Changeset 1439

Timestamp:

02/22/08 14:57:37 (2 years ago)

Author:

JensDiemer

Message:

auth - change "next_url" behavior:
-On login: Redirect only, if "next_url" information exists. Otherwiese stay at the current page (ID in _command url).
-On logout: Ony redirect to the default page, if the current page not viewable for anonymous.

Files:

• trunk/pylucid/PyLucid/plugins_internal/auth/auth.py (modified) (11 diffs)

trunk/pylucid/PyLucid/plugins_internal/auth/auth.py

@@ -6 +6 @@
     ~~~~~~~~~~~~~~~~~~~~
 
-    A secure JavaScript SHA-1 Login.
-
-    TODO: Only plaintext login implemented!!!
-
-    TODO: Clearing the session table?
+    A secure JavaScript SHA-1 Login and a plaintext fallback login.
+
+    two steps
+    ~~~~~~~~~
+    We split the login into two steps:
+        - step-1 -> input the username
+        - step-2 -> input the password
+
+    the "next_url"
+    ~~~~~~~~~~~~~~
+    The "next_url" is for a redirect after a login. It's optional.
+    If there doesn't exist a "next_url" information, PyLucid displayed the
+    current page. In every _command URL is the current page ID.
+
+    The "next_url" is in the first step (input the username) a GET parameter.
+    e.g.: localhost/_command/1/auth/login/?next=/ExamplePages/not-viewable
+    Then, the "next_url" information went into the form and comes back in the
+    POST data.
+
+    TODO
+    ~~~~
+    Clearing the session table?
     http://www.djangoproject.com/documentation/sessions/#clearing-the-session-table
 
     Last commit info:
-    ~~~~~~~~~
+    ~~~~~~~~~~~~~~~~~
     LastChangedDate: $LastChangedDate$
     Revision.......: $Rev$
@@ -50 +67 @@
 from PyLucid.system.BasePlugin import PyLucidBasePlugin
 from PyLucid.system.context_processors import add_dynamic_context
-from PyLucid.models import JS_LoginData
+from PyLucid.models import JS_LoginData, Preference
+from PyLucid.system.detect_page import get_default_page
 
 
@@ -150 +168 @@
 
         UsernameForm = forms.form_for_model(User, fields=("username",))
-        
-        next_url = self.request.GET.get('next',self.URLs['scriptRoot'])
+
+        next_url = self.request.GET.get("next", "")
 
         def get_data(form):
@@ -215 +233 @@
         PasswordForm = forms.form_for_model(User, fields=("password",))
 
-        next_url = self.request.POST.get('next_url',self.URLs['scriptRoot'])
+        next_url = self.request.POST.get('next_url', "")
 
         # Change the default TextInput to a PasswordInput
@@ -228 +246 @@
         # Delete the default django help text:
         PasswordForm.base_fields['password'].help_text = ""
-        password_form = PasswordForm(self.request.POST)
 
         if "password" in self.request.POST:
+            password_form = PasswordForm(self.request.POST)
             if password_form.is_valid():
                 password = password_form.cleaned_data["password"]
                 try:
-                    self._check_plaintext_password(password, user)
+                    return self._check_plaintext_password(password, user)
                 except WrongPassword, msg:
                     self.page_msg.red(msg)
                     self._insert_reset_link(context)
-                else:
-                    # Login ok
-                    return HttpResponseRedirect(next_url)
+        else:
+            password_form = PasswordForm()
 
         context["form"] = password_form
@@ -255 +272 @@
             raise WrongPassword("Wrong password.")
 
-        self._login_user(user)
+        return self._login_user(user)
 
 
@@ -262 +279 @@
         Log the >user< in.
         Used in self._check_plaintext_password() and self._sha_login()
+        Returns a redirect, if "next_url" exists otherwise returns None (for
+        display the current page).
         """
         self.page_msg.green(_("Password ok."))
@@ -269 +288 @@
         add_dynamic_context(self.request, self.context)
 
-        next_url = self.request.POST.get('next_url',self.URLs['scriptRoot'])
-
-        # Redirect to next URL
-        HttpResponseRedirect(next_url)
+        if self.request.POST.get("next_url","") != "":
+            next_url = self.request.POST['next_url']
+
+            # Redirect to next URL
+            return HttpResponseRedirect(next_url)
 
 
@@ -340 +360 @@
                 else:
                     if user:
-                        self._login_user(user)
-                        return HttpResponseRedirect(next_url)
+                        return self._login_user(user)
+
                 self._insert_reset_link(context)
                 self.page_msg.red(msg)
@@ -356 +376 @@
 
         PasswordForm = forms.form_for_model(User, fields=("password",))
-
-        if self.request.method == 'POST':
-            if DEBUG: self.page_msg(self.request.POST)
-            password_form = PasswordForm(self.request.POST)
-            if password_form.is_valid():
-                password = password_form.cleaned_data["password"]
-                self.page_msg("password:", password)
-                self.page_msg("SHA-1 - Not implemented completly, yet :(")
-                return HttpResponseRedirect(next_url)
-        else:
-            password_form = PasswordForm()
+        password_form = PasswordForm()
 
         context["form"] = password_form
@@ -387 +397 @@
 
         self.page_msg.green("You logged out.")
-        return HttpResponseRedirect(self.URLs['scriptRoot'])
+
+        if not self.current_page.permitViewPublic:
+            # The current page, can't see anonymous users -> reriect to the
+            # default page
+            default_page = get_default_page(self.request)
+            url = default_page.get_absolute_url()
+            return HttpResponseRedirect(url)
 
     #__________________________________________________________________________