From: Rodney Ewing Date: Mon, 27 May 2013 15:25:22 +0000 (-0700) Subject: Merge branch 'pre-auth' into basic_auth X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=bcd10ad6633d90b5feae4f5dec8cf5d5754d51b5;p=mediagoblin.git Merge branch 'pre-auth' into basic_auth Conflicts: mediagoblin/auth/tools.py mediagoblin/auth/views.py mediagoblin/db/migrations.py mediagoblin/plugins/basic_auth/lib.py mediagoblin/plugins/httpapiauth/__init__.py mediagoblin/plugins/piwigo/views.py --- bcd10ad6633d90b5feae4f5dec8cf5d5754d51b5 diff --cc mediagoblin/auth/tools.py index 3e3c36f0,db6b6e37..f38a292a --- a/mediagoblin/auth/tools.py +++ b/mediagoblin/auth/tools.py @@@ -14,16 -14,19 +14,22 @@@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . -import uuid import logging + import wtforms + from sqlalchemy import or_ - from mediagoblin import messages, mg_globals - from mediagoblin.tools.mail import normalize_email, send_email + from mediagoblin import mg_globals + from mediagoblin.auth import lib as auth_lib + from mediagoblin.db.models import User + from mediagoblin.tools.mail import (normalize_email, send_email, + email_debug_message) -from mediagoblin.tools.template import render_template from mediagoblin.tools.translate import lazy_pass_to_ugettext as _ +from mediagoblin.tools.template import render_template +from mediagoblin.tools.pluginapi import hook_handle +from mediagoblin import auth - from mediagoblin.db.models import User ++ ++_log = logging.getLogger(__name__) _log = logging.getLogger(__name__) @@@ -58,40 -61,46 +64,75 @@@ def normalize_user_or_email_field(allow return _normalize_field +class AuthError(Exception): + def __init__(self): + self.value = 'No Authentication Plugin is enabled and no_auth = false'\ + ' in config!' + + def __str__(self): + return repr(self.value) + + +def check_auth_enabled(): + no_auth = mg_globals.app_config['no_auth'] + auth_plugin = hook_handle('authentication') + + if no_auth == 'false' and not auth_plugin: + raise AuthError + + if no_auth == 'true' and not auth_plugin: + _log.warning('No authentication is enabled') + return False + else: + return True + + +def no_auth_logout(request): + """Log out the user if in no_auth mode""" + if not mg_globals.app.auth: + request.session.delete() + + + EMAIL_VERIFICATION_TEMPLATE = ( + u"http://{host}{uri}?" + u"userid={userid}&token={verification_key}") + + + def send_verification_email(user, request): + """ + Send the verification email to users to activate their accounts. + + Args: + - user: a user object + - request: the request + """ + rendered_email = render_template( + request, 'mediagoblin/auth/verification_email.txt', + {'username': user.username, + 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format( + host=request.host, + uri=request.urlgen('mediagoblin.auth.verify_email'), + userid=unicode(user.id), + verification_key=user.verification_key)}) + + # TODO: There is no error handling in place + send_email( + mg_globals.app_config['email_sender_address'], + [user.email], + # TODO + # Due to the distributed nature of GNU MediaGoblin, we should + # find a way to send some additional information about the + # specific GNU MediaGoblin instance in the subject line. For + # example "GNU MediaGoblin @ Wandborg - [...]". + 'GNU MediaGoblin - Verify your email!', + rendered_email) + + def basic_extra_validation(register_form, *args): users_with_username = User.query.filter_by( - username=register_form.data['username']).count() + username=register_form.username.data).count() users_with_email = User.query.filter_by( - email=register_form.data['email']).count() + email=register_form.email.data).count() extra_validation_passes = True @@@ -127,79 -143,17 +168,47 @@@ def register_user(request, register_for return None - def email_debug_message(request): - """ - If the server is running in email debug mode (which is - the current default), give a debug message to the user - so that they have an idea where to find their email. - """ - if mg_globals.app_config['email_debug_mode']: - # DEBUG message, no need to translate - messages.add_message(request, messages.DEBUG, - u"This instance is running in email debug mode. " - u"The email will be on the console of the server process.") - - - EMAIL_VERIFICATION_TEMPLATE = ( - u"http://{host}{uri}?" - u"userid={userid}&token={verification_key}") - - - def send_verification_email(user, request): - """ - Send the verification email to users to activate their accounts. - - Args: - - user: a user object - - request: the request - """ - rendered_email = render_template( - request, 'mediagoblin/auth/verification_email.txt', - {'username': user.username, - 'verification_url': EMAIL_VERIFICATION_TEMPLATE.format( - host=request.host, - uri=request.urlgen('mediagoblin.auth.verify_email'), - userid=unicode(user.id), - verification_key=user.verification_key)}) - - # TODO: There is no error handling in place - send_email( - mg_globals.app_config['email_sender_address'], - [user.email], - # TODO - # Due to the distributed nature of GNU MediaGoblin, we should - # find a way to send some additional information about the - # specific GNU MediaGoblin instance in the subject line. For - # example "GNU MediaGoblin @ Wandborg - [...]". - 'GNU MediaGoblin - Verify your email!', - rendered_email) - - +EMAIL_FP_VERIFICATION_TEMPLATE = ( + u"http://{host}{uri}?" + u"userid={userid}&token={fp_verification_key}") + + +def send_fp_verification_email(user, request): + """ + Send the verification email to users to change their password. + + Args: + - user: a user object + - request: the request + """ + rendered_email = render_template( + request, 'mediagoblin/auth/fp_verification_email.txt', + {'username': user.username, + 'verification_url': EMAIL_FP_VERIFICATION_TEMPLATE.format( + host=request.host, + uri=request.urlgen('mediagoblin.auth.verify_forgot_password'), + userid=unicode(user.id), + fp_verification_key=user.fp_verification_key)}) + + # TODO: There is no error handling in place + send_email( + mg_globals.app_config['email_sender_address'], + [user.email], + 'GNU MediaGoblin - Change forgotten password!', + rendered_email) ++ ++ + def check_login_simple(username, password, username_might_be_email=False): + search = (User.username == username) + if username_might_be_email and ('@' in username): + search = or_(search, User.email == username) + user = User.query.filter(search).first() + if not user: + _log.info("User %r not found", username) + auth_lib.fake_login_attempt() + return None + if not auth_lib.bcrypt_check_password(password, user.pw_hash): + _log.warn("Wrong password for %r", username) + return None + _log.info("Logging %r in", username) + return user diff --cc mediagoblin/auth/views.py index a21a92e9,bb7bda77..109763ce --- a/mediagoblin/auth/views.py +++ b/mediagoblin/auth/views.py @@@ -21,12 -21,12 +21,14 @@@ from mediagoblin import messages, mg_gl from mediagoblin.db.models import User from mediagoblin.tools.response import render_to_response, redirect, render_404 from mediagoblin.tools.translate import pass_to_ugettext as _ + from mediagoblin.tools.mail import email_debug_message from mediagoblin.auth import lib as auth_lib from mediagoblin.auth import forms as auth_forms -from mediagoblin.auth.lib import send_fp_verification_email -from mediagoblin.auth.tools import (send_verification_email, register_user, +from mediagoblin.auth.tools import (send_verification_email, - register_user, email_debug_message, - send_fp_verification_email) ++ register_user, ++ send_fp_verification_email, + check_login_simple) +from mediagoblin import auth def register(request): @@@ -92,10 -73,13 +94,12 @@@ def login(request) login_failed = False if request.method == 'POST': - - username = login_form.data['username'] ++ username = login_form.username.data + if login_form.validate(): - user = auth.get_user(login_form) + user = check_login_simple(username, login_form.password.data, True) - if user and auth.check_login(user, login_form.password.data): + if user: # set up login in session request.session['user_id'] = unicode(user.id) request.session.save()