Mercurial > p > roundup > code

view scripts/copy-user.py @ 8356:63390dcfcfe9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
bug: fix template use of structure with untrusted data Looks like an xSS bug with an early version of the template that was fixed in the code but never in the deployed tracker. It has been a while since this particular construct has been in the classic template which is the base for the tracker. This has been fixed on the deployed tracker as well. reported by 4bug of ChaMd5 Security Team H1 Group
author John Rouillard <rouilj@ieee.org>
date Tue, 08 Jul 2025 10:23:09 -0400
parents 2a6c3eb4e059
children fed0f839c260
line wrap: on
line source

#!/usr/bin/env python
# Copyright (C) 2003 by Intevation GmbH
# Author:
# Thomas Arendsen Hein <thomas@intevation.de>
#
# This program is free software dual licensed under the GPL (>=v2)
# and the Roundup Licensing (see COPYING.txt in the roundup distribution).

"""
copy-user <instance-home> <instance-home> <userid> [<userid>...]

Copy one or more Roundup users from one tracker instance to another.
Example:
    copy-user /roundup/tracker1 /roundup/tracker2 `seq 3 10` 14 16
    (copies users 3, 4, 5, 6, 7, 8, 9, 10, 14 and 16)
"""

from __future__ import print_function

import sys

import roundup.instance


def copy_user(home1, home2, *userids):
    """Copy users which are listed by userids from home1 to home2"""

    copyattribs = ['username', 'password', 'address', 'realname', 'phone',
                   'organisation', 'alternate_addresses', 'roles', 'timezone']

    try:
        instance1 = roundup.instance.open(home1)
        print("Opened source instance: %s" % home1)
    except:
        print("Can't open source instance: %s" % home1)
        sys.exit(1)

    try:
        instance2 = roundup.instance.open(home2)
        print("Opened target instance: %s" % home2)
    except:
        print("Can't open target instance: %s" % home2)
        sys.exit(1)

    db1 = instance1.open('admin')
    db2 = instance2.open('admin')

    db1.tx_Source = "cli"
    db2.tx_Source = "cli"

    userlist = db1.user.list()
    for userid in userids:
        try:
            userid = str(int(userid))
        except ValueError:
            print("Not a numeric user id: %s  Skipping ..." % (userid,))
            continue
        if userid not in userlist:
            print("User %s not in source instance. Skipping ..." % userid)
            continue

        user = {}
        for attrib in copyattribs:
            value = db1.user.get(userid, attrib)
            if value:
                user[attrib] = value
        try:
            db2.user.lookup(user['username'])
            print("User %s: Username '%s' exists in target instance. Skipping ..." % (userid, user['username']))
            continue
        except KeyError:
            pass
        print("Copying user %s (%s) ..." % (userid, user['username']))
        db2.user.create(**user)

    db2.commit()
    db2.close()
    print("Closed target instance.")
    db1.close()
    print("Closed source instance.")


if __name__ == "__main__":
    if len(sys.argv) < 4:
        print(__doc__)
        sys.exit(1)
    else:
        copy_user(*sys.argv[1:])
Roundup Issue Tracker: http://roundup-tracker.org/