diff --git a/VERSION b/VERSION index 2a0049de..dc411cfb 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -Version 2.6.0-development+timestamp.2013.08.08.14.19.43 +Version 2.6.0-development+timestamp.2013.08.09.03.37.59 diff --git a/gluon/tools.py b/gluon/tools.py index 1f98e6af..22338607 100644 --- a/gluon/tools.py +++ b/gluon/tools.py @@ -1759,7 +1759,8 @@ class Auth(object): description=str(description % vars), origin=origin, user_id=user_id) - def get_or_create_user(self, keys, update_fields=['email'], login=True): + def get_or_create_user(self, keys, update_fields=['email'], + login=True, get=True): """ Used for alternate login methods: If the user exists already then password is updated. @@ -1789,6 +1790,9 @@ class Auth(object): and ('registration_id' not in keys or user.registration_id != str(keys['registration_id'])): user = None # THINK MORE ABOUT THIS? DO WE TRUST OPENID PROVIDER? if user: + if not get: + # added for register_bare to avoid overwriting users + return None update_keys = dict(registration_id=keys['registration_id']) for key in update_fields: if key in keys: @@ -1877,10 +1881,7 @@ class Auth(object): self.user = user self.update_groups() - def login_bare(self, username, password): - """ - logins user as specified by usernname (or email) and password - """ + def _get_login_settings(self): table_user = self.table_user() if self.settings.login_userfield: userfield = self.settings.login_userfield @@ -1889,20 +1890,58 @@ class Auth(object): else: userfield = 'email' passfield = self.settings.password_field - user = self.db(table_user[userfield] == username).select().first() - if user and user.get(passfield, False): - password = table_user[passfield].validate(password)[0] - if not user.registration_key and password == user[passfield]: + return Storage({"table_user": table_user, + "userfield": userfield, + "passfield": passfield}) + + def login_bare(self, username, password): + """ + logins user as specified by username (or email) and password + """ + settings = self._get_login_settings() + user = self.db(settings.table_user[settings.userfield] == \ + username).select().first() + if user and user.get(settings.passfield, False): + password = settings.table_user[ + settings.passfield].validate(password)[0] + if not user.registration_key and password == \ + user[settings.passfield]: self.login_user(user) return user else: # user not in database try other login methods for login_method in self.settings.login_methods: - if login_method != self and login_method(username, password): + if login_method != self and \ + login_method(username, password): self.user = username return username return False + def register_bare(self, **fields): + """ + registers a user as specified by username (or email) + and a raw password. + """ + settings = self._get_login_settings() + if not fields.get(settings.passfield): + raise ValueError("register_bare: " + + "password not provided or invalid") + elif not fields.get(settings.userfield): + raise ValueError("register_bare: " + + "userfield not provided or invalid") + fields[settings.passfield + ] = settings.table_user[settings.passfield].validate( + fields[settings.passfield])[0] + user = self.get_or_create_user(fields, login=False, + get=False, + update_fields=self.settings.update_fields) + if not user: + # get or create did not create a user (it ignores + # duplicate records) + return False + return user + + def cas_login( self, next=DEFAULT,