Merge remote-tracking branch 'refs/remotes/rodney757/auth_refactor'

Conflicts:
	mediagoblin/auth/views.py
	mediagoblin/edit/forms.py
	mediagoblin/templates/mediagoblin/edit/edit_account.html

mediagoblin/auth/routing.py

@@ -25,9 +25,4 @@ auth_routes = [
     ('mediagoblin.auth.verify_email', '/verify_email/',
      'mediagoblin.auth.views:verify_email'),
     ('mediagoblin.auth.resend_verification', '/resend_verification/',
-     'mediagoblin.auth.views:resend_activation'),
+     'mediagoblin.auth.views:resend_activation')]
-    ('mediagoblin.auth.forgot_password', '/forgot_password/',
-     'mediagoblin.auth.views:forgot_password'),
-    ('mediagoblin.auth.verify_forgot_password',
-     '/forgot_password/verify/',
-     'mediagoblin.auth.views:verify_forgot_password')]

mediagoblin/auth/tools.py

@@ -101,38 +101,6 @@ def send_verification_email(user, request, email=None,
         rendered_email)
 
 
-EMAIL_FP_VERIFICATION_TEMPLATE = (
-    u"{uri}?"
-    u"token={fp_verification_key}")
-
-
-def send_fp_verification_email(user, request):
-    """
-    Send the verification email to users to change their password.
-
-    Args:
-    - user: a user object
-    - request: the request
-    """
-    fp_verification_key = get_timed_signer_url('mail_verification_token') \
-            .dumps(user.id)
-
-    rendered_email = render_template(
-        request, 'mediagoblin/auth/fp_verification_email.txt',
-        {'username': user.username,
-         'verification_url': EMAIL_FP_VERIFICATION_TEMPLATE.format(
-             uri=request.urlgen('mediagoblin.auth.verify_forgot_password',
-                                qualified=True),
-             fp_verification_key=fp_verification_key)})
-
-    # TODO: There is no error handling in place
-    send_email(
-        mg_globals.app_config['email_sender_address'],
-        [user.email],
-        'GNU MediaGoblin - Change forgotten password!',
-        rendered_email)
-
-
 def basic_extra_validation(register_form, *args):
     users_with_username = User.query.filter_by(
         username=register_form.username.data).count()
@@ -196,7 +164,10 @@ def check_auth_enabled():
 
 
 def no_auth_logout(request):
-    """Log out the user if authentication_disabled, but don't delete the messages"""
+    """
+    Log out the user if no authentication is enabled, but don't delete
+    the messages
+    """
     if not mg_globals.app.auth and 'user_id' in request.session:
         del request.session['user_id']
         request.session.save()

mediagoblin/auth/views.py

@@ -24,11 +24,8 @@ from mediagoblin.tools.response import render_to_response, redirect, render_404
 from mediagoblin.tools.translate import pass_to_ugettext as _
 from mediagoblin.tools.mail import email_debug_message
 from mediagoblin.tools.pluginapi import hook_handle
-from mediagoblin.auth import forms as auth_forms
 from mediagoblin.auth.tools import (send_verification_email, register_user,
-                                    send_fp_verification_email,
                                     check_login_simple)
-from mediagoblin import auth
 
 
 @allow_registration

mediagoblin/edit/forms.py

@@ -81,6 +81,7 @@ class EditAttachmentsForm(wtforms.Form):
     attachment_file = wtforms.FileField(
         'File')
 
+
 class EditCollectionForm(wtforms.Form):
     title = wtforms.TextField(
         _('Title'),

mediagoblin/edit/routing.py

@@ -24,8 +24,6 @@ add_route('mediagoblin.edit.account', '/edit/account/',
     'mediagoblin.edit.views:edit_account')
 add_route('mediagoblin.edit.delete_account', '/edit/account/delete/',
     'mediagoblin.edit.views:delete_account')
-add_route('mediagoblin.edit.pass', '/edit/password/',
-    'mediagoblin.edit.views:change_pass')
 add_route('mediagoblin.edit.verify_email', '/edit/verify_email/',
     'mediagoblin.edit.views:verify_email')
 add_route('mediagoblin.edit.email', '/edit/email/',

mediagoblin/edit/views.py

@@ -23,7 +23,6 @@ from werkzeug.utils import secure_filename
 from mediagoblin import messages
 from mediagoblin import mg_globals
 
-from mediagoblin import auth
 from mediagoblin.auth import tools as auth_tools
 from mediagoblin.edit import forms
 from mediagoblin.edit.lib import may_edit_media
@@ -338,46 +337,6 @@ def edit_collection(request, collection):
          'form': form})
 
 
-@require_active_login
-def change_pass(request):
-    # If no password authentication, no need to change your password
-    if 'pass_auth' not in request.template_env.globals:
-        return redirect(request, 'index')
-
-    form = forms.ChangePassForm(request.form)
-    user = request.user
-
-    if request.method == 'POST' and form.validate():
-
-        if not auth.check_password(
-                form.old_password.data, user.pw_hash):
-            form.old_password.errors.append(
-                _('Wrong password'))
-
-            return render_to_response(
-                request,
-                'mediagoblin/edit/change_pass.html',
-                {'form': form,
-                 'user': user})
-
-        # Password matches
-        user.pw_hash = auth.gen_password_hash(
-            form.new_password.data)
-        user.save()
-
-        messages.add_message(
-            request, messages.SUCCESS,
-            _('Your password was changed successfully'))
-
-        return redirect(request, 'mediagoblin.edit.account')
-
-    return render_to_response(
-        request,
-        'mediagoblin/edit/change_pass.html',
-        {'form': form,
-         'user': user})
-
-
 def verify_email(request):
     """
     Email verification view for changing email address

mediagoblin/plugins/basic_auth/__init__.py

@@ -13,17 +13,45 @@
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+from pkg_resources import resource_filename
+import os
+
 from mediagoblin.plugins.basic_auth import forms as auth_forms
 from mediagoblin.plugins.basic_auth import tools as auth_tools
 from mediagoblin.auth.tools import create_basic_user
 from mediagoblin.db.models import User
 from mediagoblin.tools import pluginapi
 from sqlalchemy import or_
+from mediagoblin.tools.staticdirect import PluginStatic
+
+
+PLUGIN_DIR = os.path.dirname(__file__)
 
 
 def setup_plugin():
     config = pluginapi.get_config('mediagoblin.plugins.basic_auth')
 
+    routes = [
+        ('mediagoblin.plugins.basic_auth.edit.pass',
+         '/edit/password/',
+         'mediagoblin.plugins.basic_auth.views:change_pass'),
+        ('mediagoblin.plugins.basic_auth.forgot_password',
+         '/auth/forgot_password/',
+         'mediagoblin.plugins.basic_auth.views:forgot_password'),
+        ('mediagoblin.plugins.basic_auth.verify_forgot_password',
+         '/auth/forgot_password/verify/',
+         'mediagoblin.plugins.basic_auth.views:verify_forgot_password')]
+
+    pluginapi.register_routes(routes)
+    pluginapi.register_template_path(os.path.join(PLUGIN_DIR, 'templates'))
+
+    pluginapi.register_template_hooks(
+        {'edit_link': 'mediagoblin/plugins/basic_auth/edit_link.html',
+         'fp_link': 'mediagoblin/plugins/basic_auth/fp_link.html',
+         'fp_head': 'mediagoblin/plugins/basic_auth/fp_head.html',
+         'create_account':
+            'mediagoblin/plugins/basic_auth/create_account_link.html'})
+
 
 def get_user(**kwargs):
     username = kwargs.pop('username', None)
@@ -85,4 +113,7 @@ hooks = {
     'auth_check_password': check_password,
     'auth_fake_login_attempt': auth_tools.fake_login_attempt,
     'template_global_context': append_to_global_context,
+    'static_setup': lambda: PluginStatic(
+        'coreplugin_basic_auth',
+        resource_filename('mediagoblin.plugins.basic_auth', 'static'))
 }

mediagoblin/plugins/basic_auth/forms.py

@@ -44,3 +44,33 @@ class LoginForm(wtforms.Form):
     stay_logged_in = wtforms.BooleanField(
         label='',
         description=_('Stay logged in'))
+
+
+class ForgotPassForm(wtforms.Form):
+    username = wtforms.TextField(
+        _('Username or email'),
+        [wtforms.validators.Required(),
+         normalize_user_or_email_field()])
+
+
+class ChangeForgotPassForm(wtforms.Form):
+    password = wtforms.PasswordField(
+        'Password',
+        [wtforms.validators.Required(),
+         wtforms.validators.Length(min=5, max=1024)])
+    token = wtforms.HiddenField(
+        '',
+        [wtforms.validators.Required()])
+
+
+class ChangePassForm(wtforms.Form):
+    old_password = wtforms.PasswordField(
+        _('Old password'),
+        [wtforms.validators.Required()],
+        description=_(
+            "Enter your old password to prove you own this account."))
+    new_password = wtforms.PasswordField(
+        _('New password'),
+        [wtforms.validators.Required(),
+         wtforms.validators.Length(min=6, max=30)],
+        id="password")

mediagoblin/plugins/basic_auth/templates/mediagoblin/plugins/basic_auth/change_fp.html

@@ -29,7 +29,7 @@
 {%- endblock %}
 
 {% block mediagoblin_content %}
-  <form action="{{ request.urlgen('mediagoblin.auth.verify_forgot_password') }}"
+  <form action="{{ request.urlgen('mediagoblin.plugins.basic_auth.verify_forgot_password') }}"
         method="POST" enctype="multipart/form-data">
     {{ csrf_token }}
     <div class="form_box">

mediagoblin/plugins/basic_auth/templates/mediagoblin/plugins/basic_auth/change_pass.html

@@ -31,7 +31,7 @@
 {%- endblock %}
 
 {% block mediagoblin_content %}
-  <form action="{{ request.urlgen('mediagoblin.edit.pass') }}"
+  <form action="{{ request.urlgen('mediagoblin.plugins.basic_auth.edit.pass') }}"
         method="POST" enctype="multipart/form-data">
     <div class="form_box edit_box">
       <h1>

mediagoblin/plugins/basic_auth/templates/mediagoblin/plugins/basic_auth/create_account_link.html

@@ -0,0 +1,27 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#}
+
+{% block create_account %}
+  {% if allow_registration %}
+    <p>
+      {% trans %}Don't have an account yet?{% endtrans %} 
+      <a href="{{ request.urlgen('mediagoblin.auth.register') }}">
+        {%- trans %}Create one here!{% endtrans %}</a>
+    </p>
+  {% endif %}
+{% endblock %}

mediagoblin/plugins/basic_auth/templates/mediagoblin/plugins/basic_auth/edit_link.html

@@ -0,0 +1,25 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#}
+
+{% block change_pass_link %}
+  <p>
+    <a href="{{ request.urlgen('mediagoblin.plugins.basic_auth.edit.pass') }}">
+      {% trans %}Change your password.{% endtrans %}
+    </a>
+  </p>
+{% endblock %}

mediagoblin/plugins/basic_auth/templates/mediagoblin/plugins/basic_auth/forgot_password.html

@@ -24,7 +24,7 @@
 {%- endblock %}
 
 {% block mediagoblin_content %}
-  <form action="{{ request.urlgen('mediagoblin.auth.forgot_password') }}"
+  <form action="{{ request.urlgen('mediagoblin.plugins.basic_auth.forgot_password') }}"
         method="POST" enctype="multipart/form-data">
     {{ csrf_token }}
     <div class="form_box">

mediagoblin/plugins/basic_auth/templates/mediagoblin/plugins/basic_auth/fp_head.html

@@ -0,0 +1,20 @@
+{#
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+ You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#}
+
+<script type="text/javascript"
+          src="{{ request.staticdirect('/js/autofilledin_password.js', 'coreplugin_basic_auth') }}"></script>

mediagoblin/plugins/basic_auth/templates/mediagoblin/plugins/basic_auth/fp_link.html

@@ -1,3 +1,4 @@
+{#
 # GNU MediaGoblin -- federated, autonomous media hosting
 # Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
 #
@@ -13,25 +14,12 @@
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#}
 
-import wtforms
+{% block fp_link %}
+  <p>
+    <a href="{{ request.urlgen('mediagoblin.plugins.basic_auth.forgot_password') }}" id="forgot_password">
+      {% trans %}Forgot your password?{% endtrans %}</a>
+  </p>
+{% endblock %}
 
-from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
-from mediagoblin.auth.tools import normalize_user_or_email_field
-
-
-class ForgotPassForm(wtforms.Form):
-    username = wtforms.TextField(
-        _('Username or email'),
-        [wtforms.validators.Required(),
-         normalize_user_or_email_field()])
-
-
-class ChangePassForm(wtforms.Form):
-    password = wtforms.PasswordField(
-        'Password',
-        [wtforms.validators.Required(),
-         wtforms.validators.Length(min=5, max=1024)])
-    token = wtforms.HiddenField(
-        '',
-        [wtforms.validators.Required()])

mediagoblin/plugins/basic_auth/tools.py

@@ -16,6 +16,11 @@
 import bcrypt
 import random
 
+from mediagoblin import mg_globals
+from mediagoblin.tools.crypto import get_timed_signer_url
+from mediagoblin.tools.mail import send_email
+from mediagoblin.tools.template import render_template
+
 
 def bcrypt_check_password(raw_pass, stored_hash, extra_salt=None):
     """
@@ -82,3 +87,35 @@ def fake_login_attempt():
     randplus_hashed_pass = bcrypt.hashpw(hashed_pass, rand_salt)
 
     randplus_stored_hash == randplus_hashed_pass
+
+
+EMAIL_FP_VERIFICATION_TEMPLATE = (
+    u"{uri}?"
+    u"token={fp_verification_key}")
+
+
+def send_fp_verification_email(user, request):
+    """
+    Send the verification email to users to change their password.
+
+    Args:
+    - user: a user object
+    - request: the request
+    """
+    fp_verification_key = get_timed_signer_url('mail_verification_token') \
+            .dumps(user.id)
+
+    rendered_email = render_template(
+        request, 'mediagoblin/plugins/basic_auth/fp_verification_email.txt',
+        {'username': user.username,
+         'verification_url': EMAIL_FP_VERIFICATION_TEMPLATE.format(
+             uri=request.urlgen('mediagoblin.plugins.basic_auth.verify_forgot_password',
+                                qualified=True),
+             fp_verification_key=fp_verification_key)})
+
+    # TODO: There is no error handling in place
+    send_email(
+        mg_globals.app_config['email_sender_address'],
+        [user.email],
+        'GNU MediaGoblin - Change forgotten password!',
+        rendered_email)

mediagoblin/plugins/basic_auth/views.py

@@ -0,0 +1,217 @@
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+from itsdangerous import BadSignature
+
+from mediagoblin import messages
+from mediagoblin.db.models import User
+from mediagoblin.decorators import require_active_login
+from mediagoblin.plugins.basic_auth import forms, tools
+from mediagoblin.tools.crypto import get_timed_signer_url
+from mediagoblin.tools.mail import email_debug_message
+from mediagoblin.tools.response import redirect, render_to_response, render_404
+from mediagoblin.tools.translate import pass_to_ugettext as _
+
+
+def forgot_password(request):
+    """
+    Forgot password view
+
+    Sends an email with an url to renew forgotten password.
+    Use GET querystring parameter 'username' to pre-populate the input field
+    """
+    fp_form = forms.ForgotPassForm(request.form,
+                                   username=request.args.get('username'))
+
+    if not (request.method == 'POST' and fp_form.validate()):
+        # Either GET request, or invalid form submitted. Display the template
+        return render_to_response(request,
+            'mediagoblin/plugins/basic_auth/forgot_password.html',
+            {'fp_form': fp_form})
+
+    # If we are here: method == POST and form is valid. username casing
+    # has been sanitized. Store if a user was found by email. We should
+    # not reveal if the operation was successful then as we don't want to
+    # leak if an email address exists in the system.
+    found_by_email = '@' in fp_form.username.data
+
+    if found_by_email:
+        user = User.query.filter_by(
+            email=fp_form.username.data).first()
+        # Don't reveal success in case the lookup happened by email address.
+        success_message = _("If that email address (case sensitive!) is "
+                            "registered an email has been sent with "
+                            "instructions on how to change your password.")
+
+    else:  # found by username
+        user = User.query.filter_by(
+            username=fp_form.username.data).first()
+
+        if user is None:
+            messages.add_message(request,
+                                 messages.WARNING,
+                                 _("Couldn't find someone with that username."))
+            return redirect(request, 'mediagoblin.auth.forgot_password')
+
+        success_message = _("An email has been sent with instructions "
+                            "on how to change your password.")
+
+    if user and not(user.email_verified and user.status == 'active'):
+        # Don't send reminder because user is inactive or has no verified email
+        messages.add_message(request,
+            messages.WARNING,
+            _("Could not send password recovery email as your username is in"
+              "active or your account's email address has not been verified."))
+
+        return redirect(request, 'mediagoblin.user_pages.user_home',
+                        user=user.username)
+
+    # SUCCESS. Send reminder and return to login page
+    if user:
+        email_debug_message(request)
+        tools.send_fp_verification_email(user, request)
+
+    messages.add_message(request, messages.INFO, success_message)
+    return redirect(request, 'mediagoblin.auth.login')
+
+
+def verify_forgot_password(request):
+    """
+    Check the forgot-password verification and possibly let the user
+    change their password because of it.
+    """
+    # get form data variables, and specifically check for presence of token
+    formdata = _process_for_token(request)
+    if not formdata['has_token']:
+        return render_404(request)
+
+    formdata_vars = formdata['vars']
+
+    # Catch error if token is faked or expired
+    try:
+        token = get_timed_signer_url("mail_verification_token") \
+                .loads(formdata_vars['token'], max_age=10*24*3600)
+    except BadSignature:
+        messages.add_message(
+            request,
+            messages.ERROR,
+            _('The verification key or user id is incorrect.'))
+
+        return redirect(
+            request,
+            'index')
+
+    # check if it's a valid user id
+    user = User.query.filter_by(id=int(token)).first()
+
+    # no user in db
+    if not user:
+        messages.add_message(
+            request, messages.ERROR,
+            _('The user id is incorrect.'))
+        return redirect(
+            request, 'index')
+
+    # check if user active and has email verified
+    if user.email_verified and user.status == 'active':
+
+        cp_form = forms.ChangeForgotPassForm(formdata_vars)
+
+        if request.method == 'POST' and cp_form.validate():
+            user.pw_hash = tools.bcrypt_gen_password_hash(
+                cp_form.password.data)
+            user.save()
+
+            messages.add_message(
+                request,
+                messages.INFO,
+                _("You can now log in using your new password."))
+            return redirect(request, 'mediagoblin.auth.login')
+        else:
+            return render_to_response(
+                request,
+                'mediagoblin/plugins/basic_auth/change_fp.html',
+                {'cp_form': cp_form})
+
+    if not user.email_verified:
+        messages.add_message(
+            request, messages.ERROR,
+            _('You need to verify your email before you can reset your'
+              ' password.'))
+
+    if not user.status == 'active':
+        messages.add_message(
+            request, messages.ERROR,
+            _('You are no longer an active user. Please contact the system'
+              ' admin to reactivate your accoutn.'))
+
+    return redirect(
+        request, 'index')
+
+
+def _process_for_token(request):
+    """
+    Checks for tokens in formdata without prior knowledge of request method
+
+    For now, returns whether the userid and token formdata variables exist, and
+    the formdata variables in a hash. Perhaps an object is warranted?
+    """
+    # retrieve the formdata variables
+    if request.method == 'GET':
+        formdata_vars = request.GET
+    else:
+        formdata_vars = request.form
+
+    formdata = {
+        'vars': formdata_vars,
+        'has_token': 'token' in formdata_vars}
+
+    return formdata
+
+
+@require_active_login
+def change_pass(request):
+    form = forms.ChangePassForm(request.form)
+    user = request.user
+
+    if request.method == 'POST' and form.validate():
+
+        if not tools.bcrypt_check_password(
+                form.old_password.data, user.pw_hash):
+            form.old_password.errors.append(
+                _('Wrong password'))
+
+            return render_to_response(
+                request,
+                'mediagoblin/plugins/basic_auth/change_pass.html',
+                {'form': form,
+                 'user': user})
+
+        # Password matches
+        user.pw_hash = tools.bcrypt_gen_password_hash(
+            form.new_password.data)
+        user.save()
+
+        messages.add_message(
+            request, messages.SUCCESS,
+            _('Your password was changed successfully'))
+
+        return redirect(request, 'mediagoblin.edit.account')
+
+    return render_to_response(
+        request,
+        'mediagoblin/plugins/basic_auth/change_pass.html',
+        {'form': form,
+         'user': user})

mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/login.html

@@ -20,8 +20,8 @@
 {% import "/mediagoblin/utils/wtforms.html" as wtforms_util %}
 
 {% block mediagoblin_head %}
-  <script type="text/javascript"
+ {{ super() }}
-          src="{{ request.staticdirect('/js/autofilledin_password.js') }}"></script>
+ {% template_hook("fp_head") %}
 {% endblock %}
 
 {% block title -%}

mediagoblin/plugins/openid/views.py

@@ -195,11 +195,11 @@ def finish_login(request):
             return redirect(request, "index")
     else:
         # No user, need to register
-        if not mg_globals.app.auth:
+        if not mg_globals.app_config['allow_registration']:
             messages.add_message(
                 request,
                 messages.WARNING,
-                _('Sorry, authentication is disabled on this instance.'))
+                _('Sorry, registration is disabled on this instance.'))
             return redirect(request, 'index')
 
         # Get email and nickname from response

mediagoblin/templates/mediagoblin/auth/login.html

@@ -20,8 +20,8 @@
 {% import "/mediagoblin/utils/wtforms.html" as wtforms_util %}
 
 {% block mediagoblin_head %}
-  <script type="text/javascript"
+  {{ super() }}
-          src="{{ request.staticdirect('/js/autofilledin_password.js') }}"></script>
+  {% template_hook("fp_head") %}
 {% endblock %}
 
 {% block title -%}
@@ -39,21 +39,10 @@
           {% trans %}Logging in failed!{% endtrans %}
         </div>
       {% endif %}
-      {% if allow_registration %}
+      {% template_hook("create_account") %}
-        <p>
-        {% trans %}Don't have an account yet?{% endtrans %} 
-        <a href="{{ request.urlgen('mediagoblin.auth.register') }}">
-            {%- trans %}Create one here!{% endtrans %}</a>
-        </p>
-      {% endif %}
       {% template_hook("login_link") %} 
       {{ wtforms_util.render_divs(login_form, True) }}
-      {% if pass_auth %}
+      {% template_hook("fp_link") %}
-      <p>
-        <a href="{{ request.urlgen('mediagoblin.auth.forgot_password') }}" id="forgot_password">
-        {% trans %}Forgot your password?{% endtrans %}</a>
-      </p>
-      {% endif %}
       <div class="form_submit_buttons">
         <input type="submit" value="{% trans %}Log in{% endtrans %}" class="button_form"/>
       </div>

mediagoblin/templates/mediagoblin/edit/edit_account.html

@@ -41,6 +41,7 @@
           Changing {{ username }}'s account settings
         {%- endtrans -%}
       </h1>
+      {% template_hook("edit_link") %} 
       {{ wtforms_util.render_divs(form, True) }}
      <div class="form_submit_buttons">
         <input type="submit" value="{% trans %}Save changes{% endtrans %}" class="button_form" />

mediagoblin/tests/auth_configs/authentication_disabled_appconfig.ini

@@ -3,8 +3,8 @@ direct_remote_path = /test_static/
 email_sender_address = "notice@mediagoblin.example.org"
 email_debug_mode = true
 
-# TODO: Switch to using an in-memory database
+sql_engine = "sqlite://"
-sql_engine = "sqlite:///%(here)s/user_dev/mediagoblin.db"
+run_migrations = true
 
 # Celery shouldn't be set up by the application as it's setup via
 # mediagoblin.init.celery.from_celery

mediagoblin/tests/auth_configs/openid_appconfig.ini

@@ -18,8 +18,8 @@ direct_remote_path = /test_static/
 email_sender_address = "notice@mediagoblin.example.org"
 email_debug_mode = true
 
-# TODO: Switch to using an in-memory database
+sql_engine = "sqlite://"
-sql_engine = "sqlite:///%(here)s/user_dev/mediagoblin.db"
+run_migrations = true
 
 # Celery shouldn't be set up by the application as it's setup via
 # mediagoblin.init.celery.from_celery

mediagoblin/tests/test_auth.py

@@ -183,7 +183,7 @@ def test_register_views(test_app):
     message = mail.EMAIL_TEST_INBOX.pop()
     assert message['To'] == 'happygrrl@example.org'
     email_context = template.TEMPLATE_TEST_CONTEXT[
-        'mediagoblin/auth/fp_verification_email.txt']
+        'mediagoblin/plugins/basic_auth/fp_verification_email.txt']
     #TODO - change the name of verification_url to something forgot-password-ish
     assert email_context['verification_url'] in message.get_payload(decode=True)
 
@@ -204,7 +204,8 @@ def test_register_views(test_app):
     ## Verify step 1 of password-change works -- can see form to change password
     template.clear_test_template_context()
     response = test_app.get("%s?%s" % (path, get_params))
-    assert 'mediagoblin/auth/change_fp.html' in template.TEMPLATE_TEST_CONTEXT
+    assert 'mediagoblin/plugins/basic_auth/change_fp.html' in \
+            template.TEMPLATE_TEST_CONTEXT
 
     ## Verify step 2.1 of password-change works -- report success to user
     template.clear_test_template_context()

mediagoblin/tests/test_basic_auth.py

@@ -13,7 +13,12 @@
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+import urlparse
+
+from mediagoblin.db.models import User
 from mediagoblin.plugins.basic_auth import tools as auth_tools
+from mediagoblin.tests.tools import fixture_add_user
+from mediagoblin.tools import template
 from mediagoblin.tools.testing import _activate_testing
 
 _activate_testing()
@@ -57,3 +62,40 @@ def test_bcrypt_gen_password_hash():
         pw, hashed_pw, '3><7R45417')
     assert not auth_tools.bcrypt_check_password(
         'notthepassword', hashed_pw, '3><7R45417')
+
+
+def test_change_password(test_app):
+        """Test changing password correctly and incorrectly"""
+        test_user = fixture_add_user(password=u'toast')
+
+        test_app.post(
+            '/auth/login/', {
+                'username': u'chris',
+                'password': u'toast'})
+
+        # test that the password can be changed
+        res = test_app.post(
+            '/edit/password/', {
+                'old_password': 'toast',
+                'new_password': '123456',
+                })
+        res.follow()
+
+        # Did we redirect to the correct page?
+        assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
+
+        # test_user has to be fetched again in order to have the current values
+        test_user = User.query.filter_by(username=u'chris').first()
+        assert auth_tools.bcrypt_check_password('123456', test_user.pw_hash)
+
+        # test that the password cannot be changed if the given
+        # old_password is wrong
+        template.clear_test_template_context()
+        test_app.post(
+            '/edit/password/', {
+                'old_password': 'toast',
+                'new_password': '098765',
+                })
+
+        test_user = User.query.filter_by(username=u'chris').first()
+        assert not auth_tools.bcrypt_check_password('098765', test_user.pw_hash)

mediagoblin/tests/test_edit.py

@@ -56,41 +56,6 @@ class TestUserEdit(object):
         self.login(test_app)
 
 
-    def test_change_password(self, test_app):
-        """Test changing password correctly and incorrectly"""
-        self.login(test_app)
-
-        # test that the password can be changed
-        template.clear_test_template_context()
-        res = test_app.post(
-            '/edit/password/', {
-                'old_password': 'toast',
-                'new_password': '123456',
-                })
-        res.follow()
-
-        # Did we redirect to the correct page?
-        assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
-
-        # test_user has to be fetched again in order to have the current values
-        test_user = User.query.filter_by(username=u'chris').first()
-        assert auth.check_password('123456', test_user.pw_hash)
-        # Update current user passwd
-        self.user_password = '123456'
-
-        # test that the password cannot be changed if the given
-        # old_password is wrong
-        template.clear_test_template_context()
-        test_app.post(
-            '/edit/password/', {
-                'old_password': 'toast',
-                'new_password': '098765',
-                })
-
-        test_user = User.query.filter_by(username=u'chris').first()
-        assert not auth.check_password('098765', test_user.pw_hash)
-
-
     def test_change_bio_url(self, test_app):
         """Test changing bio and URL"""
         self.login(test_app)

mediagoblin/tests/test_openid.py

@@ -29,6 +29,7 @@ from mediagoblin.plugins.openid.models import OpenIDUserURL
 from mediagoblin.tests.tools import get_app, fixture_add_user
 from mediagoblin.tools import template
 
+
 # App with plugin enabled
 @pytest.fixture()
 def openid_plugin_app(request):