Commit 2cdc7f48 authored by Laurent Bachelier's avatar Laurent Bachelier

Allow login by key

closes #600
parent 4eaca6dc
......@@ -211,11 +211,18 @@ class Dispatcher(object):
self.ctx = ctx
def _authenticate(self):
signer = AuthCookieSigner(secret=self.ctx.cookie_secret)
authkey = self.ctx.req.str_params.get('authkey')
cookie = self.ctx.req.str_cookies.get('ass2m_auth')
user = cookie and signer.auth(cookie)
if user:
self.ctx.user = self.ctx.storage.get_user(user)
if authkey:
for user in self.ctx.storage.iter_users():
if authkey == user.key:
# set the cookie for the following requests
return self.ctx.login(user)
elif cookie:
signer = AuthCookieSigner(secret=self.ctx.cookie_secret)
username = signer.auth(cookie)
if username:
self.ctx.user = self.ctx.storage.get_user(username)
def dispatch(self):
ctx = self.ctx
......
......@@ -17,6 +17,10 @@ class LoginTest(TestCase):
user = User(storage, 'penguin')
user.realname = 'Penguin'
user.password = 'monkey1'
user.key = 'fabf37d746da8a45df63489f642b3813'
user.save()
user = User(storage, 'platypus')
user.realname = 'Platypus'
user.save()
server = Server(self.root)
self.app = TestApp(server.process)
......@@ -55,3 +59,21 @@ class LoginTest(TestCase):
res = res.follow(status=200)
assert 'Login' in res.body
assert 'Logged as' not in res.body
def test_authKeyLogin(self):
res = self.app.get('/?action=login', status=200)
assert 'Not logged in.' in res.body
# we are authentified by the key
res = self.app.get('/?authkey=fabf37d746da8a45df63489f642b3813', status=200)
assert 'Login' not in res.body
assert 'Logged as <abbr title="Penguin">penguin</abbr>' in res.body
# the authentification is kept
res = self.app.get('/', status=200)
assert 'Login' not in res.body
assert 'Logged as <abbr title="Penguin">penguin</abbr>' in res.body
res = self.app.get('/?action=logout', status=302)
res = res.follow(status=200)
assert 'Login' in res.body
assert 'Logged as' not in res.body
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment