aboutsummaryrefslogtreecommitdiffstats
path: root/mediagoblin/auth/views.py
Commit message (Collapse)AuthorAgeFilesLines
...
* Allows you to use your username or email to loginJessica T2013-04-121-2/+10
|
* Use WTForms data field in auth/views.pyHans Lo2013-03-281-6/+6
|
* auth: whitespace cleanup in views.pyHans Lo2013-03-281-3/+3
|
* Also set login_failed in case of form errorsSebastian Spaeth2013-01-211-11/+12
| | | | | | | | | If we send a POST request to the login page which contained form errors (e.g. a too short password), the variable "login_failed" was not set to true. This condition was tested by the test suite however, so we should make sure that login_failed is set even if the form failed to validate. Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
* Restructure ForgotPassword viewSebastian Spaeth2013-01-211-56/+61
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) Remove mongo limitations (no 'or' when querying for either username or email). 2) Lost password function revealed if an user name or email address is registered, which can be considered a data leak. Leaking user names is OK, they are public anyway, but don't reveal lookup success in case the lookup happened by email address. Simply respond: "If you have an account here, we have send you your email"? 3) username and email search was case sensitive. Made username search case insensitive (they are always stored lowercase in the db). Keep email-address search case sensitive for now. This might need further discussion 4) Remove a whole bunch of indention in the style of: if no error: ... if no error: ... if no error: actually do something in the regular case by restructuring the function. 5) Outsource the sanity checking for username and email fields into the validator function. This way, we get automatic case sanity checking and sanitizing for all required fields. 6) Require 5-char password and fix tests Originally, the Change password form required a password between 6-30 chars while the registration and login form did not require anything special. This commit introduces a common minimum limit for all forms which breaks the test suite which uses a 5 char password by default. :-). As 5 chars seem sensible enough to enforce (people should be picking much longer ones anyway), just reduce the limit to 5 chars, thereby making all tests pass. Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
* Move db.sql.models* to db.models*Sebastian Spaeth2013-01-071-1/+1
|
* Mongo removal: Remove the validate=True arg to obj.save()Elrond2012-12-241-1/+1
| | | | | all callers were forced to use validate=True anyway. So remove this useless stuff.
* Remove mongolisms from auth.viewsSebastian Spaeth2012-12-211-22/+13
| | | | Remove find find_one etc and use sqlalchemy syntax
* webob.HTTPFound --> MG.tools.redirectSebastian Spaeth2012-12-211-3/+1
| | | | | | Transition away from webob. Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
* Move DBModel._id -> DBModel.idSebastian Spaeth2012-12-211-4/+4
| | | | | | | | | | | | | | | | | | | | | | | We were refering to model._id in most of the code base as this is what Mongo uses. However, each use of _id required a) fixup of queries: e.g. what we did in our find() and find_one() functions moving all '_id' to 'id'. It also required using AliasFields to make the ._id attribute available. This all means lots of superfluous fixing and transitioning in a SQL world. It will also not work in the long run. Much newer code already refers to the objects by model.id (e.g. in the oauth plugin), which will break with Mongo. So let's be honest, rip out the _id mongoism and live with .id as the one canonical way to address objects. This commit modifies all users and providers of model._id to use model.id instead. This patch works with or without Mongo removed first, but will break Mongo usage (even more than before) I have not bothered to fixup db.mongo.* and db.sql.convert (which converts from Mongo to SQL) Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
* Replaced all request.POST with request.form, ...Joar Wandborg2012-09-291-15/+15
| | | | | - Fixed error handling in OAuth plugin - Changed request.POST file fields to request.files
* set username default server-sideJakob Kramer2012-03-251-1/+2
|
* Change user search from .one to .fine_one.Elrond2012-03-121-1/+1
| | | | | | | | | | | | | | | | | | When searching for a user by username, there can either be no result or one result. There is a unique constraint on the db. .one in mongokit raises an error for more than one result. But that can't happen anyway. So no problem. .one in sqlalchemy raises an error for more than one, but that's not a problem anyway. It also raises an error for no result. But no result is handled by the code anyway, so no need to raise an exception. .find_one doesn't raise an exception for more than one result (no problem anyway) and just returns None for no result. The later is handled by the code.
* 47: Only lowercase host part of emailElrond2012-02-131-1/+3
| | | | | | | | | According to most documentation it seems that the local part of an email adress is/can be case sensitive. While the host part is not. So we lowercase only the host part of the given adress. See: http://issues.mediagoblin.org/ticket/47
* It's 2012 all up in hereChristopher Allan Webber2012-02-021-1/+1
|
* Dot-Notation: Some random placesElrond2012-01-111-1/+1
|
* Remove fp_changed_success.html, use log in page + notification message insteadJef van Schendel2012-01-011-1/+5
|
* Change forgotten password process: different redirect, added/changed messagesJef van Schendel2011-12-301-8/+16
|
* Move verification key generation to viewElrond2011-12-271-0/+1
| | | | | | | | Instead of creating the email verication key on the db model as a default for the field, create it in the registration view. Now all verification key generation is only in auth/views.py!
* Dot-Notation for Users.fp_token_expireElrond2011-12-051-3/+3
|
* Dot-Notation for Users.fp_verification_keyElrond2011-12-051-4/+4
|
* Dot-Notation for Users.verification_keyElrond2011-12-051-3/+3
|
* Dot-Notation for Users.statusElrond2011-12-051-3/+3
|
* Dot-Notation for Users.email_verifiedElrond2011-12-051-3/+3
|
* Dot-Notation for Users.pw_hashElrond2011-12-051-2/+2
|
* Dot-Notation for Users.emailElrond2011-12-051-1/+1
|
* Dot-Notation for Users.usernameElrond2011-12-051-5/+5
|
* Fix redirect to logical pathElrond2011-11-201-1/+1
| | | | | | redirects should in nearly all cases go to a logical path like 'mediagoblin.auth.login' and not to an absolute path like "/auth/login".
* Merge remote branch 'remotes/aaronw/bug614_verification_crash'Elrond2011-11-201-1/+18
|\ | | | | | | | | | | | | | | | | | | | | | | | | * remotes/aaronw/bug614_verification_crash: Update english translation file. Reverse order of sanity checks: check email_verified after making sure there's a user in the request. Make sure user isn't already verified before resending verification. Check request.user to determine if user is logged in. Regenerated English .po file to include new string. Display and error and redirect to login page if unauthenticated user tries to access resend_verification. Conflicts: mediagoblin/i18n/en/LC_MESSAGES/mediagoblin.po
| * Reverse order of sanity checks: check email_verified after making sure ↵Aaron Williamson2011-10-031-6/+6
| | | | | | | | there's a user in the request.
| * Make sure user isn't already verified before resending verification.Aaron Williamson2011-10-031-0/+8
| |
| * Fixed conflict in /auth/views.py.Aaron Williamson2011-10-031-2/+2
| |\
| * | Check request.user to determine if user is logged in.Aaron Williamson2011-10-031-1/+1
| | |
| * | Display and error and redirect to login page if unauthenticated user tries ↵Aaron Williamson2011-10-011-2/+11
| | | | | | | | | | | | to access resend_verification.
* | | Slight change to error wordingJef van Schendel2011-11-201-1/+1
| | |
* | | Dot-Notation for "_id"Elrond2011-11-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | Note: Migrations can't use "Dot Notation"! Migrations run on pymongo, not mongokit. So they can't use the "Dot Notation". This isn't really a big issue, as migrations are anyway quite mongo specific.
* | | Merge remote-tracking branch 'remotes/nyergler/pep8-ification'Christopher Allan Webber2011-11-131-4/+3
|\ \ \ | |_|/ |/| | | | | | | | | | | | | | | | | Conflicts: mediagoblin/db/migrations.py mediagoblin/db/models.py mediagoblin/user_pages/views.py mediagoblin/util.py
| * | has_key is deprecated, converting uses to use "in" operator.Nathan Yergler2011-10-011-2/+2
| | |
| * | Whitespace and formatting cleanup.Nathan Yergler2011-10-011-2/+1
| | | | | | | | | | | | | | | | | | | | | * Removed trailing whitespace * Line length < 80 where possible * Honor conventions on number of blank lines * Honor conventions about spaces around :, =
* | | Merge branch 'mediagoblin-upstream' into bug444_fix_utils_py_reduxAaron Williamson2011-10-011-0/+20
|\ \ \ | | |/ | |/|
| * | Give debug message in email debug modeElrond2011-09-301-0/+20
| |/ | | | | | | | | | | If the server is running in email debug mode (current default), users have often asked where the mail is. So tell them in the web browser that their mail is on the console.
* | Finished splitting util.py into separate files.Aaron Williamson2011-10-011-1/+1
| |
* | Moved common, translation, template, and url code out of util.py and into ↵Aaron Williamson2011-10-011-1/+1
|/ | | | tools/[file].py
* Merge branch 'gullydwarf-cfdv-f357_lost_password_functionality'Christopher Allan Webber2011-09-081-5/+128
|\ | | | | | | | | Conflicts: mediagoblin/auth/routing.py
| * Renaming request.[GET|POST] as formdata instead of session; that's more ↵Christopher Allan Webber2011-09-081-19/+19
| | | | | | | | accurate.
| * Adding a small docstringChristopher Allan Webber2011-09-071-0/+4
| |
| * Keys in mongodb should be unicode, here...Christopher Allan Webber2011-09-071-8/+8
| |
| * Also nullify verification key after verifying in the email confirmation stepChristopher Allan Webber2011-09-071-0/+3
| |
| * If the user hasn't verified their email or account inactive give a special ↵Christopher Allan Webber2011-09-071-6/+22
| | | | | | | | warning
| * Adding additional check that verification key exists, and updating indentationChristopher Allan Webber2011-09-071-5/+9
| |