From: Rodney Ewing Date: Fri, 3 May 2013 15:50:30 +0000 (-0700) Subject: basic_auth v0 plugin working X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=ee355966c84fb32541b3940eee6adae15c89cc19;p=mediagoblin.git basic_auth v0 plugin working --- diff --git a/mediagoblin.ini b/mediagoblin.ini index 4906546a..057084ae 100644 --- a/mediagoblin.ini +++ b/mediagoblin.ini @@ -47,3 +47,4 @@ base_url = /mgoblin_media/ # documentation for details. [plugins] [[mediagoblin.plugins.geolocation]] +[[mediagoblin.plugins.basic_auth]] diff --git a/mediagoblin/auth/__init__.py b/mediagoblin/auth/__init__.py index 621845ba..2460c048 100644 --- a/mediagoblin/auth/__init__.py +++ b/mediagoblin/auth/__init__.py @@ -13,3 +13,32 @@ # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . +from mediagoblin.tools.pluginapi import hook_handle + + +def check_login(user, login_form): + return hook_handle("auth_check_login", user, login_form) + + +def get_user(*args): + return hook_handle("auth_get_user", *args) + + +def create_user(*args): + return hook_handle("auth_create_user", *args) + + +def extra_validation(register_form, *args): + return hook_handle("auth_extra_validation", register_form, *args) + + +def get_user_metadata(user): + return hook_handle("auth_get_user_metadata", user) + + +def get_login_form(request): + return hook_handle("auth_get_login_form", request) + + +def get_registration_form(request): + return hook_handle("auth_get_registration_form", request) diff --git a/mediagoblin/auth/forms.py b/mediagoblin/auth/forms.py index 599b2576..bab0d35e 100644 --- a/mediagoblin/auth/forms.py +++ b/mediagoblin/auth/forms.py @@ -21,32 +21,6 @@ from mediagoblin.tools.translate import lazy_pass_to_ugettext as _ from mediagoblin.auth.tools import normalize_user_or_email_field -class RegistrationForm(wtforms.Form): - username = wtforms.TextField( - _('Username'), - [wtforms.validators.Required(), - normalize_user_or_email_field(allow_email=False)]) - password = wtforms.PasswordField( - _('Password'), - [wtforms.validators.Required(), - wtforms.validators.Length(min=5, max=1024)]) - email = wtforms.TextField( - _('Email address'), - [wtforms.validators.Required(), - normalize_user_or_email_field(allow_user=False)]) - - -class LoginForm(wtforms.Form): - username = wtforms.TextField( - _('Username or Email'), - [wtforms.validators.Required(), - normalize_user_or_email_field()]) - password = wtforms.PasswordField( - _('Password'), - [wtforms.validators.Required(), - wtforms.validators.Length(min=5, max=1024)]) - - class ForgotPassForm(wtforms.Form): username = wtforms.TextField( _('Username or email'), diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py index dc408911..2b3b036a 100644 --- a/mediagoblin/auth/views.py +++ b/mediagoblin/auth/views.py @@ -25,6 +25,7 @@ from mediagoblin.auth import lib as auth_lib from mediagoblin.auth import forms as auth_forms from mediagoblin.auth.lib import send_verification_email, \ send_fp_verification_email +import mediagoblin.auth as auth from sqlalchemy import or_ def email_debug_message(request): @@ -54,33 +55,15 @@ def register(request): _('Sorry, registration is disabled on this instance.')) return redirect(request, "index") - register_form = auth_forms.RegistrationForm(request.form) + register_form = auth.get_registration_form(request) if request.method == 'POST' and register_form.validate(): # TODO: Make sure the user doesn't exist already - users_with_username = User.query.filter_by(username=register_form.data['username']).count() - users_with_email = User.query.filter_by(email=register_form.data['email']).count() - - extra_validation_passes = True - - if users_with_username: - register_form.username.errors.append( - _(u'Sorry, a user with that name already exists.')) - extra_validation_passes = False - if users_with_email: - register_form.email.errors.append( - _(u'Sorry, a user with that email address already exists.')) - extra_validation_passes = False + extra_validation_passes = auth.extra_validation(register_form) if extra_validation_passes: # Create the user - user = User() - user.username = register_form.data['username'] - user.email = register_form.data['email'] - user.pw_hash = auth_lib.bcrypt_gen_password_hash( - register_form.password.data) - user.verification_key = unicode(uuid.uuid4()) - user.save() + user = auth.create_user(register_form) # log the user in request.session['user_id'] = unicode(user.id) @@ -108,23 +91,15 @@ def login(request): If you provide the POST with 'next', it'll redirect to that view. """ - login_form = auth_forms.LoginForm(request.form) + login_form = auth.get_login_form(request) login_failed = False if request.method == 'POST': - - username = login_form.data['username'] - if login_form.validate(): - user = User.query.filter( - or_( - User.username == username, - User.email == username, - - )).first() + user = auth.get_user(login_form) - if user and user.check_login(login_form.password.data): + if user and auth.check_login(user, login_form): # set up login in session request.session['user_id'] = unicode(user.id) request.session.save() diff --git a/mediagoblin/plugins/basic_auth/__init__.py b/mediagoblin/plugins/basic_auth/__init__.py new file mode 100644 index 00000000..ca3d2516 --- /dev/null +++ b/mediagoblin/plugins/basic_auth/__init__.py @@ -0,0 +1,95 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +import os +import uuid + +import forms as auth_forms +from mediagoblin.auth import lib as auth_lib +from mediagoblin.db.models import User +from mediagoblin.tools.translate import pass_to_ugettext as _ +from mediagoblin.tools import pluginapi +from sqlalchemy import or_ + + +PLUGIN_DIR = os.path.dirname(__file__) + + +def setup_plugin(): + config = pluginapi.get_config('mediagoblin.pluginapi.basic_auth') + + +def check_login(user, login_form): + return user.check_login(login_form.password.data) + + +def get_user(login_form): + username = login_form.data['username'] + user = User.query.filter( + or_( + User.username == username, + User.email == username, + )).first() + return user + + +def create_user(registration_form): + user = User() + user.username = registration_form.data['username'] + user.email = registration_form.data['email'] + user.pw_hash = auth_lib.bcrypt_gen_password_hash( + registration_form.password.data) + user.verification_key = unicode(uuid.uuid4()) + user.save() + return user + + +def extra_validation(register_form, *args): + users_with_username = User.query.filter_by( + username=register_form.data['username']).count() + users_with_email = User.query.filter_by( + email=register_form.data['email']).count() + + extra_validation_passes = True + + if users_with_username: + register_form.username.errors.append( + _(u'Sorry, a user with that name already exists.')) + extra_validation_passes = False + if users_with_email: + register_form.email.errors.append( + _(u'Sorry, a user with that email address already exists.')) + extra_validation_passes = False + + return extra_validation_passes + + +def get_login_form(request): + return auth_forms.LoginForm(request.form) + + +def get_registration_form(request): + return auth_forms.RegistrationForm(request.form) + + +hooks = { + 'setup': setup_plugin, + 'auth_check_login': check_login, + 'auth_get_user': get_user, + 'auth_create_user': create_user, + 'auth_extra_validation': extra_validation, + 'auth_get_login_form': get_login_form, + 'auth_get_registration_form': get_registration_form, +} diff --git a/mediagoblin/plugins/basic_auth/forms.py b/mediagoblin/plugins/basic_auth/forms.py new file mode 100644 index 00000000..28eb7d0a --- /dev/null +++ b/mediagoblin/plugins/basic_auth/forms.py @@ -0,0 +1,30 @@ +import wtforms + +from mediagoblin.tools.translate import lazy_pass_to_ugettext as _ +from mediagoblin.auth.forms import normalize_user_or_email_field + + +class RegistrationForm(wtforms.Form): + username = wtforms.TextField( + _('Username'), + [wtforms.validators.Required(), + normalize_user_or_email_field(allow_email=False)]) + password = wtforms.PasswordField( + _('Password'), + [wtforms.validators.Required(), + wtforms.validators.Length(min=5, max=1024)]) + email = wtforms.TextField( + _('Email address'), + [wtforms.validators.Required(), + normalize_user_or_email_field(allow_user=False)]) + + +class LoginForm(wtforms.Form): + username = wtforms.TextField( + _('Username or Email'), + [wtforms.validators.Required(), + normalize_user_or_email_field()]) + password = wtforms.PasswordField( + _('Password'), + [wtforms.validators.Required(), + wtforms.validators.Length(min=5, max=1024)])