diff options
Diffstat (limited to 'mediagoblin/plugins/basic_auth')
-rw-r--r-- | mediagoblin/plugins/basic_auth/README.rst | 2 | ||||
-rw-r--r-- | mediagoblin/plugins/basic_auth/__init__.py | 8 | ||||
-rw-r--r-- | mediagoblin/plugins/basic_auth/forms.py | 10 | ||||
-rw-r--r-- | mediagoblin/plugins/basic_auth/tools.py | 4 | ||||
-rw-r--r-- | mediagoblin/plugins/basic_auth/views.py | 38 |
5 files changed, 35 insertions, 27 deletions
diff --git a/mediagoblin/plugins/basic_auth/README.rst b/mediagoblin/plugins/basic_auth/README.rst index 82f247ed..87a7b16f 100644 --- a/mediagoblin/plugins/basic_auth/README.rst +++ b/mediagoblin/plugins/basic_auth/README.rst @@ -5,7 +5,7 @@ =================== The basic_auth plugin is enabled by default in mediagoblin.ini. This plugin -provides basic username and password authentication for GNU Mediagoblin. +provides basic username and password authentication for GNU MediaGoblin. This plugin can be enabled alongside :ref:`openid-chapter` and :ref:`persona-chapter`. diff --git a/mediagoblin/plugins/basic_auth/__init__.py b/mediagoblin/plugins/basic_auth/__init__.py index 64564c7f..31a4fd95 100644 --- a/mediagoblin/plugins/basic_auth/__init__.py +++ b/mediagoblin/plugins/basic_auth/__init__.py @@ -19,7 +19,7 @@ import os from mediagoblin.plugins.basic_auth import forms as auth_forms from mediagoblin.plugins.basic_auth import tools as auth_tools from mediagoblin.auth.tools import create_basic_user -from mediagoblin.db.models import User +from mediagoblin.db.models import LocalUser from mediagoblin.tools import pluginapi from sqlalchemy import or_ from mediagoblin.tools.staticdirect import PluginStatic @@ -56,10 +56,10 @@ def setup_plugin(): def get_user(**kwargs): username = kwargs.pop('username', None) if username: - user = User.query.filter( + user = LocalUser.query.filter( or_( - User.username == username, - User.email == username, + LocalUser.username == username, + LocalUser.email == username, )).first() return user diff --git a/mediagoblin/plugins/basic_auth/forms.py b/mediagoblin/plugins/basic_auth/forms.py index 42b84bf3..3d684e91 100644 --- a/mediagoblin/plugins/basic_auth/forms.py +++ b/mediagoblin/plugins/basic_auth/forms.py @@ -20,7 +20,7 @@ from mediagoblin.auth.tools import normalize_user_or_email_field class RegistrationForm(wtforms.Form): - username = wtforms.TextField( + username = wtforms.StringField( _('Username'), [wtforms.validators.InputRequired(), normalize_user_or_email_field(allow_email=False)]) @@ -28,17 +28,17 @@ class RegistrationForm(wtforms.Form): _('Password'), [wtforms.validators.InputRequired(), wtforms.validators.Length(min=5, max=1024)]) - email = wtforms.TextField( + email = wtforms.StringField( _('Email address'), [wtforms.validators.InputRequired(), normalize_user_or_email_field(allow_user=False)]) class LoginForm(wtforms.Form): - username = wtforms.TextField( + username = wtforms.StringField( _('Username or Email'), [wtforms.validators.InputRequired(), - normalize_user_or_email_field()]) + normalize_user_or_email_field(is_login=True)]) password = wtforms.PasswordField( _('Password')) stay_logged_in = wtforms.BooleanField( @@ -47,7 +47,7 @@ class LoginForm(wtforms.Form): class ForgotPassForm(wtforms.Form): - username = wtforms.TextField( + username = wtforms.StringField( _('Username or email'), [wtforms.validators.InputRequired(), normalize_user_or_email_field()]) diff --git a/mediagoblin/plugins/basic_auth/tools.py b/mediagoblin/plugins/basic_auth/tools.py index f943bf39..13f240b2 100644 --- a/mediagoblin/plugins/basic_auth/tools.py +++ b/mediagoblin/plugins/basic_auth/tools.py @@ -16,6 +16,8 @@ import bcrypt import random +import six + from mediagoblin import mg_globals from mediagoblin.tools.crypto import get_timed_signer_url from mediagoblin.tools.mail import send_email @@ -66,7 +68,7 @@ def bcrypt_gen_password_hash(raw_pass, extra_salt=None): if extra_salt: raw_pass = u"%s:%s" % (extra_salt, raw_pass) - return unicode( + return six.text_type( bcrypt.hashpw(raw_pass.encode('utf-8'), bcrypt.gensalt())) diff --git a/mediagoblin/plugins/basic_auth/views.py b/mediagoblin/plugins/basic_auth/views.py index 02d370f0..f398f0d2 100644 --- a/mediagoblin/plugins/basic_auth/views.py +++ b/mediagoblin/plugins/basic_auth/views.py @@ -16,7 +16,7 @@ from itsdangerous import BadSignature from mediagoblin import messages -from mediagoblin.db.models import User +from mediagoblin.db.models import LocalUser from mediagoblin.decorators import require_active_login from mediagoblin.plugins.basic_auth import forms, tools from mediagoblin.tools.crypto import get_timed_signer_url @@ -48,7 +48,7 @@ def forgot_password(request): found_by_email = '@' in fp_form.username.data if found_by_email: - user = User.query.filter_by( + user = LocalUser.query.filter_by( email=fp_form.username.data).first() # Don't reveal success in case the lookup happened by email address. success_message = _("If that email address (case sensitive!) is " @@ -56,24 +56,27 @@ def forgot_password(request): "instructions on how to change your password.") else: # found by username - user = User.query.filter_by( + user = LocalUser.query.filter_by( username=fp_form.username.data).first() if user is None: - messages.add_message(request, - messages.WARNING, - _("Couldn't find someone with that username.")) - return redirect(request, 'mediagoblin.auth.forgot_password') + messages.add_message( + request, + messages.WARNING, + _("Couldn't find someone with that username.")) + return redirect(request, + 'mediagoblin.plugins.basic_auth.forgot_password') success_message = _("An email has been sent with instructions " "on how to change your password.") if user and user.has_privilege(u'active') is False: # Don't send reminder because user is inactive or has no verified email - messages.add_message(request, + messages.add_message( + request, messages.WARNING, - _("Could not send password recovery email as your username is in" - "active or your account's email address has not been verified.")) + _("Could not send password recovery email as your username is " + "inactive or your account's email address has not been verified.")) return redirect(request, 'mediagoblin.user_pages.user_home', user=user.username) @@ -114,7 +117,7 @@ def verify_forgot_password(request): 'index') # check if it's a valid user id - user = User.query.filter_by(id=int(token)).first() + user = LocalUser.query.filter_by(id=int(token)).first() # no user in db if not user: @@ -153,15 +156,17 @@ def verify_forgot_password(request): # # if not user.email_verified: # messages.add_message( - # request, messages.ERROR, + # request, + # messages.ERROR, # _('You need to verify your email before you can reset your' # ' password.')) if not user.status == 'active': messages.add_message( - request, messages.ERROR, - _('You are no longer an active user. Please contact the system' - ' admin to reactivate your account.')) + request, + messages.ERROR, + _("You are no longer an active user. Please contact the system " + "admin to reactivate your account.")) return redirect( request, 'index') @@ -211,7 +216,8 @@ def change_pass(request): user.save() messages.add_message( - request, messages.SUCCESS, + request, + messages.SUCCESS, _('Your password was changed successfully')) return redirect(request, 'mediagoblin.edit.account') |