From 744f1c83b9c94a82612c981ec56782f3db457357 Mon Sep 17 00:00:00 2001
From: Rodney Ewing <ewing.rj@gmail.com>
Date: Tue, 14 May 2013 16:14:19 -0700
Subject: [PATCH] add a check for authentication plugin on startup and respond
 according to no_auth config option. allows instance to be run w/o
 authentication

---
 mediagoblin.ini                               |  4 +++
 mediagoblin/app.py                            |  4 +++
 mediagoblin/auth/tools.py                     | 22 ++++++++++++
 mediagoblin/auth/views.py                     | 13 +++++--
 mediagoblin/plugins/basic_auth/__init__.py    |  5 +++
 mediagoblin/templates/mediagoblin/base.html   |  2 +-
 .../mediagoblin/bits/frontpage_welcome.html   | 36 +++++++++++--------
 .../mediagoblin/user_pages/media.html         |  2 +-
 mediagoblin/tools/template.py                 |  1 +
 9 files changed, 70 insertions(+), 19 deletions(-)

diff --git a/mediagoblin.ini b/mediagoblin.ini
index 4906546a..27146845 100644
--- a/mediagoblin.ini
+++ b/mediagoblin.ini
@@ -33,6 +33,10 @@ allow_registration = true
 ## install other themes.
 # theme = airy
 
+# Set to true to run an instance with no authentication plugins enabled. 
+# You will not be able to login or register
+no_auth = false
+
 [storage:queuestore]
 base_dir = %(here)s/user_dev/media/queue
 
diff --git a/mediagoblin/app.py b/mediagoblin/app.py
index 1984ce77..51c597aa 100644
--- a/mediagoblin/app.py
+++ b/mediagoblin/app.py
@@ -37,6 +37,7 @@ from mediagoblin.init import (get_jinja_loader, get_staticdirector,
     setup_storage)
 from mediagoblin.tools.pluginapi import PluginManager, hook_transform
 from mediagoblin.tools.crypto import setup_crypto
+from mediagoblin.auth.tools import check_auth_enabled
 
 
 _log = logging.getLogger(__name__)
@@ -97,6 +98,9 @@ class MediaGoblinApp(object):
             PluginManager().get_template_paths()
             )
 
+        # Check if authentication plugin is enabled and respond accordingly.
+        self.auth = check_auth_enabled()
+
         # Set up storage systems
         self.public_store, self.queue_store = setup_storage()
 
diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py
index 1b30a7d9..114cc7fb 100644
--- a/mediagoblin/auth/tools.py
+++ b/mediagoblin/auth/tools.py
@@ -14,10 +14,16 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+import logging
+import sys
 import wtforms
 
+from mediagoblin import mg_globals
 from mediagoblin.tools.mail import normalize_email
 from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
+from mediagoblin.tools.pluginapi import hook_handle
+
+_log = logging.getLogger(__name__)
 
 
 def normalize_user_or_email_field(allow_email=True, allow_user=True):
@@ -48,3 +54,19 @@ def normalize_user_or_email_field(allow_email=True, allow_user=True):
         if field.data is None:  # should not happen, but be cautious anyway
             raise wtforms.ValidationError(message)
     return _normalize_field
+
+
+def check_auth_enabled():
+    no_auth = mg_globals.app_config['no_auth']
+    auth_plugin = True if hook_handle('auth') is not None else False
+
+    if no_auth == 'false' and not auth_plugin:
+        print 'No authentication plugin is enabled and no_auth = false in ' \
+              'config! \n..Exiting'
+        sys.exit()
+
+    if no_auth == 'true' and not auth_plugin:
+        _log.warning('No authentication is enabled')
+        return False
+    else:
+        return True
diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py
index ec409303..811bb157 100644
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -44,8 +44,9 @@ def register(request):
     Note that usernames will always be lowercased. Email domains are lowercased while
     the first part remains case-sensitive.
     """
-    # Redirects to indexpage if registrations are disabled
-    if not mg_globals.app_config["allow_registration"]:
+    # Redirects to indexpage if registrations are disabled or no authentication
+    # is enabled
+    if not mg_globals.app_config["allow_registration"] or not mg_globals.app.auth:
         messages.add_message(
             request,
             messages.WARNING,
@@ -88,6 +89,14 @@ def login(request):
 
     If you provide the POST with 'next', it'll redirect to that view.
     """
+    # Redirects to index page if no authentication is enabled
+    if not mg_globals.app.auth:
+        messages.add_message(
+            request,
+            messages.WARNING,
+            _('Sorry, authentication is disabled on this instance.'))
+        return redirect(request, 'index')
+
     login_form = auth.get_login_form(request)
 
     login_failed = False
diff --git a/mediagoblin/plugins/basic_auth/__init__.py b/mediagoblin/plugins/basic_auth/__init__.py
index 6500151a..a3539738 100644
--- a/mediagoblin/plugins/basic_auth/__init__.py
+++ b/mediagoblin/plugins/basic_auth/__init__.py
@@ -81,8 +81,13 @@ def get_registration_form(request):
     return auth_forms.RegistrationForm(request.form)
 
 
+def auth():
+    return True
+
+
 hooks = {
     'setup': setup_plugin,
+    'auth': auth,
     'auth_check_login': check_login,
     'auth_get_user': get_user,
     'auth_create_user': create_user,
diff --git a/mediagoblin/templates/mediagoblin/base.html b/mediagoblin/templates/mediagoblin/base.html
index 5e2898f9..d9ef34ae 100644
--- a/mediagoblin/templates/mediagoblin/base.html
+++ b/mediagoblin/templates/mediagoblin/base.html
@@ -67,7 +67,7 @@
                {% trans %}Verify your email!{% endtrans %}</a>
                or <a href="{{ request.urlgen('mediagoblin.auth.logout') }}">{% trans %}log out{% endtrans %}</a>
               {% endif %}
-            {%- else %}
+            {%- elif auth %}
               <a href="{{ request.urlgen('mediagoblin.auth.login') }}?next={{
                                                 request.base_url|urlencode }}">
                 {%- trans %}Log in{% endtrans -%}
diff --git a/mediagoblin/templates/mediagoblin/bits/frontpage_welcome.html b/mediagoblin/templates/mediagoblin/bits/frontpage_welcome.html
index 544ee146..26153694 100644
--- a/mediagoblin/templates/mediagoblin/bits/frontpage_welcome.html
+++ b/mediagoblin/templates/mediagoblin/bits/frontpage_welcome.html
@@ -17,19 +17,25 @@
 #}
 
 {% if request.user %}
-  <h1>{% trans %}Explore{% endtrans %}</h1>
-{% else %}
-  <h1>{% trans %}Hi there, welcome to this MediaGoblin site!{% endtrans %}</h1>
-  <img class="right_align" src="{{ request.staticdirect('/images/frontpage_image.png') }}" />
-  <p>{% trans %}This site is running <a href="http://mediagoblin.org">MediaGoblin</a>, an extraordinarily great piece of media hosting software.{% endtrans %}</p>
-  <p>{% trans %}To add your own media, place comments, and more, you can log in with your MediaGoblin account.{% endtrans %}</p>
-  {% if allow_registration %}
-    <p>{% trans %}Don't have one yet? It's easy!{% endtrans %}</p>
-    {% trans register_url=request.urlgen('mediagoblin.auth.register') -%}
-      <a class="button_action_highlight" href="{{ register_url }}">Create an account at this site</a>
-      or
-      <a class="button_action" href="http://wiki.mediagoblin.org/HackingHowto">Set up MediaGoblin on your own server</a>
-    {%- endtrans %}
+    <h1>{% trans %}Explore{% endtrans %}</h1>
+  {% else %}
+    <h1>{% trans %}Hi there, welcome to this MediaGoblin site!{% endtrans %}</h1>
+    <img class="right_align" src="{{ request.staticdirect('/images/frontpage_image.png') }}" />
+    <p>{% trans %}This site is running <a href="http://mediagoblin.org">MediaGoblin</a>, an extraordinarily great piece of media hosting software.{% endtrans %}</p>
+		{% if auth %}
+    <p>{% trans %}To add your own media, place comments, and more, you can log in with your MediaGoblin account.{% endtrans %}</p>
+    {% if allow_registration %}
+      <p>{% trans %}Don't have one yet? It's easy!{% endtrans %}</p>
+      {% trans register_url=request.urlgen('mediagoblin.auth.register') -%}
+        <a class="button_action_highlight" href="{{ register_url }}">Create an account at this site</a>
+        or
+			{%- endtrans %}
+		{% endif %}
+		{% endif %}
+			{% trans %}
+        <a class="button_action" href="http://wiki.mediagoblin.org/HackingHowto">Set up MediaGoblin on your own server</a>
+      {%- endtrans %}
+
+    <div class="clear"></div>
   {% endif %}
-  <div class="clear"></div>
-{% endif %}
+
diff --git a/mediagoblin/templates/mediagoblin/user_pages/media.html b/mediagoblin/templates/mediagoblin/user_pages/media.html
index 92c01c48..08e9d8ea 100644
--- a/mediagoblin/templates/mediagoblin/user_pages/media.html
+++ b/mediagoblin/templates/mediagoblin/user_pages/media.html
@@ -86,7 +86,7 @@
       <p>{{ media.description_html }}</p>
     {% endautoescape %}
     {% if comments %}
-      {% if app_config['allow_comments'] %}
+      {% if app_config['allow_comments'] and auth %}
         <a
           {% if not request.user %}
             href="{{ request.urlgen('mediagoblin.auth.login') }}"
diff --git a/mediagoblin/tools/template.py b/mediagoblin/tools/template.py
index 3d651a6e..615ce129 100644
--- a/mediagoblin/tools/template.py
+++ b/mediagoblin/tools/template.py
@@ -71,6 +71,7 @@ def get_jinja_env(template_loader, locale):
     template_env.globals['app_config'] = mg_globals.app_config
     template_env.globals['global_config'] = mg_globals.global_config
     template_env.globals['version'] = _version.__version__
+    template_env.globals['auth'] = mg_globals.app.auth
 
     template_env.filters['urlencode'] = url_quote_plus