changeset 298:6c74345f4d55

cleaned up and moved moin's cookie stuff to auth.moin_cookie imported from: moin--main--1.5--patch-302
author Thomas Waldmann <tw@waldmann-edv.de>
date Wed, 07 Dec 2005 00:22:10 +0000
parents fe57f191672e
children da111ed329ee
files MoinMoin/auth.py MoinMoin/request.py MoinMoin/theme/__init__.py MoinMoin/userform.py docs/CHANGES
diffstat 5 files changed, 34 insertions(+), 78 deletions(-) [+]
line wrap: on
line diff
--- a/MoinMoin/auth.py	Tue Dec 06 22:08:55 2005 +0000
+++ b/MoinMoin/auth.py	Wed Dec 07 00:22:10 2005 +0000
@@ -47,6 +47,24 @@
 
 def moin_cookie(request, **kw):
     """ authenticate via the MOIN_ID cookie """
+    if kw.get('login'):
+        name = kw.get('name')
+        password = kw.get('password')
+        u = user.User(request, name=name, password=password,
+                      auth_method='login_userpassword')
+        if u.valid:
+            request.user = u # needed by setCookie
+            request.setCookie()
+            return u, False
+        return None, True
+
+    if kw.get('logout'):
+        # clear the cookie in the browser and locally. Does not
+        # check if we have a valid user logged, just make sure we
+        # don't have one after this call.
+        request.deleteCookie()
+        return None, True
+    
     try:
         cookie = Cookie.SimpleCookie(request.saved_cookie)
     except Cookie.CookieError:
--- a/MoinMoin/request.py	Tue Dec 06 22:08:55 2005 +0000
+++ b/MoinMoin/request.py	Wed Dec 07 00:22:10 2005 +0000
@@ -240,8 +240,7 @@
         self.remote_addr = env.get('REMOTE_ADDR', '')
         self.http_user_agent = env.get('HTTP_USER_AGENT', '')
 
-        # REQUEST_URI is not part of CGI spec, but an addition of
-        # Apache.
+        # REQUEST_URI is not part of CGI spec, but an addition of Apache.
         self.request_uri = env.get('REQUEST_URI', '')
         
         # Values that need more work
@@ -430,7 +429,7 @@
         password = self.form.get('password', [None])[0]
         login = self.form.has_key('login')
         logout = self.form.has_key('logout')
-        
+
         for auth in self.cfg.auth:
             user_obj, continue_flag = auth(self,
                                            name=name, password=password,
@@ -1507,7 +1506,7 @@
             header = header.encode('ascii')
         key, value = header.split(':',1)
         value = value.lstrip()
-        if key.lower()=='set-cookie':
+        if key.lower() == 'set-cookie':
             key, value = value.split('=',1)
             self.twistd.addCookie(key, value)
         else:
--- a/MoinMoin/theme/__init__.py	Tue Dec 06 22:08:55 2005 +0000
+++ b/MoinMoin/theme/__init__.py	Wed Dec 07 00:22:10 2005 +0000
@@ -225,13 +225,12 @@
             
         if request.cfg.show_login:
             if request.user.valid:
-                #loghtml = preferencesPage.link_to(request, text=_("Logout"))
                 userlinks.append("""\
-<form action="/" method="POST">
+<form action="" method="POST">
 <input type="hidden" name="action" value="userform">
 <input type="submit" name="logout" value="%(logout)s">
 </form>
-""" % { 'logout': _('Logout') }) # XXX add path instead of /
+""" % { 'logout': _('Logout') })
             else:
                 userlinks.append(preferencesPage.link_to(request, text=_("Login")))
 
--- a/MoinMoin/userform.py	Tue Dec 06 22:08:55 2005 +0000
+++ b/MoinMoin/userform.py	Wed Dec 07 00:22:10 2005 +0000
@@ -6,7 +6,7 @@
     @license: GNU GPL, see COPYING for details.
 """
 
-import string, time, re, Cookie
+import string, time, re
 from MoinMoin import user, util, wikiutil
 from MoinMoin.util import web, mail, datetime
 from MoinMoin.widget import html
@@ -64,13 +64,6 @@
         _ = self._
         form = self.request.form
     
-        if form.has_key('logout'):
-            # clear the cookie in the browser and locally. Does not
-            # check if we have a valid user logged, just make sure we
-            # don't have one after this call.
-            self.request.deleteCookie()
-            return _("Cookie deleted. You are now logged out.")
-    
         if form.has_key('account_sendmail'):
             if not self.cfg.mail_enabled:
                 return _("""This wiki is not enabled for mail processing.
@@ -89,59 +82,9 @@
 
             return _("Found no account matching the given email address '%(email)s'!") % {'email': wikiutil.escape(email)}
 
-        if form.has_key('login'):
-            # Trying to login with a user name and a password
-
-            # Require valid user name
-            name = form.get('name', [''])[0]
-            if not user.isValidName(self.request, name):
-                return _("""Invalid user name {{{'%s'}}}.
-Name may contain any Unicode alpha numeric character, with optional one
-space between words. Group page name is not allowed.""") % wikiutil.escape(name)
-
-            # Check that user exists
-            if not user.getUserId(self.request, name):
-                return _('Unknown user name: {{{"%s"}}}. Please enter'
-                         ' user name and password.') % name
-
-            # Require password
-            password = form.get('password',[None])[0]
-            if not password:
-                return _("Missing password. Please enter user name and password.")
-
-            # Load the user data and check for validness
-            theuser = user.User(self.request, name=name, password=password,
-                                auth_method='login_userpassword')
-            if not theuser.valid:
-                if theuser.disabled:
-                    return _('Account "%s" is disabled.') % name
-                else:
-                    return _("Sorry, wrong password.")
-
-            # Save the user and send a cookie
-            self.request.user = theuser
-            self.request.setCookie()
-
-        elif form.has_key('uid'):
-            # Trying to login with the login URL, soon to be removed!
-            try:
-                 uid = form['uid'][0]
-            except KeyError:
-                 return _("Bad relogin URL.")
-
-            # Load the user data and check for validness
-            theuser = user.User(self.request, uid,
-                                auth_method='login_uid')
-            if not theuser.valid:
-                return _("Unknown user.")
-            
-            # Save the user and send a cookie
-            self.request.user = theuser
-            self.request.setCookie()
-
-        elif (form.has_key('create') or
-              form.has_key('create_only') or
-              form.has_key('create_and_mail')):
+        if (form.has_key('create') or
+            form.has_key('create_only') or
+            form.has_key('create_and_mail')):
             if self.request.request_method != 'POST':
                 return _("Use UserPreferences to change your settings or create an account.")
             # Create user profile
@@ -205,21 +148,17 @@
                     if thisuser.email == theuser.email:
                         return _("This email already belongs to somebody else.")
 
-            # save data and send cookie
+            # save data
             theuser.save()
-            if form.has_key('create'):
-                self.request.user = theuser
-                self.request.setCookie()
-
             if form.has_key('create_and_mail'):
                 theuser.mailAccountData()
             
-            result = _("User account created!")
+            result = _("User account created! You can use this account to login now...")
             if _debug:
                 result = result + util.dumpFormData(form)
             return result
 
-        else: # Save user profile
+        if form.has_key('save'): # Save user profile
             if self.request.request_method != 'POST':
                 return _("Use UserPreferences to change your settings or create an account.")
             theuser = self.request.get_user()
@@ -350,9 +289,6 @@
             theuser.save()            
             self.request.user = theuser
 
-            if theuser.auth_method == 'moin_cookie':
-                self.request.setCookie()
-
             result = _("User preferences saved!")
             if _debug:
                 result = result + util.dumpFormData(form)
--- a/docs/CHANGES	Tue Dec 06 22:08:55 2005 +0000
+++ b/docs/CHANGES	Wed Dec 07 00:22:10 2005 +0000
@@ -9,6 +9,10 @@
       available as kw args of the auth method, so it is easy and obvious now.
     * Make login and logout show at the same place. Is only shown when
       show_login is True (default).
+    * Disabled login using &uid=12345.67.8910 method. Please use name/password.
+    * Made builtin moin_cookie authentication more modular: the cookie is now
+      touched by MoinMoin.auth.moin_cookie only, with one minor discomfort:
+      When creating a user, you are not automatically logged in any more.
 
 Version 1.5.0beta5:
   Fixes: