Update mysql_login to moin 1.8.

[matthijs/projects/wipi.git] / conf / auth / mysql_login.py

# -*- coding: iso-8859-1 -*-
"""
    MoinMoin - auth plugin doing a check against MySQL db

    @copyright: 2008 Matthijs Kooijman
    @license: GNU GPL, see COPYING for details.
"""

import MySQLdb
import md5
from MoinMoin import user
from MoinMoin.auth import BaseAuth, ContinueLogin

class mysql_login(BaseAuth):
    logout_possible = True
    login_inputs    = ['username', 'password']
    
    def __init__(self, name='mysql', dbhost=None, dbuser=None, dbpass=None, dbname=None, dbport=None, verbose=False):
        """
            Authenticate using credentials from a mysql database
        """
        self.verbose = verbose
        self.dbhost  = dbhost
        self.dbuser  = dbuser
        self.dbpass  = dbpass
        self.dbname  = dbname
        self.dbport  = dbport
        self.name    = name
    
    def check_login(self, request, username, password):
        """ Checks the given username password combination. Returns the
        corresponding emailaddress, or False if authentication failed.
        """
        conn = self.connect(request)

        if not conn:
            return False

        # Get some data
        cursor = conn.cursor ()
        cursor.execute ("SELECT user_password,user_email FROM lex_users WHERE username=%s", username)

        # No data? No login.
        if (cursor.rowcount == 0):
            conn.close()
            return False
       
        # Check password
        row = cursor.fetchone()
        conn.close()

        if (md5.new(password).hexdigest() == row[0]):
            return row[1]
        else:
            return False

    def connect(self, request):
        # This code was shamelessly stolen from
        # django.db.backends.mysql.base.cursor
        kwargs = {
            'charset': 'utf8',
            'use_unicode': False,
        }
        if self.dbuser:
            kwargs['user'] = self.dbuser
        if self.dbname:
            kwargs['db'] = self.dbname
        if self.dbpass:
            kwargs['passwd'] = self.dbpass
        if self.dbhost.startswith('/'):
            kwargs['unix_socket'] = self.dbhost
        elif self.dbhost:
            kwargs['host'] = self.dbhost
        if self.dbport:
            kwargs['port'] = int(self.dbport)

        # End stolen code

        try:
            conn = MySQLdb.connect (**kwargs)
        except:
            import sys
            import traceback
            info = sys.exc_info()
            request.log("mysql_login: authentication failed due to exception connecting to DB, traceback follows...")
            request.log(''.join(traceback.format_exception(*info)))
            return False

        return conn

    def login(self, request, user_obj, **kw):
        try:
            username = kw.get('username')
            password = kw.get('password')

            if self.verbose: request.log("mysql_login: Trying to log in, username=%r " % (username))
           
            # simply continue if something else already logged in
            # successfully
            if user_obj and user_obj.valid:
                return ContinueLogin(user_obj)

            # Deny empty username or passwords
            if not username or not password:
                return ContinueLogin(user_obj)

            email = self.check_login(request, username, password)
            
            # Login incorrect
            if (not email):
                if self.verbose: request.log("mysql_login: authentication failed for %s" % (username))
                return ContinueLogin(user_obj)

            if self.verbose: request.log("mysql_login: authenticated %s (email %s)" % (username, email))

            u = user.User(request, auth_username=username, auth_method=self.name, auth_attribs=('password', 'email', ))
            u.email = email
            #u.remember_me = 0 # 0 enforces cookie_lifetime config param
            u.create_or_update(True)

            return ContinueLogin(u)
        except:
            import sys
            import traceback
            info = sys.exc_info()
            request.log("mysql_login: authentication failed due to unexpected exception, traceback follows...")
            request.log(''.join(traceback.format_exception(*info)))
            return ContinueLogin(user_obj)

# vim: set sw=4 expandtab sts=4:vim