--- a/web/test/unittest_application.py Mon Apr 27 19:20:00 2009 +0200
+++ b/web/test/unittest_application.py Mon Apr 27 19:33:34 2009 +0200
@@ -333,12 +333,19 @@
self.assertRaises(AuthenticationError, self.publish, req, 'logout')
self.assertEquals(len(self.open_sessions), 0)
- def test_cookie_auth_no_anon_login_by_email(self):
+ def test_login_by_email(self):
login = self.request().user.login
address = login + u'@localhost'
self.execute('INSERT EmailAddress X: X address %(address)s, U primary_email X '
'WHERE U login %(login)s', {'address': address, 'login': login})
self.commit()
+ # option allow-email-login not set
+ req, origcnx = self._init_auth('cookie')
+ req.form['__login'] = address
+ req.form['__password'] = origcnx.password
+ self._test_auth_fail(req)
+ # option allow-email-login set
+ self.set_option('allow-email-login', True)
req, origcnx = self._init_auth('cookie')
req.form['__login'] = address
req.form['__password'] = origcnx.password
--- a/web/views/authentication.py Mon Apr 27 19:20:00 2009 +0200
+++ b/web/views/authentication.py Mon Apr 27 19:33:34 2009 +0200
@@ -74,7 +74,7 @@
login, password = _login, _password
else:
login, password = req.get_authorization()
- if '@' in (login or u''):
+ if self.vreg.config['allow-email-login'] and '@' in (login or u''):
login = self.login_from_email(login)
if not login:
# No session and no login -> try anonymous
--- a/web/webconfig.py Mon Apr 27 19:20:00 2009 +0200
+++ b/web/webconfig.py Mon Apr 27 19:33:34 2009 +0200
@@ -79,6 +79,12 @@
'if anonymous-user is set',
'group': 'main', 'inputlevel': 1,
}),
+ ('allow-email-login',
+ {'type' : 'yn',
+ 'default': False,
+ 'help': 'allow users to login with their primary email if set',
+ 'group': 'main', 'inputlevel': 2,
+ }),
('query-log-file',
{'type' : 'string',
'default': None,