equal
deleted
inserted
replaced
34 login = req.get_authorization()[0] |
34 login = req.get_authorization()[0] |
35 try: |
35 try: |
36 # calling cnx.user() check connection validity, raise |
36 # calling cnx.user() check connection validity, raise |
37 # BadConnectionId on failure |
37 # BadConnectionId on failure |
38 user = cnx.user(req) |
38 user = cnx.user(req) |
39 if login and user.login != login: |
39 # check cnx.login and not user.login, since in case of login by |
|
40 # email, login and cnx.login are the email while user.login is the |
|
41 # actual user login |
|
42 if login and cnx.login != login: |
40 cnx.close() |
43 cnx.close() |
41 raise InvalidSession('login mismatch') |
44 raise InvalidSession('login mismatch') |
42 except BadConnectionId: |
45 except BadConnectionId: |
43 # check if a connection should be automatically restablished |
46 # check if a connection should be automatically restablished |
44 if (login is None or login == cnx.login): |
47 if (login is None or login == cnx.login): |
51 raise InvalidSession('bad connection id') |
54 raise InvalidSession('bad connection id') |
52 # associate the connection to the current request |
55 # associate the connection to the current request |
53 req.set_connection(cnx, user) |
56 req.set_connection(cnx, user) |
54 return cnx |
57 return cnx |
55 |
58 |
56 def login_from_email(self, login): |
|
57 # XXX should not be called from web interface |
|
58 session = self.repo.internal_session() |
|
59 try: |
|
60 rset = session.execute('Any L WHERE U login L, U primary_email M, ' |
|
61 'M address %(login)s', {'login': login}) |
|
62 if rset.rowcount == 1: |
|
63 login = rset[0][0] |
|
64 finally: |
|
65 session.close() |
|
66 return login |
|
67 |
|
68 def authenticate(self, req, _login=None, _password=None): |
59 def authenticate(self, req, _login=None, _password=None): |
69 """authenticate user and return corresponding user object |
60 """authenticate user and return corresponding user object |
70 |
61 |
71 :raise ExplicitLogin: if authentication is required (no authentication |
62 :raise ExplicitLogin: if authentication is required (no authentication |
72 info found or wrong user/password) |
63 info found or wrong user/password) |
77 """ |
68 """ |
78 if _login is not None: |
69 if _login is not None: |
79 login, password = _login, _password |
70 login, password = _login, _password |
80 else: |
71 else: |
81 login, password = req.get_authorization() |
72 login, password = req.get_authorization() |
82 if self.vreg.config['allow-email-login'] and '@' in (login or u''): |
|
83 login = self.login_from_email(login) |
|
84 if not login: |
73 if not login: |
85 # No session and no login -> try anonymous |
74 # No session and no login -> try anonymous |
86 login, password = self.vreg.config.anonymous_user() |
75 login, password = self.vreg.config.anonymous_user() |
87 if not login: # anonymous not authorized |
76 if not login: # anonymous not authorized |
88 raise ExplicitLogin() |
77 raise ExplicitLogin() |