backend for authenticating amo users by email and password

2010-01-12 17:26:20 -08:00 · 2010-01-12 17:26:20 -08:00 · 02c4eee8fa
--- a/apps/cake/backends.py
+++ b/apps/cake/backends.py
@ -31,18 +31,7 @@ class SessionBackend:
            return None

        if profile.user is None:
-            # reusing the id will make our life easier, because we can use the
-            # OneToOneField as pk for Profile linked back to the auth.user
-            # in the future
-            profile.user = User(id=profile.pk)
-            profile.user.first_name  = profile.firstname
-            profile.user.last_name   = profile.lastname
-            profile.user.username    = profile.nickname
-            profile.user.email       = profile.email
-            profile.user.password    = profile.password
-            profile.user.date_joined = profile.created
-            profile.user.save()
-            profile.save()
+            profile.create_django_user()

        return profile.user

--- a/apps/users/backends.py
+++ b/apps/users/backends.py
@ -0,0 +1,23 @@
+from django.contrib.auth.models import User
+
+import access
+from .models import UserProfile
+
+
+class AmoUserBackend(object):
+
+    def authenticate(self, username=None, password=None):
+        try:
+            profile = UserProfile.objects.get(email=username)
+            if profile.check_password(password):
+                if profile.user is None:
+                    profile.create_django_user()
+                return profile.user
+        except UserProfile.DoesNotExist:
+            return None
+
+    def get_user(self, user_id):
+        try:
+            return User.objects.get(pk=user_id)
+        except User.DoesNotExist:
+            return None
--- a/apps/users/fixtures/users/test_backends.json
+++ b/apps/users/fixtures/users/test_backends.json
@ -0,0 +1,82 @@
+[
+    {
+        "pk": 4043307,
+        "model": "auth.user",
+        "fields": {
+            "username": "jbalogh",
+            "first_name": "Jeff",
+            "last_name": "Balogh",
+            "is_active": true,
+            "is_superuser": false,
+            "is_staff": false,
+            "last_login": "2010-01-12 15:28:07",
+            "groups": [],
+            "user_permissions": [],
+            "password": "sha512$32e15df727a054aa56cf69accc142d1573372641a176aab9b0f1458e27dc6f3b$5bd3bd7811569776a07fbbb5e50156aa6ebdd0bec9267249b57da065340f0324190f1ad0d5f609dca19179a86c64807e22f789d118e6f7109c95b9c64ae8f619",
+            "email": "jbalogh@mozilla.com",
+            "date_joined": "2009-02-02 11:50:31"
+        }
+    },
+    {
+        "pk": 4043307,
+        "model": "users.userprofile",
+        "fields": {
+            "sandboxshown": 1,
+            "display_collections_fav": 1,
+            "display_collections": 1,
+            "occupation": "",
+            "confirmationcode": "",
+            "location": "",
+            "picture_type": "",
+            "averagerating": "",
+            "homepage": "http://jeffbalogh.org",
+            "email": "jbalogh@mozilla.com",
+            "notifycompat": 1,
+            "bio": null,
+            "firstname": "Jeff",
+            "deleted": 0,
+            "lastname": "Balogh",
+            "emailhidden": 0,
+            "user": 4043307,
+            "password": "sha512$32e15df727a054aa56cf69accc142d1573372641a176aab9b0f1458e27dc6f3b$5bd3bd7811569776a07fbbb5e50156aa6ebdd0bec9267249b57da065340f0324190f1ad0d5f609dca19179a86c64807e22f789d118e6f7109c95b9c64ae8f619",
+            "nickname": "jbalogh",
+            "resetcode_expires": "2010-01-12 15:28:07",
+            "resetcode": "",
+            "created": "2009-02-02 11:50:31",
+            "notes": "",
+            "modified": "2010-01-12 15:28:07",
+            "notifyevents": 1
+        }
+    },
+    {
+        "pk": 9945,
+        "model": "users.userprofile",
+        "fields": {
+            "sandboxshown": 1,
+            "display_collections_fav": 1,
+            "display_collections": 1,
+            "occupation": "Add-ons Product Management @ Mozilla",
+            "confirmationcode": "",
+            "location": "San Francisco Bay Area",
+            "picture_type": "image/jpeg",
+            "averagerating": "3.73",
+            "homepage": "http://www.fligtar.com",
+            "email": "fligtar@gmail.com",
+            "notifycompat": 1,
+            "bio": null,
+            "firstname": "Justin",
+            "deleted": 0,
+            "lastname": "Scott",
+            "emailhidden": 1,
+            "user": null,
+            "password": "sha512$32e15df727a054aa56cf69accc142d1573372641a176aab9b0f1458e27dc6f3b$5bd3bd7811569776a07fbbb5e50156aa6ebdd0bec9267249b57da065340f0324190f1ad0d5f609dca19179a86c64807e22f789d118e6f7109c95b9c64ae8f619",
+            "nickname": "Justin Scott (fligtar)",
+            "resetcode_expires": "2010-01-12 15:28:07",
+            "resetcode": "",
+            "created": "2007-03-05 13:09:37",
+            "notes": "",
+            "modified": "2009-09-24 20:11:30",
+            "notifyevents": 1
+        }
+    }
+]
--- a/apps/users/models.py
+++ b/apps/users/models.py
@ -101,3 +101,23 @@ class UserProfile(amo.ModelBase):

    def set_password(self, raw_password, algorithm='sha512'):
        self.password = create_password(algorithm, raw_password)
+
+    def create_django_user(self):
+        """Make a django.contrib.auth.User for this UserProfile."""
+        # Reusing the id will make our life easier, because we can use the
+        # OneToOneField as pk for Profile linked back to the auth.user
+        # in the future.
+        self.user = User(id=self.pk)
+        self.user.first_name = self.firstname
+        self.user.last_name = self.lastname
+        self.user.username = self.nickname
+        self.user.email = self.email
+        self.user.password = self.password
+        self.user.date_joined = self.created
+
+        if self.group_set.filter(rules='*:*').count():
+            self.user.is_superuser = self.user.is_staff = True
+
+        self.user.save()
+        self.save()
+        return self.user
--- a/apps/users/tests/test_backends.py
+++ b/apps/users/tests/test_backends.py
@ -0,0 +1,36 @@
+from django import test
+from django.contrib.auth import authenticate
+
+from caching import cache
+from users.models import UserProfile
+
+
+class TestAmoUserBackend(test.TestCase):
+    fixtures = ['users/test_backends']
+
+    def setUp(self):
+        cache.clear()
+
+    tearDown = setUp
+
+    def test_success_without_user(self):
+        """Make sure a contrib.auth.User gets created when we log in."""
+        u = UserProfile.objects.get(email='fligtar@gmail.com')
+        assert u.user is None
+        assert authenticate(username='fligtar@gmail.com', password='foo')
+        u = UserProfile.objects.get(email='fligtar@gmail.com')
+        assert u.user is not None
+        assert u.user.email == 'fligtar@gmail.com'
+
+    def test_success_with_user(self):
+        assert authenticate(username='jbalogh@mozilla.com', password='foo')
+
+    def test_failure_without_user(self):
+        """Make sure a user isn't created on a failed password."""
+        u = UserProfile.objects.get(email='fligtar@gmail.com')
+        assert u.user is None
+        assert not authenticate(username='fligtar@gmail.com', password='bar')
+        assert u.user is None
+
+    def test_failure_with_user(self):
+        assert not authenticate(username='jbalogh@mozilla.com', password='x')
--- a/settings.py
+++ b/settings.py
@ -92,7 +92,10 @@ MIDDLEWARE_CLASSES = (
    'access.middleware.ACLMiddleware',
 )

-AUTHENTICATION_BACKENDS = ('cake.backends.SessionBackend',)
+AUTHENTICATION_BACKENDS = (
+    'users.backends.AmoUserBackend',
+    'cake.backends.SessionBackend',
+)

 TEMPLATE_CONTEXT_PROCESSORS = (
    'django.core.context_processors.auth',