You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by je...@apache.org on 2014/09/17 15:33:57 UTC
[10/35] git commit: [#7688] Use username instead of userid in
session. Handle expired password after logging in.
[#7688] Use username instead of userid in session. Handle expired
password after logging in.
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/a96d81b7
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/a96d81b7
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/a96d81b7
Branch: refs/heads/je/42cc_7657
Commit: a96d81b77fb493e831ba56b34c34fe6f9d492d8a
Parents: 67355b5
Author: Alexander Luberg <al...@slashdotmedia.com>
Authored: Fri Aug 22 13:36:56 2014 +0000
Committer: Alexander Luberg <do...@users.sourceforge.net>
Committed: Tue Sep 16 22:41:31 2014 +0000
----------------------------------------------------------------------
Allura/allura/controllers/auth.py | 24 ++++++++++++++++----
.../allura/controllers/basetest_project_root.py | 2 +-
Allura/allura/lib/custom_middleware.py | 4 ++--
Allura/allura/lib/plugin.py | 14 ++++++++----
Allura/allura/lib/widgets/auth_widgets.py | 3 +--
Allura/allura/tests/functional/test_auth.py | 7 +++---
.../tests/functional/test_neighborhood.py | 6 +++--
7 files changed, 41 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/a96d81b7/Allura/allura/controllers/auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/auth.py b/Allura/allura/controllers/auth.py
index 61f068e..1f8c8aa 100644
--- a/Allura/allura/controllers/auth.py
+++ b/Allura/allura/controllers/auth.py
@@ -270,12 +270,21 @@ class AuthController(BaseController):
@require_post()
@validate(F.login_form, error_handler=index)
def do_login(self, return_to=None, **kw):
+ location = '/'
+
+ if session.get('expired-username'):
+ if return_to and return_to not in plugin.AuthenticationProvider.pwd_expired_allowed_urls:
+ location = tg.url(plugin.AuthenticationProvider.pwd_expired_allowed_urls[0], dict(return_to=return_to))
+ else:
+ location = tg.url(plugin.AuthenticationProvider.pwd_expired_allowed_urls[0])
+
if return_to and return_to != request.url:
rt_host = urlparse(urljoin(config['base_url'], return_to)).netloc
base_host = urlparse(config['base_url']).netloc
if rt_host == base_host:
- redirect(return_to)
- redirect('/')
+ location = return_to
+
+ redirect(location)
@expose(content_type='text/plain')
def refresh_repo(self, *repo_path):
@@ -368,6 +377,7 @@ class AuthController(BaseController):
@expose('jinja:allura:templates/pwd_expired.html')
@without_trailing_slash
def pwd_expired(self, **kw):
+ require_authenticated()
c.form = F.password_change_form
return {'return_to': kw.get('return_to')}
@@ -376,16 +386,22 @@ class AuthController(BaseController):
@without_trailing_slash
@validate(V.NullValidator(), error_handler=pwd_expired)
def pwd_expired_change(self, **kw):
+ require_authenticated()
return_to = kw.get('return_to')
kw = F.password_change_form.to_python(kw, None)
ap = plugin.AuthenticationProvider.get(request)
try:
- ap.set_password(c.user, kw['oldpw'], kw['pw'])
+ expired_username = session.get('expired-username')
+ expired_user = M.User.query.get(username=expired_username) if expired_username else None
+ ap.set_password(expired_user or c.user, kw['oldpw'], kw['pw'])
except wexc.HTTPUnauthorized:
flash('Incorrect password', 'error')
redirect(tg.url('/auth/pwd_expired', dict(return_to=return_to)))
flash('Password changed')
- del session['pwd-expired']
+ session.pop('pwd-expired', None)
+ session['username'] = session.get('expired-username')
+ session.pop('expired-username', None)
+
session.save()
h.auditlog_user('Password reset (via expiration process)')
if return_to and return_to != request.url:
http://git-wip-us.apache.org/repos/asf/allura/blob/a96d81b7/Allura/allura/controllers/basetest_project_root.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/basetest_project_root.py b/Allura/allura/controllers/basetest_project_root.py
index 60f64bc..91c16da 100644
--- a/Allura/allura/controllers/basetest_project_root.py
+++ b/Allura/allura/controllers/basetest_project_root.py
@@ -126,7 +126,7 @@ class BasetestProjectRootController(WsgiDispatchController, ProjectController):
user = auth.by_username(environ.get('username', 'test-admin'))
if not user:
user = M.User.anonymous()
- environ['beaker.session']['userid'] = user._id
+ environ['beaker.session']['username'] = user.username
c.user = auth.authenticate_request()
return WsgiDispatchController.__call__(self, environ, start_response)
http://git-wip-us.apache.org/repos/asf/allura/blob/a96d81b7/Allura/allura/lib/custom_middleware.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/custom_middleware.py b/Allura/allura/lib/custom_middleware.py
index 45c2141..981c602 100644
--- a/Allura/allura/lib/custom_middleware.py
+++ b/Allura/allura/lib/custom_middleware.py
@@ -296,9 +296,9 @@ class RememberLoginMiddleware(object):
def remember_login_start_response(status, headers, exc_info=None):
session = environ['beaker.session']
- userid = session.get('userid')
+ username = session.get('username')
login_expires = session.get('login_expires')
- if userid and login_expires is not None:
+ if username and login_expires is not None:
if login_expires is True:
# no specific expiration, lasts for duration of "browser session"
session.cookie[session.key]['expires'] = ''
http://git-wip-us.apache.org/repos/asf/allura/blob/a96d81b7/Allura/allura/lib/plugin.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/plugin.py b/Allura/allura/lib/plugin.py
index 14a2328..8537f63 100644
--- a/Allura/allura/lib/plugin.py
+++ b/Allura/allura/lib/plugin.py
@@ -98,12 +98,15 @@ class AuthenticationProvider(object):
def authenticate_request(self):
from allura import model as M
- user = M.User.query.get(_id=self.session.get('userid', None))
+ username = self.session.get('username') or self.session.get('expired-username')
+ user = M.User.query.get(username=username)
+
if user is None:
return M.User.anonymous()
if user.disabled:
self.logout()
return M.User.anonymous()
+
if self.session.get('pwd-expired') and request.path not in self.pwd_expired_allowed_urls:
if self.request.environ['REQUEST_METHOD'] == 'GET':
return_to = self.request.environ['PATH_INFO']
@@ -138,11 +141,13 @@ class AuthenticationProvider(object):
try:
if user is None:
user = self._login()
- self.session['userid'] = user._id
if self.is_password_expired(user):
self.session['pwd-expired'] = True
- from allura.model import AuditLog
+ self.session['expired-username'] = user.username
h.auditlog_user('Password expired', user=user)
+ else:
+ self.session['username'] = user.username
+
if 'rememberme' in self.request.params:
remember_for = int(config.get('auth.remember_for', 365))
self.session['login_expires'] = datetime.utcnow() + timedelta(remember_for)
@@ -158,8 +163,8 @@ class AuthenticationProvider(object):
raise
def logout(self):
- self.session['userid'] = None
self.session['login_expires'] = None
+ self.session['username'] = None
self.session['pwd-expired'] = False
self.session.save()
@@ -305,7 +310,6 @@ class LocalAuthenticationProvider(AuthenticationProvider):
def disable_user(self, user):
user.disabled = True
session(user).flush(user)
- from allura.model import AuditLog
h.auditlog_user('Account disabled', user=user)
def validate_password(self, user, password):
http://git-wip-us.apache.org/repos/asf/allura/blob/a96d81b7/Allura/allura/lib/widgets/auth_widgets.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/widgets/auth_widgets.py b/Allura/allura/lib/widgets/auth_widgets.py
index 2041e4d..33444f9 100644
--- a/Allura/allura/lib/widgets/auth_widgets.py
+++ b/Allura/allura/lib/widgets/auth_widgets.py
@@ -58,8 +58,7 @@ class LoginForm(ForgeForm):
@validator
def validate(self, value, state=None):
try:
- value['username'] = plugin.AuthenticationProvider.get(
- request).login()
+ value['username'] = plugin.AuthenticationProvider.get(request).login()
except exc.HTTPUnauthorized:
msg = 'Invalid login'
raise Invalid(
http://git-wip-us.apache.org/repos/asf/allura/blob/a96d81b7/Allura/allura/tests/functional/test_auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_auth.py b/Allura/allura/tests/functional/test_auth.py
index 9ab122f..39f5794 100644
--- a/Allura/allura/tests/functional/test_auth.py
+++ b/Allura/allura/tests/functional/test_auth.py
@@ -92,12 +92,12 @@ class TestAuth(TestController):
assert_equal(user.last_access['login_ua'], 'browser')
def test_rememberme(self):
- userid = M.User.query.get(username='test-user')._id
+ username = M.User.query.get(username='test-user').username
# Login as test-user with remember me checkbox off
r = self.app.post('/auth/do_login', params=dict(
username='test-user', password='foo'))
- assert_equal(r.session['userid'], userid)
+ assert_equal(r.session['username'], username)
assert_equal(r.session['login_expires'], True)
for header, contents in r.headerlist:
@@ -107,7 +107,7 @@ class TestAuth(TestController):
# Login as test-user with remember me checkbox on
r = self.app.post('/auth/do_login', params=dict(
username='test-user', password='foo', rememberme='on'))
- assert_equal(r.session['userid'], userid)
+ assert_equal(r.session['username'], username)
assert_not_equal(r.session['login_expires'], True)
for header, contents in r.headerlist:
@@ -937,6 +937,7 @@ To reset your password on %s, please visit the following URL:
ap = AP.get()
ap.forgotten_password_process = False
ap.authenticate_request()._id = user._id
+ ap.by_username().username = user.username
self.app.get('/auth/forgotten_password', status=404)
self.app.post('/auth/set_new_password',
{'pw': 'foo', 'pw2': 'foo'}, status=404)
http://git-wip-us.apache.org/repos/asf/allura/blob/a96d81b7/Allura/allura/tests/functional/test_neighborhood.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_neighborhood.py b/Allura/allura/tests/functional/test_neighborhood.py
index b3ebd3c..332a60b 100644
--- a/Allura/allura/tests/functional/test_neighborhood.py
+++ b/Allura/allura/tests/functional/test_neighborhood.py
@@ -583,8 +583,10 @@ class TestNeighborhood(TestController):
private_project='on'),
antispam=True,
extra_environ=dict(username='root'))
- flash_msg_cookie = urllib2.unquote(r.headers['Set-Cookie'])
- assert 'Internal Error.' in flash_msg_cookie
+ cookies = r.headers.getall('Set-Cookie')
+ flash_msg_cookies = map(urllib2.unquote, cookies)
+
+ assert any('Internal Error' in cookie for cookie in flash_msg_cookies)
proj = M.Project.query.get(
shortname='myprivate1', neighborhood_id=neighborhood._id)