aboutsummaryrefslogtreecommitdiffstats
path: root/mediagoblin/auth
Commit message (Collapse)AuthorAgeFilesLines
...
| * | moved email_debug_message to gmg/tools/mailRodney Ewing2013-05-271-12/+1
| | |
| * | moved send_verification_email to auth/toolsRodney Ewing2013-05-273-39/+41
| | |
| * | removed unused importRodney Ewing2013-05-271-1/+0
| |/
* | no need for check_login with the new check_login_simple functionRodney Ewing2013-05-272-8/+0
| |
* | renamed lib to toolsRodney Ewing2013-05-271-1/+0
| |
* | cleanup after mergeRodney Ewing2013-05-273-10/+6
| |
* | Merge branch 'pre-auth' into basic_authRodney Ewing2013-05-272-59/+68
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: mediagoblin/auth/tools.py mediagoblin/auth/views.py mediagoblin/db/migrations.py mediagoblin/plugins/basic_auth/lib.py mediagoblin/plugins/httpapiauth/__init__.py mediagoblin/plugins/piwigo/views.py
| * | created a check_login_simple functionRodney Ewing2013-05-252-13/+25
| | |
| * | added a register_user functionRodney Ewing2013-05-242-33/+55
| | |
| * | moved email_debug_message to gmg/tools/mailRodney Ewing2013-05-241-12/+1
| | |
| * | moved send_verification_email to auth/toolsRodney Ewing2013-05-243-39/+41
| | |
| * | removed unused importRodney Ewing2013-05-241-1/+0
| |/
* | moving forgot_password views back to gmg/auth and cleanupRodney Ewing2013-05-243-6/+47
| |
* | added gen_password_hash and check_password functions to auth/__init__Rodney Ewing2013-05-241-0/+5
| |
* | added focus to form inputRodney Ewing2013-05-241-1/+5
| | | | | | | | | | | | Conflicts: mediagoblin/auth/views.py mediagoblin/plugins/openid/views.py
* | changed occurances of form.data['whatever'] to form.whatever.dataRodney Ewing2013-05-241-2/+2
| | | | | | | | | | | | Conflicts: mediagoblin/plugins/basic_auth/__init__.py mediagoblin/plugins/openid/__init__.py
* | added a register_user function to be able to use in a plugin's register ↵Rodney Ewing2013-05-242-28/+47
| | | | | | | | view, and modified auth/views.register to redirect to openid/register if appropriate.
* | modified auth/__init__ hooks to work better with multiple plugins. Removed ↵Rodney Ewing2013-05-243-96/+74
| | | | | | | | auth/lib.py. And added a basic_extra_verification function that all plugins will use.
* | moved fake_login_attempt to pluginsRodney Ewing2013-05-243-25/+143
| |
* | log a previously logged in user when switched to no_auth modeRodney Ewing2013-05-241-0/+6
| |
* | changed from sys.exit() to raise AuthError for handling no_auth=false in ↵Rodney Ewing2013-05-241-4/+10
| | | | | | | | config and no auth plugin present
* | renamed hook as to no conflict with existing hook namesRodney Ewing2013-05-241-1/+1
| |
* | modified check_login function to return None instead of False to be able to ↵Rodney Ewing2013-05-241-1/+4
| | | | | | | | have multiple plugins check_login
* | moved bcrypt_gen_password_hash to basic_auth/tools and added ↵Rodney Ewing2013-05-242-16/+4
| | | | | | | | gen_password_hash function to auth/__init__
* | moved bcrypt_check_password to basic_auth/tools from auth/libRodney Ewing2013-05-243-35/+3
| |
* | add a check for authentication plugin on startup and respond according to ↵Rodney Ewing2013-05-242-2/+33
| | | | | | | | no_auth config option. allows instance to be run w/o authentication
* | moved forgot pw views to basic_auth pluginRodney Ewing2013-05-244-151/+4
| |
* | basic_auth v0 plugin workingRodney Ewing2013-05-243-58/+36
|/
* moved normalize_user_or_email_field to auth/tools.py from auth/forms.pyRodney Ewing2013-05-232-27/+51
|
* Switching non-forms back to using normal pass_to_ugettextChristopher Allan Webber2013-04-241-1/+1
|
* Fix-bug-667-Use-lazy_pass_to_ugettext-for-forms.Aditi Mittal2013-04-242-2/+2
|
* Allows you to use your username or email to loginJessica T2013-04-122-4/+12
|
* Use WTForms data field in auth/views.pyHans Lo2013-03-281-6/+6
|
* auth: whitespace cleanup in views.pyHans Lo2013-03-281-3/+3
|
* removed unused import reAndrás Veres-Szentkirályi2013-02-221-1/+0
|
* Also set login_failed in case of form errorsSebastian Spaeth2013-01-211-11/+12
| | | | | | | | | If we send a POST request to the login page which contained form errors (e.g. a too short password), the variable "login_failed" was not set to true. This condition was tested by the test suite however, so we should make sure that login_failed is set even if the form failed to validate. Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
* Restructure ForgotPassword viewSebastian Spaeth2013-01-212-70/+98
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1) Remove mongo limitations (no 'or' when querying for either username or email). 2) Lost password function revealed if an user name or email address is registered, which can be considered a data leak. Leaking user names is OK, they are public anyway, but don't reveal lookup success in case the lookup happened by email address. Simply respond: "If you have an account here, we have send you your email"? 3) username and email search was case sensitive. Made username search case insensitive (they are always stored lowercase in the db). Keep email-address search case sensitive for now. This might need further discussion 4) Remove a whole bunch of indention in the style of: if no error: ... if no error: ... if no error: actually do something in the regular case by restructuring the function. 5) Outsource the sanity checking for username and email fields into the validator function. This way, we get automatic case sanity checking and sanitizing for all required fields. 6) Require 5-char password and fix tests Originally, the Change password form required a password between 6-30 chars while the registration and login form did not require anything special. This commit introduces a common minimum limit for all forms which breaks the test suite which uses a 5 char password by default. :-). As 5 chars seem sensible enough to enforce (people should be picking much longer ones anyway), just reduce the limit to 5 chars, thereby making all tests pass. Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
* Move db.sql.models* to db.models*Sebastian Spaeth2013-01-071-1/+1
|
* Mongo removal: Remove the validate=True arg to obj.save()Elrond2012-12-241-1/+1
| | | | | all callers were forced to use validate=True anyway. So remove this useless stuff.
* Remove mongolisms from auth.viewsSebastian Spaeth2012-12-211-22/+13
| | | | Remove find find_one etc and use sqlalchemy syntax
* webob.HTTPFound --> MG.tools.redirectSebastian Spaeth2012-12-211-3/+1
| | | | | | Transition away from webob. Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
* Move DBModel._id -> DBModel.idSebastian Spaeth2012-12-212-6/+6
| | | | | | | | | | | | | | | | | | | | | | | We were refering to model._id in most of the code base as this is what Mongo uses. However, each use of _id required a) fixup of queries: e.g. what we did in our find() and find_one() functions moving all '_id' to 'id'. It also required using AliasFields to make the ._id attribute available. This all means lots of superfluous fixing and transitioning in a SQL world. It will also not work in the long run. Much newer code already refers to the objects by model.id (e.g. in the oauth plugin), which will break with Mongo. So let's be honest, rip out the _id mongoism and live with .id as the one canonical way to address objects. This commit modifies all users and providers of model._id to use model.id instead. This patch works with or without Mongo removed first, but will break Mongo usage (even more than before) I have not bothered to fixup db.mongo.* and db.sql.convert (which converts from Mongo to SQL) Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
* Fixed OAuth access_token duplicate routeJoar Wandborg2012-10-151-2/+0
| | | | Changed route name to "[...]list_connections"
* Added rudimentary route "mounting" w/ werkzeug routes; fixed auth routesChristopher Allan Webber2012-10-141-32/+18
| | | | | | auth routes fixes: - mounted the auth routes at /auth/ - removed crufty old verification email route
* Fixed 404 page under werkzeug.routingJoar Wandborg2012-10-141-2/+2
| | | | | - Removed ?lang=<langcode> feature due to incompatibility with werkzeug routes in the current state of the architecture.
* Switched most stuff over from RoutesJoar Wandborg2012-10-141-22/+33
| | | | | | | | | | Removed the Routes routing functionality and replaced it with werkzeug.routes. Most views are functional. Known issues: - Translation integration with the request object is not yet figured out. This breaks 404 pages.
* Replaced all request.POST with request.form, ...Joar Wandborg2012-09-291-15/+15
| | | | | - Fixed error handling in OAuth plugin - Changed request.POST file fields to request.files
* Fix problems from pyflakes outputWill Kahn-Greene2012-06-031-1/+0
|
* use _ function on some now untranslatable stringsJakob Kramer2012-04-191-2/+2
|
* set username default server-sideJakob Kramer2012-03-251-1/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-06 13:46:02 +0000