-# -*- coding: iso-8859-1 -*-
-"""
- MoinMoin - auth plugin doing a check against MySQL db
-
- @copyright: 2008 Matthijs Kooijman
- @license: GNU GPL, see COPYING for details.
-"""
-
-import MySQLdb
-import md5
-from MoinMoin import user
-from MoinMoin.auth import BaseAuth, ContinueLogin
-from MoinMoin import log
-logging = log.getLogger(__name__)
-
-class mysql_login(BaseAuth):
- logout_possible = True
- login_inputs = ['username', 'password']
-
- def __init__(self, name='mysql', dbhost=None, dbuser=None, dbpass=None, dbname=None, dbport=None, hint=None):
- """
- Authenticate using credentials from a mysql database
-
- The name parameter should be unique among all authentication methods.
-
- The hint parameter is a snippet of HTML that is displayed below the login form.
- """
- self.dbhost = dbhost
- self.dbuser = dbuser
- self.dbpass = dbpass
- self.dbname = dbname
- self.dbport = dbport
- self.name = name
- self.hint = hint
-
- def check_login(self, request, username, password):
- """ Checks the given username password combination. Returns the
- corresponding emailaddress, or False if authentication failed.
- """
- conn = self.connect(request)
-
- if not conn:
- return False
-
- # Get some data
- cursor = conn.cursor ()
- cursor.execute ("SELECT user_password,user_email FROM lex_users WHERE username=%s", username)
-
- # No data? No login.
- if (cursor.rowcount == 0):
- conn.close()
- return False
-
- # Check password
- row = cursor.fetchone()
- conn.close()
-
- if (md5.new(password).hexdigest() == row[0]):
- return row[1]
- else:
- return False
-
- def connect(self, request):
- # This code was shamelessly stolen from
- # django.db.backends.mysql.base.cursor
- kwargs = {
- 'charset': 'utf8',
- 'use_unicode': False,
- }
- if self.dbuser:
- kwargs['user'] = self.dbuser
- if self.dbname:
- kwargs['db'] = self.dbname
- if self.dbpass:
- kwargs['passwd'] = self.dbpass
- if self.dbhost.startswith('/'):
- kwargs['unix_socket'] = self.dbhost
- elif self.dbhost:
- kwargs['host'] = self.dbhost
- if self.dbport:
- kwargs['port'] = int(self.dbport)
-
- # End stolen code
-
- try:
- conn = MySQLdb.connect (**kwargs)
- except:
- import sys
- import traceback
- info = sys.exc_info()
- logging.error("mysql_login: authentication failed due to exception connecting to DB, traceback follows...")
- logging.error(''.join(traceback.format_exception(*info)))
- return False
-
- return conn
-
- def login(self, request, user_obj, **kw):
- try:
- username = kw.get('username')
- password = kw.get('password')
-
- logging.debug("mysql_login: Trying to log in, username=%r " % (username))
-
- # simply continue if something else already logged in
- # successfully
- if user_obj and user_obj.valid:
- return ContinueLogin(user_obj)
-
- # Deny empty username or passwords
- if not username or not password:
- return ContinueLogin(user_obj)
-
- email = self.check_login(request, username, password)
-
- # Login incorrect
- if (not email):
- logging.debug("mysql_login: authentication failed for %s" % (username))
- return ContinueLogin(user_obj)
-
- logging.debug("mysql_login: authenticated %s (email %s)" % (username, email))
-
- u = user.User(request, auth_username=username, auth_method=self.name, auth_attribs=('name', 'password', 'email'))
- u.email = email
- #u.remember_me = 0 # 0 enforces cookie_lifetime config param
- u.create_or_update(True)
-
- return ContinueLogin(u)
- except:
- import sys
- import traceback
- info = sys.exc_info()
- logging.error("mysql_login: authentication failed due to unexpected exception, traceback follows...")
- logging.error(''.join(traceback.format_exception(*info)))
- return ContinueLogin(user_obj)
-
- def login_hint(self, request):
- """ Return a snippet of HTML that is displayed with the login form. """
- return self.hint
-
-# vim: set sw=4 expandtab sts=4:vim