merge --squash persona branch to take care of a false merge commit in

the basic_auth branch that persona is forked from

Conflicts:
	mediagoblin/templates/mediagoblin/auth/login.html
	mediagoblin/templates/mediagoblin/auth/register.html
	mediagoblin/templates/mediagoblin/edit/edit_account.html

These are commit messages from the squashed persona stuff:

 - added tests and fixed minor errors
 - fixed a redirect loop when only persona is enabled and accessing /auth/login
 - moved persona.js to plugin's static dir
 - fixes for add/remove persona emails
 - add and remove personas
 - working with multiple plugins
 - working version
 - switched to hidden form instead of ajax
 - beginings

mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/login.html

@@ -44,6 +44,13 @@
         {% trans %}Log in to create an account!{% endtrans %} 
         </p>
       {% endif %}
+      {% if persona is defined %}
+        <p>
+        <a href="javascript:;" id="persona_login">
+          {% trans %}Or login with Persona!{% endtrans %}
+        </a>
+        </p>
+      {% endif %}
       {% if pass_auth is defined %}
       <p>
       <a href="{{ request.urlgen('mediagoblin.auth.login') }}?{{ request.query_string }}">

mediagoblin/plugins/persona/__init__.py

@@ -0,0 +1,113 @@
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+from pkg_resources import resource_filename
+import os
+
+from sqlalchemy import or_
+
+from mediagoblin.auth.tools import create_basic_user
+from mediagoblin.db.models import User
+from mediagoblin.plugins.persona.models import PersonaUserEmails
+from mediagoblin.tools import pluginapi
+from mediagoblin.tools.staticdirect import PluginStatic
+from mediagoblin.tools.translate import pass_to_ugettext as _
+
+PLUGIN_DIR = os.path.dirname(__file__)
+
+
+def setup_plugin():
+    config = pluginapi.get_config('mediagoblin.plugins.persona')
+
+    routes = [
+        ('mediagoblin.plugins.persona.login',
+         '/auth/persona/login/',
+         'mediagoblin.plugins.persona.views:login'),
+        ('mediagoblin.plugins.persona.register',
+         '/auth/persona/register/',
+         'mediagoblin.plugins.persona.views:register'),
+        ('mediagoblin.plugins.persona.edit',
+         '/edit/persona/',
+         'mediagoblin.plugins.persona.views:edit'),
+        ('mediagoblin.plugins.persona.add',
+         '/edit/persona/add/',
+         'mediagoblin.plugins.persona.views:add')]
+
+    pluginapi.register_routes(routes)
+    pluginapi.register_template_path(os.path.join(PLUGIN_DIR, 'templates'))
+    pluginapi.register_template_hooks(
+        {'persona_head': 'mediagoblin/plugins/persona/persona_js_head.html',
+         'persona_form': 'mediagoblin/plugins/persona/persona.html'})
+
+
+def create_user(register_form):
+    if 'persona_email' in register_form:
+        username = register_form.username.data
+        user = User.query.filter(
+            or_(
+                User.username == username,
+                User.email == username,
+            )).first()
+
+        if not user:
+            user = create_basic_user(register_form)
+
+        new_entry = PersonaUserEmails()
+        new_entry.persona_email = register_form.persona_email.data
+        new_entry.user_id = user.id
+        new_entry.save()
+
+        return user
+
+
+def extra_validation(register_form):
+    persona_email = register_form.persona_email.data if 'persona_email' in \
+        register_form else None
+    if persona_email:
+        persona_email_exists = PersonaUserEmails.query.filter_by(
+            persona_email=persona_email
+            ).count()
+
+        extra_validation_passes = True
+
+        if persona_email_exists:
+            register_form.persona_email.errors.append(
+                _('Sorry, an account is already registered to that Persona'
+                  ' email.'))
+            extra_validation_passes = False
+
+        return extra_validation_passes
+
+
+def Auth():
+    return True
+
+
+def add_to_global_context(context):
+    if len(pluginapi.hook_runall('authentication')) == 1:
+        context['persona_auth'] = True
+    context['persona'] = True
+    return context
+
+hooks = {
+    'setup': setup_plugin,
+    'authentication': Auth,
+    'auth_extra_validation': extra_validation,
+    'auth_create_user': create_user,
+    'template_global_context': add_to_global_context,
+    'static_setup': lambda: PluginStatic(
+        'coreplugin_persona',
+        resource_filename('mediagoblin.plugins.persona', 'static'))
+}

mediagoblin/plugins/persona/forms.py

@@ -0,0 +1,41 @@
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+import wtforms
+
+from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
+from mediagoblin.auth.tools import normalize_user_or_email_field
+
+
+class RegistrationForm(wtforms.Form):
+    username = wtforms.TextField(
+        _('Username'),
+        [wtforms.validators.Required(),
+         normalize_user_or_email_field(allow_email=False)])
+    email = wtforms.TextField(
+        _('Email address'),
+        [wtforms.validators.Required(),
+         normalize_user_or_email_field(allow_user=False)])
+    persona_email = wtforms.HiddenField(
+        '',
+        [wtforms.validators.Required(),
+         normalize_user_or_email_field(allow_user=False)])
+
+
+class EditForm(wtforms.Form):
+    email = wtforms.TextField(
+        _('Email address'),
+        [wtforms.validators.Required(),
+         normalize_user_or_email_field(allow_user=False)])

mediagoblin/plugins/persona/models.py

@@ -0,0 +1,36 @@
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+from sqlalchemy import Column, Integer, Unicode, ForeignKey
+from sqlalchemy.orm import relationship, backref
+
+from mediagoblin.db.models import User
+from mediagoblin.db.base import Base
+
+
+class PersonaUserEmails(Base):
+    __tablename__ = "persona__user_emails"
+
+    id = Column(Integer, primary_key=True)
+    persona_email = Column(Unicode, nullable=False)
+    user_id = Column(Integer, ForeignKey(User.id), nullable=False)
+
+    # Persona's are owned by their user, so do the full thing.
+    user = relationship(User, backref=backref('persona_emails',
+                                              cascade='all, delete-orphan'))
+
+MODELS = [
+    PersonaUserEmails
+]

mediagoblin/plugins/persona/static/js/persona.js

@@ -0,0 +1,44 @@
+/**
+ * GNU MediaGoblin -- federated, autonomous media hosting
+ * Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+$(document).ready(function () {
+    var signinLink = document.getElementById('persona_login');
+    if (signinLink) {
+        signinLink.onclick = function() { navigator.id.request(); };
+    }
+
+    var signoutLink = document.getElementById('logout');
+    if (signoutLink) {
+        signoutLink.onclick = function() { navigator.id.logout(); };
+    }
+
+    navigator.id.watch({
+        onlogin: function(assertion) {
+            document.getElementById('_assertion').value = assertion;
+            document.getElementById('_persona_login').submit()
+    },
+        onlogout: function() {
+            $.ajax({
+                type: 'POST',
+                url: '/auth/logout',
+                success: function(res, status, xhr) { window.location.reload(); },
+                error: function(xhr, status, err) { alert("Logout failure: " + err); }
+            });
+        }
+    });
+});

mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/edit.html

@@ -0,0 +1,43 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#}
+{% extends "mediagoblin/base.html" %}
+
+{% import "/mediagoblin/utils/wtforms.html" as wtforms_util %}
+
+{% block title -%}
+  {% trans %}Add an OpenID{% endtrans %} &mdash; {{ super() }}
+{%- endblock %}
+
+{% block mediagoblin_content %}
+    <form action="{{ request.urlgen('mediagoblin.plugins.persona.edit') }}"
+        method="POST" enctype="multipart/form-data">
+    {{ csrf_token }}
+    <div class="form_box">
+      <h1>{% trans %}Delete a Persona email address{% endtrans %}</h1>
+      <p>
+      <a href="javascript:;" id="persona_login">
+          {% trans %}Add a Persona email address{% endtrans %}
+        </a>
+      </p>
+      {{ wtforms_util.render_divs(form, True) }}
+      <div class="form_submit_buttons">
+        <input type="submit" value="{% trans %}Delete{% endtrans %}" class="button_form"/>
+      </div>
+    </div>
+  </form>
+{% endblock %}

mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/persona.html

@@ -0,0 +1,30 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#}
+{% block persona %}
+  <form id="_persona_login"
+    action=
+    {% if edit_persona is defined %}
+      "{{ request.urlgen('mediagoblin.plugins.persona.add') }}"
+    {% else %}
+      "{{ request.urlgen('mediagoblin.plugins.persona.login') }}"
+    {% endif %}
+    method="POST">
+    {{ csrf_token }}
+    <input type="hidden" name="assertion" type="text" id="_assertion"/>
+  </form>
+{% endblock %}

mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/persona_js_head.html

@@ -0,0 +1,21 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#}
+
+<script src="https://login.persona.org/include.js"></script>
+<script type="text/javascript"
+        src="{{ request.staticdirect('/js/persona.js', 'coreplugin_persona') }}"></script>

mediagoblin/plugins/persona/views.py

@@ -0,0 +1,191 @@
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+import json
+import logging
+import requests
+
+from werkzeug.exceptions import BadRequest
+
+from mediagoblin import messages, mg_globals
+from mediagoblin.auth.tools import register_user
+from mediagoblin.decorators import (auth_enabled, allow_registration,
+                                    require_active_login)
+from mediagoblin.tools.response import render_to_response, redirect
+from mediagoblin.tools.translate import pass_to_ugettext as _
+from mediagoblin.plugins.persona import forms
+from mediagoblin.plugins.persona.models import PersonaUserEmails
+
+_log = logging.getLogger(__name__)
+
+
+def _get_response(request):
+    if 'assertion' not in request.form:
+        _log.debug('assertion not in request.form')
+        raise BadRequest()
+
+    data = {'assertion': request.form['assertion'],
+            'audience': request.urlgen('index', qualified=True)}
+    resp = requests.post('https://verifier.login.persona.org/verify',
+                         data=data, verify=True)
+
+    if resp.ok:
+        verification_data = json.loads(resp.content)
+
+        if verification_data['status'] == 'okay':
+            return verification_data['email']
+
+    return None
+
+
+@auth_enabled
+def login(request):
+    if request.method == 'GET':
+        return redirect(request, 'mediagoblin.auth.login')
+
+    email = _get_response(request)
+    if email:
+        query = PersonaUserEmails.query.filter_by(
+            persona_email=email
+        ).first()
+        user = query.user if query else None
+
+        if user:
+            request.session['user_id'] = unicode(user.id)
+            request.session.save()
+
+            return redirect(request, "index")
+
+        else:
+            if not mg_globals.app.auth:
+                messages.add_message(
+                    request,
+                    messages.WARNING,
+                    _('Sorry, authentication is disabled on this instance.'))
+
+                return redirect(request, 'index')
+
+            register_form = forms.RegistrationForm(email=email,
+                                                   persona_email=email)
+            return render_to_response(
+                request,
+                'mediagoblin/auth/register.html',
+                {'register_form': register_form,
+                'post_url': request.urlgen(
+                    'mediagoblin.plugins.persona.register')})
+
+    return redirect(request, 'mediagoblin.auth.login')
+
+
+@allow_registration
+@auth_enabled
+def register(request):
+    if request.method == 'GET':
+        # Need to connect to persona before registering a user. If method is
+        # 'GET', then this page was acessed without logging in first.
+        return redirect(request, 'mediagoblin.auth.login')
+    register_form = forms.RegistrationForm(request.form)
+
+    if register_form.validate():
+        user = register_user(request, register_form)
+
+        if user:
+            # redirect the user to their homepage... there will be a
+            # message waiting for them to verify their email
+            return redirect(
+                request, 'mediagoblin.user_pages.user_home',
+                user=user.username)
+
+    return render_to_response(
+        request,
+        'mediagoblin/auth/register.html',
+        {'register_form': register_form,
+         'post_url': request.urlgen('mediagoblin.plugins.persona.register')})
+
+
+@require_active_login
+def edit(request):
+    form = forms.EditForm(request.form)
+
+    if request.method == 'POST' and form.validate():
+        query = PersonaUserEmails.query.filter_by(
+            persona_email=form.email.data)
+        user = query.first().user if query.first() else None
+
+        if user and user.id == int(request.user.id):
+            count = len(user.persona_emails)
+
+            if count > 1 or user.pw_hash:
+                # User has more then one Persona email or also has a password.
+                query.first().delete()
+
+                messages.add_message(
+                    request,
+                    messages.SUCCESS,
+                    _('The Persona email address was successfully removed.'))
+
+                return redirect(request, 'mediagoblin.edit.account')
+
+            elif not count > 1:
+                form.email.errors.append(
+                    _("You can't delete your only Persona email address unless"
+                      " you have a password set."))
+
+        else:
+            form.email.errors.append(
+                _('That Persona email address is not registered to this'
+                  ' account.'))
+
+    return render_to_response(
+        request,
+        'mediagoblin/plugins/persona/edit.html',
+        {'form': form,
+         'edit_persona': True})
+
+
+@require_active_login
+def add(request):
+    if request.method == 'GET':
+        return redirect(request, 'mediagoblin.plugins.persona.edit')
+
+    email = _get_response(request)
+
+    if email:
+        query = PersonaUserEmails.query.filter_by(
+            persona_email=email
+        ).first()
+    user_exists = query.user if query else None
+
+    if user_exists:
+        messages.add_message(
+            request,
+            messages.WARNING,
+            _('Sorry, an account is already registered with that Persona'
+              ' email address.'))
+        return redirect(request, 'mediagoblin.plugins.persona.edit')
+
+    else:
+        # Save the Persona Email to the user
+        new_entry = PersonaUserEmails()
+        new_entry.persona_email = email
+        new_entry.user_id = request.user.id
+        new_entry.save()
+
+        messages.add_message(
+            request,
+            messages.SUCCESS,
+            _('Your Person email address was saved successfully.'))
+
+        return redirect(request, 'mediagoblin.edit.account')