From 41258916f28a2df28d3feb907ea358f227c65e21 Mon Sep 17 00:00:00 2001
From: Rodney Ewing <ewing.rj@gmail.com>
Date: Thu, 23 May 2013 14:56:32 -0700
Subject: removed unused import

---
 mediagoblin/auth/forms.py | 1 -
 1 file changed, 1 deletion(-)

(limited to 'mediagoblin/auth')

diff --git a/mediagoblin/auth/forms.py b/mediagoblin/auth/forms.py
index 599b2576..0a391d67 100644
--- a/mediagoblin/auth/forms.py
+++ b/mediagoblin/auth/forms.py
@@ -16,7 +16,6 @@
 
 import wtforms
 
-from mediagoblin.tools.mail import normalize_email
 from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
 from mediagoblin.auth.tools import normalize_user_or_email_field
 
-- 
cgit v1.2.3


From 97aebda7ded46181af1c5e9560be8251d4c56d36 Mon Sep 17 00:00:00 2001
From: Rodney Ewing <ewing.rj@gmail.com>
Date: Fri, 24 May 2013 12:26:45 -0700
Subject: moved send_verification_email to auth/tools

---
 mediagoblin/auth/lib.py   | 35 -----------------------------------
 mediagoblin/auth/tools.py | 39 ++++++++++++++++++++++++++++++++++++++-
 mediagoblin/auth/views.py |  6 +++---
 3 files changed, 41 insertions(+), 39 deletions(-)

(limited to 'mediagoblin/auth')

diff --git a/mediagoblin/auth/lib.py b/mediagoblin/auth/lib.py
index 8829995a..bfc36b28 100644
--- a/mediagoblin/auth/lib.py
+++ b/mediagoblin/auth/lib.py
@@ -90,41 +90,6 @@ def fake_login_attempt():
     randplus_stored_hash == randplus_hashed_pass
 
 
-EMAIL_VERIFICATION_TEMPLATE = (
-    u"http://{host}{uri}?"
-    u"userid={userid}&token={verification_key}")
-
-
-def send_verification_email(user, request):
-    """
-    Send the verification email to users to activate their accounts.
-
-    Args:
-    - user: a user object
-    - request: the request
-    """
-    rendered_email = render_template(
-        request, 'mediagoblin/auth/verification_email.txt',
-        {'username': user.username,
-         'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
-                host=request.host,
-                uri=request.urlgen('mediagoblin.auth.verify_email'),
-                userid=unicode(user.id),
-                verification_key=user.verification_key)})
-
-    # TODO: There is no error handling in place
-    send_email(
-        mg_globals.app_config['email_sender_address'],
-        [user.email],
-        # TODO
-        # Due to the distributed nature of GNU MediaGoblin, we should
-        # find a way to send some additional information about the
-        # specific GNU MediaGoblin instance in the subject line. For
-        # example "GNU MediaGoblin @ Wandborg - [...]".
-        'GNU MediaGoblin - Verify your email!',
-        rendered_email)
-
-
 EMAIL_FP_VERIFICATION_TEMPLATE = (
     u"http://{host}{uri}?"
     u"userid={userid}&token={fp_verification_key}")
diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py
index 1b30a7d9..52095d8a 100644
--- a/mediagoblin/auth/tools.py
+++ b/mediagoblin/auth/tools.py
@@ -16,7 +16,9 @@
 
 import wtforms
 
-from mediagoblin.tools.mail import normalize_email
+from mediagoblin import mg_globals
+from mediagoblin.tools.mail import normalize_email, send_email
+from mediagoblin.tools.template import render_template
 from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
 
 
@@ -48,3 +50,38 @@ def normalize_user_or_email_field(allow_email=True, allow_user=True):
         if field.data is None:  # should not happen, but be cautious anyway
             raise wtforms.ValidationError(message)
     return _normalize_field
+
+
+EMAIL_VERIFICATION_TEMPLATE = (
+    u"http://{host}{uri}?"
+    u"userid={userid}&token={verification_key}")
+
+
+def send_verification_email(user, request):
+    """
+    Send the verification email to users to activate their accounts.
+
+    Args:
+    - user: a user object
+    - request: the request
+    """
+    rendered_email = render_template(
+        request, 'mediagoblin/auth/verification_email.txt',
+        {'username': user.username,
+         'verification_url': EMAIL_VERIFICATION_TEMPLATE.format(
+                host=request.host,
+                uri=request.urlgen('mediagoblin.auth.verify_email'),
+                userid=unicode(user.id),
+                verification_key=user.verification_key)})
+
+    # TODO: There is no error handling in place
+    send_email(
+        mg_globals.app_config['email_sender_address'],
+        [user.email],
+        # TODO
+        # Due to the distributed nature of GNU MediaGoblin, we should
+        # find a way to send some additional information about the
+        # specific GNU MediaGoblin instance in the subject line. For
+        # example "GNU MediaGoblin @ Wandborg - [...]".
+        'GNU MediaGoblin - Verify your email!',
+        rendered_email)
diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py
index dc408911..94354933 100644
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -23,8 +23,8 @@ from mediagoblin.tools.response import render_to_response, redirect, render_404
 from mediagoblin.tools.translate import pass_to_ugettext as _
 from mediagoblin.auth import lib as auth_lib
 from mediagoblin.auth import forms as auth_forms
-from mediagoblin.auth.lib import send_verification_email, \
-                                 send_fp_verification_email
+from mediagoblin.auth.lib import send_fp_verification_email
+from mediagoblin.auth.tools import send_verification_email
 from sqlalchemy import or_
 
 def email_debug_message(request):
@@ -113,7 +113,7 @@ def login(request):
     login_failed = False
 
     if request.method == 'POST':
-        
+
         username = login_form.data['username']
 
         if login_form.validate():
-- 
cgit v1.2.3


From 02b6892c290671ac956144a212785d98ae579ef4 Mon Sep 17 00:00:00 2001
From: Rodney Ewing <ewing.rj@gmail.com>
Date: Fri, 24 May 2013 12:48:29 -0700
Subject: moved email_debug_message to gmg/tools/mail

---
 mediagoblin/auth/views.py | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

(limited to 'mediagoblin/auth')

diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py
index 94354933..6a8e9a4c 100644
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -21,24 +21,13 @@ from mediagoblin import messages, mg_globals
 from mediagoblin.db.models import User
 from mediagoblin.tools.response import render_to_response, redirect, render_404
 from mediagoblin.tools.translate import pass_to_ugettext as _
+from mediagoblin.tools.mail import email_debug_message
 from mediagoblin.auth import lib as auth_lib
 from mediagoblin.auth import forms as auth_forms
 from mediagoblin.auth.lib import send_fp_verification_email
 from mediagoblin.auth.tools import send_verification_email
 from sqlalchemy import or_
 
-def email_debug_message(request):
-    """
-    If the server is running in email debug mode (which is
-    the current default), give a debug message to the user
-    so that they have an idea where to find their email.
-    """
-    if mg_globals.app_config['email_debug_mode']:
-        # DEBUG message, no need to translate
-        messages.add_message(request, messages.DEBUG,
-            u"This instance is running in email debug mode. "
-            u"The email will be on the console of the server process.")
-
 
 def register(request):
     """The registration view.
-- 
cgit v1.2.3


From 75fc93686d0763ced6a5769e99e570a4c8fd3273 Mon Sep 17 00:00:00 2001
From: Rodney Ewing <ewing.rj@gmail.com>
Date: Sat, 25 May 2013 07:59:03 -0700
Subject: created a check_login_simple function

cherry-picked from rodney757, fixed few conflicts due to
out of order cherry-picking. Thanks to rodney757 for making
my idea even better.
---
 mediagoblin/auth/tools.py | 23 +++++++++++++++++++++++
 mediagoblin/auth/views.py | 17 ++++-------------
 2 files changed, 27 insertions(+), 13 deletions(-)

(limited to 'mediagoblin/auth')

diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py
index 52095d8a..bb7d2683 100644
--- a/mediagoblin/auth/tools.py
+++ b/mediagoblin/auth/tools.py
@@ -14,13 +14,20 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+import logging
+
 import wtforms
+from sqlalchemy import or_
 
 from mediagoblin import mg_globals
+from mediagoblin.auth import lib as auth_lib
+from mediagoblin.db.models import User
 from mediagoblin.tools.mail import normalize_email, send_email
 from mediagoblin.tools.template import render_template
 from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
 
+_log = logging.getLogger(__name__)
+
 
 def normalize_user_or_email_field(allow_email=True, allow_user=True):
     """
@@ -85,3 +92,19 @@ def send_verification_email(user, request):
         # example "GNU MediaGoblin @ Wandborg - [...]".
         'GNU MediaGoblin - Verify your email!',
         rendered_email)
+
+
+def check_login_simple(username, password, username_might_be_email=False):
+    search = (User.username == username)
+    if username_might_be_email and ('@' in username):
+        search = or_(search, User.email == username)
+    user = User.query.filter(search).first()
+    if not user:
+        _log.info("User %r not found", username)
+        auth_lib.fake_login_attempt()
+        return None
+    if not auth_lib.bcrypt_check_password(password, user.pw_hash):
+        _log.warn("Wrong password for %r", username)
+        return None
+    _log.info("Logging %r in", username)
+    return user
diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py
index 6a8e9a4c..2485e79e 100644
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -25,8 +25,8 @@ from mediagoblin.tools.mail import email_debug_message
 from mediagoblin.auth import lib as auth_lib
 from mediagoblin.auth import forms as auth_forms
 from mediagoblin.auth.lib import send_fp_verification_email
-from mediagoblin.auth.tools import send_verification_email
-from sqlalchemy import or_
+from mediagoblin.auth.tools import (send_verification_email,
+                                    check_login_simple)
 
 
 def register(request):
@@ -106,14 +106,9 @@ def login(request):
         username = login_form.data['username']
 
         if login_form.validate():
-            user = User.query.filter(
-                or_(
-                    User.username == username,
-                    User.email == username,
+            user = check_login_simple(username, login_form.password.data, True)
 
-                )).first()
-
-            if user and user.check_login(login_form.password.data):
+            if user:
                 # set up login in session
                 request.session['user_id'] = unicode(user.id)
                 request.session.save()
@@ -123,10 +118,6 @@ def login(request):
                 else:
                     return redirect(request, "index")
 
-            # Some failure during login occured if we are here!
-            # Prevent detecting who's on this system by testing login
-            # attempt timings
-            auth_lib.fake_login_attempt()
             login_failed = True
 
     return render_to_response(
-- 
cgit v1.2.3


From f9e032212dff4d54de644cb5537bc0bef6d24c7f Mon Sep 17 00:00:00 2001
From: Rodney Ewing <ewing.rj@gmail.com>
Date: Fri, 24 May 2013 12:52:14 -0700
Subject: added a register_user function

cherry picked from rodney757 and fixed for out of order
picking.
---
 mediagoblin/auth/tools.py | 51 ++++++++++++++++++++++++++++++++++++++++++++++-
 mediagoblin/auth/views.py | 35 +++-----------------------------
 2 files changed, 53 insertions(+), 33 deletions(-)

(limited to 'mediagoblin/auth')

diff --git a/mediagoblin/auth/tools.py b/mediagoblin/auth/tools.py
index bb7d2683..db6b6e37 100644
--- a/mediagoblin/auth/tools.py
+++ b/mediagoblin/auth/tools.py
@@ -14,6 +14,7 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
+import uuid
 import logging
 
 import wtforms
@@ -22,7 +23,8 @@ from sqlalchemy import or_
 from mediagoblin import mg_globals
 from mediagoblin.auth import lib as auth_lib
 from mediagoblin.db.models import User
-from mediagoblin.tools.mail import normalize_email, send_email
+from mediagoblin.tools.mail import (normalize_email, send_email,
+                                    email_debug_message)
 from mediagoblin.tools.template import render_template
 from mediagoblin.tools.translate import lazy_pass_to_ugettext as _
 
@@ -94,6 +96,53 @@ def send_verification_email(user, request):
         rendered_email)
 
 
+def basic_extra_validation(register_form, *args):
+    users_with_username = User.query.filter_by(
+        username=register_form.data['username']).count()
+    users_with_email = User.query.filter_by(
+        email=register_form.data['email']).count()
+
+    extra_validation_passes = True
+
+    if users_with_username:
+        register_form.username.errors.append(
+            _(u'Sorry, a user with that name already exists.'))
+        extra_validation_passes = False
+    if users_with_email:
+        register_form.email.errors.append(
+            _(u'Sorry, a user with that email address already exists.'))
+        extra_validation_passes = False
+
+    return extra_validation_passes
+
+
+def register_user(request, register_form):
+    """ Handle user registration """
+    extra_validation_passes = basic_extra_validation(register_form)
+
+    if extra_validation_passes:
+        # Create the user
+        user = User()
+        user.username = register_form.data['username']
+        user.email = register_form.data['email']
+        user.pw_hash = auth_lib.bcrypt_gen_password_hash(
+            register_form.password.data)
+        user.verification_key = unicode(uuid.uuid4())
+        user.save()
+
+        # log the user in
+        request.session['user_id'] = unicode(user.id)
+        request.session.save()
+
+        # send verification email
+        email_debug_message(request)
+        send_verification_email(user, request)
+
+        return user
+
+    return None
+
+
 def check_login_simple(username, password, username_might_be_email=False):
     search = (User.username == username)
     if username_might_be_email and ('@' in username):
diff --git a/mediagoblin/auth/views.py b/mediagoblin/auth/views.py
index 2485e79e..bb7bda77 100644
--- a/mediagoblin/auth/views.py
+++ b/mediagoblin/auth/views.py
@@ -25,7 +25,7 @@ from mediagoblin.tools.mail import email_debug_message
 from mediagoblin.auth import lib as auth_lib
 from mediagoblin.auth import forms as auth_forms
 from mediagoblin.auth.lib import send_fp_verification_email
-from mediagoblin.auth.tools import (send_verification_email,
+from mediagoblin.auth.tools import (send_verification_email, register_user,
                                     check_login_simple)
 
 
@@ -47,38 +47,9 @@ def register(request):
 
     if request.method == 'POST' and register_form.validate():
         # TODO: Make sure the user doesn't exist already
-        users_with_username = User.query.filter_by(username=register_form.data['username']).count()
-        users_with_email = User.query.filter_by(email=register_form.data['email']).count()
-
-        extra_validation_passes = True
-
-        if users_with_username:
-            register_form.username.errors.append(
-                _(u'Sorry, a user with that name already exists.'))
-            extra_validation_passes = False
-        if users_with_email:
-            register_form.email.errors.append(
-                _(u'Sorry, a user with that email address already exists.'))
-            extra_validation_passes = False
-
-        if extra_validation_passes:
-            # Create the user
-            user = User()
-            user.username = register_form.data['username']
-            user.email = register_form.data['email']
-            user.pw_hash = auth_lib.bcrypt_gen_password_hash(
-                register_form.password.data)
-            user.verification_key = unicode(uuid.uuid4())
-            user.save()
-
-            # log the user in
-            request.session['user_id'] = unicode(user.id)
-            request.session.save()
-
-            # send verification email
-            email_debug_message(request)
-            send_verification_email(user, request)
+        user = register_user(request, register_form)
 
+        if user:
             # redirect the user to their homepage... there will be a
             # message waiting for them to verify their email
             return redirect(
-- 
cgit v1.2.3