mango r261 - in branches/django: . mango www

[ovitters svn gnome org]

Author: ovitters
Date: Fri Jun 27 20:39:56 2008
New Revision: 261
URL: http://svn.gnome.org/viewvc/mango?rev=261&view=rev

Log:
	-- WARNING THIS IS INSECURE --
	Add 'logging in' to Mango. Notice: Doesn't check password or anything.
	Only ensures the userid is known.
	* mango/urls.py: Add handle_login and handle_logout views.
	* mango/views.py (get_xmldoc, handle_login, handle_logout): In
	get_xmldoc, add for the current logged in user to the HTML instead of
	hardcoding me. In handle_login, don't pretend to be secure and just
	log in the user.
	* www/index.xsl: Ensure URLs to the views are correct.
	* www/page.xsl: Correct URLs to login/logout pages.


Modified:
   branches/django/   (props changed)
   branches/django/ChangeLog
   branches/django/mango/urls.py
   branches/django/mango/views.py
   branches/django/www/index.xsl
   branches/django/www/page.xsl

Modified: branches/django/mango/urls.py
==============================================================================
--- branches/django/mango/urls.py	(original)
+++ branches/django/mango/urls.py	Fri Jun 27 20:39:56 2008
@@ -6,6 +6,8 @@
 urlpatterns = patterns('',
     (r'^%s$' % mango.settings.SITE_ROOT, view.view_index),
     (r'^%stime/$' % mango.settings.SITE_ROOT, view.current_datetime),
+    (r'^%slogin/$' % mango.settings.SITE_ROOT, view.handle_login),
+    (r'^%slogout/$' % mango.settings.SITE_ROOT, view.handle_logout),
     (r'^%susers/$' % mango.settings.SITE_ROOT, view.list_users),
     (r'^%susers/edit/(?P<user>\w+)/$' % mango.settings.SITE_ROOT, view.edit_user),
     (r'^%srequests/$' % mango.settings.SITE_ROOT, view.list_accounts),

Modified: branches/django/mango/views.py
==============================================================================
--- branches/django/mango/views.py	(original)
+++ branches/django/mango/views.py	Fri Jun 27 20:39:56 2008
@@ -28,15 +28,17 @@
     # TODO: 
     #  - determine if user is logged in, if so:
     #    add user details to XML
-    users = models.Users.search(Q(uid='ovitters'))
-    if len(users) == 1:
-        user = users[0]
+    if 'user' in request.session:
+        users = models.Users.search(Q(uid=request.session['user']))
+        if len(users) == 1:
+            user = users[0]
+            request.user = user
 
-        usernode = ET.SubElement(pagenode, 'user')
-        ET.SubElement(usernode, 'cn').text = user.cn
+            usernode = ET.SubElement(pagenode, 'user')
+            ET.SubElement(usernode, 'cn').text = user.cn
 
-        for group in user.groups:
-            node = ET.SubElement(pagenode, 'group', {'cn': group.cn})
+            for group in user.groups:
+                node = ET.SubElement(pagenode, 'group', {'cn': group.cn})
 
     if subpage is not None:
         pagenode = ET.SubElement(pagenode, subpage)
@@ -272,3 +274,28 @@
         obj.add_to_xml(ET, modulenode)
 
     return get_xmlresponse(doc, "list_modules.xsl")
+
+def handle_login(request):
+    doc, pagenode = get_xmldoc('List Modules', request, 'loginform')
+
+    
+    if request.method == 'POST' and 'login' in request.POST and request.POST['login']:
+        users = models.Users.search(Q(uid=request.POST['login']))
+        if len(users) == 1:
+            user = users[0]
+
+            request.session['user'] = user.uid
+            return HttpResponseRedirect(u'../')
+
+
+    return get_xmlresponse(doc, "login.xsl")
+
+def handle_logout(request):
+    try:
+        del request.session['user']
+    except KeyError:
+        pass
+
+    doc, pagenode = get_xmldoc('Logged out', request, 'loggedoutpage')
+    return get_xmlresponse(doc, 'login.xsl')
+

Modified: branches/django/www/index.xsl
==============================================================================
--- branches/django/www/index.xsl	(original)
+++ branches/django/www/index.xsl	Fri Jun 27 20:39:56 2008
@@ -46,7 +46,7 @@
         <p>To access the services on this website, please log in to
           identify yourself. If you want to request a new account see
 	  the <a href="http://live.gnome.org/NewAccounts";>instructions on the wiki</a>.</p>
-        <form method="post" action="login.php" name="f">
+	<form method="post" action="login/" name="f">
           <input type="hidden" name="action" value="login"/>
           <input type="hidden" name="mango_token" value="{/page/@token}"/>
           <table class="login">

Modified: branches/django/www/page.xsl
==============================================================================
--- branches/django/www/page.xsl	(original)
+++ branches/django/www/page.xsl	Fri Jun 27 20:39:56 2008
@@ -70,7 +70,7 @@
 	     <xsl:if test="boolean(group[ cn='membctte'])">
 	       <li><xsl:if test="$channel = 'foundation'"><xsl:attribute name="class">selected</xsl:attribute></xsl:if><a href="{/page/@baseurl}/foundationmembers/"><span>Foundation Members</span></a></li>
 	     </xsl:if>
-	     <li><xsl:if test="$channel = 'login'"><xsl:attribute name="class">selected</xsl:attribute></xsl:if><a href="{/page/@baseurl}/login.php?logout=true"><span>Logout</span></a></li>
+	     <li><xsl:if test="$channel = 'login'"><xsl:attribute name="class">selected</xsl:attribute></xsl:if><a href="{/page/@baseurl}/logout/"><span>Logout</span></a></li>
 	   </xsl:if>
 	   <xsl:if test="not(boolean(user))">
 	    <li><xsl:if test="$channel = 'login'"><xsl:attribute name="class">selected</xsl:attribute></xsl:if><a href="{/page/@baseurl}/login.php"><span>Login</span></a></li>