| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
basic_auth branch that openid is forked from
Commits squashed together (in reverse chronological order):
- do the label thing only for boolean fields
- made edit_account to autofocus on the first field
- added feature to render_divs where if field.label == '' then it
will render form.description the same a render_label
- added allow_registration check
- refactored create_user
- removed verification_key from create_user
- removed get_user from openid
- cleanup after removing openid from template_env.globals
- fix for werkzueg 0.9.1
- cleanup after merge
- more tests
- restored openid extra_validation just for safety
- tests for openid
- deleted openid extra_validation
- passed next parameter in session for openid
- fixed a bug that was deleting the messages
- implemented openid store using sqlalchemy
- ask openid provider for 'nickname' to prefill username in registration form
- refactored delete openid url to work with generic urls such as
google and to not allow a user to delete a url if it is there only
one and they don't have a pw
- refactored login to register user workflow, which fixed a problem
where the 'or register with a password link' wasn't showing up when
the finish_login view called the register view because there wasn't
any redirect.
- added the ability to remove openid's
- added the ability to add openids to an existing account
- refactored start_login and finish_login views
- modified edit_account.html to use render_divs
- modified gmg/edit/views to behave appropriatly if no password
authentication is enabled. moved the update email stuff to it's own
funtion to make edit_account view cleaner. edit_account now
modifies the form depending on the plugins.
- minor typos
- added retrieving email from openid provider
- moved allow_registration check to a decorator
- moved check if auth is enabled to a decorator
- changed openid user registration to go through login first
- cleanup after merge
- modified verification emails to use itsdangerous tokens
- added error handling on bad token, fixed route, and added tests
- added support for user to change email address
- added link to login view openid/password in login template
- updated openid get_user function
- modified get_user function to take kwargs instead of username
- no need for user might be email kwarg in check_login_simple
- added gen_password_hash and check_password functions to auth/__init__
- added focus to form input
- made imports fully qualified
- modified basic_auth.check_login to check that the user has a pw_hash first
- changed occurances of form.data['whatever'] to form.whatever.data
- convert tabs to spaces in register template, remove unsed
templates, and fixed trans tags in templates
- in process of openid login. it works, but needs major imporvements
- make password field required in basic_auth form
- check if password field present in basic_auth create_user
- modified openid create_user function
- modified models based on Elronds suggestions
- changed register form action to a variable to be passed in by the
view using the template
- openid plugin v0, still need to authenticate via openid.
- added a register_user function to be able to use in a plugin's
register view, and modified auth/views.register to redirect to
openid/register if appropriate.
- Modified basic_auth plugin to work with modified auth plugin
hooks. Added context variables. Removed basic_auth/tools which was
previously renamed to basic_auth/lib.
- modified auth/__init__ hooks to work better with multiple
plugins. Removed auth/lib.py. And added a basic_extra_verification
function that all plugins will use.
- added models and migrations for openid plugin
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Conflicts:
mediagoblin/app.py
mediagoblin/auth/forms.py
mediagoblin/auth/tools.py
mediagoblin/db/migrations.py
mediagoblin/db/models.py
mediagoblin/edit/views.py
mediagoblin/plugins/basic_auth/tools.py
mediagoblin/tests/test_edit.py
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |\|
| |
| |
| |
| |
| |
| | |
Conflicts:
mediagoblin/auth/tools.py
mediagoblin/auth/views.py
mediagoblin/plugins/basic_auth/tools.py
|
| | |
| |
| |
| |
| | |
cherry picked from rodney757 and fixed for out of order
picking.
|
| | |
| |
| |
| |
| |
| | |
cherry-picked from rodney757, fixed few conflicts due to
out of order cherry-picking. Thanks to rodney757 for making
my idea even better.
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
mediagoblin/auth/tools.py
mediagoblin/auth/views.py
mediagoblin/plugins/basic_auth/tools.py
|
| | | |
|
| | | |
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
mediagoblin/auth/tools.py
mediagoblin/auth/views.py
mediagoblin/db/migrations.py
mediagoblin/plugins/basic_auth/lib.py
mediagoblin/plugins/httpapiauth/__init__.py
mediagoblin/plugins/piwigo/views.py
|
| | | | |
|
| | | | |
|
| | | | |
|
| | |/ |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Conflicts:
mediagoblin/auth/views.py
mediagoblin/plugins/openid/views.py
|
| | |
| |
| |
| | |
view, and modified auth/views.register to redirect to openid/register if appropriate.
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
no_auth config option. allows instance to be run w/o authentication
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
If we send a POST request to the login page which contained form errors
(e.g. a too short password), the variable "login_failed" was not set to
true. This condition was tested by the test suite however, so we should
make sure that login_failed is set even if the form failed to validate.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Remove mongo limitations (no 'or' when querying for either username
or email).
2) Lost password function revealed if an user name or email address
is registered, which can be considered a data leak.
Leaking user names is OK, they are public anyway, but don't reveal
lookup success in case the lookup happened by email address.
Simply respond: "If you have an account here, we have send you
your email"?
3) username and email search was case sensitive. Made username search
case insensitive (they are always stored lowercase in the db).
Keep email-address search case sensitive for now. This might need
further discussion
4) Remove a whole bunch of indention in the style of:
if no error:
...
if no error:
...
if no error:
actually do something in the regular case
by restructuring the function.
5) Outsource the sanity checking for username and email fields into the
validator function. This way, we get automatic case sanity checking
and sanitizing for all required fields.
6) Require 5-char password and fix tests
Originally, the Change password form required a password between 6-30
chars while the registration and login form did not require anything
special. This commit introduces a common minimum limit for all forms
which breaks the test suite which uses a 5 char password by
default. :-). As 5 chars seem sensible enough to enforce (people
should be picking much longer ones anyway), just reduce the limit to
5 chars, thereby making all tests pass.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| | |
|
| |
|
|
|
| |
all callers were forced to use validate=True anyway. So
remove this useless stuff.
|
| |
|
|
| |
Remove find find_one etc and use sqlalchemy syntax
|
| |
|
|
|
|
| |
Transition away from webob.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We were refering to model._id in most of the code base as this is
what Mongo uses. However, each use of _id required a) fixup of queries:
e.g. what we did in our find() and find_one() functions moving all
'_id' to 'id'. It also required using AliasFields to make the ._id
attribute available. This all means lots of superfluous fixing and
transitioning in a SQL world.
It will also not work in the long run. Much newer code already refers
to the objects by model.id (e.g. in the oauth plugin), which will break
with Mongo. So let's be honest, rip out the _id mongoism and live with
.id as the one canonical way to address objects.
This commit modifies all users and providers of model._id to use
model.id instead. This patch works with or without Mongo removed first,
but will break Mongo usage (even more than before)
I have not bothered to fixup db.mongo.* and db.sql.convert
(which converts from Mongo to SQL)
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
| |
- Fixed error handling in OAuth plugin
- Changed request.POST file fields to request.files
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When searching for a user by username, there can either be
no result or one result. There is a unique constraint on
the db.
.one in mongokit raises an error for more than one result.
But that can't happen anyway. So no problem.
.one in sqlalchemy raises an error for more than one, but
that's not a problem anyway. It also raises an error for no
result. But no result is handled by the code anyway, so no
need to raise an exception.
.find_one doesn't raise an exception for more than one
result (no problem anyway) and just returns None for no
result. The later is handled by the code.
|
| |
|
|
|
|
|
|
|
| |
According to most documentation it seems that the local
part of an email adress is/can be case sensitive. While
the host part is not.
So we lowercase only the host part of the given adress.
See: http://issues.mediagoblin.org/ticket/47
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Instead of creating the email verication key on the db
model as a default for the field, create it in the
registration view.
Now all verification key generation is only in
auth/views.py!
|
| | |
|
| | |
|
