# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-import uuid
import logging
+
import wtforms
+ from sqlalchemy import or_
- from mediagoblin import messages, mg_globals
- from mediagoblin.tools.mail import normalize_email, send_email
+ from mediagoblin import mg_globals
+ from mediagoblin.auth import lib as auth_lib
+ from mediagoblin.db.models import User
+ from mediagoblin.tools.mail import (normalize_email, send_email,
+ email_debug_message)
-from mediagoblin.tools.template import render_template
from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
- from mediagoblin.db.models import User
+from mediagoblin.tools.template import render_template
+from mediagoblin.tools.pluginapi import hook_handle
+from mediagoblin import auth
++
++_log = logging.getLogger(__name__)
_log = logging.getLogger(__name__)
return _normalize_field
+class AuthError(Exception):
+ def __init__(self):
+ self.value = 'No Authentication Plugin is enabled and no_auth = false'\
+ ' in config!'
+
+ def __str__(self):
+ return repr(self.value)
+
+
+def check_auth_enabled():
+ no_auth = mg_globals.app_config['no_auth']
+ auth_plugin = hook_handle('authentication')
+
+ if no_auth == 'false' and not auth_plugin:
+ raise AuthError
+
+ if no_auth == 'true' and not auth_plugin:
+ _log.warning('No authentication is enabled')
+ return False
+ else:
+ return True
+
+
+def no_auth_logout(request):
+ """Log out the user if in no_auth mode"""
+ if not mg_globals.app.auth:
+ request.session.delete()
+
+
+ EMAIL_VERIFICATION_TEMPLATE = (
+ u"http://{host}{uri}?"
+ u"userid={userid}&token={verification_key}")
+
+
+ def send_verification_email(user, request):
+ """
+ Send the verification email to users to activate their accounts.
+
+ Args:
+ - user: a user object
+ - request: the request
+ """
+ rendered_email = render_template(
+ request, 'mediagoblin/auth/verification_email.txt',
+ {'username': user.username,
+ 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
+ host=request.host,
+ uri=request.urlgen('mediagoblin.auth.verify_email'),
+ userid=unicode(user.id),
+ verification_key=user.verification_key)})
+
+ # TODO: There is no error handling in place
+ send_email(
+ mg_globals.app_config['email_sender_address'],
+ [user.email],
+ # TODO
+ # Due to the distributed nature of GNU MediaGoblin, we should
+ # find a way to send some additional information about the
+ # specific GNU MediaGoblin instance in the subject line. For
+ # example "GNU MediaGoblin @ Wandborg - [...]".
+ 'GNU MediaGoblin - Verify your email!',
+ rendered_email)
+
+
def basic_extra_validation(register_form, *args):
users_with_username = User.query.filter_by(
- username=register_form.data['username']).count()
+ username=register_form.username.data).count()
users_with_email = User.query.filter_by(
- email=register_form.data['email']).count()
+ email=register_form.email.data).count()
extra_validation_passes = True
return None
- def email_debug_message(request):
- """
- If the server is running in email debug mode (which is
- the current default), give a debug message to the user
- so that they have an idea where to find their email.
- """
- if mg_globals.app_config['email_debug_mode']:
- # DEBUG message, no need to translate
- messages.add_message(request, messages.DEBUG,
- u"This instance is running in email debug mode. "
- u"The email will be on the console of the server process.")
-
-
- EMAIL_VERIFICATION_TEMPLATE = (
- u"http://{host}{uri}?"
- u"userid={userid}&token={verification_key}")
-
-
- def send_verification_email(user, request):
- """
- Send the verification email to users to activate their accounts.
-
- Args:
- - user: a user object
- - request: the request
- """
- rendered_email = render_template(
- request, 'mediagoblin/auth/verification_email.txt',
- {'username': user.username,
- 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
- host=request.host,
- uri=request.urlgen('mediagoblin.auth.verify_email'),
- userid=unicode(user.id),
- verification_key=user.verification_key)})
-
- # TODO: There is no error handling in place
- send_email(
- mg_globals.app_config['email_sender_address'],
- [user.email],
- # TODO
- # Due to the distributed nature of GNU MediaGoblin, we should
- # find a way to send some additional information about the
- # specific GNU MediaGoblin instance in the subject line. For
- # example "GNU MediaGoblin @ Wandborg - [...]".
- 'GNU MediaGoblin - Verify your email!',
- rendered_email)
-
-
+EMAIL_FP_VERIFICATION_TEMPLATE = (
+ u"http://{host}{uri}?"
+ u"userid={userid}&token={fp_verification_key}")
+
+
+def send_fp_verification_email(user, request):
+ """
+ Send the verification email to users to change their password.
+
+ Args:
+ - user: a user object
+ - request: the request
+ """
+ rendered_email = render_template(
+ request, 'mediagoblin/auth/fp_verification_email.txt',
+ {'username': user.username,
+ 'verification_url': EMAIL_FP_VERIFICATION_TEMPLATE.format(
+ host=request.host,
+ uri=request.urlgen('mediagoblin.auth.verify_forgot_password'),
+ userid=unicode(user.id),
+ fp_verification_key=user.fp_verification_key)})
+
+ # TODO: There is no error handling in place
+ send_email(
+ mg_globals.app_config['email_sender_address'],
+ [user.email],
+ 'GNU MediaGoblin - Change forgotten password!',
+ rendered_email)
++
++
+ def check_login_simple(username, password, username_might_be_email=False):
+ search = (User.username == username)
+ if username_might_be_email and ('@' in username):
+ search = or_(search, User.email == username)
+ user = User.query.filter(search).first()
+ if not user:
+ _log.info("User %r not found", username)
+ auth_lib.fake_login_attempt()
+ return None
+ if not auth_lib.bcrypt_check_password(password, user.pw_hash):
+ _log.warn("Wrong password for %r", username)
+ return None
+ _log.info("Logging %r in", username)
+ return user
from mediagoblin.db.models import User
from mediagoblin.tools.response import render_to_response, redirect, render_404
from mediagoblin.tools.translate import pass_to_ugettext as _
+ from mediagoblin.tools.mail import email_debug_message
from mediagoblin.auth import lib as auth_lib
from mediagoblin.auth import forms as auth_forms
-from mediagoblin.auth.lib import send_fp_verification_email
-from mediagoblin.auth.tools import (send_verification_email, register_user,
+from mediagoblin.auth.tools import (send_verification_email,
- register_user, email_debug_message,
- send_fp_verification_email)
++ register_user,
++ send_fp_verification_email,
+ check_login_simple)
+from mediagoblin import auth
def register(request):
login_failed = False
if request.method == 'POST':
-
- username = login_form.data['username']
++ username = login_form.username.data
+
if login_form.validate():
- user = auth.get_user(login_form)
+ user = check_login_simple(username, login_form.password.data, True)
- if user and auth.check_login(user, login_form.password.data):
+ if user:
# set up login in session
request.session['user_id'] = unicode(user.id)
request.session.save()
projects / mediagoblin.git / commitdiff