Skip to content

Commit 156b0d4

Browse files
committed
Changed the code to use django's own authentication, instead of http basic auth. This will let people log out, and will also use stronger password hashing than basic auth. Added a login page, and logout links, and links from the logged in username (in the upper right corner) to the user's profile page.
- Legacy-Id: 7580
2 parents 46b31cc + b02b0a9 commit 156b0d4

34 files changed

Lines changed: 284 additions & 111 deletions

File tree

ietf/doc/tests.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -349,7 +349,7 @@ def test_add_comment(self):
349349
self.assertTrue(draft.name in outbox[-1]['Subject'])
350350

351351
# Make sure we can also do it as IANA
352-
self.client.login(remote_user="iana")
352+
self.client.login(username="iana", password="iana+password")
353353

354354
# normal get
355355
r = self.client.get(url)

ietf/doc/tests_draft.py

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -141,7 +141,7 @@ def test_request_last_call(self):
141141
draft = make_test_data()
142142
draft.set_state(State.objects.get(used=True, type="draft-iesg", slug="ad-eval"))
143143

144-
self.client.login(remote_user="secretary")
144+
self.client.login(username="secretary", password="secretary+password")
145145
url = urlreverse('doc_change_state', kwargs=dict(name=draft.name))
146146

147147
mailbox_before = len(outbox)
@@ -820,7 +820,7 @@ def test_doc_view_shepherd_writeup(self):
820820
url = urlreverse('doc_shepherd_writeup',kwargs=dict(name=self.docname))
821821

822822
# get as a shepherd
823-
self.client.login(remote_user="plain")
823+
self.client.login(username="plain", password="plain+password")
824824

825825
r = self.client.get(url)
826826
self.assertEqual(r.status_code,200)
@@ -874,14 +874,14 @@ def setUp(self):
874874
class SubmitToIesgTests(TestCase):
875875
def verify_permissions(self):
876876

877-
def verify_fail(remote_user):
878-
if remote_user:
879-
self.client.login(remote_user=remote_user)
877+
def verify_fail(username):
878+
if username:
879+
self.client.login(username=username, password=username+"+password")
880880
r = self.client.get(url)
881881
self.assertEqual(r.status_code,404)
882882

883-
def verify_can_see(remote_user):
884-
self.client.login(remote_user=remote_user)
883+
def verify_can_see(username):
884+
self.client.login(username=username, password=username+"+password")
885885
r = self.client.get(url)
886886
self.assertEqual(r.status_code,200)
887887
q = PyQuery(r.content)
@@ -897,7 +897,7 @@ def verify_can_see(remote_user):
897897

898898
def cancel_submission(self):
899899
url = urlreverse('doc_to_iesg', kwargs=dict(name=self.docname))
900-
self.client.login(remote_user='marschairman')
900+
self.client.login(username="marschairman", password="marschairman+password")
901901

902902
r = self.client.post(url, dict(cancel="1"))
903903
self.assertEqual(r.status_code, 302)
@@ -907,7 +907,7 @@ def cancel_submission(self):
907907

908908
def confirm_submission(self):
909909
url = urlreverse('doc_to_iesg', kwargs=dict(name=self.docname))
910-
self.client.login(remote_user='marschairman')
910+
self.client.login(username="marschairman", password="marschairman+password")
911911

912912
docevent_count_pre = self.doc.docevent_set.count()
913913
mailbox_before = len(outbox)

ietf/iesg/tests.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -410,7 +410,7 @@ def test_reschedule(self):
410410

411411
url = urlreverse('ietf.iesg.views.agenda_documents')
412412

413-
self.client.login(remote_user="secretary")
413+
self.client.login(username="secretary", password="secretary+password")
414414

415415
# normal get
416416
r = self.client.get(url)

ietf/ietfauth/tests.py

Lines changed: 19 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -44,25 +44,34 @@ def test_index(self):
4444
def test_login(self):
4545
make_test_data()
4646

47-
# try logging in with a next
48-
r = self.client.get('/accounts/login/?next=/foobar', REMOTE_USER="plain")
47+
# try logging in without a next
48+
r = self.client.get('/accounts/login/')
49+
self.assertEqual(r.status_code, 200)
50+
51+
r = self.client.post('/accounts/login/', {"username":"plain", "password":"plain+password"})
4952
self.assertEqual(r.status_code, 302)
50-
self.assertEqual(urlsplit(r["Location"])[2], "/accounts/loggedin/")
53+
self.assertEqual(urlsplit(r["Location"])[2], "/accounts/profile/")
5154

52-
r = self.client.get('/accounts/loggedin/?next=/foobar', REMOTE_USER="plain")
55+
# try logging out
56+
r = self.client.get('/accounts/logout/')
57+
self.assertEqual(r.status_code, 200)
58+
59+
r = self.client.get('/accounts/profile/')
5360
self.assertEqual(r.status_code, 302)
54-
self.assertEqual(urlsplit(r["Location"])[2], "/foobar")
61+
self.assertEqual(urlsplit(r["Location"])[2], "/accounts/login/")
5562

56-
# try again without a next
57-
r = self.client.get('/accounts/login/', REMOTE_USER="plain")
58-
r = self.client.get('/accounts/loggedin/', REMOTE_USER="plain")
63+
# try logging in with a next
64+
r = self.client.post('/accounts/login/?next=/foobar', {"username":"plain", "password":"plain+password"})
5965
self.assertEqual(r.status_code, 302)
60-
self.assertEqual(urlsplit(r["Location"])[2], "/accounts/profile/")
66+
self.assertEqual(urlsplit(r["Location"])[2], "/foobar")
67+
6168

6269
def test_profile(self):
70+
make_test_data()
71+
6372
url = urlreverse('ietf.ietfauth.views.profile')
6473
login_testing_unauthorized(self, "plain", url)
65-
74+
6675
# get
6776
r = self.client.get(url)
6877
self.assertEqual(r.status_code, 200)

ietf/ietfauth/urls.py

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,15 @@
11
# Copyright The IETF Trust 2007, 2009, All Rights Reserved
22

33
from django.conf.urls import patterns, url
4+
from django.contrib.auth.views import login, logout
45

56
urlpatterns = patterns('ietf.ietfauth.views',
67
url(r'^$', 'index', name='account_index'),
7-
url(r'^login/$', 'ietf_login'),
8-
url(r'^loggedin/$', 'ietf_loggedin'),
8+
# url(r'^login/$', 'ietf_login'),
9+
url(r'^login/$', login),
10+
url(r'^logout/$', logout),
11+
# url(r'^loggedin/$', 'ietf_loggedin'),
12+
# url(r'^loggedout/$', 'logged_out'),
913
url(r'^profile/$', 'profile'),
1014
# (r'^login/(?P<user>[a-z0-9.@]+)/(?P<passwd>.+)$', 'url_login'),
1115
url(r'^testemail/$', 'test_email'),

ietf/ietfauth/views.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@ def url_login(request, user, passwd):
6363
return HttpResponseRedirect('/accounts/loggedin/?%s=%s' % (REDIRECT_FIELD_NAME, urlquote(redirect_to)))
6464
return HttpResponse("Not authenticated?", status=500)
6565

66+
@login_required
6667
def ietf_login(request):
6768
if not request.user.is_authenticated():
6869
return HttpResponse("Not authenticated?", status=500)
@@ -258,4 +259,3 @@ def test_email(request):
258259
r.set_cookie("testmailcc", cookie)
259260

260261
return r
261-

ietf/liaisons/tests.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -158,7 +158,7 @@ def test_taken_care_of(self):
158158
self.assertEqual(len(q('form input[name=do_action_taken]')), 0)
159159

160160
# log in and get
161-
self.client.login(remote_user="secretary")
161+
self.client.login(username="secretary", password="secretary+password")
162162

163163
r = self.client.get(url)
164164
self.assertEqual(r.status_code, 200)

ietf/meeting/tests_api.py

Lines changed: 21 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ def do_post(to):
4444
self.assertEqual(ScheduledSession.objects.get(pk=mars_scheduled.pk).session, session)
4545

4646
# faulty post - logged in as non-owner
47-
self.client.login(remote_user="ad")
47+
self.client.login(username="ad", password="ad+password")
4848
r = do_post(to=ames_scheduled)
4949
self.assertEqual(r.status_code, 200)
5050
self.assertTrue("error" in json.loads(r.content))
@@ -58,7 +58,7 @@ def do_post(to):
5858
test_schedule.save()
5959

6060
# move to ames
61-
self.client.login(remote_user="secretary")
61+
self.client.login(username="secretary", password="secretary+password")
6262
r = do_post(to=ames_scheduled)
6363
self.assertEqual(r.status_code, 200)
6464
self.assertTrue("error" not in json.loads(r.content))
@@ -67,7 +67,7 @@ def do_post(to):
6767
self.assertEqual(ScheduledSession.objects.get(pk=ames_scheduled.pk).session, session)
6868

6969
# unschedule
70-
self.client.login(remote_user="secretary")
70+
self.client.login(username="secretary", password="secretary+password")
7171
r = do_post(to=None)
7272
self.assertEqual(r.status_code, 200)
7373
self.assertTrue("error" not in json.loads(r.content))
@@ -121,7 +121,7 @@ def test_create_new_room(self):
121121
self.assertTrue(not meeting.room_set.filter(name="new room"))
122122

123123
# create room
124-
self.client.login(remote_user="secretary")
124+
self.client.login(username="secretary", password="secretary+password")
125125
r = self.client.post(url, post_data)
126126
self.assertTrue(meeting.room_set.filter(name="new room"))
127127

@@ -141,7 +141,7 @@ def test_delete_room(self):
141141
self.assertTrue(meeting.room_set.filter(pk=room.pk))
142142

143143
# delete
144-
self.client.login(remote_user="secretary")
144+
self.client.login(username="secretary", password="secretary+password")
145145
r = self.client.delete(url)
146146
self.assertTrue(not meeting.room_set.filter(pk=room.pk))
147147
self.assertTrue(not TimeSlot.objects.filter(pk__in=timeslots_before))
@@ -189,12 +189,12 @@ def test_create_new_slot(self):
189189
}
190190

191191
# unauthorized post
192-
self.client.login(remote_user="ad")
192+
self.client.login(username="ad", password="ad+password")
193193
r = self.client.post(url, post_data)
194194
self.assertEqual(r.status_code, 403)
195195

196196
# create room
197-
self.client.login(remote_user="secretary")
197+
self.client.login(username="secretary", password="secretary+password")
198198
r = self.client.post(url, post_data)
199199
self.assertEqual(r.status_code, 302)
200200
self.assertTrue(meeting.timeslot_set.filter(time=slot_time))
@@ -207,12 +207,12 @@ def test_delete_slot(self):
207207
kwargs=dict(num=meeting.number, slotid=slot.pk))
208208

209209
# unauthorized delete
210-
self.client.login(remote_user="ad")
210+
self.client.login(username="ad", password="ad+password")
211211
r = self.client.delete(url)
212212
self.assertEqual(r.status_code, 403)
213213

214214
# delete
215-
self.client.login(remote_user="secretary")
215+
self.client.login(username="secretary", password="secretary+password")
216216
self.client.delete(url)
217217
self.assertTrue(not meeting.timeslot_set.filter(pk=slot.pk))
218218

@@ -236,13 +236,13 @@ def test_create_new_schedule(self):
236236
}
237237

238238
# unauthorized post
239-
self.client.login(remote_user="plain")
239+
self.client.login(username="plain", password="plain+password")
240240
r = self.client.post(url, post_data)
241241
self.assertEqual(r.status_code, 403)
242242
self.assertTrue(not meeting.schedule_set.filter(name='new-agenda'))
243243

244244
# create new agenda
245-
self.client.login(remote_user="secretary")
245+
self.client.login(username="secretary", password="secretary+password")
246246
r = self.client.post(url, post_data)
247247
self.assertEqual(r.status_code, 302)
248248
self.assertTrue(meeting.schedule_set.filter(name='new-agenda'))
@@ -262,12 +262,12 @@ def test_update_schedule(self):
262262
}
263263

264264
# unauthorized post
265-
self.client.login(remote_user="plain")
265+
self.client.login(username="plain", password="plain+password")
266266
r = self.client.post(url, post_data)
267267
self.assertEqual(r.status_code, 403)
268268

269269
# change agenda
270-
self.client.login(remote_user="ad")
270+
self.client.login(username="ad", password="ad+password")
271271
r = self.client.post(url, post_data)
272272
self.assertEqual(r.status_code, 302)
273273
changed_schedule = Schedule.objects.get(pk=meeting.agenda.pk)
@@ -281,12 +281,12 @@ def test_delete_schedule(self):
281281
kwargs=dict(num=meeting.number,
282282
schedule_name=meeting.agenda.name))
283283
# unauthorized delete
284-
self.client.login(remote_user="plain")
284+
self.client.login(username="plain", password="plain+password")
285285
r = self.client.delete(url)
286286
self.assertEqual(r.status_code, 403)
287287

288288
# delete
289-
self.client.login(remote_user="secretary")
289+
self.client.login(username="secretary", password="secretary+password")
290290
r = self.client.delete(url)
291291
self.assertEqual(r.status_code, 200)
292292
self.assertTrue(not Schedule.objects.filter(pk=meeting.agenda.pk))
@@ -301,12 +301,12 @@ def test_set_meeting_agenda(self):
301301
"agenda": "",
302302
}
303303
# unauthorized post
304-
self.client.login(remote_user="ad")
304+
self.client.login(username="ad", password="ad+password")
305305
r = self.client.post(url, post_data)
306306
self.assertEqual(r.status_code, 403)
307307

308308
# clear
309-
self.client.login(remote_user="secretary")
309+
self.client.login(username="secretary", password="secretary+password")
310310
r = self.client.post(url, post_data)
311311
self.assertEqual(r.status_code, 200)
312312
self.assertTrue(not Meeting.objects.get(pk=meeting.pk).agenda)
@@ -340,7 +340,7 @@ def test_read_only(self):
340340
})}
341341

342342
# Secretariat
343-
self.client.login(remote_user="secretary")
343+
self.client.login(username="secretary", password="secretary+password")
344344
r = self.client.post('/dajaxice/ietf.meeting.readonly/', data)
345345
self.assertEqual(r.status_code, 200)
346346

@@ -351,7 +351,8 @@ def test_read_only(self):
351351
self.assertEqual(info['write_perm'], True)
352352

353353
# owner
354-
self.client.login(remote_user=meeting.agenda.owner.user.username)
354+
self.client.login(username=meeting.agenda.owner.user.username,
355+
password=meeting.agenda.owner.user.username+"+password")
355356
r = self.client.post('/dajaxice/ietf.meeting.readonly/', data)
356357
self.assertEqual(r.status_code, 200)
357358

@@ -383,7 +384,7 @@ def test_update_timeslot_pinned(self):
383384
# set pinned
384385
meeting.agenda.owner = Person.objects.get(user__username="secretary")
385386
meeting.agenda.save()
386-
self.client.login(remote_user="secretary")
387+
self.client.login(username="secretary", password="secretary+password")
387388
r = self.client.post(url, post_data)
388389
self.assertEqual(r.status_code, 200)
389390
self.assertTrue(ScheduledSession.objects.get(pk=scheduled.pk).pinned)

ietf/meeting/tests_views.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -154,7 +154,7 @@ def setUp(self):
154154
def test_edit_agenda(self):
155155
meeting = make_meeting_test_data()
156156

157-
self.client.login(remote_user="secretary")
157+
self.client.login(username="secretary", password="secretary+password")
158158
r = self.client.get(urlreverse("ietf.meeting.views.edit_agenda", kwargs=dict(num=meeting.number)))
159159
self.assertEqual(r.status_code, 200)
160160
self.assertTrue("session_obj" in r.content)
@@ -164,7 +164,7 @@ def test_save_agenda_as_and_read_permissions(self):
164164
url = urlreverse("ietf.meeting.views.edit_agenda", kwargs=dict(num=meeting.number))
165165

166166
# save as
167-
self.client.login(remote_user="ad")
167+
self.client.login(username="ad", password="ad+password")
168168
r = self.client.post(url, {
169169
'savename': "foo",
170170
'saveas': "saveas",
@@ -196,14 +196,14 @@ def test_save_agenda_as_and_read_permissions(self):
196196
schedule.visible = False
197197
schedule.public = False
198198
schedule.save()
199-
self.client.login(remote_user="secretary")
199+
self.client.login(username="secretary", password="secretary+password")
200200
r = self.client.get(url)
201201
self.assertEqual(r.status_code, 200)
202202

203203
def test_edit_timeslots(self):
204204
meeting = make_meeting_test_data()
205205

206-
self.client.login(remote_user="secretary")
206+
self.client.login(username="secretary", password="secretary+password")
207207
r = self.client.get(urlreverse("ietf.meeting.views.edit_timeslots", kwargs=dict(num=meeting.number)))
208208
self.assertEqual(r.status_code, 200)
209209
self.assertTrue(meeting.room_set.all().first().name in r.content)

ietf/nomcom/test_data.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -113,7 +113,10 @@ def nomcom_test_data():
113113
create_person(group, "member", username=MEMBER_USER)
114114

115115
# nominee
116-
u, _ = User.objects.get_or_create(username=COMMUNITY_USER)
116+
u, created = User.objects.get_or_create(username=COMMUNITY_USER)
117+
if created:
118+
u.set_password(COMMUNITY_USER+"+password")
119+
u.save()
117120
plainman, _ = Person.objects.get_or_create(name="Plain Man", ascii="Plain Man", user=u)
118121
email, _ = Email.objects.get_or_create(address="plain@example.com", person=plainman)
119122
nominee, _ = Nominee.objects.get_or_create(email=email, nomcom=nomcom)

0 commit comments

Comments
 (0)