From 75fc93686d0763ced6a5769e99e570a4c8fd3273 Mon Sep 17 00:00:00 2001
From: Rodney Ewing <ewing.rj@gmail.com>
Date: Sat, 25 May 2013 07:59:03 -0700
Subject: created a check_login_simple function

cherry-picked from rodney757, fixed few conflicts due to
out of order cherry-picking. Thanks to rodney757 for making
my idea even better.
---
 mediagoblin/plugins/httpapiauth/__init__.py |  7 ++++---
 mediagoblin/plugins/piwigo/views.py         | 12 +++---------
 2 files changed, 7 insertions(+), 12 deletions(-)

(limited to 'mediagoblin/plugins')

diff --git a/mediagoblin/plugins/httpapiauth/__init__.py b/mediagoblin/plugins/httpapiauth/__init__.py
index 99b6a4b0..2b2d593c 100644
--- a/mediagoblin/plugins/httpapiauth/__init__.py
+++ b/mediagoblin/plugins/httpapiauth/__init__.py
@@ -18,6 +18,7 @@ import logging
 
 from werkzeug.exceptions import Unauthorized
 
+from mediagoblin.auth.tools import check_login_simple
 from mediagoblin.plugins.api.tools import Auth
 
 _log = logging.getLogger(__name__)
@@ -39,10 +40,10 @@ class HTTPAuth(Auth):
         if not request.authorization:
             return False
 
-        user = request.db.User.query.filter_by(
-                username=unicode(request.authorization['username'])).first()
+        user = check_login_simple(unicode(request.authorization['username']),
+                                  request.authorization['password'])
 
-        if user.check_login(request.authorization['password']):
+        if user:
             request.user = user
             return True
         else:
diff --git a/mediagoblin/plugins/piwigo/views.py b/mediagoblin/plugins/piwigo/views.py
index 78668ed4..ca723189 100644
--- a/mediagoblin/plugins/piwigo/views.py
+++ b/mediagoblin/plugins/piwigo/views.py
@@ -23,7 +23,7 @@ from werkzeug.exceptions import MethodNotAllowed, BadRequest, NotImplemented
 from werkzeug.wrappers import BaseResponse
 
 from mediagoblin.meddleware.csrf import csrf_exempt
-from mediagoblin.auth.lib import fake_login_attempt
+from mediagoblin.auth.tools import check_login_simple
 from mediagoblin.media_types import sniff_media
 from mediagoblin.submit.lib import check_file_field, prepare_queue_task, \
     run_process_media, new_upload_entry
@@ -43,15 +43,9 @@ _log = logging.getLogger(__name__)
 def pwg_login(request):
     username = request.form.get("username")
     password = request.form.get("password")
-    user = request.db.User.query.filter_by(username=username).first()
+    user = check_login_simple(username, password)
     if not user:
-        _log.info("User %r not found", username)
-        fake_login_attempt()
         return PwgError(999, 'Invalid username/password')
-    if not user.check_login(password):
-        _log.warn("Wrong password for %r", username)
-        return PwgError(999, 'Invalid username/password')
-    _log.info("Logging %r in", username)
     request.session["user_id"] = user.id
     request.session.save()
     return True
@@ -126,7 +120,7 @@ def pwg_images_addSimple(request):
     dump = []
     for f in form:
         dump.append("%s=%r" % (f.name, f.data))
-    _log.info("addSimple: %r %s %r", request.form, " ".join(dump), 
+    _log.info("addSimple: %r %s %r", request.form, " ".join(dump),
               request.files)
 
     if not check_file_field(request, 'image'):
-- 
cgit v1.2.3