added hook for external password validation, and some more docco

Author: Richard Jones

CHANGES.txt

@@ -44,7 +44,8 @@ are given with the most recent entry first.
 - added "crypt" password encoding and ability to set password with
   already encrypted password through roundup-admin
 - fixed the mailgw so that anonymous users may still access it
-
+- add hook to allow external password verification, overridable in the
+  tracker interfaces module
 
 2002-09-13 0.5.0 beta2
 -  all backends now have a .close() method, and it's used everywhere

doc/customizing.txt

@@ -2,7 +2,7 @@
 Customising Roundup
 ===================
 
-:Version: $Revision: 1.48 $
+:Version: $Revision: 1.49 $
 
 .. This document borrows from the ZopeBook section on ZPT. The original is at:
    http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx
@@ -185,11 +185,6 @@ Note: if you modify the schema, you'll most likely need to edit the
       your changes.
 
 A tracker schema defines what data is stored in the tracker's database.
-The schemas shipped with Roundup turn it into a typical software bug tracker
-or help desk.
-
-XXX make sure we ship the help desk
-
 Schemas are defined using Python code in the ``dbinit.py`` module of your
 tracker. The "classic" schema looks like this::
 
@@ -434,7 +429,9 @@ case though, so be careful to use the right one.
     Use the roundup-admin interface's create, set and retire methods to add,
     alter or remove items from the classes in question.
 
-XXX example
+
+See "`adding a new field to the classic schema`_" for an example that requires
+database content changes.
 
 
 Web Interface
@@ -1532,7 +1529,11 @@ Adding a field to the database
 
 This is the easiest part of the change. The category would just be a plain
 string, nothing fancy. To change what is in the database you need to add
-some lines to the ``open()`` function in ``dbinit.py``::
+some lines to the ``open()`` function in ``dbinit.py`` under the comment::
+
+    # add any additional database schema configuration here
+
+add::
 
     category = Class(db, "category", name=String())
     category.setkey("name")
@@ -1558,6 +1559,38 @@ adding something with a more one to one relationship use Link() instead.
 That is all you need to do to change the schema. The rest of the effort is
 fiddling around so you can actually use the new category.
 
+Populating the new category class
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If you haven't initialised the database with the roundup-admin "initialise"
+command, then you can add the following to the tracker ``dbinit.py`` in the
+``init()`` function under the comment::
+
+    # add any additional database create steps here - but only if you
+    # haven't initialised the database with the admin "initialise" command
+
+add::
+
+     category = db.getclass('category')
+     category.create(name="scipy", order="1")
+     category.create(name="chaco", order="2")
+     category.create(name="weave", order="3")
+
+If the database is initalised, the you need to use the roundup-admin tool::
+
+     % roundup-admin -i <tracker home>
+     Roundup <version> ready for input.
+     Type "help" for help.
+     roundup> create category name=scipy order=1
+     1
+     roundup> create category name=chaco order=1
+     2
+     roundup> create category name=weave order=1
+     3
+     roundup> exit...
+     There are unsaved changes. Commit them (y/N)? y
+
+
 Setting up security on the new objects
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

roundup/cgi/client.py

@@ -1,4 +1,4 @@
-# $Id: client.py,v 1.46 2002-09-26 03:45:09 richard Exp $
+# $Id: client.py,v 1.47 2002-09-26 23:59:08 richard Exp $
 
 __doc__ = """
 WWW request handler (also used in the stand-alone server).
@@ -424,7 +424,10 @@ def header(self, headers=None, response=None):
         if self.debug:
             self.headers_sent = headers
 
-    def set_cookie(self, user, password):
+    def set_cookie(self, user):
+        ''' Set up a session cookie for the user and store away the user's
+            login info against the session.
+        '''
         # TODO generate a much, much stronger session key ;)
         self.session = binascii.b2a_base64(repr(random.random())).strip()
 
@@ -498,9 +501,7 @@ def loginAction(self):
             self.error_message.append(_('No such user "%(name)s"')%locals())
             return
 
-        # and that the password is correct
-        pw = self.db.user.get(self.userid, 'password')
-        if password != pw:
+        if not self.verifyPassword(self.userid, password):
             self.make_user_anonymous()
             self.error_message.append(_('Incorrect password'))
             return
@@ -511,7 +512,12 @@ def loginAction(self):
             raise Unauthorised, _("You do not have permission to login")
 
         # set the session cookie
-        self.set_cookie(self.user, password)
+        self.set_cookie(self.user)
+
+    def verifyPassword(self, userid, password):
+        ''' Verify the password that the user has supplied
+        '''
+        return password == self.db.user.get(self.userid, 'password')
 
     def loginPermission(self):
         ''' Determine whether the user has permission to log in.
@@ -577,8 +583,14 @@ def registerAction(self):
         self.user = cl.get(self.userid, 'username')
         # re-open the database for real, using the user
         self.opendb(self.user)
-        password = self.db.user.get(self.userid, 'password')
-        self.set_cookie(self.user, password)
+
+        # update the user's session
+        if self.session:
+            self.db.sessions.set(self.session, user=self.user,
+                last_use=time.time())
+        else:
+            # new session cookie
+            self.set_cookie(self.user)
 
         # nice message
         message = _('You are now registered, welcome!')

roundup/templates/classic/dbinit.py

@@ -15,7 +15,7 @@
 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
 # 
-# $Id: dbinit.py,v 1.29 2002-09-13 03:31:18 richard Exp $
+# $Id: dbinit.py,v 1.30 2002-09-26 23:59:08 richard Exp $
 
 import os
 
@@ -55,6 +55,8 @@ def open(name=None):
                     klass=String(),     name=String(),
                     url=String())
     query.setkey("name")
+
+    # add any additional database schema configuration here
 
     # Note: roles is a comma-separated string of Role names
     user = Class(db, "user", 
@@ -187,6 +189,9 @@ def init(adminpw):
         address=config.ADMIN_EMAIL, roles='Admin')
     user.create(username="anonymous", roles='Anonymous')
 
+    # add any additional database create steps here - but only if you
+    # haven't initialised the database with the admin "initialise" command
+
     db.commit()
 
 # vim: set filetype=python ts=4 sw=4 et si

roundup/templates/minimal/dbinit.py

@@ -15,7 +15,7 @@
 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
 # 
-# $Id: dbinit.py,v 1.1 2002-09-26 04:15:07 richard Exp $
+# $Id: dbinit.py,v 1.2 2002-09-26 23:59:08 richard Exp $
 
 import os
 
@@ -43,6 +43,8 @@ def open(name=None):
         address=String(), alternate_addresses=String(), roles=String())
     user.setkey("username")
 
+    # add any additional database schema configuration here
+
     #
     # SECURITY SETTINGS
     #
@@ -100,6 +102,9 @@ def init(adminpw):
         address=config.ADMIN_EMAIL, roles='Admin')
     user.create(username="anonymous", roles='Anonymous')
 
+    # add any additional database create steps here - but only if you
+    # haven't initialised the database with the admin "initialise" command
+
     db.commit()
 
 # vim: set filetype=python ts=4 sw=4 et si