aboutsummaryrefslogtreecommitdiffstats
path: root/mediagoblin/plugins
diff options
context:
space:
mode:
Diffstat (limited to 'mediagoblin/plugins')
-rw-r--r--mediagoblin/plugins/api/__init__.py4
-rw-r--r--mediagoblin/plugins/piwigo/__init__.py5
-rw-r--r--mediagoblin/plugins/piwigo/forms.py16
-rw-r--r--mediagoblin/plugins/piwigo/tools.py46
-rw-r--r--mediagoblin/plugins/piwigo/views.py59
5 files changed, 104 insertions, 26 deletions
diff --git a/mediagoblin/plugins/api/__init__.py b/mediagoblin/plugins/api/__init__.py
index d3fdf2ef..1eddd9e0 100644
--- a/mediagoblin/plugins/api/__init__.py
+++ b/mediagoblin/plugins/api/__init__.py
@@ -23,11 +23,11 @@ _log = logging.getLogger(__name__)
PLUGIN_DIR = os.path.dirname(__file__)
-config = pluginapi.get_config(__name__)
-
def setup_plugin():
_log.info('Setting up API...')
+ config = pluginapi.get_config(__name__)
+
_log.debug('API config: {0}'.format(config))
routes = [
diff --git a/mediagoblin/plugins/piwigo/__init__.py b/mediagoblin/plugins/piwigo/__init__.py
index 73326e9e..c4da708a 100644
--- a/mediagoblin/plugins/piwigo/__init__.py
+++ b/mediagoblin/plugins/piwigo/__init__.py
@@ -17,6 +17,8 @@
import logging
from mediagoblin.tools import pluginapi
+from mediagoblin.tools.session import SessionManager
+from .tools import PWGSession
_log = logging.getLogger(__name__)
@@ -32,6 +34,9 @@ def setup_plugin():
pluginapi.register_routes(routes)
+ PWGSession.session_manager = SessionManager("pwg_id", "plugins.piwigo")
+
+
hooks = {
'setup': setup_plugin
}
diff --git a/mediagoblin/plugins/piwigo/forms.py b/mediagoblin/plugins/piwigo/forms.py
index 5bb12e62..fb04aa6a 100644
--- a/mediagoblin/plugins/piwigo/forms.py
+++ b/mediagoblin/plugins/piwigo/forms.py
@@ -26,3 +26,19 @@ class AddSimpleForm(wtforms.Form):
# tags = wtforms.FieldList(wtforms.TextField())
category = wtforms.IntegerField()
level = wtforms.IntegerField()
+
+
+_md5_validator = wtforms.validators.Regexp(r"^[0-9a-fA-F]{32}$")
+
+
+class AddForm(wtforms.Form):
+ original_sum = wtforms.TextField(None,
+ [_md5_validator,
+ wtforms.validators.Required()])
+ thumbnail_sum = wtforms.TextField(None,
+ [wtforms.validators.Optional(),
+ _md5_validator])
+ file_sum = wtforms.TextField(None, [_md5_validator])
+ name = wtforms.TextField()
+ date_creation = wtforms.TextField()
+ categories = wtforms.TextField()
diff --git a/mediagoblin/plugins/piwigo/tools.py b/mediagoblin/plugins/piwigo/tools.py
index 4d2e985a..400be615 100644
--- a/mediagoblin/plugins/piwigo/tools.py
+++ b/mediagoblin/plugins/piwigo/tools.py
@@ -18,8 +18,9 @@ import logging
import six
import lxml.etree as ET
-from werkzeug.exceptions import MethodNotAllowed
+from werkzeug.exceptions import MethodNotAllowed, BadRequest
+from mediagoblin.tools.request import setup_user_in_request
from mediagoblin.tools.response import Response
@@ -106,3 +107,46 @@ class CmdTable(object):
_log.warn("Method %s only allowed for POST", cmd_name)
raise MethodNotAllowed()
return func
+
+
+def check_form(form):
+ if not form.validate():
+ _log.error("form validation failed for form %r", form)
+ for f in form:
+ if len(f.error):
+ _log.error("Errors for %s: %r", f.name, f.errors)
+ raise BadRequest()
+ dump = []
+ for f in form:
+ dump.append("%s=%r" % (f.name, f.data))
+ _log.debug("form: %s", " ".join(dump))
+
+
+class PWGSession(object):
+ session_manager = None
+
+ def __init__(self, request):
+ self.request = request
+ self.in_pwg_session = False
+
+ def __enter__(self):
+ # Backup old state
+ self.old_session = self.request.session
+ self.old_user = self.request.user
+ # Load piwigo session into state
+ self.request.session = self.session_manager.load_session_from_cookie(
+ self.request)
+ setup_user_in_request(self.request)
+ self.in_pwg_session = True
+ return self
+
+ def __exit__(self, *args):
+ # Restore state
+ self.request.session = self.old_session
+ self.request.user = self.old_user
+ self.in_pwg_session = False
+
+ def save_to_cookie(self, response):
+ assert self.in_pwg_session
+ self.session_manager.save_session_to_cookie(self.request.session,
+ self.request, response)
diff --git a/mediagoblin/plugins/piwigo/views.py b/mediagoblin/plugins/piwigo/views.py
index bd3f9320..b59247ad 100644
--- a/mediagoblin/plugins/piwigo/views.py
+++ b/mediagoblin/plugins/piwigo/views.py
@@ -20,11 +20,12 @@ import re
from werkzeug.exceptions import MethodNotAllowed, BadRequest, NotImplemented
from werkzeug.wrappers import BaseResponse
-from mediagoblin import mg_globals
from mediagoblin.meddleware.csrf import csrf_exempt
from mediagoblin.submit.lib import check_file_field
-from .tools import CmdTable, PwgNamedArray, response_xml
-from .forms import AddSimpleForm
+from mediagoblin.auth.lib import fake_login_attempt
+from .tools import CmdTable, PwgNamedArray, response_xml, check_form, \
+ PWGSession
+from .forms import AddSimpleForm, AddForm
_log = logging.getLogger(__name__)
@@ -34,13 +35,25 @@ _log = logging.getLogger(__name__)
def pwg_login(request):
username = request.form.get("username")
password = request.form.get("password")
- _log.info("Login for %r/%r...", username, password)
+ _log.debug("Login for %r/%r...", username, password)
+ user = request.db.User.query.filter_by(username=username).first()
+ if not user:
+ _log.info("User %r not found", username)
+ fake_login_attempt()
+ return False
+ if not user.check_login(password):
+ _log.warn("Wrong password for %r", username)
+ return False
+ _log.info("Logging %r in", username)
+ request.session["user_id"] = user.id
+ request.session.save()
return True
@CmdTable("pwg.session.logout")
def pwg_logout(request):
_log.info("Logout")
+ request.session.delete()
return True
@@ -51,7 +64,11 @@ def pwg_getversion(request):
@CmdTable("pwg.session.getStatus")
def pwg_session_getStatus(request):
- return {'username': "fake_user"}
+ if request.user:
+ username = request.user.username
+ else:
+ username = "guest"
+ return {'username': username}
@CmdTable("pwg.categories.getList")
@@ -133,17 +150,13 @@ def pwg_images_addChunk(request):
return True
-def possibly_add_cookie(request, response):
- # TODO: We should only add a *real* cookie, if
- # authenticated. And if there is no cookie already.
- if True:
- response.set_cookie(
- 'pwg_id',
- "some_fake_for_now",
- path=request.environ['SCRIPT_NAME'],
- domain=mg_globals.app_config.get('csrf_cookie_domain'),
- secure=(request.scheme.lower() == 'https'),
- httponly=True)
+@CmdTable("pwg.images.add", True)
+def pwg_images_add(request):
+ _log.info("add: %r", request.form)
+ form = AddForm(request.form)
+ check_form(form)
+
+ return {'image_id': 123456, 'url': ''}
@csrf_exempt
@@ -158,13 +171,13 @@ def ws_php(request):
request.args, request.form)
raise NotImplemented()
- result = func(request)
-
- if isinstance(result, BaseResponse):
- return result
+ with PWGSession(request) as session:
+ result = func(request)
- response = response_xml(result)
+ if isinstance(result, BaseResponse):
+ return result
- possibly_add_cookie(request, response)
+ response = response_xml(result)
+ session.save_to_cookie(response)
- return response
+ return response