heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'login-validator-5414'

Browse Source
This commit is contained in:
Boris Bobrov 2016-07-25 03:23:25 +03:00
commit 1aab84d0dc
3 changed files with 60 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
mediagoblin/auth/tools.py
View File

@ -34,14 +34,19 @@ from mediagoblin import auth
_log = logging.getLogger(__name__) _log = logging.getLogger(__name__)
def normalize_user_or_email_field(allow_email=True, allow_user=True): def normalize_user_or_email_field(allow_email=True, allow_user=True,
""" is_login=False):
Check if we were passed a field that matches a username and/or email """Check if we were passed a field that matches a username and/or email
pattern. pattern.
This is useful for fields that can take either a username or email This is useful for fields that can take either a username or email
address. Use the parameters if you want to only allow a username for address. Use the parameters if you want to only allow a username
instance""" for instance
is_login : bool
If is_login is True, does not check the length of username.
"""
message = _(u'Invalid User name or email address.') message = _(u'Invalid User name or email address.')
nomail_msg = _(u"This field does not take email addresses.") nomail_msg = _(u"This field does not take email addresses.")
nouser_msg = _(u"This field requires an email address.") nouser_msg = _(u"This field requires an email address.")
@ -56,7 +61,8 @@ def normalize_user_or_email_field(allow_email=True, allow_user=True):
else: # lower case user names else: # lower case user names
if not allow_user: if not allow_user:
raise wtforms.ValidationError(nouser_msg) raise wtforms.ValidationError(nouser_msg)
wtforms.validators.Length(min=3, max=30)(form, field) if not is_login:
wtforms.validators.Length(min=3, max=30)(form, field)
wtforms.validators.Regexp(r'^[-_\w]+$')(form, field) wtforms.validators.Regexp(r'^[-_\w]+$')(form, field)
field.data = field.data.lower() field.data = field.data.lower()
if field.data is None: # should not happen, but be cautious anyway if field.data is None: # should not happen, but be cautious anyway

2
mediagoblin/plugins/basic_auth/forms.py
View File

@ -38,7 +38,7 @@ class LoginForm(wtforms.Form):
username = wtforms.StringField( username = wtforms.StringField(
_('Username or Email'), _('Username or Email'),
[wtforms.validators.InputRequired(), [wtforms.validators.InputRequired(),
normalize_user_or_email_field()]) normalize_user_or_email_field(is_login=True)])
password = wtforms.PasswordField( password = wtforms.PasswordField(
_('Password')) _('Password'))
stay_logged_in = wtforms.BooleanField( stay_logged_in = wtforms.BooleanField(

48
mediagoblin/tests/test_auth.py
View File

@ -1,4 +1,3 @@
# GNU MediaGoblin -- federated, autonomous media hosting # GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
# #
@ -373,6 +372,53 @@ def test_authentication_views(test_app):
assert not form.username.data == u'ANDREW' assert not form.username.data == u'ANDREW'
assert form.username.data == u'andrew' assert form.username.data == u'andrew'
# Successful login with short user
# --------------------------------
short_user = fixture_add_user(username=u'me', password=u'sho')
template.clear_test_template_context()
response = test_app.post(
'/auth/login/', {
'username': u'me',
'password': 'sho'})
# User should be redirected
response.follow()
assert urlparse.urlsplit(response.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
# Make sure user is in the session
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
session = context['request'].session
assert session['user_id'] == six.text_type(short_user.id)
# Must logout
template.clear_test_template_context()
response = test_app.get('/auth/logout/')
# Successful login with long user
# ----------------
long_user = fixture_add_user(
username=u'realllylonguser@reallylongdomain.com.co', password=u'sho')
template.clear_test_template_context()
response = test_app.post(
'/auth/login/', {
'username': u'realllylonguser@reallylongdomain.com.co',
'password': 'sho'})
# User should be redirected
response.follow()
assert urlparse.urlsplit(response.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
# Make sure user is in the session
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
session = context['request'].session
assert session['user_id'] == six.text_type(long_user.id)
template.clear_test_template_context()
response = test_app.get('/auth/logout/')
@pytest.fixture() @pytest.fixture()
def authentication_disabled_app(request): def authentication_disabled_app(request):
return get_app( return get_app(