| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
basic_auth branch that openid is forked from
Commits squashed together (in reverse chronological order):
- do the label thing only for boolean fields
- made edit_account to autofocus on the first field
- added feature to render_divs where if field.label == '' then it
will render form.description the same a render_label
- added allow_registration check
- refactored create_user
- removed verification_key from create_user
- removed get_user from openid
- cleanup after removing openid from template_env.globals
- fix for werkzueg 0.9.1
- cleanup after merge
- more tests
- restored openid extra_validation just for safety
- tests for openid
- deleted openid extra_validation
- passed next parameter in session for openid
- fixed a bug that was deleting the messages
- implemented openid store using sqlalchemy
- ask openid provider for 'nickname' to prefill username in registration form
- refactored delete openid url to work with generic urls such as
google and to not allow a user to delete a url if it is there only
one and they don't have a pw
- refactored login to register user workflow, which fixed a problem
where the 'or register with a password link' wasn't showing up when
the finish_login view called the register view because there wasn't
any redirect.
- added the ability to remove openid's
- added the ability to add openids to an existing account
- refactored start_login and finish_login views
- modified edit_account.html to use render_divs
- modified gmg/edit/views to behave appropriatly if no password
authentication is enabled. moved the update email stuff to it's own
funtion to make edit_account view cleaner. edit_account now
modifies the form depending on the plugins.
- minor typos
- added retrieving email from openid provider
- moved allow_registration check to a decorator
- moved check if auth is enabled to a decorator
- changed openid user registration to go through login first
- cleanup after merge
- modified verification emails to use itsdangerous tokens
- added error handling on bad token, fixed route, and added tests
- added support for user to change email address
- added link to login view openid/password in login template
- updated openid get_user function
- modified get_user function to take kwargs instead of username
- no need for user might be email kwarg in check_login_simple
- added gen_password_hash and check_password functions to auth/__init__
- added focus to form input
- made imports fully qualified
- modified basic_auth.check_login to check that the user has a pw_hash first
- changed occurances of form.data['whatever'] to form.whatever.data
- convert tabs to spaces in register template, remove unsed
templates, and fixed trans tags in templates
- in process of openid login. it works, but needs major imporvements
- make password field required in basic_auth form
- check if password field present in basic_auth create_user
- modified openid create_user function
- modified models based on Elronds suggestions
- changed register form action to a variable to be passed in by the
view using the template
- openid plugin v0, still need to authenticate via openid.
- added a register_user function to be able to use in a plugin's
register view, and modified auth/views.register to redirect to
openid/register if appropriate.
- Modified basic_auth plugin to work with modified auth plugin
hooks. Added context variables. Removed basic_auth/tools which was
previously renamed to basic_auth/lib.
- modified auth/__init__ hooks to work better with multiple
plugins. Removed auth/lib.py. And added a basic_extra_verification
function that all plugins will use.
- added models and migrations for openid plugin
|
| |
|
|
|
| |
Improve error message wording if no csf cookie could be detected. Also,
make the error text translatable.
|
| |
|
|
|
|
| |
controllers (view function) raise HttpException's and do not return them.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
| |
Also the BadRequest exception.
|
| |
|
|
|
|
|
|
|
|
| |
Plugins may want to insert meddlewares, so this list should be modifiable
at very list (if we don't want to provide helper methods for this, which
seems a tad overkill for now).
This change is required for the upcoming trim_whitespace plugin.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
|
|
| |
There is really no reason to provide and enable a meddleware that
does exactly... NOTHING ...by default.
Signed-off-by: Sebastian Spaeth <Sebastian@SSpaeth.de>
|
| |
|
|
|
| |
- Fixed error handling in OAuth plugin
- Changed request.POST file fields to request.files
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This was suggested by Nathan Yergler in the bug logs.
Just implementing it.
- Let render_csrf_form_token return None, if the CSRF_TOKEN
is not available in the environ, because the
process_request part of the meddleware has not yet run.
- In render_template: If the returned value from above is
None, then do not add the csrf_token to the templates
context.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Created a BaseMeddleware which all Meddleware should derive
from. This is not strictly needed, but will greatly help.
The base class has the common __init__ of all the other
Meddlwares and fall backs for all hooks. That way a new
Meddlware only needs to override what it actually wants to
implement.
|
|
|
middleware
hehehehehe, "meddleware"
|
