ) message = kwd.get( 'message', '' ) status = kwd.get( 'status', 'done' ) @@ -910,7 +902,7 @@ username = util.restore_text( params.get( 'username', '' ) ) if not username: username = user.username - message = util.restore_text( params.get( 'message', '' ) ) + message = escape( util.restore_text( params.get( 'message', '' ) ) ) status = params.get( 'status', 'done' ) if trans.webapp.name == 'galaxy': user_type_form_definition = self.__get_user_type_form_definition( trans, user=user, **kwd ) @@ -1119,8 +1111,8 @@ """Reset the user's password. Send an email with the new password.""" if trans.app.config.smtp_server is None: return trans.show_error_message( "Mail is not configured for this Galaxy instance. Please contact your local Galaxy administrator." ) - message = util.sanitize_text( util.restore_text( kwd.get( 'message', '' ) ) ) - status = 'done' + message = util.sanitize_text(util.restore_text( kwd.get( 'message', '' ) )) + status = kwd.get( 'status', 'done' ) if kwd.get( 'reset_password_button', False ): reset_user = trans.sa_session.query( trans.app.model.User ).filter( trans.app.model.User.table.c.email == email ).first() user = trans.get_user() @@ -1146,7 +1138,7 @@ trans.sa_session.add( reset_user ) trans.sa_session.flush() trans.log_event( "User reset password: %s" % email ) - message = "Password has been reset and emailed to: %s. <a href='%s'>Click here</a> to return to the login form." % ( email, web.url_for( controller='user', action='login', noredirect='true' ) ) + message = "Password has been reset and emailed to: %s. <a href='%s'>Click here</a> to return to the login form." % ( escape( email ), web.url_for( controller='user', action='login', noredirect='true' ) ) except Exception, e: message = 'Failed to reset password: %s' % str( e ) status = 'error' @@ -1370,17 +1362,20 @@ # User not logged in, history group must be only public return trans.show_error_message( "You must be logged in to change your default permitted actions." ) + @web.require_login( "to add addresses" ) @web.expose def new_address( self, trans, cntrller, **kwd ): params = util.Params( kwd ) message = util.restore_text( params.get( 'message', '' ) ) status = params.get( 'status', 'done' ) is_admin = cntrller == 'admin' and trans.user_is_admin() - user_id = params.get( 'user_id', False ) - if not user_id: - # User must be logged in to create a new address - return trans.show_error_message( "You must be logged in to create a new address." ) - user = trans.sa_session.query( trans.app.model.User ).get( trans.security.decode_id( user_id ) ) + user_id = params.get( 'id', False ) + if is_admin: + if not user_id: + return trans.show_error_message( "You must specify a user to add a new address to." ) + user = trans.sa_session.query( trans.app.model.User ).get( trans.security.decode_id( user_id ) ) + else: + user = trans.user short_desc = util.restore_text( params.get( 'short_desc', '' ) ) name = util.restore_text( params.get( 'name', '' ) ) institution = util.restore_text( params.get( 'institution', '' ) ) @@ -1431,10 +1426,10 @@ phone=phone ) trans.sa_session.add( user_address ) trans.sa_session.flush() - message = 'Address (%s) has been added' % user_address.desc + message = 'Address (%s) has been added' % escape( user_address.desc ) new_kwd = dict( message=message, status=status ) if is_admin: - new_kwd[ 'user_id' ] = trans.security.encode_id( user.id ) + new_kwd[ 'id' ] = trans.security.encode_id( user.id ) return trans.response.send_redirect( web.url_for( controller='user', action='manage_user_info', cntrller=cntrller, @@ -1452,24 +1447,29 @@ postal_code=postal_code, country=country, phone=phone, - message=message, + message=escape(message), status=status ) + @web.require_login( "to edit addresses" ) @web.expose def edit_address( self, trans, cntrller, **kwd ): params = util.Params( kwd ) message = util.restore_text( params.get( 'message', '' ) ) status = params.get( 'status', 'done' ) is_admin = cntrller == 'admin' and trans.user_is_admin() - user_id = params.get( 'user_id', False ) - if not user_id: - # User must be logged in to create a new address - return trans.show_error_message( "You must be logged in to create a new address." ) - user = trans.sa_session.query( trans.app.model.User ).get( trans.security.decode_id( user_id ) ) + user_id = params.get( 'id', False ) + if is_admin: + if not user_id: + return trans.show_error_message( "You must specify a user to add a new address to." ) + user = trans.sa_session.query( trans.app.model.User ).get( trans.security.decode_id( user_id ) ) + else: + user = trans.user address_id = params.get( 'address_id', None ) if not address_id: - return trans.show_error_message( "No address id received for editing." ) + return trans.show_error_message( "Invalid address id." ) address_obj = trans.sa_session.query( trans.app.model.UserAddress ).get( trans.security.decode_id( address_id ) ) + if address_obj.user_id != user.id: + return trans.show_error_message( "Invalid address id." ) if params.get( 'edit_address_button', False ): short_desc = util.restore_text( params.get( 'short_desc', '' ) ) name = util.restore_text( params.get( 'name', '' ) ) @@ -1517,10 +1517,10 @@ address_obj.phone = phone trans.sa_session.add( address_obj ) trans.sa_session.flush() - message = 'Address (%s) has been updated.' % address_obj.desc + message = 'Address (%s) has been updated.' % escape( address_obj.desc ) new_kwd = dict( message=message, status=status ) if is_admin: - new_kwd[ 'user_id' ] = trans.security.encode_id( user.id ) + new_kwd[ 'id' ] = trans.security.encode_id( user.id ) return trans.response.send_redirect( web.url_for( controller='user', action='manage_user_info', cntrller=cntrller, @@ -1530,45 +1530,44 @@ cntrller=cntrller, user=user, address_obj=address_obj, - message=message, + message=escape( message ), status=status ) + @web.require_login( "to delete addresses" ) @web.expose - def delete_address( self, trans, cntrller, address_id=None, user_id=None ): + def delete_address( self, trans, cntrller, address_id=None, **kwd ): + return self.__delete_undelete_address( trans, cntrller, 'delete', address_id=address_id, **kwd ) + + @web.require_login( "to undelete addresses" ) + @web.expose + def undelete_address( self, trans, cntrller, address_id=None, **kwd ): + return self.__delete_undelete_address( trans, cntrller, 'undelete', address_id=address_id, **kwd ) + + def __delete_undelete_address( self, trans, cntrller, op, address_id=None, **kwd ): + is_admin = cntrller == 'admin' and trans.user_is_admin() + user_id = kwd.get( 'id', False ) + if is_admin: + if not user_id: + return trans.show_error_message( "You must specify a user to %s an address from." % op ) + user = trans.sa_session.query( trans.app.model.User ).get( trans.security.decode_id( user_id ) ) + else: + user = trans.user try: user_address = trans.sa_session.query( trans.app.model.UserAddress ).get( trans.security.decode_id( address_id ) ) except: - message = 'Invalid address is (%s)' % address_id - status = 'error' + return trans.show_error_message( "Invalid address id." ) if user_address: - user_address.deleted = True + if user_address.user_id != user.id: + return trans.show_error_message( "Invalid address id." ) + user_address.deleted = True if op == 'delete' else False trans.sa_session.add( user_address ) trans.sa_session.flush() - message = 'Address (%s) deleted' % user_address.desc + message = 'Address (%s) %sd' % ( escape( user_address.desc ), op ) status = 'done' return trans.response.send_redirect( web.url_for( controller='user', action='manage_user_info', cntrller=cntrller, - user_id=user_id, - message=message, - status=status ) ) - - @web.expose - def undelete_address( self, trans, cntrller, address_id=None, user_id=None ): - try: - user_address = trans.sa_session.query( trans.app.model.UserAddress ).get( trans.security.decode_id( address_id ) ) - except: - message = 'Invalid address is (%s)' % address_id - status = 'error' - if user_address: - user_address.deleted = False - trans.sa_session.flush() - message = 'Address (%s) undeleted' % user_address.desc - status = 'done' - return trans.response.send_redirect( web.url_for( controller='user', - action='manage_user_info', - cntrller=cntrller, - user_id=user_id, + id=trans.security.encode_id( user.id ), message=message, status=status ) ) @@ -1728,7 +1727,7 @@ @web.require_login() def api_keys( self, trans, cntrller, **kwd ): params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) + message = escape( util.restore_text( params.get( 'message', '' ) ) ) status = params.get( 'status', 'done' ) if params.get( 'new_api_key_button', False ): self.create_api_key( trans, trans.user ) @@ -1740,6 +1739,18 @@ message=message, status=status ) + def __get_redirect_url( self, redirect ): + root_url = url_for( '/', qualified=True ) + redirect_url = '' # always start with redirect_url being empty + # compare urls, to prevent a redirect from pointing (directly) outside of galaxy + # or to enter a logout/login loop + if not util.compare_urls( root_url, redirect, compare_path=False ) or util.compare_urls( url_for( controller='user', action='logout', qualified=True ), redirect ): + log.warning('Redirect URL is outside of Galaxy, will redirect to Galaxy root instead: %s', redirect) + redirect = root_url + elif util.compare_urls( url_for( controller='user', action='logout', qualified=True ), redirect ): + redirect = root_url + return redirect + # ===== Methods for building SelectFields ================================ def __build_user_type_fd_id_select_field( self, trans, selected_value ): # Get all the user information forms diff -r 3808622909a6bb561c46d2ff5a5675f1da589c8b -r 4b6b1d2d740732a982c922b264d2027ed2c90370 lib/galaxy/webapps/galaxy/controllers/userskeys.py --- a/lib/galaxy/webapps/galaxy/controllers/userskeys.py +++ b/lib/galaxy/webapps/galaxy/controllers/userskeys.py @@ -3,12 +3,11 @@ """ import logging -import pprint from galaxy import web from galaxy import util, model from galaxy.web.base.controller import BaseUIController, UsesFormDefinitionsMixin -from galaxy.web.framework.helpers import time_ago, grids +from galaxy.web.framework.helpers import time_ago, grids, escape from inspect import getmembers @@ -21,65 +20,46 @@ <p/> """ -class UserOpenIDGrid( grids.Grid ): - use_panels = False - title = "OpenIDs linked to your account" - model_class = model.UserOpenID - template = '/user/openid_manage.mako' - default_filter = { "openid" : "All" } - default_sort_key = "-create_time" - columns = [ - grids.TextColumn( "OpenID URL", key="openid", link=( lambda x: dict( action='openid_auth', login_button="Login", openid_url=x.openid if not x.provider else '', openid_provider=x.provider, auto_associate=True ) ) ), - grids.GridColumn( "Created", key="create_time", format=time_ago ), - ] - operations = [ - grids.GridOperation( "Delete", async_compatible=True ), - ] - def build_initial_query( self, trans, **kwd ): - return trans.sa_session.query( self.model_class ).filter( self.model_class.user_id == trans.user.id ) +# FIXME: This controller is using unencoded IDs, but I am not going to address +# this now since it is admin-side and should be reimplemented in the API +# anyway. + class User( BaseUIController, UsesFormDefinitionsMixin ): - user_openid_grid = UserOpenIDGrid() - installed_len_files = None - - @web.expose @web.require_login() @web.require_admin def index( self, trans, cntrller, **kwd ): return trans.fill_template( 'webapps/galaxy/user/list_users.mako', action='all_users', cntrller=cntrller ) - - @web.expose @web.require_login() @web.require_admin def admin_api_keys( self, trans, cntrller, uid, **kwd ): params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) + message = escape( util.restore_text( params.get( 'message', '' ) ) ) status = params.get( 'status', 'done' ) uid = params.get('uid', uid) - pprint.pprint(uid) if params.get( 'new_api_key_button', False ): new_key = trans.app.model.APIKeys() new_key.user_id = uid new_key.key = trans.app.security.get_new_guid() trans.sa_session.add( new_key ) trans.sa_session.flush() - message = "Generated a new web API key" + message = "A new web API key has been generated for (%s)" % escape( new_key.user.email ) status = "done" - return trans.fill_template( 'webapps/galaxy/user/ok_admin_api_keys.mako', - cntrller=cntrller, - message=message, - status=status ) - - + return trans.response.send_redirect( web.url_for( controller='userskeys', + action='all_users', + cntrller=cntrller, + message=message, + status=status ) ) + @web.expose @web.require_login() @web.require_admin def all_users( self, trans, cntrller="userskeys", **kwd ): params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) + message = escape( util.restore_text( params.get( 'message', '' ) ) ) status = params.get( 'status', 'done' ) users = [] for user in trans.sa_session.query( trans.app.model.User ) \ diff -r 3808622909a6bb561c46d2ff5a5675f1da589c8b -r 4b6b1d2d740732a982c922b264d2027ed2c90370 templates/user/edit_address.mako --- a/templates/user/edit_address.mako +++ b/templates/user/edit_address.mako @@ -10,17 +10,17 @@ <ul class="manage-table-actions"><li> - <a class="action-button" href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, user_id=trans.security.encode_id( user.id) )}">Manage user information</a> + <a class="action-button" href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, id=trans.security.encode_id( user.id) )}">Manage user information</a></li></ul><div class="toolForm"><div class="toolFormTitle">Edit address</div><div class="toolFormBody"> - <form name="login_info" id="login_info" action="${h.url_for( controller='user', action='edit_address', cntrller=cntrller, address_id=trans.security.encode_id( address_obj.id ), user_id=trans.security.encode_id( user.id ) )}" method="post" > + <form name="login_info" id="login_info" action="${h.url_for( controller='user', action='edit_address', cntrller=cntrller, address_id=trans.security.encode_id( address_obj.id ), id=trans.security.encode_id( user.id ) )}" method="post" ><div class="form-row"><label>Short Description:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="short_desc" value="${address_obj.desc}" size="40"> + <input type="text" name="short_desc" value="${address_obj.desc | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -28,7 +28,7 @@ <div class="form-row"><label>Name:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="name" value="${address_obj.name}" size="40"> + <input type="text" name="name" value="${address_obj.name | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -36,7 +36,7 @@ <div class="form-row"><label>Institution:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="institution" value="${address_obj.institution}" size="40"> + <input type="text" name="institution" value="${address_obj.institution | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -44,7 +44,7 @@ <div class="form-row"><label>Address:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="address" value="${address_obj.address}" size="40"> + <input type="text" name="address" value="${address_obj.address | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -52,7 +52,7 @@ <div class="form-row"><label>City:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="city" value="${address_obj.city}" size="40"> + <input type="text" name="city" value="${address_obj.city | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -60,7 +60,7 @@ <div class="form-row"><label>State/Province/Region:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="state" value="${address_obj.state}" size="40"> + <input type="text" name="state" value="${address_obj.state | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -68,7 +68,7 @@ <div class="form-row"><label>Postal Code:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="postal_code" value="${address_obj.postal_code}" size="40"> + <input type="text" name="postal_code" value="${address_obj.postal_code | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -76,7 +76,7 @@ <div class="form-row"><label>Country:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="country" value="${address_obj.country}" size="40"> + <input type="text" name="country" value="${address_obj.country | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -84,7 +84,7 @@ <div class="form-row"><label>Phone:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="phone" value="${address_obj.phone}" size="40"> + <input type="text" name="phone" value="${address_obj.phone | h}" size="40"></div><div style="clear: both"></div></div> diff -r 3808622909a6bb561c46d2ff5a5675f1da589c8b -r 4b6b1d2d740732a982c922b264d2027ed2c90370 templates/user/index.mako --- a/templates/user/index.mako +++ b/templates/user/index.mako @@ -1,9 +1,4 @@ <%inherit file="/base.mako"/> -<%namespace file="/message.mako" import="render_msg" /> - -%if message: - ${render_msg( message, status )} -%endif %if trans.user: <h2>${_('User preferences')}</h2> diff -r 3808622909a6bb561c46d2ff5a5675f1da589c8b -r 4b6b1d2d740732a982c922b264d2027ed2c90370 templates/user/info.mako --- a/templates/user/info.mako +++ b/templates/user/info.mako @@ -90,7 +90,7 @@ <div class="toolFormTitle">Login Information</div><div class="form-row"><label>Email address:</label> - <input type="text" id ="email_input" name="email" value="${email}" size="40"/> + <input type="text" id ="email_input" name="email" value="${email | h}" size="40"/><div class="toolParamHelp" style="clear: both;"> If you change your email address you will receive an activation link in the new mailbox and you have to activate your account by visiting it. </div> @@ -99,13 +99,13 @@ <label>Public name:</label> %if t.webapp.name == 'tool_shed': %if user.active_repositories: - <input type="hidden" name="username" value="${username}"/> - ${username} + <input type="hidden" name="username" value="${username | h}"/> + ${username | h} <div class="toolParamHelp" style="clear: both;"> You cannot change your public name after you have created a repository in this tool shed. </div> %else: - <input type="text" name="username" size="40" value="${username}"/> + <input type="text" name="username" size="40" value="${username | h}"/><div class="toolParamHelp" style="clear: both;"> Your public name provides a means of identifying you publicly within this tool shed. Public names must be at least four characters in length and contain only lower-case letters, numbers, @@ -114,7 +114,7 @@ </div> %endif %else: - <input type="text" id="name_input" name="username" size="40" value="${username}"/> + <input type="text" id="name_input" name="username" size="40" value="${username | h}"/><div class="toolParamHelp" style="clear: both;"> Your public name is an optional identifier that will be used to generate addresses for information you share publicly. Public names must be at least four characters in length and contain only lower-case diff -r 3808622909a6bb561c46d2ff5a5675f1da589c8b -r 4b6b1d2d740732a982c922b264d2027ed2c90370 templates/user/new_address.mako --- a/templates/user/new_address.mako +++ b/templates/user/new_address.mako @@ -10,18 +10,18 @@ <ul class="manage-table-actions"><li> - <a class="action-button" href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, user_id=trans.security.encode_id( user.id) )}"> + <a class="action-button" href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, id=trans.security.encode_id( user.id) )}"><span>Manage User Information</span></a></li></ul><div class="toolForm"><div class="toolFormTitle">Add new address</div><div class="toolFormBody"> - <form name="login_info" id="login_info" action="${h.url_for( controller='user', action='new_address', cntrller=cntrller, user_id=trans.security.encode_id( user.id ) )}" method="post" > + <form name="login_info" id="login_info" action="${h.url_for( controller='user', action='new_address', cntrller=cntrller, id=trans.security.encode_id( user.id ) )}" method="post" ><div class="form-row"><label>Short Description:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="short_desc" value="${short_desc}" size="40"> + <input type="text" name="short_desc" value="${short_desc | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -29,7 +29,7 @@ <div class="form-row"><label>Name:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="name" value="${name}" size="40"> + <input type="text" name="name" value="${name | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -37,7 +37,7 @@ <div class="form-row"><label>Institution:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="institution" value="${institution}" size="40"> + <input type="text" name="institution" value="${institution | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -45,7 +45,7 @@ <div class="form-row"><label>Address:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="address" value="${address}" size="40"> + <input type="text" name="address" value="${address | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -53,7 +53,7 @@ <div class="form-row"><label>City:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="city" value="${city}" size="40"> + <input type="text" name="city" value="${city | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -61,7 +61,7 @@ <div class="form-row"><label>State/Province/Region:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="state" value="${state}" size="40"> + <input type="text" name="state" value="${state | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -69,7 +69,7 @@ <div class="form-row"><label>Postal Code:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="postal_code" value="${postal_code}" size="40"> + <input type="text" name="postal_code" value="${postal_code | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -77,7 +77,7 @@ <div class="form-row"><label>Country:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="country" value="${country}" size="40"> + <input type="text" name="country" value="${country | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -85,7 +85,7 @@ <div class="form-row"><label>Phone:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="phone" value="${phone}" size="40"> + <input type="text" name="phone" value="${phone | h}" size="40"></div><div style="clear: both"></div></div> diff -r 3808622909a6bb561c46d2ff5a5675f1da589c8b -r 4b6b1d2d740732a982c922b264d2027ed2c90370 templates/webapps/galaxy/user/list_users.mako --- a/templates/webapps/galaxy/user/list_users.mako +++ b/templates/webapps/galaxy/user/list_users.mako @@ -1,4 +1,5 @@ <%inherit file="/base.mako"/> +<%namespace file="/message.mako" import="render_msg" /> %if message: ${render_msg( message, status )} diff -r 3808622909a6bb561c46d2ff5a5675f1da589c8b -r 4b6b1d2d740732a982c922b264d2027ed2c90370 templates/webapps/galaxy/user/manage_info.mako --- a/templates/webapps/galaxy/user/manage_info.mako +++ b/templates/webapps/galaxy/user/manage_info.mako @@ -42,7 +42,7 @@ <p/><div class="toolForm"> - <form name="user_addresses" id="user_addresses" action="${h.url_for( controller='user', action='new_address', cntrller=cntrller, user_id=trans.security.encode_id( user.id ) )}" method="post" > + <form name="user_addresses" id="user_addresses" action="${h.url_for( controller='user', action='new_address', cntrller=cntrller, id=trans.security.encode_id( user.id ) )}" method="post" ><div class="toolFormTitle">User Addresses</div><div class="toolFormBody"> %if user.addresses: @@ -53,9 +53,9 @@ <span>|</span> %endif %if show_filter == filter: - <span class="filter"><a href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, show_filter=filter, user_id=trans.security.encode_id( user.id ) )}"><b>${filter}</b></a></span> + <span class="filter"><a href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, show_filter=filter, id=trans.security.encode_id( user.id ) )}"><b>${filter}</b></a></span> %else: - <span class="filter"><a href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, show_filter=filter, user_id=trans.security.encode_id( user.id ) )}">${filter}</a></span> + <span class="filter"><a href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, show_filter=filter, id=trans.security.encode_id( user.id ) )}">${filter}</a></span> %endif %endfor </div> @@ -73,10 +73,10 @@ <ul class="manage-table-actions"><li> %if not address.deleted: - <a class="action-button" href="${h.url_for( controller='user', action='edit_address', cntrller=cntrller, address_id=trans.security.encode_id( address.id ), user_id=trans.security.encode_id( user.id ) )}">Edit</a> - <a class="action-button" href="${h.url_for( controller='user', action='delete_address', cntrller=cntrller, address_id=trans.security.encode_id( address.id ), user_id=trans.security.encode_id( user.id ) )}">Delete</a> + <a class="action-button" href="${h.url_for( controller='user', action='edit_address', cntrller=cntrller, address_id=trans.security.encode_id( address.id ), id=trans.security.encode_id( user.id ) )}">Edit</a> + <a class="action-button" href="${h.url_for( controller='user', action='delete_address', cntrller=cntrller, address_id=trans.security.encode_id( address.id ), id=trans.security.encode_id( user.id ) )}">Delete</a> %else: - <a class="action-button" href="${h.url_for( controller='user', action='undelete_address', cntrller=cntrller, address_id=trans.security.encode_id( address.id ), user_id=trans.security.encode_id( user.id ) )}">Undelete</a> + <a class="action-button" href="${h.url_for( controller='user', action='undelete_address', cntrller=cntrller, address_id=trans.security.encode_id( address.id ), id=trans.security.encode_id( user.id ) )}">Undelete</a> %endif </li></ul> diff -r 3808622909a6bb561c46d2ff5a5675f1da589c8b -r 4b6b1d2d740732a982c922b264d2027ed2c90370 templates/webapps/galaxy/user/ok_admin_api_keys.mako --- a/templates/webapps/galaxy/user/ok_admin_api_keys.mako +++ /dev/null @@ -1,28 +0,0 @@ -<%inherit file="/base.mako"/> -<%namespace file="/message.mako" import="render_msg" /> - -<br/><br/> -<ul class="manage-table-actions"> - <li> - <a class="action-button" href="${h.url_for( controller='userskeys', action='all_users', cntrller=cntrller )}">List users API keys</a> - </li> -</ul> - -%if message: - ${render_msg( message, status )} -%endif - - <div> - <div style="clear: both;"> - SUCCESS. A new API key has been generated. - </div> - - - <div style="clear: both;"> - An API key will allow you to access Galaxy via its web - API (documentation forthcoming). Please note that - <strong>this key acts as an alternate means to access - your account, and should be treated with the same care - as your login password</strong>. - </div> - </div> https://bitbucket.org/galaxy/galaxy-central/commits/25d6c1903ece/ Changeset: 25d6c1903ece User: natefoo Date: 2014-12-03 18:41:00+00:00 Summary: Merge next-stable to default. Affected #: 28 files diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 lib/galaxy/webapps/galaxy/controllers/user.py --- a/lib/galaxy/webapps/galaxy/controllers/user.py +++ b/lib/galaxy/webapps/galaxy/controllers/user.py @@ -28,7 +28,7 @@ from galaxy.web.base.controller import CreatesApiKeysMixin from galaxy.web.form_builder import CheckboxField from galaxy.web.form_builder import build_select_field -from galaxy.web.framework.helpers import time_ago, grids +from galaxy.web.framework.helpers import time_ago, grids, escape from datetime import datetime, timedelta from galaxy.util import hash_util, biostar @@ -164,7 +164,7 @@ user_openid.provider = openid_provider if trans.user: if user_openid.user and user_openid.user.id != trans.user.id: - message = "The OpenID <strong>%s</strong> is already associated with another Galaxy account, <strong>%s</strong>. Please disassociate it from that account before attempting to associate it with a new account." % ( display_identifier, user_openid.user.email ) + message = "The OpenID <strong>%s</strong> is already associated with another Galaxy account, <strong>%s</strong>. Please disassociate it from that account before attempting to associate it with a new account." % ( escape( display_identifier ), escape( user_openid.user.email ) ) if not trans.user.active and trans.app.config.user_activation_on: # Account activation is ON and the user is INACTIVE. if ( trans.app.config.activation_grace_period != 0 ): # grace period is ON if self.is_outside_grace_period( trans, trans.user.create_time ): # User is outside the grace period. Login is disabled and he will have the activation email resent. @@ -179,23 +179,23 @@ user_openid.session = trans.galaxy_session if not openid_provider_obj.never_associate_with_user: if not auto_associate and ( user_openid.user and user_openid.user.id == trans.user.id ): - message = "The OpenID <strong>%s</strong> is already associated with your Galaxy account, <strong>%s</strong>." % ( display_identifier, trans.user.email ) + message = "The OpenID <strong>%s</strong> is already associated with your Galaxy account, <strong>%s</strong>." % ( escape( display_identifier ), escape( trans.user.email ) ) status = "warning" else: - message = "The OpenID <strong>%s</strong> has been associated with your Galaxy account, <strong>%s</strong>." % ( display_identifier, trans.user.email ) + message = "The OpenID <strong>%s</strong> has been associated with your Galaxy account, <strong>%s</strong>." % ( escape( display_identifier ), escape( trans.user.email ) ) status = "done" user_openid.user = trans.user trans.sa_session.add( user_openid ) trans.sa_session.flush() trans.log_event( "User associated OpenID: %s" % display_identifier ) else: - message = "The OpenID <strong>%s</strong> cannot be used to log into your Galaxy account, but any post authentication actions have been performed." % ( openid_provider_obj.name ) + message = "The OpenID <strong>%s</strong> cannot be used to log into your Galaxy account, but any post authentication actions have been performed." % escape( openid_provider_obj.name ) status = "info" openid_provider_obj.post_authentication( trans, trans.app.openid_manager, info ) if redirect: - message = '%s<br>Click <a href="%s"><strong>here</strong></a> to return to the page you were previously viewing.' % ( message, redirect ) + message = '%s<br>Click <a href="%s"><strong>here</strong></a> to return to the page you were previously viewing.' % ( message, escape( self.__get_redirect_url( redirect ) ) ) if redirect and status != "error": - return trans.response.send_redirect( redirect ) + return trans.response.send_redirect( self.__get_redirect_url( redirect ) ) return trans.response.send_redirect( url_for( controller='user', action='openid_manage', use_panels=True, @@ -208,6 +208,7 @@ openid_provider_obj.post_authentication( trans, trans.app.openid_manager, info ) if not redirect: redirect = url_for( '/' ) + redirect = self.__get_redirect_url( redirect ) return trans.response.send_redirect( redirect ) trans.sa_session.add( user_openid ) trans.sa_session.flush() @@ -448,18 +449,9 @@ @web.expose def login( self, trans, refresh_frames=[], **kwd ): - """Handle Galaxy login""" - redirect = kwd.get( 'redirect', trans.request.referer ).strip() - root_url = url_for( '/', qualified=True ) - # Always start with redirect_url being empty. - redirect_url = '' - # Compare urls, to prevent a redirect from pointing (directly) - # outside of galaxy or to enter a logout/login loop. - if not util.compare_urls( root_url, redirect, compare_path=False ) or util.compare_urls( url_for( controller='user', action='logout', qualified=True ), redirect ): - redirect = root_url - if kwd.get( 'noredirect', False ): - # The referrer is explicitly asking not to redirect. - redirect = '' + '''Handle Galaxy Log in''' + redirect = self.__get_redirect_url( kwd.get( 'redirect', trans.request.referer ).strip() ) + redirect_url = '' # always start with redirect_url being empty use_panels = util.string_as_bool( kwd.get( 'use_panels', False ) ) message = kwd.get( 'message', '' ) status = kwd.get( 'status', 'done' ) @@ -910,7 +902,7 @@ username = util.restore_text( params.get( 'username', '' ) ) if not username: username = user.username - message = util.restore_text( params.get( 'message', '' ) ) + message = escape( util.restore_text( params.get( 'message', '' ) ) ) status = params.get( 'status', 'done' ) if trans.webapp.name == 'galaxy': user_type_form_definition = self.__get_user_type_form_definition( trans, user=user, **kwd ) @@ -1146,7 +1138,7 @@ trans.sa_session.add( reset_user ) trans.sa_session.flush() trans.log_event( "User reset password: %s" % email ) - message = "Password has been reset and emailed to: %s. <a href='%s'>Click here</a> to return to the login form." % ( email, web.url_for( controller='user', action='login', noredirect='true' ) ) + message = "Password has been reset and emailed to: %s. <a href='%s'>Click here</a> to return to the login form." % ( escape( email ), web.url_for( controller='user', action='login', noredirect='true' ) ) except Exception, e: status = 'error' message = 'Failed to reset password: %s' % str( e ) @@ -1371,17 +1363,20 @@ # User not logged in, history group must be only public return trans.show_error_message( "You must be logged in to change your default permitted actions." ) + @web.require_login( "to add addresses" ) @web.expose def new_address( self, trans, cntrller, **kwd ): params = util.Params( kwd ) message = util.restore_text( params.get( 'message', '' ) ) status = params.get( 'status', 'done' ) is_admin = cntrller == 'admin' and trans.user_is_admin() - user_id = params.get( 'user_id', False ) - if not user_id: - # User must be logged in to create a new address - return trans.show_error_message( "You must be logged in to create a new address." ) - user = trans.sa_session.query( trans.app.model.User ).get( trans.security.decode_id( user_id ) ) + user_id = params.get( 'id', False ) + if is_admin: + if not user_id: + return trans.show_error_message( "You must specify a user to add a new address to." ) + user = trans.sa_session.query( trans.app.model.User ).get( trans.security.decode_id( user_id ) ) + else: + user = trans.user short_desc = util.restore_text( params.get( 'short_desc', '' ) ) name = util.restore_text( params.get( 'name', '' ) ) institution = util.restore_text( params.get( 'institution', '' ) ) @@ -1432,10 +1427,10 @@ phone=phone ) trans.sa_session.add( user_address ) trans.sa_session.flush() - message = 'Address (%s) has been added' % user_address.desc + message = 'Address (%s) has been added' % escape( user_address.desc ) new_kwd = dict( message=message, status=status ) if is_admin: - new_kwd[ 'user_id' ] = trans.security.encode_id( user.id ) + new_kwd[ 'id' ] = trans.security.encode_id( user.id ) return trans.response.send_redirect( web.url_for( controller='user', action='manage_user_info', cntrller=cntrller, @@ -1453,24 +1448,29 @@ postal_code=postal_code, country=country, phone=phone, - message=message, + message=escape(message), status=status ) + @web.require_login( "to edit addresses" ) @web.expose def edit_address( self, trans, cntrller, **kwd ): params = util.Params( kwd ) message = util.restore_text( params.get( 'message', '' ) ) status = params.get( 'status', 'done' ) is_admin = cntrller == 'admin' and trans.user_is_admin() - user_id = params.get( 'user_id', False ) - if not user_id: - # User must be logged in to create a new address - return trans.show_error_message( "You must be logged in to create a new address." ) - user = trans.sa_session.query( trans.app.model.User ).get( trans.security.decode_id( user_id ) ) + user_id = params.get( 'id', False ) + if is_admin: + if not user_id: + return trans.show_error_message( "You must specify a user to add a new address to." ) + user = trans.sa_session.query( trans.app.model.User ).get( trans.security.decode_id( user_id ) ) + else: + user = trans.user address_id = params.get( 'address_id', None ) if not address_id: - return trans.show_error_message( "No address id received for editing." ) + return trans.show_error_message( "Invalid address id." ) address_obj = trans.sa_session.query( trans.app.model.UserAddress ).get( trans.security.decode_id( address_id ) ) + if address_obj.user_id != user.id: + return trans.show_error_message( "Invalid address id." ) if params.get( 'edit_address_button', False ): short_desc = util.restore_text( params.get( 'short_desc', '' ) ) name = util.restore_text( params.get( 'name', '' ) ) @@ -1518,10 +1518,10 @@ address_obj.phone = phone trans.sa_session.add( address_obj ) trans.sa_session.flush() - message = 'Address (%s) has been updated.' % address_obj.desc + message = 'Address (%s) has been updated.' % escape( address_obj.desc ) new_kwd = dict( message=message, status=status ) if is_admin: - new_kwd[ 'user_id' ] = trans.security.encode_id( user.id ) + new_kwd[ 'id' ] = trans.security.encode_id( user.id ) return trans.response.send_redirect( web.url_for( controller='user', action='manage_user_info', cntrller=cntrller, @@ -1531,45 +1531,44 @@ cntrller=cntrller, user=user, address_obj=address_obj, - message=message, + message=escape( message ), status=status ) + @web.require_login( "to delete addresses" ) @web.expose - def delete_address( self, trans, cntrller, address_id=None, user_id=None ): + def delete_address( self, trans, cntrller, address_id=None, **kwd ): + return self.__delete_undelete_address( trans, cntrller, 'delete', address_id=address_id, **kwd ) + + @web.require_login( "to undelete addresses" ) + @web.expose + def undelete_address( self, trans, cntrller, address_id=None, **kwd ): + return self.__delete_undelete_address( trans, cntrller, 'undelete', address_id=address_id, **kwd ) + + def __delete_undelete_address( self, trans, cntrller, op, address_id=None, **kwd ): + is_admin = cntrller == 'admin' and trans.user_is_admin() + user_id = kwd.get( 'id', False ) + if is_admin: + if not user_id: + return trans.show_error_message( "You must specify a user to %s an address from." % op ) + user = trans.sa_session.query( trans.app.model.User ).get( trans.security.decode_id( user_id ) ) + else: + user = trans.user try: user_address = trans.sa_session.query( trans.app.model.UserAddress ).get( trans.security.decode_id( address_id ) ) except: - message = 'Invalid address is (%s)' % address_id - status = 'error' + return trans.show_error_message( "Invalid address id." ) if user_address: - user_address.deleted = True + if user_address.user_id != user.id: + return trans.show_error_message( "Invalid address id." ) + user_address.deleted = True if op == 'delete' else False trans.sa_session.add( user_address ) trans.sa_session.flush() - message = 'Address (%s) deleted' % user_address.desc + message = 'Address (%s) %sd' % ( escape( user_address.desc ), op ) status = 'done' return trans.response.send_redirect( web.url_for( controller='user', action='manage_user_info', cntrller=cntrller, - user_id=user_id, - message=message, - status=status ) ) - - @web.expose - def undelete_address( self, trans, cntrller, address_id=None, user_id=None ): - try: - user_address = trans.sa_session.query( trans.app.model.UserAddress ).get( trans.security.decode_id( address_id ) ) - except: - message = 'Invalid address is (%s)' % address_id - status = 'error' - if user_address: - user_address.deleted = False - trans.sa_session.flush() - message = 'Address (%s) undeleted' % user_address.desc - status = 'done' - return trans.response.send_redirect( web.url_for( controller='user', - action='manage_user_info', - cntrller=cntrller, - user_id=user_id, + id=trans.security.encode_id( user.id ), message=message, status=status ) ) @@ -1729,7 +1728,7 @@ @web.require_login() def api_keys( self, trans, cntrller, **kwd ): params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) + message = escape( util.restore_text( params.get( 'message', '' ) ) ) status = params.get( 'status', 'done' ) if params.get( 'new_api_key_button', False ): self.create_api_key( trans, trans.user ) @@ -1741,6 +1740,18 @@ message=message, status=status ) + def __get_redirect_url( self, redirect ): + root_url = url_for( '/', qualified=True ) + redirect_url = '' # always start with redirect_url being empty + # compare urls, to prevent a redirect from pointing (directly) outside of galaxy + # or to enter a logout/login loop + if not util.compare_urls( root_url, redirect, compare_path=False ) or util.compare_urls( url_for( controller='user', action='logout', qualified=True ), redirect ): + log.warning('Redirect URL is outside of Galaxy, will redirect to Galaxy root instead: %s', redirect) + redirect = root_url + elif util.compare_urls( url_for( controller='user', action='logout', qualified=True ), redirect ): + redirect = root_url + return redirect + # ===== Methods for building SelectFields ================================ def __build_user_type_fd_id_select_field( self, trans, selected_value ): # Get all the user information forms diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 lib/galaxy/webapps/galaxy/controllers/userskeys.py --- a/lib/galaxy/webapps/galaxy/controllers/userskeys.py +++ b/lib/galaxy/webapps/galaxy/controllers/userskeys.py @@ -3,12 +3,11 @@ """ import logging -import pprint from galaxy import web from galaxy import util, model from galaxy.web.base.controller import BaseUIController, UsesFormDefinitionsMixin -from galaxy.web.framework.helpers import time_ago, grids +from galaxy.web.framework.helpers import time_ago, grids, escape from inspect import getmembers @@ -21,65 +20,46 @@ <p/> """ -class UserOpenIDGrid( grids.Grid ): - use_panels = False - title = "OpenIDs linked to your account" - model_class = model.UserOpenID - template = '/user/openid_manage.mako' - default_filter = { "openid" : "All" } - default_sort_key = "-create_time" - columns = [ - grids.TextColumn( "OpenID URL", key="openid", link=( lambda x: dict( action='openid_auth', login_button="Login", openid_url=x.openid if not x.provider else '', openid_provider=x.provider, auto_associate=True ) ) ), - grids.GridColumn( "Created", key="create_time", format=time_ago ), - ] - operations = [ - grids.GridOperation( "Delete", async_compatible=True ), - ] - def build_initial_query( self, trans, **kwd ): - return trans.sa_session.query( self.model_class ).filter( self.model_class.user_id == trans.user.id ) +# FIXME: This controller is using unencoded IDs, but I am not going to address +# this now since it is admin-side and should be reimplemented in the API +# anyway. + class User( BaseUIController, UsesFormDefinitionsMixin ): - user_openid_grid = UserOpenIDGrid() - installed_len_files = None - - @web.expose @web.require_login() @web.require_admin def index( self, trans, cntrller, **kwd ): return trans.fill_template( 'webapps/galaxy/user/list_users.mako', action='all_users', cntrller=cntrller ) - - @web.expose @web.require_login() @web.require_admin def admin_api_keys( self, trans, cntrller, uid, **kwd ): params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) + message = escape( util.restore_text( params.get( 'message', '' ) ) ) status = params.get( 'status', 'done' ) uid = params.get('uid', uid) - pprint.pprint(uid) if params.get( 'new_api_key_button', False ): new_key = trans.app.model.APIKeys() new_key.user_id = uid new_key.key = trans.app.security.get_new_guid() trans.sa_session.add( new_key ) trans.sa_session.flush() - message = "Generated a new web API key" + message = "A new web API key has been generated for (%s)" % escape( new_key.user.email ) status = "done" - return trans.fill_template( 'webapps/galaxy/user/ok_admin_api_keys.mako', - cntrller=cntrller, - message=message, - status=status ) - - + return trans.response.send_redirect( web.url_for( controller='userskeys', + action='all_users', + cntrller=cntrller, + message=message, + status=status ) ) + @web.expose @web.require_login() @web.require_admin def all_users( self, trans, cntrller="userskeys", **kwd ): params = util.Params( kwd ) - message = util.restore_text( params.get( 'message', '' ) ) + message = escape( util.restore_text( params.get( 'message', '' ) ) ) status = params.get( 'status', 'done' ) users = [] for user in trans.sa_session.query( trans.app.model.User ) \ diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 lib/tool_shed/util/basic_util.py --- a/lib/tool_shed/util/basic_util.py +++ b/lib/tool_shed/util/basic_util.py @@ -4,7 +4,7 @@ import sys from string import Template -from galaxy.util import unicodify +from galaxy.util import unicodify, nice_size from galaxy import eggs @@ -13,10 +13,10 @@ log = logging.getLogger( __name__ ) -CHUNK_SIZE = 2**20 # 1Mb +CHUNK_SIZE = 2**20 # 1Mb INSTALLATION_LOG = 'INSTALLATION.log' # Set no activity timeout to 20 minutes. -NO_OUTPUT_TIMEOUT = 1200.0 +NO_OUTPUT_TIMEOUT = 3600.0 MAXDIFFSIZE = 8000 MAX_DISPLAY_SIZE = 32768 @@ -48,6 +48,7 @@ RUN install-repository "--url ${tool_shed_url} -o ${repository_owner} --name ${repository_name}" ''' + def evaluate_template( text, install_environment ): """ Substitute variables defined in XML blocks from dependencies file. The value of the received @@ -57,6 +58,7 @@ """ return Template( text ).safe_substitute( get_env_var_values( install_environment ) ) + def get_env_var_values( install_environment ): """ Return a dictionary of values, some of which enable substitution of reserved words for the values. @@ -73,6 +75,7 @@ env_var_dict[ '__is64bit__' ] = sys.maxsize > 2**32 return env_var_dict + def get_file_type_str( changeset_revision, file_type ): if file_type == 'zip': file_type_str = '%s.zip' % changeset_revision @@ -84,6 +87,7 @@ file_type_str = '' return file_type_str + def move_file( current_dir, source, destination, rename_to=None ): source_path = os.path.abspath( os.path.join( current_dir, source ) ) source_file = os.path.basename( source_path ) @@ -98,6 +102,7 @@ os.makedirs( destination_directory ) shutil.move( source_path, destination_path ) + def remove_dir( dir ): """Attempt to remove a directory from disk.""" if dir: @@ -107,18 +112,21 @@ except: pass + def size_string( raw_text, size=MAX_DISPLAY_SIZE ): """Return a subset of a string (up to MAX_DISPLAY_SIZE) translated to a safe string for display in a browser.""" if raw_text and len( raw_text ) >= size: - large_str = '\nFile contents truncated because file size is larger than maximum viewing size of %s\n' % util.nice_size( size ) + large_str = '\nFile contents truncated because file size is larger than maximum viewing size of %s\n' % nice_size( size ) raw_text = '%s%s' % ( raw_text[ 0:size ], large_str ) return raw_text or '' + def stringify( list ): if list: return ','.join( list ) return '' + def strip_path( fpath ): """Attempt to strip the path from a file name.""" if not fpath: @@ -129,6 +137,7 @@ file_name = fpath return file_name + def to_html_string( text ): """Translates the characters in text to an html string""" if text: diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/admin/forms/create_form.mako --- a/templates/admin/forms/create_form.mako +++ b/templates/admin/forms/create_form.mako @@ -9,7 +9,7 @@ <div class="toolFormTitle">Create a new form definition</div> %for label, input in inputs: <div class="form-row"> - <label>${label}</label> + <label>${label | h}</label> ${input.get_html()} <div style="clear: both"></div></div> diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/admin/forms/edit_form_definition.mako --- a/templates/admin/forms/edit_form_definition.mako +++ b/templates/admin/forms/edit_form_definition.mako @@ -96,14 +96,14 @@ <form id="edit_form_definition" name="edit_form_definition" action="${h.url_for( controller='forms', action='edit_form_definition', id=trans.security.encode_id( form_definition.current.id ) )}" method="post" ><div class="toolForm"> - <div class="toolFormTitle">Edit form definition "${form_definition.name}" (${form_definition.type})</div> + <div class="toolFormTitle">Edit form definition "${form_definition.name | h}" (${form_definition.type | h})</div> %if response_redirect: <input type="hidden" name="response_redirect" value="${response_redirect}" size="40" /> %endif %for label, input in form_details: <div class="form-row"> %if label != 'Type': - <label>${label}</label> + <label>${label | h}</label> %endif <div style="float: left; width: 250px; margin-right: 10px;"> ${input.get_html()} diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/admin/request_type/common.mako --- a/templates/admin/request_type/common.mako +++ b/templates/admin/request_type/common.mako @@ -2,7 +2,7 @@ <div class="repeat-group-item"><div class="form-row"><label>${1+element_count}. State name:</label> - <input type="text" name="state_name_${element_count}" value="${state_name}" size="40"/> + <input type="text" name="state_name_${element_count}" value="${state_name | h}" size="40"/> ## Do not show remove button for the first state %if element_count > 0: <input type="submit" name="remove_state_button" value="Remove state ${1+element_count}"/> @@ -10,7 +10,7 @@ </div><div class="form-row"><label>Description:</label> - <input type="text" name="state_desc_${element_count}" value="${state_desc}" size="40"/> + <input type="text" name="state_desc_${element_count}" value="${state_desc | h}" size="40"/><div class="toolParamHelp" style="clear: both;"> optional </div> diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/admin/request_type/create_request_type.mako --- a/templates/admin/request_type/create_request_type.mako +++ b/templates/admin/request_type/create_request_type.mako @@ -23,7 +23,7 @@ <div class="toolFormTitle">Create a new request type</div> %for rt_info in rt_info_widgets: <div class="form-row"> - <label>${rt_info['label']}</label> + <label>${rt_info['label'] | h}</label><div style="float: left; width: 250px; margin-right: 10px;"> ${rt_info['widget'].get_html()} </div> diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/admin/request_type/edit_request_type.mako --- a/templates/admin/request_type/edit_request_type.mako +++ b/templates/admin/request_type/edit_request_type.mako @@ -32,26 +32,26 @@ <form name="edit_request_type" action="${h.url_for( controller='request_type', action='edit_request_type', id=trans.security.encode_id( request_type.id ) )}" method="post" ><div class="toolForm"> - <div class="toolFormTitle">"Edit ${request_type.name}" request type</div> + <div class="toolFormTitle">"Edit ${request_type.name | h}" request type</div><div class="form-row"><label>Name:</label> - <input type="text" name="name" value="${request_type.name}" size="40"/> + <input type="text" name="name" value="${request_type.name | }" size="40"/><div style="clear: both"></div></div><div class="form-row"><label>Description:</label> - <input type="text" name="desc" value="${request_type.desc}" size="40"/> + <input type="text" name="desc" value="${request_type.desc | h}" size="40"/><div style="clear: both"></div></div><div class="form-row"><label>Sequencing request form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name | h}</a> ## Hidden field needed by the __save_request_type() method <input type="hidden" name="request_form_id" value="${trans.security.encode_id( request_type.request_form_id )}" size="40"/></div><div class="form-row"><label>Sample form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name | h}</a> ## Hidden field needed by the __save_request_type() method <input type="hidden" name="sample_form_id" value="${trans.security.encode_id( request_type.sample_form_id )}" size="40"/></div> @@ -63,11 +63,11 @@ <div class="repeat-group-item"><div class="form-row"><label>${1+element_count}. State name:</label> - <input type="text" name="state_name_${trans.security.encode_id( state.id )}" value="${state.name}" size="40"/> + <input type="text" name="state_name_${trans.security.encode_id( state.id )}" value="${state.name | h}" size="40"/></div><div class="form-row"><label>Description:</label> - <input type="text" name="state_desc_${trans.security.encode_id( state.id )}" value="${state.desc}" size="40"/> + <input type="text" name="state_desc_${trans.security.encode_id( state.id )}" value="${state.desc | h}" size="40"/><div class="toolParamHelp" style="clear: both;"> optional </div> diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/admin/request_type/request_type_permissions.mako --- a/templates/admin/request_type/request_type_permissions.mako +++ b/templates/admin/request_type/request_type_permissions.mako @@ -48,7 +48,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Manage access permissions on request type "${request_type.name}"</div> + <div class="toolFormTitle">Manage access permissions on request type "${request_type.name | h}"</div><div class="toolFormBody"><form name="request_type_permissions" id="request_type_permissions" action="${h.url_for( controller='request_type', action='request_type_permissions', id=trans.security.encode_id( request_type.id ) )}" method="post"><div class="form-row"> @@ -65,13 +65,13 @@ in_roles.add( a.role ) out_roles = filter( lambda x: x not in in_roles, all_roles ) %> - ${action.description}<br/><br/> + ${action.description | h}<br/><br/><div style="width: 100%; white-space: nowrap;"><div style="float: left; width: 50%;"> Roles associated:<br/><select name="${action_key}_in" id="${action_key}_in_select" class="in_select" style="max-width: 98%; width: 98%; height: 150px; font-size: 100%;" multiple> %for role in in_roles: - <option value="${role.id}">${role.name}</option> + <option value="${role.id}">${role.name | h}</option> %endfor </select><br/><div style="width: 98%; text-align: right"><input type="submit" id="${action_key}_remove_button" class="role_remove_button" value=">>"/></div> @@ -80,7 +80,7 @@ Roles not associated:<br/><select name="${action_key}_out" id="${action_key}_out_select" style="max-width: 98%; width: 98%; height: 150px; font-size: 100%;" multiple> %for role in out_roles: - <option value="${role.id}">${role.name}</option> + <option value="${role.id}">${role.name | h}</option> %endfor </select><br/><input type="submit" id="${action_key}_add_button" class="role_add_button" value="<<"/> diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/admin/request_type/view_request_type.mako --- a/templates/admin/request_type/view_request_type.mako +++ b/templates/admin/request_type/view_request_type.mako @@ -30,24 +30,24 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">"${request_type.name}" request type</div> + <div class="toolFormTitle">"${request_type.name | h}" request type</div><div class="form-row"><label>Name:</label> - ${request_type.name} + ${request_type.name | h} <div style="clear: both"></div></div><div class="form-row"><label>Description:</label> - ${request_type.desc} + ${request_type.desc | h} <div style="clear: both"></div></div><div class="form-row"><label>Sequencing request form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.request_form_id ) )}">${request_type.request_form.name | h}</a></div><div class="form-row"><label>Sample form definition:</label> - <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name}</a> + <a href="${h.url_for( controller='request_type', action='view_form_definition', id=trans.security.encode_id( request_type.sample_form_id ) )}">${request_type.sample_form.name | h}</a></div></div><p/> @@ -55,8 +55,8 @@ <div class="toolFormTitle">Sample states defined for this request type</div> %for state in request_type.states: <div class="form-row"> - <label>${state.name}</label> - ${state.desc} + <label>${state.name | h}</label> + ${state.desc | h} </div><div style="clear: both"></div> %endfor @@ -67,8 +67,8 @@ %if request_type.external_services: %for index, external_service in enumerate( request_type.external_services ): <div class="form-row"> - <label><a href="${h.url_for( controller='external_service', action='view_external_service', id=trans.security.encode_id( external_service.id ) )}">${external_service.name}</a></label> - ${external_service.get_external_service_type( trans ).name} + <label><a href="${h.url_for( controller='external_service', action='view_external_service', id=trans.security.encode_id( external_service.id ) )}">${external_service.name | h}</a></label> + ${external_service.get_external_service_type( trans ).name | h} </div> %endfor %else: diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/admin/requests/reject.mako --- a/templates/admin/requests/reject.mako +++ b/templates/admin/requests/reject.mako @@ -15,7 +15,7 @@ </ul><div class="toolForm"> - <div class="toolFormTitle">Reject sequencing request "${request.name}"</div> + <div class="toolFormTitle">Reject sequencing request "${request.name | h}"</div><form name="event" action="${h.url_for( controller='requests_admin', action='reject_request', id=trans.security.encode_id( request.id ) )}" method="post" ><div class="form-row"> Rejecting this request will move the request state to <b>Rejected</b>. diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/admin/requests/rename_datasets.mako --- a/templates/admin/requests/rename_datasets.mako +++ b/templates/admin/requests/rename_datasets.mako @@ -3,7 +3,7 @@ <% from galaxy.webapps.galaxy.controllers.requests_admin import build_rename_datasets_for_sample_select_field %> -<h3>Rename datasets for Sample "${sample.name}"</h3> +<h3>Rename datasets for Sample "${sample.name | h}"</h3><ul class="manage-table-actions"><li><a class="action-button" href="${h.url_for( controller='requests_admin', action='manage_datasets', sample_id=trans.security.encode_id( sample.id ) )}">Browse datasets</a></li> @@ -35,7 +35,7 @@ ${rename_datasets_for_sample_select_field.get_html()} </td><td> - <input type="text" name="new_name_${trans.security.encode_id( sample_dataset.id ) }" value="${sample_dataset.name}" size="100"/> + <input type="text" name="new_name_${trans.security.encode_id( sample_dataset.id ) }" value="${sample_dataset.name | h}" size="100"/></td><td>${sample_dataset.file_path}</td></tr> diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/admin/requests/view_sample_dataset.mako --- a/templates/admin/requests/view_sample_dataset.mako +++ b/templates/admin/requests/view_sample_dataset.mako @@ -21,19 +21,19 @@ </ul><div class="toolForm"> - <div class="toolFormTitle">"${sample.name}" Dataset</div> + <div class="toolFormTitle">"${sample.name | h}" Dataset</div><div class="toolFormBody"><div class="form-row"><label>Name:</label><div style="float: left; width: 250px; margin-right: 10px;"> - ${sample_dataset.name} + ${sample_dataset.name | h} </div><div style="clear: both"></div></div><div class="form-row"><label>External service:</label><div style="float: left; width: 250px; margin-right: 10px;"> - ${sample_dataset.external_service.name} (${sample_dataset.external_service.get_external_service_type( trans ).name}) + ${sample_dataset.external_service.name | h} (${sample_dataset.external_service.get_external_service_type( trans ).name | h}) </div><div style="clear: both"></div></div> diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/user/edit_address.mako --- a/templates/user/edit_address.mako +++ b/templates/user/edit_address.mako @@ -10,17 +10,17 @@ <ul class="manage-table-actions"><li> - <a class="action-button" href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, user_id=trans.security.encode_id( user.id) )}">Manage user information</a> + <a class="action-button" href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, id=trans.security.encode_id( user.id) )}">Manage user information</a></li></ul><div class="toolForm"><div class="toolFormTitle">Edit address</div><div class="toolFormBody"> - <form name="login_info" id="login_info" action="${h.url_for( controller='user', action='edit_address', cntrller=cntrller, address_id=trans.security.encode_id( address_obj.id ), user_id=trans.security.encode_id( user.id ) )}" method="post" > + <form name="login_info" id="login_info" action="${h.url_for( controller='user', action='edit_address', cntrller=cntrller, address_id=trans.security.encode_id( address_obj.id ), id=trans.security.encode_id( user.id ) )}" method="post" ><div class="form-row"><label>Short Description:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="short_desc" value="${address_obj.desc}" size="40"> + <input type="text" name="short_desc" value="${address_obj.desc | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -28,7 +28,7 @@ <div class="form-row"><label>Name:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="name" value="${address_obj.name}" size="40"> + <input type="text" name="name" value="${address_obj.name | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -36,7 +36,7 @@ <div class="form-row"><label>Institution:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="institution" value="${address_obj.institution}" size="40"> + <input type="text" name="institution" value="${address_obj.institution | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -44,7 +44,7 @@ <div class="form-row"><label>Address:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="address" value="${address_obj.address}" size="40"> + <input type="text" name="address" value="${address_obj.address | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -52,7 +52,7 @@ <div class="form-row"><label>City:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="city" value="${address_obj.city}" size="40"> + <input type="text" name="city" value="${address_obj.city | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -60,7 +60,7 @@ <div class="form-row"><label>State/Province/Region:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="state" value="${address_obj.state}" size="40"> + <input type="text" name="state" value="${address_obj.state | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -68,7 +68,7 @@ <div class="form-row"><label>Postal Code:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="postal_code" value="${address_obj.postal_code}" size="40"> + <input type="text" name="postal_code" value="${address_obj.postal_code | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -76,7 +76,7 @@ <div class="form-row"><label>Country:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="country" value="${address_obj.country}" size="40"> + <input type="text" name="country" value="${address_obj.country | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -84,7 +84,7 @@ <div class="form-row"><label>Phone:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="phone" value="${address_obj.phone}" size="40"> + <input type="text" name="phone" value="${address_obj.phone | h}" size="40"></div><div style="clear: both"></div></div> diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/user/index.mako --- a/templates/user/index.mako +++ b/templates/user/index.mako @@ -1,9 +1,4 @@ <%inherit file="/base.mako"/> -<%namespace file="/message.mako" import="render_msg" /> - -%if message: - ${render_msg( message, status )} -%endif %if trans.user: <h2>${_('User preferences')}</h2> diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/user/info.mako --- a/templates/user/info.mako +++ b/templates/user/info.mako @@ -90,7 +90,7 @@ <div class="toolFormTitle">Login Information</div><div class="form-row"><label>Email address:</label> - <input type="text" id ="email_input" name="email" value="${email}" size="40"/> + <input type="text" id ="email_input" name="email" value="${email | h}" size="40"/><div class="toolParamHelp" style="clear: both;"> If you change your email address you will receive an activation link in the new mailbox and you have to activate your account by visiting it. </div> @@ -99,13 +99,13 @@ <label>Public name:</label> %if t.webapp.name == 'tool_shed': %if user.active_repositories: - <input type="hidden" name="username" value="${username}"/> - ${username} + <input type="hidden" name="username" value="${username | h}"/> + ${username | h} <div class="toolParamHelp" style="clear: both;"> You cannot change your public name after you have created a repository in this tool shed. </div> %else: - <input type="text" name="username" size="40" value="${username}"/> + <input type="text" name="username" size="40" value="${username | h}"/><div class="toolParamHelp" style="clear: both;"> Your public name provides a means of identifying you publicly within this tool shed. Public names must be at least four characters in length and contain only lower-case letters, numbers, @@ -114,7 +114,7 @@ </div> %endif %else: - <input type="text" id="name_input" name="username" size="40" value="${username}"/> + <input type="text" id="name_input" name="username" size="40" value="${username | h}"/><div class="toolParamHelp" style="clear: both;"> Your public name is an optional identifier that will be used to generate addresses for information you share publicly. Public names must be at least four characters in length and contain only lower-case diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/user/new_address.mako --- a/templates/user/new_address.mako +++ b/templates/user/new_address.mako @@ -10,18 +10,18 @@ <ul class="manage-table-actions"><li> - <a class="action-button" href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, user_id=trans.security.encode_id( user.id) )}"> + <a class="action-button" href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, id=trans.security.encode_id( user.id) )}"><span>Manage User Information</span></a></li></ul><div class="toolForm"><div class="toolFormTitle">Add new address</div><div class="toolFormBody"> - <form name="login_info" id="login_info" action="${h.url_for( controller='user', action='new_address', cntrller=cntrller, user_id=trans.security.encode_id( user.id ) )}" method="post" > + <form name="login_info" id="login_info" action="${h.url_for( controller='user', action='new_address', cntrller=cntrller, id=trans.security.encode_id( user.id ) )}" method="post" ><div class="form-row"><label>Short Description:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="short_desc" value="${short_desc}" size="40"> + <input type="text" name="short_desc" value="${short_desc | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -29,7 +29,7 @@ <div class="form-row"><label>Name:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="name" value="${name}" size="40"> + <input type="text" name="name" value="${name | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -37,7 +37,7 @@ <div class="form-row"><label>Institution:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="institution" value="${institution}" size="40"> + <input type="text" name="institution" value="${institution | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -45,7 +45,7 @@ <div class="form-row"><label>Address:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="address" value="${address}" size="40"> + <input type="text" name="address" value="${address | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -53,7 +53,7 @@ <div class="form-row"><label>City:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="city" value="${city}" size="40"> + <input type="text" name="city" value="${city | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -61,7 +61,7 @@ <div class="form-row"><label>State/Province/Region:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="state" value="${state}" size="40"> + <input type="text" name="state" value="${state | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -69,7 +69,7 @@ <div class="form-row"><label>Postal Code:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="postal_code" value="${postal_code}" size="40"> + <input type="text" name="postal_code" value="${postal_code | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -77,7 +77,7 @@ <div class="form-row"><label>Country:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="country" value="${country}" size="40"> + <input type="text" name="country" value="${country | h}" size="40"></div><div class="toolParamHelp" style="clear: both;">Required</div><div style="clear: both"></div> @@ -85,7 +85,7 @@ <div class="form-row"><label>Phone:</label><div style="float: left; width: 250px; margin-right: 10px;"> - <input type="text" name="phone" value="${phone}" size="40"> + <input type="text" name="phone" value="${phone | h}" size="40"></div><div style="clear: both"></div></div> diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/webapps/galaxy/requests/common/common.mako --- a/templates/webapps/galaxy/requests/common/common.mako +++ b/templates/webapps/galaxy/requests/common/common.mako @@ -257,18 +257,18 @@ <td valign="top"><input type="checkbox" name=select_sample_${sample.id} id="sample_checkbox" value="true" ${checked_str}/><input type="hidden" name=select_sample_${sample.id} id="sample_checkbox" value="true"/></td> %endif <td valign="top"> - <input type="text" name="sample_${sample_widget_index}_name" value="${sample_widget['name']}" size="10"/> + <input type="text" name="sample_${sample_widget_index}_name" value="${sample_widget['name'] | h}" size="10"/><div class="toolParamHelp" style="clear: both;"> - <i>${' (required)' }</i> + <i>(required)</i></div></td> %if display_bar_code: <td valign="top"> %if is_admin and is_submitted: - <input type="text" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code']}" size="10"/> + <input type="text" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code'] | h}" size="10"/> %else: - ${sample_widget['bar_code']} - <input type="hidden" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code']}"/> + ${sample_widget['bar_code'] | h} + <input type="hidden" name="sample_${sample_widget_index}_bar_code" value="${sample_widget['bar_code'] | h}"/> %endif </td> %endif @@ -416,7 +416,7 @@ transferred_dataset_files = [] %><div style="float: left; margin-left: 2px;" class="menubutton split popup" id="sample-${sample.id}-popup"> - <a class="view-info" href="${h.url_for( controller='requests_common', action='view_sample', cntrller=cntrller, id=trans.security.encode_id( sample.id ) )}">${sample.name}</a> + <a class="view-info" href="${h.url_for( controller='requests_common', action='view_sample', cntrller=cntrller, id=trans.security.encode_id( sample.id ) )}">${sample.name | h}</a></div><div popupmenu="sample-${sample.id}-popup"> %if can_select_datasets: @@ -439,11 +439,11 @@ %endif </div> %else: - ${sample_widget_name} + ${sample_widget_name | h} %endif </td> %if display_bar_code: - <td>${sample_widget_bar_code}</td> + <td>${sample_widget_bar_code | h}</td> %endif %if is_unsubmitted: <td>Unsubmitted</td> @@ -451,12 +451,12 @@ <td><a id="sampleState-${sample.id}" href="${h.url_for( controller='requests_common', action='view_sample_history', cntrller=cntrller, sample_id=trans.security.encode_id( sample.id ) )}">${render_sample_state( sample )}</a></td> %endif %if sample_widget_library and library_cntrller is not None: - <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=library_cntrller, id=trans.security.encode_id( sample_widget_library.id ) )}">${sample_widget_library.name}</a></td> + <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=library_cntrller, id=trans.security.encode_id( sample_widget_library.id ) )}">${sample_widget_library.name | h}</a></td> %else: <td></td> %endif %if sample_widget_folder: - <td>${sample_widget_folder.name}</td> + <td>${sample_widget_folder.name | h}</td> %else: <td></td> %endif @@ -464,11 +464,11 @@ %if trans.user == sample_widget_history.user: <td><a target='_parent' href="${h.url_for( controller='history', action='list', operation="Switch", id=trans.security.encode_id(sample_widget_history.id), use_panels=False )}"> - ${sample_widget_history.name} + ${sample_widget_history.name | h} </a></td> %else: - <td>${sample_widget_history.name}</td> + <td>${sample_widget_history.name | h}</td> %endif %else: <td></td> @@ -477,11 +477,11 @@ %if trans.user == sample_widget_workflow.stored_workflow.user: <td><a target='_parent' href="${h.url_for( controller='workflow', action='editor', id=trans.security.encode_id(sample_widget_workflow.stored_workflow.id) )}"> - ${sample_widget_workflow.name} + ${sample_widget_workflow.name | h} </a></td> %else: - <td>${sample_widget_workflow.name}</td> + <td>${sample_widget_workflow.name | h}</td> %endif %else: <td></td> @@ -519,7 +519,7 @@ <%def name="render_sample_form( index, sample_name, sample_values, fields_dict, display_only )"><tr> - <td>${sample_name}</td> + <td>${sample_name | h}</td> %for field_index, field in fields_dict.items(): <% field_type = field[ 'type' ] @@ -532,17 +532,17 @@ %if field_type == 'WorkflowField': %if str( field_value ) != 'none': <% workflow = trans.sa_session.query( trans.app.model.StoredWorkflow ).get( int( field_value ) ) %> - <a href="${h.url_for( controller='workflow', action='run', id=trans.security.encode_id( workflow.id ) )}">${workflow.name}</a> + <a href="${h.url_for( controller='workflow', action='run', id=trans.security.encode_id( workflow.id ) )}">${workflow.name | h}</a> %endif %else: - ${field_value} + ${field_value | h} %endif %else: <i>None</i> %endif %else: %if field_type == 'TextField': - <input type="text" name="sample_${index}_field_${field_index}" value="${field_value}" size="7"/> + <input type="text" name="sample_${index}_field_${field_index}" value="${field_value | h}" size="7"/> %elif field_type == 'SelectField': <select name="sample_${index}_field_${field_index}" last_selected_value="2"> %for option_index, option in enumerate(field[ 'selectlist' ]): @@ -695,7 +695,7 @@ %if is_admin: <span class="expandLink dataset-${dataset}-click"><span class="rowIcon"></span><div style="float: left; margin-left: 2px;" class="menubutton split popup" id="dataset-${dataset.id}-popup"> - <a class="dataset-${encoded_id}-click" href="${h.url_for( controller='requests_admin', action='manage_datasets', operation='view', id=trans.security.encode_id( dataset.id ) )}">${dataset.name}</a> + <a class="dataset-${encoded_id}-click" href="${h.url_for( controller='requests_admin', action='manage_datasets', operation='view', id=trans.security.encode_id( dataset.id ) )}">${dataset.name | h}</a></div></span><div popupmenu="dataset-${dataset.id}-popup"> @@ -704,12 +704,12 @@ %endif </div> %else: - ${dataset.name} + ${dataset.name | h} %endif </td><td>${dataset.size}</td> - <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=cntrller, id=trans.security.encode_id( sample.library.id ) )}">${dataset.sample.library.name}</a></td> - <td>${dataset.sample.folder.name}</td> + <td><a href="${h.url_for( controller='library_common', action='browse_library', cntrller=cntrller, id=trans.security.encode_id( sample.library.id ) )}">${dataset.sample.library.name | h}</a></td> + <td>${dataset.sample.folder.name | h}</td><td id="datasetTransferStatus-${encoded_id}">${dataset.status}</td></tr> %endfor @@ -723,7 +723,7 @@ <%def name="render_samples_messages( request, is_admin=False, is_submitted=False, message=None, status=None)"> %if request.is_rejected: <div class='errormessage'> - ${request.last_comment} + ${request.last_comment | h} </div><br/> %endif %if is_admin and is_submitted and request.samples_without_library_destinations: diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/webapps/galaxy/requests/common/create_request.mako --- a/templates/webapps/galaxy/requests/common/create_request.mako +++ b/templates/webapps/galaxy/requests/common/create_request.mako @@ -23,7 +23,7 @@ <div class="toolForm"><div class="toolFormTitle">Create a new sequencing request</div> %if len( request_type_select_field.options ) < 1: - There are no request types available for ${trans.user.email} to create sequencing requests. + There are no request types available for ${trans.user.email | h} to create sequencing requests. %else: <div class="toolFormBody"><form name="create_request" id="create_request" action="${h.url_for( controller='requests_common', action='create_request', cntrller=cntrller )}" method="post" > diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/webapps/galaxy/requests/common/edit_basic_request_info.mako --- a/templates/webapps/galaxy/requests/common/edit_basic_request_info.mako +++ b/templates/webapps/galaxy/requests/common/edit_basic_request_info.mako @@ -31,7 +31,7 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Edit sequencing request "${request.name}"</div> + <div class="toolFormTitle">Edit sequencing request "${request.name | h}"</div><div class="toolFormBody"><form name="edit_basic_request_info" id="edit_basic_request_info" action="${h.url_for( controller='requests_common', action='edit_basic_request_info', cntrller=cntrller, id=trans.security.encode_id( request.id ) )}" method="post" > %for i, field in enumerate( widgets ): @@ -70,11 +70,11 @@ %><div class="form-row"><label>Send to:</label> - <input type="checkbox" name="email_address" value="true" ${email_address}>${request.user.email} (sequencing request owner)<input type="hidden" name="email_address" value="true"> + <input type="checkbox" name="email_address" value="true" ${email_address}>${request.user.email | h} (sequencing request owner)<input type="hidden" name="email_address" value="true"></div><div class="form-row"><label>Additional email addresses:</label> - <textarea name="additional_email_addresses" rows="3" cols="40">${emails}</textarea> + <textarea name="additional_email_addresses" rows="3" cols="40">${emails | h}</textarea><div class="toolParamHelp" style="clear: both;"> Enter one email address per line </div> diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/webapps/galaxy/requests/common/find_samples.mako --- a/templates/webapps/galaxy/requests/common/find_samples.mako +++ b/templates/webapps/galaxy/requests/common/find_samples.mako @@ -72,7 +72,7 @@ %if samples: %for sample in samples: <div class="form-row"> - Sample: <b>${sample.name}</b> | Barcode: ${sample.bar_code}<br/> + Sample: <b>${sample.name | h}</b> | Barcode: ${sample.bar_code | h}<br/> %if sample.request.is_new or not sample.state: State: Unsubmitted<br/> %else: @@ -85,10 +85,10 @@ %> Datasets: <a href="${h.url_for( controller='requests_common', action='view_sample_datasets', cntrller=cntrller, external_service_id=trans.security.encode_id( external_service.id ), sample_id=trans.security.encode_id( sample.id ) )}">${len( sample.datasets )}</a><br/> %if is_admin: - <i>User: ${sample.request.user.email}</i> + <i>User: ${sample.request.user.email | h}</i> %endif <div class="toolParamHelp" style="clear: both;"> - <a href="${h.url_for( controller='requests_common', action='view_request', cntrller=cntrller, id=trans.security.encode_id( sample.request.id ) )}">Sequencing request: ${sample.request.name} | Type: ${sample.request.type.name} | State: ${sample.request.state}</a> + <a href="${h.url_for( controller='requests_common', action='view_request', cntrller=cntrller, id=trans.security.encode_id( sample.request.id ) )}">Sequencing request: ${sample.request.name | h} | Type: ${sample.request.type.name} | State: ${sample.request.state}</a></div></div><br/> diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/webapps/galaxy/requests/common/view_request.mako --- a/templates/webapps/galaxy/requests/common/view_request.mako +++ b/templates/webapps/galaxy/requests/common/view_request.mako @@ -58,7 +58,7 @@ ${render_samples_messages(request, is_admin, is_submitted, message, status)} <div class="toolForm"> - <div class="toolFormTitle">Sequencing request "${request.name}"</div> + <div class="toolFormTitle">Sequencing request "${request.name | h}"</div><div class="toolFormBody"><div class="form-row"><label>Current state:</label> @@ -67,12 +67,12 @@ </div><div class="form-row"><label>Description:</label> - ${request.desc} + ${request.desc | h} <div style="clear: both"></div></div><div class="form-row"><label>User:</label> - ${request.user.email} + ${request.user.email | h} <div style="clear: both"></div></div><div class="form-row"> @@ -94,7 +94,7 @@ %><div class="form-row"><label>${field_label}:</label> - ${field_value} + ${field_value | h} </div><div style="clear: both"></div> %endfor @@ -116,7 +116,7 @@ else: emails = '' %> - ${emails} + ${emails | h} <div style="clear: both"></div></div><div class="form-row"> diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/webapps/galaxy/requests/common/view_request_history.mako --- a/templates/webapps/galaxy/requests/common/view_request_history.mako +++ b/templates/webapps/galaxy/requests/common/view_request_history.mako @@ -36,7 +36,7 @@ ${render_msg( message, status )} %endif -<h3>History of sequencing request "${request.name}"</h3> +<h3>History of sequencing request "${request.name | h}"</h3><div class="toolForm"><table class="grid"> @@ -52,7 +52,7 @@ <tr><td><b>${event.state}</b></td><td>${time_ago( event.update_time )}</td> - <td>${event.comment}</td> + <td>${event.comment | h}</td></tr> %endfor </tbody> diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/webapps/galaxy/requests/common/view_sample.mako --- a/templates/webapps/galaxy/requests/common/view_sample.mako +++ b/templates/webapps/galaxy/requests/common/view_sample.mako @@ -6,7 +6,7 @@ %if external_service: <p><div class="toolForm"> - <div class="toolFormTitle">Available External Service Actions for ${sample.name} at ${external_service.name}</div> + <div class="toolFormTitle">Available External Service Actions for ${sample.name | h} at ${external_service.name | h}</div><div class="toolFormBody"><div class="toolMenu"> %for item in external_service.actions: @@ -25,7 +25,7 @@ <div class="form-row"><div class="toolSectionList"><div class="toolSectionTitle"> - <span>${external_service_group.label}</span> + <span>${external_service_group.label | h}</span></div><div class="toolSectionBody"><div class="toolSectionBg"> @@ -54,7 +54,7 @@ target = 'galaxy_main' %><div class="toolTitle"> - <a href="${external_service_action.get_action_access_link( trans )}" target="${target}">${external_service_action.label}</a> + <a href="${external_service_action.get_action_access_link( trans )}" target="${target}">${external_service_action.label | h}</a></div></%def> @@ -75,38 +75,38 @@ %endif <div class="toolForm"> - <div class="toolFormTitle">Sample "${sample.name}"</div> + <div class="toolFormTitle">Sample "${sample.name | h}"</div><div class="toolFormBody"><div class="form-row"><label>Name:</label> - ${sample.name} + ${sample.name | h} <div style="clear: both"></div></div><div class="form-row"><label>Description:</label> - ${sample.desc} + ${sample.desc | h} <div style="clear: both"></div></div><div class="form-row"><label>Barcode:</label> - ${sample.bar_code} + ${sample.bar_code | h} <div style="clear: both"></div></div> %if sample.library: <div class="form-row"><label>Library:</label> - ${sample.library.name} + ${sample.library.name | h} <div style="clear: both"></div></div><div class="form-row"><label>Folder:</label> - ${sample.folder.name} + ${sample.folder.name | h} <div style="clear: both"></div></div> %endif <div class="form-row"><label>Request:</label> - ${sample.request.name} + ${sample.request.name | h} <div style="clear: both"></div></div></div> diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/webapps/galaxy/requests/common/view_sample_history.mako --- a/templates/webapps/galaxy/requests/common/view_sample_history.mako +++ b/templates/webapps/galaxy/requests/common/view_sample_history.mako @@ -12,7 +12,7 @@ ${render_msg( message, status )} %endif -<h3>History of sample "${sample.name}"</h3> +<h3>History of sample "${sample.name | h}"</h3><div class="toolForm"><table class="grid"> @@ -27,10 +27,10 @@ <tbody> %for event in sample.events: <tr> - <td><b>${event.state.name}</b></td> - <td>${event.state.desc}</td> + <td><b>${event.state.name | h}</b></td> + <td>${event.state.desc | h}</td><td>${time_ago( event.update_time )}</td> - <td>${event.comment}</td> + <td>${event.comment | h}</td></tr> %endfor </tbody> diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/webapps/galaxy/user/list_users.mako --- a/templates/webapps/galaxy/user/list_users.mako +++ b/templates/webapps/galaxy/user/list_users.mako @@ -1,4 +1,5 @@ <%inherit file="/base.mako"/> +<%namespace file="/message.mako" import="render_msg" /> %if message: ${render_msg( message, status )} diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/webapps/galaxy/user/manage_info.mako --- a/templates/webapps/galaxy/user/manage_info.mako +++ b/templates/webapps/galaxy/user/manage_info.mako @@ -42,7 +42,7 @@ <p/><div class="toolForm"> - <form name="user_addresses" id="user_addresses" action="${h.url_for( controller='user', action='new_address', cntrller=cntrller, user_id=trans.security.encode_id( user.id ) )}" method="post" > + <form name="user_addresses" id="user_addresses" action="${h.url_for( controller='user', action='new_address', cntrller=cntrller, id=trans.security.encode_id( user.id ) )}" method="post" ><div class="toolFormTitle">User Addresses</div><div class="toolFormBody"> %if user.addresses: @@ -53,9 +53,9 @@ <span>|</span> %endif %if show_filter == filter: - <span class="filter"><a href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, show_filter=filter, user_id=trans.security.encode_id( user.id ) )}"><b>${filter}</b></a></span> + <span class="filter"><a href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, show_filter=filter, id=trans.security.encode_id( user.id ) )}"><b>${filter}</b></a></span> %else: - <span class="filter"><a href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, show_filter=filter, user_id=trans.security.encode_id( user.id ) )}">${filter}</a></span> + <span class="filter"><a href="${h.url_for( controller='user', action='manage_user_info', cntrller=cntrller, show_filter=filter, id=trans.security.encode_id( user.id ) )}">${filter}</a></span> %endif %endfor </div> @@ -73,10 +73,10 @@ <ul class="manage-table-actions"><li> %if not address.deleted: - <a class="action-button" href="${h.url_for( controller='user', action='edit_address', cntrller=cntrller, address_id=trans.security.encode_id( address.id ), user_id=trans.security.encode_id( user.id ) )}">Edit</a> - <a class="action-button" href="${h.url_for( controller='user', action='delete_address', cntrller=cntrller, address_id=trans.security.encode_id( address.id ), user_id=trans.security.encode_id( user.id ) )}">Delete</a> + <a class="action-button" href="${h.url_for( controller='user', action='edit_address', cntrller=cntrller, address_id=trans.security.encode_id( address.id ), id=trans.security.encode_id( user.id ) )}">Edit</a> + <a class="action-button" href="${h.url_for( controller='user', action='delete_address', cntrller=cntrller, address_id=trans.security.encode_id( address.id ), id=trans.security.encode_id( user.id ) )}">Delete</a> %else: - <a class="action-button" href="${h.url_for( controller='user', action='undelete_address', cntrller=cntrller, address_id=trans.security.encode_id( address.id ), user_id=trans.security.encode_id( user.id ) )}">Undelete</a> + <a class="action-button" href="${h.url_for( controller='user', action='undelete_address', cntrller=cntrller, address_id=trans.security.encode_id( address.id ), id=trans.security.encode_id( user.id ) )}">Undelete</a> %endif </li></ul> diff -r f7e9759b27a00e7e4a0d6c455dfa4e3744f484f9 -r 25d6c1903eceb8a2ed47459d1fefcfaed57e8995 templates/webapps/galaxy/user/ok_admin_api_keys.mako --- a/templates/webapps/galaxy/user/ok_admin_api_keys.mako +++ /dev/null @@ -1,28 +0,0 @@ -<%inherit file="/base.mako"/> -<%namespace file="/message.mako" import="render_msg" /> - -<br/><br/> -<ul class="manage-table-actions"> - <li> - <a class="action-button" href="${h.url_for( controller='userskeys', action='all_users', cntrller=cntrller )}">List users API keys</a> - </li> -</ul> - -%if message: - ${render_msg( message, status )} -%endif - - <div> - <div style="clear: both;"> - SUCCESS. A new API key has been generated. - </div> - - - <div style="clear: both;"> - An API key will allow you to access Galaxy via its web - API (documentation forthcoming). Please note that - <strong>this key acts as an alternate means to access - your account, and should be treated with the same care - as your login password</strong>. - </div> - </div> Repository URL: https://bitbucket.org/galaxy/galaxy-central/ -- This is a commit notification from bitbucket.org. You are receiving this because you have the service enabled, addressing the recipient of this email.