heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'pre-auth' into basic_auth

Browse Source 
Conflicts:
	mediagoblin/auth/tools.py
	mediagoblin/auth/views.py
	mediagoblin/db/migrations.py
	mediagoblin/plugins/basic_auth/lib.py
	mediagoblin/plugins/httpapiauth/__init__.py
	mediagoblin/plugins/piwigo/views.py
This commit is contained in:
Rodney Ewing 2013-05-27 08:25:22 -07:00
commit bcd10ad663
6 changed files with 92 additions and 75 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
mediagoblin/auth/tools.py
View File

@ -15,15 +15,21 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
import logging import logging
import wtforms
from mediagoblin import messages, mg_globals import wtforms
from mediagoblin.tools.mail import normalize_email, send_email from sqlalchemy import or_
from mediagoblin import mg_globals
from mediagoblin.auth import lib as auth_lib
from mediagoblin.db.models import User
from mediagoblin.tools.mail import (normalize_email, send_email,
email_debug_message)
from mediagoblin.tools.translate import lazy_pass_to_ugettext as _ from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
from mediagoblin.tools.template import render_template from mediagoblin.tools.template import render_template
from mediagoblin.tools.pluginapi import hook_handle from mediagoblin.tools.pluginapi import hook_handle
from mediagoblin import auth from mediagoblin import auth
from mediagoblin.db.models import User
_log = logging.getLogger(__name__)
_log = logging.getLogger(__name__) _log = logging.getLogger(__name__)
@ -87,6 +93,41 @@ def no_auth_logout(request):
request.session.delete() request.session.delete()
EMAIL_VERIFICATION_TEMPLATE = (
u"http://{host}{uri}?"
u"userid={userid}&token={verification_key}")
def send_verification_email(user, request):
"""
Send the verification email to users to activate their accounts.
Args:
- user: a user object
- request: the request
"""
rendered_email = render_template(
request, 'mediagoblin/auth/verification_email.txt',
{'username': user.username,
'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
host=request.host,
uri=request.urlgen('mediagoblin.auth.verify_email'),
userid=unicode(user.id),
verification_key=user.verification_key)})
# TODO: There is no error handling in place
send_email(
mg_globals.app_config['email_sender_address'],
[user.email],
# TODO
# Due to the distributed nature of GNU MediaGoblin, we should
# find a way to send some additional information about the
# specific GNU MediaGoblin instance in the subject line. For
# example "GNU MediaGoblin @ Wandborg - [...]".
'GNU MediaGoblin - Verify your email!',
rendered_email)
def basic_extra_validation(register_form, *args): def basic_extra_validation(register_form, *args):
users_with_username = User.query.filter_by( users_with_username = User.query.filter_by(
username=register_form.username.data).count() username=register_form.username.data).count()
@ -127,54 +168,6 @@ def register_user(request, register_form):
return None return None
def email_debug_message(request):
"""
If the server is running in email debug mode (which is
the current default), give a debug message to the user
so that they have an idea where to find their email.
"""
if mg_globals.app_config['email_debug_mode']:
# DEBUG message, no need to translate
messages.add_message(request, messages.DEBUG,
u"This instance is running in email debug mode. "
u"The email will be on the console of the server process.")
EMAIL_VERIFICATION_TEMPLATE = (
u"http://{host}{uri}?"
u"userid={userid}&token={verification_key}")
def send_verification_email(user, request):
"""
Send the verification email to users to activate their accounts.
Args:
- user: a user object
- request: the request
"""
rendered_email = render_template(
request, 'mediagoblin/auth/verification_email.txt',
{'username': user.username,
'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
host=request.host,
uri=request.urlgen('mediagoblin.auth.verify_email'),
userid=unicode(user.id),
verification_key=user.verification_key)})
# TODO: There is no error handling in place
send_email(
mg_globals.app_config['email_sender_address'],
[user.email],
# TODO
# Due to the distributed nature of GNU MediaGoblin, we should
# find a way to send some additional information about the
# specific GNU MediaGoblin instance in the subject line. For
# example "GNU MediaGoblin @ Wandborg - [...]".
'GNU MediaGoblin - Verify your email!',
rendered_email)
EMAIL_FP_VERIFICATION_TEMPLATE = ( EMAIL_FP_VERIFICATION_TEMPLATE = (
u"http://{host}{uri}?" u"http://{host}{uri}?"
u"userid={userid}&token={fp_verification_key}") u"userid={userid}&token={fp_verification_key}")
@ -203,3 +196,19 @@ def send_fp_verification_email(user, request):
[user.email], [user.email],
'GNU MediaGoblin - Change forgotten password!', 'GNU MediaGoblin - Change forgotten password!',
rendered_email) rendered_email)
def check_login_simple(username, password, username_might_be_email=False):
search = (User.username == username)
if username_might_be_email and ('@' in username):
search = or_(search, User.email == username)
user = User.query.filter(search).first()
if not user:
_log.info("User %r not found", username)
auth_lib.fake_login_attempt()
return None
if not auth_lib.bcrypt_check_password(password, user.pw_hash):
_log.warn("Wrong password for %r", username)
return None
_log.info("Logging %r in", username)
return user

18
mediagoblin/auth/views.py
View File

@ -21,11 +21,13 @@ from mediagoblin import messages, mg_globals
from mediagoblin.db.models import User from mediagoblin.db.models import User
from mediagoblin.tools.response import render_to_response, redirect, render_404 from mediagoblin.tools.response import render_to_response, redirect, render_404
from mediagoblin.tools.translate import pass_to_ugettext as _ from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.tools.mail import email_debug_message
from mediagoblin.auth import lib as auth_lib from mediagoblin.auth import lib as auth_lib
from mediagoblin.auth import forms as auth_forms from mediagoblin.auth import forms as auth_forms
from mediagoblin.auth.tools import (send_verification_email, from mediagoblin.auth.tools import (send_verification_email,
register_user, email_debug_message, register_user,
send_fp_verification_email) send_fp_verification_email,
check_login_simple)
from mediagoblin import auth from mediagoblin import auth
@ -92,10 +94,12 @@ def login(request):
login_failed = False login_failed = False
if request.method == 'POST': if request.method == 'POST':
if login_form.validate(): username = login_form.username.data
user = auth.get_user(login_form)
if user and auth.check_login(user, login_form.password.data): if login_form.validate():
user = check_login_simple(username, login_form.password.data, True)
if user:
# set up login in session # set up login in session
request.session['user_id'] = unicode(user.id) request.session['user_id'] = unicode(user.id)
request.session.save() request.session.save()
@ -105,10 +109,6 @@ def login(request):
else: else:
return redirect(request, "index") return redirect(request, "index")
# Some failure during login occured if we are here!
# Prevent detecting who's on this system by testing login
# attempt timings
auth.fake_login_attempt()
login_failed = True login_failed = True
return render_to_response( return render_to_response(

2
mediagoblin/db/migrations.py
View File

@ -296,3 +296,5 @@ def pw_hash_nullable(db):
user_table = inspect_table(metadata, "core__users") user_table = inspect_table(metadata, "core__users")
user_table.c.pw_hash.alter(nullable=True) user_table.c.pw_hash.alter(nullable=True)
db.commit()

8
mediagoblin/plugins/httpapiauth/__init__.py
View File

@ -18,8 +18,8 @@ import logging
from werkzeug.exceptions import Unauthorized from werkzeug.exceptions import Unauthorized
from mediagoblin.auth.tools import check_login_simple
from mediagoblin.plugins.api.tools import Auth from mediagoblin.plugins.api.tools import Auth
from mediagoblin.auth import check_login
_log = logging.getLogger(__name__) _log = logging.getLogger(__name__)
@ -40,10 +40,10 @@ class HTTPAuth(Auth):
if not request.authorization: if not request.authorization:
return False return False
user = request.db.User.query.filter_by( user = check_login_simple(unicode(request.authorization['username']),
username=unicode(request.authorization['username'])).first() request.authorization['password'])
if check_login(user, request.authorization['password']): if user:
request.user = user request.user = user
return True return True
else: else:

11
mediagoblin/plugins/piwigo/views.py
View File

@ -23,6 +23,7 @@ from werkzeug.exceptions import MethodNotAllowed, BadRequest, NotImplemented
from werkzeug.wrappers import BaseResponse from werkzeug.wrappers import BaseResponse
from mediagoblin.meddleware.csrf import csrf_exempt from mediagoblin.meddleware.csrf import csrf_exempt
from mediagoblin.auth.tools import check_login_simple
from mediagoblin.media_types import sniff_media from mediagoblin.media_types import sniff_media
from mediagoblin.submit.lib import check_file_field, prepare_queue_task, \ from mediagoblin.submit.lib import check_file_field, prepare_queue_task, \
run_process_media, new_upload_entry run_process_media, new_upload_entry
@ -32,8 +33,6 @@ from mediagoblin.db.models import Collection
from .tools import CmdTable, response_xml, check_form, \ from .tools import CmdTable, response_xml, check_form, \
PWGSession, PwgNamedArray, PwgError PWGSession, PwgNamedArray, PwgError
from mediagoblin.plugins.basic_auth.lib import fake_login_attempt
from mediagoblin.auth import check_login
from .forms import AddSimpleForm, AddForm from .forms import AddSimpleForm, AddForm
@ -44,15 +43,9 @@ _log = logging.getLogger(__name__)
def pwg_login(request): def pwg_login(request):
username = request.form.get("username") username = request.form.get("username")
password = request.form.get("password") password = request.form.get("password")
user = request.db.User.query.filter_by(username=username).first() user = check_login_simple(username, password)
if not user: if not user:
_log.info("User %r not found", username)
fake_login_attempt()
return PwgError(999, 'Invalid username/password') return PwgError(999, 'Invalid username/password')
if not check_login(user, password):
_log.warn("Wrong password for %r", username)
return PwgError(999, 'Invalid username/password')
_log.info("Logging %r in", username)
request.session["user_id"] = user.id request.session["user_id"] = user.id
request.session.save() request.session.save()
return True return True

15
mediagoblin/tools/mail.py
View File

@ -16,7 +16,7 @@
import smtplib import smtplib
from email.MIMEText import MIMEText from email.MIMEText import MIMEText
from mediagoblin import mg_globals from mediagoblin import mg_globals, messages
from mediagoblin.tools import common from mediagoblin.tools import common
### ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ### ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -135,3 +135,16 @@ def normalize_email(email):
return None return None
email = "@".join((em_user, em_dom.lower())) email = "@".join((em_user, em_dom.lower()))
return email return email
def email_debug_message(request):
"""
If the server is running in email debug mode (which is
the current default), give a debug message to the user
so that they have an idea where to find their email.
"""
if mg_globals.app_config['email_debug_mode']:
# DEBUG message, no need to translate
messages.add_message(request, messages.DEBUG,
u"This instance is running in email debug mode. "
u"The email will be on the console of the server process.")