allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brond...@apache.org
Subject [1/8] git commit: [#7372] ticket:583 Implement account disabling
Date Tue, 27 May 2014 21:59:58 GMT
Repository: allura
Updated Branches:
  refs/heads/master f9c8072f5 -> 04fb907a5


[#7372] ticket:583 Implement account disabling


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/202a6f1e
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/202a6f1e
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/202a6f1e

Branch: refs/heads/master
Commit: 202a6f1ef50c9c1ed3365af2bd54db884300c4ed
Parents: 9a9c3f6
Author: Igor Bondarenko <jetmind2@gmail.com>
Authored: Thu May 15 12:21:23 2014 +0300
Committer: Dave Brondsema <dbrondsema@slashdotmedia.com>
Committed: Fri May 23 18:02:37 2014 +0000

----------------------------------------------------------------------
 Allura/allura/controllers/auth.py           | 13 +++++++++++--
 Allura/allura/lib/plugin.py                 | 20 +++++++++++++++++++-
 Allura/allura/lib/widgets/auth_widgets.py   |  9 ++++++++-
 Allura/allura/tests/functional/test_auth.py | 24 ++++++++++++++++++++++++
 4 files changed, 62 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/202a6f1e/Allura/allura/controllers/auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/auth.py b/Allura/allura/controllers/auth.py
index 9bbaa23..e72ae8f 100644
--- a/Allura/allura/controllers/auth.py
+++ b/Allura/allura/controllers/auth.py
@@ -68,7 +68,7 @@ class F(object):
     remove_inactive_period_form = forms.RemoveInactivePeriodForm()
     save_skill_form = forms.AddUserSkillForm()
     remove_skill_form = forms.RemoveSkillForm()
-    disable_accont_form = DisableAccountForm()
+    disable_account_form = DisableAccountForm()
 
 
 class AuthController(BaseController):
@@ -864,5 +864,14 @@ class DisableAccountController(BaseController):
         return {
             'menu': menu,
             'my_projects': my_projects,
-            'form': F.disable_accont_form,
+            'form': F.disable_account_form,
         }
+
+    @expose()
+    @require_post()
+    @validate(F.disable_account_form, error_handler=index)
+    def do_disable(self, password):
+        provider = plugin.AuthenticationProvider.get(request)
+        provider.disable_user(c.user)
+        flash('Your account was successfully disabled!')
+        redirect('/')

http://git-wip-us.apache.org/repos/asf/allura/blob/202a6f1e/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index fcc3aea..e1a14bd 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -47,7 +47,7 @@ from paste.deploy.converters import asbool, asint
 
 from ming.utils import LazyProperty
 from ming.orm import state
-from ming.orm import ThreadLocalORMSession
+from ming.orm import ThreadLocalORMSession, session
 
 from allura.lib import helpers as h
 from allura.lib import security
@@ -133,6 +133,17 @@ class AuthenticationProvider(object):
         self.session['userid'] = None
         self.session.save()
 
+    def validate_password(self, user, password):
+        '''Check that provided password matches actual user password
+
+        :rtype: bool
+        '''
+        raise NotImplementedError, 'validate_password'
+
+    def disable_user(self, user):
+        '''Disable user account'''
+        raise NotImplementedError, 'disable_user'
+
     def by_username(self, username):
         '''
         Find a user by username.
@@ -241,6 +252,13 @@ class LocalAuthenticationProvider(AuthenticationProvider):
             raise exc.HTTPUnauthorized()
         return user
 
+    def disable_user(self, user):
+        user.disabled = True
+        session(user).flush(user)
+
+    def validate_password(self, user, password):
+        return self._validate_password(user, password)
+
     def _validate_password(self, user, password):
         if user is None:
             return False

http://git-wip-us.apache.org/repos/asf/allura/blob/202a6f1e/Allura/allura/lib/widgets/auth_widgets.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/widgets/auth_widgets.py b/Allura/allura/lib/widgets/auth_widgets.py
index b46ff21..f937e50 100644
--- a/Allura/allura/lib/widgets/auth_widgets.py
+++ b/Allura/allura/lib/widgets/auth_widgets.py
@@ -19,7 +19,7 @@ import ew as ew_core
 import ew.jinja2_ew as ew
 from ew.core import validator
 
-from pylons import request
+from pylons import request, tmpl_context as c
 from formencode import Invalid
 from webob import exc
 
@@ -84,3 +84,10 @@ class DisableAccountForm(ForgeForm):
 
     class fields(ew_core.NameList):
         password = ew.PasswordField(name='password', label='Account password')
+
+    @validator
+    def validate(self, value, state=None):
+        provider = plugin.AuthenticationProvider.get(request)
+        if not provider.validate_password(c.user, value['password']):
+            raise Invalid('Invalid password', {}, None)
+        return value

http://git-wip-us.apache.org/repos/asf/allura/blob/202a6f1e/Allura/allura/tests/functional/test_auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_auth.py b/Allura/allura/tests/functional/test_auth.py
index 8483cda..751d406 100644
--- a/Allura/allura/tests/functional/test_auth.py
+++ b/Allura/allura/tests/functional/test_auth.py
@@ -1042,6 +1042,14 @@ class TestOAuth(TestController):
 
 class TestDisableAccount(TestController):
 
+    def test_not_authenticated(self):
+        r = self.app.get(
+            '/auth/disable/',
+            extra_environ={'username': '*anonymous'})
+        assert_equal(r.status_int, 302)
+        assert_equal(r.location,
+                     'http://localhost/auth/?return_to=%2Fauth%2Fdisable%2F')
+
     def test_lists_user_projects(self):
         r = self.app.get('/auth/disable/')
         user = M.User.by_username('test-admin')
@@ -1053,3 +1061,19 @@ class TestDisableAccount(TestController):
         r = self.app.get('/auth/disable/')
         form = r.html.find('form', {'action': 'do_disable'})
         assert form is not None
+
+    def test_bad_password(self):
+        r = self.app.post('/auth/disable/do_disable', {'password': 'bad'})
+        assert_in('Invalid password', r)
+        user = M.User.by_username('test-admin')
+        assert_equal(user.disabled, False)
+
+    def test_disable(self):
+        r = self.app.post('/auth/disable/do_disable', {'password': 'foo'})
+        assert_equal(r.status_int, 302)
+        assert_equal(r.location, 'http://localhost/')
+        flash = json.loads(self.webflash(r))
+        assert_equal(flash['status'], 'ok')
+        assert_equal(flash['message'], 'Your account was successfully disabled!')
+        user = M.User.by_username('test-admin')
+        assert_equal(user.disabled, True)


Mime
View raw message