changeset 3704:6b3274cd86c6

make recoverpass/newaccount refuse access unless MoinAuth is enabled
author Johannes Berg <johannes AT sipsolutions DOT net>
date Thu, 12 Jun 2008 16:56:20 +0200
parents a2fd6dceccd2
children ac48fad2e117
files MoinMoin/action/newaccount.py MoinMoin/action/recoverpass.py
diffstat 2 files changed, 24 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/action/newaccount.py	Thu Jun 12 15:39:13 2008 +0200
+++ b/MoinMoin/action/newaccount.py	Thu Jun 12 16:56:20 2008 +0200
@@ -10,6 +10,7 @@
 from MoinMoin.Page import Page
 from MoinMoin.widget import html
 from MoinMoin.security.textcha import TextCha
+from MoinMoin.auth import MoinAuth
 
 
 _debug = False
@@ -158,7 +159,17 @@
     return unicode(ret)
 
 def execute(pagename, request):
-    pagename = pagename
+    found = False
+    for auth in request.cfg.auth:
+        if isinstance(auth, MoinAuth):
+            found = True
+            break
+
+    if not found:
+        # we will not have linked, so forbid access
+        request.makeForbidden403()
+        return
+
     page = Page(request, pagename)
     _ = request.getText
     form = request.form
--- a/MoinMoin/action/recoverpass.py	Thu Jun 12 15:39:13 2008 +0200
+++ b/MoinMoin/action/recoverpass.py	Thu Jun 12 16:56:20 2008 +0200
@@ -9,6 +9,7 @@
 from MoinMoin import user, wikiutil
 from MoinMoin.Page import Page
 from MoinMoin.widget import html
+from MoinMoin.auth import MoinAuth
 
 def _do_email(request, u):
     _ = request.getText
@@ -138,7 +139,17 @@
 
 
 def execute(pagename, request):
-    pagename = pagename
+    found = False
+    for auth in request.cfg.auth:
+        if isinstance(auth, MoinAuth):
+            found = True
+            break
+
+    if not found:
+        # we will not have linked, so forbid access
+        request.makeForbidden403()
+        return
+
     page = Page(request, pagename)
     _ = request.getText
     form = request.form