| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
If we send a POST request to the login page which contained form errors
(e.g. a too short password), the variable "login_failed" was not set to
true. This condition was tested by the test suite however, so we should
make sure that login_failed is set even if the form failed to validate.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Remove mongo limitations (no 'or' when querying for either username
or email).
2) Lost password function revealed if an user name or email address
is registered, which can be considered a data leak.
Leaking user names is OK, they are public anyway, but don't reveal
lookup success in case the lookup happened by email address.
Simply respond: "If you have an account here, we have send you
your email"?
3) username and email search was case sensitive. Made username search
case insensitive (they are always stored lowercase in the db).
Keep email-address search case sensitive for now. This might need
further discussion
4) Remove a whole bunch of indention in the style of:
if no error:
...
if no error:
...
if no error:
actually do something in the regular case
by restructuring the function.
5) Outsource the sanity checking for username and email fields into the
validator function. This way, we get automatic case sanity checking
and sanitizing for all required fields.
6) Require 5-char password and fix tests
Originally, the Change password form required a password between 6-30
chars while the registration and login form did not require anything
special. This commit introduces a common minimum limit for all forms
which breaks the test suite which uses a 5 char password by
default. :-). As 5 chars seem sensible enough to enforce (people
should be picking much longer ones anyway), just reduce the limit to
5 chars, thereby making all tests pass.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
|
|
| |
all callers were forced to use validate=True anyway. So
remove this useless stuff.
|
|
|
|
| |
Remove find find_one etc and use sqlalchemy syntax
|
|
|
|
|
|
| |
Transition away from webob.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We were refering to model._id in most of the code base as this is
what Mongo uses. However, each use of _id required a) fixup of queries:
e.g. what we did in our find() and find_one() functions moving all
'_id' to 'id'. It also required using AliasFields to make the ._id
attribute available. This all means lots of superfluous fixing and
transitioning in a SQL world.
It will also not work in the long run. Much newer code already refers
to the objects by model.id (e.g. in the oauth plugin), which will break
with Mongo. So let's be honest, rip out the _id mongoism and live with
.id as the one canonical way to address objects.
This commit modifies all users and providers of model._id to use
model.id instead. This patch works with or without Mongo removed first,
but will break Mongo usage (even more than before)
I have not bothered to fixup db.mongo.* and db.sql.convert
(which converts from Mongo to SQL)
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
|
|
|
|
| |
- Fixed error handling in OAuth plugin
- Changed request.POST file fields to request.files
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When searching for a user by username, there can either be
no result or one result. There is a unique constraint on
the db.
.one in mongokit raises an error for more than one result.
But that can't happen anyway. So no problem.
.one in sqlalchemy raises an error for more than one, but
that's not a problem anyway. It also raises an error for no
result. But no result is handled by the code anyway, so no
need to raise an exception.
.find_one doesn't raise an exception for more than one
result (no problem anyway) and just returns None for no
result. The later is handled by the code.
|
|
|
|
|
|
|
|
|
| |
According to most documentation it seems that the local
part of an email adress is/can be case sensitive. While
the host part is not.
So we lowercase only the host part of the given adress.
See: http://issues.mediagoblin.org/ticket/47
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Instead of creating the email verication key on the db
model as a default for the field, create it in the
registration view.
Now all verification key generation is only in
auth/views.py!
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
redirects should in nearly all cases go to a logical path
like 'mediagoblin.auth.login' and not to an absolute path
like "/auth/login".
|
|\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* remotes/aaronw/bug614_verification_crash:
Update english translation file.
Reverse order of sanity checks: check email_verified after making sure there's a user in the request.
Make sure user isn't already verified before resending verification.
Check request.user to determine if user is logged in.
Regenerated English .po file to include new string.
Display and error and redirect to login page if unauthenticated user tries to access resend_verification.
Conflicts:
mediagoblin/i18n/en/LC_MESSAGES/mediagoblin.po
|
| |
| |
| |
| | |
there's a user in the request.
|
| | |
|
| |\ |
|
| | | |
|
| | |
| | |
| | |
| | | |
to access resend_verification.
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Note: Migrations can't use "Dot Notation"!
Migrations run on pymongo, not mongokit.
So they can't use the "Dot Notation".
This isn't really a big issue, as migrations are anyway
quite mongo specific.
|
|\ \ \
| |_|/
|/| |
| | |
| | |
| | |
| | |
| | | |
Conflicts:
mediagoblin/db/migrations.py
mediagoblin/db/models.py
mediagoblin/user_pages/views.py
mediagoblin/util.py
|
| | | |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* Removed trailing whitespace
* Line length < 80 where possible
* Honor conventions on number of blank lines
* Honor conventions about spaces around :, =
|
|\ \ \
| | |/
| |/| |
|
| |/
| |
| |
| |
| |
| | |
If the server is running in email debug mode (current
default), users have often asked where the mail is. So tell
them in the web browser that their mail is on the console.
|
| | |
|
|/
|
|
| |
tools/[file].py
|
|\
| |
| |
| |
| | |
Conflicts:
mediagoblin/auth/routing.py
|
| |
| |
| |
| | |
accurate.
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
warning
|
| | |
|