created a check_login_simple function

cherry-picked from rodney757, fixed few conflicts due to out of order cherry-picking. Thanks to rodney757 for making my idea even better.
2013-05-25 07:59:03 -07:00
parent 02b6892c29
commit 75fc93686d
5 changed files with 34 additions and 33 deletions
--- a/mediagoblin/auth/tools.py
+++ b/mediagoblin/auth/tools.py
@@ -14,13 +14,20 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

+import logging
+
 import wtforms
+from sqlalchemy import or_

 from mediagoblin import mg_globals
+from mediagoblin.auth import lib as auth_lib
+from mediagoblin.db.models import User
 from mediagoblin.tools.mail import normalize_email, send_email
 from mediagoblin.tools.template import render_template
 from mediagoblin.tools.translate import lazy_pass_to_ugettext as _

+_log = logging.getLogger(__name__)
+

 def normalize_user_or_email_field(allow_email=True, allow_user=True):
    """
@@ -85,3 +92,19 @@ def send_verification_email(user, request):
        # example "GNU MediaGoblin @ Wandborg - [...]".
        'GNU MediaGoblin - Verify your email!',
        rendered_email)
+
+
+def check_login_simple(username, password, username_might_be_email=False):
+    search = (User.username == username)
+    if username_might_be_email and ('@' in username):
+        search = or_(search, User.email == username)
+    user = User.query.filter(search).first()
+    if not user:
+        _log.info("User %r not found", username)
+        auth_lib.fake_login_attempt()
+        return None
+    if not auth_lib.bcrypt_check_password(password, user.pw_hash):
+        _log.warn("Wrong password for %r", username)
+        return None
+    _log.info("Logging %r in", username)
+    return user
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -25,8 +25,8 @@ from mediagoblin.tools.mail import email_debug_message
 from mediagoblin.auth import lib as auth_lib
 from mediagoblin.auth import forms as auth_forms
 from mediagoblin.auth.lib import send_fp_verification_email
-from mediagoblin.auth.tools import send_verification_email
-from sqlalchemy import or_
+from mediagoblin.auth.tools import (send_verification_email,
+                                    check_login_simple)


 def register(request):
@@ -106,14 +106,9 @@ def login(request):
        username = login_form.data['username']

        if login_form.validate():
-            user = User.query.filter(
-                or_(
-                    User.username == username,
-                    User.email == username,
+            user = check_login_simple(username, login_form.password.data, True)

-                )).first()
-
-            if user and user.check_login(login_form.password.data):
+            if user:
                # set up login in session
                request.session['user_id'] = unicode(user.id)
                request.session.save()
@@ -123,10 +118,6 @@ def login(request):
                else:
                    return redirect(request, "index")

-            # Some failure during login occured if we are here!
-            # Prevent detecting who's on this system by testing login
-            # attempt timings
-            auth_lib.fake_login_attempt()
            login_failed = True

    return render_to_response(