Skip to content

Commit

Permalink
[master][ckan#1799][controllers]: Fix for login/register behaviour wh…
Browse files Browse the repository at this point in the history 
…en already logged in.
  • Loading branch information
David Read committed Feb 23, 2012
1 parent 34c53f7 commit ea2d824
Show file tree
Hide file tree
Showing 3 changed files with 169 additions and 15 deletions.
29 changes: 19 additions & 10 deletions ckan/controllers/user.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,6 @@

log = logging.getLogger(__name__)

def login_form():
return render('user/login_form.html').replace('FORM_ACTION', '%s')

class UserController(BaseController):

def __before__(self, action, **env):
Expand Down Expand Up @@ -131,6 +128,10 @@ def new(self, data=None, errors=None, error_summary=None):

if context['save'] and not data:
return self._save_new(context)

if c.user and not data:
# #1799 Don't offer the registration form if already logged in
return render('user/logout_first.html')

data = data or {}
errors = errors or {}
Expand Down Expand Up @@ -162,11 +163,16 @@ def _save_new(self, context):
errors = e.error_dict
error_summary = e.error_summary
return self.new(data_dict, errors, error_summary)
# Redirect to a URL picked up by repoze.who which performs the login
h.redirect_to('/login_generic?login=%s&password=%s' % (
str(data_dict['name']),
quote(data_dict['password1'].encode('utf-8'))))

if not c.user:
# Redirect to a URL picked up by repoze.who which performs the login
h.redirect_to('/login_generic?login=%s&password=%s' % (
str(data_dict['name']),
quote(data_dict['password1'].encode('utf-8'))))
else:
# #1799 User has managed to register whilst logged in - warn user
# they are not re-logged in as new user.
h.flash_success(_('User "%s" is now registered but you are still logged in as "%s" from before') % (data_dict['name'], c.user))
return render('user/logout_first.html')

def edit(self, id=None, data=None, errors=None, error_summary=None):
context = {'model': model, 'session': model.Session,
Expand Down Expand Up @@ -245,8 +251,11 @@ def login(self):
# #1662 restriction
log.warn('Cannot mount CKAN at a URL and login with OpenID.')
g.openid_enabled = False

return render('user/login.html')

if not c.user:
return render('user/login.html')
else:
return render('user/logout_first.html')

def logged_in(self):
if c.user:
Expand Down
24 changes: 24 additions & 0 deletions ckan/templates/user/logout_first.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
<html xmlns:py="http://genshi.edgewall.org/"
xmlns:i18n="http://genshi.edgewall.org/i18n"
xmlns:xi="http://www.w3.org/2001/XInclude"
py:strip="">

<py:def function="page_title">Logged in - User</py:def>
<py:def function="page_heading">Logged into ${g.site_title}</py:def>

<div py:match="content">

<p>
${h.linked_user(c.user)} is currently logged in
</p>

<p>
To register or log in as another user, you need to
<a href="${h.url_for('/user/logout')}">logout</a>
first.
</p>

</div>

<xi:include href="layout.html" />
</html>
131 changes: 126 additions & 5 deletions ckan/tests/functional/test_user.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -232,12 +232,133 @@ def test_login_wrong_password(self):
assert 'Login failed. Bad username or password.' in res.body
assert 'Login:' in res.body

def test_relogin(self):
'''Login as user A and then (try to) login as user B (without
logout). #1799.'''
# create test users A & B
password = u'letmein'
CreateTestData.create_user(name=u'user_a',
password=password)
CreateTestData.create_user(name=u'user_b',
password=password)
userA = model.User.by_name(u'user_a')
userB = model.User.by_name(u'user_b')

# do the login
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = 'user_a'
fv['password'] = str(password)
res = fv.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)

# login as userB
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
assert not res.forms.has_key('login') # i.e. no login box is presented
assert 'To register or log in as another user' in res.body, res.body
assert 'logout' in res.body, res.body

# Test code left commented - shows the problem if you
# let people try to login whilst still logged in. #1799
## fv['login'] = 'user_b'
## fv['password'] = str(password)
## res = fv.submit()
## while res.status == 302:
## res = res.follow()
## assert_equal(res.status, 200)

## offset = url_for(controller='user', action='me')
## res = self.app.get(offset)
## assert_equal(res.status, 302)
## res = res.follow()
## assert 'user_b' in res

def test_try_to_register_whilst_logged_in(self):
'''Login as user A and then (try to) register user B (without
logout). #1799.'''
# create user A
password = u'letmein'
CreateTestData.create_user(name=u'user_a_',
password=password)
userA = model.User.by_name(u'user_a_')

# do the login
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = 'user_a_'
fv['password'] = str(password)
res = fv.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)

# -----------
# tests for top links present in every page
# TODO: test sign in results in:
# a) a username at top of page
# b) logout link
# try to register
offset = url_for(controller='user', action='register')
res = self.app.get(offset)
assert not res.forms.has_key('Password') # i.e. no registration form
assert 'To register or log in as another user' in res.body, res.body
assert 'logout' in res.body, res.body

def test_register_whilst_logged_in(self):
'''Start registration form as user B then in another window login
as user A, and then try and then submit form for user B. #1799.'''
# create user A
password = u'letmein'
CreateTestData.create_user(name=u'user_a__',
password=password)
userA = model.User.by_name(u'user_a__')
# make him a sysadmin, to ensure he is allowed to create a user
model.add_user_to_role(userA, model.Role.ADMIN, model.System())
model.repo.commit_and_remove()
userA = model.User.by_name(u'user_a__')

# start to register user B
offset = url_for(controller='user', action='register')
res = self.app.get(offset)
fvA = res.forms['user-edit']
fvA['name'] = 'user_b_'
fvA['fullname'] = 'User B'
fvA['email'] = '[email protected]'
fvA['password1'] = password
fvA['password2'] = password

# login user A
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fvB = res.forms['login']
fvB['login'] = 'user_a__'
fvB['password'] = str(password)
res = fvB.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)

# finish registration of user B
res = fvA.submit('save')
assert_equal(res.status, 200)
assert 'user_a__</a> is currently logged in' in res.body, res.body
assert 'User "user_b_" is now registered but you are still logged in as "user_a__" from before'.replace('"', '&#34;') in res.body, res.body
assert 'logout' in res.body, res.body

# logout and login as user B
res = self.app.get('/user/logout')
res2 = res.follow()
assert 'You have logged out successfully.' in res2, res2
offset = url_for(controller='user', action='login')
res = self.app.get(offset)
fv = res.forms['login']
fv['login'] = 'user_b_'
fv['password'] = str(password)
res = fv.submit()
while res.status == 302:
res = res.follow()
assert_equal(res.status, 200)
assert 'User B is now logged in' in res.body, res.body

@search_related
def test_home_login(self):
Expand Down

0 comments on commit ea2d824

Please sign in to comment.