Merge branch 'pre-auth' into basic_auth

Conflicts: mediagoblin/auth/tools.py mediagoblin/auth/views.py mediagoblin/db/migrations.py mediagoblin/plugins/basic_auth/lib.py mediagoblin/plugins/httpapiauth/__init__.py mediagoblin/plugins/piwigo/views.py
2013-05-27 08:25:22 -07:00
parent f339b76a4e 1d321f1c71
commit bcd10ad663
6 changed files with 92 additions and 75 deletions
--- a/mediagoblin/plugins/httpapiauth/init.py
+++ b/mediagoblin/plugins/httpapiauth/init.py
@@ -18,8 +18,8 @@ import logging

 from werkzeug.exceptions import Unauthorized

+from mediagoblin.auth.tools import check_login_simple
 from mediagoblin.plugins.api.tools import Auth
-from mediagoblin.auth import check_login

 _log = logging.getLogger(__name__)

@@ -40,10 +40,10 @@ class HTTPAuth(Auth):
        if not request.authorization:
            return False

-        user = request.db.User.query.filter_by(
-                username=unicode(request.authorization['username'])).first()
+        user = check_login_simple(unicode(request.authorization['username']),
+                                  request.authorization['password'])

-        if check_login(user, request.authorization['password']):
+        if user:
            request.user = user
            return True
        else:
--- a/mediagoblin/plugins/piwigo/views.py
+++ b/mediagoblin/plugins/piwigo/views.py
@@ -23,6 +23,7 @@ from werkzeug.exceptions import MethodNotAllowed, BadRequest, NotImplemented
 from werkzeug.wrappers import BaseResponse

 from mediagoblin.meddleware.csrf import csrf_exempt
+from mediagoblin.auth.tools import check_login_simple
 from mediagoblin.media_types import sniff_media
 from mediagoblin.submit.lib import check_file_field, prepare_queue_task, \
    run_process_media, new_upload_entry
@@ -32,8 +33,6 @@ from mediagoblin.db.models import Collection

 from .tools import CmdTable, response_xml, check_form, \
    PWGSession, PwgNamedArray, PwgError
-from mediagoblin.plugins.basic_auth.lib import fake_login_attempt
-from mediagoblin.auth import check_login
 from .forms import AddSimpleForm, AddForm


@@ -44,15 +43,9 @@ _log = logging.getLogger(__name__)
 def pwg_login(request):
    username = request.form.get("username")
    password = request.form.get("password")
-    user = request.db.User.query.filter_by(username=username).first()
+    user = check_login_simple(username, password)
    if not user:
-        _log.info("User %r not found", username)
-        fake_login_attempt()
        return PwgError(999, 'Invalid username/password')
-    if not check_login(user, password):
-        _log.warn("Wrong password for %r", username)
-        return PwgError(999, 'Invalid username/password')
-    _log.info("Logging %r in", username)
    request.session["user_id"] = user.id
    request.session.save()
    return True