# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+import logging
+
import wtforms
+from sqlalchemy import or_
from mediagoblin import mg_globals
+from mediagoblin.auth import lib as auth_lib
+from mediagoblin.db.models import User
from mediagoblin.tools.mail import normalize_email, send_email
from mediagoblin.tools.template import render_template
from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
+_log = logging.getLogger(__name__)
+
def normalize_user_or_email_field(allow_email=True, allow_user=True):
"""
# example "GNU MediaGoblin @ Wandborg - [...]".
'GNU MediaGoblin - Verify your email!',
rendered_email)
+
+
+def check_login_simple(username, password, username_might_be_email=False):
+ search = (User.username == username)
+ if username_might_be_email and ('@' in username):
+ search = or_(search, User.email == username)
+ user = User.query.filter(search).first()
+ if not user:
+ _log.info("User %r not found", username)
+ auth_lib.fake_login_attempt()
+ return None
+ if not auth_lib.bcrypt_check_password(password, user.pw_hash):
+ _log.warn("Wrong password for %r", username)
+ return None
+ _log.info("Logging %r in", username)
+ return user
from mediagoblin.auth import lib as auth_lib
from mediagoblin.auth import forms as auth_forms
from mediagoblin.auth.lib import send_fp_verification_email
-from mediagoblin.auth.tools import send_verification_email
-from sqlalchemy import or_
+from mediagoblin.auth.tools import (send_verification_email,
+ check_login_simple)
def register(request):
username = login_form.data['username']
if login_form.validate():
- user = User.query.filter(
- or_(
- User.username == username,
- User.email == username,
+ user = check_login_simple(username, login_form.password.data, True)
- )).first()
-
- if user and user.check_login(login_form.password.data):
+ if user:
# set up login in session
request.session['user_id'] = unicode(user.id)
request.session.save()
else:
return redirect(request, "index")
- # Some failure during login occured if we are here!
- # Prevent detecting who's on this system by testing login
- # attempt timings
- auth_lib.fake_login_attempt()
login_failed = True
return render_to_response(
from werkzeug.utils import cached_property
from mediagoblin import mg_globals
-from mediagoblin.auth import lib as auth_lib
from mediagoblin.media_types import get_media_managers, FileTypeNotSupported
from mediagoblin.tools import common, licenses
from mediagoblin.tools.text import cleaned_markdown_conversion
class UserMixin(object):
- def check_login(self, password):
- """
- See if a user can login with this password
- """
- return auth_lib.bcrypt_check_password(
- password, self.pw_hash)
-
@property
def bio_html(self):
return cleaned_markdown_conversion(self.bio)
from werkzeug.exceptions import Unauthorized
+from mediagoblin.auth.tools import check_login_simple
from mediagoblin.plugins.api.tools import Auth
_log = logging.getLogger(__name__)
if not request.authorization:
return False
- user = request.db.User.query.filter_by(
- username=unicode(request.authorization['username'])).first()
+ user = check_login_simple(unicode(request.authorization['username']),
+ request.authorization['password'])
- if user.check_login(request.authorization['password']):
+ if user:
request.user = user
return True
else:
from werkzeug.wrappers import BaseResponse
from mediagoblin.meddleware.csrf import csrf_exempt
-from mediagoblin.auth.lib import fake_login_attempt
+from mediagoblin.auth.tools import check_login_simple
from mediagoblin.media_types import sniff_media
from mediagoblin.submit.lib import check_file_field, prepare_queue_task, \
run_process_media, new_upload_entry
def pwg_login(request):
username = request.form.get("username")
password = request.form.get("password")
- user = request.db.User.query.filter_by(username=username).first()
+ user = check_login_simple(username, password)
if not user:
- _log.info("User %r not found", username)
- fake_login_attempt()
return PwgError(999, 'Invalid username/password')
- if not user.check_login(password):
- _log.warn("Wrong password for %r", username)
- return PwgError(999, 'Invalid username/password')
- _log.info("Logging %r in", username)
request.session["user_id"] = user.id
request.session.save()
return True
dump = []
for f in form:
dump.append("%s=%r" % (f.name, f.data))
- _log.info("addSimple: %r %s %r", request.form, " ".join(dump),
+ _log.info("addSimple: %r %s %r", request.form, " ".join(dump),
request.files)
if not check_file_field(request, 'image'):