aboutsummaryrefslogtreecommitdiffstats
path: root/mediagoblin/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'mediagoblin/plugins')
-rw-r--r--mediagoblin/plugins/httpapiauth/__init__.py8
-rw-r--r--mediagoblin/plugins/piwigo/views.py11
2 files changed, 6 insertions, 13 deletions
diff --git a/mediagoblin/plugins/httpapiauth/__init__.py b/mediagoblin/plugins/httpapiauth/__init__.py
index 09c99080..2b2d593c 100644
--- a/mediagoblin/plugins/httpapiauth/__init__.py
+++ b/mediagoblin/plugins/httpapiauth/__init__.py
@@ -18,8 +18,8 @@ import logging
from werkzeug.exceptions import Unauthorized
+from mediagoblin.auth.tools import check_login_simple
from mediagoblin.plugins.api.tools import Auth
-from mediagoblin.auth import check_login
_log = logging.getLogger(__name__)
@@ -40,10 +40,10 @@ class HTTPAuth(Auth):
if not request.authorization:
return False
- user = request.db.User.query.filter_by(
- username=unicode(request.authorization['username'])).first()
+ user = check_login_simple(unicode(request.authorization['username']),
+ request.authorization['password'])
- if check_login(user, request.authorization['password']):
+ if user:
request.user = user
return True
else:
diff --git a/mediagoblin/plugins/piwigo/views.py b/mediagoblin/plugins/piwigo/views.py
index 705cdd49..ca723189 100644
--- a/mediagoblin/plugins/piwigo/views.py
+++ b/mediagoblin/plugins/piwigo/views.py
@@ -23,6 +23,7 @@ from werkzeug.exceptions import MethodNotAllowed, BadRequest, NotImplemented
from werkzeug.wrappers import BaseResponse
from mediagoblin.meddleware.csrf import csrf_exempt
+from mediagoblin.auth.tools import check_login_simple
from mediagoblin.media_types import sniff_media
from mediagoblin.submit.lib import check_file_field, prepare_queue_task, \
run_process_media, new_upload_entry
@@ -32,8 +33,6 @@ from mediagoblin.db.models import Collection
from .tools import CmdTable, response_xml, check_form, \
PWGSession, PwgNamedArray, PwgError
-from mediagoblin.plugins.basic_auth.lib import fake_login_attempt
-from mediagoblin.auth import check_login
from .forms import AddSimpleForm, AddForm
@@ -44,15 +43,9 @@ _log = logging.getLogger(__name__)
def pwg_login(request):
username = request.form.get("username")
password = request.form.get("password")
- user = request.db.User.query.filter_by(username=username).first()
+ user = check_login_simple(username, password)
if not user:
- _log.info("User %r not found", username)
- fake_login_attempt()
return PwgError(999, 'Invalid username/password')
- if not check_login(user, password):
- _log.warn("Wrong password for %r", username)
- return PwgError(999, 'Invalid username/password')
- _log.info("Logging %r in", username)
request.session["user_id"] = user.id
request.session.save()
return True
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-12 07:28:57 +0000