From bbbe4c5561063b61a8fba571cb1b0d5d25b62d14 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Schneider?= <jschneider@entrouvert.com>
Date: Fri, 5 Dec 2014 20:53:59 +0100
Subject: [PATCH] authform: change the way to set replay_condition

---
 mandaye/auth/authform.py | 32 ++++++++++++++++++++------------
 1 file changed, 20 insertions(+), 12 deletions(-)

diff --git a/mandaye/auth/authform.py b/mandaye/auth/authform.py
index 7a1e05f..642acb3 100644
--- a/mandaye/auth/authform.py
+++ b/mandaye/auth/authform.py
@@ -1,27 +1,23 @@
 """
 Dispatcher for basic auth form authentifications
 """
-import Cookie
 import base64
+import json
 import copy
 import re
 import os
 import traceback
 import urllib
 
-import mandaye
-
 from cookielib import CookieJar
-from datetime import datetime
 from lxml.html import fromstring
 from urlparse import parse_qs
 
 from mandaye import config, __version__
 from mandaye.exceptions import MandayeException
 from mandaye.log import logger
-from mandaye.http import HTTPResponse, HTTPHeader, HTTPRequest
-from mandaye.response import _500, _302, _401
-from mandaye.response import template_response
+from mandaye.http import HTTPHeader, HTTPRequest
+from mandaye.response import _500, _302, _401, json_response, json_error
 from mandaye.server import get_response
 
 from mandaye.backends.default import Association
@@ -42,6 +38,11 @@ class AuthForm(object):
         self.urls = mapper.urls
         self.site_name = self.env["mandaye.config"]["site_name"]
         self.form_values = mapper.form_values
+        if hasattr(mapper, 'replay_condition'):
+            self.replay_condition = mapper.replay_condition
+        else:
+            self.replay_condition = None
+            logger.warning('DEPRECATED: you must add replay_condition attribute in you mapper')
         if not self.form_values.has_key('form_headers'):
             self.form_values['form_headers'] = {
                     'Content-Type': 'application/x-www-form-urlencoded',
@@ -135,6 +136,13 @@ a password_field key if you want to encode a password.")
             return env['beaker.session']['unique_id']
         return None
 
+    def verify_replay(self, response, values):
+        if self.replay_condition:
+            return self.replay_condition(self.env, response)
+        else:
+            # XXX: to be removed test for compability only
+            return eval(values['condition'])
+
     def replay(self, env, post_values):
         """ replay the login / password
         env: WSGI env with beaker session and the target
@@ -245,7 +253,7 @@ a password_field key if you want to encode a password.")
                     return _302(self.urls.get('associate_url') + "?%s" % urllib.urlencode(qs))
                 post_values[field] = post[field][0]
             response = self.replay(env, post_values)
-            if eval(values['condition']):
+            if self.verify_replay(response, values):
                 logger.debug("Replay works: save the association")
                 self._save_association(env, unique_id, post_values)
                 if qs.has_key('next_url'):
@@ -255,7 +263,7 @@ a password_field key if you want to encode a password.")
             qs['type'] = 'badlogin'
             return _302(self.urls.get('associate_url') + "?%s" % urllib.urlencode(qs))
 
-    def _login_sp_user(self, association, env, condition, values):
+    def _login_sp_user(self, association, env, values):
         """ Log in sp user
         """
         if not association['sp_login']:
@@ -267,7 +275,7 @@ a password_field key if you want to encode a password.")
             post_values[self.form_values['password_field']] = password
         response = self.replay(env, post_values)
         qs = parse_qs(env['QUERY_STRING'])
-        if condition and eval(condition):
+        if self.verify_replay(response, values):
             Association.update_last_connection(association['id'])
             env['beaker.session']['old_association_id'] = None
             env['beaker.session'][self.site_name] = association['id']
@@ -308,7 +316,7 @@ a password_field key if you want to encode a password.")
         if not association:
             logger.debug('User %s is not associate' % env['beaker.session']['unique_id'])
             return _302(self.urls.get('associate_url') + "?type=first")
-        return self._login_sp_user(association, env, values['condition'], values)
+        return self._login_sp_user(association, env, values)
 
     def logout(self, env, values, request, response):
         """ Destroy the Beaker session
@@ -376,7 +384,7 @@ a password_field key if you want to encode a password.")
             association = Association.get_last_connected(self.site_name, unique_id)
         if not association:
             return _302(self.urls.get('associate_url'))
-        return self._login_sp_user(association, env, 'response.code==302', values)
+        return self._login_sp_user(association, env, values)
 
     def disassociate(self, env, values, request, response):
         """ Disassociate an account with the Mandaye account