heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

piwigo: Return proper error for wrong user/password.

Browse Source 
And fix tests.
This commit is contained in:
Elrond 2013-05-20 17:50:04 +02:00
parent 68910f6797
commit 4adc3a85dd
3 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
mediagoblin/plugins/piwigo/tools.py
View File

@ -84,7 +84,8 @@ def response_xml(result):
err = ET.SubElement(r, "err") err = ET.SubElement(r, "err")
err.set("code", str(result.code)) err.set("code", str(result.code))
err.set("msg", result.msg) err.set("msg", result.msg)
status = result.code if result.code >= 100 and result.code < 600:
status = result.code
else: else:
_fill_element(r, result) _fill_element(r, result)
return Response(ET.tostring(r, encoding="utf-8", xml_declaration=True), return Response(ET.tostring(r, encoding="utf-8", xml_declaration=True),

9
mediagoblin/plugins/piwigo/views.py
View File

@ -28,8 +28,8 @@ from mediagoblin.media_types import sniff_media
from mediagoblin.submit.lib import check_file_field, prepare_queue_task, \ from mediagoblin.submit.lib import check_file_field, prepare_queue_task, \
run_process_media run_process_media
from .tools import CmdTable, PwgNamedArray, response_xml, check_form, \ from .tools import CmdTable, response_xml, check_form, \
PWGSession PWGSession, PwgNamedArray, PwgError
from .forms import AddSimpleForm, AddForm from .forms import AddSimpleForm, AddForm
@ -40,15 +40,14 @@ _log = logging.getLogger(__name__)
def pwg_login(request): def pwg_login(request):
username = request.form.get("username") username = request.form.get("username")
password = request.form.get("password") password = request.form.get("password")
_log.debug("Login for %r/%r...", username, password)
user = request.db.User.query.filter_by(username=username).first() user = request.db.User.query.filter_by(username=username).first()
if not user: if not user:
_log.info("User %r not found", username) _log.info("User %r not found", username)
fake_login_attempt() fake_login_attempt()
return False return PwgError(999, 'Invalid username/password')
if not user.check_login(password): if not user.check_login(password):
_log.warn("Wrong password for %r", username) _log.warn("Wrong password for %r", username)
return False return PwgError(999, 'Invalid username/password')
_log.info("Logging %r in", username) _log.info("Logging %r in", username)
request.session["user_id"] = user.id request.session["user_id"] = user.id
request.session.save() request.session.save()

6
mediagoblin/tests/test_piwigo.py
View File

@ -44,11 +44,13 @@ class Test_PWG(object):
def test_session(self): def test_session(self):
resp = self.do_post("pwg.session.login", resp = self.do_post("pwg.session.login",
{"username": u"nouser", "password": "wrong"}) {"username": u"nouser", "password": "wrong"})
assert resp.body == XML_PREFIX + '<rsp stat="ok">0</rsp>' assert resp.body == XML_PREFIX \
+ '<rsp stat="fail"><err code="999" msg="Invalid username/password"/></rsp>'
resp = self.do_post("pwg.session.login", resp = self.do_post("pwg.session.login",
{"username": self.username, "password": "wrong"}) {"username": self.username, "password": "wrong"})
assert resp.body == XML_PREFIX + '<rsp stat="ok">0</rsp>' assert resp.body == XML_PREFIX \
+ '<rsp stat="fail"><err code="999" msg="Invalid username/password"/></rsp>'
resp = self.do_get("pwg.session.getStatus") resp = self.do_get("pwg.session.getStatus")
assert resp.body == XML_PREFIX \ assert resp.body == XML_PREFIX \