add a check for authentication plugin on startup and respond according to no_auth config option. allows instance to be run w/o authentication

2013-05-14 16:14:19 -07:00 · 2013-05-14 16:14:19 -07:00 · 744f1c83b9
commit 744f1c83b9
parent b56b6b1e77
9 changed files with 70 additions and 19 deletions
--- a/mediagoblin.ini
+++ b/mediagoblin.ini
@ -33,6 +33,10 @@ allow_registration = true
 ## install other themes.
 # theme = airy

+# Set to true to run an instance with no authentication plugins enabled. 
+# You will not be able to login or register
+no_auth = false
+
 [storage:queuestore]
 base_dir = %(here)s/user_dev/media/queue

--- a/mediagoblin/app.py
+++ b/mediagoblin/app.py
@ -37,6 +37,7 @@ from mediagoblin.init import (get_jinja_loader, get_staticdirector,
    setup_storage)
 from mediagoblin.tools.pluginapi import PluginManager, hook_transform
 from mediagoblin.tools.crypto import setup_crypto
+from mediagoblin.auth.tools import check_auth_enabled


 _log = logging.getLogger(__name__)
@ -97,6 +98,9 @@ class MediaGoblinApp(object):
            PluginManager().get_template_paths()
            )

+        # Check if authentication plugin is enabled and respond accordingly.
+        self.auth = check_auth_enabled()
+
        # Set up storage systems
        self.public_store, self.queue_store = setup_storage()

--- a/mediagoblin/auth/tools.py
+++ b/mediagoblin/auth/tools.py
@ -14,10 +14,16 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

+import logging
+import sys
 import wtforms

+from mediagoblin import mg_globals
 from mediagoblin.tools.mail import normalize_email
 from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
+from mediagoblin.tools.pluginapi import hook_handle
+
+_log = logging.getLogger(__name__)


 def normalize_user_or_email_field(allow_email=True, allow_user=True):
@ -48,3 +54,19 @@ def normalize_user_or_email_field(allow_email=True, allow_user=True):
        if field.data is None:  # should not happen, but be cautious anyway
            raise wtforms.ValidationError(message)
    return _normalize_field
+
+
+def check_auth_enabled():
+    no_auth = mg_globals.app_config['no_auth']
+    auth_plugin = True if hook_handle('auth') is not None else False
+
+    if no_auth == 'false' and not auth_plugin:
+        print 'No authentication plugin is enabled and no_auth = false in ' \
+              'config! \n..Exiting'
+        sys.exit()
+
+    if no_auth == 'true' and not auth_plugin:
+        _log.warning('No authentication is enabled')
+        return False
+    else:
+        return True
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@ -44,8 +44,9 @@ def register(request):
    Note that usernames will always be lowercased. Email domains are lowercased while
    the first part remains case-sensitive.
    """
-    # Redirects to indexpage if registrations are disabled
-    if not mg_globals.app_config["allow_registration"]:
+    # Redirects to indexpage if registrations are disabled or no authentication
+    # is enabled
+    if not mg_globals.app_config["allow_registration"] or not mg_globals.app.auth:
        messages.add_message(
            request,
            messages.WARNING,
@ -88,6 +89,14 @@ def login(request):

    If you provide the POST with 'next', it'll redirect to that view.
    """
+    # Redirects to index page if no authentication is enabled
+    if not mg_globals.app.auth:
+        messages.add_message(
+            request,
+            messages.WARNING,
+            _('Sorry, authentication is disabled on this instance.'))
+        return redirect(request, 'index')
+
    login_form = auth.get_login_form(request)

    login_failed = False
--- a/mediagoblin/plugins/basic_auth/init.py
+++ b/mediagoblin/plugins/basic_auth/init.py
@ -81,8 +81,13 @@ def get_registration_form(request):
    return auth_forms.RegistrationForm(request.form)


+def auth():
+    return True
+
+
 hooks = {
    'setup': setup_plugin,
+    'auth': auth,
    'auth_check_login': check_login,
    'auth_get_user': get_user,
    'auth_create_user': create_user,
--- a/mediagoblin/templates/mediagoblin/base.html
+++ b/mediagoblin/templates/mediagoblin/base.html
@ -67,7 +67,7 @@
               {% trans %}Verify your email!{% endtrans %}</a>
               or <a href="{{ request.urlgen('mediagoblin.auth.logout') }}">{% trans %}log out{% endtrans %}</a>
              {% endif %}
-            {%- else %}
+            {%- elif auth %}
              <a href="{{ request.urlgen('mediagoblin.auth.login') }}?next={{
                                                request.base_url|urlencode }}">
                {%- trans %}Log in{% endtrans -%}
--- a/mediagoblin/templates/mediagoblin/bits/frontpage_welcome.html
+++ b/mediagoblin/templates/mediagoblin/bits/frontpage_welcome.html
@ -17,19 +17,25 @@
 #}

 {% if request.user %}
-  <h1>{% trans %}Explore{% endtrans %}</h1>
-{% else %}
-  <h1>{% trans %}Hi there, welcome to this MediaGoblin site!{% endtrans %}</h1>
-  <img class="right_align" src="{{ request.staticdirect('/images/frontpage_image.png') }}" />
-  <p>{% trans %}This site is running <a href="http://mediagoblin.org">MediaGoblin</a>, an extraordinarily great piece of media hosting software.{% endtrans %}</p>
-  <p>{% trans %}To add your own media, place comments, and more, you can log in with your MediaGoblin account.{% endtrans %}</p>
-  {% if allow_registration %}
-    <p>{% trans %}Don't have one yet? It's easy!{% endtrans %}</p>
-    {% trans register_url=request.urlgen('mediagoblin.auth.register') -%}
-      <a class="button_action_highlight" href="{{ register_url }}">Create an account at this site</a>
-      or
-      <a class="button_action" href="http://wiki.mediagoblin.org/HackingHowto">Set up MediaGoblin on your own server</a>
-    {%- endtrans %}
+    <h1>{% trans %}Explore{% endtrans %}</h1>
+  {% else %}
+    <h1>{% trans %}Hi there, welcome to this MediaGoblin site!{% endtrans %}</h1>
+    <img class="right_align" src="{{ request.staticdirect('/images/frontpage_image.png') }}" />
+    <p>{% trans %}This site is running <a href="http://mediagoblin.org">MediaGoblin</a>, an extraordinarily great piece of media hosting software.{% endtrans %}</p>
+		{% if auth %}
+    <p>{% trans %}To add your own media, place comments, and more, you can log in with your MediaGoblin account.{% endtrans %}</p>
+    {% if allow_registration %}
+      <p>{% trans %}Don't have one yet? It's easy!{% endtrans %}</p>
+      {% trans register_url=request.urlgen('mediagoblin.auth.register') -%}
+        <a class="button_action_highlight" href="{{ register_url }}">Create an account at this site</a>
+        or
+			{%- endtrans %}
+		{% endif %}
+		{% endif %}
+			{% trans %}
+        <a class="button_action" href="http://wiki.mediagoblin.org/HackingHowto">Set up MediaGoblin on your own server</a>
+      {%- endtrans %}
+
+    <div class="clear"></div>
  {% endif %}
-  <div class="clear"></div>
-{% endif %}
+
--- a/mediagoblin/templates/mediagoblin/user_pages/media.html
+++ b/mediagoblin/templates/mediagoblin/user_pages/media.html
@ -86,7 +86,7 @@
      <p>{{ media.description_html }}</p>
    {% endautoescape %}
    {% if comments %}
-      {% if app_config['allow_comments'] %}
+      {% if app_config['allow_comments'] and auth %}
        <a
          {% if not request.user %}
            href="{{ request.urlgen('mediagoblin.auth.login') }}"
--- a/mediagoblin/tools/template.py
+++ b/mediagoblin/tools/template.py
@ -71,6 +71,7 @@ def get_jinja_env(template_loader, locale):
    template_env.globals['app_config'] = mg_globals.app_config
    template_env.globals['global_config'] = mg_globals.global_config
    template_env.globals['version'] = _version.__version__
+    template_env.globals['auth'] = mg_globals.app.auth

    template_env.filters['urlencode'] = url_quote_plus