heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

basic_auth v0 plugin working

Browse Source
This commit is contained in:
Rodney Ewing 2013-05-03 08:50:30 -07:00
parent b75eb88fab
commit ee355966c8
6 changed files with 162 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
mediagoblin.ini
View File

@ -47,3 +47,4 @@ base_url = /mgoblin_media/
# documentation for details. # documentation for details.
[plugins] [plugins]
[[mediagoblin.plugins.geolocation]] [[mediagoblin.plugins.geolocation]]
[[mediagoblin.plugins.basic_auth]]

29
mediagoblin/auth/__init__.py
View File

@ -13,3 +13,32 @@
# #
# You should have received a copy of the GNU Affero General Public License # You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
from mediagoblin.tools.pluginapi import hook_handle
def check_login(user, login_form):
return hook_handle("auth_check_login", user, login_form)
def get_user(*args):
return hook_handle("auth_get_user", *args)
def create_user(*args):
return hook_handle("auth_create_user", *args)
def extra_validation(register_form, *args):
return hook_handle("auth_extra_validation", register_form, *args)
def get_user_metadata(user):
return hook_handle("auth_get_user_metadata", user)
def get_login_form(request):
return hook_handle("auth_get_login_form", request)
def get_registration_form(request):
return hook_handle("auth_get_registration_form", request)

26
mediagoblin/auth/forms.py
View File

@ -21,32 +21,6 @@ from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
from mediagoblin.auth.tools import normalize_user_or_email_field from mediagoblin.auth.tools import normalize_user_or_email_field
class RegistrationForm(wtforms.Form):
username = wtforms.TextField(
_('Username'),
[wtforms.validators.Required(),
normalize_user_or_email_field(allow_email=False)])
password = wtforms.PasswordField(
_('Password'),
[wtforms.validators.Required(),
wtforms.validators.Length(min=5, max=1024)])
email = wtforms.TextField(
_('Email address'),
[wtforms.validators.Required(),
normalize_user_or_email_field(allow_user=False)])
class LoginForm(wtforms.Form):
username = wtforms.TextField(
_('Username or Email'),
[wtforms.validators.Required(),
normalize_user_or_email_field()])
password = wtforms.PasswordField(
_('Password'),
[wtforms.validators.Required(),
wtforms.validators.Length(min=5, max=1024)])
class ForgotPassForm(wtforms.Form): class ForgotPassForm(wtforms.Form):
username = wtforms.TextField( username = wtforms.TextField(
_('Username or email'), _('Username or email'),

39
mediagoblin/auth/views.py
View File

@ -25,6 +25,7 @@ from mediagoblin.auth import lib as auth_lib
from mediagoblin.auth import forms as auth_forms from mediagoblin.auth import forms as auth_forms
from mediagoblin.auth.lib import send_verification_email, \ from mediagoblin.auth.lib import send_verification_email, \
send_fp_verification_email send_fp_verification_email
import mediagoblin.auth as auth
from sqlalchemy import or_ from sqlalchemy import or_
def email_debug_message(request): def email_debug_message(request):
@ -54,33 +55,15 @@ def register(request):
_('Sorry, registration is disabled on this instance.')) _('Sorry, registration is disabled on this instance.'))
return redirect(request, "index") return redirect(request, "index")
register_form = auth_forms.RegistrationForm(request.form) register_form = auth.get_registration_form(request)
if request.method == 'POST' and register_form.validate(): if request.method == 'POST' and register_form.validate():
# TODO: Make sure the user doesn't exist already # TODO: Make sure the user doesn't exist already
users_with_username = User.query.filter_by(username=register_form.data['username']).count() extra_validation_passes = auth.extra_validation(register_form)
users_with_email = User.query.filter_by(email=register_form.data['email']).count()
extra_validation_passes = True
if users_with_username:
register_form.username.errors.append(
_(u'Sorry, a user with that name already exists.'))
extra_validation_passes = False
if users_with_email:
register_form.email.errors.append(
_(u'Sorry, a user with that email address already exists.'))
extra_validation_passes = False
if extra_validation_passes: if extra_validation_passes:
# Create the user # Create the user
user = User() user = auth.create_user(register_form)
user.username = register_form.data['username']
user.email = register_form.data['email']
user.pw_hash = auth_lib.bcrypt_gen_password_hash(
register_form.password.data)
user.verification_key = unicode(uuid.uuid4())
user.save()
# log the user in # log the user in
request.session['user_id'] = unicode(user.id) request.session['user_id'] = unicode(user.id)
@ -108,23 +91,15 @@ def login(request):
If you provide the POST with 'next', it'll redirect to that view. If you provide the POST with 'next', it'll redirect to that view.
""" """
login_form = auth_forms.LoginForm(request.form) login_form = auth.get_login_form(request)
login_failed = False login_failed = False
if request.method == 'POST': if request.method == 'POST':
username = login_form.data['username']
if login_form.validate(): if login_form.validate():
user = User.query.filter( user = auth.get_user(login_form)
or_(
User.username == username,
User.email == username,
)).first() if user and auth.check_login(user, login_form):
if user and user.check_login(login_form.password.data):
# set up login in session # set up login in session
request.session['user_id'] = unicode(user.id) request.session['user_id'] = unicode(user.id)
request.session.save() request.session.save()

95
mediagoblin/plugins/basic_auth/__init__.py Normal file
View File

@ -0,0 +1,95 @@
# GNU MediaGoblin -- federated, autonomous media hosting
# Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import os
import uuid
import forms as auth_forms
from mediagoblin.auth import lib as auth_lib
from mediagoblin.db.models import User
from mediagoblin.tools.translate import pass_to_ugettext as _
from mediagoblin.tools import pluginapi
from sqlalchemy import or_
PLUGIN_DIR = os.path.dirname(__file__)
def setup_plugin():
config = pluginapi.get_config('mediagoblin.pluginapi.basic_auth')
def check_login(user, login_form):
return user.check_login(login_form.password.data)
def get_user(login_form):
username = login_form.data['username']
user = User.query.filter(
or_(
User.username == username,
User.email == username,
)).first()
return user
def create_user(registration_form):
user = User()
user.username = registration_form.data['username']
user.email = registration_form.data['email']
user.pw_hash = auth_lib.bcrypt_gen_password_hash(
registration_form.password.data)
user.verification_key = unicode(uuid.uuid4())
user.save()
return user
def extra_validation(register_form, *args):
users_with_username = User.query.filter_by(
username=register_form.data['username']).count()
users_with_email = User.query.filter_by(
email=register_form.data['email']).count()
extra_validation_passes = True
if users_with_username:
register_form.username.errors.append(
_(u'Sorry, a user with that name already exists.'))
extra_validation_passes = False
if users_with_email:
register_form.email.errors.append(
_(u'Sorry, a user with that email address already exists.'))
extra_validation_passes = False
return extra_validation_passes
def get_login_form(request):
return auth_forms.LoginForm(request.form)
def get_registration_form(request):
return auth_forms.RegistrationForm(request.form)
hooks = {
'setup': setup_plugin,
'auth_check_login': check_login,
'auth_get_user': get_user,
'auth_create_user': create_user,
'auth_extra_validation': extra_validation,
'auth_get_login_form': get_login_form,
'auth_get_registration_form': get_registration_form,
}

30
mediagoblin/plugins/basic_auth/forms.py Normal file
View File

@ -0,0 +1,30 @@
import wtforms
from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
from mediagoblin.auth.forms import normalize_user_or_email_field
class RegistrationForm(wtforms.Form):
username = wtforms.TextField(
_('Username'),
[wtforms.validators.Required(),
normalize_user_or_email_field(allow_email=False)])
password = wtforms.PasswordField(
_('Password'),
[wtforms.validators.Required(),
wtforms.validators.Length(min=5, max=1024)])
email = wtforms.TextField(
_('Email address'),
[wtforms.validators.Required(),
normalize_user_or_email_field(allow_user=False)])
class LoginForm(wtforms.Form):
username = wtforms.TextField(
_('Username or Email'),
[wtforms.validators.Required(),
normalize_user_or_email_field()])
password = wtforms.PasswordField(
_('Password'),
[wtforms.validators.Required(),
wtforms.validators.Length(min=5, max=1024)])