5 files changed, 120 insertions, 48 deletions

diff --git a/mediagoblin/plugins/ldap/__init__.py b/mediagoblin/plugins/ldap/__init__.py
index a46a0ed3..18203c92 100644
--- a/mediagoblin/plugins/ldap/__init__.py
+++ b/mediagoblin/plugins/ldap/__init__.py
@@ -15,7 +15,6 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 from mediagoblin.auth.tools import create_basic_user
-from mediagoblin.plugins.ldap.tools import LDAP
 from mediagoblin.plugins.ldap import forms
 from mediagoblin.tools import pluginapi
 
@@ -26,37 +25,27 @@ def setup_plugin():
     routes = [
         ('mediagoblin.plugins.ldap.register',
          '/auth/ldap/register/',
-         'mediagoblin.plugins.ldap.views:register')]
+         'mediagoblin.plugins.ldap.views:register'),
+        ('mediagoblin.plugins.ldap.login',
+         '/auth/ldap/login/',
+         'mediagoblin.plugins.ldap.views:login')]
     pluginapi.register_routes(routes)
 
 
-def check_login_simple(username, password, request):
-    l = LDAP(request)
-    return l.login(username, password)
-
-
 def create_user(register_form):
-    user = create_basic_user(register_form)
-    return user
+    return create_basic_user(register_form)
 
 
-def get_login_form(request):
-    return forms.LoginForm(request.form)
+def no_pass_redirect():
+    return 'ldap'
 
 
 def auth():
     return True
 
-
-def append_to_global_context(context):
-    context['pass_auth'] = True
-    return context
-
 hooks = {
     'setup': setup_plugin,
     'authentication': auth,
-    'auth_check_login_simple': check_login_simple,
+    'auth_no_pass_redirect': no_pass_redirect,
     'auth_create_user': create_user,
-    'template_global_context': append_to_global_context,
-    'auth_get_login_form': get_login_form,
 }
diff --git a/mediagoblin/plugins/ldap/forms.py b/mediagoblin/plugins/ldap/forms.py
new file mode 100644
index 00000000..7ec1479e
--- /dev/null
+++ b/mediagoblin/plugins/ldap/forms.py
@@ -0,0 +1,40 @@
+# GNU MediaGoblin -- federated, autonomous media hosting
+# Copyright (C) 2011, 2012 MediaGoblin contributors.  See AUTHORS.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+import wtforms
+
+from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
+from mediagoblin.auth.tools import normalize_user_or_email_field
+
+
+class RegisterForm(wtforms.Form):
+    username = wtforms.HiddenField(
+        '',
+        [wtforms.validators.Required(),
+         normalize_user_or_email_field(allow_email=False)])
+    email = wtforms.TextField(
+        _('Email address'),
+        [wtforms.validators.Required(),
+         normalize_user_or_email_field(allow_user=False)])
+
+
+class LoginForm(wtforms.Form):
+    username = wtforms.TextField(
+        _('Username'),
+        [wtforms.validators.Required(),
+         normalize_user_or_email_field()])
+    password = wtforms.PasswordField(
+        _('Password'),
+        [wtforms.validators.Required()])
diff --git a/mediagoblin/plugins/ldap/tools.py b/mediagoblin/plugins/ldap/tools.py
index 6134aaba..05cff5f9 100644
--- a/mediagoblin/plugins/ldap/tools.py
+++ b/mediagoblin/plugins/ldap/tools.py
@@ -17,16 +17,13 @@ import ldap
 import logging
 
 from mediagoblin import mg_globals
-from mediagoblin.db.models import User
-from mediagoblin.tools.response import redirect
 
 _log = logging.getLogger(__name__)
 
 
 class LDAP(object):
-    def __init__(self, request):
+    def __init__(self):
         self.ldap_settings = mg_globals.global_config['plugins']['mediagoblin.plugins.ldap']
-        self.request = request
 
     def _connect(self, server):
         _log.info('Connecting to {0}.'.format(server['LDAP_HOST']))
@@ -36,25 +33,12 @@ class LDAP(object):
     def login(self, username, password):
         for k, v in self.ldap_settings.iteritems():
             try:
-                import ipdb
-                ipdb.set_trace()
                 self._connect(v)
                 user_dn = v['USER_DN_TEMPLATE'].format(username=username)
                 self.conn.simple_bind_s(user_dn, password.encode('utf8'))
-                return self._get_or_create_user(username)
+                return username
 
             except ldap.LDAPError, e:
                 _log.info(e)
 
-        return None
-
-    def _get_or_create_user(self, username):
-        user = User.query.filter_by(
-            username=username).first()
-
-        if user:
-            return user
-
-        self.request.session['username'] = username
-        redirect(
-            self.request, 'mediagoblin.plugins.ldap.register')
+        return False
diff --git a/mediagoblin/plugins/ldap/views.py b/mediagoblin/plugins/ldap/views.py
index 95132f96..217c6d8c 100644
--- a/mediagoblin/plugins/ldap/views.py
+++ b/mediagoblin/plugins/ldap/views.py
@@ -13,21 +13,80 @@
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
+from mediagoblin import mg_globals, messages
 from mediagoblin.auth.tools import register_user
+from mediagoblin.db.models import User
+from mediagoblin.decorators import allow_registration, auth_enabled
 from mediagoblin.plugins.ldap import forms
+from mediagoblin.plugins.ldap.tools import LDAP
+from mediagoblin.tools.translate import pass_to_ugettext as _
 from mediagoblin.tools.response import redirect, render_to_response
 
 
+@auth_enabled
+def login(request):
+    login_form = forms.LoginForm(request.form)
+
+    login_failed = False
+
+    if request.method == 'POST' and login_form.validate():
+        l = LDAP()
+        username = l.login(login_form.username.data, login_form.password.data)
+
+        if username:
+            user = User.query.filter_by(
+                username=username).first()
+
+            if user:
+                # set up login in session
+                request.session['user_id'] = unicode(user.id)
+                request.session.save()
+
+                if request.form.get('next'):
+                    return redirect(request, location=request.form['next'])
+                else:
+                    return redirect(request, "index")
+            else:
+                if not mg_globals.app.auth:
+                    messages.add_message(
+                        request,
+                        messages.WARNING,
+                        _('Sorry, authentication is disabled on this '
+                          'instance.'))
+                    return redirect(request, 'index')
+
+                register_form = forms.RegisterForm(request.form,
+                                                   username=username)
+
+                return render_to_response(
+                    request,
+                    'mediagoblin/auth/register.html',
+                    {'register_form': register_form,
+                    'post_url': request.urlgen('mediagoblin.plugins.ldap.register')})
+
+        login_failed = True
+
+    return render_to_response(
+        request,
+        'mediagoblin/auth/login.html',
+        {'login_form': login_form,
+         'next': request.GET.get('next') or request.form.get('next'),
+         'login_failed': login_failed,
+         'post_url': request.urlgen('mediagoblin.plugins.ldap.login'),
+         'allow_registration': mg_globals.app_config["allow_registration"]})
+
+
+@allow_registration
+@auth_enabled
 def register(request):
-    username = request.session.pop('username')
-    if 'email' in request.session:
-        email = request.session.pop('email')
-    else:
-        email = None
-    register_form = forms.RegisterForm(request.form, username=username,
-                                       email=email)
-
-    if request.method == 'POST' and register_form.validate():
+    if request.method == 'GET':
+        return redirect(
+            request,
+            'mediagoblin.plugins.ldap.login')
+
+    register_form = forms.RegisterForm(request.form)
+
+    if register_form.validate():
         user = register_user(request, register_form)
 
         if user:
diff --git a/mediagoblin/templates/mediagoblin/auth/login.html b/mediagoblin/templates/mediagoblin/auth/login.html
index 3329b5d0..49e906db 100644
--- a/mediagoblin/templates/mediagoblin/auth/login.html
+++ b/mediagoblin/templates/mediagoblin/auth/login.html
@@ -48,7 +48,7 @@
       {% endif %}
       {% template_hook("login_link") %} 
       {{ wtforms_util.render_divs(login_form, True) }}
-      {% if pass_auth %}
+      {% if pass_auth is defined %}
       <p>
         <a href="{{ request.urlgen('mediagoblin.auth.forgot_password') }}" id="forgot_password">
         {% trans %}Forgot your password?{% endtrans %}</a>