aboutsummaryrefslogtreecommitdiffstats
path: root/mediagoblin/auth
diff options
context:
space:
mode:
Diffstat (limited to 'mediagoblin/auth')
-rw-r--r--mediagoblin/auth/tools.py21
-rw-r--r--mediagoblin/auth/views.py17
2 files changed, 25 insertions, 13 deletions
diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py
index 16611757..db6b6e37 100644
--- a/mediagoblin/auth/tools.py
+++ b/mediagoblin/auth/tools.py
@@ -15,7 +15,10 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import uuid
+import logging
+
import wtforms
+from sqlalchemy import or_
from mediagoblin import mg_globals
from mediagoblin.auth import lib as auth_lib
@@ -25,6 +28,8 @@ from mediagoblin.tools.mail import (normalize_email, send_email,
from mediagoblin.tools.template import render_template
from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
+_log = logging.getLogger(__name__)
+
def normalize_user_or_email_field(allow_email=True, allow_user=True):
"""
@@ -136,3 +141,19 @@ def register_user(request, register_form):
return user
return None
+
+
+def check_login_simple(username, password, username_might_be_email=False):
+ search = (User.username == username)
+ if username_might_be_email and ('@' in username):
+ search = or_(search, User.email == username)
+ user = User.query.filter(search).first()
+ if not user:
+ _log.info("User %r not found", username)
+ auth_lib.fake_login_attempt()
+ return None
+ if not auth_lib.bcrypt_check_password(password, user.pw_hash):
+ _log.warn("Wrong password for %r", username)
+ return None
+ _log.info("Logging %r in", username)
+ return user
diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py
index 574adab5..bb7bda77 100644
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -25,8 +25,8 @@ from mediagoblin.tools.mail import email_debug_message
from mediagoblin.auth import lib as auth_lib
from mediagoblin.auth import forms as auth_forms
from mediagoblin.auth.lib import send_fp_verification_email
-from mediagoblin.auth.tools import send_verification_email, register_user
-from sqlalchemy import or_
+from mediagoblin.auth.tools import (send_verification_email, register_user,
+ check_login_simple)
def register(request):
@@ -77,14 +77,9 @@ def login(request):
username = login_form.data['username']
if login_form.validate():
- user = User.query.filter(
- or_(
- User.username == username,
- User.email == username,
+ user = check_login_simple(username, login_form.password.data, True)
- )).first()
-
- if user and user.check_login(login_form.password.data):
+ if user:
# set up login in session
request.session['user_id'] = unicode(user.id)
request.session.save()
@@ -94,10 +89,6 @@ def login(request):
else:
return redirect(request, "index")
- # Some failure during login occured if we are here!
- # Prevent detecting who's on this system by testing login
- # attempt timings
- auth_lib.fake_login_attempt()
login_failed = True
return render_to_response(