from mediagoblin.tools.response import render_to_response, redirect, render_404
from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.tools.mail import email_debug_message
-from mediagoblin.auth import lib as auth_lib
from mediagoblin.auth import forms as auth_forms
-from mediagoblin.auth.lib import send_fp_verification_email
from mediagoblin.auth.tools import (send_verification_email, register_user,
+ send_fp_verification_email,
check_login_simple)
+from mediagoblin import auth
def register(request):
Note that usernames will always be lowercased. Email domains are lowercased while
the first part remains case-sensitive.
"""
- # Redirects to indexpage if registrations are disabled
- if not mg_globals.app_config["allow_registration"]:
+ # Redirects to indexpage if registrations are disabled or no authentication
+ # is enabled
+ if not mg_globals.app_config["allow_registration"] or not mg_globals.app.auth:
messages.add_message(
request,
messages.WARNING,
_('Sorry, registration is disabled on this instance.'))
return redirect(request, "index")
- register_form = auth_forms.RegistrationForm(request.form)
+ if 'pass_auth' not in request.template_env.globals:
+ if 'openid' in request.template_env.globals:
+ return redirect(request, 'mediagoblin.plugins.openid.register')
+
+ register_form = auth.get_registration_form(request)
if request.method == 'POST' and register_form.validate():
# TODO: Make sure the user doesn't exist already
return render_to_response(
request,
'mediagoblin/auth/register.html',
- {'register_form': register_form})
+ {'register_form': register_form,
+ 'focus': 'username',
+ 'post_url': request.urlgen('mediagoblin.auth.register')})
def login(request):
If you provide the POST with 'next', it'll redirect to that view.
"""
- login_form = auth_forms.LoginForm(request.form)
+ # Redirects to index page if no authentication is enabled
+ if not mg_globals.app.auth:
+ messages.add_message(
+ request,
+ messages.WARNING,
+ _('Sorry, authentication is disabled on this instance.'))
+ return redirect(request, 'index')
+
+ if 'pass_auth' not in request.template_env.globals:
+ if 'openid' in request.template_env.globals:
+ return redirect(request, 'mediagoblin.plugins.openid.login')
+
+ login_form = auth.get_login_form(request)
login_failed = False
if request.method == 'POST':
+ username = login_form.username.data
+
+ if login_form.validate():
+ user = check_login_simple(username, login_form.password.data)
username = login_form.data['username']
{'login_form': login_form,
'next': request.GET.get('next') or request.form.get('next'),
'login_failed': login_failed,
+ 'focus': 'username',
+ 'post_url': request.urlgen('mediagoblin.auth.login'),
'allow_registration': mg_globals.app_config["allow_registration"]})
Sends an email with an url to renew forgotten password.
Use GET querystring parameter 'username' to pre-populate the input field
"""
+ if not 'pass_auth' in request.template_env.globals:
+ return redirect(request, 'index')
+
fp_form = auth_forms.ForgotPassForm(request.form,
username=request.args.get('username'))
if not (request.method == 'POST' and fp_form.validate()):
# Either GET request, or invalid form submitted. Display the template
return render_to_response(request,
- 'mediagoblin/auth/forgot_password.html', {'fp_form': fp_form})
+ 'mediagoblin/auth/forgot_password.html', {'fp_form': fp_form,
+ 'focus': 'username'})
# If we are here: method == POST and form is valid. username casing
# has been sanitized. Store if a user was found by email. We should
cp_form = auth_forms.ChangePassForm(formdata_vars)
if request.method == 'POST' and cp_form.validate():
- user.pw_hash = auth_lib.bcrypt_gen_password_hash(
+ user.pw_hash = auth.gen_password_hash(
cp_form.password.data)
user.fp_verification_key = None
user.fp_token_expire = None
return render_to_response(
request,
'mediagoblin/auth/change_fp.html',
- {'cp_form': cp_form})
+ {'cp_form': cp_form,
+ 'focus': 'password'})
# in case there is a valid id but no user with that id in the db
# or the token expired