heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into OPW-Moderation-Update

Browse Source 
Conflicts:
	mediagoblin/db/models.py
	mediagoblin/decorators.py
	mediagoblin/routing.py
	mediagoblin/user_pages/views.py
This commit is contained in:
tilly-Q 2013-08-20 12:21:13 -04:00
commit 9e204e49c9
91 changed files with 4357 additions and 200 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.gitignore vendored
View File

@ -24,6 +24,14 @@
/kombu.db
/server-log.txt
# pyconfigure/automake generated files
/Makefile
/autom4te.cache/
/config.log
/config.status
/configure
/aclocal.m4
# Tests
/mediagoblin/tests/user_dev/

207
Makefile.in Normal file
View File

@ -0,0 +1,207 @@
# Makefile.in
#
# Copyright © 2012, 2013 Brandon Invergo <brandon@invergo.net>
#
# Copying and distribution of this file, with or without modification,
# are permitted in any medium without royalty provided the copyright
# notice and this notice are preserved. This file is offered as-is,
# without any warranty.
# List whatever files you want to include in your source distribution here.
# You can include whole directories but note that *everything* under that
# directory will be included
DISTFILES = PKG-INFO Makefile.in configure setup.py install-sh
DESTDIR =
VPATH = @srcdir@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_DISTNAME = ${PACKAGE_NAME}-${PACKAGE_VERSION}
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PYTHON = @PYTHON@
VIRTUALENV = @VIRTUALENV@
SPHINXBUILD = @SPHINXBUILD@
POSTGRES = @POSTGRES@
SHELL = @SHELL@
MKDIR_P = @MKDIR_P@
INSTALL = @INSTALL@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
prefix = @prefix@
srcdir = @srcdir@
abs_srcdir = @abs_srcdir@
datadir = @datadir@
datarootdir = @datarootdir@
pythondir = @pythondir@
pyexecdir = @pyexecdir@
pkgdatadir = $(datadir)/@PACKAGE_NAME@
pkgincludedir = $(includedir)/@PACKAGE_NAME@
pkgpythondir = @pkgpythondir@
pkgpyexecdir = @pkgpyexecdir@
PYTHONPATH = $(pythondir)$(PATH_SEPARATOR)$(DESTDIR)$(pythondir)
all: install
.PHONY: all install develop uninstall distclean info install-html html \
install-pdf pdf install-dvi dvi install-ps ps clean dist check \
installdirs postgresql update
# Since installing to a virtualenv is all the rage these days, support
# it here. If the VIRTUALENV variable is set to anything other than
# "no", set up a new virtualenv and install there, otherwise install
# as usual from setup.py
install: installdirs
$(NORMAL_INSTALL)
ifneq ($(VIRTUALENV),no)
$(VIRTUALENV) $(VIRTUALENV_FLAGS) --python=$(PYTHON) \
--system-site-packages $(DESTDIR)$(prefix) || \
$(VIRTUALENV) $(DESTDIR)$(prefix)
$(DESTDIR)$(prefix)/bin/python $(srcdir)/setup.py install \
--prefix=$(DESTDIR)$(prefix)
else
$(PYTHON) $(srcdir)/setup.py install --prefix=$(DESTDIR)$(prefix)
endif
if [[ $(DESTDIR)$(prefix) != $(abs_srcdir) ]]; then \
$(INSTALL_DATA) $(srcdir)/Makefile $(DESTDIR)$(prefix)/Makefile; \
$(INSTALL_DATA) $(srcdir)/lazycelery.sh $(DESTDIR)$(prefix)/lazycelery.sh; \
$(INSTALL_DATA) $(srcdir)/lazyserver.sh $(DESTDIR)$(prefix)/lazyserver.sh; \
fi
# The same as "install", except use the "develop" setup.py target
develop: installdirs
$(NORMAL_INSTALL)
ifneq ($(VIRTUALENV),no)
$(VIRTUALENV) $(VIRTUALENV_FLAGS) --python=$(PYTHON) \
--system-site-packages $(DESTDIR)$(prefix) || \
$(VIRTUALENV) $(DESTDIR)$(prefix)
$(DESTDIR)$(prefix)/bin/python $(srcdir)/setup.py develop \
--prefix=$(DESTDIR)$(prefix)
else
$(PYTHON) $(srcdir)/setup.py develop --prefix=$(DESTDIR)$(prefix)
endif
if [ "$(DESTDIR)$(prefix)" != "$(abs_srcdir)" ]; then \
$(INSTALL_DATA) $(srcdir)/Makefile $(DESTDIR)$(prefix)/Makefile; \
$(INSTALL_DATA) $(srcdir)/lazycelery.sh $(DESTDIR)$(prefix)/lazycelery.sh; \
$(INSTALL_DATA) $(srcdir)/lazyserver.sh $(DESTDIR)$(prefix)/lazyserver.sh; \
fi
# setup.py doesn't (yet) support an uninstall command, so until it does, you
# must manually remove everything that was installed here. The following example
# should remove a basic package installed via setup.py, but please double- and
# triple-check it so that you don't remove something you shouldn't!
# Be sure to remove any extra files you install, such as binaries or documentation!
# uninstall:
# case $(prefix) in
# /usr|/usr/local )
# exit 1 ;;
# /www/*|/srv/* )
# rm -rvf $(prefix) ;;
# esac
# Just use the usual setup.py clean command
clean:
$(PYTHON) setup.py clean
# Clean up the output of configure
distclean:
rm -v $(srcdir)/config.log
rm -v $(srcdir)/config.status
rm -rvf $(srcdir)/autom4te.cache
rm -v $(srcdir)/aclocal.m4
rm -v $(srcdir)/Makefile
# You can either use the setup.py sdist command or you can roll your own here
dist:
# $(PYTHON) setup.py sdist
mkdir $(PACKAGE_DISTNAME)
cp -r $(DISTFILES) $(PACKAGE_DISTNAME)
tar -czf $(PACKAGE_DISTNAME).tar.gz $(PACKAGE_DISTNAME)
rm -rf $(PACKAGE_DISTNAME)
# Use the setup.py check command
check:
$(PYTHON) setup.py check
# setup.py might complain if a directory doesn't exist so just in case, make the directory
# here
installdirs:
$(MKDIR_P) $(DESTDIR)$(prefix)
# Set up PostgreSQL
postgresql:
sudo -u $(POSTGRES) createuser mediagoblin
sudo -u $(POSTGRES) createdb -E UNICODE -O mediagoblin mediagoblin
update:
ifneq ($(VIRTUALENV),no)
$(prefix)/bin/python $(srcdir)/setup.py develop --prefix=$(prefix) --upgrade
else
$(PYTHON) $(srcdir)/setup.py develop --prefix=$(prefix) --upgrade
endif
$(prefix)/bin/gmg dbupdate
# The following show how to install documentation. In this example,
# docs are built from a separate Makefile contained in the docs
# directory which uses the SPHINXBUILD variable to store the location
# of the sphinx-build (Python doc tool) binary to use.
$(DESTDIR)$(infodir)/mediagoblin.info: docs/build/texinfo/mediagoblin.info
$(POST_INSTALL)
$(INSTALL_DATA) @< $(DESTDIR)$@
if $(SHELL) -c 'install-info --version' >/dev/null 2>&1; then
install-info --dir-file=$(DESTDIR)$(infodir)/dir \
$(DESTDIR)$(infodir)/foo.info;
else true; fi
info: docs/build/texinfo/mediagoblin.info
docs/build/texinfo/mediagoblin.info: $(wildcard docs/source/*)
ifneq ($(SPHINXBUILD),no)
$(MAKE) -C docs info SPHINXBUILD=$(SPHINXBUILD)
endif
install-html: html installdirs
$(INSTALL_DATA) docs/build/html/* $(DESTDIR)$(htmldir)
html: docs/build/html/index.html
docs/build/html/index.html: $(wildcard $(srcdir)/docs/source/*)
ifneq ($(SPHINXBUILD),no)
$(MAKE) -C docs html SPHINXBUILD=$(SPHINXBUILD)
endif
install-pdf: pdf installdirs
$(INSTALL_DATA) docs/build/latex/mediagoblin.pdf $(DESTDIR)$(pdfdir)
pdf: docs/build/latex/mediagoblin.pdf
docs/build/latex/mediagoblin.pdf: $(wildcard $(srcdir)/docs/source/*)
ifneq ($(SPHINXBUILD),no)
$(MAKE) -C docs latexpdf SPHINXBUILD=$(SPHINXBUILD)
endif
install-dvi:
dvi:
install-ps:
ps:

19
PKG-INFO Normal file
View File

@ -0,0 +1,19 @@
Metadata-Version: 1.2
Name: mediagoblin
Version: 0.4.0.dev
Summary: UNKNOWN
Home-page: http://mediagoblin.org/
Author: Free Software Foundation and contributors
Author-email: cwebber@gnu.org
License: AGPLv3
Download-URL: http://mediagoblin.org/download/
Description:
Platform: UNKNOWN
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Web Environment
Classifier: License :: OSI Approved :: GNU Affero General Public License v3 or later (AGPLv3+)
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 2.6
Classifier: Programming Language :: Python :: 2.7
Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content

3
bootstrap.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/bash
autoreconf -fvi

202
configure.ac Normal file
View File

@ -0,0 +1,202 @@
dnl configure.ac
dnl
dnl Copyright 2012, 2013 Brandon Invergo <brandon@invergo.net>
dnl
dnl Copying and distribution of this file, with or without modification,
dnl are permitted in any medium without royalty provided the copyright
dnl notice and this notice are preserved. This file is offered as-is,
dnl without any warranty.
dnl#########
dnl README #
dnl#########
dnl
dnl This is a basic Autoconf configure.ac file for Python-based
dnl projects. It is not intended to be used as-is, but rather to be
dnl modified to the specific needs of the project.
dnl
dnl Lines prefixed with "dnl" are comments that are automatically
dnl removed by Autoconf/M4, thus they will not appear in the generated
dnl configure script (see the M4 documentation for more information).
dnl Such comments are used in this file to communicate information to
dnl you, the developer. In some cases, the comments contain extra
dnl macros that you might consider including in your configure script.
dnl If you wish to include them, simply remove the "dnl" from the
dnl beginning of the line.
dnl
dnl Lines prefixed with "#" are comments that will appear in the
dnl generated configure script. These comments are thus used to clarify
dnl to the user what is happening in that script
dnl
dnl Wherever pyconfigure-specific macros are used, extra comments are
dnl included to describe the macros.
dnl######################
dnl Package Information #
dnl######################
dnl----
dnl Initialize Autoconf with the package metadata
dnl The arguments have been set via the project's PKG-INFO file
dnl and correspond to:
dnl
dnl 1) package name (i.e. foo)
dnl 2) package version (i.e. 1.2)
dnl 3) bug/info/project email address (i.e. bug-foo@gnu.org)
dnl----
dnl
AC_INIT([mediagoblin], [0.4.0.dev], [cwebber@gnu.org])
dnl----
dnl Load macros from the m4/ directory. If you plan to write new
dnl macros, put them in files in this directory.
dnl----
dnl
AC_CONFIG_MACRO_DIR([m4])
# The default prefix should be changed from /usr/local. Set it, as in
# the documentation, to /srv/mediagoblin.example.org/mediagoblin/
AC_PREFIX_DEFAULT([`pwd`])
dnl###########################
dnl Program/command support #
dnl###########################
dnl
dnl In this section, we check for the presence of important commands
dnl and programs.
dnl--PC_INIT----------------------------------------------------------
dnl This is the only required macro. Its primary function is to find
dnl a Python interpreter that is compatible with the package and set
dnl the PYTHON variable to hold its path. It can optionally take
dnl arguments to specify minimum and/or maximum versions:
dnl PC_INIT: find an interpreter with a version between 2.0 and 3.3.99
dnl (in other words, up to and including any possible release
dnl in the 3.3 series)
dnl PC_INIT([MIN_VER], [MAX_VER]): Find an interpreter that is between
dnl the minimum and maximum version. If the min is in the 2.0
dnl series and the max is in the 3.0 series, non-existent
dnl releases (2.8 & 2.9) will be correctly skipped.
dnl----
dnl
PC_INIT([2.6], [2.7.99])
dnl--PC_PYTHON_PROG_PYTHON_CONFIG-------------------------------------
dnl In order to use some of the other macros, you also need the
dnl python-config command, which will fall subject to the same problem
dnl of python3-config being preferred to python2-config. This macro
dnl will be automatically included if you use on of the macros that
dnl depends on it, so you normally don't have to call it. However, if
dnl you require a specific version, you can do something like the
dnl following example.
dnl----
dnl
PC_PYTHON_PROG_PYTHON_CONFIG([python2-config])
if [[ "x$PYTHON_CONFIG" == "x" ]]; then
PC_PYTHON_PROG_PYTHON_CONFIG([$PYTHON-config])
fi
dnl----
dnl With the following set of macros, we implement an option
dnl "--with-virtualenv", which the user can pass to the configure
dnl script in order to install to a Virtualenv (AC_ARG_WITH). If the
dnl option is specified by the user, then we check if the program is
dnl available, checking both for "virtualenv" and "virtualenv2"
dnl (AC_CHECK_PROGS)
dnl----
dnl
# Support installing to a virtualenv via the --with-virtualenv
# configure flag
AC_ARG_WITH([virtualenv],
[AS_HELP_STRING([--without-virtualenv], [install to a Python virtualenv])],
[],
[with_virtualenv=yes])
AS_IF([test "x$with_virtualenv" != xno],
AC_CHECK_PROGS([VIRTUALENV], [virtualenv virtualenv3 virtualenv2], [no])
AS_IF([test "x$VIRTUALENV" = xno],
[AC_MSG_FAILURE(
[--with-virtualenv given but virtualenv could not be found])]),
AC_SUBST([VIRTUALENV], [no]))
AC_ARG_VAR([VIRTUALENV_FLAGS], [flags to pass to the virtualenv command])
dnl----
dnl If the program uses sphinx-build to build documentation, uncomment
dnl this to create a SPHINXBUILD variable in the Makefile pointing to
dnl the program. Thus, the user would specify
dnl SPHINXBUILD=/path/to/sphinx-build as an argument to the configure
dnl script. Since building the documentation should be optional, just
dnl print a warning. If the program uses some other documentation
dnl system, you can do something similar with it.
dnl----
dnl
# Check for sphinx-build
AC_CHECK_PROGS([SPHINXBUILD], [sphinx-build sphinx-build3 sphinx-build2], [no])
AS_IF([test "x$SPHINXBUILD" = xno],
AC_MSG_WARN(sphinx-build is required to build documentation))
dnl----
dnl These two are standard Autoconf macros which check for the
dnl presence of some programs that we will use in the Makefile.
dnl----
dnl
AC_PROG_MKDIR_P
AC_PROG_INSTALL
# Check for a supported database program
AC_PATH_PROG([SQLITE], [sqlite3])
AC_PATH_PROG([POSTGRES], [postgres])
AS_IF([test "x$SQLITE" = x -a "x$POSTGRES" = "x"],
[AC_MSG_ERROR([SQLite or PostgreSQL is required])])
dnl--PC_PYTHON_SITE_PACKAGE_DIR---------------------------------------
dnl This uses PYTHON_SITE_DIR to construct a directory for this
dnl project (ie $PYTHON_SITE_DIR/project_name) and stores it in
dnl pkgpythondir. This value is used by Automake for installing Python
dnl scripts. By default, this begins with $pythondir, unexpanded, to
dnl provide compatibility with GNU Makefile specifications, allowing
dnl the user to change the prefix from the commandline.
dnl----
dnl
PC_PYTHON_SITE_PACKAGE_DIR
dnl--PC_PYTHON_EXEC_PACKAGE_DIR----------------------------------------
dnl Same as PC_PYTHON_SITE_PACKAGE_DIR but for $exec-prefix. Stored in
dnl pkgpyexecdir
dnl----
dnl
PC_PYTHON_EXEC_PACKAGE_DIR
dnl###############################
dnl Checking Python capabilities #
dnl###############################
dnl--PC_PYTHON_CHECK_MODULE([PYTHON-MODULE], [ACTION-IF-PRESENT],
dnl [ACTION-IF-ABSENT])
dnl This macro lets you check if a given Python module exists on the
dnl system.
dnl----
dnl
dnl PC_PYTHON_CHECK_MODULE([foo])
# Check for python-lxml module
PC_PYTHON_CHECK_MODULE([lxml], [],
[AC_MSG_ERROR([python-lxml is required])])
# Check for the Python Imaging Library
PC_PYTHON_CHECK_MODULE([Image], [],
[AC_MSG_ERROR([Python Imaging Library is required])])
dnl#########
dnl Finish #
dnl#########
dnl Define the files to be configured
AC_CONFIG_FILES([Makefile])
dnl Generate config.status
AC_OUTPUT

2
docs/Makefile
View File

@ -2,7 +2,7 @@
#
# You can set these variables from the command line.
SPHINXOPTS =
SPHINXOPTS = -W
SPHINXBUILD = sphinx-build
PAPER =
BUILDDIR = build

158
docs/source/api/client_register.rst Normal file
View File

@ -0,0 +1,158 @@
.. MediaGoblin Documentation
Written in 2011, 2012 by MediaGoblin contributors
To the extent possible under law, the author(s) have dedicated all
copyright and related and neighboring rights to this software to
the public domain worldwide. This software is distributed without
any warranty.
You should have received a copy of the CC0 Public Domain
Dedication along with this software. If not, see
<http://creativecommons.org/publicdomain/zero/1.0/>.
====================
Registering a Client
====================
To use the GNU MediaGoblin API you need to use the dynamic client registration. This has been adapted from the `OpenID specification <https://openid.net/specs/openid-connect-registration-1_0.html>`_, this is the only part of OpenID that is being used to serve the purpose to provide the client registration which is used in OAuth.
The endpoint is ``/api/client/register``
The parameters are:
type
**required** - This must be either *client_associate* (for new registration) or *client_update*
client_id
**update only** - This should only be used updating client information, this is the client_id given when you register
client_secret
**update only** - This should only be used updating client information, this is the client_secret given when you register
contacts
**optional** - This a space seporated list of email addresses to contact of people responsible for the client
application_type
**required** - This is the type of client you are making, this must be either *web* or *native*
application_name
**optional** - This is the name of your client
logo_url
**optional** - This is a URL of the logo image for your client
redirect_uri
**optional** - This is a space seporated list of pre-registered URLs for use at the Authorization Server
Response
--------
You will get back a response::
client_id
This identifies a client
client_secret
This is the secret.
expires_at
This is time that the client credentials expire. If this is 0 the client registration does not expire.
=======
Example
=======
Register Client
---------------
To register a client for the first time, this is the minimum you must supply::
{
"type": "client_associate",
"application_type": "native"
}
A Response will look like::
{
"client_secret": "hJtfhaQzgKerlLVdaeRAgmbcstSOBLRfgOinMxBCHcb",
"expires_at": 0,
"client_id": "vwljdhUMhhNbdKizpjZlxv"
}
Updating Client
---------------
Using the response we got above we can update the information and add new information we may have opted not to supply::
{
"type": "client_update",
"client_id": "vwljdhUMhhNbdKizpjZlxv",
"client_secret": "hJtfhaQzgKerlLVdaeRAgmbcstSOBLRfgOinMxBCHcb",
"application_type": "web",
"application_name": "MyClient!",
"logo_url": "https://myclient.org/images/my_logo.png",
"contacts": "myemail@someprovider.com another_developer@provider.net",
}
The response will just return back the client_id and client_secret you sent::
{
"client_id": "vwljdhUMhhNbdKizpjZlxv",
"client_secret": "hJtfhaQzgKerlLVdaeRAgmbcstSOBLRfgOinMxBCHcb",
"expires_at": 0
}
======
Errors
======
There are a number of errors you could get back, This explains what could cause some of them:
Could not decode data
This is caused when you have an error in the encoding of your data.
Unknown Content-Type
You should sent a Content-Type header with when you make a request, this should be either application/json or www-form-urlencoded. This is caused when a unknown Content-Type is used.
No registration type provided
This is when you leave out the ``type``. This should either be client_update or client_associate
Unknown application_type.
This is when you have provided a ``type`` however this isn't one of the known types.
client_id is required to update.
When you try and update you need to specify the client_id, this will be what you were given when you initially registered the client.
client_secret is required to update.
When you try to update you need to specify the client_secrer, this will be what you were given when you initially register the client.
Unauthorized.
This is when you are trying to update however the client_id and/or client_secret you have submitted are incorrect.
Only set client_id for update.
This should only be given when you update.
Only set client_secret for update.
This should only be given when you update.
Logo URL <url> is not a valid URL
This is when the URL specified did not meet the validation.
contacts must be a string of space-separated email addresses.
``contacts`` should be a string (not a list), ensure each email is seporated by a space
Email <email> is not a valid email
This is when you have submitted an invalid email address
redirect_uris must be space-separated URLs.
``redirect_uris`` should be a string (not a list), ensure each URL is seporated by a space
URI <URI> is not a valid URI
This is when your URI is invalid.

36
docs/source/api/oauth.rst Normal file
View File

@ -0,0 +1,36 @@
.. MediaGoblin Documentation
Written in 2011, 2012 by MediaGoblin contributors
To the extent possible under law, the author(s) have dedicated all
copyright and related and neighboring rights to this software to
the public domain worldwide. This software is distributed without
any warranty.
You should have received a copy of the CC0 Public Domain
Dedication along with this software. If not, see
<http://creativecommons.org/publicdomain/zero/1.0/>.
==============
Authentication
==============
GNU MediaGoblin uses OAuth1 to authenticate requests to the API. There are many
libraries out there for OAuth1, you're likely not going to have to do much. There
is a library for the GNU MediaGoblin called `PyPump <https://github.com/xray7224/PyPump>`_.
We are not using OAuth2 as we want to stay completely compatable with GNU MediaGoblin.
We use :doc:`client_register` to get the client ID and secret.
Endpoints
---------
These are the endpoints you need to use for the oauth requests:
`/oauth/request_token` is for getting the request token.
`/oauth/authorize` is to send the user to to authorize your application.
`/oauth/access_token` is for getting the access token to use in requests.

4
docs/source/index.rst
View File

@ -59,6 +59,9 @@ Part 2: Core plugin documentation
plugindocs/oauth
plugindocs/trim_whitespace
plugindocs/raven
plugindocs/basic_auth
plugindocs/openid
plugindocs/persona
Part 3: Plugin Writer's Guide
@ -75,6 +78,7 @@ This guide covers writing new GNU MediaGoblin plugins.
pluginwriter/api
pluginwriter/tests
pluginwriter/media_type_hooks
pluginwriter/authhooks
Part 4: Developer's Zone

2
docs/source/plugindocs/basic_auth.rst Normal file
View File

@ -0,0 +1,2 @@
.. include:: ../../../mediagoblin/plugins/basic_auth/README.rst

2
docs/source/plugindocs/openid.rst Normal file
View File

@ -0,0 +1,2 @@
.. include:: ../../../mediagoblin/plugins/openid/README.rst

2
docs/source/plugindocs/persona.rst Normal file
View File

@ -0,0 +1,2 @@
.. include:: ../../../mediagoblin/plugins/persona/README.rst

1
docs/source/plugindocs/raven.rst
View File

@ -1,2 +1 @@
.. _raven-setup: Set up the raven plugin
.. include:: ../../../mediagoblin/plugins/raven/README.rst

86
docs/source/pluginwriter/authhooks.rst Normal file
View File

@ -0,0 +1,86 @@
======================
Authentication Hooks
======================
This documents the hooks that are currently available for authentication
plugins. If you need new hooks for your plugin, go ahead a submit a patch.
What hooks are available?
=========================
'authentication'
----------------
This hook just needs to return ``True`` as this is how
the MediaGoblin app knows that an authentication plugin is enabled.
'auth_extra_validation'
-----------------------
This hook is used to provide any additional validation of the registration
form when using ``mediagoblin.auth.tools.register_user()``. This hook runs
through all enabled auth plugins.
'auth_create_user'
------------------
This hook is used by ``mediagoblin.auth.tools.register_user()`` so plugins can
store the necessary information when creating a user. This hook runs through
all enabled auth plugins.
'auth_get_user'
---------------
This hook is used by ``mediagoblin.auth.tools.check_login_simple()``. Your
plugin should return a ``User`` object given a username.
'auth_no_pass_redirect'
-----------------------
This hook is called in ``mediagoblin.auth.views`` in both the ``login`` and
``register`` views. This hook should return the name of your plugin, so that
if :ref:`basic_auth-chapter` is not enabled, the user will be redirected to the
correct login and registration views for your plugin.
The code assumes that it can generate a valid url given
``mediagoblin.plugins.{{ your_plugin_here }}.login`` and
``mediagoblin.plugins.{{ your_plugin_here }}.register``. This is only needed if
you will not be using the ``login`` and ``register`` views in
``mediagoblin.auth.views``.
'auth_get_login_form'
---------------------
This hook is called in ``mediagoblin.auth.views.login()``. If you are not using
that view, then you do not need this hook. This hook should take a ``request``
object and return the ``LoginForm`` for your plugin.
'auth_get_registration_form'
----------------------------
This hook is called in ``mediagoblin.auth.views.register()``. If you are not
using that view, then you do not need this hook. This hook should take a
``request`` object and return the ``RegisterForm`` for your plugin.
'auth_gen_password_hash'
------------------------
This hook should accept a ``raw_pass`` and an ``extra_salt`` and return a
hashed password to be stored in ``User.pw_hash``.
'auth_check_password'
---------------------
This hook should accept a ``raw_pass``, a ``stored_hash``, and an ``extra_salt``.
Your plugin should then check that the ``raw_pass`` hashes to the same thing as
the ``stored_hash`` and return either ``True`` or ``False``.
'auth_fake_login_attempt'
-------------------------
This hook is called in ``mediagoblin.auth.tools.check_login_simple``. It is
called if a user is not found and should do something that takes the same amount
of time as your ``check_password`` function. This is to help prevent timining
attacks.

96
docs/source/siteadmin/deploying.rst
View File

@ -1,6 +1,6 @@
.. MediaGoblin Documentation
Written in 2011, 2012 by MediaGoblin contributors
Written in 2011, 2012, 2013 by MediaGoblin contributors
To the extent possible under law, the author(s) have dedicated all
copyright and related and neighboring rights to this software to
@ -77,7 +77,7 @@ Configure PostgreSQL
If you don't want/need postgres, skip this section.
These are the packages needed for Debian Wheezy (testing)::
These are the packages needed for Debian Wheezy (stable)::
sudo apt-get install postgresql postgresql-client python-psycopg2
@ -121,25 +121,62 @@ where the first ``mediagoblin`` is the database owner and the second
Drop Privileges for MediaGoblin
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
As MediaGoblin does not require special permissions or elevated
access, you should run MediaGoblin under an existing non-root user or
preferably create a dedicated user for the purpose of running
MediaGoblin. Consult your distribution's documentation on how to
create "system account" or dedicated service user. Ensure that it is
not possible to log in to your system with as this user.
MediaGoblin does not require special permissions or elevated
access to run. As such, the prefered way to run MediaGoblin is to
create a dedicated, unpriviledged system user for sole the purpose of running
MediaGoblin. Running MediaGoblin processes under an unpriviledged system user
helps to keep it more secure.
The following command (entered as root or with sudo) will create a
system account with a username of ``mediagoblin``. You may choose a different
username if you wish.::
adduser --system mediagoblin
No password will be assigned to this account, and you will not be able
to log in as this user. To switch to this account, enter either::
sudo su - mediagoblin (if you have sudo permissions)
or::
su - mediagoblin (if you have to use root permissions)
You may get a warning similar to this when entering these commands::
warning: cannot change directory to /home/mediagoblin: No such file or directory
You can disregard this warning. To return to your regular user account after
using the system account, just enter ``exit``.
.. note::
Unless otherwise noted, the remainder of this document assumes that all
operations are performed using this unpriviledged account.
.. _create-mediagoblin-directory:
Create a MediaGoblin Directory
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
You should create a working directory for MediaGoblin. This document
assumes your local git repository will be located at
``/srv/mediagoblin.example.org/mediagoblin/`` for this documentation.
Substitute your prefer ed local deployment path as needed.
``/srv/mediagoblin.example.org/mediagoblin/``.
Substitute your prefered local deployment path as needed.
This document assumes that all operations are performed as this
user. To drop privileges to this user, run the following command::
Setting up the working directory requires that we first create the directory
with elevated priviledges, and then assign ownership of the directory
to the unpriviledged system account.
su - [mediagoblin]
To do this, enter either of the following commands, changing the defaults
to suit your particular requirements::
sudo mkdir -p /srv/mediagoblin.example.org && sudo chown -hR mediagoblin:mediagoblin /srv/mediagobin.example.org
or (as the root user)::
mkdir -p /srv/mediagoblin.example.org && chown -hR mediagoblin:mediagoblin /srv/mediagobin.example.org
Where, "``[mediagoblin]``" is the username of the system user that will
run MediaGoblin.
Install MediaGoblin and Virtualenv
----------------------------------
@ -151,11 +188,14 @@ Install MediaGoblin and Virtualenv
branch of the git repository. Eventually production deployments will
want to transition to running from more consistent releases.
Issue the following commands, to create and change the working
directory. Modify these commands to reflect your own environment::
We will now clone the MediaGoblin source code repository and setup and
configure the necessary services. Modify these commands to
suit your own environment. As a reminder, you should enter these
commands using your unpriviledged system account.
mkdir -p /srv/mediagoblin.example.org/
cd /srv/mediagoblin.example.org/
Change to the MediaGoblin directory that you just created::
cd /srv/mediagoblin.example.org
Clone the MediaGoblin repository and set up the git submodules::
@ -163,12 +203,23 @@ Clone the MediaGoblin repository and set up the git submodules::
cd mediagoblin
git submodule init && git submodule update
And set up the in-package virtualenv::
Set up the in-package virtualenv via make::
(virtualenv --system-site-packages . || virtualenv .) && ./bin/python setup.py develop
./bootstrap.sh && ./configure && make
.. note::
Prefer not to use make, or want to use the "old way" of installing
MediaGoblin (maybe you know how to use virtualenv and python
packaging)? You still can! All that the above make script is doing
is installing an in-package virtualenv and running
./bin/python setup.py develop
.. ::
(NOTE: Is this still relevant?)
If you have problems here, consider trying to install virtualenv
with the ``--distribute`` or ``--no-site-packages`` options. If
your system's default Python is in the 3.x series you may need to
@ -388,4 +439,5 @@ Security Considerations
for session security. Make sure not to leak its contents anywhere.
If the contents gets leaked nevertheless, delete your file
and restart the server, so that it creates a new secret key.
All previous sessions will be invalifated then.
All previous sessions will be invalidated.

4
docs/source/siteadmin/relnotes.rst
View File

@ -108,8 +108,8 @@ please note the following:
.. code-block:: ini
[plugins]
[[mediagoblin.plugins.geolocation]]
[plugins]
[[mediagoblin.plugins.geolocation]]
If you have your own theme, you may need to make some adjustments to
it as some theme related things may have changed in this release. If

527
install-sh Executable file
View File

@ -0,0 +1,527 @@
#!/bin/sh
# install - install a program, script, or datafile
scriptversion=2011-11-20.07; # UTC
# This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the
# following copyright and license.
#
# Copyright (C) 1994 X Consortium
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
# Except as contained in this notice, the name of the X Consortium shall not
# be used in advertising or otherwise to promote the sale, use or other deal-
# ings in this Software without prior written authorization from the X Consor-
# tium.
#
#
# FSF changes to this file are in the public domain.
#
# Calling this script install-sh is preferred over install.sh, to prevent
# 'make' implicit rules from creating a file called install from it
# when there is no Makefile.
#
# This script is compatible with the BSD install script, but was written
# from scratch.
nl='
'
IFS=" "" $nl"
# set DOITPROG to echo to test this script
# Don't use :- since 4.3BSD and earlier shells don't like it.
doit=${DOITPROG-}
if test -z "$doit"; then
doit_exec=exec
else
doit_exec=$doit
fi
# Put in absolute file names if you don't have them in your path;
# or use environment vars.
chgrpprog=${CHGRPPROG-chgrp}
chmodprog=${CHMODPROG-chmod}
chownprog=${CHOWNPROG-chown}
cmpprog=${CMPPROG-cmp}
cpprog=${CPPROG-cp}
mkdirprog=${MKDIRPROG-mkdir}
mvprog=${MVPROG-mv}
rmprog=${RMPROG-rm}
stripprog=${STRIPPROG-strip}
posix_glob='?'
initialize_posix_glob='
test "$posix_glob" != "?" || {
if (set -f) 2>/dev/null; then
posix_glob=
else
posix_glob=:
fi
}
'
posix_mkdir=
# Desired mode of installed file.
mode=0755
chgrpcmd=
chmodcmd=$chmodprog
chowncmd=
mvcmd=$mvprog
rmcmd="$rmprog -f"
stripcmd=
src=
dst=
dir_arg=
dst_arg=
copy_on_change=false
no_target_directory=
usage="\
Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
or: $0 [OPTION]... SRCFILES... DIRECTORY
or: $0 [OPTION]... -t DIRECTORY SRCFILES...
or: $0 [OPTION]... -d DIRECTORIES...
In the 1st form, copy SRCFILE to DSTFILE.
In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
In the 4th, create DIRECTORIES.
Options:
--help display this help and exit.
--version display version info and exit.
-c (ignored)
-C install only if different (preserve the last data modification time)
-d create directories instead of installing files.
-g GROUP $chgrpprog installed files to GROUP.
-m MODE $chmodprog installed files to MODE.
-o USER $chownprog installed files to USER.
-s $stripprog installed files.
-t DIRECTORY install into DIRECTORY.
-T report an error if DSTFILE is a directory.
Environment variables override the default commands:
CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
RMPROG STRIPPROG
"
while test $# -ne 0; do
case $1 in
-c) ;;
-C) copy_on_change=true;;
-d) dir_arg=true;;
-g) chgrpcmd="$chgrpprog $2"
shift;;
--help) echo "$usage"; exit $?;;
-m) mode=$2
case $mode in
*' '* | *' '* | *'
'* | *'*'* | *'?'* | *'['*)
echo "$0: invalid mode: $mode" >&2
exit 1;;
esac
shift;;
-o) chowncmd="$chownprog $2"
shift;;
-s) stripcmd=$stripprog;;
-t) dst_arg=$2
# Protect names problematic for 'test' and other utilities.
case $dst_arg in
-* | [=\(\)!]) dst_arg=./$dst_arg;;
esac
shift;;
-T) no_target_directory=true;;
--version) echo "$0 $scriptversion"; exit $?;;
--) shift
break;;
-*) echo "$0: invalid option: $1" >&2
exit 1;;
*) break;;
esac
shift
done
if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
# When -d is used, all remaining arguments are directories to create.
# When -t is used, the destination is already specified.
# Otherwise, the last argument is the destination. Remove it from $@.
for arg
do
if test -n "$dst_arg"; then
# $@ is not empty: it contains at least $arg.
set fnord "$@" "$dst_arg"
shift # fnord
fi
shift # arg
dst_arg=$arg
# Protect names problematic for 'test' and other utilities.
case $dst_arg in
-* | [=\(\)!]) dst_arg=./$dst_arg;;
esac
done
fi
if test $# -eq 0; then
if test -z "$dir_arg"; then
echo "$0: no input file specified." >&2
exit 1
fi
# It's OK to call 'install-sh -d' without argument.
# This can happen when creating conditional directories.
exit 0
fi
if test -z "$dir_arg"; then
do_exit='(exit $ret); exit $ret'
trap "ret=129; $do_exit" 1
trap "ret=130; $do_exit" 2
trap "ret=141; $do_exit" 13
trap "ret=143; $do_exit" 15
# Set umask so as not to create temps with too-generous modes.
# However, 'strip' requires both read and write access to temps.
case $mode in
# Optimize common cases.
*644) cp_umask=133;;
*755) cp_umask=22;;
*[0-7])
if test -z "$stripcmd"; then
u_plus_rw=
else
u_plus_rw='% 200'
fi
cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
*)
if test -z "$stripcmd"; then
u_plus_rw=
else
u_plus_rw=,u+rw
fi
cp_umask=$mode$u_plus_rw;;
esac
fi
for src
do
# Protect names problematic for 'test' and other utilities.
case $src in
-* | [=\(\)!]) src=./$src;;
esac
if test -n "$dir_arg"; then
dst=$src
dstdir=$dst
test -d "$dstdir"
dstdir_status=$?
else
# Waiting for this to be detected by the "$cpprog $src $dsttmp" command
# might cause directories to be created, which would be especially bad
# if $src (and thus $dsttmp) contains '*'.
if test ! -f "$src" && test ! -d "$src"; then
echo "$0: $src does not exist." >&2
exit 1
fi
if test -z "$dst_arg"; then
echo "$0: no destination specified." >&2
exit 1
fi
dst=$dst_arg
# If destination is a directory, append the input filename; won't work
# if double slashes aren't ignored.
if test -d "$dst"; then
if test -n "$no_target_directory"; then
echo "$0: $dst_arg: Is a directory" >&2
exit 1
fi
dstdir=$dst
dst=$dstdir/`basename "$src"`
dstdir_status=0
else
# Prefer dirname, but fall back on a substitute if dirname fails.
dstdir=`
(dirname "$dst") 2>/dev/null ||
expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
X"$dst" : 'X\(//\)[^/]' \| \
X"$dst" : 'X\(//\)$' \| \
X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
echo X"$dst" |
sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
s//\1/
q
}
/^X\(\/\/\)[^/].*/{
s//\1/
q
}
/^X\(\/\/\)$/{
s//\1/
q
}
/^X\(\/\).*/{
s//\1/
q
}
s/.*/./; q'
`
test -d "$dstdir"
dstdir_status=$?
fi
fi
obsolete_mkdir_used=false
if test $dstdir_status != 0; then
case $posix_mkdir in
'')
# Create intermediate dirs using mode 755 as modified by the umask.
# This is like FreeBSD 'install' as of 1997-10-28.
umask=`umask`
case $stripcmd.$umask in
# Optimize common cases.
*[2367][2367]) mkdir_umask=$umask;;
.*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
*[0-7])
mkdir_umask=`expr $umask + 22 \
- $umask % 100 % 40 + $umask % 20 \
- $umask % 10 % 4 + $umask % 2
`;;
*) mkdir_umask=$umask,go-w;;
esac
# With -d, create the new directory with the user-specified mode.
# Otherwise, rely on $mkdir_umask.
if test -n "$dir_arg"; then
mkdir_mode=-m$mode
else
mkdir_mode=
fi
posix_mkdir=false
case $umask in
*[123567][0-7][0-7])
# POSIX mkdir -p sets u+wx bits regardless of umask, which
# is incompatible with FreeBSD 'install' when (umask & 300) != 0.
;;
*)
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
if (umask $mkdir_umask &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
then
if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
ls_ld_tmpdir=`ls -ld "$tmpdir"`
case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;;
*) false;;
esac &&
$mkdirprog -m$different_mode -p -- "$tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
}
}
then posix_mkdir=:
fi
rmdir "$tmpdir/d" "$tmpdir"
else
# Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
fi
trap '' 0;;
esac;;
esac
if
$posix_mkdir && (
umask $mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
)
then :
else
# The umask is ridiculous, or mkdir does not conform to POSIX,
# or it failed possibly due to a race condition. Create the
# directory the slow way, step by step, checking for races as we go.
case $dstdir in
/*) prefix='/';;
[-=\(\)!]*) prefix='./';;
*) prefix='';;
esac
eval "$initialize_posix_glob"
oIFS=$IFS
IFS=/
$posix_glob set -f
set fnord $dstdir
shift
$posix_glob set +f
IFS=$oIFS
prefixes=
for d
do
test X"$d" = X && continue
prefix=$prefix$d
if test -d "$prefix"; then
prefixes=
else
if $posix_mkdir; then
(umask=$mkdir_umask &&
$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
# Don't fail if two instances are running concurrently.
test -d "$prefix" || exit 1
else
case $prefix in
*\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
*) qprefix=$prefix;;
esac
prefixes="$prefixes '$qprefix'"
fi
fi
prefix=$prefix/
done
if test -n "$prefixes"; then
# Don't fail if two instances are running concurrently.
(umask $mkdir_umask &&
eval "\$doit_exec \$mkdirprog $prefixes") ||
test -d "$dstdir" || exit 1
obsolete_mkdir_used=true
fi
fi
fi
if test -n "$dir_arg"; then
{ test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
{ test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
{ test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
else
# Make a couple of temp file names in the proper directory.
dsttmp=$dstdir/_inst.$$_
rmtmp=$dstdir/_rm.$$_
# Trap to clean up those temp files at exit.
trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
# Copy the file name to the temp name.
(umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
# and set any options; do chmod last to preserve setuid bits.
#
# If any of these fail, we abort the whole thing. If we want to
# ignore errors from any of these, just make sure not to ignore
# errors from the above "$doit $cpprog $src $dsttmp" command.
#
{ test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
{ test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
{ test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
{ test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
# If -C, don't bother to copy if it wouldn't change the file.
if $copy_on_change &&
old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` &&
new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` &&
eval "$initialize_posix_glob" &&
$posix_glob set -f &&
set X $old && old=:$2:$4:$5:$6 &&
set X $new && new=:$2:$4:$5:$6 &&
$posix_glob set +f &&
test "$old" = "$new" &&
$cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
then
rm -f "$dsttmp"
else
# Rename the file to the real destination.
$doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
# The rename failed, perhaps because mv can't rename something else
# to itself, or perhaps because mv is so ancient that it does not
# support -f.
{
# Now remove or move aside any old file at destination location.
# We try this two ways since rm can't unlink itself on some
# systems and the destination file might be busy for other
# reasons. In this case, the final cleanup might fail but the new
# file should still install successfully.
{
test ! -f "$dst" ||
$doit $rmcmd -f "$dst" 2>/dev/null ||
{ $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
{ $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
} ||
{ echo "$0: cannot unlink or rename $dst" >&2
(exit 1); exit 1
}
} &&
# Now rename the file to the real destination.
$doit $mvcmd "$dsttmp" "$dst"
}
fi || exit 1
trap '' 0
fi
done
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

638
m4/python.m4 Normal file
View File

@ -0,0 +1,638 @@
# Copyright 2012, 2013 Brandon Invergo <brandon@invergo.net>
#
# This file is part of pyconfigure. This program is free
# software; you can redistribute it and/or modify it under the
# terms of the GNU General Public License as published by the
# Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# Under Section 7 of GPL version 3, you are granted additional
# permissions described in the Autoconf Configure Script Exception,
# version 3.0, as published by the Free Software Foundation.
#
# You should have received a copy of the GNU General Public License
# and a copy of the Autoconf Configure Script Exception along with
# this program; see the files COPYINGv3 and COPYING.EXCEPTION
# respectively. If not, see <http://www.gnu.org/licenses/>.
# Many of these macros were adapted from ones written by Andrew Dalke
# and James Henstridge and are included with the Automake utility
# under the following copyright terms:
#
# Copyright (C) 1999-2012 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# Table of Contents:
#
# 1. Language selection
# and routines to produce programs in a given language.
#
# 2. Producing programs in a given language.
#
# 3. Looking for a compiler
# And possibly the associated preprocessor.
#
# 4. Looking for specific libs & functionality
## ----------------------- ##
## 1. Language selection. ##
## ----------------------- ##
# AC_LANG(Python)
# ---------------
AC_LANG_DEFINE([Python], [py], [PY], [PYTHON], [],
[ac_ext=py
ac_compile='chmod +x conftest.$ac_ext >&AS_MESSAGE_LOG_FD'
ac_link='chmod +x conftest.$ac_ext && cp conftest.$ac_ext conftest >&AS_MESSAGE_LOG_FD'
])
# AC_LANG_PYTHON
# --------------
AU_DEFUN([AC_LANG_PYTHON], [AC_LANG(Python)])
## ----------------------- ##
## 2. Producing programs. ##
## ----------------------- ##
# AC_LANG_PROGRAM(Python)([PROLOGUE], [BODY])
# -------------------------------------------
m4_define([AC_LANG_PROGRAM(Python)], [dnl
@%:@!$PYTHON
$1
m4_if([$2], [], [], [dnl
if __name__ == '__main__':
$2])])
# _AC_LANG_IO_PROGRAM(Python)
# ---------------------------
# Produce source that performs I/O.
m4_define([_AC_LANG_IO_PROGRAM(Python)],
[AC_LANG_PROGRAM([dnl
import sys
try:
h = open('conftest.out')
except:
sys.exit(1)
else:
close(h)
sys.exit(0)
], [])])
# _AC_LANG_CALL(Python)([PROLOGUE], [FUNCTION])
# ---------------------
# Produce source that calls FUNCTION
m4_define([_AC_LANG_CALL(Python)],
[AC_LANG_PROGRAM([$1], [$2])])
## -------------------------------------------- ##
## 3. Looking for Compilers and Interpreters. ##
## -------------------------------------------- ##
AC_DEFUN([AC_LANG_COMPILER(Python)],
[AC_REQUIRE([AC_PROG_PYTHON])])
# PC_INIT([MIN_VER], [MAX_VER])
# -----------------------------
# Initialize pyconfigure, finding a Python interpreter with a given
# minimum and/or maximum version.
AC_DEFUN([PC_INIT],
[AC_ARG_VAR([PYTHON], [the Python interpreter])
dnl The default minimum version is 2.0
m4_define_default([pc_min_ver], m4_ifval([$1], [$1], [2.0]))
dnl The default maximum version is 3.3
m4_define_default([pc_max_ver], m4_ifval([$2], [$2], [3.3]))
dnl Build up a list of possible interpreter names.
m4_define_default([_PC_PYTHON_INTERPRETER_LIST],
dnl Construct a comma-separated list of interpreter names (python2.6,
dnl python2.7, etc). We only care about the first 3 characters of the
dnl version strings (major-dot-minor; not
dnl major-dot-minor-dot-bugfix[-dot-whatever])
[m4_foreach([pc_ver],
m4_esyscmd_s(seq -s[[", "]] -f["[[%.1f]]"] m4_substr(pc_max_ver, [0], [3]) -0.1 m4_substr(pc_min_ver, [0], [3])),
dnl Remove python2.8 and python2.9 since they will never exist
[m4_bmatch(pc_ver, [2.[89]], [], [python]pc_ver)] ) \
dnl If we want some Python 3 versions (max version >= 3.0),
dnl also search for "python3"
m4_if(m4_version_compare(pc_max_ver, [2.9]), [1], [python3], []) \
dnl If we want some Python 2 versions (min version <= 2.7),
dnl also search for "python2". Finally, also search for plain ol' "python"
m4_if(m4_version_compare(pc_min_ver, [2.8]), [-1], [python2], []) [python]])
dnl Do the actual search at last.
AC_PATH_PROGS(PYTHON, [_PC_PYTHON_INTERPRETER_LIST])
dnl If we found something, do a sanity check that the interpreter really
dnl has the version its name would suggest.
m4_ifval([PYTHON],
[PC_PYTHON_VERIFY_VERSION([>=], [pc_min_ver],
[AC_MSG_RESULT([yes])],
[AC_MSG_FAILURE([No compatible Python interpreter found. If you're sure that you have one, try setting the PYTHON environment variable to the location of the interpreter.])])])
m4_ifval([PYTHON],
[PC_PYTHON_VERIFY_VERSION([<=], [pc_max_ver],
[AC_MSG_RESULT([yes])],
[AC_MSG_FAILURE([No compatible Python interpreter found. If you're sure that you have one, try setting the PYTHON environment variable to the location of the interpreter.])])])
])# PC_INIT
# AC_PROG_PYTHON(PROG-TO-CHECK-FOR)
# ---------------------------------
# Find a Python interpreter. Python versions prior to 2.0 are not
# supported. (2.0 was released on October 16, 2000).
AC_DEFUN([AC_PROG_PYTHON],
[AC_ARG_VAR([PYTHON], [the Python interpreter])
m4_define_default([_PC_PYTHON_INTERPRETER_LIST],
[python python3 python3.3 python3.2 python3.1 python3.0 python2 python2.7 dnl
python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0])
m4_ifval([$1],
[AC_PATH_PROGS(PYTHON, [$1 _PC_PYTHON_INTERPRETER_LIST])],
[AC_PATH_PROGS(PYTHON, [_PC_PYTHON_INTERPRETER_LIST])])
])
# PC_PYTHON_PROG_PYTHON_CONFIG(PROG-TO-CHECK-FOR)
# ----------------------------------------------
# Find the python-config program
AC_DEFUN([PC_PYTHON_PROG_PYTHON_CONFIG],
[AC_REQUIRE([PC_INIT])[]dnl
AC_ARG_VAR([PYTHON_CONFIG], [the Python-config program])
dnl python-config's binary name is normally based on the Python interpreter's
dnl binary name (i.e. python2.7 -> python2.7-config)
m4_define([_PYTHON_BASENAME], [`basename $PYTHON`])
m4_ifval([$1],
[AC_PATH_PROGS(PYTHON_CONFIG, [$1 _PYTHON_BASENAME-config])],
[AC_PATH_PROG(PYTHON_CONFIG, _PYTHON_BASENAME-config)])
]) # PC_PYTHON_PROG_PYTHON_CONFIG
# PC_PYTHON_VERIFY_VERSION(RELATION, VERSION, [ACTION-IF-TRUE], [ACTION-IF-NOT-FOUND])
# ---------------------------------------------------------------------------
# Run ACTION-IF-TRUE if the Python interpreter PROG has version >= VERSION.
# Run ACTION-IF-FALSE otherwise.
# Specify RELATION as any mathematical comparison "<", ">", "<=", ">=", "==" or "!="
# This test uses sys.hexversion instead of the string equivalent (first
# word of sys.version), in order to cope with versions such as 2.2c1.
# This supports Python 2.0 or higher. (2.0 was released on October 16, 2000).
AC_DEFUN([PC_PYTHON_VERIFY_VERSION],
[m4_define([pc_python_safe_ver], m4_bpatsubsts($2, [\.], [_]))
AC_CACHE_CHECK([if Python $1 '$2'],
[[pc_cv_python_min_version_]pc_python_safe_ver],
[AC_LANG_PUSH(Python)[]dnl
AC_RUN_IFELSE(
[AC_LANG_PROGRAM([dnl
import sys
], [dnl
# split strings by '.' and convert to numeric. Append some zeros
# because we need at least 4 digits for the hex conversion.
# map returns an iterator in Python 3.0 and a list in 2.x
reqver = list(map(int, '$2'.split('.'))) + [[0, 0, 0]]
reqverhex = 0
# xrange is not present in Python 3.0 and range returns an iterator
for i in list(range(4)):
reqverhex = (reqverhex << 8) + reqver[[i]]
if sys.hexversion $1 reqverhex:
sys.exit()
else:
sys.exit(1)
])],
[[pc_cv_python_req_version_]pc_python_safe_ver="yes"],
[[pc_cv_python_req_version_]pc_python_safe_ver="no"])
AC_LANG_POP(Python)[]dnl
])
AS_IF([test "$[pc_cv_python_req_version_]pc_python_safe_ver" = "no"], [$4], [$3])
])# PC_PYTHON_VERIFY_VERSION
# PC_PYTHON_CHECK_VERSION
# -----------------------
# Query Python for its version number. Getting [:3] seems to be
# the best way to do this; it's what "site.py" does in the standard
# library.
AC_DEFUN([PC_PYTHON_CHECK_VERSION],
[AC_REQUIRE([PC_INIT])[]dnl
AC_CACHE_CHECK([for $1 version],
[pc_cv_python_version],
[AC_LANG_PUSH(Python)[]dnl
AC_LANG_CONFTEST([
AC_LANG_PROGRAM([dnl
import sys
], [dnl
sys.stdout.write(sys.version[[:3]])
])])
pc_cv_python_version=`$PYTHON conftest.py`
AC_LANG_POP(Python)[]dnl
])
AC_SUBST([PYTHON_VERSION], [$pc_cv_python_version])
])# PC_PYTHON_CHECK_VERSION
# PC_PYTHON_CHECK_PREFIX
# ----------------------
# Use the value of $prefix for the corresponding value of
# PYTHON_PREFIX. This is made a distinct variable so it can be
# overridden if need be. However, general consensus is that you
# shouldn't need this ability.
AC_DEFUN([PC_PYTHON_CHECK_PREFIX],
[AC_REQUIRE([PC_PYTHON_PROG_PYTHON_CONFIG])[]dnl
dnl Try to get it with python-config otherwise do it from within Python
AC_CACHE_CHECK([for Python prefix], [pc_cv_python_prefix],
[if test -x "$PYTHON_CONFIG"; then
pc_cv_python_prefix=`$PYTHON_CONFIG --prefix 2>&AS_MESSAGE_LOG_FD`
else
AC_LANG_PUSH(Python)[]dnl
pc_cv_python_prefix=AC_LANG_CONFTEST([AC_LANG_PROGRAM([dnl
import sys
], [dnl
sys.exit(sys.prefix)
])])
AC_LANG_POP(Python)[]dnl
fi])
AC_SUBST([PYTHON_PREFIX], [$pc_cv_python_prefix])])
# PC_PYTHON_CHECK_EXEC_PREFIX
# --------------------------
# Like above, but for $exec_prefix
AC_DEFUN([PC_PYTHON_CHECK_EXEC_PREFIX],
[AC_REQUIRE([PC_PYTHON_PROG_PYTHON_CONFIG])[]dnl
dnl Try to get it with python-config otherwise do it from within Python
AC_CACHE_CHECK([for Python exec-prefix], [pc_cv_python_exec_prefix],
[if test -x "$PYTHON_CONFIG"; then
pc_cv_python_exec_prefix=`$PYTHON_CONFIG --exec-prefix 2>&AS_MESSAGE_LOG_FD`
else
AC_LANG_PUSH(Python)[]dnl
pc_cv_python_exec_prefix=AC_LANG_CONFTEST([AC_LANG_PROGRAM([dnl
import sys
], [dnl
sys.exit(sys.exec_prefix)
])])
AC_LANG_POP(Python)[]dnl
fi
])
AC_SUBST([PYTHON_EXEC_PREFIX], [$pc_cv_python_exec_prefix])])
# PC_PYTHON_CHECK_INCLUDES
# ------------------------
# Find the Python header file include flags (ie
# '-I/usr/include/python')
AC_DEFUN([PC_PYTHON_CHECK_INCLUDES],
[AC_REQUIRE([PC_PYTHON_PROG_PYTHON_CONFIG])[]dnl
dnl Try to find the headers location with python-config otherwise guess
AC_CACHE_CHECK([for Python includes], [pc_cv_python_includes],
[if test -x "$PYTHON_CONFIG"; then
pc_cv_python_includes=`$PYTHON_CONFIG --includes 2>&AS_MESSAGE_LOG_FD`
else
pc_cv_python_includes="[-I$includedir/$_PYTHON_BASENAME]m4_ifdef(PYTHON_ABI_FLAGS,
PYTHON_ABI_FLAGS,)"
fi
])
AC_SUBST([PYTHON_INCLUDES], [$pc_cv_python_includes])])
# PC_PYTHON_CHECK_HEADERS([ACTION-IF-PRESENT], [ACTION-IF-ABSENT])
# -----------------------
# Check for the presence and usability of Python.h
AC_DEFUN([PC_PYTHON_CHECK_HEADERS],
[AC_REQUIRE([PC_PYTHON_CHECK_INCLUDES])[]dnl
pc_cflags_store=$CPPFLAGS
CPPFLAGS="$CFLAGS $PYTHON_INCLUDES"
AC_CHECK_HEADER([Python.h], [$1], [$2])
CPPFLAGS=$pc_cflags_store
])
# PC_PYTHON_CHECK_LIBS
# --------------------
# Find the Python lib flags (ie '-lpython')
AC_DEFUN([PC_PYTHON_CHECK_LIBS],
[AC_REQUIRE([PC_PYTHON_PROG_PYTHON_CONFIG])[]dnl
dnl Try to find the lib flags with python-config otherwise guess
AC_CACHE_CHECK([for Python libs], [pc_cv_python_libs],
[if test -x "$PYTHON_CONFIG"; then
pc_cv_python_libs=`$PYTHON_CONFIG --libs 2>&AS_MESSAGE_LOG_FD`
else
pc_cv_python_libs="[-l$_PYTHON_BASENAME]m4_ifdef(PYTHON_ABI_FLAGS, PYTHON_ABI_FLAGS,)"
fi
])
AC_SUBST([PYTHON_LIBS], [$pc_cv_python_libs])])
# PC_PYTHON_TEST_LIBS(LIBRARY-FUNCTION, [ACTION-IF-PRESENT], [ACTION-IF-ABSENT])
# -------------------
# Verify that the Python libs can be loaded
AC_DEFUN([PC_PYTHON_TEST_LIBS],
[AC_REQUIRE([PC_PYTHON_CHECK_LIBS])[]dnl
pc_libflags_store=$LIBS
for lflag in $PYTHON_LIBS; do
case $lflag in
-lpython*@:}@
LIBS="$LIBS $lflag"
pc_libpython=`echo $lflag | sed -e 's/^-l//'`
;;
*@:}@;;
esac
done
AC_CHECK_LIB([$pc_libpython], [$1], [$2], [$3])])
# PC_PYTHON_CHECK_CFLAGS
# ----------------------
# Find the Python CFLAGS
AC_DEFUN([PC_PYTHON_CHECK_CFLAGS],
[AC_REQUIRE([PC_PYTHON_PROG_PYTHON_CONFIG])[]dnl
dnl Try to find the CFLAGS with python-config otherwise give up
AC_CACHE_CHECK([for Python CFLAGS], [pc_cv_python_cflags],
[if test -x "$PYTHON_CONFIG"; then
pc_cv_python_cflags=`$PYTHON_CONFIG --cflags 2>&AS_MESSAGE_LOG_FD`
else
pc_cv_python_cflags=
fi
])
AC_SUBST([PYTHON_CFLAGS], [$pc_cv_python_cflags])])
# PC_PYTHON_CHECK_LDFLAGS
# -----------------------
# Find the Python LDFLAGS
AC_DEFUN([PC_PYTHON_CHECK_LDFLAGS],
[AC_REQUIRE([PC_PYTHON_PROG_PYTHON_CONFIG])[]dnl
dnl Try to find the LDFLAGS with python-config otherwise give up
AC_CACHE_CHECK([for Python LDFLAGS], [pc_cv_python_ldflags],
[if test -x "$PYTHON_CONFIG"; then
pc_cv_python_ldflags=`$PYTHON_CONFIG --ldflags 2>&AS_MESSAGE_LOG_FD`
else
pc_cv_python_ldflags=
fi
])
AC_SUBST([PYTHON_LDFLAGS], [$pc_cv_python_ldflags])])
# PC_PYTHON_CHECK_EXTENSION_SUFFIX
# --------------------------------
# Find the Python extension suffix (i.e. '.cpython-32.so')
AC_DEFUN([PC_PYTHON_CHECK_EXTENSION_SUFFIX],
[AC_REQUIRE([PC_PYTHON_PROG_PYTHON_CONFIG])[]dnl
dnl Try to find the suffix with python-config otherwise give up
AC_CACHE_CHECK([for Python extension suffix], [pc_cv_python_extension_suffix],
[if test -x "$PYTHON_CONFIG"; then
pc_cv_python_extension_suffix=`$PYTHON_CONFIG --extension-suffix 2>&AS_MESSAGE_LOG_FD`
else
pc_cv_python_extension_suffix=
fi
])
AC_SUBST([PYTHON_EXTENSION_SUFFIX], [$pc_cv_python_extension_suffix])])
# PC_PYTHON_CHECK_ABI_FLAGS
# -------------------------
# Find the Python ABI flags
AC_DEFUN([PC_PYTHON_CHECK_ABI_FLAGS],
[AC_REQUIRE([PC_PYTHON_PROG_PYTHON_CONFIG])[]dnl
dnl Try to find the ABI flags with python-config otherwise give up
AC_CACHE_CHECK([for Python ABI flags], [pc_cv_python_abi_flags],
[if test -x "$PYTHON_CONFIG"; then
pc_cv_python_abi_flags=`$PYTHON_CONFIG --abiflags 2>&AS_MESSAGE_LOG_FD`
else
pc_cv_python_abi_flags=
fi
])
AC_SUBST([PYTHON_ABI_FLAGS], [$pc_cv_python_abi_flags])])
# PC_PYTHON_CHECK_PLATFORM
# ------------------------
# At times (like when building shared libraries) you may want
# to know which OS platform Python thinks this is.
AC_DEFUN([PC_PYTHON_CHECK_PLATFORM],
[AC_REQUIRE([PC_INIT])[]dnl
dnl Get the platform from within Python (sys.platform)
AC_CACHE_CHECK([for Python platform],
[pc_cv_python_platform],
[AC_LANG_PUSH(Python)[]dnl
AC_LANG_CONFTEST([
AC_LANG_PROGRAM([dnl
import sys
], [dnl
sys.stdout.write(sys.platform)
])])
pc_cv_python_platform=`$PYTHON conftest.py`
AC_LANG_POP(Python)[]dnl
])
AC_SUBST([PYTHON_PLATFORM], [$pc_cv_python_platform])
])
# PC_PYTHON_CHECK_SITE_DIR
# ---------------------
# The directory to which new libraries are installed (i.e. the
# "site-packages" directory.
AC_DEFUN([PC_PYTHON_CHECK_SITE_DIR],
[AC_REQUIRE([PC_INIT])AC_REQUIRE([PC_PYTHON_CHECK_PREFIX])[]dnl
AC_CACHE_CHECK([for Python site-packages directory],
[pc_cv_python_site_dir],
[AC_LANG_PUSH(Python)[]dnl
if test "x$prefix" = xNONE
then
pc_py_prefix=$ac_default_prefix
else
pc_py_prefix=$prefix
fi
AC_LANG_CONFTEST([
AC_LANG_PROGRAM([dnl
import sys
from platform import python_implementation
# sysconfig in CPython 2.7 doesn't work in virtualenv
# <https://github.com/pypa/virtualenv/issues/118>
try:
import sysconfig
except:
can_use_sysconfig = False
else:
can_use_sysconfig = True
if can_use_sysconfig:
if python_implementation() == "CPython" and sys.version[[:3]] == '2.7':
can_use_sysconfig = False
if not can_use_sysconfig:
from distutils import sysconfig
sitedir = sysconfig.get_python_lib(False, False, prefix='$pc_py_prefix')
else:
sitedir = sysconfig.get_path('purelib', vars={'base':'$pc_py_prefix'})
], [dnl
sys.stdout.write(sitedir)
])])
pc_cv_python_site_dir=`$PYTHON conftest.py`
AC_LANG_POP(Python)[]dnl
case $pc_cv_python_site_dir in
$pc_py_prefix*)
pc__strip_prefix=`echo "$pc_py_prefix" | sed 's|.|.|g'`
pc_cv_python_site_dir=`echo "$pc_cv_python_site_dir" | sed "s,^$pc__strip_prefix/,,"`
;;
*)
case $pc_py_prefix in
/usr|/System*) ;;
*)
pc_cv_python_site_dir=lib/python$PYTHON_VERSION/site-packages
;;
esac
;;
esac
])
AC_SUBST([pythondir], [\${prefix}/$pc_cv_python_site_dir])])# PC_PYTHON_CHECK_SITE_DIR
# PC_PYTHON_SITE_PACKAGE_DIR
# --------------------------
# $PACKAGE directory under PYTHON_SITE_DIR
AC_DEFUN([PC_PYTHON_SITE_PACKAGE_DIR],
[AC_REQUIRE([PC_PYTHON_CHECK_SITE_DIR])[]dnl
AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE])])
# PC_PYTHON_CHECK_EXEC_DIR
# ------------------------
# directory for installing python extension modules (shared libraries)
AC_DEFUN([PC_PYTHON_CHECK_EXEC_DIR],
[AC_REQUIRE([PC_INIT])AC_REQUIRE([PC_PYTHON_CHECK_EXEC_PREFIX])[]dnl
AC_CACHE_CHECK([for Python extension module directory],
[pc_cv_python_exec_dir],
[AC_LANG_PUSH(Python)[]dnl
if test "x$pc_cv_python_exec_prefix" = xNONE
then
pc_py_exec_prefix=$pc_cv_python_prefix
else
pc_py_exec_prefix=$pc_cv_python_exec_prefix
fi
AC_LANG_CONFTEST([
AC_LANG_PROGRAM([dnl
import sys
from platform import python_implementation
# sysconfig in CPython 2.7 doesn't work in virtualenv
# <https://github.com/pypa/virtualenv/issues/118>
try:
import sysconfig
except:
can_use_sysconfig = False
else:
can_use_sysconfig = True
if can_use_sysconfig:
if python_implementation() == "CPython" and sys.version[[:3]] == '2.7':
can_use_sysconfig = False
if not can_use_sysconfig:
from distutils import sysconfig
sitedir = sysconfig.get_python_lib(False, False, prefix='$pc_py__exec_prefix')
else:
sitedir = sysconfig.get_path('purelib', vars={'platbase':'$pc_py_exec_prefix'})
], [dnl
sys.stdout.write(sitedir)
])])
pc_cv_python_exec_dir=`$PYTHON conftest.py`
AC_LANG_POP(Python)[]dnl
case $pc_cv_python_exec_dir in
$pc_py_exec_prefix*)
pc__strip_prefix=`echo "$pc_py_exec_prefix" | sed 's|.|.|g'`
pc_cv_python_exec_dir=`echo "$pc_cv_python_exec_dir" | sed "s,^$pc__strip_prefix/,,"`
;;
*)
case $pc_py_exec_prefix in
/usr|/System*) ;;
*)
pc_cv_python_exec_dir=lib/python$PYTHON_VERSION/site-packages
;;
esac
;;
esac
])
AC_SUBST([pyexecdir], [\${exec_prefix}/$pc_cv_python_pyexecdir])]) #PY_PYTHON_CHECK_EXEC_LIB_DIR
# PC_PYTHON_EXEC_PACKAGE_DIR
# --------------------------
# $PACKAGE directory under PYTHON_SITE_DIR
AC_DEFUN([PC_PYTHON_EXEC_PACKAGE_DIR],
[AC_REQUIRE([PC_PYTHON_CHECK_EXEC_DIR])[]dnl
AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE])])
## -------------------------------------------- ##
## 4. Looking for specific libs & functionality ##
## -------------------------------------------- ##
# PC_PYTHON_CHECK_MODULE(LIBRARY, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
# ----------------------------------------------------------------------
# Macro for checking if a Python library is installed
AC_DEFUN([PC_PYTHON_CHECK_MODULE],
[AC_REQUIRE([PC_INIT])[]dnl
m4_define([pc_python_safe_mod], m4_bpatsubsts($1, [\.], [_]))
AC_CACHE_CHECK([for Python '$1' library],
[[pc_cv_python_module_]pc_python_safe_mod],
[AC_LANG_PUSH(Python)[]dnl
AC_RUN_IFELSE(
[AC_LANG_PROGRAM([dnl
import sys
try:
import $1
except:
sys.exit(1)
else:
sys.exit(0)
], [])],
[[pc_cv_python_module_]pc_python_safe_mod="yes"],
[[pc_cv_python_module_]pc_python_safe_mod="no"])
AC_LANG_POP(Python)[]dnl
])
AS_IF([test "$[pc_cv_python_module_]pc_python_safe_mod" = "no"], [$3], [$2])
])# PC_PYTHON_CHECK_MODULE
# PC_PYTHON_CHECK_FUNC([LIBRARY], FUNCTION, ARGS, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
# ---------------------------------------------------------------------------------------
# Check to see if a given function call, optionally from a module, can
# be successfully called
AC_DEFUN([PC_PYTHON_CHECK_FUNC],
[AC_REQUIRE([PC_INIT])[]dnl
m4_define([pc_python_safe_mod], m4_bpatsubsts($1, [\.], [_]))
AC_CACHE_CHECK([for Python m4_ifnblank($1, '$1.$2()', '$2()') function],
[[pc_cv_python_func_]pc_python_safe_mod[_$2]],
[AC_LANG_PUSH(Python)[]dnl
AC_RUN_IFELSE(
[AC_LANG_PROGRAM([dnl
import sys
m4_ifnblank([$1], [dnl
try:
import $1
except:
sys.exit(1)
], [])],
[
m4_ifnblank([$1], [
try:
$1.$2($3)], [
try:
$2($3)])
except:
sys.exit(1)
else:
sys.exit(0)
])],
[[pc_cv_python_func_]pc_python_safe_mod[_$2]="yes"],
[[pc_cv_python_func_]pc_python_safe_mod[_$2]="no"])
AC_LANG_POP(Python)[]dnl
])
AS_IF([test "$[pc_cv_python_func_]pc_python_safe_mod[_$2]" = "no"], [$5], [$4])
])# PC_PYTHON_CHECK_FUNC

3
mediagoblin/app.py
View File

@ -39,7 +39,6 @@ from mediagoblin.init import (get_jinja_loader, get_staticdirector,
from mediagoblin.tools.pluginapi import PluginManager, hook_transform
from mediagoblin.tools.crypto import setup_crypto
from mediagoblin.auth.tools import check_auth_enabled, no_auth_logout
from mediagoblin import notifications
_log = logging.getLogger(__name__)
@ -199,8 +198,6 @@ class MediaGoblinApp(object):
# Log user out if authentication_disabled
no_auth_logout(request)
request.notifications = notifications
mg_request.setup_user_in_request(request)
request.controller_name = None

14
mediagoblin/auth/views.py
View File

@ -41,8 +41,11 @@ def register(request):
"""
if 'pass_auth' not in request.template_env.globals:
redirect_name = hook_handle('auth_no_pass_redirect')
return redirect(request, 'mediagoblin.plugins.{0}.register'.format(
redirect_name))
if redirect_name:
return redirect(request, 'mediagoblin.plugins.{0}.register'.format(
redirect_name))
else:
return redirect(request, 'index')
register_form = hook_handle("auth_get_registration_form", request)
@ -73,8 +76,11 @@ def login(request):
"""
if 'pass_auth' not in request.template_env.globals:
redirect_name = hook_handle('auth_no_pass_redirect')
return redirect(request, 'mediagoblin.plugins.{0}.login'.format(
redirect_name))
if redirect_name:
return redirect(request, 'mediagoblin.plugins.{0}.login'.format(
redirect_name))
else:
return redirect(request, 'index')
login_form = hook_handle("auth_get_login_form", request)

10
mediagoblin/config_spec.ini
View File

@ -75,6 +75,12 @@ theme = string()
plugin_web_path = string(default="/plugin_static/")
plugin_linked_assets_dir = string(default="%(here)s/user_dev/plugin_static/")
[jinja2]
# Jinja2 supports more directives than the minimum required by mediagoblin.
# This setting allows users creating custom templates to specify a list of
# additional extensions they want to use. example value:
# extensions = jinja2.ext.loopcontrols , jinja2.ext.with_
extensions = string_list(default=list())
[storage:publicstore]
storage_class = string(default="mediagoblin.storage.filestorage:BasicFileStorage")
@ -116,7 +122,7 @@ vp8_quality = integer(default=8)
vorbis_quality = float(default=0.3)
# Autoplay the video when page is loaded?
auto_play = boolean(default=True)
auto_play = boolean(default=False)
[[skip_transcode]]
mime_types = string_list(default=list("video/webm"))
@ -146,7 +152,7 @@ CELERY_RESULT_DBURI = string(default="sqlite:///%(here)s/celery.db")
# default kombu stuff
BROKER_TRANSPORT = string(default="sqlalchemy")
BROKER_HOST = string(default="sqlite:///%(here)s/kombu.db")
BROKER_URL = string(default="sqlite:///%(here)s/kombu.db")
# known booleans
CELERY_RESULT_PERSISTENT = boolean()

81
mediagoblin/db/migrations.py
View File

@ -25,6 +25,8 @@ from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy.sql import and_
from migrate.changeset.constraint import UniqueConstraint
from mediagoblin.db.extratypes import JSONEncoded
from mediagoblin.db.migration_tools import RegisterMigration, inspect_table
from mediagoblin.db.models import (MediaEntry, Collection, User,
MediaComment, Privilege, ReportBase)
@ -452,3 +454,82 @@ def create_moderation_tables(db):
Privilege_v0.__table__.create(db.bind)
PrivilegeUserAssociation_v0.__table__.create(db.bind)
db.commit()
# oauth1 migrations
class Client_v0(declarative_base()):
"""
Model representing a client - Used for API Auth
"""
__tablename__ = "core__clients"
id = Column(Unicode, nullable=True, primary_key=True)
secret = Column(Unicode, nullable=False)
expirey = Column(DateTime, nullable=True)
application_type = Column(Unicode, nullable=False)
created = Column(DateTime, nullable=False, default=datetime.datetime.now)
updated = Column(DateTime, nullable=False, default=datetime.datetime.now)
# optional stuff
redirect_uri = Column(JSONEncoded, nullable=True)
logo_url = Column(Unicode, nullable=True)
application_name = Column(Unicode, nullable=True)
contacts = Column(JSONEncoded, nullable=True)
def __repr__(self):
if self.application_name:
return "<Client {0} - {1}>".format(self.application_name, self.id)
else:
return "<Client {0}>".format(self.id)
class RequestToken_v0(declarative_base()):
"""
Model for representing the request tokens
"""
__tablename__ = "core__request_tokens"
token = Column(Unicode, primary_key=True)
secret = Column(Unicode, nullable=False)
client = Column(Unicode, ForeignKey(Client_v0.id))
user = Column(Integer, ForeignKey(User.id), nullable=True)
used = Column(Boolean, default=False)
authenticated = Column(Boolean, default=False)
verifier = Column(Unicode, nullable=True)
callback = Column(Unicode, nullable=False, default=u"oob")
created = Column(DateTime, nullable=False, default=datetime.datetime.now)
updated = Column(DateTime, nullable=False, default=datetime.datetime.now)
class AccessToken_v0(declarative_base()):
"""
Model for representing the access tokens
"""
__tablename__ = "core__access_tokens"
token = Column(Unicode, nullable=False, primary_key=True)
secret = Column(Unicode, nullable=False)
user = Column(Integer, ForeignKey(User.id))
request_token = Column(Unicode, ForeignKey(RequestToken_v0.token))
created = Column(DateTime, nullable=False, default=datetime.datetime.now)
updated = Column(DateTime, nullable=False, default=datetime.datetime.now)
class NonceTimestamp_v0(declarative_base()):
"""
A place the timestamp and nonce can be stored - this is for OAuth1
"""
__tablename__ = "core__nonce_timestamps"
nonce = Column(Unicode, nullable=False, primary_key=True)
timestamp = Column(DateTime, nullable=False, primary_key=True)
@RegisterMigration(14, MIGRATIONS)
def create_oauth1_tables(db):
""" Creates the OAuth1 tables """
Client_v0.__table__.create(db.bind)
RequestToken_v0.__table__.create(db.bind)
AccessToken_v0.__table__.create(db.bind)
NonceTimestamp_v0.__table__.create(db.bind)
db.commit()

87
mediagoblin/db/models.py
View File

@ -30,6 +30,7 @@ from sqlalchemy.sql.expression import desc
from sqlalchemy.ext.associationproxy import association_proxy
from sqlalchemy.util import memoized_property
from mediagoblin.db.extratypes import PathTupleWithSlashes, JSONEncoded
from mediagoblin.db.base import Base, DictReadAttrProxy
from mediagoblin.db.mixin import UserMixin, MediaEntryMixin, \
@ -61,20 +62,17 @@ class User(Base, UserMixin):
# the RFC) and because it would be a mess to implement at this
# point.
email = Column(Unicode, nullable=False)
created = Column(DateTime, nullable=False, default=datetime.datetime.now)
pw_hash = Column(Unicode, nullable=False)
pw_hash = Column(Unicode)
email_verified = Column(Boolean, default=False)
created = Column(DateTime, nullable=False, default=datetime.datetime.now)
status = Column(Unicode, default=u"needs_email_verification", nullable=False)
# Intented to be nullable=False, but migrations would not work for it
# set to nullable=True implicitly.
wants_comment_notification = Column(Boolean, default=True)
license_preference = Column(Unicode)
verification_key = Column(Unicode)
is_admin = Column(Boolean, default=False, nullable=False)
url = Column(Unicode)
bio = Column(UnicodeText) # ??
fp_verification_key = Column(Unicode)
fp_token_expire = Column(DateTime)
## TODO
# plugin data would be in a separate model
@ -116,6 +114,71 @@ class User(Base, UserMixin):
self.has_privilege(*priv_names[1:])
return False
class Client(Base):
"""
Model representing a client - Used for API Auth
"""
__tablename__ = "core__clients"
id = Column(Unicode, nullable=True, primary_key=True)
secret = Column(Unicode, nullable=False)
expirey = Column(DateTime, nullable=True)
application_type = Column(Unicode, nullable=False)
created = Column(DateTime, nullable=False, default=datetime.datetime.now)
updated = Column(DateTime, nullable=False, default=datetime.datetime.now)
# optional stuff
redirect_uri = Column(JSONEncoded, nullable=True)
logo_url = Column(Unicode, nullable=True)
application_name = Column(Unicode, nullable=True)
contacts = Column(JSONEncoded, nullable=True)
def __repr__(self):
if self.application_name:
return "<Client {0} - {1}>".format(self.application_name, self.id)
else:
return "<Client {0}>".format(self.id)
class RequestToken(Base):
"""
Model for representing the request tokens
"""
__tablename__ = "core__request_tokens"
token = Column(Unicode, primary_key=True)
secret = Column(Unicode, nullable=False)
client = Column(Unicode, ForeignKey(Client.id))
user = Column(Integer, ForeignKey(User.id), nullable=True)
used = Column(Boolean, default=False)
authenticated = Column(Boolean, default=False)
verifier = Column(Unicode, nullable=True)
callback = Column(Unicode, nullable=False, default=u"oob")
created = Column(DateTime, nullable=False, default=datetime.datetime.now)
updated = Column(DateTime, nullable=False, default=datetime.datetime.now)
class AccessToken(Base):
"""
Model for representing the access tokens
"""
__tablename__ = "core__access_tokens"
token = Column(Unicode, nullable=False, primary_key=True)
secret = Column(Unicode, nullable=False)
user = Column(Integer, ForeignKey(User.id))
request_token = Column(Unicode, ForeignKey(RequestToken.token))
created = Column(DateTime, nullable=False, default=datetime.datetime.now)
updated = Column(DateTime, nullable=False, default=datetime.datetime.now)
class NonceTimestamp(Base):
"""
A place the timestamp and nonce can be stored - this is for OAuth1
"""
__tablename__ = "core__nonce_timestamps"
nonce = Column(Unicode, nullable=False, primary_key=True)
timestamp = Column(DateTime, nullable=False, primary_key=True)
class MediaEntry(Base, MediaEntryMixin):
"""
@ -498,6 +561,7 @@ class ProcessingMetaData(Base):
"""A dict like view on this object"""
return DictReadAttrProxy(self)
class CommentSubscription(Base):
__tablename__ = 'core__comment_subscriptions'
id = Column(Integer, primary_key=True)
@ -768,16 +832,15 @@ with_polymorphic(
Notification,
[ProcessingNotification, CommentNotification])
MODELS = [
User, MediaEntry, Tag, MediaTag, MediaComment, Collection, CollectionItem,
MediaFile, FileKeynames, MediaAttachmentFile, ProcessingMetaData, ReportBase,
CommentReport, MediaReport, UserBan, Privilege, PrivilegeUserAssociation,
ArchivedReport, Notification, CommentNotification,
ProcessingNotification, CommentSubscription]
User, MediaEntry, Tag, MediaTag, MediaComment, Collection, CollectionItem,
MediaFile, FileKeynames, MediaAttachmentFile, ProcessingMetaData,
Notification, CommentNotification, ProcessingNotification,
CommentSubscription, ReportBase, CommentReport, MediaReport, UserBan,
Privilege, PrivilegeUserAssociation, ArchivedReport, ArchivedReport]
"""
Foundations are the default rows that are created immediately after the tables
Foundations are the default rows that are created immediately after the tables
are initialized. Each entry to this dictionary should be in the format of:
ModelConstructorObject:List of Dictionaries
(Each Dictionary represents a row on the Table to be created, containing each

58
mediagoblin/decorators.py
View File

@ -18,15 +18,18 @@ from functools import wraps
from urlparse import urljoin
from werkzeug.exceptions import Forbidden, NotFound
from werkzeug.urls import url_quote
from oauthlib.oauth1 import ResourceEndpoint
from mediagoblin import mg_globals as mgg
from mediagoblin import messages
from mediagoblin.db.models import (MediaEntry, User, MediaComment,
UserBan, Privilege)
from mediagoblin.tools.response import redirect, render_404, render_user_banned
from mediagoblin.tools.response import (redirect, render_404,
render_user_banned, json_response)
from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.oauth.tools.request import decode_authorization_header
from mediagoblin.oauth.oauth import GMGRequestValidator
def require_active_login(controller):
"""
@ -245,6 +248,17 @@ def get_media_entry_by_id(controller):
return wrapper
def get_workbench(func):
"""Decorator, passing in a workbench as kwarg which is cleaned up afterwards"""
@wraps(func)
def new_func(*args, **kwargs):
with mgg.workbench_manager.create() as workbench:
return func(*args, workbench=workbench, **kwargs)
return new_func
def allow_registration(controller):
""" Decorator for if registration is enabled"""
@wraps(controller)
@ -287,18 +301,11 @@ def auth_enabled(controller):
messages.WARNING,
_('Sorry, authentication is disabled on this instance.'))
return redirect(request, 'index')
return controller(request, *args, **kwargs)
return wrapper
def get_workbench(func):
"""Decorator, passing in a workbench as kwarg which is cleaned up afterwards"""
@wraps(func)
def new_func(*args, **kwargs):
with mgg.workbench_manager.create() as workbench:
return func(*args, workbench=workbench, **kwargs)
return new_func
def require_admin_or_moderator_login(controller):
"""
Require an login from an administrator or a moderator.
@ -322,6 +329,7 @@ def require_admin_or_moderator_login(controller):
return new_controller_func
def user_not_banned(controller):
"""
Requires that the user has not been banned. Otherwise redirects to the page
@ -337,3 +345,33 @@ def user_not_banned(controller):
return wrapper
def oauth_required(controller):
""" Used to wrap API endpoints where oauth is required """
@wraps(controller)
def wrapper(request, *args, **kwargs):
data = request.headers
authorization = decode_authorization_header(data)
if authorization == dict():
error = "Missing required parameter."
return json_response({"error": error}, status=400)
request_validator = GMGRequestValidator()
resource_endpoint = ResourceEndpoint(request_validator)
valid, request = resource_endpoint.validate_protected_resource_request(
uri=request.url,
http_method=request.method,
body=request.get_data(),
headers=dict(request.headers),
)
if not valid:
error = "Invalid oauth prarameter."
return json_response({"error": error}, status=400)
return controller(request, *args, **kwargs)
return wrapper

4
mediagoblin/gmg_commands/dbupdate.py
View File

@ -96,7 +96,7 @@ forgotten to add it? ({1})'.format(plugin, exc))
plugin,
exc))
foundations = []
foundations = {}
except AttributeError as exc:
_log.debug('Could not find FOUNDATIONS in {0}.models, have you \
forgotten to add it? ({1})'.format(plugin, exc))
@ -126,7 +126,7 @@ def run_dbupdate(app_config, global_config):
def run_all_migrations(db, app_config, global_config):
"""
Initializes or migrates a database that already has a
Initializes or migrates a database that already has a
connection setup and also initializes or migrates all
extensions based on the config files.

3
mediagoblin/media_types/audio/__init__.py
View File

@ -19,6 +19,9 @@ from mediagoblin.media_types.audio.processing import process_audio, \
sniff_handler
from mediagoblin.tools import pluginapi
# Why isn't .ogg in this list? It's still detected, but via sniffing,
# .ogg files could be either video or audio... sniffing determines which.
ACCEPTED_EXTENSIONS = ["mp3", "flac", "wav", "m4a"]
MEDIA_TYPE = 'mediagoblin.media_types.audio'

106
mediagoblin/media_types/video/processing.py
View File

@ -14,7 +14,7 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from tempfile import NamedTemporaryFile
import os.path
import logging
import datetime
@ -73,79 +73,77 @@ def process_video(proc_state):
queued_filename = proc_state.get_queued_filename()
name_builder = FilenameBuilder(queued_filename)
medium_filepath = create_pub_filepath(
entry, name_builder.fill('{basename}-640p.webm'))
medium_basename = name_builder.fill('{basename}-640p.webm')
medium_filepath = create_pub_filepath(entry, medium_basename)
thumbnail_filepath = create_pub_filepath(
entry, name_builder.fill('{basename}.thumbnail.jpg'))
thumbnail_basename = name_builder.fill('{basename}.thumbnail.jpg')
thumbnail_filepath = create_pub_filepath(entry, thumbnail_basename)
# Create a temporary file for the video destination (cleaned up with workbench)
tmp_dst = NamedTemporaryFile(dir=workbench.dir, delete=False)
with tmp_dst:
# Transcode queued file to a VP8/vorbis file that fits in a 640x640 square
progress_callback = ProgressCallback(entry)
tmp_dst = os.path.join(workbench.dir, medium_basename)
# Transcode queued file to a VP8/vorbis file that fits in a 640x640 square
progress_callback = ProgressCallback(entry)
dimensions = (
mgg.global_config['media:medium']['max_width'],
mgg.global_config['media:medium']['max_height'])
dimensions = (
mgg.global_config['media:medium']['max_width'],
mgg.global_config['media:medium']['max_height'])
# Extract metadata and keep a record of it
metadata = transcoders.VideoTranscoder().discover(queued_filename)
store_metadata(entry, metadata)
# Extract metadata and keep a record of it
metadata = transcoders.VideoTranscoder().discover(queued_filename)
store_metadata(entry, metadata)
# Figure out whether or not we need to transcode this video or
# if we can skip it
if skip_transcode(metadata):
_log.debug('Skipping transcoding')
# Figure out whether or not we need to transcode this video or
# if we can skip it
if skip_transcode(metadata):
_log.debug('Skipping transcoding')
dst_dimensions = metadata['videowidth'], metadata['videoheight']
dst_dimensions = metadata['videowidth'], metadata['videoheight']
# Push original file to public storage
_log.debug('Saving original...')
proc_state.copy_original(queued_filepath[-1])
_log.debug('Saving original...')
proc_state.copy_original(queued_filepath[-1])
did_transcode = False
else:
transcoder = transcoders.VideoTranscoder()
did_transcode = False
else:
transcoder = transcoders.VideoTranscoder()
transcoder.transcode(queued_filename, tmp_dst.name,
vp8_quality=video_config['vp8_quality'],
vp8_threads=video_config['vp8_threads'],
vorbis_quality=video_config['vorbis_quality'],
progress_callback=progress_callback,
dimensions=dimensions)
transcoder.transcode(queued_filename, tmp_dst,
vp8_quality=video_config['vp8_quality'],
vp8_threads=video_config['vp8_threads'],
vorbis_quality=video_config['vorbis_quality'],
progress_callback=progress_callback,
dimensions=dimensions)
dst_dimensions = transcoder.dst_data.videowidth,\
transcoder.dst_data.videoheight
dst_dimensions = transcoder.dst_data.videowidth,\
transcoder.dst_data.videoheight
# Push transcoded video to public storage
_log.debug('Saving medium...')
mgg.public_store.copy_local_to_storage(tmp_dst.name, medium_filepath)
_log.debug('Saved medium')
# Push transcoded video to public storage
_log.debug('Saving medium...')
mgg.public_store.copy_local_to_storage(tmp_dst, medium_filepath)
_log.debug('Saved medium')
entry.media_files['webm_640'] = medium_filepath
entry.media_files['webm_640'] = medium_filepath
did_transcode = True
did_transcode = True
# Save the width and height of the transcoded video
entry.media_data_init(
width=dst_dimensions[0],
height=dst_dimensions[1])
# Save the width and height of the transcoded video
entry.media_data_init(
width=dst_dimensions[0],
height=dst_dimensions[1])
# Temporary file for the video thumbnail (cleaned up with workbench)
tmp_thumb = NamedTemporaryFile(dir=workbench.dir, suffix='.jpg', delete=False)
tmp_thumb = os.path.join(workbench.dir, thumbnail_basename)
with tmp_thumb:
# Create a thumbnail.jpg that fits in a 180x180 square
transcoders.VideoThumbnailerMarkII(
queued_filename,
tmp_thumb.name,
180)
# Create a thumbnail.jpg that fits in a 180x180 square
transcoders.VideoThumbnailerMarkII(
queued_filename,
tmp_thumb,
180)
# Push the thumbnail to public storage
_log.debug('Saving thumbnail...')
mgg.public_store.copy_local_to_storage(tmp_thumb.name, thumbnail_filepath)
entry.media_files['thumb'] = thumbnail_filepath
# Push the thumbnail to public storage
_log.debug('Saving thumbnail...')
mgg.public_store.copy_local_to_storage(tmp_thumb, thumbnail_filepath)
entry.media_files['thumb'] = thumbnail_filepath
# save the original... but only if we did a transcoding
# (if we skipped transcoding and just kept the original anyway as the main

2
mediagoblin/notifications/__init__.py
View File

@ -18,7 +18,6 @@ import logging
from mediagoblin.db.models import Notification, \
CommentNotification, CommentSubscription
from mediagoblin.notifications.task import email_notification_task
from mediagoblin.notifications.tools import generate_comment_message
_log = logging.getLogger(__name__)
@ -50,6 +49,7 @@ def trigger_notification(comment, media_entry, request):
media_entry,
request)
from mediagoblin.notifications.task import email_notification_task
email_notification_task.apply_async([cn.id, message])

16
mediagoblin/oauth/__init__.py Normal file
View File

@ -0,0 +1,16 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.

18
mediagoblin/oauth/exceptions.py Normal file
View File

@ -0,0 +1,18 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
class ValidationException(Exception):
pass

7
mediagoblin/oauth/forms.py Normal file
View File

@ -0,0 +1,7 @@
import wtforms
class AuthorizeForm(wtforms.Form):
""" Form used to authorize the request token """
oauth_token = wtforms.HiddenField("oauth_token")
oauth_verifier = wtforms.HiddenField("oauth_verifier")

132
mediagoblin/oauth/oauth.py Normal file
View File

@ -0,0 +1,132 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from oauthlib.common import Request
from oauthlib.oauth1 import RequestValidator
from mediagoblin.db.models import NonceTimestamp, Client, RequestToken, AccessToken
class GMGRequestValidator(RequestValidator):
enforce_ssl = False
def __init__(self, data=None, *args, **kwargs):
self.POST = data
super(GMGRequestValidator, self).__init__(*args, **kwargs)
def save_request_token(self, token, request):
""" Saves request token in db """
client_id = self.POST[u"oauth_consumer_key"]
request_token = RequestToken(
token=token["oauth_token"],
secret=token["oauth_token_secret"],
)
request_token.client = client_id
if u"oauth_callback" in self.POST:
request_token.callback = self.POST[u"oauth_callback"]
request_token.save()
def save_verifier(self, token, verifier, request):
""" Saves the oauth request verifier """
request_token = RequestToken.query.filter_by(token=token).first()
request_token.verifier = verifier["oauth_verifier"]
request_token.save()
def save_access_token(self, token, request):
""" Saves access token in db """
access_token = AccessToken(
token=token["oauth_token"],
secret=token["oauth_token_secret"],
)
access_token.request_token = request.oauth_token
request_token = RequestToken.query.filter_by(token=request.oauth_token).first()
access_token.user = request_token.user
access_token.save()
def get_realms(*args, **kwargs):
""" Currently a stub - called when making AccessTokens """
return list()
def validate_timestamp_and_nonce(self, client_key, timestamp,
nonce, request, request_token=None,
access_token=None):
nc = NonceTimestamp.query.filter_by(timestamp=timestamp, nonce=nonce)
nc = nc.first()
if nc is None:
return True
return False
def validate_client_key(self, client_key, request):
""" Verifies client exists with id of client_key """
client = Client.query.filter_by(id=client_key).first()
if client is None:
return False
return True
def validate_access_token(self, client_key, token, request):
""" Verifies token exists for client with id of client_key """
client = Client.query.filter_by(id=client_key).first()
token = AccessToken.query.filter_by(token=token)
token = token.first()
if token is None:
return False
request_token = RequestToken.query.filter_by(token=token.request_token)
request_token = request_token.first()
if client.id != request_token.client:
return False
return True
def validate_realms(self, *args, **kwargs):
""" Would validate reals however not using these yet. """
return True # implement when realms are implemented
def get_client_secret(self, client_key, request):
""" Retrives a client secret with from a client with an id of client_key """
client = Client.query.filter_by(id=client_key).first()
return client.secret
def get_access_token_secret(self, client_key, token, request):
access_token = AccessToken.query.filter_by(token=token).first()
return access_token.secret
class GMGRequest(Request):
"""
Fills in data to produce a oauth.common.Request object from a
werkzeug Request object
"""
def __init__(self, request, *args, **kwargs):
"""
:param request: werkzeug request object
any extra params are passed to oauthlib.common.Request object
"""
kwargs["uri"] = kwargs.get("uri", request.url)
kwargs["http_method"] = kwargs.get("http_method", request.method)
kwargs["body"] = kwargs.get("body", request.get_data())
kwargs["headers"] = kwargs.get("headers", dict(request.headers))
super(GMGRequest, self).__init__(*args, **kwargs)

43
mediagoblin/oauth/routing.py Normal file
View File

@ -0,0 +1,43 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from mediagoblin.tools.routing import add_route
# client registration & oauth
add_route(
"mediagoblin.oauth",
"/api/client/register",
"mediagoblin.oauth.views:client_register"
)
add_route(
"mediagoblin.oauth",
"/oauth/request_token",
"mediagoblin.oauth.views:request_token"
)
add_route(
"mediagoblin.oauth",
"/oauth/authorize",
"mediagoblin.oauth.views:authorize",
)
add_route(
"mediagoblin.oauth",
"/oauth/access_token",
"mediagoblin.oauth.views:access_token"
)

0
mediagoblin/oauth/tools/__init__.py Normal file
View File

25
mediagoblin/oauth/tools/forms.py Normal file
View File

@ -0,0 +1,25 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
class WTFormData(dict):
"""
Provides a WTForm usable dictionary
"""
def getlist(self, key):
v = self[key]
if not isinstance(v, (list, tuple)):
v = [v]
return v

35
mediagoblin/oauth/tools/request.py Normal file
View File

@ -0,0 +1,35 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
def decode_authorization_header(header):
""" Decodes a HTTP Authorization Header to python dictionary """
authorization = header.get("Authorization", "").lstrip(" ").lstrip("OAuth")
tokens = {}
for param in authorization.split(","):
try:
key, value = param.split("=")
except ValueError:
continue
key = key.lstrip(" ")
value = value.lstrip(" ").lstrip('"')
value = value.rstrip(" ").rstrip('"')
tokens[key] = value
return tokens

339
mediagoblin/oauth/views.py Normal file
View File

@ -0,0 +1,339 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import datetime
from oauthlib.oauth1 import (RequestTokenEndpoint, AuthorizationEndpoint,
AccessTokenEndpoint)
from mediagoblin.decorators import require_active_login
from mediagoblin.tools.translate import pass_to_ugettext
from mediagoblin.meddleware.csrf import csrf_exempt
from mediagoblin.tools.request import decode_request
from mediagoblin.tools.response import (render_to_response, redirect,
json_response, render_400,
form_response)
from mediagoblin.tools.crypto import random_string
from mediagoblin.tools.validator import validate_email, validate_url
from mediagoblin.oauth.forms import AuthorizeForm
from mediagoblin.oauth.oauth import GMGRequestValidator, GMGRequest
from mediagoblin.oauth.tools.request import decode_authorization_header
from mediagoblin.oauth.tools.forms import WTFormData
from mediagoblin.db.models import NonceTimestamp, Client, RequestToken
# possible client types
client_types = ["web", "native"] # currently what pump supports
@csrf_exempt
def client_register(request):
""" Endpoint for client registration """
try:
data = decode_request(request)
except ValueError:
error = "Could not decode data."
return json_response({"error": error}, status=400)
if data is "":
error = "Unknown Content-Type"
return json_response({"error": error}, status=400)
if "type" not in data:
error = "No registration type provided."
return json_response({"error": error}, status=400)
if data.get("application_type", None) not in client_types:
error = "Unknown application_type."
return json_response({"error": error}, status=400)
client_type = data["type"]
if client_type == "client_update":
# updating a client
if "client_id" not in data:
error = "client_id is requried to update."
return json_response({"error": error}, status=400)
elif "client_secret" not in data:
error = "client_secret is required to update."
return json_response({"error": error}, status=400)
client = Client.query.filter_by(
id=data["client_id"],
secret=data["client_secret"]
).first()
if client is None:
error = "Unauthorized."
return json_response({"error": error}, status=403)
client.application_name = data.get(
"application_name",
client.application_name
)
client.application_type = data.get(
"application_type",
client.application_type
)
app_name = ("application_type", client.application_name)
if app_name in client_types:
client.application_name = app_name
elif client_type == "client_associate":
# registering
if "client_id" in data:
error = "Only set client_id for update."
return json_response({"error": error}, status=400)
elif "access_token" in data:
error = "access_token not needed for registration."
return json_response({"error": error}, status=400)
elif "client_secret" in data:
error = "Only set client_secret for update."
return json_response({"error": error}, status=400)
# generate the client_id and client_secret
client_id = random_string(22) # seems to be what pump uses
client_secret = random_string(43) # again, seems to be what pump uses
expirey = 0 # for now, lets not have it expire
expirey_db = None if expirey == 0 else expirey
application_type = data["application_type"]
# save it
client = Client(
id=client_id,
secret=client_secret,
expirey=expirey_db,
application_type=application_type,
)
else:
error = "Invalid registration type"
return json_response({"error": error}, status=400)
logo_url = data.get("logo_url", client.logo_url)
if logo_url is not None and not validate_url(logo_url):
error = "Logo URL {0} is not a valid URL.".format(logo_url)
return json_response(
{"error": error},
status=400
)
else:
client.logo_url = logo_url
client.application_name = data.get("application_name", None)
contacts = data.get("contacts", None)
if contacts is not None:
if type(contacts) is not unicode:
error = "Contacts must be a string of space-seporated email addresses."
return json_response({"error": error}, status=400)
contacts = contacts.split()
for contact in contacts:
if not validate_email(contact):
# not a valid email
error = "Email {0} is not a valid email.".format(contact)
return json_response({"error": error}, status=400)
client.contacts = contacts
redirect_uris = data.get("redirect_uris", None)
if redirect_uris is not None:
if type(redirect_uris) is not unicode:
error = "redirect_uris must be space-seporated URLs."
return json_response({"error": error}, status=400)
redirect_uris = redirect_uris.split()
for uri in redirect_uris:
if not validate_url(uri):
# not a valid uri
error = "URI {0} is not a valid URI".format(uri)
return json_response({"error": error}, status=400)
client.redirect_uri = redirect_uris
client.save()
expirey = 0 if client.expirey is None else client.expirey
return json_response(
{
"client_id": client.id,
"client_secret": client.secret,
"expires_at": expirey,
})
@csrf_exempt
def request_token(request):
""" Returns request token """
try:
data = decode_request(request)
except ValueError:
error = "Could not decode data."
return json_response({"error": error}, status=400)
if data == "":
error = "Unknown Content-Type"
return json_response({"error": error}, status=400)
if not data and request.headers:
data = request.headers
data = dict(data) # mutableifying
authorization = decode_authorization_header(data)
if authorization == dict() or u"oauth_consumer_key" not in authorization:
error = "Missing required parameter."
return json_response({"error": error}, status=400)
# check the client_id
client_id = authorization[u"oauth_consumer_key"]
client = Client.query.filter_by(id=client_id).first()
if client == None:
# client_id is invalid
error = "Invalid client_id"
return json_response({"error": error}, status=400)
# make request token and return to client
request_validator = GMGRequestValidator(authorization)
rv = RequestTokenEndpoint(request_validator)
tokens = rv.create_request_token(request, authorization)
# store the nonce & timestamp before we return back
nonce = authorization[u"oauth_nonce"]
timestamp = authorization[u"oauth_timestamp"]
timestamp = datetime.datetime.fromtimestamp(float(timestamp))
nc = NonceTimestamp(nonce=nonce, timestamp=timestamp)
nc.save()
return form_response(tokens)
@require_active_login
def authorize(request):
""" Displays a page for user to authorize """
if request.method == "POST":
return authorize_finish(request)
_ = pass_to_ugettext
token = request.args.get("oauth_token", None)
if token is None:
# no token supplied, display a html 400 this time
err_msg = _("Must provide an oauth_token.")
return render_400(request, err_msg=err_msg)
oauth_request = RequestToken.query.filter_by(token=token).first()
if oauth_request is None:
err_msg = _("No request token found.")
return render_400(request, err_msg)
if oauth_request.used:
return authorize_finish(request)
if oauth_request.verifier is None:
orequest = GMGRequest(request)
request_validator = GMGRequestValidator()
auth_endpoint = AuthorizationEndpoint(request_validator)
verifier = auth_endpoint.create_verifier(orequest, {})
oauth_request.verifier = verifier["oauth_verifier"]
oauth_request.user = request.user.id
oauth_request.save()
# find client & build context
client = Client.query.filter_by(id=oauth_request.client).first()
authorize_form = AuthorizeForm(WTFormData({
"oauth_token": oauth_request.token,
"oauth_verifier": oauth_request.verifier
}))
context = {
"user": request.user,
"oauth_request": oauth_request,
"client": client,
"authorize_form": authorize_form,
}
# AuthorizationEndpoint
return render_to_response(
request,
"mediagoblin/api/authorize.html",
context
)
def authorize_finish(request):
""" Finishes the authorize """
_ = pass_to_ugettext
token = request.form["oauth_token"]
verifier = request.form["oauth_verifier"]
oauth_request = RequestToken.query.filter_by(token=token, verifier=verifier)
oauth_request = oauth_request.first()
if oauth_request is None:
# invalid token or verifier
err_msg = _("No request token found.")
return render_400(request, err_msg)
oauth_request.used = True
oauth_request.updated = datetime.datetime.now()
oauth_request.save()
if oauth_request.callback == "oob":
# out of bounds
context = {"oauth_request": oauth_request}
return render_to_response(
request,
"mediagoblin/api/oob.html",
context
)
# okay we need to redirect them then!
querystring = "?oauth_token={0}&oauth_verifier={1}".format(
oauth_request.token,
oauth_request.verifier
)
return redirect(
request,
querystring=querystring,
location=oauth_request.callback
)
@csrf_exempt
def access_token(request):
""" Provides an access token based on a valid verifier and request token """
data = request.headers
parsed_tokens = decode_authorization_header(data)
if parsed_tokens == dict() or "oauth_token" not in parsed_tokens:
error = "Missing required parameter."
return json_response({"error": error}, status=400)
request.oauth_token = parsed_tokens["oauth_token"]
request_validator = GMGRequestValidator(data)
av = AccessTokenEndpoint(request_validator)
tokens = av.create_access_token(request, {})
return form_response(tokens)

24
mediagoblin/plugins/api/tools.py
View File

@ -51,30 +51,6 @@ class Auth(object):
def __call__(self, request, *args, **kw):
raise NotImplemented()
def json_response(serializable, _disable_cors=False, *args, **kw):
'''
Serializes a json objects and returns a werkzeug Response object with the
serialized value as the response body and Content-Type: application/json.
:param serializable: A json-serializable object
Any extra arguments and keyword arguments are passed to the
Response.__init__ method.
'''
response = Response(json.dumps(serializable), *args, content_type='application/json', **kw)
if not _disable_cors:
cors_headers = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'POST, GET, OPTIONS',
'Access-Control-Allow-Headers': 'Content-Type, X-Requested-With'}
for key, value in cors_headers.iteritems():
response.headers.set(key, value)
return response
def get_entry_serializable(entry, urlgen):
'''
Returns a serializable dict() of a MediaEntry instance.

4
mediagoblin/plugins/api/views.py
View File

@ -21,11 +21,11 @@ from os.path import splitext
from werkzeug.exceptions import BadRequest, Forbidden
from werkzeug.wrappers import Response
from mediagoblin.tools.response import json_response
from mediagoblin.decorators import require_active_login
from mediagoblin.meddleware.csrf import csrf_exempt
from mediagoblin.media_types import sniff_media
from mediagoblin.plugins.api.tools import api_auth, get_entry_serializable, \
json_response
from mediagoblin.plugins.api.tools import api_auth, get_entry_serializable
from mediagoblin.submit.lib import check_file_field, prepare_queue_task, \
run_process_media, new_upload_entry

24
mediagoblin/plugins/basic_auth/README.rst Normal file
View File

@ -0,0 +1,24 @@
.. _basic_auth-chapter:
===================
basic_auth plugin
===================
The basic_auth plugin is enabled by default in mediagoblin.ini. This plugin
provides basic username and password authentication for GNU Mediagoblin.
This plugin can be enabled alongside :ref:`openid-chapter` and
:ref:`persona-chapter`.
Set up the basic_auth plugin
============================
1. Add the following to your MediaGoblin .ini file in the ``[plugins]`` section::
[[mediagoblin.plugins.basic_auth]]
2. Run::
gmg assetlink
in order to link basic_auth's static assets

12
mediagoblin/plugins/oauth/__init__.py
View File

@ -35,22 +35,22 @@ def setup_plugin():
routes = [
('mediagoblin.plugins.oauth.authorize',
'/oauth/authorize',
'/oauth-2/authorize',
'mediagoblin.plugins.oauth.views:authorize'),
('mediagoblin.plugins.oauth.authorize_client',
'/oauth/client/authorize',
'/oauth-2/client/authorize',
'mediagoblin.plugins.oauth.views:authorize_client'),
('mediagoblin.plugins.oauth.access_token',
'/oauth/access_token',
'/oauth-2/access_token',
'mediagoblin.plugins.oauth.views:access_token'),
('mediagoblin.plugins.oauth.list_connections',
'/oauth/client/connections',
'/oauth-2/client/connections',
'mediagoblin.plugins.oauth.views:list_connections'),
('mediagoblin.plugins.oauth.register_client',
'/oauth/client/register',
'/oauth-2/client/register',
'mediagoblin.plugins.oauth.views:register_client'),
('mediagoblin.plugins.oauth.list_clients',
'/oauth/client/list',
'/oauth-2/client/list',
'mediagoblin.plugins.oauth.views:list_clients')]
pluginapi.register_routes(routes)

2
mediagoblin/plugins/oauth/tools.py
View File

@ -23,7 +23,7 @@ from datetime import datetime
from functools import wraps
from mediagoblin.plugins.api.tools import json_response
from mediagoblin.tools.response import json_response
def require_client_auth(controller):

3
mediagoblin/plugins/oauth/views.py
View File

@ -21,7 +21,7 @@ from urllib import urlencode
from werkzeug.exceptions import BadRequest
from mediagoblin.tools.response import render_to_response, redirect
from mediagoblin.tools.response import render_to_response, redirect, json_response
from mediagoblin.decorators import require_active_login
from mediagoblin.messages import add_message, SUCCESS
from mediagoblin.tools.translate import pass_to_ugettext as _
@ -31,7 +31,6 @@ from mediagoblin.plugins.oauth.forms import ClientRegistrationForm, \
AuthorizationForm
from mediagoblin.plugins.oauth.tools import require_client_auth, \
create_token
from mediagoblin.plugins.api.tools import json_response
_log = logging.getLogger(__name__)

34
mediagoblin/plugins/openid/README.rst Normal file
View File

@ -0,0 +1,34 @@
.. _openid-chapter:
===================
openid plugin
===================
The openid plugin allows user to login to your GNU Mediagoblin instance using
their openid url.
This plugin can be enabled alongside :ref:`basic_auth-chapter` and
:ref:`persona-chapter`.
.. note::
When :ref:`basic_auth-chapter` is enabled alongside this openid plugin, and
a user creates an account using their openid. If they would like to add a
password to their account, they can use the forgot password feature to do
so.
Set up the openid plugin
============================
1. Install the ``python-openid`` package.
2. Add the following to your MediaGoblin .ini file in the ``[plugins]`` section::
[[mediagoblin.plugins.openid]]
3. Run::
gmg dbupdate
in order to create and apply migrations to any database tables that the
plugin requires.

2
mediagoblin/plugins/openid/__init__.py
View File

@ -120,4 +120,6 @@ hooks = {
'auth_no_pass_redirect': no_pass_redirect,
('mediagoblin.auth.register',
'mediagoblin/auth/register.html'): add_to_form_context,
('mediagoblin.auth.login',
'mediagoblin/auth/login.html'): add_to_form_context
}

1
mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/login.html
View File

@ -44,6 +44,7 @@
{% trans %}Log in to create an account!{% endtrans %}
</p>
{% endif %}
{% template_hook('login_link') %}
{% if pass_auth is defined %}
<p>
<a href="{{ request.urlgen('mediagoblin.auth.login') }}?{{ request.query_string }}">

2
mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/login_link.html
View File

@ -17,9 +17,11 @@
#}
{% block openid_login_link %}
{% if openid_link is defined %}
<p>
<a href="{{ request.urlgen('mediagoblin.plugins.openid.login') }}?{{ request.query_string }}">
{%- trans %}Or login with OpenID!{% endtrans %}
</a>
</p>
{% endif %}
{% endblock %}

41
mediagoblin/plugins/persona/README.rst Normal file
View File

@ -0,0 +1,41 @@
.. _persona-chapter:
================
persona plugin
================
The persona plugin allows users to login to you GNU MediaGoblin instance using
`Mozilla Persona`_.
This plugin can be enabled alongside :ref:`openid-chapter` and
:ref:`basic_auth-chapter`.
.. note::
When :ref:`basic_auth-chapter` is enabled alongside this persona plugin, and
a user creates an account using their persona. If they would like to add a
password to their account, they can use the forgot password feature to do
so.
.. _Mozilla Persona: https://www.mozilla.org/en-US/persona/
Set up the persona plugin
=========================
1. Install the ``requests`` package.
2. Add the following to your MediaGoblin .ini file in the ``[plugins]`` section::
[[mediagoblin.plugins.persona]]
3. Run::
gmg dbupdate
in order to create and apply migrations to any database tables that the
plugin requires.
4. Run::
gmg assetlink
in order to persona's static assets.

116
mediagoblin/plugins/persona/__init__.py Normal file
View File

@ -0,0 +1,116 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from pkg_resources import resource_filename
import os
from sqlalchemy import or_
from mediagoblin.auth.tools import create_basic_user
from mediagoblin.db.models import User
from mediagoblin.plugins.persona.models import PersonaUserEmails
from mediagoblin.tools import pluginapi
from mediagoblin.tools.staticdirect import PluginStatic
from mediagoblin.tools.translate import pass_to_ugettext as _
PLUGIN_DIR = os.path.dirname(__file__)
def setup_plugin():
config = pluginapi.get_config('mediagoblin.plugins.persona')
routes = [
('mediagoblin.plugins.persona.login',
'/auth/persona/login/',
'mediagoblin.plugins.persona.views:login'),
('mediagoblin.plugins.persona.register',
'/auth/persona/register/',
'mediagoblin.plugins.persona.views:register'),
('mediagoblin.plugins.persona.edit',
'/edit/persona/',
'mediagoblin.plugins.persona.views:edit'),
('mediagoblin.plugins.persona.add',
'/edit/persona/add/',
'mediagoblin.plugins.persona.views:add')]
pluginapi.register_routes(routes)
pluginapi.register_template_path(os.path.join(PLUGIN_DIR, 'templates'))
pluginapi.register_template_hooks(
{'persona_end': 'mediagoblin/plugins/persona/persona_js_end.html',
'persona_form': 'mediagoblin/plugins/persona/persona.html',
'edit_link': 'mediagoblin/plugins/persona/edit_link.html',
'login_link': 'mediagoblin/plugins/persona/login_link.html',
'register_link': 'mediagoblin/plugins/persona/register_link.html'})
def create_user(register_form):
if 'persona_email' in register_form:
username = register_form.username.data
user = User.query.filter(
or_(
User.username == username,
User.email == username,
)).first()
if not user:
user = create_basic_user(register_form)
new_entry = PersonaUserEmails()
new_entry.persona_email = register_form.persona_email.data
new_entry.user_id = user.id
new_entry.save()
return user
def extra_validation(register_form):
persona_email = register_form.persona_email.data if 'persona_email' in \
register_form else None
if persona_email:
persona_email_exists = PersonaUserEmails.query.filter_by(
persona_email=persona_email
).count()
extra_validation_passes = True
if persona_email_exists:
register_form.persona_email.errors.append(
_('Sorry, an account is already registered to that Persona'
' email.'))
extra_validation_passes = False
return extra_validation_passes
def Auth():
return True
def add_to_global_context(context):
if len(pluginapi.hook_runall('authentication')) == 1:
context['persona_auth'] = True
context['persona'] = True
return context
hooks = {
'setup': setup_plugin,
'authentication': Auth,
'auth_extra_validation': extra_validation,
'auth_create_user': create_user,
'template_global_context': add_to_global_context,
'static_setup': lambda: PluginStatic(
'coreplugin_persona',
resource_filename('mediagoblin.plugins.persona', 'static'))
}

41
mediagoblin/plugins/persona/forms.py Normal file
View File

@ -0,0 +1,41 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import wtforms
from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
from mediagoblin.auth.tools import normalize_user_or_email_field
class RegistrationForm(wtforms.Form):
username = wtforms.TextField(
_('Username'),
[wtforms.validators.Required(),
normalize_user_or_email_field(allow_email=False)])
email = wtforms.TextField(
_('Email address'),
[wtforms.validators.Required(),
normalize_user_or_email_field(allow_user=False)])
persona_email = wtforms.HiddenField(
'',
[wtforms.validators.Required(),
normalize_user_or_email_field(allow_user=False)])
class EditForm(wtforms.Form):
email = wtforms.TextField(
_('Email address'),
[wtforms.validators.Required(),
normalize_user_or_email_field(allow_user=False)])

36
mediagoblin/plugins/persona/models.py Normal file
View File

@ -0,0 +1,36 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from sqlalchemy import Column, Integer, Unicode, ForeignKey
from sqlalchemy.orm import relationship, backref
from mediagoblin.db.models import User
from mediagoblin.db.base import Base
class PersonaUserEmails(Base):
__tablename__ = "persona__user_emails"
id = Column(Integer, primary_key=True)
persona_email = Column(Unicode, nullable=False)
user_id = Column(Integer, ForeignKey(User.id), nullable=False)
# Persona's are owned by their user, so do the full thing.
user = relationship(User, backref=backref('persona_emails',
cascade='all, delete-orphan'))
MODELS = [
PersonaUserEmails
]

51
mediagoblin/plugins/persona/static/js/persona.js Normal file
View File

@ -0,0 +1,51 @@
/**
* GNU MediaGoblin -- federated, autonomous media hosting
* Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
$(document).ready(function () {
var signinLink = document.getElementById('persona_login');
if (signinLink) {
signinLink.onclick = function() { navigator.id.request(); };
}
var signinLink1 = document.getElementById('persona_login1');
if (signinLink1) {
signinLink1.onclick = function() { navigator.id.request(); };
}
var signoutLink = document.getElementById('logout');
if (signoutLink) {
signoutLink.onclick = function() { navigator.id.logout(); };
}
var logout_url = document.getElementById('_logout_url').value;
navigator.id.watch({
onlogin: function(assertion) {
document.getElementById('_assertion').value = assertion;
document.getElementById('_persona_login').submit()
},
onlogout: function() {
$.ajax({
type: 'GET',
url: logout_url,
success: function(res, status, xhr) { window.location.reload(); },
error: function(xhr, status, err) { alert("Logout failure: " + err); }
});
}
});
});

43
mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/edit.html Normal file
View File

@ -0,0 +1,43 @@
{#
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#}
{% extends "mediagoblin/base.html" %}
{% import "/mediagoblin/utils/wtforms.html" as wtforms_util %}
{% block title -%}
{% trans %}Add an OpenID{% endtrans %} &mdash; {{ super() }}
{%- endblock %}
{% block mediagoblin_content %}
<form action="{{ request.urlgen('mediagoblin.plugins.persona.edit') }}"
method="POST" enctype="multipart/form-data">
{{ csrf_token }}
<div class="form_box">
<h1>{% trans %}Delete a Persona email address{% endtrans %}</h1>
<p>
<a href="javascript:;" id="persona_login">
{% trans %}Add a Persona email address{% endtrans %}
</a>
</p>
{{ wtforms_util.render_divs(form, True) }}
<div class="form_submit_buttons">
<input type="submit" value="{% trans %}Delete{% endtrans %}" class="button_form"/>
</div>
</div>
</form>
{% endblock %}

25
mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/edit_link.html Normal file
View File

@ -0,0 +1,25 @@
{#
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#}
{% block persona_edit_link %}
<p>
<a href="{{ request.urlgen('mediagoblin.plugins.persona.edit') }}">
{% trans %}Edit your Persona email addresses{% endtrans %}
</a>
</p>
{% endblock %}

25
mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/login_link.html Normal file
View File

@ -0,0 +1,25 @@
{#
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#}
{% block person_login_link %}
<p>
<a href="javascript:;" id="persona_login">
{% trans %}Or login with Persona!{% endtrans %}
</a>
</p>
{% endblock %}

32
mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/persona.html Normal file
View File

@ -0,0 +1,32 @@
{#
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#}
{% block persona %}
<form id="_persona_login"
action=
{%- if edit_persona is defined -%}
"{{ request.urlgen('mediagoblin.plugins.persona.add') }}"
{%- else -%}
"{{ request.urlgen('mediagoblin.plugins.persona.login') }}"
{%- endif %}
method="POST">
{{ csrf_token }}
<input type="hidden" name="assertion" type="text" id="_assertion"/>
<input type="hidden" name="_logout_url" type="text" id="_logout_url"
value="{{ request.urlgen('mediagoblin.auth.logout') }}"/>
</form>
{% endblock %}

21
mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/persona_js_end.html Normal file
View File

@ -0,0 +1,21 @@
{#
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#}
<script src="https://login.persona.org/include.js"></script>
<script type="text/javascript"
src="{{ request.staticdirect('/js/persona.js', 'coreplugin_persona') }}"></script>

25
mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/register_link.html Normal file
View File

@ -0,0 +1,25 @@
{#
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#}
{% block persona_register_link %}
<p>
<a href="javascript:;" id="persona_login">
{% trans %}Or register with Persona!{% endtrans %}
</a>
</p>
{% endblock %}

191
mediagoblin/plugins/persona/views.py Normal file
View File

@ -0,0 +1,191 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import json
import logging
import requests
from werkzeug.exceptions import BadRequest
from mediagoblin import messages, mg_globals
from mediagoblin.auth.tools import register_user
from mediagoblin.decorators import (auth_enabled, allow_registration,
require_active_login)
from mediagoblin.tools.response import render_to_response, redirect
from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.plugins.persona import forms
from mediagoblin.plugins.persona.models import PersonaUserEmails
_log = logging.getLogger(__name__)
def _get_response(request):
if 'assertion' not in request.form:
_log.debug('assertion not in request.form')
raise BadRequest()
data = {'assertion': request.form['assertion'],
'audience': request.urlgen('index', qualified=True)}
resp = requests.post('https://verifier.login.persona.org/verify',
data=data, verify=True)
if resp.ok:
verification_data = json.loads(resp.content)
if verification_data['status'] == 'okay':
return verification_data['email']
return None
@auth_enabled
def login(request):
if request.method == 'GET':
return redirect(request, 'mediagoblin.auth.login')
email = _get_response(request)
if email:
query = PersonaUserEmails.query.filter_by(
persona_email=email
).first()
user = query.user if query else None
if user:
request.session['user_id'] = unicode(user.id)
request.session.save()
return redirect(request, "index")
else:
if not mg_globals.app.auth:
messages.add_message(
request,
messages.WARNING,
_('Sorry, authentication is disabled on this instance.'))
return redirect(request, 'index')
register_form = forms.RegistrationForm(email=email,
persona_email=email)
return render_to_response(
request,
'mediagoblin/auth/register.html',
{'register_form': register_form,
'post_url': request.urlgen(
'mediagoblin.plugins.persona.register')})
return redirect(request, 'mediagoblin.auth.login')
@allow_registration
@auth_enabled
def register(request):
if request.method == 'GET':
# Need to connect to persona before registering a user. If method is
# 'GET', then this page was acessed without logging in first.
return redirect(request, 'mediagoblin.auth.login')
register_form = forms.RegistrationForm(request.form)
if register_form.validate():
user = register_user(request, register_form)
if user:
# redirect the user to their homepage... there will be a
# message waiting for them to verify their email
return redirect(
request, 'mediagoblin.user_pages.user_home',
user=user.username)
return render_to_response(
request,
'mediagoblin/auth/register.html',
{'register_form': register_form,
'post_url': request.urlgen('mediagoblin.plugins.persona.register')})
@require_active_login
def edit(request):
form = forms.EditForm(request.form)
if request.method == 'POST' and form.validate():
query = PersonaUserEmails.query.filter_by(
persona_email=form.email.data)
user = query.first().user if query.first() else None
if user and user.id == int(request.user.id):
count = len(user.persona_emails)
if count > 1 or user.pw_hash:
# User has more then one Persona email or also has a password.
query.first().delete()
messages.add_message(
request,
messages.SUCCESS,
_('The Persona email address was successfully removed.'))
return redirect(request, 'mediagoblin.edit.account')
elif not count > 1:
form.email.errors.append(
_("You can't delete your only Persona email address unless"
" you have a password set."))
else:
form.email.errors.append(
_('That Persona email address is not registered to this'
' account.'))
return render_to_response(
request,
'mediagoblin/plugins/persona/edit.html',
{'form': form,
'edit_persona': True})
@require_active_login
def add(request):
if request.method == 'GET':
return redirect(request, 'mediagoblin.plugins.persona.edit')
email = _get_response(request)
if email:
query = PersonaUserEmails.query.filter_by(
persona_email=email
).first()
user_exists = query.user if query else None
if user_exists:
messages.add_message(
request,
messages.WARNING,
_('Sorry, an account is already registered with that Persona'
' email address.'))
return redirect(request, 'mediagoblin.plugins.persona.edit')
else:
# Save the Persona Email to the user
new_entry = PersonaUserEmails()
new_entry.persona_email = email
new_entry.user_id = request.user.id
new_entry.save()
messages.add_message(
request,
messages.SUCCESS,
_('Your Person email address was saved successfully.'))
return redirect(request, 'mediagoblin.edit.account')

1
mediagoblin/processing/__init__.py
View File

@ -184,7 +184,6 @@ class BaseProcessingFail(Exception):
def __init__(self, **metadata):
self.metadata = metadata or {}
class BadMediaFail(BaseProcessingFail):
"""
Error that should be raised when an inappropriate file was given

18
mediagoblin/processing/task.py
View File

@ -18,11 +18,13 @@ import logging
import urllib
import urllib2
from celery import registry, task
import celery
from celery.registry import tasks
from mediagoblin import mg_globals as mgg
from mediagoblin.db.models import MediaEntry
from . import mark_entry_failed, BaseProcessingFail, ProcessingState
from mediagoblin.processing import (mark_entry_failed, BaseProcessingFail,
ProcessingState)
from mediagoblin.tools.processing import json_processing_callback
_log = logging.getLogger(__name__)
@ -30,7 +32,7 @@ logging.basicConfig()
_log.setLevel(logging.DEBUG)
@task.task(default_retry_delay=2 * 60)
@celery.task(default_retry_delay=2 * 60)
def handle_push_urls(feed_url):
"""Subtask, notifying the PuSH servers of new content
@ -60,14 +62,16 @@ def handle_push_urls(feed_url):
'Giving up.'.format(feed_url))
return False
################################
# Media processing initial steps
################################
class ProcessMedia(task.Task):
class ProcessMedia(celery.Task):
"""
Pass this entry off for processing.
"""
track_started=True
def run(self, media_id, feed_url):
"""
Pass the media entry off to the appropriate processing function
@ -140,6 +144,4 @@ class ProcessMedia(task.Task):
entry = mgg.database.MediaEntry.query.filter_by(id=entry_id).first()
json_processing_callback(entry)
# Register the task
process_media = registry.tasks[ProcessMedia.name]
tasks.register(ProcessMedia)

4
mediagoblin/routing.py
View File

@ -38,8 +38,8 @@ def get_url_map():
import mediagoblin.webfinger.routing
import mediagoblin.listings.routing
import mediagoblin.notifications.routing
import mediagoblin.oauth.routing
for route in PluginManager().get_routes():
add_route(*route)

7
mediagoblin/static/css/base.css
View File

@ -812,3 +812,10 @@ pre {
#exif_additional_info table tr {
margin-bottom: 10px;
}
p.verifier {
text-align:center;
font-size:50px;
none repeat scroll 0% 0% rgb(221, 221, 221);
padding: 1em 0px;
}

BIN
mediagoblin/static/images/home_goblin.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 60 KiB

13
mediagoblin/static/js/comment_show.js
View File

@ -15,12 +15,25 @@
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
var content="";
function previewComment(){
if ($('#comment_content').val() && (content != $('#comment_content').val())) {
content = $('#comment_content').val();
$.post($('#previewURL').val(),$('#form_comment').serialize(),
function(data){
preview = JSON.parse(data)
$('#comment_preview').replaceWith("<div id=comment_preview><h3>" + $('#previewText').val() +"</h3><br />" + preview.content +
"<hr style='border: 1px solid #333;' /></div>");
});
}
}
$(document).ready(function(){
$('#form_comment').hide();
$('#button_addcomment').click(function(){
$(this).fadeOut('fast');
$('#form_comment').slideDown(function(){
setInterval("previewComment()",1000);
$('#comment_content').focus();
});
});

4
mediagoblin/submit/lib.py
View File

@ -21,7 +21,7 @@ from werkzeug.datastructures import FileStorage
from mediagoblin.db.models import MediaEntry
from mediagoblin.processing import mark_entry_failed
from mediagoblin.processing.task import process_media
from mediagoblin.processing.task import ProcessMedia
_log = logging.getLogger(__name__)
@ -85,7 +85,7 @@ def run_process_media(entry, feed_url=None):
'mediagoblin.user_pages.atom_feed',qualified=True,
user=request.user.username)`"""
try:
process_media.apply_async(
ProcessMedia().apply_async(
[entry.id, feed_url], {},
task_id=entry.queued_task_id)
except BaseException as exc:

3
mediagoblin/submit/views.py
View File

@ -90,7 +90,7 @@ def submit_start(request):
# Save now so we have this data before kicking off processing
entry.save()
# Pass off to processing
# Pass off to async processing
#
# (... don't change entry after this point to avoid race
# conditions with changes to the document via processing code)
@ -98,6 +98,7 @@ def submit_start(request):
'mediagoblin.user_pages.atom_feed',
qualified=True, user=request.user.username)
run_process_media(entry, feed_url)
add_message(request, SUCCESS, _('Woohoo! Submitted!'))
add_comment_subscription(request.user, entry)

56
mediagoblin/templates/mediagoblin/api/authorize.html Normal file
View File

@ -0,0 +1,56 @@
{#
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#}
{% extends "mediagoblin/base.html" %}
{% block title -%}
{% trans %}Authorization{% endtrans %} &mdash; {{ super() }}
{%- endblock %}
{% block mediagoblin_content %}
<h1>{% trans %}Authorize{% endtrans %}</h1>
<p>
{% trans %}You are logged in as{% endtrans %}
<strong>{{user.username}}</strong>
<br /><br />
{% trans %}Do you want to authorize {% endtrans %}
{% if client.application_name -%}
<em>{{ client.application_name }}</em>
{%- else -%}
<em>{% trans %}an unknown application{% endtrans %}</em>
{%- endif %}
{% trans %} to access your account? {% endtrans %}
<br /><br />
{% trans %}Applications with access to your account can: {% endtrans %}
<ul>
<li>{% trans %}Post new media as you{% endtrans %}</li>
<li>{% trans %}See your information (e.g profile, meida, etc...){% endtrans %}</li>
<li>{% trans %}Change your information{% endtrans %}</li>
</ul>
<br />
<form method="POST">
{{ csrf_token }}
{{ authorize_form.oauth_token }}
{{ authorize_form.oauth_verifier }}
<input type="submit" value="{% trans %}Authorize{% endtrans %}">
</form>
</p>
{% endblock %}

33
mediagoblin/templates/mediagoblin/api/oob.html Normal file
View File

@ -0,0 +1,33 @@
{#
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#}
{% extends "mediagoblin/base.html" %}
{% block title -%}
{% trans %}Authorization Finished{% endtrans %} &mdash; {{ super() }}
{%- endblock %}
{% block mediagoblin_content %}
<h1>{% trans %}Authorization Complete{% endtrans %}</h1>
<h4>{% trans %}Copy and paste this into your client:{% endtrans %}</h4>
<p class="verifier">
{{ oauth_request.verifier }}
</p>
{% endblock %}

39
mediagoblin/templates/mediagoblin/base.html
View File

@ -23,6 +23,7 @@
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<title>{% block title %}{{ app_config['html_title'] }}{% endblock %}</title>
<link rel="stylesheet" type="text/css"
href="{{ request.staticdirect('/css/extlib/reset.css') }}"/>
@ -60,24 +61,35 @@
{%- if request.user %}
{% if request.user and request.user.status == 'active' %}
{% set notification_count = request.notifications.get_notification_count(request.user.id) %}
{% set notification_count = get_notification_count(request.user.id) %}
{% if notification_count %}
<a href="#notifications" class="notification-gem button_action" title="Notifications">
{{ notification_count }}</a>
<a href="javascript:;" class="notification-gem button_action" title="Notifications">
{{ notification_count }}</a>
{% endif %}
<div class="button_action header_dropdown_down">&#9660;</div>
<div class="button_action header_dropdown_up">&#9650;</div>
<a href="javascript:;" class="button_action header_dropdown_down">&#9660;</a>
<a href="javascript:;" class="button_action header_dropdown_up">&#9650;</a>
{% elif request.user and request.user.status == "needs_email_verification" %}
{# the following link should only appear when verification is needed #}
<a href="{{ request.urlgen('mediagoblin.user_pages.user_home',
user=request.user.username) }}"
class="button_action_highlight">
{% trans %}Verify your email!{% endtrans %}</a>
or <a href="{{ request.urlgen('mediagoblin.auth.logout') }}">{% trans %}log out{% endtrans %}</a>
or <a id="logout" href=
{% if persona is not defined %}
"{{ request.urlgen('mediagoblin.auth.logout') }}"
{% else %}
"javascript:;"
{% endif %}
>{% trans %}log out{% endtrans %}</a>
{% endif %}
{%- elif auth %}
<a href="{{ request.urlgen('mediagoblin.auth.login') }}?next={{
request.base_url|urlencode }}">
<a href=
{% if persona_auth is defined %}
"javascript:;" id="persona_login"
{% else %}
"{{ request.urlgen('mediagoblin.auth.login') }}"
{% endif %}
>
{%- trans %}Log in{% endtrans -%}
</a>
{%- endif %}
@ -101,7 +113,13 @@
{%- trans %}Media processing panel{% endtrans -%}
</a>
&middot;
<a href="{{ request.urlgen('mediagoblin.auth.logout') }}">{% trans %}Log out{% endtrans %}</a>
<a id="logout" href=
{% if persona is not defined %}
"{{ request.urlgen('mediagoblin.auth.logout') }}"
{% else %}
"javascript:;"
{% endif %}
>{% trans %}Log out{% endtrans %}</a>
</p>
<a class="button_action" href="{{ request.urlgen('mediagoblin.submit.start') }}">
{%- trans %}Add media{% endtrans -%}
@ -134,6 +152,9 @@
{% include "mediagoblin/utils/messages.html" %}
{% block mediagoblin_content %}
{% endblock mediagoblin_content %}
{% if csrf_token is defined %}
{% template_hook("persona_form") %}
{% endif %}
</div>
{%- include "mediagoblin/bits/base_footer.html" %}
</div>

2
mediagoblin/templates/mediagoblin/bits/body_end.html
View File

@ -15,3 +15,5 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-#}
{% template_hook("persona_end") %}

14
mediagoblin/templates/mediagoblin/bits/frontpage_welcome.html
View File

@ -19,21 +19,27 @@
{% if request.user %}
<h1>{% trans %}Explore{% endtrans %}</h1>
{% else %}
<img class="right_align" src="{{ request.staticdirect('/images/home_goblin.png') }}" />
<h1>{% trans %}Hi there, welcome to this MediaGoblin site!{% endtrans %}</h1>
<img class="right_align" src="{{ request.staticdirect('/images/frontpage_image.png') }}" />
<p>{% trans %}This site is running <a href="http://mediagoblin.org">MediaGoblin</a>, an extraordinarily great piece of media hosting software.{% endtrans %}</p>
{% if auth %}
<p>{% trans %}To add your own media, place comments, and more, you can log in with your MediaGoblin account.{% endtrans %}</p>
{% if allow_registration %}
<p>{% trans %}Don't have one yet? It's easy!{% endtrans %}</p>
{% trans register_url=request.urlgen('mediagoblin.auth.register') -%}
<a class="button_action_highlight" href="{{ register_url }}">Create an account at this site</a>
<a class="button_action_highlight" href=
{% if persona_auth is defined %}
"javascript:;" id="persona_login1"
{% else %}
"{{ request.urlgen('mediagoblin.auth.register') }}"
{% endif %}
{% trans %}
>Create an account at this site</a>
or
{%- endtrans %}
{% endif %}
{% endif %}
{% trans %}
<a class="button_action" href="http://wiki.mediagoblin.org/HackingHowto">Set up MediaGoblin on your own server</a>
<a class="button_action" href="http://mediagoblin.readthedocs.org/">Set up MediaGoblin on your own server</a>
{%- endtrans %}
<div class="clear"></div>

2
mediagoblin/templates/mediagoblin/fragments/header_notifications.html
View File

@ -1,4 +1,4 @@
{% set notifications = request.notifications.get_notifications(request.user.id) %}
{% set notifications = get_notifications(request.user.id) %}
{% if notifications %}
<div class="header_notifications">
<h3>{% trans %}New comments{% endtrans %}</h3>

6
mediagoblin/templates/mediagoblin/user_pages/media.html
View File

@ -90,7 +90,8 @@
{% if app_config['allow_comments'] %}
<a
{% if not request.user %}
href="{{ request.urlgen('mediagoblin.auth.login') }}"
href="{{ request.urlgen('mediagoblin.auth.login') }}?next={{
request.base_url|urlencode }}"
{% endif %}
class="button_action" id="button_addcomment" title="Add a comment">
{% trans %}Add a comment{% endtrans %}
@ -107,7 +108,10 @@
<input type="submit" value="{% trans %}Add this comment{% endtrans %}" class="button_action" />
{{ csrf_token }}
</div>
<input type="hidden" value="{{ request.urlgen('mediagoblin.user_pages.media_preview_comment') }}" id="previewURL" />
<input type="hidden" value="{% trans %}Comment Preview{% endtrans %}" id="previewText"/>
</form>
<div id="comment_preview"></div>
{% endif %}
<ul style="list-style:none">
{% for comment in comments %}

3
mediagoblin/templates/mediagoblin/utils/comment-subscription.html
View File

@ -16,8 +16,7 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#}
{%- if request.user %}
{% set subscription = request.notifications.get_comment_subscription(
request.user.id, media.id) %}
{% set subscription = get_comment_subscription(request.user.id, media.id) %}
{% if not subscription or not subscription.notify %}
<a type="submit" href="{{ request.urlgen('mediagoblin.notifications.subscribe_comments',
user=media.get_uploader.username,

42
mediagoblin/tests/auth_configs/persona_appconfig.ini Normal file
View File

@ -0,0 +1,42 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
[mediagoblin]
direct_remote_path = /test_static/
email_sender_address = "notice@mediagoblin.example.org"
email_debug_mode = true
# TODO: Switch to using an in-memory database
sql_engine = "sqlite:///%(here)s/user_dev/mediagoblin.db"
# Celery shouldn't be set up by the application as it's setup via
# mediagoblin.init.celery.from_celery
celery_setup_elsewhere = true
[storage:publicstore]
base_dir = %(here)s/user_dev/media/public
base_url = /mgoblin_media/
[storage:queuestore]
base_dir = %(here)s/user_dev/media/queue
[celery]
CELERY_ALWAYS_EAGER = true
CELERY_RESULT_DBURI = "sqlite:///%(here)s/user_dev/celery.db"
BROKER_HOST = "sqlite:///%(here)s/user_dev/kombu.db"
[plugins]
[[mediagoblin.plugins.persona]]

2
mediagoblin/tests/test_celery_setup.py
View File

@ -55,6 +55,6 @@ def test_setup_celery_from_config():
pkg_resources.resource_filename('mediagoblin.tests', 'celery.db'))
assert fake_celery_module.BROKER_TRANSPORT == 'sqlalchemy'
assert fake_celery_module.BROKER_HOST == (
assert fake_celery_module.BROKER_URL == (
'sqlite:///' +
pkg_resources.resource_filename('mediagoblin.tests', 'kombu.db'))

4
mediagoblin/tests/test_http_callback.py
View File

@ -23,7 +23,7 @@ from mediagoblin import mg_globals
from mediagoblin.tools import processing
from mediagoblin.tests.tools import fixture_add_user
from mediagoblin.tests.test_submission import GOOD_PNG
from mediagoblin.tests import test_oauth as oauth
from mediagoblin.tests import test_oauth2 as oauth
class TestHTTPCallback(object):
@ -44,7 +44,7 @@ class TestHTTPCallback(object):
'password': self.user_password})
def get_access_token(self, client_id, client_secret, code):
response = self.test_app.get('/oauth/access_token', {
response = self.test_app.get('/oauth-2/access_token', {
'code': code,
'client_id': client_id,
'client_secret': client_secret})

2
mediagoblin/tests/test_mgoblin_app.ini
View File

@ -23,7 +23,7 @@ base_dir = %(here)s/user_dev/media/queue
[celery]
CELERY_ALWAYS_EAGER = true
CELERY_RESULT_DBURI = "sqlite:///%(here)s/user_dev/celery.db"
BROKER_HOST = "sqlite:///%(here)s/user_dev/kombu.db"
BROKER_URL = "sqlite:///%(here)s/test_user_dev/kombu.db"
[plugins]
[[mediagoblin.plugins.api]]

166
mediagoblin/tests/test_oauth1.py Normal file
View File

@ -0,0 +1,166 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import cgi
import pytest
from urlparse import parse_qs, urlparse
from oauthlib.oauth1 import Client
from mediagoblin import mg_globals
from mediagoblin.tools import template, pluginapi
from mediagoblin.tests.tools import fixture_add_user
class TestOAuth(object):
MIME_FORM = "application/x-www-form-urlencoded"
MIME_JSON = "application/json"
@pytest.fixture(autouse=True)
def setup(self, test_app):
self.test_app = test_app
self.db = mg_globals.database
self.pman = pluginapi.PluginManager()
self.user_password = "AUserPassword123"
self.user = fixture_add_user("OAuthy", self.user_password)
self.login()
def login(self):
self.test_app.post(
"/auth/login/", {
"username": self.user.username,
"password": self.user_password})
def register_client(self, **kwargs):
""" Regiters a client with the API """
kwargs["type"] = "client_associate"
kwargs["application_type"] = kwargs.get("application_type", "native")
return self.test_app.post("/api/client/register", kwargs)
def test_client_client_register_limited_info(self):
""" Tests that a client can be registered with limited information """
response = self.register_client()
client_info = response.json
client = self.db.Client.query.filter_by(id=client_info["client_id"]).first()
assert response.status_int == 200
assert client is not None
def test_client_register_full_info(self):
""" Provides every piece of information possible to register client """
query = {
"application_name": "Testificate MD",
"application_type": "web",
"contacts": "someone@someplace.com tuteo@tsengeo.lu",
"logo_url": "http://ayrel.com/utral.png",
"redirect_uris": "http://navi-kosman.lu http://gmg-yawne-oeru.lu",
}
response = self.register_client(**query)
client_info = response.json
client = self.db.Client.query.filter_by(id=client_info["client_id"]).first()
assert client is not None
assert client.secret == client_info["client_secret"]
assert client.application_type == query["application_type"]
assert client.redirect_uri == query["redirect_uris"].split()
assert client.logo_url == query["logo_url"]
assert client.contacts == query["contacts"].split()
def test_client_update(self):
""" Tests that you can update a client """
# first we need to register a client
response = self.register_client()
client_info = response.json
client = self.db.Client.query.filter_by(id=client_info["client_id"]).first()
# Now update
update_query = {
"type": "client_update",
"application_name": "neytiri",
"contacts": "someone@someplace.com abc@cba.com",
"logo_url": "http://place.com/picture.png",
"application_type": "web",
"redirect_uris": "http://blah.gmg/whatever https://inboxen.org/",
}
update_response = self.register_client(**update_query)
assert update_response.status_int == 200
client_info = update_response.json
client = self.db.Client.query.filter_by(id=client_info["client_id"]).first()
assert client.secret == client_info["client_secret"]
assert client.application_type == update_query["application_type"]
assert client.application_name == update_query["application_name"]
assert client.contacts == update_query["contacts"].split()
assert client.logo_url == update_query["logo_url"]
assert client.redirect_uri == update_query["redirect_uris"].split()
def to_authorize_headers(self, data):
headers = ""
for key, value in data.items():
headers += '{0}="{1}",'.format(key, value)
return {"Authorization": "OAuth " + headers[:-1]}
def test_request_token(self):
""" Test a request for a request token """
response = self.register_client()
client_id = response.json["client_id"]
endpoint = "/oauth/request_token"
request_query = {
"oauth_consumer_key": client_id,
"oauth_nonce": "abcdefghij",
"oauth_timestamp": 123456789.0,
"oauth_callback": "https://some.url/callback",
}
headers = self.to_authorize_headers(request_query)
headers["Content-Type"] = self.MIME_FORM
response = self.test_app.post(endpoint, headers=headers)
response = cgi.parse_qs(response.body)
# each element is a list, reduce it to a string
for key, value in response.items():
response[key] = value[0]
request_token = self.db.RequestToken.query.filter_by(
token=response["oauth_token"]
).first()
client = self.db.Client.query.filter_by(id=client_id).first()
assert request_token is not None
assert request_token.secret == response["oauth_token_secret"]
assert request_token.client == client.id
assert request_token.used == False
assert request_token.callback == request_query["oauth_callback"]

12
mediagoblin/tests/test_oauth.py → mediagoblin/tests/test_oauth2.py
View File

@ -52,7 +52,7 @@ class TestOAuth(object):
def register_client(self, name, client_type, description=None,
redirect_uri=''):
return self.test_app.post(
'/oauth/client/register', {
'/oauth-2/client/register', {
'name': name,
'description': description,
'type': client_type,
@ -116,7 +116,7 @@ class TestOAuth(object):
client_identifier = client.identifier
redirect_uri = 'https://foo.example'
response = self.test_app.get('/oauth/authorize', {
response = self.test_app.get('/oauth-2/authorize', {
'client_id': client.identifier,
'scope': 'all',
'redirect_uri': redirect_uri})
@ -130,7 +130,7 @@ class TestOAuth(object):
# Short for client authorization post reponse
capr = self.test_app.post(
'/oauth/client/authorize', {
'/oauth-2/client/authorize', {
'client_id': form.client_id.data,
'allow': 'Allow',
'next': form.next.data})
@ -156,7 +156,7 @@ class TestOAuth(object):
client = self.db.OAuthClient.query.filter(
self.db.OAuthClient.identifier == unicode(client_id)).first()
token_res = self.test_app.get('/oauth/access_token?client_id={0}&\
token_res = self.test_app.get('/oauth-2/access_token?client_id={0}&\
code={1}&client_secret={2}'.format(client_id, code, client.secret))
assert token_res.status_int == 200
@ -184,7 +184,7 @@ code={1}&client_secret={2}'.format(client_id, code, client.secret))
client = self.db.OAuthClient.query.filter(
self.db.OAuthClient.identifier == unicode(client_id)).first()
token_res = self.test_app.get('/oauth/access_token?\
token_res = self.test_app.get('/oauth-2/access_token?\
code={0}&client_secret={1}'.format(code, client.secret))
assert token_res.status_int == 200
@ -205,7 +205,7 @@ code={0}&client_secret={1}'.format(code, client.secret))
client = self.db.OAuthClient.query.filter(
self.db.OAuthClient.identifier == client_id).first()
token_res = self.test_app.get('/oauth/access_token',
token_res = self.test_app.get('/oauth-2/access_token',
{'refresh_token': token_data['refresh_token'],
'client_id': client_id,
'client_secret': client.secret

212
mediagoblin/tests/test_persona.py Normal file
View File

@ -0,0 +1,212 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import urlparse
import pkg_resources
import pytest
import mock
pytest.importorskip("requests")
from mediagoblin import mg_globals
from mediagoblin.db.base import Session
from mediagoblin.tests.tools import get_app
from mediagoblin.tools import template
# App with plugin enabled
@pytest.fixture()
def persona_plugin_app(request):
return get_app(
request,
mgoblin_config=pkg_resources.resource_filename(
'mediagoblin.tests.auth_configs',
'persona_appconfig.ini'))
class TestPersonaPlugin(object):
def test_authentication_views(self, persona_plugin_app):
res = persona_plugin_app.get('/auth/login/')
assert urlparse.urlsplit(res.location)[2] == '/'
res = persona_plugin_app.get('/auth/register/')
assert urlparse.urlsplit(res.location)[2] == '/'
res = persona_plugin_app.get('/auth/persona/login/')
assert urlparse.urlsplit(res.location)[2] == '/auth/login/'
res = persona_plugin_app.get('/auth/persona/register/')
assert urlparse.urlsplit(res.location)[2] == '/auth/login/'
@mock.patch('mediagoblin.plugins.persona.views._get_response', mock.Mock(return_value=u'test@example.com'))
def _test_registration():
# No register users
template.clear_test_template_context()
res = persona_plugin_app.post(
'/auth/persona/login/', {})
assert 'mediagoblin/auth/register.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
register_form = context['register_form']
assert register_form.email.data == u'test@example.com'
assert register_form.persona_email.data == u'test@example.com'
template.clear_test_template_context()
res = persona_plugin_app.post(
'/auth/persona/register/', {})
assert 'mediagoblin/auth/register.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
register_form = context['register_form']
assert register_form.username.errors == [u'This field is required.']
assert register_form.email.errors == [u'This field is required.']
assert register_form.persona_email.errors == [u'This field is required.']
# Successful register
template.clear_test_template_context()
res = persona_plugin_app.post(
'/auth/persona/register/',
{'username': 'chris',
'email': 'chris@example.com',
'persona_email': 'test@example.com'})
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/u/chris/'
assert 'mediagoblin/user_pages/user.html' in template.TEMPLATE_TEST_CONTEXT
# Try to register same Persona email address
template.clear_test_template_context()
res = persona_plugin_app.post(
'/auth/persona/register/',
{'username': 'chris1',
'email': 'chris1@example.com',
'persona_email': 'test@example.com'})
assert 'mediagoblin/auth/register.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/auth/register.html']
register_form = context['register_form']
assert register_form.persona_email.errors == [u'Sorry, an account is already registered to that Persona email.']
# Logout
persona_plugin_app.get('/auth/logout/')
# Get user and detach from session
test_user = mg_globals.database.User.query.filter_by(
username=u'chris').first()
test_user.email_verified = True
test_user.status = u'active'
test_user.save()
test_user = mg_globals.database.User.query.filter_by(
username=u'chris').first()
Session.expunge(test_user)
# Add another user for _test_edit_persona
persona_plugin_app.post(
'/auth/persona/register/',
{'username': 'chris1',
'email': 'chris1@example.com',
'persona_email': 'test1@example.com'})
# Log back in
template.clear_test_template_context()
res = persona_plugin_app.post(
'/auth/persona/login/')
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/'
assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT
# Make sure user is in the session
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html']
session = context['request'].session
assert session['user_id'] == unicode(test_user.id)
_test_registration()
@mock.patch('mediagoblin.plugins.persona.views._get_response', mock.Mock(return_value=u'new@example.com'))
def _test_edit_persona():
# Try and delete only Persona email address
template.clear_test_template_context()
res = persona_plugin_app.post(
'/edit/persona/',
{'email': 'test@example.com'})
assert 'mediagoblin/plugins/persona/edit.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/plugins/persona/edit.html']
form = context['form']
assert form.email.errors == [u"You can't delete your only Persona email address unless you have a password set."]
template.clear_test_template_context()
res = persona_plugin_app.post(
'/edit/persona/', {})
assert 'mediagoblin/plugins/persona/edit.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/plugins/persona/edit.html']
form = context['form']
assert form.email.errors == [u'This field is required.']
# Try and delete Persona not owned by the user
template.clear_test_template_context()
res = persona_plugin_app.post(
'/edit/persona/',
{'email': 'test1@example.com'})
assert 'mediagoblin/plugins/persona/edit.html' in template.TEMPLATE_TEST_CONTEXT
context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/plugins/persona/edit.html']
form = context['form']
assert form.email.errors == [u'That Persona email address is not registered to this account.']
res = persona_plugin_app.get('/edit/persona/add/')
assert urlparse.urlsplit(res.location)[2] == '/edit/persona/'
# Add Persona email address
template.clear_test_template_context()
res = persona_plugin_app.post(
'/edit/persona/add/')
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
# Delete a Persona
res = persona_plugin_app.post(
'/edit/persona/',
{'email': 'test@example.com'})
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/edit/account/'
_test_edit_persona()
@mock.patch('mediagoblin.plugins.persona.views._get_response', mock.Mock(return_value=u'test1@example.com'))
def _test_add_existing():
template.clear_test_template_context()
res = persona_plugin_app.post(
'/edit/persona/add/')
res.follow()
assert urlparse.urlsplit(res.location)[2] == '/edit/persona/'
_test_add_existing()

15
mediagoblin/tools/crypto.py
View File

@ -14,6 +14,8 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import base64
import string
import errno
import itsdangerous
import logging
@ -24,6 +26,9 @@ from mediagoblin import mg_globals
_log = logging.getLogger(__name__)
# produces base64 alphabet
alphabet = string.ascii_letters + "-_"
base = len(alphabet)
# Use the system (hardware-based) random number generator if it exists.
# -- this optimization is lifted from Django
@ -111,3 +116,13 @@ def get_timed_signer_url(namespace):
assert __itsda_secret is not None
return itsdangerous.URLSafeTimedSerializer(__itsda_secret,
salt=namespace)
def random_string(length):
""" Returns a URL safe base64 encoded crypographically strong string """
rstring = ""
for i in range(length):
n = getrandbits(6) # 6 bytes = 2^6 = 64
n = divmod(n, base)[1]
rstring += alphabet[n]
return rstring

18
mediagoblin/tools/request.py
View File

@ -14,12 +14,18 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import json
import logging
from mediagoblin.db.models import User
_log = logging.getLogger(__name__)
# MIME-Types
form_encoded = "application/x-www-form-urlencoded"
json_encoded = "application/json"
def setup_user_in_request(request):
"""
Examine a request and tack on a request.user parameter if that's
@ -36,3 +42,15 @@ def setup_user_in_request(request):
# this session.
_log.warn("Killing session for user id %r", request.session['user_id'])
request.session.delete()
def decode_request(request):
""" Decodes a request based on MIME-Type """
data = request.get_data()
if request.content_type == json_encoded:
data = json.loads(data)
elif request.content_type == form_encoded or request.content_type == "":
data = request.form
else:
data = ""
return data

53
mediagoblin/tools/response.py
View File

@ -14,6 +14,8 @@
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import json
import werkzeug.utils
from werkzeug.wrappers import Response as wz_Response
from mediagoblin.tools.template import render_template
@ -33,7 +35,6 @@ def render_to_response(request, template, context, status=200):
render_template(request, template, context),
status=status)
def render_error(request, status=500, title=_('Oops!'),
err_msg=_('An error occured')):
"""Render any error page with a given error code, title and text body
@ -46,6 +47,14 @@ def render_error(request, status=500, title=_('Oops!'),
{'err_code': status, 'title': title, 'err_msg': err_msg}),
status=status)
def render_400(request, err_msg=None):
""" Render a standard 400 page"""
_ = pass_to_ugettext
title = _("Bad Request")
if err_msg is None:
err_msg = _("The request sent to the server is invalid, please double check it")
return render_error(request, 400, title, err_msg)
def render_403(request):
"""Render a standard 403 page"""
@ -121,3 +130,45 @@ def redirect_obj(request, obj):
Requires obj to have a .url_for_self method."""
return redirect(request, location=obj.url_for_self(request.urlgen))
def json_response(serializable, _disable_cors=False, *args, **kw):
'''
Serializes a json objects and returns a werkzeug Response object with the
serialized value as the response body and Content-Type: application/json.
:param serializable: A json-serializable object
Any extra arguments and keyword arguments are passed to the
Response.__init__ method.
'''
response = wz_Response(json.dumps(serializable), *args, content_type='application/json', **kw)
if not _disable_cors:
cors_headers = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Methods': 'POST, GET, OPTIONS',
'Access-Control-Allow-Headers': 'Content-Type, X-Requested-With'}
for key, value in cors_headers.iteritems():
response.headers.set(key, value)
return response
def form_response(data, *args, **kwargs):
"""
Responds using application/x-www-form-urlencoded and returns a werkzeug
Response object with the data argument as the body
and 'application/x-www-form-urlencoded' as the Content-Type.
Any extra arguments and keyword arguments are passed to the
Response.__init__ method.
"""
response = wz_Response(
data,
content_type="application/x-www-form-urlencoded",
*args,
**kwargs
)
return response

19
mediagoblin/tools/template.py
View File

@ -32,7 +32,6 @@ from mediagoblin.tools.timesince import timesince
from mediagoblin.meddleware.csrf import render_csrf_form_token
SETUP_JINJA_ENVS = {}
@ -50,6 +49,12 @@ def get_jinja_env(template_loader, locale):
if locale in SETUP_JINJA_ENVS:
return SETUP_JINJA_ENVS[locale]
# The default config does not require a [jinja2] block.
# You may create one if you wish to enable additional jinja2 extensions,
# see example in config_spec.ini
jinja2_config = mg_globals.global_config.get('jinja2', {})
local_exts = jinja2_config.get('extensions', [])
# jinja2.StrictUndefined will give exceptions on references
# to undefined/unknown variables in templates.
template_env = jinja2.Environment(
@ -57,7 +62,7 @@ def get_jinja_env(template_loader, locale):
undefined=jinja2.StrictUndefined,
extensions=[
'jinja2.ext.i18n', 'jinja2.ext.autoescape',
TemplateHookExtension])
TemplateHookExtension] + local_exts)
template_env.install_gettext_callables(
mg_globals.thread_scope.translations.ugettext,
@ -84,6 +89,16 @@ def get_jinja_env(template_loader, locale):
template_env.globals = hook_transform(
'template_global_context', template_env.globals)
#### THIS IS TEMPORARY, PLEASE FIX IT
## Notifications stuff is not yet a plugin (and we're not sure it will be),
## but it needs to add stuff to the context. This is THE WRONG WAY TO DO IT
from mediagoblin import notifications
template_env.globals['get_notifications'] = notifications.get_notifications
template_env.globals[
'get_notification_count'] = notifications.get_notification_count
template_env.globals[
'get_comment_subscription'] = notifications.get_comment_subscription
if exists(locale):
SETUP_JINJA_ENVS[locale] = template_env

46
mediagoblin/tools/validator.py Normal file
View File

@ -0,0 +1,46 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from wtforms.validators import Email, URL
def validate_email(email):
"""
Validates an email
Returns True if valid and False if invalid
"""
email_re = Email().regex
result = email_re.match(email)
if result is None:
return False
else:
return result.string
def validate_url(url):
"""
Validates a url
Returns True if valid and False if invalid
"""
url_re = URL().regex
result = url_re.match(url)
if result is None:
return False
else:
return result.string

4
mediagoblin/user_pages/forms.py
View File

@ -23,7 +23,7 @@ class MediaCommentForm(wtforms.Form):
_('Comment'),
[wtforms.validators.Required()],
description=_(u'You can use '
u'<a href="http://daringfireball.net/projects/markdown/basics">'
u'<a href="http://daringfireball.net/projects/markdown/basics" target="_blank">'
u'Markdown</a> for formatting.'))
class ConfirmDeleteForm(wtforms.Form):
@ -47,7 +47,7 @@ class MediaCollectForm(wtforms.Form):
collection_description = wtforms.TextAreaField(
_('Description of this collection'),
description=_("""You can use
<a href="http://daringfireball.net/projects/markdown/basics">
<a href="http://daringfireball.net/projects/markdown/basics" target="_blank">
Markdown</a> for formatting."""))
class CommentReportForm(wtforms.Form):

4
mediagoblin/user_pages/routing.py
View File

@ -36,6 +36,10 @@ add_route('mediagoblin.user_pages.media_post_comment',
'/u/<string:user>/m/<int:media_id>/comment/add/',
'mediagoblin.user_pages.views:media_post_comment')
add_route('mediagoblin.user_pages.media_preview_comment',
'/ajax/comment/preview/',
'mediagoblin.user_pages.views:media_preview_comment')
add_route('mediagoblin.user_pages.user_gallery',
'/u/<string:user>/gallery/',
'mediagoblin.user_pages.views:user_gallery')

13
mediagoblin/user_pages/views.py
View File

@ -16,6 +16,7 @@
import logging
import datetime
import json
from mediagoblin import messages, mg_globals
from mediagoblin.db.models import (MediaEntry, MediaTag, Collection,
@ -23,6 +24,7 @@ from mediagoblin.db.models import (MediaEntry, MediaTag, Collection,
CommentReport, MediaReport)
from mediagoblin.tools.response import render_to_response, render_404, \
redirect, redirect_obj
from mediagoblin.tools.text import cleaned_markdown_conversion
from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.tools.pagination import Pagination
from mediagoblin.user_pages import forms as user_forms
@ -39,6 +41,7 @@ from mediagoblin.decorators import (uses_pagination, get_user_media_entry,
from werkzeug.contrib.atom import AtomFeed
from werkzeug.exceptions import MethodNotAllowed
from werkzeug.wrappers import Response
_log = logging.getLogger(__name__)
@ -159,7 +162,6 @@ def media_home(request, media, page, **kwargs):
@get_media_entry_by_id
@require_active_login
@user_has_privilege(u'commenter')
def media_post_comment(request, media):
"""
recieves POST from a MediaEntry() comment form, saves the comment.
@ -291,8 +293,13 @@ def media_confirm_delete(request, media):
messages.add_message(
request, messages.SUCCESS, _('You deleted the media.'))
return redirect(request, "mediagoblin.user_pages.user_home",
user=username)
location = media.url_to_next(request.urlgen)
if not location:
location=media.url_to_prev(request.urlgen)
if not location:
location=request.urlgen("mediagoblin.user_pages.user_home",
user=username)
return redirect(request, location=location)
else:
messages.add_message(
request, messages.ERROR,

5
setup.py
View File

@ -48,8 +48,8 @@ setup(
'pytest>=2.3.1',
'pytest-xdist',
'werkzeug>=0.7',
'celery==2.5.3',
'kombu==2.1.7',
'celery',
'kombu',
'jinja2',
'sphinx',
'Babel<1.0',
@ -63,6 +63,7 @@ setup(
'itsdangerous',
'pytz',
'six',
'oauthlib',
## This is optional!
# 'translitcodec',
## For now we're expecting that users will install this from