This file is indexed.

/usr/share/pyshared/MoinMoin/auth/botbouncer.py is in python-moinmoin 1.9.3-1ubuntu2.3.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# -*- coding: iso-8859-1 -*-
"""
    MoinMoin - botbouncer.com verifier for OpenID login

    @copyright: 2007 MoinMoin:JohannesBerg
    @license: GNU GPL, see COPYING for details.
"""
from MoinMoin import user
from MoinMoin.auth import BaseAuth, CancelLogin, ContinueLogin, MultistageRedirectLogin
from urllib import urlopen, quote_plus

class BotBouncer(BaseAuth):
    name = 'botbouncer'

    def __init__(self, apikey):
        BaseAuth.__init__(self)
        self.apikey = apikey

    def login(self, request, user_obj, **kw):
        if kw.get('multistage'):
            uid = request.session.get('botbouncer.uid', None)
            if not uid:
                return CancelLogin(None)
            openid = request.session['botbouncer.id']
            del request.session['botbouncer.id']
            del request.session['botbouncer.uid']
            user_obj = user.User(request, uid, auth_method='openid',
                                 auth_username=openid)

        if not user_obj or not user_obj.valid:
            return ContinueLogin(user_obj)

        if user_obj.auth_method != 'openid':
            return ContinueLogin(user_obj)

        openid_id = user_obj.auth_username

        _ = request.getText

        try:
            url = "http://botbouncer.com/api/info?openid=%s&api_key=%s" % (
                           quote_plus(openid_id), self.apikey)
            data = urlopen(url).read().strip()
        except IOError:
            return CancelLogin(_('Could not contact botbouncer.com.'))

        data = data.split(':')
        if len(data) != 2 or data[0] != 'verified':
            return CancelLogin('botbouncer.com verification failed, probably invalid API key.')

        if data[1].lower() == 'true':
            # they proved they are human already
            return ContinueLogin(user_obj)

        # tell them to verify at bot bouncer first
        request.session['botbouncer.id'] = openid_id
        request.session['botbouncer.uid'] = user_obj.id

        goto = "http://botbouncer.com/captcha/queryuser?return_to=%%return_form&openid=%s" % (
            quote_plus(request.session['botbouncer.id']))
        return MultistageRedirectLogin(goto)