# HG changeset patch
# User Florent <florent@secondweb.fr>
# Date 1240853614 -7200
# Node ID 6b024694d493d4314ed863b99e343edf78bcfcd1
# Parent  08acef58ad08a887442fb5b70597d72a8e706dcf
add allow-email-login option

diff -r 08acef58ad08 -r 6b024694d493 web/test/unittest_application.py
--- a/web/test/unittest_application.py	Mon Apr 27 19:20:00 2009 +0200
+++ b/web/test/unittest_application.py	Mon Apr 27 19:33:34 2009 +0200
@@ -333,12 +333,19 @@
         self.assertRaises(AuthenticationError, self.publish, req, 'logout')
         self.assertEquals(len(self.open_sessions), 0) 
 
-    def test_cookie_auth_no_anon_login_by_email(self):
+    def test_login_by_email(self):
         login = self.request().user.login
         address = login + u'@localhost'
         self.execute('INSERT EmailAddress X: X address %(address)s, U primary_email X '
                      'WHERE U login %(login)s', {'address': address, 'login': login})
         self.commit()
+        # option allow-email-login not set
+        req, origcnx = self._init_auth('cookie')
+        req.form['__login'] = address
+        req.form['__password'] = origcnx.password
+        self._test_auth_fail(req)
+        # option allow-email-login set
+        self.set_option('allow-email-login', True)
         req, origcnx = self._init_auth('cookie')
         req.form['__login'] = address
         req.form['__password'] = origcnx.password
diff -r 08acef58ad08 -r 6b024694d493 web/views/authentication.py
--- a/web/views/authentication.py	Mon Apr 27 19:20:00 2009 +0200
+++ b/web/views/authentication.py	Mon Apr 27 19:33:34 2009 +0200
@@ -74,7 +74,7 @@
             login, password = _login, _password
         else:
             login, password = req.get_authorization()
-        if '@' in (login or u''):
+        if self.vreg.config['allow-email-login'] and '@' in (login or u''):
             login = self.login_from_email(login)
         if not login:
             # No session and no login -> try anonymous
diff -r 08acef58ad08 -r 6b024694d493 web/webconfig.py
--- a/web/webconfig.py	Mon Apr 27 19:20:00 2009 +0200
+++ b/web/webconfig.py	Mon Apr 27 19:33:34 2009 +0200
@@ -79,6 +79,12 @@
           'if anonymous-user is set',
           'group': 'main', 'inputlevel': 1,
           }),
+        ('allow-email-login',
+         {'type' : 'yn',
+          'default': False,
+          'help': 'allow users to login with their primary email if set',
+          'group': 'main', 'inputlevel': 2,
+          }),
         ('query-log-file',
          {'type' : 'string',
           'default': None,