allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From brond...@apache.org
Subject git commit: [#7688] Use username instead of userid in session. Handle expired password after logging in.
Date Wed, 17 Sep 2014 00:32:36 GMT
Repository: allura
Updated Branches:
  refs/heads/master 67355b5f3 -> a96d81b77


[#7688] Use username instead of userid in session. Handle expired
password after logging in.


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/a96d81b7
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/a96d81b7
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/a96d81b7

Branch: refs/heads/master
Commit: a96d81b77fb493e831ba56b34c34fe6f9d492d8a
Parents: 67355b5
Author: Alexander Luberg <aluberg@slashdotmedia.com>
Authored: Fri Aug 22 13:36:56 2014 +0000
Committer: Alexander Luberg <dovestream@users.sourceforge.net>
Committed: Tue Sep 16 22:41:31 2014 +0000

----------------------------------------------------------------------
 Allura/allura/controllers/auth.py               | 24 ++++++++++++++++----
 .../allura/controllers/basetest_project_root.py |  2 +-
 Allura/allura/lib/custom_middleware.py          |  4 ++--
 Allura/allura/lib/plugin.py                     | 14 ++++++++----
 Allura/allura/lib/widgets/auth_widgets.py       |  3 +--
 Allura/allura/tests/functional/test_auth.py     |  7 +++---
 .../tests/functional/test_neighborhood.py       |  6 +++--
 7 files changed, 41 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/a96d81b7/Allura/allura/controllers/auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/auth.py b/Allura/allura/controllers/auth.py
index 61f068e..1f8c8aa 100644
--- a/Allura/allura/controllers/auth.py
+++ b/Allura/allura/controllers/auth.py
@@ -270,12 +270,21 @@ class AuthController(BaseController):
     @require_post()
     @validate(F.login_form, error_handler=index)
     def do_login(self, return_to=None, **kw):
+        location = '/'
+
+        if session.get('expired-username'):
+            if return_to and return_to not in plugin.AuthenticationProvider.pwd_expired_allowed_urls:
+                location = tg.url(plugin.AuthenticationProvider.pwd_expired_allowed_urls[0],
dict(return_to=return_to))
+            else:
+                location = tg.url(plugin.AuthenticationProvider.pwd_expired_allowed_urls[0])
+
         if return_to and return_to != request.url:
             rt_host = urlparse(urljoin(config['base_url'], return_to)).netloc
             base_host = urlparse(config['base_url']).netloc
             if rt_host == base_host:
-                redirect(return_to)
-        redirect('/')
+                location = return_to
+
+        redirect(location)
 
     @expose(content_type='text/plain')
     def refresh_repo(self, *repo_path):
@@ -368,6 +377,7 @@ class AuthController(BaseController):
     @expose('jinja:allura:templates/pwd_expired.html')
     @without_trailing_slash
     def pwd_expired(self, **kw):
+        require_authenticated()
         c.form = F.password_change_form
         return {'return_to': kw.get('return_to')}
 
@@ -376,16 +386,22 @@ class AuthController(BaseController):
     @without_trailing_slash
     @validate(V.NullValidator(), error_handler=pwd_expired)
     def pwd_expired_change(self, **kw):
+        require_authenticated()
         return_to = kw.get('return_to')
         kw = F.password_change_form.to_python(kw, None)
         ap = plugin.AuthenticationProvider.get(request)
         try:
-            ap.set_password(c.user, kw['oldpw'], kw['pw'])
+            expired_username = session.get('expired-username')
+            expired_user = M.User.query.get(username=expired_username) if expired_username
else None
+            ap.set_password(expired_user or c.user, kw['oldpw'], kw['pw'])
         except wexc.HTTPUnauthorized:
             flash('Incorrect password', 'error')
             redirect(tg.url('/auth/pwd_expired', dict(return_to=return_to)))
         flash('Password changed')
-        del session['pwd-expired']
+        session.pop('pwd-expired', None)
+        session['username'] = session.get('expired-username')
+        session.pop('expired-username', None)
+
         session.save()
         h.auditlog_user('Password reset (via expiration process)')
         if return_to and return_to != request.url:

http://git-wip-us.apache.org/repos/asf/allura/blob/a96d81b7/Allura/allura/controllers/basetest_project_root.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/basetest_project_root.py b/Allura/allura/controllers/basetest_project_root.py
index 60f64bc..91c16da 100644
--- a/Allura/allura/controllers/basetest_project_root.py
+++ b/Allura/allura/controllers/basetest_project_root.py
@@ -126,7 +126,7 @@ class BasetestProjectRootController(WsgiDispatchController, ProjectController):
         user = auth.by_username(environ.get('username', 'test-admin'))
         if not user:
             user = M.User.anonymous()
-        environ['beaker.session']['userid'] = user._id
+        environ['beaker.session']['username'] = user.username
         c.user = auth.authenticate_request()
         return WsgiDispatchController.__call__(self, environ, start_response)
 

http://git-wip-us.apache.org/repos/asf/allura/blob/a96d81b7/Allura/allura/lib/custom_middleware.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/custom_middleware.py b/Allura/allura/lib/custom_middleware.py
index 45c2141..981c602 100644
--- a/Allura/allura/lib/custom_middleware.py
+++ b/Allura/allura/lib/custom_middleware.py
@@ -296,9 +296,9 @@ class RememberLoginMiddleware(object):
 
         def remember_login_start_response(status, headers, exc_info=None):
             session = environ['beaker.session']
-            userid = session.get('userid')
+            username = session.get('username')
             login_expires = session.get('login_expires')
-            if userid and login_expires is not None:
+            if username and login_expires is not None:
                 if login_expires is True:
                     # no specific expiration, lasts for duration of "browser session"
                     session.cookie[session.key]['expires'] = ''

http://git-wip-us.apache.org/repos/asf/allura/blob/a96d81b7/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index 14a2328..8537f63 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -98,12 +98,15 @@ class AuthenticationProvider(object):
 
     def authenticate_request(self):
         from allura import model as M
-        user = M.User.query.get(_id=self.session.get('userid', None))
+        username = self.session.get('username') or self.session.get('expired-username')
+        user = M.User.query.get(username=username)
+
         if user is None:
             return M.User.anonymous()
         if user.disabled:
             self.logout()
             return M.User.anonymous()
+
         if self.session.get('pwd-expired') and request.path not in self.pwd_expired_allowed_urls:
             if self.request.environ['REQUEST_METHOD'] == 'GET':
                 return_to = self.request.environ['PATH_INFO']
@@ -138,11 +141,13 @@ class AuthenticationProvider(object):
         try:
             if user is None:
                 user = self._login()
-            self.session['userid'] = user._id
             if self.is_password_expired(user):
                 self.session['pwd-expired'] = True
-                from allura.model import AuditLog
+                self.session['expired-username'] = user.username
                 h.auditlog_user('Password expired', user=user)
+            else:
+                self.session['username'] = user.username
+
             if 'rememberme' in self.request.params:
                 remember_for = int(config.get('auth.remember_for', 365))
                 self.session['login_expires'] = datetime.utcnow() + timedelta(remember_for)
@@ -158,8 +163,8 @@ class AuthenticationProvider(object):
             raise
 
     def logout(self):
-        self.session['userid'] = None
         self.session['login_expires'] = None
+        self.session['username'] = None
         self.session['pwd-expired'] = False
         self.session.save()
 
@@ -305,7 +310,6 @@ class LocalAuthenticationProvider(AuthenticationProvider):
     def disable_user(self, user):
         user.disabled = True
         session(user).flush(user)
-        from allura.model import AuditLog
         h.auditlog_user('Account disabled', user=user)
 
     def validate_password(self, user, password):

http://git-wip-us.apache.org/repos/asf/allura/blob/a96d81b7/Allura/allura/lib/widgets/auth_widgets.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/widgets/auth_widgets.py b/Allura/allura/lib/widgets/auth_widgets.py
index 2041e4d..33444f9 100644
--- a/Allura/allura/lib/widgets/auth_widgets.py
+++ b/Allura/allura/lib/widgets/auth_widgets.py
@@ -58,8 +58,7 @@ class LoginForm(ForgeForm):
     @validator
     def validate(self, value, state=None):
         try:
-            value['username'] = plugin.AuthenticationProvider.get(
-                request).login()
+            value['username'] = plugin.AuthenticationProvider.get(request).login()
         except exc.HTTPUnauthorized:
             msg = 'Invalid login'
             raise Invalid(

http://git-wip-us.apache.org/repos/asf/allura/blob/a96d81b7/Allura/allura/tests/functional/test_auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_auth.py b/Allura/allura/tests/functional/test_auth.py
index 9ab122f..39f5794 100644
--- a/Allura/allura/tests/functional/test_auth.py
+++ b/Allura/allura/tests/functional/test_auth.py
@@ -92,12 +92,12 @@ class TestAuth(TestController):
         assert_equal(user.last_access['login_ua'], 'browser')
 
     def test_rememberme(self):
-        userid = M.User.query.get(username='test-user')._id
+        username = M.User.query.get(username='test-user').username
 
         # Login as test-user with remember me checkbox off
         r = self.app.post('/auth/do_login', params=dict(
             username='test-user', password='foo'))
-        assert_equal(r.session['userid'], userid)
+        assert_equal(r.session['username'], username)
         assert_equal(r.session['login_expires'], True)
 
         for header, contents in r.headerlist:
@@ -107,7 +107,7 @@ class TestAuth(TestController):
         # Login as test-user with remember me checkbox on
         r = self.app.post('/auth/do_login', params=dict(
             username='test-user', password='foo', rememberme='on'))
-        assert_equal(r.session['userid'], userid)
+        assert_equal(r.session['username'], username)
         assert_not_equal(r.session['login_expires'], True)
 
         for header, contents in r.headerlist:
@@ -937,6 +937,7 @@ To reset your password on %s, please visit the following URL:
         ap = AP.get()
         ap.forgotten_password_process = False
         ap.authenticate_request()._id = user._id
+        ap.by_username().username = user.username
         self.app.get('/auth/forgotten_password', status=404)
         self.app.post('/auth/set_new_password',
                       {'pw': 'foo', 'pw2': 'foo'}, status=404)

http://git-wip-us.apache.org/repos/asf/allura/blob/a96d81b7/Allura/allura/tests/functional/test_neighborhood.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_neighborhood.py b/Allura/allura/tests/functional/test_neighborhood.py
index b3ebd3c..332a60b 100644
--- a/Allura/allura/tests/functional/test_neighborhood.py
+++ b/Allura/allura/tests/functional/test_neighborhood.py
@@ -583,8 +583,10 @@ class TestNeighborhood(TestController):
                 private_project='on'),
             antispam=True,
             extra_environ=dict(username='root'))
-        flash_msg_cookie = urllib2.unquote(r.headers['Set-Cookie'])
-        assert 'Internal Error.' in flash_msg_cookie
+        cookies = r.headers.getall('Set-Cookie')
+        flash_msg_cookies = map(urllib2.unquote, cookies)
+
+        assert any('Internal Error' in cookie for cookie in flash_msg_cookies)
 
         proj = M.Project.query.get(
             shortname='myprivate1', neighborhood_id=neighborhood._id)


Mime
View raw message