Mercurial > moin > 1.9
changeset 298:6c74345f4d55
cleaned up and moved moin's cookie stuff to auth.moin_cookie
imported from: moin--main--1.5--patch-302
author | Thomas Waldmann <tw@waldmann-edv.de> |
---|---|
date | Wed, 07 Dec 2005 00:22:10 +0000 |
parents | fe57f191672e |
children | da111ed329ee |
files | MoinMoin/auth.py MoinMoin/request.py MoinMoin/theme/__init__.py MoinMoin/userform.py docs/CHANGES |
diffstat | 5 files changed, 34 insertions(+), 78 deletions(-) [+] |
line wrap: on
line diff
--- a/MoinMoin/auth.py Tue Dec 06 22:08:55 2005 +0000 +++ b/MoinMoin/auth.py Wed Dec 07 00:22:10 2005 +0000 @@ -47,6 +47,24 @@ def moin_cookie(request, **kw): """ authenticate via the MOIN_ID cookie """ + if kw.get('login'): + name = kw.get('name') + password = kw.get('password') + u = user.User(request, name=name, password=password, + auth_method='login_userpassword') + if u.valid: + request.user = u # needed by setCookie + request.setCookie() + return u, False + return None, True + + if kw.get('logout'): + # clear the cookie in the browser and locally. Does not + # check if we have a valid user logged, just make sure we + # don't have one after this call. + request.deleteCookie() + return None, True + try: cookie = Cookie.SimpleCookie(request.saved_cookie) except Cookie.CookieError:
--- a/MoinMoin/request.py Tue Dec 06 22:08:55 2005 +0000 +++ b/MoinMoin/request.py Wed Dec 07 00:22:10 2005 +0000 @@ -240,8 +240,7 @@ self.remote_addr = env.get('REMOTE_ADDR', '') self.http_user_agent = env.get('HTTP_USER_AGENT', '') - # REQUEST_URI is not part of CGI spec, but an addition of - # Apache. + # REQUEST_URI is not part of CGI spec, but an addition of Apache. self.request_uri = env.get('REQUEST_URI', '') # Values that need more work @@ -430,7 +429,7 @@ password = self.form.get('password', [None])[0] login = self.form.has_key('login') logout = self.form.has_key('logout') - + for auth in self.cfg.auth: user_obj, continue_flag = auth(self, name=name, password=password, @@ -1507,7 +1506,7 @@ header = header.encode('ascii') key, value = header.split(':',1) value = value.lstrip() - if key.lower()=='set-cookie': + if key.lower() == 'set-cookie': key, value = value.split('=',1) self.twistd.addCookie(key, value) else:
--- a/MoinMoin/theme/__init__.py Tue Dec 06 22:08:55 2005 +0000 +++ b/MoinMoin/theme/__init__.py Wed Dec 07 00:22:10 2005 +0000 @@ -225,13 +225,12 @@ if request.cfg.show_login: if request.user.valid: - #loghtml = preferencesPage.link_to(request, text=_("Logout")) userlinks.append("""\ -<form action="/" method="POST"> +<form action="" method="POST"> <input type="hidden" name="action" value="userform"> <input type="submit" name="logout" value="%(logout)s"> </form> -""" % { 'logout': _('Logout') }) # XXX add path instead of / +""" % { 'logout': _('Logout') }) else: userlinks.append(preferencesPage.link_to(request, text=_("Login")))
--- a/MoinMoin/userform.py Tue Dec 06 22:08:55 2005 +0000 +++ b/MoinMoin/userform.py Wed Dec 07 00:22:10 2005 +0000 @@ -6,7 +6,7 @@ @license: GNU GPL, see COPYING for details. """ -import string, time, re, Cookie +import string, time, re from MoinMoin import user, util, wikiutil from MoinMoin.util import web, mail, datetime from MoinMoin.widget import html @@ -64,13 +64,6 @@ _ = self._ form = self.request.form - if form.has_key('logout'): - # clear the cookie in the browser and locally. Does not - # check if we have a valid user logged, just make sure we - # don't have one after this call. - self.request.deleteCookie() - return _("Cookie deleted. You are now logged out.") - if form.has_key('account_sendmail'): if not self.cfg.mail_enabled: return _("""This wiki is not enabled for mail processing. @@ -89,59 +82,9 @@ return _("Found no account matching the given email address '%(email)s'!") % {'email': wikiutil.escape(email)} - if form.has_key('login'): - # Trying to login with a user name and a password - - # Require valid user name - name = form.get('name', [''])[0] - if not user.isValidName(self.request, name): - return _("""Invalid user name {{{'%s'}}}. -Name may contain any Unicode alpha numeric character, with optional one -space between words. Group page name is not allowed.""") % wikiutil.escape(name) - - # Check that user exists - if not user.getUserId(self.request, name): - return _('Unknown user name: {{{"%s"}}}. Please enter' - ' user name and password.') % name - - # Require password - password = form.get('password',[None])[0] - if not password: - return _("Missing password. Please enter user name and password.") - - # Load the user data and check for validness - theuser = user.User(self.request, name=name, password=password, - auth_method='login_userpassword') - if not theuser.valid: - if theuser.disabled: - return _('Account "%s" is disabled.') % name - else: - return _("Sorry, wrong password.") - - # Save the user and send a cookie - self.request.user = theuser - self.request.setCookie() - - elif form.has_key('uid'): - # Trying to login with the login URL, soon to be removed! - try: - uid = form['uid'][0] - except KeyError: - return _("Bad relogin URL.") - - # Load the user data and check for validness - theuser = user.User(self.request, uid, - auth_method='login_uid') - if not theuser.valid: - return _("Unknown user.") - - # Save the user and send a cookie - self.request.user = theuser - self.request.setCookie() - - elif (form.has_key('create') or - form.has_key('create_only') or - form.has_key('create_and_mail')): + if (form.has_key('create') or + form.has_key('create_only') or + form.has_key('create_and_mail')): if self.request.request_method != 'POST': return _("Use UserPreferences to change your settings or create an account.") # Create user profile @@ -205,21 +148,17 @@ if thisuser.email == theuser.email: return _("This email already belongs to somebody else.") - # save data and send cookie + # save data theuser.save() - if form.has_key('create'): - self.request.user = theuser - self.request.setCookie() - if form.has_key('create_and_mail'): theuser.mailAccountData() - result = _("User account created!") + result = _("User account created! You can use this account to login now...") if _debug: result = result + util.dumpFormData(form) return result - else: # Save user profile + if form.has_key('save'): # Save user profile if self.request.request_method != 'POST': return _("Use UserPreferences to change your settings or create an account.") theuser = self.request.get_user() @@ -350,9 +289,6 @@ theuser.save() self.request.user = theuser - if theuser.auth_method == 'moin_cookie': - self.request.setCookie() - result = _("User preferences saved!") if _debug: result = result + util.dumpFormData(form)
--- a/docs/CHANGES Tue Dec 06 22:08:55 2005 +0000 +++ b/docs/CHANGES Wed Dec 07 00:22:10 2005 +0000 @@ -9,6 +9,10 @@ available as kw args of the auth method, so it is easy and obvious now. * Make login and logout show at the same place. Is only shown when show_login is True (default). + * Disabled login using &uid=12345.67.8910 method. Please use name/password. + * Made builtin moin_cookie authentication more modular: the cookie is now + touched by MoinMoin.auth.moin_cookie only, with one minor discomfort: + When creating a user, you are not automatically logged in any more. Version 1.5.0beta5: Fixes: