diff --git a/.gitignore b/.gitignore index 85de0102..b2189f82 100644 --- a/.gitignore +++ b/.gitignore @@ -24,6 +24,14 @@ /kombu.db /server-log.txt +# pyconfigure/automake generated files +/Makefile +/autom4te.cache/ +/config.log +/config.status +/configure +/aclocal.m4 + # Tests /mediagoblin/tests/user_dev/ diff --git a/Makefile.in b/Makefile.in new file mode 100644 index 00000000..a79d6cbc --- /dev/null +++ b/Makefile.in @@ -0,0 +1,207 @@ +# Makefile.in +# +# Copyright © 2012, 2013 Brandon Invergo +# +# Copying and distribution of this file, with or without modification, +# are permitted in any medium without royalty provided the copyright +# notice and this notice are preserved. This file is offered as-is, +# without any warranty. + +# List whatever files you want to include in your source distribution here. +# You can include whole directories but note that *everything* under that +# directory will be included +DISTFILES = PKG-INFO Makefile.in configure setup.py install-sh + +DESTDIR = +VPATH = @srcdir@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_DISTNAME = ${PACKAGE_NAME}-${PACKAGE_VERSION} +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PYTHON = @PYTHON@ +VIRTUALENV = @VIRTUALENV@ +SPHINXBUILD = @SPHINXBUILD@ +POSTGRES = @POSTGRES@ +SHELL = @SHELL@ +MKDIR_P = @MKDIR_P@ +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +prefix = @prefix@ +srcdir = @srcdir@ +abs_srcdir = @abs_srcdir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +pythondir = @pythondir@ +pyexecdir = @pyexecdir@ +pkgdatadir = $(datadir)/@PACKAGE_NAME@ +pkgincludedir = $(includedir)/@PACKAGE_NAME@ +pkgpythondir = @pkgpythondir@ +pkgpyexecdir = @pkgpyexecdir@ +PYTHONPATH = $(pythondir)$(PATH_SEPARATOR)$(DESTDIR)$(pythondir) + +all: install + +.PHONY: all install develop uninstall distclean info install-html html \ +install-pdf pdf install-dvi dvi install-ps ps clean dist check \ +installdirs postgresql update + +# Since installing to a virtualenv is all the rage these days, support +# it here. If the VIRTUALENV variable is set to anything other than +# "no", set up a new virtualenv and install there, otherwise install +# as usual from setup.py +install: installdirs + $(NORMAL_INSTALL) +ifneq ($(VIRTUALENV),no) + $(VIRTUALENV) $(VIRTUALENV_FLAGS) --python=$(PYTHON) \ + --system-site-packages $(DESTDIR)$(prefix) || \ + $(VIRTUALENV) $(DESTDIR)$(prefix) + $(DESTDIR)$(prefix)/bin/python $(srcdir)/setup.py install \ + --prefix=$(DESTDIR)$(prefix) +else + $(PYTHON) $(srcdir)/setup.py install --prefix=$(DESTDIR)$(prefix) +endif + if [[ $(DESTDIR)$(prefix) != $(abs_srcdir) ]]; then \ + $(INSTALL_DATA) $(srcdir)/Makefile $(DESTDIR)$(prefix)/Makefile; \ + $(INSTALL_DATA) $(srcdir)/lazycelery.sh $(DESTDIR)$(prefix)/lazycelery.sh; \ + $(INSTALL_DATA) $(srcdir)/lazyserver.sh $(DESTDIR)$(prefix)/lazyserver.sh; \ + fi + +# The same as "install", except use the "develop" setup.py target +develop: installdirs + $(NORMAL_INSTALL) +ifneq ($(VIRTUALENV),no) + $(VIRTUALENV) $(VIRTUALENV_FLAGS) --python=$(PYTHON) \ + --system-site-packages $(DESTDIR)$(prefix) || \ + $(VIRTUALENV) $(DESTDIR)$(prefix) + $(DESTDIR)$(prefix)/bin/python $(srcdir)/setup.py develop \ + --prefix=$(DESTDIR)$(prefix) +else + $(PYTHON) $(srcdir)/setup.py develop --prefix=$(DESTDIR)$(prefix) +endif + if [ "$(DESTDIR)$(prefix)" != "$(abs_srcdir)" ]; then \ + $(INSTALL_DATA) $(srcdir)/Makefile $(DESTDIR)$(prefix)/Makefile; \ + $(INSTALL_DATA) $(srcdir)/lazycelery.sh $(DESTDIR)$(prefix)/lazycelery.sh; \ + $(INSTALL_DATA) $(srcdir)/lazyserver.sh $(DESTDIR)$(prefix)/lazyserver.sh; \ + fi + + +# setup.py doesn't (yet) support an uninstall command, so until it does, you +# must manually remove everything that was installed here. The following example +# should remove a basic package installed via setup.py, but please double- and +# triple-check it so that you don't remove something you shouldn't! +# Be sure to remove any extra files you install, such as binaries or documentation! +# uninstall: +# case $(prefix) in +# /usr|/usr/local ) +# exit 1 ;; +# /www/*|/srv/* ) +# rm -rvf $(prefix) ;; +# esac + +# Just use the usual setup.py clean command +clean: + $(PYTHON) setup.py clean + + +# Clean up the output of configure +distclean: + rm -v $(srcdir)/config.log + rm -v $(srcdir)/config.status + rm -rvf $(srcdir)/autom4te.cache + rm -v $(srcdir)/aclocal.m4 + rm -v $(srcdir)/Makefile + +# You can either use the setup.py sdist command or you can roll your own here +dist: +# $(PYTHON) setup.py sdist + mkdir $(PACKAGE_DISTNAME) + cp -r $(DISTFILES) $(PACKAGE_DISTNAME) + tar -czf $(PACKAGE_DISTNAME).tar.gz $(PACKAGE_DISTNAME) + rm -rf $(PACKAGE_DISTNAME) + +# Use the setup.py check command +check: + $(PYTHON) setup.py check + +# setup.py might complain if a directory doesn't exist so just in case, make the directory +# here +installdirs: + $(MKDIR_P) $(DESTDIR)$(prefix) + +# Set up PostgreSQL +postgresql: + sudo -u $(POSTGRES) createuser mediagoblin + sudo -u $(POSTGRES) createdb -E UNICODE -O mediagoblin mediagoblin + +update: +ifneq ($(VIRTUALENV),no) + $(prefix)/bin/python $(srcdir)/setup.py develop --prefix=$(prefix) --upgrade +else + $(PYTHON) $(srcdir)/setup.py develop --prefix=$(prefix) --upgrade +endif + $(prefix)/bin/gmg dbupdate + +# The following show how to install documentation. In this example, +# docs are built from a separate Makefile contained in the docs +# directory which uses the SPHINXBUILD variable to store the location +# of the sphinx-build (Python doc tool) binary to use. + +$(DESTDIR)$(infodir)/mediagoblin.info: docs/build/texinfo/mediagoblin.info + $(POST_INSTALL) + $(INSTALL_DATA) @< $(DESTDIR)$@ + if $(SHELL) -c 'install-info --version' >/dev/null 2>&1; then + install-info --dir-file=$(DESTDIR)$(infodir)/dir \ + $(DESTDIR)$(infodir)/foo.info; + else true; fi + +info: docs/build/texinfo/mediagoblin.info + +docs/build/texinfo/mediagoblin.info: $(wildcard docs/source/*) +ifneq ($(SPHINXBUILD),no) + $(MAKE) -C docs info SPHINXBUILD=$(SPHINXBUILD) +endif + + +install-html: html installdirs + $(INSTALL_DATA) docs/build/html/* $(DESTDIR)$(htmldir) + +html: docs/build/html/index.html + +docs/build/html/index.html: $(wildcard $(srcdir)/docs/source/*) +ifneq ($(SPHINXBUILD),no) + $(MAKE) -C docs html SPHINXBUILD=$(SPHINXBUILD) +endif + + +install-pdf: pdf installdirs + $(INSTALL_DATA) docs/build/latex/mediagoblin.pdf $(DESTDIR)$(pdfdir) + +pdf: docs/build/latex/mediagoblin.pdf + +docs/build/latex/mediagoblin.pdf: $(wildcard $(srcdir)/docs/source/*) +ifneq ($(SPHINXBUILD),no) + $(MAKE) -C docs latexpdf SPHINXBUILD=$(SPHINXBUILD) +endif + + +install-dvi: + +dvi: + +install-ps: + +ps: + + diff --git a/PKG-INFO b/PKG-INFO new file mode 100644 index 00000000..24fb75b1 --- /dev/null +++ b/PKG-INFO @@ -0,0 +1,19 @@ +Metadata-Version: 1.2 +Name: mediagoblin +Version: 0.4.0.dev +Summary: UNKNOWN +Home-page: http://mediagoblin.org/ +Author: Free Software Foundation and contributors +Author-email: cwebber@gnu.org +License: AGPLv3 +Download-URL: http://mediagoblin.org/download/ +Description: +Platform: UNKNOWN +Classifier: Development Status :: 3 - Alpha +Classifier: Environment :: Web Environment +Classifier: License :: OSI Approved :: GNU Affero General Public License v3 or later (AGPLv3+) +Classifier: Operating System :: OS Independent +Classifier: Programming Language :: Python +Classifier: Programming Language :: Python :: 2.6 +Classifier: Programming Language :: Python :: 2.7 +Classifier: Topic :: Internet :: WWW/HTTP :: Dynamic Content diff --git a/bootstrap.sh b/bootstrap.sh new file mode 100755 index 00000000..1540ea4b --- /dev/null +++ b/bootstrap.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +autoreconf -fvi diff --git a/configure.ac b/configure.ac new file mode 100644 index 00000000..e56a55a5 --- /dev/null +++ b/configure.ac @@ -0,0 +1,202 @@ +dnl configure.ac +dnl +dnl Copyright 2012, 2013 Brandon Invergo +dnl +dnl Copying and distribution of this file, with or without modification, +dnl are permitted in any medium without royalty provided the copyright +dnl notice and this notice are preserved. This file is offered as-is, +dnl without any warranty. + +dnl######### +dnl README # +dnl######### +dnl +dnl This is a basic Autoconf configure.ac file for Python-based +dnl projects. It is not intended to be used as-is, but rather to be +dnl modified to the specific needs of the project. +dnl +dnl Lines prefixed with "dnl" are comments that are automatically +dnl removed by Autoconf/M4, thus they will not appear in the generated +dnl configure script (see the M4 documentation for more information). +dnl Such comments are used in this file to communicate information to +dnl you, the developer. In some cases, the comments contain extra +dnl macros that you might consider including in your configure script. +dnl If you wish to include them, simply remove the "dnl" from the +dnl beginning of the line. +dnl +dnl Lines prefixed with "#" are comments that will appear in the +dnl generated configure script. These comments are thus used to clarify +dnl to the user what is happening in that script +dnl +dnl Wherever pyconfigure-specific macros are used, extra comments are +dnl included to describe the macros. + +dnl###################### +dnl Package Information # +dnl###################### + +dnl---- +dnl Initialize Autoconf with the package metadata +dnl The arguments have been set via the project's PKG-INFO file +dnl and correspond to: +dnl +dnl 1) package name (i.e. foo) +dnl 2) package version (i.e. 1.2) +dnl 3) bug/info/project email address (i.e. bug-foo@gnu.org) +dnl---- +dnl +AC_INIT([mediagoblin], [0.4.0.dev], [cwebber@gnu.org]) + +dnl---- +dnl Load macros from the m4/ directory. If you plan to write new +dnl macros, put them in files in this directory. +dnl---- +dnl +AC_CONFIG_MACRO_DIR([m4]) + + +# The default prefix should be changed from /usr/local. Set it, as in +# the documentation, to /srv/mediagoblin.example.org/mediagoblin/ +AC_PREFIX_DEFAULT([`pwd`]) + + +dnl########################### +dnl Program/command support # +dnl########################### +dnl +dnl In this section, we check for the presence of important commands +dnl and programs. + +dnl--PC_INIT---------------------------------------------------------- +dnl This is the only required macro. Its primary function is to find +dnl a Python interpreter that is compatible with the package and set +dnl the PYTHON variable to hold its path. It can optionally take +dnl arguments to specify minimum and/or maximum versions: +dnl PC_INIT: find an interpreter with a version between 2.0 and 3.3.99 +dnl (in other words, up to and including any possible release +dnl in the 3.3 series) +dnl PC_INIT([MIN_VER], [MAX_VER]): Find an interpreter that is between +dnl the minimum and maximum version. If the min is in the 2.0 +dnl series and the max is in the 3.0 series, non-existent +dnl releases (2.8 & 2.9) will be correctly skipped. +dnl---- +dnl +PC_INIT([2.6], [2.7.99]) + +dnl--PC_PYTHON_PROG_PYTHON_CONFIG------------------------------------- +dnl In order to use some of the other macros, you also need the +dnl python-config command, which will fall subject to the same problem +dnl of python3-config being preferred to python2-config. This macro +dnl will be automatically included if you use on of the macros that +dnl depends on it, so you normally don't have to call it. However, if +dnl you require a specific version, you can do something like the +dnl following example. +dnl---- +dnl +PC_PYTHON_PROG_PYTHON_CONFIG([python2-config]) +if [[ "x$PYTHON_CONFIG" == "x" ]]; then + PC_PYTHON_PROG_PYTHON_CONFIG([$PYTHON-config]) +fi + +dnl---- +dnl With the following set of macros, we implement an option +dnl "--with-virtualenv", which the user can pass to the configure +dnl script in order to install to a Virtualenv (AC_ARG_WITH). If the +dnl option is specified by the user, then we check if the program is +dnl available, checking both for "virtualenv" and "virtualenv2" +dnl (AC_CHECK_PROGS) +dnl---- +dnl +# Support installing to a virtualenv via the --with-virtualenv +# configure flag +AC_ARG_WITH([virtualenv], + [AS_HELP_STRING([--without-virtualenv], [install to a Python virtualenv])], + [], + [with_virtualenv=yes]) +AS_IF([test "x$with_virtualenv" != xno], + AC_CHECK_PROGS([VIRTUALENV], [virtualenv virtualenv3 virtualenv2], [no]) + AS_IF([test "x$VIRTUALENV" = xno], + [AC_MSG_FAILURE( + [--with-virtualenv given but virtualenv could not be found])]), + AC_SUBST([VIRTUALENV], [no])) +AC_ARG_VAR([VIRTUALENV_FLAGS], [flags to pass to the virtualenv command]) + +dnl---- +dnl If the program uses sphinx-build to build documentation, uncomment +dnl this to create a SPHINXBUILD variable in the Makefile pointing to +dnl the program. Thus, the user would specify +dnl SPHINXBUILD=/path/to/sphinx-build as an argument to the configure +dnl script. Since building the documentation should be optional, just +dnl print a warning. If the program uses some other documentation +dnl system, you can do something similar with it. +dnl---- +dnl +# Check for sphinx-build +AC_CHECK_PROGS([SPHINXBUILD], [sphinx-build sphinx-build3 sphinx-build2], [no]) +AS_IF([test "x$SPHINXBUILD" = xno], + AC_MSG_WARN(sphinx-build is required to build documentation)) + + +dnl---- +dnl These two are standard Autoconf macros which check for the +dnl presence of some programs that we will use in the Makefile. +dnl---- +dnl +AC_PROG_MKDIR_P +AC_PROG_INSTALL + +# Check for a supported database program +AC_PATH_PROG([SQLITE], [sqlite3]) +AC_PATH_PROG([POSTGRES], [postgres]) +AS_IF([test "x$SQLITE" = x -a "x$POSTGRES" = "x"], + [AC_MSG_ERROR([SQLite or PostgreSQL is required])]) + + +dnl--PC_PYTHON_SITE_PACKAGE_DIR--------------------------------------- +dnl This uses PYTHON_SITE_DIR to construct a directory for this +dnl project (ie $PYTHON_SITE_DIR/project_name) and stores it in +dnl pkgpythondir. This value is used by Automake for installing Python +dnl scripts. By default, this begins with $pythondir, unexpanded, to +dnl provide compatibility with GNU Makefile specifications, allowing +dnl the user to change the prefix from the commandline. +dnl---- +dnl +PC_PYTHON_SITE_PACKAGE_DIR + +dnl--PC_PYTHON_EXEC_PACKAGE_DIR---------------------------------------- +dnl Same as PC_PYTHON_SITE_PACKAGE_DIR but for $exec-prefix. Stored in +dnl pkgpyexecdir +dnl---- +dnl +PC_PYTHON_EXEC_PACKAGE_DIR + + +dnl############################### +dnl Checking Python capabilities # +dnl############################### + +dnl--PC_PYTHON_CHECK_MODULE([PYTHON-MODULE], [ACTION-IF-PRESENT], +dnl [ACTION-IF-ABSENT]) +dnl This macro lets you check if a given Python module exists on the +dnl system. +dnl---- +dnl +dnl PC_PYTHON_CHECK_MODULE([foo]) + +# Check for python-lxml module +PC_PYTHON_CHECK_MODULE([lxml], [], + [AC_MSG_ERROR([python-lxml is required])]) + +# Check for the Python Imaging Library +PC_PYTHON_CHECK_MODULE([Image], [], + [AC_MSG_ERROR([Python Imaging Library is required])]) + + +dnl######### +dnl Finish # +dnl######### + +dnl Define the files to be configured +AC_CONFIG_FILES([Makefile]) +dnl Generate config.status +AC_OUTPUT diff --git a/docs/Makefile b/docs/Makefile index 0b97bf7c..4461893f 100644 --- a/docs/Makefile +++ b/docs/Makefile @@ -2,7 +2,7 @@ # # You can set these variables from the command line. -SPHINXOPTS = +SPHINXOPTS = -W SPHINXBUILD = sphinx-build PAPER = BUILDDIR = build diff --git a/docs/source/api/client_register.rst b/docs/source/api/client_register.rst new file mode 100644 index 00000000..4ad7908e --- /dev/null +++ b/docs/source/api/client_register.rst @@ -0,0 +1,158 @@ +.. MediaGoblin Documentation + + Written in 2011, 2012 by MediaGoblin contributors + + To the extent possible under law, the author(s) have dedicated all + copyright and related and neighboring rights to this software to + the public domain worldwide. This software is distributed without + any warranty. + + You should have received a copy of the CC0 Public Domain + Dedication along with this software. If not, see + . + +==================== +Registering a Client +==================== + +To use the GNU MediaGoblin API you need to use the dynamic client registration. This has been adapted from the `OpenID specification `_, this is the only part of OpenID that is being used to serve the purpose to provide the client registration which is used in OAuth. + +The endpoint is ``/api/client/register`` + +The parameters are: + +type + **required** - This must be either *client_associate* (for new registration) or *client_update* + +client_id + **update only** - This should only be used updating client information, this is the client_id given when you register + +client_secret + **update only** - This should only be used updating client information, this is the client_secret given when you register + +contacts + **optional** - This a space seporated list of email addresses to contact of people responsible for the client + +application_type + **required** - This is the type of client you are making, this must be either *web* or *native* + +application_name + **optional** - This is the name of your client + +logo_url + **optional** - This is a URL of the logo image for your client + +redirect_uri + **optional** - This is a space seporated list of pre-registered URLs for use at the Authorization Server + + +Response +-------- + +You will get back a response:: + +client_id + This identifies a client + +client_secret + This is the secret. + +expires_at + This is time that the client credentials expire. If this is 0 the client registration does not expire. + +======= +Example +======= + +Register Client +--------------- + +To register a client for the first time, this is the minimum you must supply:: + + { + "type": "client_associate", + "application_type": "native" + } + +A Response will look like:: + + { + "client_secret": "hJtfhaQzgKerlLVdaeRAgmbcstSOBLRfgOinMxBCHcb", + "expires_at": 0, + "client_id": "vwljdhUMhhNbdKizpjZlxv" + } + + +Updating Client +--------------- + +Using the response we got above we can update the information and add new information we may have opted not to supply:: + + { + "type": "client_update", + "client_id": "vwljdhUMhhNbdKizpjZlxv", + "client_secret": "hJtfhaQzgKerlLVdaeRAgmbcstSOBLRfgOinMxBCHcb", + "application_type": "web", + "application_name": "MyClient!", + "logo_url": "https://myclient.org/images/my_logo.png", + "contacts": "myemail@someprovider.com another_developer@provider.net", + } + +The response will just return back the client_id and client_secret you sent:: + + { + "client_id": "vwljdhUMhhNbdKizpjZlxv", + "client_secret": "hJtfhaQzgKerlLVdaeRAgmbcstSOBLRfgOinMxBCHcb", + "expires_at": 0 + } + + +====== +Errors +====== + +There are a number of errors you could get back, This explains what could cause some of them: + +Could not decode data + This is caused when you have an error in the encoding of your data. + +Unknown Content-Type + You should sent a Content-Type header with when you make a request, this should be either application/json or www-form-urlencoded. This is caused when a unknown Content-Type is used. + +No registration type provided + This is when you leave out the ``type``. This should either be client_update or client_associate + +Unknown application_type. + This is when you have provided a ``type`` however this isn't one of the known types. + +client_id is required to update. + When you try and update you need to specify the client_id, this will be what you were given when you initially registered the client. + +client_secret is required to update. + When you try to update you need to specify the client_secrer, this will be what you were given when you initially register the client. + +Unauthorized. + This is when you are trying to update however the client_id and/or client_secret you have submitted are incorrect. + +Only set client_id for update. + This should only be given when you update. + +Only set client_secret for update. + This should only be given when you update. + +Logo URL is not a valid URL + This is when the URL specified did not meet the validation. + +contacts must be a string of space-separated email addresses. + ``contacts`` should be a string (not a list), ensure each email is seporated by a space + +Email is not a valid email + This is when you have submitted an invalid email address + +redirect_uris must be space-separated URLs. + ``redirect_uris`` should be a string (not a list), ensure each URL is seporated by a space + +URI is not a valid URI + This is when your URI is invalid. + + diff --git a/docs/source/api/oauth.rst b/docs/source/api/oauth.rst new file mode 100644 index 00000000..003ad492 --- /dev/null +++ b/docs/source/api/oauth.rst @@ -0,0 +1,36 @@ +.. MediaGoblin Documentation + + Written in 2011, 2012 by MediaGoblin contributors + + To the extent possible under law, the author(s) have dedicated all + copyright and related and neighboring rights to this software to + the public domain worldwide. This software is distributed without + any warranty. + + You should have received a copy of the CC0 Public Domain + Dedication along with this software. If not, see + . + +============== +Authentication +============== + +GNU MediaGoblin uses OAuth1 to authenticate requests to the API. There are many +libraries out there for OAuth1, you're likely not going to have to do much. There +is a library for the GNU MediaGoblin called `PyPump `_. +We are not using OAuth2 as we want to stay completely compatable with GNU MediaGoblin. + + +We use :doc:`client_register` to get the client ID and secret. + +Endpoints +--------- + +These are the endpoints you need to use for the oauth requests: + +`/oauth/request_token` is for getting the request token. + +`/oauth/authorize` is to send the user to to authorize your application. + +`/oauth/access_token` is for getting the access token to use in requests. + diff --git a/docs/source/index.rst b/docs/source/index.rst index de6c9c0d..777c4d26 100644 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -59,6 +59,9 @@ Part 2: Core plugin documentation plugindocs/oauth plugindocs/trim_whitespace plugindocs/raven + plugindocs/basic_auth + plugindocs/openid + plugindocs/persona Part 3: Plugin Writer's Guide @@ -75,6 +78,7 @@ This guide covers writing new GNU MediaGoblin plugins. pluginwriter/api pluginwriter/tests pluginwriter/media_type_hooks + pluginwriter/authhooks Part 4: Developer's Zone diff --git a/docs/source/plugindocs/basic_auth.rst b/docs/source/plugindocs/basic_auth.rst new file mode 100644 index 00000000..83492ac2 --- /dev/null +++ b/docs/source/plugindocs/basic_auth.rst @@ -0,0 +1,2 @@ +.. include:: ../../../mediagoblin/plugins/basic_auth/README.rst + diff --git a/docs/source/plugindocs/openid.rst b/docs/source/plugindocs/openid.rst new file mode 100644 index 00000000..045bf9d0 --- /dev/null +++ b/docs/source/plugindocs/openid.rst @@ -0,0 +1,2 @@ +.. include:: ../../../mediagoblin/plugins/openid/README.rst + diff --git a/docs/source/plugindocs/persona.rst b/docs/source/plugindocs/persona.rst new file mode 100644 index 00000000..2524127d --- /dev/null +++ b/docs/source/plugindocs/persona.rst @@ -0,0 +1,2 @@ +.. include:: ../../../mediagoblin/plugins/persona/README.rst + diff --git a/docs/source/plugindocs/raven.rst b/docs/source/plugindocs/raven.rst index 71e284d0..ae96f3f8 100644 --- a/docs/source/plugindocs/raven.rst +++ b/docs/source/plugindocs/raven.rst @@ -1,2 +1 @@ -.. _raven-setup: Set up the raven plugin .. include:: ../../../mediagoblin/plugins/raven/README.rst diff --git a/docs/source/pluginwriter/authhooks.rst b/docs/source/pluginwriter/authhooks.rst new file mode 100644 index 00000000..9721d729 --- /dev/null +++ b/docs/source/pluginwriter/authhooks.rst @@ -0,0 +1,86 @@ +====================== + Authentication Hooks +====================== + +This documents the hooks that are currently available for authentication +plugins. If you need new hooks for your plugin, go ahead a submit a patch. + +What hooks are available? +========================= + +'authentication' +---------------- + +This hook just needs to return ``True`` as this is how +the MediaGoblin app knows that an authentication plugin is enabled. + + +'auth_extra_validation' +----------------------- + +This hook is used to provide any additional validation of the registration +form when using ``mediagoblin.auth.tools.register_user()``. This hook runs +through all enabled auth plugins. + + +'auth_create_user' +------------------ + +This hook is used by ``mediagoblin.auth.tools.register_user()`` so plugins can +store the necessary information when creating a user. This hook runs through +all enabled auth plugins. + +'auth_get_user' +--------------- + +This hook is used by ``mediagoblin.auth.tools.check_login_simple()``. Your +plugin should return a ``User`` object given a username. + +'auth_no_pass_redirect' +----------------------- + +This hook is called in ``mediagoblin.auth.views`` in both the ``login`` and +``register`` views. This hook should return the name of your plugin, so that +if :ref:`basic_auth-chapter` is not enabled, the user will be redirected to the +correct login and registration views for your plugin. + +The code assumes that it can generate a valid url given +``mediagoblin.plugins.{{ your_plugin_here }}.login`` and +``mediagoblin.plugins.{{ your_plugin_here }}.register``. This is only needed if +you will not be using the ``login`` and ``register`` views in +``mediagoblin.auth.views``. + +'auth_get_login_form' +--------------------- + +This hook is called in ``mediagoblin.auth.views.login()``. If you are not using +that view, then you do not need this hook. This hook should take a ``request`` +object and return the ``LoginForm`` for your plugin. + +'auth_get_registration_form' +---------------------------- + +This hook is called in ``mediagoblin.auth.views.register()``. If you are not +using that view, then you do not need this hook. This hook should take a +``request`` object and return the ``RegisterForm`` for your plugin. + +'auth_gen_password_hash' +------------------------ + +This hook should accept a ``raw_pass`` and an ``extra_salt`` and return a +hashed password to be stored in ``User.pw_hash``. + +'auth_check_password' +--------------------- + +This hook should accept a ``raw_pass``, a ``stored_hash``, and an ``extra_salt``. +Your plugin should then check that the ``raw_pass`` hashes to the same thing as +the ``stored_hash`` and return either ``True`` or ``False``. + +'auth_fake_login_attempt' +------------------------- + +This hook is called in ``mediagoblin.auth.tools.check_login_simple``. It is +called if a user is not found and should do something that takes the same amount +of time as your ``check_password`` function. This is to help prevent timining +attacks. diff --git a/docs/source/siteadmin/deploying.rst b/docs/source/siteadmin/deploying.rst index 50fc05c5..6123dc9e 100644 --- a/docs/source/siteadmin/deploying.rst +++ b/docs/source/siteadmin/deploying.rst @@ -1,6 +1,6 @@ .. MediaGoblin Documentation - Written in 2011, 2012 by MediaGoblin contributors + Written in 2011, 2012, 2013 by MediaGoblin contributors To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to @@ -77,7 +77,7 @@ Configure PostgreSQL If you don't want/need postgres, skip this section. -These are the packages needed for Debian Wheezy (testing):: +These are the packages needed for Debian Wheezy (stable):: sudo apt-get install postgresql postgresql-client python-psycopg2 @@ -121,25 +121,62 @@ where the first ``mediagoblin`` is the database owner and the second Drop Privileges for MediaGoblin ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -As MediaGoblin does not require special permissions or elevated -access, you should run MediaGoblin under an existing non-root user or -preferably create a dedicated user for the purpose of running -MediaGoblin. Consult your distribution's documentation on how to -create "system account" or dedicated service user. Ensure that it is -not possible to log in to your system with as this user. +MediaGoblin does not require special permissions or elevated +access to run. As such, the prefered way to run MediaGoblin is to +create a dedicated, unpriviledged system user for sole the purpose of running +MediaGoblin. Running MediaGoblin processes under an unpriviledged system user +helps to keep it more secure. + +The following command (entered as root or with sudo) will create a +system account with a username of ``mediagoblin``. You may choose a different +username if you wish.:: + + adduser --system mediagoblin + +No password will be assigned to this account, and you will not be able +to log in as this user. To switch to this account, enter either:: + + sudo su - mediagoblin (if you have sudo permissions) + +or:: + + su - mediagoblin (if you have to use root permissions) + +You may get a warning similar to this when entering these commands:: + + warning: cannot change directory to /home/mediagoblin: No such file or directory + +You can disregard this warning. To return to your regular user account after +using the system account, just enter ``exit``. + +.. note:: + + Unless otherwise noted, the remainder of this document assumes that all + operations are performed using this unpriviledged account. + +.. _create-mediagoblin-directory: + +Create a MediaGoblin Directory +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You should create a working directory for MediaGoblin. This document assumes your local git repository will be located at -``/srv/mediagoblin.example.org/mediagoblin/`` for this documentation. -Substitute your prefer ed local deployment path as needed. +``/srv/mediagoblin.example.org/mediagoblin/``. +Substitute your prefered local deployment path as needed. -This document assumes that all operations are performed as this -user. To drop privileges to this user, run the following command:: +Setting up the working directory requires that we first create the directory +with elevated priviledges, and then assign ownership of the directory +to the unpriviledged system account. - su - [mediagoblin] +To do this, enter either of the following commands, changing the defaults +to suit your particular requirements:: + + sudo mkdir -p /srv/mediagoblin.example.org && sudo chown -hR mediagoblin:mediagoblin /srv/mediagobin.example.org + +or (as the root user):: + + mkdir -p /srv/mediagoblin.example.org && chown -hR mediagoblin:mediagoblin /srv/mediagobin.example.org -Where, "``[mediagoblin]``" is the username of the system user that will -run MediaGoblin. Install MediaGoblin and Virtualenv ---------------------------------- @@ -151,11 +188,14 @@ Install MediaGoblin and Virtualenv branch of the git repository. Eventually production deployments will want to transition to running from more consistent releases. -Issue the following commands, to create and change the working -directory. Modify these commands to reflect your own environment:: +We will now clone the MediaGoblin source code repository and setup and +configure the necessary services. Modify these commands to +suit your own environment. As a reminder, you should enter these +commands using your unpriviledged system account. - mkdir -p /srv/mediagoblin.example.org/ - cd /srv/mediagoblin.example.org/ +Change to the MediaGoblin directory that you just created:: + + cd /srv/mediagoblin.example.org Clone the MediaGoblin repository and set up the git submodules:: @@ -163,12 +203,23 @@ Clone the MediaGoblin repository and set up the git submodules:: cd mediagoblin git submodule init && git submodule update -And set up the in-package virtualenv:: +Set up the in-package virtualenv via make:: - (virtualenv --system-site-packages . || virtualenv .) && ./bin/python setup.py develop + ./bootstrap.sh && ./configure && make .. note:: + Prefer not to use make, or want to use the "old way" of installing + MediaGoblin (maybe you know how to use virtualenv and python + packaging)? You still can! All that the above make script is doing + is installing an in-package virtualenv and running + + ./bin/python setup.py develop + +.. :: + + (NOTE: Is this still relevant?) + If you have problems here, consider trying to install virtualenv with the ``--distribute`` or ``--no-site-packages`` options. If your system's default Python is in the 3.x series you may need to @@ -388,4 +439,5 @@ Security Considerations for session security. Make sure not to leak its contents anywhere. If the contents gets leaked nevertheless, delete your file and restart the server, so that it creates a new secret key. - All previous sessions will be invalifated then. + All previous sessions will be invalidated. + diff --git a/docs/source/siteadmin/relnotes.rst b/docs/source/siteadmin/relnotes.rst index 35415b66..72fcb3d4 100644 --- a/docs/source/siteadmin/relnotes.rst +++ b/docs/source/siteadmin/relnotes.rst @@ -108,8 +108,8 @@ please note the following: .. code-block:: ini - [plugins] - [[mediagoblin.plugins.geolocation]] + [plugins] + [[mediagoblin.plugins.geolocation]] If you have your own theme, you may need to make some adjustments to it as some theme related things may have changed in this release. If diff --git a/install-sh b/install-sh new file mode 100755 index 00000000..377bb868 --- /dev/null +++ b/install-sh @@ -0,0 +1,527 @@ +#!/bin/sh +# install - install a program, script, or datafile + +scriptversion=2011-11-20.07; # UTC + +# This originates from X11R5 (mit/util/scripts/install.sh), which was +# later released in X11R6 (xc/config/util/install.sh) with the +# following copyright and license. +# +# Copyright (C) 1994 X Consortium +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- +# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# +# Except as contained in this notice, the name of the X Consortium shall not +# be used in advertising or otherwise to promote the sale, use or other deal- +# ings in this Software without prior written authorization from the X Consor- +# tium. +# +# +# FSF changes to this file are in the public domain. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# 'make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. + +nl=' +' +IFS=" "" $nl" + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit=${DOITPROG-} +if test -z "$doit"; then + doit_exec=exec +else + doit_exec=$doit +fi + +# Put in absolute file names if you don't have them in your path; +# or use environment vars. + +chgrpprog=${CHGRPPROG-chgrp} +chmodprog=${CHMODPROG-chmod} +chownprog=${CHOWNPROG-chown} +cmpprog=${CMPPROG-cmp} +cpprog=${CPPROG-cp} +mkdirprog=${MKDIRPROG-mkdir} +mvprog=${MVPROG-mv} +rmprog=${RMPROG-rm} +stripprog=${STRIPPROG-strip} + +posix_glob='?' +initialize_posix_glob=' + test "$posix_glob" != "?" || { + if (set -f) 2>/dev/null; then + posix_glob= + else + posix_glob=: + fi + } +' + +posix_mkdir= + +# Desired mode of installed file. +mode=0755 + +chgrpcmd= +chmodcmd=$chmodprog +chowncmd= +mvcmd=$mvprog +rmcmd="$rmprog -f" +stripcmd= + +src= +dst= +dir_arg= +dst_arg= + +copy_on_change=false +no_target_directory= + +usage="\ +Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE + or: $0 [OPTION]... SRCFILES... DIRECTORY + or: $0 [OPTION]... -t DIRECTORY SRCFILES... + or: $0 [OPTION]... -d DIRECTORIES... + +In the 1st form, copy SRCFILE to DSTFILE. +In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. +In the 4th, create DIRECTORIES. + +Options: + --help display this help and exit. + --version display version info and exit. + + -c (ignored) + -C install only if different (preserve the last data modification time) + -d create directories instead of installing files. + -g GROUP $chgrpprog installed files to GROUP. + -m MODE $chmodprog installed files to MODE. + -o USER $chownprog installed files to USER. + -s $stripprog installed files. + -t DIRECTORY install into DIRECTORY. + -T report an error if DSTFILE is a directory. + +Environment variables override the default commands: + CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG + RMPROG STRIPPROG +" + +while test $# -ne 0; do + case $1 in + -c) ;; + + -C) copy_on_change=true;; + + -d) dir_arg=true;; + + -g) chgrpcmd="$chgrpprog $2" + shift;; + + --help) echo "$usage"; exit $?;; + + -m) mode=$2 + case $mode in + *' '* | *' '* | *' +'* | *'*'* | *'?'* | *'['*) + echo "$0: invalid mode: $mode" >&2 + exit 1;; + esac + shift;; + + -o) chowncmd="$chownprog $2" + shift;; + + -s) stripcmd=$stripprog;; + + -t) dst_arg=$2 + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + shift;; + + -T) no_target_directory=true;; + + --version) echo "$0 $scriptversion"; exit $?;; + + --) shift + break;; + + -*) echo "$0: invalid option: $1" >&2 + exit 1;; + + *) break;; + esac + shift +done + +if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then + # When -d is used, all remaining arguments are directories to create. + # When -t is used, the destination is already specified. + # Otherwise, the last argument is the destination. Remove it from $@. + for arg + do + if test -n "$dst_arg"; then + # $@ is not empty: it contains at least $arg. + set fnord "$@" "$dst_arg" + shift # fnord + fi + shift # arg + dst_arg=$arg + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + done +fi + +if test $# -eq 0; then + if test -z "$dir_arg"; then + echo "$0: no input file specified." >&2 + exit 1 + fi + # It's OK to call 'install-sh -d' without argument. + # This can happen when creating conditional directories. + exit 0 +fi + +if test -z "$dir_arg"; then + do_exit='(exit $ret); exit $ret' + trap "ret=129; $do_exit" 1 + trap "ret=130; $do_exit" 2 + trap "ret=141; $do_exit" 13 + trap "ret=143; $do_exit" 15 + + # Set umask so as not to create temps with too-generous modes. + # However, 'strip' requires both read and write access to temps. + case $mode in + # Optimize common cases. + *644) cp_umask=133;; + *755) cp_umask=22;; + + *[0-7]) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw='% 200' + fi + cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; + *) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw=,u+rw + fi + cp_umask=$mode$u_plus_rw;; + esac +fi + +for src +do + # Protect names problematic for 'test' and other utilities. + case $src in + -* | [=\(\)!]) src=./$src;; + esac + + if test -n "$dir_arg"; then + dst=$src + dstdir=$dst + test -d "$dstdir" + dstdir_status=$? + else + + # Waiting for this to be detected by the "$cpprog $src $dsttmp" command + # might cause directories to be created, which would be especially bad + # if $src (and thus $dsttmp) contains '*'. + if test ! -f "$src" && test ! -d "$src"; then + echo "$0: $src does not exist." >&2 + exit 1 + fi + + if test -z "$dst_arg"; then + echo "$0: no destination specified." >&2 + exit 1 + fi + dst=$dst_arg + + # If destination is a directory, append the input filename; won't work + # if double slashes aren't ignored. + if test -d "$dst"; then + if test -n "$no_target_directory"; then + echo "$0: $dst_arg: Is a directory" >&2 + exit 1 + fi + dstdir=$dst + dst=$dstdir/`basename "$src"` + dstdir_status=0 + else + # Prefer dirname, but fall back on a substitute if dirname fails. + dstdir=` + (dirname "$dst") 2>/dev/null || + expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$dst" : 'X\(//\)[^/]' \| \ + X"$dst" : 'X\(//\)$' \| \ + X"$dst" : 'X\(/\)' \| . 2>/dev/null || + echo X"$dst" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q' + ` + + test -d "$dstdir" + dstdir_status=$? + fi + fi + + obsolete_mkdir_used=false + + if test $dstdir_status != 0; then + case $posix_mkdir in + '') + # Create intermediate dirs using mode 755 as modified by the umask. + # This is like FreeBSD 'install' as of 1997-10-28. + umask=`umask` + case $stripcmd.$umask in + # Optimize common cases. + *[2367][2367]) mkdir_umask=$umask;; + .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; + + *[0-7]) + mkdir_umask=`expr $umask + 22 \ + - $umask % 100 % 40 + $umask % 20 \ + - $umask % 10 % 4 + $umask % 2 + `;; + *) mkdir_umask=$umask,go-w;; + esac + + # With -d, create the new directory with the user-specified mode. + # Otherwise, rely on $mkdir_umask. + if test -n "$dir_arg"; then + mkdir_mode=-m$mode + else + mkdir_mode= + fi + + posix_mkdir=false + case $umask in + *[123567][0-7][0-7]) + # POSIX mkdir -p sets u+wx bits regardless of umask, which + # is incompatible with FreeBSD 'install' when (umask & 300) != 0. + ;; + *) + tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ + trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 + + if (umask $mkdir_umask && + exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 + then + if test -z "$dir_arg" || { + # Check for POSIX incompatibilities with -m. + # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or + # other-writable bit of parent directory when it shouldn't. + # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. + ls_ld_tmpdir=`ls -ld "$tmpdir"` + case $ls_ld_tmpdir in + d????-?r-*) different_mode=700;; + d????-?--*) different_mode=755;; + *) false;; + esac && + $mkdirprog -m$different_mode -p -- "$tmpdir" && { + ls_ld_tmpdir_1=`ls -ld "$tmpdir"` + test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" + } + } + then posix_mkdir=: + fi + rmdir "$tmpdir/d" "$tmpdir" + else + # Remove any dirs left behind by ancient mkdir implementations. + rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null + fi + trap '' 0;; + esac;; + esac + + if + $posix_mkdir && ( + umask $mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" + ) + then : + else + + # The umask is ridiculous, or mkdir does not conform to POSIX, + # or it failed possibly due to a race condition. Create the + # directory the slow way, step by step, checking for races as we go. + + case $dstdir in + /*) prefix='/';; + [-=\(\)!]*) prefix='./';; + *) prefix='';; + esac + + eval "$initialize_posix_glob" + + oIFS=$IFS + IFS=/ + $posix_glob set -f + set fnord $dstdir + shift + $posix_glob set +f + IFS=$oIFS + + prefixes= + + for d + do + test X"$d" = X && continue + + prefix=$prefix$d + if test -d "$prefix"; then + prefixes= + else + if $posix_mkdir; then + (umask=$mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break + # Don't fail if two instances are running concurrently. + test -d "$prefix" || exit 1 + else + case $prefix in + *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; + *) qprefix=$prefix;; + esac + prefixes="$prefixes '$qprefix'" + fi + fi + prefix=$prefix/ + done + + if test -n "$prefixes"; then + # Don't fail if two instances are running concurrently. + (umask $mkdir_umask && + eval "\$doit_exec \$mkdirprog $prefixes") || + test -d "$dstdir" || exit 1 + obsolete_mkdir_used=true + fi + fi + fi + + if test -n "$dir_arg"; then + { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && + { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || + test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 + else + + # Make a couple of temp file names in the proper directory. + dsttmp=$dstdir/_inst.$$_ + rmtmp=$dstdir/_rm.$$_ + + # Trap to clean up those temp files at exit. + trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 + + # Copy the file name to the temp name. + (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && + + # and set any options; do chmod last to preserve setuid bits. + # + # If any of these fail, we abort the whole thing. If we want to + # ignore errors from any of these, just make sure not to ignore + # errors from the above "$doit $cpprog $src $dsttmp" command. + # + { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && + { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && + { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && + + # If -C, don't bother to copy if it wouldn't change the file. + if $copy_on_change && + old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && + new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && + + eval "$initialize_posix_glob" && + $posix_glob set -f && + set X $old && old=:$2:$4:$5:$6 && + set X $new && new=:$2:$4:$5:$6 && + $posix_glob set +f && + + test "$old" = "$new" && + $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 + then + rm -f "$dsttmp" + else + # Rename the file to the real destination. + $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || + + # The rename failed, perhaps because mv can't rename something else + # to itself, or perhaps because mv is so ancient that it does not + # support -f. + { + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + test ! -f "$dst" || + $doit $rmcmd -f "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && + { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 + } + } && + + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dst" + } + fi || exit 1 + + trap '' 0 + fi +done + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff --git a/m4/python.m4 b/m4/python.m4 new file mode 100644 index 00000000..f8b197fe --- /dev/null +++ b/m4/python.m4 @@ -0,0 +1,638 @@ +# Copyright 2012, 2013 Brandon Invergo +# +# This file is part of pyconfigure. This program is free +# software; you can redistribute it and/or modify it under the +# terms of the GNU General Public License as published by the +# Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# Under Section 7 of GPL version 3, you are granted additional +# permissions described in the Autoconf Configure Script Exception, +# version 3.0, as published by the Free Software Foundation. +# +# You should have received a copy of the GNU General Public License +# and a copy of the Autoconf Configure Script Exception along with +# this program; see the files COPYINGv3 and COPYING.EXCEPTION +# respectively. If not, see . + + +# Many of these macros were adapted from ones written by Andrew Dalke +# and James Henstridge and are included with the Automake utility +# under the following copyright terms: +# +# Copyright (C) 1999-2012 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# Table of Contents: +# +# 1. Language selection +# and routines to produce programs in a given language. +# +# 2. Producing programs in a given language. +# +# 3. Looking for a compiler +# And possibly the associated preprocessor. +# +# 4. Looking for specific libs & functionality + + +## ----------------------- ## +## 1. Language selection. ## +## ----------------------- ## + + +# AC_LANG(Python) +# --------------- +AC_LANG_DEFINE([Python], [py], [PY], [PYTHON], [], +[ac_ext=py +ac_compile='chmod +x conftest.$ac_ext >&AS_MESSAGE_LOG_FD' +ac_link='chmod +x conftest.$ac_ext && cp conftest.$ac_ext conftest >&AS_MESSAGE_LOG_FD' +]) + + +# AC_LANG_PYTHON +# -------------- +AU_DEFUN([AC_LANG_PYTHON], [AC_LANG(Python)]) + + +## ----------------------- ## +## 2. Producing programs. ## +## ----------------------- ## + + +# AC_LANG_PROGRAM(Python)([PROLOGUE], [BODY]) +# ------------------------------------------- +m4_define([AC_LANG_PROGRAM(Python)], [dnl +@%:@!$PYTHON +$1 +m4_if([$2], [], [], [dnl +if __name__ == '__main__': +$2])]) + + +# _AC_LANG_IO_PROGRAM(Python) +# --------------------------- +# Produce source that performs I/O. +m4_define([_AC_LANG_IO_PROGRAM(Python)], +[AC_LANG_PROGRAM([dnl +import sys +try: + h = open('conftest.out') +except: + sys.exit(1) +else: + close(h) + sys.exit(0) +], [])]) + + +# _AC_LANG_CALL(Python)([PROLOGUE], [FUNCTION]) +# --------------------- +# Produce source that calls FUNCTION +m4_define([_AC_LANG_CALL(Python)], +[AC_LANG_PROGRAM([$1], [$2])]) + + +## -------------------------------------------- ## +## 3. Looking for Compilers and Interpreters. ## +## -------------------------------------------- ## + + +AC_DEFUN([AC_LANG_COMPILER(Python)], +[AC_REQUIRE([AC_PROG_PYTHON])]) + + +# PC_INIT([MIN_VER], [MAX_VER]) +# ----------------------------- +# Initialize pyconfigure, finding a Python interpreter with a given +# minimum and/or maximum version. +AC_DEFUN([PC_INIT], +[AC_ARG_VAR([PYTHON], [the Python interpreter]) +dnl The default minimum version is 2.0 +m4_define_default([pc_min_ver], m4_ifval([$1], [$1], [2.0])) +dnl The default maximum version is 3.3 +m4_define_default([pc_max_ver], m4_ifval([$2], [$2], [3.3])) +dnl Build up a list of possible interpreter names. +m4_define_default([_PC_PYTHON_INTERPRETER_LIST], +dnl Construct a comma-separated list of interpreter names (python2.6, +dnl python2.7, etc). We only care about the first 3 characters of the +dnl version strings (major-dot-minor; not +dnl major-dot-minor-dot-bugfix[-dot-whatever]) + [m4_foreach([pc_ver], + m4_esyscmd_s(seq -s[[", "]] -f["[[%.1f]]"] m4_substr(pc_max_ver, [0], [3]) -0.1 m4_substr(pc_min_ver, [0], [3])), +dnl Remove python2.8 and python2.9 since they will never exist + [m4_bmatch(pc_ver, [2.[89]], [], [python]pc_ver)] ) \ +dnl If we want some Python 3 versions (max version >= 3.0), +dnl also search for "python3" +m4_if(m4_version_compare(pc_max_ver, [2.9]), [1], [python3], []) \ +dnl If we want some Python 2 versions (min version <= 2.7), +dnl also search for "python2". Finally, also search for plain ol' "python" +m4_if(m4_version_compare(pc_min_ver, [2.8]), [-1], [python2], []) [python]]) +dnl Do the actual search at last. +AC_PATH_PROGS(PYTHON, [_PC_PYTHON_INTERPRETER_LIST]) +dnl If we found something, do a sanity check that the interpreter really +dnl has the version its name would suggest. +m4_ifval([PYTHON], + [PC_PYTHON_VERIFY_VERSION([>=], [pc_min_ver], + [AC_MSG_RESULT([yes])], + [AC_MSG_FAILURE([No compatible Python interpreter found. If you're sure that you have one, try setting the PYTHON environment variable to the location of the interpreter.])])]) +m4_ifval([PYTHON], + [PC_PYTHON_VERIFY_VERSION([<=], [pc_max_ver], + [AC_MSG_RESULT([yes])], + [AC_MSG_FAILURE([No compatible Python interpreter found. If you're sure that you have one, try setting the PYTHON environment variable to the location of the interpreter.])])]) +])# PC_INIT + +# AC_PROG_PYTHON(PROG-TO-CHECK-FOR) +# --------------------------------- +# Find a Python interpreter. Python versions prior to 2.0 are not +# supported. (2.0 was released on October 16, 2000). +AC_DEFUN([AC_PROG_PYTHON], +[AC_ARG_VAR([PYTHON], [the Python interpreter]) +m4_define_default([_PC_PYTHON_INTERPRETER_LIST], + [python python3 python3.3 python3.2 python3.1 python3.0 python2 python2.7 dnl + python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0]) +m4_ifval([$1], + [AC_PATH_PROGS(PYTHON, [$1 _PC_PYTHON_INTERPRETER_LIST])], + [AC_PATH_PROGS(PYTHON, [_PC_PYTHON_INTERPRETER_LIST])]) +]) + + +# PC_PYTHON_PROG_PYTHON_CONFIG(PROG-TO-CHECK-FOR) +# ---------------------------------------------- +# Find the python-config program +AC_DEFUN([PC_PYTHON_PROG_PYTHON_CONFIG], +[AC_REQUIRE([PC_INIT])[]dnl +AC_ARG_VAR([PYTHON_CONFIG], [the Python-config program]) +dnl python-config's binary name is normally based on the Python interpreter's +dnl binary name (i.e. python2.7 -> python2.7-config) +m4_define([_PYTHON_BASENAME], [`basename $PYTHON`]) +m4_ifval([$1], + [AC_PATH_PROGS(PYTHON_CONFIG, [$1 _PYTHON_BASENAME-config])], + [AC_PATH_PROG(PYTHON_CONFIG, _PYTHON_BASENAME-config)]) +]) # PC_PYTHON_PROG_PYTHON_CONFIG + + +# PC_PYTHON_VERIFY_VERSION(RELATION, VERSION, [ACTION-IF-TRUE], [ACTION-IF-NOT-FOUND]) +# --------------------------------------------------------------------------- +# Run ACTION-IF-TRUE if the Python interpreter PROG has version >= VERSION. +# Run ACTION-IF-FALSE otherwise. +# Specify RELATION as any mathematical comparison "<", ">", "<=", ">=", "==" or "!=" +# This test uses sys.hexversion instead of the string equivalent (first +# word of sys.version), in order to cope with versions such as 2.2c1. +# This supports Python 2.0 or higher. (2.0 was released on October 16, 2000). +AC_DEFUN([PC_PYTHON_VERIFY_VERSION], +[m4_define([pc_python_safe_ver], m4_bpatsubsts($2, [\.], [_])) +AC_CACHE_CHECK([if Python $1 '$2'], + [[pc_cv_python_min_version_]pc_python_safe_ver], + [AC_LANG_PUSH(Python)[]dnl + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([dnl +import sys +], [dnl + # split strings by '.' and convert to numeric. Append some zeros + # because we need at least 4 digits for the hex conversion. + # map returns an iterator in Python 3.0 and a list in 2.x + reqver = list(map(int, '$2'.split('.'))) + [[0, 0, 0]] + reqverhex = 0 + # xrange is not present in Python 3.0 and range returns an iterator + for i in list(range(4)): + reqverhex = (reqverhex << 8) + reqver[[i]] + if sys.hexversion $1 reqverhex: + sys.exit() + else: + sys.exit(1) +])], + [[pc_cv_python_req_version_]pc_python_safe_ver="yes"], + [[pc_cv_python_req_version_]pc_python_safe_ver="no"]) + AC_LANG_POP(Python)[]dnl + ]) +AS_IF([test "$[pc_cv_python_req_version_]pc_python_safe_ver" = "no"], [$4], [$3]) +])# PC_PYTHON_VERIFY_VERSION + + +# PC_PYTHON_CHECK_VERSION +# ----------------------- +# Query Python for its version number. Getting [:3] seems to be +# the best way to do this; it's what "site.py" does in the standard +# library. +AC_DEFUN([PC_PYTHON_CHECK_VERSION], +[AC_REQUIRE([PC_INIT])[]dnl +AC_CACHE_CHECK([for $1 version], + [pc_cv_python_version], + [AC_LANG_PUSH(Python)[]dnl + AC_LANG_CONFTEST([ + AC_LANG_PROGRAM([dnl +import sys +], [dnl + sys.stdout.write(sys.version[[:3]]) +])]) + pc_cv_python_version=`$PYTHON conftest.py` + AC_LANG_POP(Python)[]dnl + ]) +AC_SUBST([PYTHON_VERSION], [$pc_cv_python_version]) +])# PC_PYTHON_CHECK_VERSION + + +# PC_PYTHON_CHECK_PREFIX +# ---------------------- +# Use the value of $prefix for the corresponding value of +# PYTHON_PREFIX. This is made a distinct variable so it can be +# overridden if need be. However, general consensus is that you +# shouldn't need this ability. +AC_DEFUN([PC_PYTHON_CHECK_PREFIX], +[AC_REQUIRE([PC_PYTHON_PROG_PYTHON_CONFIG])[]dnl +dnl Try to get it with python-config otherwise do it from within Python +AC_CACHE_CHECK([for Python prefix], [pc_cv_python_prefix], +[if test -x "$PYTHON_CONFIG"; then + pc_cv_python_prefix=`$PYTHON_CONFIG --prefix 2>&AS_MESSAGE_LOG_FD` +else + AC_LANG_PUSH(Python)[]dnl + pc_cv_python_prefix=AC_LANG_CONFTEST([AC_LANG_PROGRAM([dnl +import sys +], [dnl + sys.exit(sys.prefix) +])]) + AC_LANG_POP(Python)[]dnl +fi]) +AC_SUBST([PYTHON_PREFIX], [$pc_cv_python_prefix])]) + + +# PC_PYTHON_CHECK_EXEC_PREFIX +# -------------------------- +# Like above, but for $exec_prefix +AC_DEFUN([PC_PYTHON_CHECK_EXEC_PREFIX], +[AC_REQUIRE([PC_PYTHON_PROG_PYTHON_CONFIG])[]dnl +dnl Try to get it with python-config otherwise do it from within Python +AC_CACHE_CHECK([for Python exec-prefix], [pc_cv_python_exec_prefix], +[if test -x "$PYTHON_CONFIG"; then + pc_cv_python_exec_prefix=`$PYTHON_CONFIG --exec-prefix 2>&AS_MESSAGE_LOG_FD` +else + AC_LANG_PUSH(Python)[]dnl + pc_cv_python_exec_prefix=AC_LANG_CONFTEST([AC_LANG_PROGRAM([dnl +import sys +], [dnl + sys.exit(sys.exec_prefix) +])]) + AC_LANG_POP(Python)[]dnl +fi +]) +AC_SUBST([PYTHON_EXEC_PREFIX], [$pc_cv_python_exec_prefix])]) + + +# PC_PYTHON_CHECK_INCLUDES +# ------------------------ +# Find the Python header file include flags (ie +# '-I/usr/include/python') +AC_DEFUN([PC_PYTHON_CHECK_INCLUDES], +[AC_REQUIRE([PC_PYTHON_PROG_PYTHON_CONFIG])[]dnl +dnl Try to find the headers location with python-config otherwise guess +AC_CACHE_CHECK([for Python includes], [pc_cv_python_includes], +[if test -x "$PYTHON_CONFIG"; then + pc_cv_python_includes=`$PYTHON_CONFIG --includes 2>&AS_MESSAGE_LOG_FD` +else + pc_cv_python_includes="[-I$includedir/$_PYTHON_BASENAME]m4_ifdef(PYTHON_ABI_FLAGS, + PYTHON_ABI_FLAGS,)" +fi +]) +AC_SUBST([PYTHON_INCLUDES], [$pc_cv_python_includes])]) + + +# PC_PYTHON_CHECK_HEADERS([ACTION-IF-PRESENT], [ACTION-IF-ABSENT]) +# ----------------------- +# Check for the presence and usability of Python.h +AC_DEFUN([PC_PYTHON_CHECK_HEADERS], +[AC_REQUIRE([PC_PYTHON_CHECK_INCLUDES])[]dnl +pc_cflags_store=$CPPFLAGS +CPPFLAGS="$CFLAGS $PYTHON_INCLUDES" +AC_CHECK_HEADER([Python.h], [$1], [$2]) +CPPFLAGS=$pc_cflags_store +]) + + +# PC_PYTHON_CHECK_LIBS +# -------------------- +# Find the Python lib flags (ie '-lpython') +AC_DEFUN([PC_PYTHON_CHECK_LIBS], +[AC_REQUIRE([PC_PYTHON_PROG_PYTHON_CONFIG])[]dnl +dnl Try to find the lib flags with python-config otherwise guess +AC_CACHE_CHECK([for Python libs], [pc_cv_python_libs], +[if test -x "$PYTHON_CONFIG"; then + pc_cv_python_libs=`$PYTHON_CONFIG --libs 2>&AS_MESSAGE_LOG_FD` +else + pc_cv_python_libs="[-l$_PYTHON_BASENAME]m4_ifdef(PYTHON_ABI_FLAGS, PYTHON_ABI_FLAGS,)" +fi +]) +AC_SUBST([PYTHON_LIBS], [$pc_cv_python_libs])]) + + +# PC_PYTHON_TEST_LIBS(LIBRARY-FUNCTION, [ACTION-IF-PRESENT], [ACTION-IF-ABSENT]) +# ------------------- +# Verify that the Python libs can be loaded +AC_DEFUN([PC_PYTHON_TEST_LIBS], +[AC_REQUIRE([PC_PYTHON_CHECK_LIBS])[]dnl +pc_libflags_store=$LIBS +for lflag in $PYTHON_LIBS; do + case $lflag in + -lpython*@:}@ + LIBS="$LIBS $lflag" + pc_libpython=`echo $lflag | sed -e 's/^-l//'` + ;; + *@:}@;; + esac +done +AC_CHECK_LIB([$pc_libpython], [$1], [$2], [$3])]) + + +# PC_PYTHON_CHECK_CFLAGS +# ---------------------- +# Find the Python CFLAGS +AC_DEFUN([PC_PYTHON_CHECK_CFLAGS], +[AC_REQUIRE([PC_PYTHON_PROG_PYTHON_CONFIG])[]dnl +dnl Try to find the CFLAGS with python-config otherwise give up +AC_CACHE_CHECK([for Python CFLAGS], [pc_cv_python_cflags], +[if test -x "$PYTHON_CONFIG"; then + pc_cv_python_cflags=`$PYTHON_CONFIG --cflags 2>&AS_MESSAGE_LOG_FD` +else + pc_cv_python_cflags= +fi +]) +AC_SUBST([PYTHON_CFLAGS], [$pc_cv_python_cflags])]) + + +# PC_PYTHON_CHECK_LDFLAGS +# ----------------------- +# Find the Python LDFLAGS +AC_DEFUN([PC_PYTHON_CHECK_LDFLAGS], +[AC_REQUIRE([PC_PYTHON_PROG_PYTHON_CONFIG])[]dnl +dnl Try to find the LDFLAGS with python-config otherwise give up +AC_CACHE_CHECK([for Python LDFLAGS], [pc_cv_python_ldflags], +[if test -x "$PYTHON_CONFIG"; then + pc_cv_python_ldflags=`$PYTHON_CONFIG --ldflags 2>&AS_MESSAGE_LOG_FD` +else + pc_cv_python_ldflags= +fi +]) +AC_SUBST([PYTHON_LDFLAGS], [$pc_cv_python_ldflags])]) + + +# PC_PYTHON_CHECK_EXTENSION_SUFFIX +# -------------------------------- +# Find the Python extension suffix (i.e. '.cpython-32.so') +AC_DEFUN([PC_PYTHON_CHECK_EXTENSION_SUFFIX], +[AC_REQUIRE([PC_PYTHON_PROG_PYTHON_CONFIG])[]dnl +dnl Try to find the suffix with python-config otherwise give up +AC_CACHE_CHECK([for Python extension suffix], [pc_cv_python_extension_suffix], +[if test -x "$PYTHON_CONFIG"; then + pc_cv_python_extension_suffix=`$PYTHON_CONFIG --extension-suffix 2>&AS_MESSAGE_LOG_FD` +else + pc_cv_python_extension_suffix= +fi +]) +AC_SUBST([PYTHON_EXTENSION_SUFFIX], [$pc_cv_python_extension_suffix])]) + + +# PC_PYTHON_CHECK_ABI_FLAGS +# ------------------------- +# Find the Python ABI flags +AC_DEFUN([PC_PYTHON_CHECK_ABI_FLAGS], +[AC_REQUIRE([PC_PYTHON_PROG_PYTHON_CONFIG])[]dnl +dnl Try to find the ABI flags with python-config otherwise give up +AC_CACHE_CHECK([for Python ABI flags], [pc_cv_python_abi_flags], +[if test -x "$PYTHON_CONFIG"; then + pc_cv_python_abi_flags=`$PYTHON_CONFIG --abiflags 2>&AS_MESSAGE_LOG_FD` +else + pc_cv_python_abi_flags= +fi +]) +AC_SUBST([PYTHON_ABI_FLAGS], [$pc_cv_python_abi_flags])]) + + +# PC_PYTHON_CHECK_PLATFORM +# ------------------------ +# At times (like when building shared libraries) you may want +# to know which OS platform Python thinks this is. +AC_DEFUN([PC_PYTHON_CHECK_PLATFORM], +[AC_REQUIRE([PC_INIT])[]dnl +dnl Get the platform from within Python (sys.platform) +AC_CACHE_CHECK([for Python platform], + [pc_cv_python_platform], + [AC_LANG_PUSH(Python)[]dnl + AC_LANG_CONFTEST([ + AC_LANG_PROGRAM([dnl +import sys +], [dnl + sys.stdout.write(sys.platform) +])]) + pc_cv_python_platform=`$PYTHON conftest.py` + AC_LANG_POP(Python)[]dnl + ]) +AC_SUBST([PYTHON_PLATFORM], [$pc_cv_python_platform]) +]) + + +# PC_PYTHON_CHECK_SITE_DIR +# --------------------- +# The directory to which new libraries are installed (i.e. the +# "site-packages" directory. +AC_DEFUN([PC_PYTHON_CHECK_SITE_DIR], +[AC_REQUIRE([PC_INIT])AC_REQUIRE([PC_PYTHON_CHECK_PREFIX])[]dnl +AC_CACHE_CHECK([for Python site-packages directory], + [pc_cv_python_site_dir], + [AC_LANG_PUSH(Python)[]dnl + if test "x$prefix" = xNONE + then + pc_py_prefix=$ac_default_prefix + else + pc_py_prefix=$prefix + fi + AC_LANG_CONFTEST([ + AC_LANG_PROGRAM([dnl +import sys +from platform import python_implementation +# sysconfig in CPython 2.7 doesn't work in virtualenv +# +try: + import sysconfig +except: + can_use_sysconfig = False +else: + can_use_sysconfig = True +if can_use_sysconfig: + if python_implementation() == "CPython" and sys.version[[:3]] == '2.7': + can_use_sysconfig = False +if not can_use_sysconfig: + from distutils import sysconfig + sitedir = sysconfig.get_python_lib(False, False, prefix='$pc_py_prefix') +else: + sitedir = sysconfig.get_path('purelib', vars={'base':'$pc_py_prefix'}) +], [dnl + sys.stdout.write(sitedir) +])]) + pc_cv_python_site_dir=`$PYTHON conftest.py` + AC_LANG_POP(Python)[]dnl + case $pc_cv_python_site_dir in + $pc_py_prefix*) + pc__strip_prefix=`echo "$pc_py_prefix" | sed 's|.|.|g'` + pc_cv_python_site_dir=`echo "$pc_cv_python_site_dir" | sed "s,^$pc__strip_prefix/,,"` + ;; + *) + case $pc_py_prefix in + /usr|/System*) ;; + *) + pc_cv_python_site_dir=lib/python$PYTHON_VERSION/site-packages + ;; + esac + ;; + esac + ]) +AC_SUBST([pythondir], [\${prefix}/$pc_cv_python_site_dir])])# PC_PYTHON_CHECK_SITE_DIR + +# PC_PYTHON_SITE_PACKAGE_DIR +# -------------------------- +# $PACKAGE directory under PYTHON_SITE_DIR +AC_DEFUN([PC_PYTHON_SITE_PACKAGE_DIR], +[AC_REQUIRE([PC_PYTHON_CHECK_SITE_DIR])[]dnl +AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE])]) + + +# PC_PYTHON_CHECK_EXEC_DIR +# ------------------------ +# directory for installing python extension modules (shared libraries) +AC_DEFUN([PC_PYTHON_CHECK_EXEC_DIR], +[AC_REQUIRE([PC_INIT])AC_REQUIRE([PC_PYTHON_CHECK_EXEC_PREFIX])[]dnl + AC_CACHE_CHECK([for Python extension module directory], + [pc_cv_python_exec_dir], + [AC_LANG_PUSH(Python)[]dnl + if test "x$pc_cv_python_exec_prefix" = xNONE + then + pc_py_exec_prefix=$pc_cv_python_prefix + else + pc_py_exec_prefix=$pc_cv_python_exec_prefix + fi + AC_LANG_CONFTEST([ + AC_LANG_PROGRAM([dnl +import sys +from platform import python_implementation +# sysconfig in CPython 2.7 doesn't work in virtualenv +# +try: + import sysconfig +except: + can_use_sysconfig = False +else: + can_use_sysconfig = True +if can_use_sysconfig: + if python_implementation() == "CPython" and sys.version[[:3]] == '2.7': + can_use_sysconfig = False +if not can_use_sysconfig: + from distutils import sysconfig + sitedir = sysconfig.get_python_lib(False, False, prefix='$pc_py__exec_prefix') +else: + sitedir = sysconfig.get_path('purelib', vars={'platbase':'$pc_py_exec_prefix'}) +], [dnl + sys.stdout.write(sitedir) +])]) + pc_cv_python_exec_dir=`$PYTHON conftest.py` + AC_LANG_POP(Python)[]dnl + case $pc_cv_python_exec_dir in + $pc_py_exec_prefix*) + pc__strip_prefix=`echo "$pc_py_exec_prefix" | sed 's|.|.|g'` + pc_cv_python_exec_dir=`echo "$pc_cv_python_exec_dir" | sed "s,^$pc__strip_prefix/,,"` + ;; + *) + case $pc_py_exec_prefix in + /usr|/System*) ;; + *) + pc_cv_python_exec_dir=lib/python$PYTHON_VERSION/site-packages + ;; + esac + ;; + esac + ]) +AC_SUBST([pyexecdir], [\${exec_prefix}/$pc_cv_python_pyexecdir])]) #PY_PYTHON_CHECK_EXEC_LIB_DIR + + +# PC_PYTHON_EXEC_PACKAGE_DIR +# -------------------------- +# $PACKAGE directory under PYTHON_SITE_DIR +AC_DEFUN([PC_PYTHON_EXEC_PACKAGE_DIR], +[AC_REQUIRE([PC_PYTHON_CHECK_EXEC_DIR])[]dnl +AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE])]) + + +## -------------------------------------------- ## +## 4. Looking for specific libs & functionality ## +## -------------------------------------------- ## + + +# PC_PYTHON_CHECK_MODULE(LIBRARY, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +# ---------------------------------------------------------------------- +# Macro for checking if a Python library is installed +AC_DEFUN([PC_PYTHON_CHECK_MODULE], +[AC_REQUIRE([PC_INIT])[]dnl +m4_define([pc_python_safe_mod], m4_bpatsubsts($1, [\.], [_])) +AC_CACHE_CHECK([for Python '$1' library], + [[pc_cv_python_module_]pc_python_safe_mod], + [AC_LANG_PUSH(Python)[]dnl + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([dnl +import sys +try: + import $1 +except: + sys.exit(1) +else: + sys.exit(0) +], [])], + [[pc_cv_python_module_]pc_python_safe_mod="yes"], + [[pc_cv_python_module_]pc_python_safe_mod="no"]) + AC_LANG_POP(Python)[]dnl + ]) +AS_IF([test "$[pc_cv_python_module_]pc_python_safe_mod" = "no"], [$3], [$2]) +])# PC_PYTHON_CHECK_MODULE + + +# PC_PYTHON_CHECK_FUNC([LIBRARY], FUNCTION, ARGS, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +# --------------------------------------------------------------------------------------- +# Check to see if a given function call, optionally from a module, can +# be successfully called +AC_DEFUN([PC_PYTHON_CHECK_FUNC], +[AC_REQUIRE([PC_INIT])[]dnl +m4_define([pc_python_safe_mod], m4_bpatsubsts($1, [\.], [_])) +AC_CACHE_CHECK([for Python m4_ifnblank($1, '$1.$2()', '$2()') function], + [[pc_cv_python_func_]pc_python_safe_mod[_$2]], + [AC_LANG_PUSH(Python)[]dnl + AC_RUN_IFELSE( + [AC_LANG_PROGRAM([dnl +import sys +m4_ifnblank([$1], [dnl +try: + import $1 +except: + sys.exit(1) +], [])], +[ +m4_ifnblank([$1], [ + try: + $1.$2($3)], [ + try: + $2($3)]) + except: + sys.exit(1) + else: + sys.exit(0) +])], + [[pc_cv_python_func_]pc_python_safe_mod[_$2]="yes"], + [[pc_cv_python_func_]pc_python_safe_mod[_$2]="no"]) + AC_LANG_POP(Python)[]dnl + ]) +AS_IF([test "$[pc_cv_python_func_]pc_python_safe_mod[_$2]" = "no"], [$5], [$4]) +])# PC_PYTHON_CHECK_FUNC diff --git a/mediagoblin/app.py b/mediagoblin/app.py index 57e09e49..e9177eff 100644 --- a/mediagoblin/app.py +++ b/mediagoblin/app.py @@ -39,7 +39,6 @@ from mediagoblin.init import (get_jinja_loader, get_staticdirector, from mediagoblin.tools.pluginapi import PluginManager, hook_transform from mediagoblin.tools.crypto import setup_crypto from mediagoblin.auth.tools import check_auth_enabled, no_auth_logout -from mediagoblin import notifications _log = logging.getLogger(__name__) @@ -199,8 +198,6 @@ class MediaGoblinApp(object): # Log user out if authentication_disabled no_auth_logout(request) - request.notifications = notifications - mg_request.setup_user_in_request(request) request.controller_name = None diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py index 90d6f5cc..7d95b81a 100644 --- a/mediagoblin/auth/views.py +++ b/mediagoblin/auth/views.py @@ -41,8 +41,11 @@ def register(request): """ if 'pass_auth' not in request.template_env.globals: redirect_name = hook_handle('auth_no_pass_redirect') - return redirect(request, 'mediagoblin.plugins.{0}.register'.format( - redirect_name)) + if redirect_name: + return redirect(request, 'mediagoblin.plugins.{0}.register'.format( + redirect_name)) + else: + return redirect(request, 'index') register_form = hook_handle("auth_get_registration_form", request) @@ -73,8 +76,11 @@ def login(request): """ if 'pass_auth' not in request.template_env.globals: redirect_name = hook_handle('auth_no_pass_redirect') - return redirect(request, 'mediagoblin.plugins.{0}.login'.format( - redirect_name)) + if redirect_name: + return redirect(request, 'mediagoblin.plugins.{0}.login'.format( + redirect_name)) + else: + return redirect(request, 'index') login_form = hook_handle("auth_get_login_form", request) diff --git a/mediagoblin/config_spec.ini b/mediagoblin/config_spec.ini index d2ada163..8f03509d 100644 --- a/mediagoblin/config_spec.ini +++ b/mediagoblin/config_spec.ini @@ -75,6 +75,12 @@ theme = string() plugin_web_path = string(default="/plugin_static/") plugin_linked_assets_dir = string(default="%(here)s/user_dev/plugin_static/") +[jinja2] +# Jinja2 supports more directives than the minimum required by mediagoblin. +# This setting allows users creating custom templates to specify a list of +# additional extensions they want to use. example value: +# extensions = jinja2.ext.loopcontrols , jinja2.ext.with_ +extensions = string_list(default=list()) [storage:publicstore] storage_class = string(default="mediagoblin.storage.filestorage:BasicFileStorage") @@ -116,7 +122,7 @@ vp8_quality = integer(default=8) vorbis_quality = float(default=0.3) # Autoplay the video when page is loaded? -auto_play = boolean(default=True) +auto_play = boolean(default=False) [[skip_transcode]] mime_types = string_list(default=list("video/webm")) @@ -146,7 +152,7 @@ CELERY_RESULT_DBURI = string(default="sqlite:///%(here)s/celery.db") # default kombu stuff BROKER_TRANSPORT = string(default="sqlalchemy") -BROKER_HOST = string(default="sqlite:///%(here)s/kombu.db") +BROKER_URL = string(default="sqlite:///%(here)s/kombu.db") # known booleans CELERY_RESULT_PERSISTENT = boolean() diff --git a/mediagoblin/db/migrations.py b/mediagoblin/db/migrations.py index 9dff22ee..0eedc5d4 100644 --- a/mediagoblin/db/migrations.py +++ b/mediagoblin/db/migrations.py @@ -25,6 +25,8 @@ from sqlalchemy.ext.declarative import declarative_base from sqlalchemy.sql import and_ from migrate.changeset.constraint import UniqueConstraint + +from mediagoblin.db.extratypes import JSONEncoded from mediagoblin.db.migration_tools import RegisterMigration, inspect_table from mediagoblin.db.models import (MediaEntry, Collection, User, MediaComment, Privilege, ReportBase) @@ -452,3 +454,82 @@ def create_moderation_tables(db): Privilege_v0.__table__.create(db.bind) PrivilegeUserAssociation_v0.__table__.create(db.bind) db.commit() + + +# oauth1 migrations +class Client_v0(declarative_base()): + """ + Model representing a client - Used for API Auth + """ + __tablename__ = "core__clients" + + id = Column(Unicode, nullable=True, primary_key=True) + secret = Column(Unicode, nullable=False) + expirey = Column(DateTime, nullable=True) + application_type = Column(Unicode, nullable=False) + created = Column(DateTime, nullable=False, default=datetime.datetime.now) + updated = Column(DateTime, nullable=False, default=datetime.datetime.now) + + # optional stuff + redirect_uri = Column(JSONEncoded, nullable=True) + logo_url = Column(Unicode, nullable=True) + application_name = Column(Unicode, nullable=True) + contacts = Column(JSONEncoded, nullable=True) + + def __repr__(self): + if self.application_name: + return "".format(self.application_name, self.id) + else: + return "".format(self.id) + +class RequestToken_v0(declarative_base()): + """ + Model for representing the request tokens + """ + __tablename__ = "core__request_tokens" + + token = Column(Unicode, primary_key=True) + secret = Column(Unicode, nullable=False) + client = Column(Unicode, ForeignKey(Client_v0.id)) + user = Column(Integer, ForeignKey(User.id), nullable=True) + used = Column(Boolean, default=False) + authenticated = Column(Boolean, default=False) + verifier = Column(Unicode, nullable=True) + callback = Column(Unicode, nullable=False, default=u"oob") + created = Column(DateTime, nullable=False, default=datetime.datetime.now) + updated = Column(DateTime, nullable=False, default=datetime.datetime.now) + +class AccessToken_v0(declarative_base()): + """ + Model for representing the access tokens + """ + __tablename__ = "core__access_tokens" + + token = Column(Unicode, nullable=False, primary_key=True) + secret = Column(Unicode, nullable=False) + user = Column(Integer, ForeignKey(User.id)) + request_token = Column(Unicode, ForeignKey(RequestToken_v0.token)) + created = Column(DateTime, nullable=False, default=datetime.datetime.now) + updated = Column(DateTime, nullable=False, default=datetime.datetime.now) + + +class NonceTimestamp_v0(declarative_base()): + """ + A place the timestamp and nonce can be stored - this is for OAuth1 + """ + __tablename__ = "core__nonce_timestamps" + + nonce = Column(Unicode, nullable=False, primary_key=True) + timestamp = Column(DateTime, nullable=False, primary_key=True) + + +@RegisterMigration(14, MIGRATIONS) +def create_oauth1_tables(db): + """ Creates the OAuth1 tables """ + + Client_v0.__table__.create(db.bind) + RequestToken_v0.__table__.create(db.bind) + AccessToken_v0.__table__.create(db.bind) + NonceTimestamp_v0.__table__.create(db.bind) + + db.commit() diff --git a/mediagoblin/db/models.py b/mediagoblin/db/models.py index 69b59c99..25b4fa8f 100644 --- a/mediagoblin/db/models.py +++ b/mediagoblin/db/models.py @@ -30,6 +30,7 @@ from sqlalchemy.sql.expression import desc from sqlalchemy.ext.associationproxy import association_proxy from sqlalchemy.util import memoized_property + from mediagoblin.db.extratypes import PathTupleWithSlashes, JSONEncoded from mediagoblin.db.base import Base, DictReadAttrProxy from mediagoblin.db.mixin import UserMixin, MediaEntryMixin, \ @@ -61,20 +62,17 @@ class User(Base, UserMixin): # the RFC) and because it would be a mess to implement at this # point. email = Column(Unicode, nullable=False) - created = Column(DateTime, nullable=False, default=datetime.datetime.now) - pw_hash = Column(Unicode, nullable=False) + pw_hash = Column(Unicode) email_verified = Column(Boolean, default=False) + created = Column(DateTime, nullable=False, default=datetime.datetime.now) status = Column(Unicode, default=u"needs_email_verification", nullable=False) # Intented to be nullable=False, but migrations would not work for it # set to nullable=True implicitly. wants_comment_notification = Column(Boolean, default=True) license_preference = Column(Unicode) - verification_key = Column(Unicode) is_admin = Column(Boolean, default=False, nullable=False) url = Column(Unicode) bio = Column(UnicodeText) # ?? - fp_verification_key = Column(Unicode) - fp_token_expire = Column(DateTime) ## TODO # plugin data would be in a separate model @@ -116,6 +114,71 @@ class User(Base, UserMixin): self.has_privilege(*priv_names[1:]) return False +class Client(Base): + """ + Model representing a client - Used for API Auth + """ + __tablename__ = "core__clients" + + id = Column(Unicode, nullable=True, primary_key=True) + secret = Column(Unicode, nullable=False) + expirey = Column(DateTime, nullable=True) + application_type = Column(Unicode, nullable=False) + created = Column(DateTime, nullable=False, default=datetime.datetime.now) + updated = Column(DateTime, nullable=False, default=datetime.datetime.now) + + # optional stuff + redirect_uri = Column(JSONEncoded, nullable=True) + logo_url = Column(Unicode, nullable=True) + application_name = Column(Unicode, nullable=True) + contacts = Column(JSONEncoded, nullable=True) + + def __repr__(self): + if self.application_name: + return "".format(self.application_name, self.id) + else: + return "".format(self.id) + +class RequestToken(Base): + """ + Model for representing the request tokens + """ + __tablename__ = "core__request_tokens" + + token = Column(Unicode, primary_key=True) + secret = Column(Unicode, nullable=False) + client = Column(Unicode, ForeignKey(Client.id)) + user = Column(Integer, ForeignKey(User.id), nullable=True) + used = Column(Boolean, default=False) + authenticated = Column(Boolean, default=False) + verifier = Column(Unicode, nullable=True) + callback = Column(Unicode, nullable=False, default=u"oob") + created = Column(DateTime, nullable=False, default=datetime.datetime.now) + updated = Column(DateTime, nullable=False, default=datetime.datetime.now) + +class AccessToken(Base): + """ + Model for representing the access tokens + """ + __tablename__ = "core__access_tokens" + + token = Column(Unicode, nullable=False, primary_key=True) + secret = Column(Unicode, nullable=False) + user = Column(Integer, ForeignKey(User.id)) + request_token = Column(Unicode, ForeignKey(RequestToken.token)) + created = Column(DateTime, nullable=False, default=datetime.datetime.now) + updated = Column(DateTime, nullable=False, default=datetime.datetime.now) + + +class NonceTimestamp(Base): + """ + A place the timestamp and nonce can be stored - this is for OAuth1 + """ + __tablename__ = "core__nonce_timestamps" + + nonce = Column(Unicode, nullable=False, primary_key=True) + timestamp = Column(DateTime, nullable=False, primary_key=True) + class MediaEntry(Base, MediaEntryMixin): """ @@ -498,6 +561,7 @@ class ProcessingMetaData(Base): """A dict like view on this object""" return DictReadAttrProxy(self) + class CommentSubscription(Base): __tablename__ = 'core__comment_subscriptions' id = Column(Integer, primary_key=True) @@ -768,16 +832,15 @@ with_polymorphic( Notification, [ProcessingNotification, CommentNotification]) - MODELS = [ - User, MediaEntry, Tag, MediaTag, MediaComment, Collection, CollectionItem, - MediaFile, FileKeynames, MediaAttachmentFile, ProcessingMetaData, ReportBase, - CommentReport, MediaReport, UserBan, Privilege, PrivilegeUserAssociation, - ArchivedReport, Notification, CommentNotification, - ProcessingNotification, CommentSubscription] + User, MediaEntry, Tag, MediaTag, MediaComment, Collection, CollectionItem, + MediaFile, FileKeynames, MediaAttachmentFile, ProcessingMetaData, + Notification, CommentNotification, ProcessingNotification, + CommentSubscription, ReportBase, CommentReport, MediaReport, UserBan, + Privilege, PrivilegeUserAssociation, ArchivedReport, ArchivedReport] """ - Foundations are the default rows that are created immediately after the tables + Foundations are the default rows that are created immediately after the tables are initialized. Each entry to this dictionary should be in the format of: ModelConstructorObject:List of Dictionaries (Each Dictionary represents a row on the Table to be created, containing each diff --git a/mediagoblin/decorators.py b/mediagoblin/decorators.py index d3a9647e..a3479164 100644 --- a/mediagoblin/decorators.py +++ b/mediagoblin/decorators.py @@ -18,15 +18,18 @@ from functools import wraps from urlparse import urljoin from werkzeug.exceptions import Forbidden, NotFound -from werkzeug.urls import url_quote +from oauthlib.oauth1 import ResourceEndpoint from mediagoblin import mg_globals as mgg from mediagoblin import messages from mediagoblin.db.models import (MediaEntry, User, MediaComment, UserBan, Privilege) -from mediagoblin.tools.response import redirect, render_404, render_user_banned +from mediagoblin.tools.response import (redirect, render_404, + render_user_banned, json_response) from mediagoblin.tools.translate import pass_to_ugettext as _ +from mediagoblin.oauth.tools.request import decode_authorization_header +from mediagoblin.oauth.oauth import GMGRequestValidator def require_active_login(controller): """ @@ -245,6 +248,17 @@ def get_media_entry_by_id(controller): return wrapper +def get_workbench(func): + """Decorator, passing in a workbench as kwarg which is cleaned up afterwards""" + + @wraps(func) + def new_func(*args, **kwargs): + with mgg.workbench_manager.create() as workbench: + return func(*args, workbench=workbench, **kwargs) + + return new_func + + def allow_registration(controller): """ Decorator for if registration is enabled""" @wraps(controller) @@ -287,18 +301,11 @@ def auth_enabled(controller): messages.WARNING, _('Sorry, authentication is disabled on this instance.')) return redirect(request, 'index') + return controller(request, *args, **kwargs) return wrapper -def get_workbench(func): - """Decorator, passing in a workbench as kwarg which is cleaned up afterwards""" - @wraps(func) - def new_func(*args, **kwargs): - with mgg.workbench_manager.create() as workbench: - return func(*args, workbench=workbench, **kwargs) - return new_func - def require_admin_or_moderator_login(controller): """ Require an login from an administrator or a moderator. @@ -322,6 +329,7 @@ def require_admin_or_moderator_login(controller): return new_controller_func + def user_not_banned(controller): """ Requires that the user has not been banned. Otherwise redirects to the page @@ -337,3 +345,33 @@ def user_not_banned(controller): return wrapper + + +def oauth_required(controller): + """ Used to wrap API endpoints where oauth is required """ + @wraps(controller) + def wrapper(request, *args, **kwargs): + data = request.headers + authorization = decode_authorization_header(data) + + if authorization == dict(): + error = "Missing required parameter." + return json_response({"error": error}, status=400) + + + request_validator = GMGRequestValidator() + resource_endpoint = ResourceEndpoint(request_validator) + valid, request = resource_endpoint.validate_protected_resource_request( + uri=request.url, + http_method=request.method, + body=request.get_data(), + headers=dict(request.headers), + ) + + if not valid: + error = "Invalid oauth prarameter." + return json_response({"error": error}, status=400) + + return controller(request, *args, **kwargs) + + return wrapper diff --git a/mediagoblin/gmg_commands/dbupdate.py b/mediagoblin/gmg_commands/dbupdate.py index bad3e352..961752f6 100644 --- a/mediagoblin/gmg_commands/dbupdate.py +++ b/mediagoblin/gmg_commands/dbupdate.py @@ -96,7 +96,7 @@ forgotten to add it? ({1})'.format(plugin, exc)) plugin, exc)) - foundations = [] + foundations = {} except AttributeError as exc: _log.debug('Could not find FOUNDATIONS in {0}.models, have you \ forgotten to add it? ({1})'.format(plugin, exc)) @@ -126,7 +126,7 @@ def run_dbupdate(app_config, global_config): def run_all_migrations(db, app_config, global_config): """ - Initializes or migrates a database that already has a + Initializes or migrates a database that already has a connection setup and also initializes or migrates all extensions based on the config files. diff --git a/mediagoblin/media_types/audio/__init__.py b/mediagoblin/media_types/audio/__init__.py index 90f842ba..c7ed8d2d 100644 --- a/mediagoblin/media_types/audio/__init__.py +++ b/mediagoblin/media_types/audio/__init__.py @@ -19,6 +19,9 @@ from mediagoblin.media_types.audio.processing import process_audio, \ sniff_handler from mediagoblin.tools import pluginapi +# Why isn't .ogg in this list? It's still detected, but via sniffing, +# .ogg files could be either video or audio... sniffing determines which. + ACCEPTED_EXTENSIONS = ["mp3", "flac", "wav", "m4a"] MEDIA_TYPE = 'mediagoblin.media_types.audio' diff --git a/mediagoblin/media_types/video/processing.py b/mediagoblin/media_types/video/processing.py index 5386ba60..857c1647 100644 --- a/mediagoblin/media_types/video/processing.py +++ b/mediagoblin/media_types/video/processing.py @@ -14,7 +14,7 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . -from tempfile import NamedTemporaryFile +import os.path import logging import datetime @@ -73,79 +73,77 @@ def process_video(proc_state): queued_filename = proc_state.get_queued_filename() name_builder = FilenameBuilder(queued_filename) - medium_filepath = create_pub_filepath( - entry, name_builder.fill('{basename}-640p.webm')) + medium_basename = name_builder.fill('{basename}-640p.webm') + medium_filepath = create_pub_filepath(entry, medium_basename) - thumbnail_filepath = create_pub_filepath( - entry, name_builder.fill('{basename}.thumbnail.jpg')) + thumbnail_basename = name_builder.fill('{basename}.thumbnail.jpg') + thumbnail_filepath = create_pub_filepath(entry, thumbnail_basename) # Create a temporary file for the video destination (cleaned up with workbench) - tmp_dst = NamedTemporaryFile(dir=workbench.dir, delete=False) - with tmp_dst: - # Transcode queued file to a VP8/vorbis file that fits in a 640x640 square - progress_callback = ProgressCallback(entry) + tmp_dst = os.path.join(workbench.dir, medium_basename) + # Transcode queued file to a VP8/vorbis file that fits in a 640x640 square + progress_callback = ProgressCallback(entry) - dimensions = ( - mgg.global_config['media:medium']['max_width'], - mgg.global_config['media:medium']['max_height']) + dimensions = ( + mgg.global_config['media:medium']['max_width'], + mgg.global_config['media:medium']['max_height']) - # Extract metadata and keep a record of it - metadata = transcoders.VideoTranscoder().discover(queued_filename) - store_metadata(entry, metadata) + # Extract metadata and keep a record of it + metadata = transcoders.VideoTranscoder().discover(queued_filename) + store_metadata(entry, metadata) - # Figure out whether or not we need to transcode this video or - # if we can skip it - if skip_transcode(metadata): - _log.debug('Skipping transcoding') + # Figure out whether or not we need to transcode this video or + # if we can skip it + if skip_transcode(metadata): + _log.debug('Skipping transcoding') - dst_dimensions = metadata['videowidth'], metadata['videoheight'] + dst_dimensions = metadata['videowidth'], metadata['videoheight'] # Push original file to public storage - _log.debug('Saving original...') - proc_state.copy_original(queued_filepath[-1]) + _log.debug('Saving original...') + proc_state.copy_original(queued_filepath[-1]) - did_transcode = False - else: - transcoder = transcoders.VideoTranscoder() + did_transcode = False + else: + transcoder = transcoders.VideoTranscoder() - transcoder.transcode(queued_filename, tmp_dst.name, - vp8_quality=video_config['vp8_quality'], - vp8_threads=video_config['vp8_threads'], - vorbis_quality=video_config['vorbis_quality'], - progress_callback=progress_callback, - dimensions=dimensions) + transcoder.transcode(queued_filename, tmp_dst, + vp8_quality=video_config['vp8_quality'], + vp8_threads=video_config['vp8_threads'], + vorbis_quality=video_config['vorbis_quality'], + progress_callback=progress_callback, + dimensions=dimensions) - dst_dimensions = transcoder.dst_data.videowidth,\ - transcoder.dst_data.videoheight + dst_dimensions = transcoder.dst_data.videowidth,\ + transcoder.dst_data.videoheight - # Push transcoded video to public storage - _log.debug('Saving medium...') - mgg.public_store.copy_local_to_storage(tmp_dst.name, medium_filepath) - _log.debug('Saved medium') + # Push transcoded video to public storage + _log.debug('Saving medium...') + mgg.public_store.copy_local_to_storage(tmp_dst, medium_filepath) + _log.debug('Saved medium') - entry.media_files['webm_640'] = medium_filepath + entry.media_files['webm_640'] = medium_filepath - did_transcode = True + did_transcode = True - # Save the width and height of the transcoded video - entry.media_data_init( - width=dst_dimensions[0], - height=dst_dimensions[1]) + # Save the width and height of the transcoded video + entry.media_data_init( + width=dst_dimensions[0], + height=dst_dimensions[1]) # Temporary file for the video thumbnail (cleaned up with workbench) - tmp_thumb = NamedTemporaryFile(dir=workbench.dir, suffix='.jpg', delete=False) + tmp_thumb = os.path.join(workbench.dir, thumbnail_basename) - with tmp_thumb: - # Create a thumbnail.jpg that fits in a 180x180 square - transcoders.VideoThumbnailerMarkII( - queued_filename, - tmp_thumb.name, - 180) + # Create a thumbnail.jpg that fits in a 180x180 square + transcoders.VideoThumbnailerMarkII( + queued_filename, + tmp_thumb, + 180) - # Push the thumbnail to public storage - _log.debug('Saving thumbnail...') - mgg.public_store.copy_local_to_storage(tmp_thumb.name, thumbnail_filepath) - entry.media_files['thumb'] = thumbnail_filepath + # Push the thumbnail to public storage + _log.debug('Saving thumbnail...') + mgg.public_store.copy_local_to_storage(tmp_thumb, thumbnail_filepath) + entry.media_files['thumb'] = thumbnail_filepath # save the original... but only if we did a transcoding # (if we skipped transcoding and just kept the original anyway as the main diff --git a/mediagoblin/notifications/__init__.py b/mediagoblin/notifications/__init__.py index 4b7fbb8c..ed9f8d78 100644 --- a/mediagoblin/notifications/__init__.py +++ b/mediagoblin/notifications/__init__.py @@ -18,7 +18,6 @@ import logging from mediagoblin.db.models import Notification, \ CommentNotification, CommentSubscription -from mediagoblin.notifications.task import email_notification_task from mediagoblin.notifications.tools import generate_comment_message _log = logging.getLogger(__name__) @@ -50,6 +49,7 @@ def trigger_notification(comment, media_entry, request): media_entry, request) + from mediagoblin.notifications.task import email_notification_task email_notification_task.apply_async([cn.id, message]) diff --git a/mediagoblin/oauth/__init__.py b/mediagoblin/oauth/__init__.py new file mode 100644 index 00000000..719b56e7 --- /dev/null +++ b/mediagoblin/oauth/__init__.py @@ -0,0 +1,16 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + diff --git a/mediagoblin/oauth/exceptions.py b/mediagoblin/oauth/exceptions.py new file mode 100644 index 00000000..5eccba34 --- /dev/null +++ b/mediagoblin/oauth/exceptions.py @@ -0,0 +1,18 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +class ValidationException(Exception): + pass diff --git a/mediagoblin/oauth/forms.py b/mediagoblin/oauth/forms.py new file mode 100644 index 00000000..94c7cb52 --- /dev/null +++ b/mediagoblin/oauth/forms.py @@ -0,0 +1,7 @@ +import wtforms + +class AuthorizeForm(wtforms.Form): + """ Form used to authorize the request token """ + + oauth_token = wtforms.HiddenField("oauth_token") + oauth_verifier = wtforms.HiddenField("oauth_verifier") diff --git a/mediagoblin/oauth/oauth.py b/mediagoblin/oauth/oauth.py new file mode 100644 index 00000000..8229c47d --- /dev/null +++ b/mediagoblin/oauth/oauth.py @@ -0,0 +1,132 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +from oauthlib.common import Request +from oauthlib.oauth1 import RequestValidator + +from mediagoblin.db.models import NonceTimestamp, Client, RequestToken, AccessToken + + + +class GMGRequestValidator(RequestValidator): + + enforce_ssl = False + + def __init__(self, data=None, *args, **kwargs): + self.POST = data + super(GMGRequestValidator, self).__init__(*args, **kwargs) + + def save_request_token(self, token, request): + """ Saves request token in db """ + client_id = self.POST[u"oauth_consumer_key"] + + request_token = RequestToken( + token=token["oauth_token"], + secret=token["oauth_token_secret"], + ) + request_token.client = client_id + if u"oauth_callback" in self.POST: + request_token.callback = self.POST[u"oauth_callback"] + request_token.save() + + def save_verifier(self, token, verifier, request): + """ Saves the oauth request verifier """ + request_token = RequestToken.query.filter_by(token=token).first() + request_token.verifier = verifier["oauth_verifier"] + request_token.save() + + def save_access_token(self, token, request): + """ Saves access token in db """ + access_token = AccessToken( + token=token["oauth_token"], + secret=token["oauth_token_secret"], + ) + access_token.request_token = request.oauth_token + request_token = RequestToken.query.filter_by(token=request.oauth_token).first() + access_token.user = request_token.user + access_token.save() + + def get_realms(*args, **kwargs): + """ Currently a stub - called when making AccessTokens """ + return list() + + def validate_timestamp_and_nonce(self, client_key, timestamp, + nonce, request, request_token=None, + access_token=None): + nc = NonceTimestamp.query.filter_by(timestamp=timestamp, nonce=nonce) + nc = nc.first() + if nc is None: + return True + + return False + + def validate_client_key(self, client_key, request): + """ Verifies client exists with id of client_key """ + client = Client.query.filter_by(id=client_key).first() + if client is None: + return False + + return True + + def validate_access_token(self, client_key, token, request): + """ Verifies token exists for client with id of client_key """ + client = Client.query.filter_by(id=client_key).first() + token = AccessToken.query.filter_by(token=token) + token = token.first() + + if token is None: + return False + + request_token = RequestToken.query.filter_by(token=token.request_token) + request_token = request_token.first() + + if client.id != request_token.client: + return False + + return True + + def validate_realms(self, *args, **kwargs): + """ Would validate reals however not using these yet. """ + return True # implement when realms are implemented + + + def get_client_secret(self, client_key, request): + """ Retrives a client secret with from a client with an id of client_key """ + client = Client.query.filter_by(id=client_key).first() + return client.secret + + def get_access_token_secret(self, client_key, token, request): + access_token = AccessToken.query.filter_by(token=token).first() + return access_token.secret + +class GMGRequest(Request): + """ + Fills in data to produce a oauth.common.Request object from a + werkzeug Request object + """ + + def __init__(self, request, *args, **kwargs): + """ + :param request: werkzeug request object + + any extra params are passed to oauthlib.common.Request object + """ + kwargs["uri"] = kwargs.get("uri", request.url) + kwargs["http_method"] = kwargs.get("http_method", request.method) + kwargs["body"] = kwargs.get("body", request.get_data()) + kwargs["headers"] = kwargs.get("headers", dict(request.headers)) + + super(GMGRequest, self).__init__(*args, **kwargs) diff --git a/mediagoblin/oauth/routing.py b/mediagoblin/oauth/routing.py new file mode 100644 index 00000000..e45077bb --- /dev/null +++ b/mediagoblin/oauth/routing.py @@ -0,0 +1,43 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +from mediagoblin.tools.routing import add_route + +# client registration & oauth +add_route( + "mediagoblin.oauth", + "/api/client/register", + "mediagoblin.oauth.views:client_register" + ) + +add_route( + "mediagoblin.oauth", + "/oauth/request_token", + "mediagoblin.oauth.views:request_token" + ) + +add_route( + "mediagoblin.oauth", + "/oauth/authorize", + "mediagoblin.oauth.views:authorize", + ) + +add_route( + "mediagoblin.oauth", + "/oauth/access_token", + "mediagoblin.oauth.views:access_token" + ) + diff --git a/mediagoblin/oauth/tools/__init__.py b/mediagoblin/oauth/tools/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/mediagoblin/oauth/tools/forms.py b/mediagoblin/oauth/tools/forms.py new file mode 100644 index 00000000..e3eb3298 --- /dev/null +++ b/mediagoblin/oauth/tools/forms.py @@ -0,0 +1,25 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +class WTFormData(dict): + """ + Provides a WTForm usable dictionary + """ + def getlist(self, key): + v = self[key] + if not isinstance(v, (list, tuple)): + v = [v] + return v diff --git a/mediagoblin/oauth/tools/request.py b/mediagoblin/oauth/tools/request.py new file mode 100644 index 00000000..5ce2da77 --- /dev/null +++ b/mediagoblin/oauth/tools/request.py @@ -0,0 +1,35 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +def decode_authorization_header(header): + """ Decodes a HTTP Authorization Header to python dictionary """ + authorization = header.get("Authorization", "").lstrip(" ").lstrip("OAuth") + tokens = {} + + for param in authorization.split(","): + try: + key, value = param.split("=") + except ValueError: + continue + + key = key.lstrip(" ") + value = value.lstrip(" ").lstrip('"') + value = value.rstrip(" ").rstrip('"') + + tokens[key] = value + + return tokens + diff --git a/mediagoblin/oauth/views.py b/mediagoblin/oauth/views.py new file mode 100644 index 00000000..116eb023 --- /dev/null +++ b/mediagoblin/oauth/views.py @@ -0,0 +1,339 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +import datetime + +from oauthlib.oauth1 import (RequestTokenEndpoint, AuthorizationEndpoint, + AccessTokenEndpoint) + +from mediagoblin.decorators import require_active_login +from mediagoblin.tools.translate import pass_to_ugettext +from mediagoblin.meddleware.csrf import csrf_exempt +from mediagoblin.tools.request import decode_request +from mediagoblin.tools.response import (render_to_response, redirect, + json_response, render_400, + form_response) +from mediagoblin.tools.crypto import random_string +from mediagoblin.tools.validator import validate_email, validate_url +from mediagoblin.oauth.forms import AuthorizeForm +from mediagoblin.oauth.oauth import GMGRequestValidator, GMGRequest +from mediagoblin.oauth.tools.request import decode_authorization_header +from mediagoblin.oauth.tools.forms import WTFormData +from mediagoblin.db.models import NonceTimestamp, Client, RequestToken + +# possible client types +client_types = ["web", "native"] # currently what pump supports + +@csrf_exempt +def client_register(request): + """ Endpoint for client registration """ + try: + data = decode_request(request) + except ValueError: + error = "Could not decode data." + return json_response({"error": error}, status=400) + + if data is "": + error = "Unknown Content-Type" + return json_response({"error": error}, status=400) + + if "type" not in data: + error = "No registration type provided." + return json_response({"error": error}, status=400) + if data.get("application_type", None) not in client_types: + error = "Unknown application_type." + return json_response({"error": error}, status=400) + + client_type = data["type"] + + if client_type == "client_update": + # updating a client + if "client_id" not in data: + error = "client_id is requried to update." + return json_response({"error": error}, status=400) + elif "client_secret" not in data: + error = "client_secret is required to update." + return json_response({"error": error}, status=400) + + client = Client.query.filter_by( + id=data["client_id"], + secret=data["client_secret"] + ).first() + + if client is None: + error = "Unauthorized." + return json_response({"error": error}, status=403) + + client.application_name = data.get( + "application_name", + client.application_name + ) + + client.application_type = data.get( + "application_type", + client.application_type + ) + + app_name = ("application_type", client.application_name) + if app_name in client_types: + client.application_name = app_name + + elif client_type == "client_associate": + # registering + if "client_id" in data: + error = "Only set client_id for update." + return json_response({"error": error}, status=400) + elif "access_token" in data: + error = "access_token not needed for registration." + return json_response({"error": error}, status=400) + elif "client_secret" in data: + error = "Only set client_secret for update." + return json_response({"error": error}, status=400) + + # generate the client_id and client_secret + client_id = random_string(22) # seems to be what pump uses + client_secret = random_string(43) # again, seems to be what pump uses + expirey = 0 # for now, lets not have it expire + expirey_db = None if expirey == 0 else expirey + application_type = data["application_type"] + + # save it + client = Client( + id=client_id, + secret=client_secret, + expirey=expirey_db, + application_type=application_type, + ) + + else: + error = "Invalid registration type" + return json_response({"error": error}, status=400) + + logo_url = data.get("logo_url", client.logo_url) + if logo_url is not None and not validate_url(logo_url): + error = "Logo URL {0} is not a valid URL.".format(logo_url) + return json_response( + {"error": error}, + status=400 + ) + else: + client.logo_url = logo_url + + client.application_name = data.get("application_name", None) + + contacts = data.get("contacts", None) + if contacts is not None: + if type(contacts) is not unicode: + error = "Contacts must be a string of space-seporated email addresses." + return json_response({"error": error}, status=400) + + contacts = contacts.split() + for contact in contacts: + if not validate_email(contact): + # not a valid email + error = "Email {0} is not a valid email.".format(contact) + return json_response({"error": error}, status=400) + + + client.contacts = contacts + + redirect_uris = data.get("redirect_uris", None) + if redirect_uris is not None: + if type(redirect_uris) is not unicode: + error = "redirect_uris must be space-seporated URLs." + return json_response({"error": error}, status=400) + + redirect_uris = redirect_uris.split() + + for uri in redirect_uris: + if not validate_url(uri): + # not a valid uri + error = "URI {0} is not a valid URI".format(uri) + return json_response({"error": error}, status=400) + + client.redirect_uri = redirect_uris + + + client.save() + + expirey = 0 if client.expirey is None else client.expirey + + return json_response( + { + "client_id": client.id, + "client_secret": client.secret, + "expires_at": expirey, + }) + +@csrf_exempt +def request_token(request): + """ Returns request token """ + try: + data = decode_request(request) + except ValueError: + error = "Could not decode data." + return json_response({"error": error}, status=400) + + if data == "": + error = "Unknown Content-Type" + return json_response({"error": error}, status=400) + + if not data and request.headers: + data = request.headers + + data = dict(data) # mutableifying + + authorization = decode_authorization_header(data) + + if authorization == dict() or u"oauth_consumer_key" not in authorization: + error = "Missing required parameter." + return json_response({"error": error}, status=400) + + # check the client_id + client_id = authorization[u"oauth_consumer_key"] + client = Client.query.filter_by(id=client_id).first() + + if client == None: + # client_id is invalid + error = "Invalid client_id" + return json_response({"error": error}, status=400) + + # make request token and return to client + request_validator = GMGRequestValidator(authorization) + rv = RequestTokenEndpoint(request_validator) + tokens = rv.create_request_token(request, authorization) + + # store the nonce & timestamp before we return back + nonce = authorization[u"oauth_nonce"] + timestamp = authorization[u"oauth_timestamp"] + timestamp = datetime.datetime.fromtimestamp(float(timestamp)) + + nc = NonceTimestamp(nonce=nonce, timestamp=timestamp) + nc.save() + + return form_response(tokens) + +@require_active_login +def authorize(request): + """ Displays a page for user to authorize """ + if request.method == "POST": + return authorize_finish(request) + + _ = pass_to_ugettext + token = request.args.get("oauth_token", None) + if token is None: + # no token supplied, display a html 400 this time + err_msg = _("Must provide an oauth_token.") + return render_400(request, err_msg=err_msg) + + oauth_request = RequestToken.query.filter_by(token=token).first() + if oauth_request is None: + err_msg = _("No request token found.") + return render_400(request, err_msg) + + if oauth_request.used: + return authorize_finish(request) + + if oauth_request.verifier is None: + orequest = GMGRequest(request) + request_validator = GMGRequestValidator() + auth_endpoint = AuthorizationEndpoint(request_validator) + verifier = auth_endpoint.create_verifier(orequest, {}) + oauth_request.verifier = verifier["oauth_verifier"] + + oauth_request.user = request.user.id + oauth_request.save() + + # find client & build context + client = Client.query.filter_by(id=oauth_request.client).first() + + authorize_form = AuthorizeForm(WTFormData({ + "oauth_token": oauth_request.token, + "oauth_verifier": oauth_request.verifier + })) + + context = { + "user": request.user, + "oauth_request": oauth_request, + "client": client, + "authorize_form": authorize_form, + } + + + # AuthorizationEndpoint + return render_to_response( + request, + "mediagoblin/api/authorize.html", + context + ) + + +def authorize_finish(request): + """ Finishes the authorize """ + _ = pass_to_ugettext + token = request.form["oauth_token"] + verifier = request.form["oauth_verifier"] + oauth_request = RequestToken.query.filter_by(token=token, verifier=verifier) + oauth_request = oauth_request.first() + + if oauth_request is None: + # invalid token or verifier + err_msg = _("No request token found.") + return render_400(request, err_msg) + + oauth_request.used = True + oauth_request.updated = datetime.datetime.now() + oauth_request.save() + + if oauth_request.callback == "oob": + # out of bounds + context = {"oauth_request": oauth_request} + return render_to_response( + request, + "mediagoblin/api/oob.html", + context + ) + + # okay we need to redirect them then! + querystring = "?oauth_token={0}&oauth_verifier={1}".format( + oauth_request.token, + oauth_request.verifier + ) + + return redirect( + request, + querystring=querystring, + location=oauth_request.callback + ) + +@csrf_exempt +def access_token(request): + """ Provides an access token based on a valid verifier and request token """ + data = request.headers + + parsed_tokens = decode_authorization_header(data) + + if parsed_tokens == dict() or "oauth_token" not in parsed_tokens: + error = "Missing required parameter." + return json_response({"error": error}, status=400) + + + request.oauth_token = parsed_tokens["oauth_token"] + request_validator = GMGRequestValidator(data) + av = AccessTokenEndpoint(request_validator) + tokens = av.create_access_token(request, {}) + return form_response(tokens) + diff --git a/mediagoblin/plugins/api/tools.py b/mediagoblin/plugins/api/tools.py index 92411f4b..d1b3ebb1 100644 --- a/mediagoblin/plugins/api/tools.py +++ b/mediagoblin/plugins/api/tools.py @@ -51,30 +51,6 @@ class Auth(object): def __call__(self, request, *args, **kw): raise NotImplemented() - -def json_response(serializable, _disable_cors=False, *args, **kw): - ''' - Serializes a json objects and returns a werkzeug Response object with the - serialized value as the response body and Content-Type: application/json. - - :param serializable: A json-serializable object - - Any extra arguments and keyword arguments are passed to the - Response.__init__ method. - ''' - response = Response(json.dumps(serializable), *args, content_type='application/json', **kw) - - if not _disable_cors: - cors_headers = { - 'Access-Control-Allow-Origin': '*', - 'Access-Control-Allow-Methods': 'POST, GET, OPTIONS', - 'Access-Control-Allow-Headers': 'Content-Type, X-Requested-With'} - for key, value in cors_headers.iteritems(): - response.headers.set(key, value) - - return response - - def get_entry_serializable(entry, urlgen): ''' Returns a serializable dict() of a MediaEntry instance. diff --git a/mediagoblin/plugins/api/views.py b/mediagoblin/plugins/api/views.py index 9159fe65..b7e74799 100644 --- a/mediagoblin/plugins/api/views.py +++ b/mediagoblin/plugins/api/views.py @@ -21,11 +21,11 @@ from os.path import splitext from werkzeug.exceptions import BadRequest, Forbidden from werkzeug.wrappers import Response +from mediagoblin.tools.response import json_response from mediagoblin.decorators import require_active_login from mediagoblin.meddleware.csrf import csrf_exempt from mediagoblin.media_types import sniff_media -from mediagoblin.plugins.api.tools import api_auth, get_entry_serializable, \ - json_response +from mediagoblin.plugins.api.tools import api_auth, get_entry_serializable from mediagoblin.submit.lib import check_file_field, prepare_queue_task, \ run_process_media, new_upload_entry diff --git a/mediagoblin/plugins/basic_auth/README.rst b/mediagoblin/plugins/basic_auth/README.rst new file mode 100644 index 00000000..82f247ed --- /dev/null +++ b/mediagoblin/plugins/basic_auth/README.rst @@ -0,0 +1,24 @@ +.. _basic_auth-chapter: + +=================== + basic_auth plugin +=================== + +The basic_auth plugin is enabled by default in mediagoblin.ini. This plugin +provides basic username and password authentication for GNU Mediagoblin. + +This plugin can be enabled alongside :ref:`openid-chapter` and +:ref:`persona-chapter`. + +Set up the basic_auth plugin +============================ + +1. Add the following to your MediaGoblin .ini file in the ``[plugins]`` section:: + + [[mediagoblin.plugins.basic_auth]] + +2. Run:: + + gmg assetlink + + in order to link basic_auth's static assets diff --git a/mediagoblin/plugins/oauth/__init__.py b/mediagoblin/plugins/oauth/__init__.py index 5762379d..82c1f380 100644 --- a/mediagoblin/plugins/oauth/__init__.py +++ b/mediagoblin/plugins/oauth/__init__.py @@ -35,22 +35,22 @@ def setup_plugin(): routes = [ ('mediagoblin.plugins.oauth.authorize', - '/oauth/authorize', + '/oauth-2/authorize', 'mediagoblin.plugins.oauth.views:authorize'), ('mediagoblin.plugins.oauth.authorize_client', - '/oauth/client/authorize', + '/oauth-2/client/authorize', 'mediagoblin.plugins.oauth.views:authorize_client'), ('mediagoblin.plugins.oauth.access_token', - '/oauth/access_token', + '/oauth-2/access_token', 'mediagoblin.plugins.oauth.views:access_token'), ('mediagoblin.plugins.oauth.list_connections', - '/oauth/client/connections', + '/oauth-2/client/connections', 'mediagoblin.plugins.oauth.views:list_connections'), ('mediagoblin.plugins.oauth.register_client', - '/oauth/client/register', + '/oauth-2/client/register', 'mediagoblin.plugins.oauth.views:register_client'), ('mediagoblin.plugins.oauth.list_clients', - '/oauth/client/list', + '/oauth-2/client/list', 'mediagoblin.plugins.oauth.views:list_clients')] pluginapi.register_routes(routes) diff --git a/mediagoblin/plugins/oauth/tools.py b/mediagoblin/plugins/oauth/tools.py index 27ff32b4..af0a3305 100644 --- a/mediagoblin/plugins/oauth/tools.py +++ b/mediagoblin/plugins/oauth/tools.py @@ -23,7 +23,7 @@ from datetime import datetime from functools import wraps -from mediagoblin.plugins.api.tools import json_response +from mediagoblin.tools.response import json_response def require_client_auth(controller): diff --git a/mediagoblin/plugins/oauth/views.py b/mediagoblin/plugins/oauth/views.py index d6fd314f..de637d6b 100644 --- a/mediagoblin/plugins/oauth/views.py +++ b/mediagoblin/plugins/oauth/views.py @@ -21,7 +21,7 @@ from urllib import urlencode from werkzeug.exceptions import BadRequest -from mediagoblin.tools.response import render_to_response, redirect +from mediagoblin.tools.response import render_to_response, redirect, json_response from mediagoblin.decorators import require_active_login from mediagoblin.messages import add_message, SUCCESS from mediagoblin.tools.translate import pass_to_ugettext as _ @@ -31,7 +31,6 @@ from mediagoblin.plugins.oauth.forms import ClientRegistrationForm, \ AuthorizationForm from mediagoblin.plugins.oauth.tools import require_client_auth, \ create_token -from mediagoblin.plugins.api.tools import json_response _log = logging.getLogger(__name__) diff --git a/mediagoblin/plugins/openid/README.rst b/mediagoblin/plugins/openid/README.rst new file mode 100644 index 00000000..870a2b58 --- /dev/null +++ b/mediagoblin/plugins/openid/README.rst @@ -0,0 +1,34 @@ +.. _openid-chapter: + +=================== + openid plugin +=================== + +The openid plugin allows user to login to your GNU Mediagoblin instance using +their openid url. + +This plugin can be enabled alongside :ref:`basic_auth-chapter` and +:ref:`persona-chapter`. + +.. note:: + When :ref:`basic_auth-chapter` is enabled alongside this openid plugin, and + a user creates an account using their openid. If they would like to add a + password to their account, they can use the forgot password feature to do + so. + + +Set up the openid plugin +============================ + +1. Install the ``python-openid`` package. + +2. Add the following to your MediaGoblin .ini file in the ``[plugins]`` section:: + + [[mediagoblin.plugins.openid]] + +3. Run:: + + gmg dbupdate + + in order to create and apply migrations to any database tables that the + plugin requires. diff --git a/mediagoblin/plugins/openid/__init__.py b/mediagoblin/plugins/openid/__init__.py index ee88808c..ca17a7e8 100644 --- a/mediagoblin/plugins/openid/__init__.py +++ b/mediagoblin/plugins/openid/__init__.py @@ -120,4 +120,6 @@ hooks = { 'auth_no_pass_redirect': no_pass_redirect, ('mediagoblin.auth.register', 'mediagoblin/auth/register.html'): add_to_form_context, + ('mediagoblin.auth.login', + 'mediagoblin/auth/login.html'): add_to_form_context } diff --git a/mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/login.html b/mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/login.html index 33df7200..8d74c2b9 100644 --- a/mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/login.html +++ b/mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/login.html @@ -44,6 +44,7 @@ {% trans %}Log in to create an account!{% endtrans %}

{% endif %} + {% template_hook('login_link') %} {% if pass_auth is defined %}

diff --git a/mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/login_link.html b/mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/login_link.html index e5e77d01..fa4d5e85 100644 --- a/mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/login_link.html +++ b/mediagoblin/plugins/openid/templates/mediagoblin/plugins/openid/login_link.html @@ -17,9 +17,11 @@ #} {% block openid_login_link %} + {% if openid_link is defined %}

{%- trans %}Or login with OpenID!{% endtrans %}

+ {% endif %} {% endblock %} diff --git a/mediagoblin/plugins/persona/README.rst b/mediagoblin/plugins/persona/README.rst new file mode 100644 index 00000000..ef19ac5d --- /dev/null +++ b/mediagoblin/plugins/persona/README.rst @@ -0,0 +1,41 @@ +.. _persona-chapter: + +================ + persona plugin +================ + +The persona plugin allows users to login to you GNU MediaGoblin instance using +`Mozilla Persona`_. + +This plugin can be enabled alongside :ref:`openid-chapter` and +:ref:`basic_auth-chapter`. + +.. note:: + When :ref:`basic_auth-chapter` is enabled alongside this persona plugin, and + a user creates an account using their persona. If they would like to add a + password to their account, they can use the forgot password feature to do + so. + +.. _Mozilla Persona: https://www.mozilla.org/en-US/persona/ + +Set up the persona plugin +========================= + +1. Install the ``requests`` package. + +2. Add the following to your MediaGoblin .ini file in the ``[plugins]`` section:: + + [[mediagoblin.plugins.persona]] + +3. Run:: + + gmg dbupdate + + in order to create and apply migrations to any database tables that the + plugin requires. + +4. Run:: + + gmg assetlink + + in order to persona's static assets. diff --git a/mediagoblin/plugins/persona/__init__.py b/mediagoblin/plugins/persona/__init__.py new file mode 100644 index 00000000..700c18e2 --- /dev/null +++ b/mediagoblin/plugins/persona/__init__.py @@ -0,0 +1,116 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +from pkg_resources import resource_filename +import os + +from sqlalchemy import or_ + +from mediagoblin.auth.tools import create_basic_user +from mediagoblin.db.models import User +from mediagoblin.plugins.persona.models import PersonaUserEmails +from mediagoblin.tools import pluginapi +from mediagoblin.tools.staticdirect import PluginStatic +from mediagoblin.tools.translate import pass_to_ugettext as _ + +PLUGIN_DIR = os.path.dirname(__file__) + + +def setup_plugin(): + config = pluginapi.get_config('mediagoblin.plugins.persona') + + routes = [ + ('mediagoblin.plugins.persona.login', + '/auth/persona/login/', + 'mediagoblin.plugins.persona.views:login'), + ('mediagoblin.plugins.persona.register', + '/auth/persona/register/', + 'mediagoblin.plugins.persona.views:register'), + ('mediagoblin.plugins.persona.edit', + '/edit/persona/', + 'mediagoblin.plugins.persona.views:edit'), + ('mediagoblin.plugins.persona.add', + '/edit/persona/add/', + 'mediagoblin.plugins.persona.views:add')] + + pluginapi.register_routes(routes) + pluginapi.register_template_path(os.path.join(PLUGIN_DIR, 'templates')) + pluginapi.register_template_hooks( + {'persona_end': 'mediagoblin/plugins/persona/persona_js_end.html', + 'persona_form': 'mediagoblin/plugins/persona/persona.html', + 'edit_link': 'mediagoblin/plugins/persona/edit_link.html', + 'login_link': 'mediagoblin/plugins/persona/login_link.html', + 'register_link': 'mediagoblin/plugins/persona/register_link.html'}) + + +def create_user(register_form): + if 'persona_email' in register_form: + username = register_form.username.data + user = User.query.filter( + or_( + User.username == username, + User.email == username, + )).first() + + if not user: + user = create_basic_user(register_form) + + new_entry = PersonaUserEmails() + new_entry.persona_email = register_form.persona_email.data + new_entry.user_id = user.id + new_entry.save() + + return user + + +def extra_validation(register_form): + persona_email = register_form.persona_email.data if 'persona_email' in \ + register_form else None + if persona_email: + persona_email_exists = PersonaUserEmails.query.filter_by( + persona_email=persona_email + ).count() + + extra_validation_passes = True + + if persona_email_exists: + register_form.persona_email.errors.append( + _('Sorry, an account is already registered to that Persona' + ' email.')) + extra_validation_passes = False + + return extra_validation_passes + + +def Auth(): + return True + + +def add_to_global_context(context): + if len(pluginapi.hook_runall('authentication')) == 1: + context['persona_auth'] = True + context['persona'] = True + return context + +hooks = { + 'setup': setup_plugin, + 'authentication': Auth, + 'auth_extra_validation': extra_validation, + 'auth_create_user': create_user, + 'template_global_context': add_to_global_context, + 'static_setup': lambda: PluginStatic( + 'coreplugin_persona', + resource_filename('mediagoblin.plugins.persona', 'static')) +} diff --git a/mediagoblin/plugins/persona/forms.py b/mediagoblin/plugins/persona/forms.py new file mode 100644 index 00000000..608be0c7 --- /dev/null +++ b/mediagoblin/plugins/persona/forms.py @@ -0,0 +1,41 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +import wtforms + +from mediagoblin.tools.translate import lazy_pass_to_ugettext as _ +from mediagoblin.auth.tools import normalize_user_or_email_field + + +class RegistrationForm(wtforms.Form): + username = wtforms.TextField( + _('Username'), + [wtforms.validators.Required(), + normalize_user_or_email_field(allow_email=False)]) + email = wtforms.TextField( + _('Email address'), + [wtforms.validators.Required(), + normalize_user_or_email_field(allow_user=False)]) + persona_email = wtforms.HiddenField( + '', + [wtforms.validators.Required(), + normalize_user_or_email_field(allow_user=False)]) + + +class EditForm(wtforms.Form): + email = wtforms.TextField( + _('Email address'), + [wtforms.validators.Required(), + normalize_user_or_email_field(allow_user=False)]) diff --git a/mediagoblin/plugins/persona/models.py b/mediagoblin/plugins/persona/models.py new file mode 100644 index 00000000..ff3c525a --- /dev/null +++ b/mediagoblin/plugins/persona/models.py @@ -0,0 +1,36 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +from sqlalchemy import Column, Integer, Unicode, ForeignKey +from sqlalchemy.orm import relationship, backref + +from mediagoblin.db.models import User +from mediagoblin.db.base import Base + + +class PersonaUserEmails(Base): + __tablename__ = "persona__user_emails" + + id = Column(Integer, primary_key=True) + persona_email = Column(Unicode, nullable=False) + user_id = Column(Integer, ForeignKey(User.id), nullable=False) + + # Persona's are owned by their user, so do the full thing. + user = relationship(User, backref=backref('persona_emails', + cascade='all, delete-orphan')) + +MODELS = [ + PersonaUserEmails +] diff --git a/mediagoblin/plugins/persona/static/js/persona.js b/mediagoblin/plugins/persona/static/js/persona.js new file mode 100644 index 00000000..a6def398 --- /dev/null +++ b/mediagoblin/plugins/persona/static/js/persona.js @@ -0,0 +1,51 @@ +/** + * GNU MediaGoblin -- federated, autonomous media hosting + * Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +$(document).ready(function () { + var signinLink = document.getElementById('persona_login'); + if (signinLink) { + signinLink.onclick = function() { navigator.id.request(); }; + } + + var signinLink1 = document.getElementById('persona_login1'); + if (signinLink1) { + signinLink1.onclick = function() { navigator.id.request(); }; + } + + var signoutLink = document.getElementById('logout'); + if (signoutLink) { + signoutLink.onclick = function() { navigator.id.logout(); }; + } + + var logout_url = document.getElementById('_logout_url').value; + + navigator.id.watch({ + onlogin: function(assertion) { + document.getElementById('_assertion').value = assertion; + document.getElementById('_persona_login').submit() + }, + onlogout: function() { + $.ajax({ + type: 'GET', + url: logout_url, + success: function(res, status, xhr) { window.location.reload(); }, + error: function(xhr, status, err) { alert("Logout failure: " + err); } + }); + } + }); +}); diff --git a/mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/edit.html b/mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/edit.html new file mode 100644 index 00000000..be62b8cc --- /dev/null +++ b/mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/edit.html @@ -0,0 +1,43 @@ +{# +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +#} +{% extends "mediagoblin/base.html" %} + +{% import "/mediagoblin/utils/wtforms.html" as wtforms_util %} + +{% block title -%} + {% trans %}Add an OpenID{% endtrans %} — {{ super() }} +{%- endblock %} + +{% block mediagoblin_content %} +
+ {{ csrf_token }} +
+

{% trans %}Delete a Persona email address{% endtrans %}

+

+ + {% trans %}Add a Persona email address{% endtrans %} + +

+ {{ wtforms_util.render_divs(form, True) }} +
+ +
+
+
+{% endblock %} diff --git a/mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/edit_link.html b/mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/edit_link.html new file mode 100644 index 00000000..08879da5 --- /dev/null +++ b/mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/edit_link.html @@ -0,0 +1,25 @@ +{# +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +#} + +{% block persona_edit_link %} +

+ + {% trans %}Edit your Persona email addresses{% endtrans %} + +

+{% endblock %} diff --git a/mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/login_link.html b/mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/login_link.html new file mode 100644 index 00000000..975683da --- /dev/null +++ b/mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/login_link.html @@ -0,0 +1,25 @@ +{# +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +#} + +{% block person_login_link %} +

+ + {% trans %}Or login with Persona!{% endtrans %} + +

+{% endblock %} diff --git a/mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/persona.html b/mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/persona.html new file mode 100644 index 00000000..372bd246 --- /dev/null +++ b/mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/persona.html @@ -0,0 +1,32 @@ +{# +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +#} +{% block persona %} +
+ {{ csrf_token }} + + +
+{% endblock %} diff --git a/mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/persona_js_end.html b/mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/persona_js_end.html new file mode 100644 index 00000000..8c0d72d5 --- /dev/null +++ b/mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/persona_js_end.html @@ -0,0 +1,21 @@ +{# +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +#} + + + diff --git a/mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/register_link.html b/mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/register_link.html new file mode 100644 index 00000000..bcd9ae2b --- /dev/null +++ b/mediagoblin/plugins/persona/templates/mediagoblin/plugins/persona/register_link.html @@ -0,0 +1,25 @@ +{# +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +#} + +{% block persona_register_link %} +

+ + {% trans %}Or register with Persona!{% endtrans %} + +

+{% endblock %} diff --git a/mediagoblin/plugins/persona/views.py b/mediagoblin/plugins/persona/views.py new file mode 100644 index 00000000..f3aff38d --- /dev/null +++ b/mediagoblin/plugins/persona/views.py @@ -0,0 +1,191 @@ +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +import json +import logging +import requests + +from werkzeug.exceptions import BadRequest + +from mediagoblin import messages, mg_globals +from mediagoblin.auth.tools import register_user +from mediagoblin.decorators import (auth_enabled, allow_registration, + require_active_login) +from mediagoblin.tools.response import render_to_response, redirect +from mediagoblin.tools.translate import pass_to_ugettext as _ +from mediagoblin.plugins.persona import forms +from mediagoblin.plugins.persona.models import PersonaUserEmails + +_log = logging.getLogger(__name__) + + +def _get_response(request): + if 'assertion' not in request.form: + _log.debug('assertion not in request.form') + raise BadRequest() + + data = {'assertion': request.form['assertion'], + 'audience': request.urlgen('index', qualified=True)} + resp = requests.post('https://verifier.login.persona.org/verify', + data=data, verify=True) + + if resp.ok: + verification_data = json.loads(resp.content) + + if verification_data['status'] == 'okay': + return verification_data['email'] + + return None + + +@auth_enabled +def login(request): + if request.method == 'GET': + return redirect(request, 'mediagoblin.auth.login') + + email = _get_response(request) + if email: + query = PersonaUserEmails.query.filter_by( + persona_email=email + ).first() + user = query.user if query else None + + if user: + request.session['user_id'] = unicode(user.id) + request.session.save() + + return redirect(request, "index") + + else: + if not mg_globals.app.auth: + messages.add_message( + request, + messages.WARNING, + _('Sorry, authentication is disabled on this instance.')) + + return redirect(request, 'index') + + register_form = forms.RegistrationForm(email=email, + persona_email=email) + return render_to_response( + request, + 'mediagoblin/auth/register.html', + {'register_form': register_form, + 'post_url': request.urlgen( + 'mediagoblin.plugins.persona.register')}) + + return redirect(request, 'mediagoblin.auth.login') + + +@allow_registration +@auth_enabled +def register(request): + if request.method == 'GET': + # Need to connect to persona before registering a user. If method is + # 'GET', then this page was acessed without logging in first. + return redirect(request, 'mediagoblin.auth.login') + register_form = forms.RegistrationForm(request.form) + + if register_form.validate(): + user = register_user(request, register_form) + + if user: + # redirect the user to their homepage... there will be a + # message waiting for them to verify their email + return redirect( + request, 'mediagoblin.user_pages.user_home', + user=user.username) + + return render_to_response( + request, + 'mediagoblin/auth/register.html', + {'register_form': register_form, + 'post_url': request.urlgen('mediagoblin.plugins.persona.register')}) + + +@require_active_login +def edit(request): + form = forms.EditForm(request.form) + + if request.method == 'POST' and form.validate(): + query = PersonaUserEmails.query.filter_by( + persona_email=form.email.data) + user = query.first().user if query.first() else None + + if user and user.id == int(request.user.id): + count = len(user.persona_emails) + + if count > 1 or user.pw_hash: + # User has more then one Persona email or also has a password. + query.first().delete() + + messages.add_message( + request, + messages.SUCCESS, + _('The Persona email address was successfully removed.')) + + return redirect(request, 'mediagoblin.edit.account') + + elif not count > 1: + form.email.errors.append( + _("You can't delete your only Persona email address unless" + " you have a password set.")) + + else: + form.email.errors.append( + _('That Persona email address is not registered to this' + ' account.')) + + return render_to_response( + request, + 'mediagoblin/plugins/persona/edit.html', + {'form': form, + 'edit_persona': True}) + + +@require_active_login +def add(request): + if request.method == 'GET': + return redirect(request, 'mediagoblin.plugins.persona.edit') + + email = _get_response(request) + + if email: + query = PersonaUserEmails.query.filter_by( + persona_email=email + ).first() + user_exists = query.user if query else None + + if user_exists: + messages.add_message( + request, + messages.WARNING, + _('Sorry, an account is already registered with that Persona' + ' email address.')) + return redirect(request, 'mediagoblin.plugins.persona.edit') + + else: + # Save the Persona Email to the user + new_entry = PersonaUserEmails() + new_entry.persona_email = email + new_entry.user_id = request.user.id + new_entry.save() + + messages.add_message( + request, + messages.SUCCESS, + _('Your Person email address was saved successfully.')) + + return redirect(request, 'mediagoblin.edit.account') diff --git a/mediagoblin/processing/__init__.py b/mediagoblin/processing/__init__.py index f3a85940..454eb09b 100644 --- a/mediagoblin/processing/__init__.py +++ b/mediagoblin/processing/__init__.py @@ -184,7 +184,6 @@ class BaseProcessingFail(Exception): def __init__(self, **metadata): self.metadata = metadata or {} - class BadMediaFail(BaseProcessingFail): """ Error that should be raised when an inappropriate file was given diff --git a/mediagoblin/processing/task.py b/mediagoblin/processing/task.py index 9af192ed..05cac844 100644 --- a/mediagoblin/processing/task.py +++ b/mediagoblin/processing/task.py @@ -18,11 +18,13 @@ import logging import urllib import urllib2 -from celery import registry, task +import celery +from celery.registry import tasks from mediagoblin import mg_globals as mgg from mediagoblin.db.models import MediaEntry -from . import mark_entry_failed, BaseProcessingFail, ProcessingState +from mediagoblin.processing import (mark_entry_failed, BaseProcessingFail, + ProcessingState) from mediagoblin.tools.processing import json_processing_callback _log = logging.getLogger(__name__) @@ -30,7 +32,7 @@ logging.basicConfig() _log.setLevel(logging.DEBUG) -@task.task(default_retry_delay=2 * 60) +@celery.task(default_retry_delay=2 * 60) def handle_push_urls(feed_url): """Subtask, notifying the PuSH servers of new content @@ -60,14 +62,16 @@ def handle_push_urls(feed_url): 'Giving up.'.format(feed_url)) return False + ################################ # Media processing initial steps ################################ - -class ProcessMedia(task.Task): +class ProcessMedia(celery.Task): """ Pass this entry off for processing. """ + track_started=True + def run(self, media_id, feed_url): """ Pass the media entry off to the appropriate processing function @@ -140,6 +144,4 @@ class ProcessMedia(task.Task): entry = mgg.database.MediaEntry.query.filter_by(id=entry_id).first() json_processing_callback(entry) -# Register the task -process_media = registry.tasks[ProcessMedia.name] - +tasks.register(ProcessMedia) diff --git a/mediagoblin/routing.py b/mediagoblin/routing.py index 9686d103..a9809c44 100644 --- a/mediagoblin/routing.py +++ b/mediagoblin/routing.py @@ -38,8 +38,8 @@ def get_url_map(): import mediagoblin.webfinger.routing import mediagoblin.listings.routing import mediagoblin.notifications.routing - - + import mediagoblin.oauth.routing + for route in PluginManager().get_routes(): add_route(*route) diff --git a/mediagoblin/static/css/base.css b/mediagoblin/static/css/base.css index 1293086d..7fcbb93e 100644 --- a/mediagoblin/static/css/base.css +++ b/mediagoblin/static/css/base.css @@ -812,3 +812,10 @@ pre { #exif_additional_info table tr { margin-bottom: 10px; } + +p.verifier { + text-align:center; + font-size:50px; + none repeat scroll 0% 0% rgb(221, 221, 221); + padding: 1em 0px; +} diff --git a/mediagoblin/static/images/home_goblin.png b/mediagoblin/static/images/home_goblin.png new file mode 100644 index 00000000..5ba9afeb Binary files /dev/null and b/mediagoblin/static/images/home_goblin.png differ diff --git a/mediagoblin/static/js/comment_show.js b/mediagoblin/static/js/comment_show.js index c5ccee66..df3c1093 100644 --- a/mediagoblin/static/js/comment_show.js +++ b/mediagoblin/static/js/comment_show.js @@ -15,12 +15,25 @@ * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ +var content=""; +function previewComment(){ + if ($('#comment_content').val() && (content != $('#comment_content').val())) { + content = $('#comment_content').val(); + $.post($('#previewURL').val(),$('#form_comment').serialize(), + function(data){ + preview = JSON.parse(data) + $('#comment_preview').replaceWith("

" + $('#previewText').val() +"


" + preview.content + + "
"); + }); + } +} $(document).ready(function(){ $('#form_comment').hide(); $('#button_addcomment').click(function(){ $(this).fadeOut('fast'); $('#form_comment').slideDown(function(){ + setInterval("previewComment()",1000); $('#comment_content').focus(); }); }); diff --git a/mediagoblin/submit/lib.py b/mediagoblin/submit/lib.py index 7e85696b..33687a72 100644 --- a/mediagoblin/submit/lib.py +++ b/mediagoblin/submit/lib.py @@ -21,7 +21,7 @@ from werkzeug.datastructures import FileStorage from mediagoblin.db.models import MediaEntry from mediagoblin.processing import mark_entry_failed -from mediagoblin.processing.task import process_media +from mediagoblin.processing.task import ProcessMedia _log = logging.getLogger(__name__) @@ -85,7 +85,7 @@ def run_process_media(entry, feed_url=None): 'mediagoblin.user_pages.atom_feed',qualified=True, user=request.user.username)`""" try: - process_media.apply_async( + ProcessMedia().apply_async( [entry.id, feed_url], {}, task_id=entry.queued_task_id) except BaseException as exc: diff --git a/mediagoblin/submit/views.py b/mediagoblin/submit/views.py index 7c0708ed..8640b8de 100644 --- a/mediagoblin/submit/views.py +++ b/mediagoblin/submit/views.py @@ -90,7 +90,7 @@ def submit_start(request): # Save now so we have this data before kicking off processing entry.save() - # Pass off to processing + # Pass off to async processing # # (... don't change entry after this point to avoid race # conditions with changes to the document via processing code) @@ -98,6 +98,7 @@ def submit_start(request): 'mediagoblin.user_pages.atom_feed', qualified=True, user=request.user.username) run_process_media(entry, feed_url) + add_message(request, SUCCESS, _('Woohoo! Submitted!')) add_comment_subscription(request.user, entry) diff --git a/mediagoblin/templates/mediagoblin/api/authorize.html b/mediagoblin/templates/mediagoblin/api/authorize.html new file mode 100644 index 00000000..d0ec2616 --- /dev/null +++ b/mediagoblin/templates/mediagoblin/api/authorize.html @@ -0,0 +1,56 @@ +{# +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +#} +{% extends "mediagoblin/base.html" %} + +{% block title -%} + {% trans %}Authorization{% endtrans %} — {{ super() }} +{%- endblock %} + +{% block mediagoblin_content %} + +

{% trans %}Authorize{% endtrans %}

+ +

+ {% trans %}You are logged in as{% endtrans %} + {{user.username}} +

+ + {% trans %}Do you want to authorize {% endtrans %} + {% if client.application_name -%} + {{ client.application_name }} + {%- else -%} + {% trans %}an unknown application{% endtrans %} + {%- endif %} + {% trans %} to access your account? {% endtrans %} +

+ {% trans %}Applications with access to your account can: {% endtrans %} +

    +
  • {% trans %}Post new media as you{% endtrans %}
    • +
  • {% trans %}See your information (e.g profile, meida, etc...){% endtrans %}
    • +
  • {% trans %}Change your information{% endtrans %}
    • +
+
+ +
+ {{ csrf_token }} + {{ authorize_form.oauth_token }} + {{ authorize_form.oauth_verifier }} + +
+

+{% endblock %} diff --git a/mediagoblin/templates/mediagoblin/api/oob.html b/mediagoblin/templates/mediagoblin/api/oob.html new file mode 100644 index 00000000..d290472a --- /dev/null +++ b/mediagoblin/templates/mediagoblin/api/oob.html @@ -0,0 +1,33 @@ +{# +# GNU MediaGoblin -- federated, autonomous media hosting +# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +#} +{% extends "mediagoblin/base.html" %} + +{% block title -%} + {% trans %}Authorization Finished{% endtrans %} — {{ super() }} +{%- endblock %} + +{% block mediagoblin_content %} + +

{% trans %}Authorization Complete{% endtrans %}

+ +

{% trans %}Copy and paste this into your client:{% endtrans %}

+ +

+ {{ oauth_request.verifier }} +

+{% endblock %} diff --git a/mediagoblin/templates/mediagoblin/base.html b/mediagoblin/templates/mediagoblin/base.html index 6eaad70b..7d53585b 100644 --- a/mediagoblin/templates/mediagoblin/base.html +++ b/mediagoblin/templates/mediagoblin/base.html @@ -23,6 +23,7 @@ + {% block title %}{{ app_config['html_title'] }}{% endblock %} @@ -60,24 +61,35 @@ {%- if request.user %} {% if request.user and request.user.status == 'active' %} - {% set notification_count = request.notifications.get_notification_count(request.user.id) %} + {% set notification_count = get_notification_count(request.user.id) %} {% if notification_count %} - - {{ notification_count }} + + {{ notification_count }} {% endif %} -
-
+ + {% elif request.user and request.user.status == "needs_email_verification" %} {# the following link should only appear when verification is needed #} {% trans %}Verify your email!{% endtrans %} - or {% trans %}log out{% endtrans %} + or {% trans %}log out{% endtrans %} {% endif %} {%- elif auth %} - + {%- trans %}Log in{% endtrans -%} {%- endif %} @@ -101,7 +113,13 @@ {%- trans %}Media processing panel{% endtrans -%} · - {% trans %}Log out{% endtrans %} + {% trans %}Log out{% endtrans %}

{%- trans %}Add media{% endtrans -%} @@ -134,6 +152,9 @@ {% include "mediagoblin/utils/messages.html" %} {% block mediagoblin_content %} {% endblock mediagoblin_content %} + {% if csrf_token is defined %} + {% template_hook("persona_form") %} + {% endif %} {%- include "mediagoblin/bits/base_footer.html" %} diff --git a/mediagoblin/templates/mediagoblin/bits/body_end.html b/mediagoblin/templates/mediagoblin/bits/body_end.html index bb7b9762..c8f5e2d6 100644 --- a/mediagoblin/templates/mediagoblin/bits/body_end.html +++ b/mediagoblin/templates/mediagoblin/bits/body_end.html @@ -15,3 +15,5 @@ # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . -#} + +{% template_hook("persona_end") %} diff --git a/mediagoblin/templates/mediagoblin/bits/frontpage_welcome.html b/mediagoblin/templates/mediagoblin/bits/frontpage_welcome.html index 9ef28a4d..4e55e618 100644 --- a/mediagoblin/templates/mediagoblin/bits/frontpage_welcome.html +++ b/mediagoblin/templates/mediagoblin/bits/frontpage_welcome.html @@ -19,21 +19,27 @@ {% if request.user %}

{% trans %}Explore{% endtrans %}

{% else %} +

{% trans %}Hi there, welcome to this MediaGoblin site!{% endtrans %}

-

{% trans %}This site is running MediaGoblin, an extraordinarily great piece of media hosting software.{% endtrans %}

{% if auth %}

{% trans %}To add your own media, place comments, and more, you can log in with your MediaGoblin account.{% endtrans %}

{% if allow_registration %}

{% trans %}Don't have one yet? It's easy!{% endtrans %}

- {% trans register_url=request.urlgen('mediagoblin.auth.register') -%} - Create an account at this site + Create an account at this site or {%- endtrans %} {% endif %} {% endif %} {% trans %} - Set up MediaGoblin on your own server + Set up MediaGoblin on your own server {%- endtrans %}
diff --git a/mediagoblin/templates/mediagoblin/fragments/header_notifications.html b/mediagoblin/templates/mediagoblin/fragments/header_notifications.html index 613100aa..70d7935a 100644 --- a/mediagoblin/templates/mediagoblin/fragments/header_notifications.html +++ b/mediagoblin/templates/mediagoblin/fragments/header_notifications.html @@ -1,4 +1,4 @@ -{% set notifications = request.notifications.get_notifications(request.user.id) %} +{% set notifications = get_notifications(request.user.id) %} {% if notifications %}

{% trans %}New comments{% endtrans %}

diff --git a/mediagoblin/templates/mediagoblin/user_pages/media.html b/mediagoblin/templates/mediagoblin/user_pages/media.html index 441452f2..e161afc9 100644 --- a/mediagoblin/templates/mediagoblin/user_pages/media.html +++ b/mediagoblin/templates/mediagoblin/user_pages/media.html @@ -90,7 +90,8 @@ {% if app_config['allow_comments'] %} {% trans %}Add a comment{% endtrans %} @@ -107,7 +108,10 @@ {{ csrf_token }}
+ + +
{% endif %}