diff options
Diffstat (limited to 'mediagoblin/plugins/piwigo/views.py')
-rw-r--r-- | mediagoblin/plugins/piwigo/views.py | 59 |
1 files changed, 36 insertions, 23 deletions
diff --git a/mediagoblin/plugins/piwigo/views.py b/mediagoblin/plugins/piwigo/views.py index bd3f9320..b59247ad 100644 --- a/mediagoblin/plugins/piwigo/views.py +++ b/mediagoblin/plugins/piwigo/views.py @@ -20,11 +20,12 @@ import re from werkzeug.exceptions import MethodNotAllowed, BadRequest, NotImplemented from werkzeug.wrappers import BaseResponse -from mediagoblin import mg_globals from mediagoblin.meddleware.csrf import csrf_exempt from mediagoblin.submit.lib import check_file_field -from .tools import CmdTable, PwgNamedArray, response_xml -from .forms import AddSimpleForm +from mediagoblin.auth.lib import fake_login_attempt +from .tools import CmdTable, PwgNamedArray, response_xml, check_form, \ + PWGSession +from .forms import AddSimpleForm, AddForm _log = logging.getLogger(__name__) @@ -34,13 +35,25 @@ _log = logging.getLogger(__name__) def pwg_login(request): username = request.form.get("username") password = request.form.get("password") - _log.info("Login for %r/%r...", username, password) + _log.debug("Login for %r/%r...", username, password) + user = request.db.User.query.filter_by(username=username).first() + if not user: + _log.info("User %r not found", username) + fake_login_attempt() + return False + if not user.check_login(password): + _log.warn("Wrong password for %r", username) + return False + _log.info("Logging %r in", username) + request.session["user_id"] = user.id + request.session.save() return True @CmdTable("pwg.session.logout") def pwg_logout(request): _log.info("Logout") + request.session.delete() return True @@ -51,7 +64,11 @@ def pwg_getversion(request): @CmdTable("pwg.session.getStatus") def pwg_session_getStatus(request): - return {'username': "fake_user"} + if request.user: + username = request.user.username + else: + username = "guest" + return {'username': username} @CmdTable("pwg.categories.getList") @@ -133,17 +150,13 @@ def pwg_images_addChunk(request): return True -def possibly_add_cookie(request, response): - # TODO: We should only add a *real* cookie, if - # authenticated. And if there is no cookie already. - if True: - response.set_cookie( - 'pwg_id', - "some_fake_for_now", - path=request.environ['SCRIPT_NAME'], - domain=mg_globals.app_config.get('csrf_cookie_domain'), - secure=(request.scheme.lower() == 'https'), - httponly=True) +@CmdTable("pwg.images.add", True) +def pwg_images_add(request): + _log.info("add: %r", request.form) + form = AddForm(request.form) + check_form(form) + + return {'image_id': 123456, 'url': ''} @csrf_exempt @@ -158,13 +171,13 @@ def ws_php(request): request.args, request.form) raise NotImplemented() - result = func(request) - - if isinstance(result, BaseResponse): - return result + with PWGSession(request) as session: + result = func(request) - response = response_xml(result) + if isinstance(result, BaseResponse): + return result - possibly_add_cookie(request, response) + response = response_xml(result) + session.save_to_cookie(response) - return response + return response |