diff options
| -rw-r--r-- | mediagoblin/auth/tools.py | 18 | ||||
| -rw-r--r-- | mediagoblin/plugins/basic_auth/forms.py | 2 | ||||
| -rw-r--r-- | mediagoblin/tests/test_auth.py | 48 |
3 files changed, 60 insertions, 8 deletions
diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py index 9c16a980..ae6fadf6 100644 --- a/mediagoblin/auth/tools.py +++ b/mediagoblin/auth/tools.py @@ -34,14 +34,19 @@ from mediagoblin import auth _log = logging.getLogger(__name__) -def normalize_user_or_email_field(allow_email=True, allow_user=True): - """ - Check if we were passed a field that matches a username and/or email +def normalize_user_or_email_field(allow_email=True, allow_user=True, + is_login=False): + """Check if we were passed a field that matches a username and/or email pattern. This is useful for fields that can take either a username or email - address. Use the parameters if you want to only allow a username for - instance""" + address. Use the parameters if you want to only allow a username + for instance + + is_login : bool + If is_login is True, does not check the length of username. + + """ message = _(u'Invalid User name or email address.') nomail_msg = _(u"This field does not take email addresses.") nouser_msg = _(u"This field requires an email address.") @@ -56,7 +61,8 @@ def normalize_user_or_email_field(allow_email=True, allow_user=True): else: # lower case user names if not allow_user: raise wtforms.ValidationError(nouser_msg) - wtforms.validators.Length(min=3, max=30)(form, field) + if not is_login: + wtforms.validators.Length(min=3, max=30)(form, field) wtforms.validators.Regexp(r'^[-_\w]+$')(form, field) field.data = field.data.lower() if field.data is None: # should not happen, but be cautious anyway diff --git a/mediagoblin/plugins/basic_auth/forms.py b/mediagoblin/plugins/basic_auth/forms.py index 9a6db226..3d684e91 100644 --- a/mediagoblin/plugins/basic_auth/forms.py +++ b/mediagoblin/plugins/basic_auth/forms.py @@ -38,7 +38,7 @@ class LoginForm(wtforms.Form): username = wtforms.StringField( _('Username or Email'), [wtforms.validators.InputRequired(), - normalize_user_or_email_field()]) + normalize_user_or_email_field(is_login=True)]) password = wtforms.PasswordField( _('Password')) stay_logged_in = wtforms.BooleanField( diff --git a/mediagoblin/tests/test_auth.py b/mediagoblin/tests/test_auth.py index cb971fdb..618d02b6 100644 --- a/mediagoblin/tests/test_auth.py +++ b/mediagoblin/tests/test_auth.py @@ -1,4 +1,3 @@ - # GNU MediaGoblin -- federated, autonomous media hosting # Copyright (C) 2011, 2012 MediaGoblin contributors. See AUTHORS. # @@ -373,6 +372,53 @@ def test_authentication_views(test_app): assert not form.username.data == u'ANDREW' assert form.username.data == u'andrew' + # Successful login with short user + # -------------------------------- + short_user = fixture_add_user(username=u'me', password=u'sho') + template.clear_test_template_context() + response = test_app.post( + '/auth/login/', { + 'username': u'me', + 'password': 'sho'}) + + # User should be redirected + response.follow() + + assert urlparse.urlsplit(response.location)[2] == '/' + assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT + + # Make sure user is in the session + context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html'] + session = context['request'].session + assert session['user_id'] == six.text_type(short_user.id) + + # Must logout + template.clear_test_template_context() + response = test_app.get('/auth/logout/') + + # Successful login with long user + # ---------------- + long_user = fixture_add_user( + username=u'realllylonguser@reallylongdomain.com.co', password=u'sho') + template.clear_test_template_context() + response = test_app.post( + '/auth/login/', { + 'username': u'realllylonguser@reallylongdomain.com.co', + 'password': 'sho'}) + + # User should be redirected + response.follow() + assert urlparse.urlsplit(response.location)[2] == '/' + assert 'mediagoblin/root.html' in template.TEMPLATE_TEST_CONTEXT + + # Make sure user is in the session + context = template.TEMPLATE_TEST_CONTEXT['mediagoblin/root.html'] + session = context['request'].session + assert session['user_id'] == six.text_type(long_user.id) + + template.clear_test_template_context() + response = test_app.get('/auth/logout/') + @pytest.fixture() def authentication_disabled_app(request): return get_app( |