diff MoinMoin/wsgiapp.py @ 4193:1e954e802ed2

Start to make auth work again with the new session layer
author Florian Krupicka <florian.krupicka@googlemail.com>
date Fri, 27 Jun 2008 18:38:29 +0200
parents 105c5469ac05
children 9c80451df643
line wrap: on
line diff
--- a/MoinMoin/wsgiapp.py	Wed Jun 25 01:04:42 2008 +0200
+++ b/MoinMoin/wsgiapp.py	Fri Jun 27 18:38:29 2008 +0200
@@ -13,7 +13,7 @@
 from MoinMoin.web.contexts import HTTPContext, RenderContext, AllContext
 from MoinMoin.web.request import Request
 from MoinMoin.web.utils import check_spider, check_forbidden, check_setuid
-from MoinMoin.web.utils import check_surge_protect, handle_auth_form
+from MoinMoin.web.utils import check_surge_protect
 from MoinMoin.web.apps import HTTPExceptionsMiddleware
 
 from MoinMoin.Page import Page
@@ -35,7 +35,34 @@
 
     request.session = request.cfg.session_service.get_session(request)
 
-    check_setuid(request)
+    # auth & user handling
+    userobj = None
+    form = request.form
+
+    if 'login' in form:
+        params = {
+            'username': form.get('name'),
+            'password': form.get('password'),
+            'attended': True,
+            'openid_identifier': form.get('openid_identifier'),
+            'stage': form.get('stage')
+        }
+        userobj = auth.handle_login(request, userobj, **params)
+    elif 'logout' in form:
+        userobj = auth.handle_logout(request, userobj)
+    else:
+        userobj = auth.handle_request(request, userobj)
+
+    userobj, olduser = check_setuid(request, userobj)
+
+    if not userobj:
+        userobj = user.User(request, auth_method='request:invalid')
+
+    request.user = userobj
+    request._setuid_real_user = olduser
+
+    # preliminary access control
+    # check against spiders, blacklists and request-spam
     check_forbidden(request)
     check_surge_protect(request)