Commits

Chris Beaven committed a7c62c6

Change the decorator to a callable decorator (so the default settings can be overridden for an individual decorator)

  • Participants
  • Parent commits 79f9d82

Comments (0)

Files changed (5)

 - Allow multiple passwords (the passwords setting has changed from
   ``LOCKDOWN_PASSWORD`` to ``LOCKDOWN_PASSWORDS``
 
+- Decorator changed to a callable decorator (so settings can be overridden for
+  an individual decorator).
+
+
 0.1.1 (2009.11.24)
 ------------------
 

File lockdown/decorators.py

-from django.utils.decorators import decorator_from_middleware
+from django.utils.decorators import decorator_from_middleware_with_args
 
 from lockdown.middleware import LockdownMiddleware
 
-lockdown = decorator_from_middleware(LockdownMiddleware)
+lockdown = decorator_from_middleware_with_args(LockdownMiddleware)

File lockdown/forms.py

 class LockdownForm(BaseLockdownForm):
     password = forms.CharField(widget=forms.PasswordInput(render_value=False))
 
+    def __init__(self, passwords=None, *args, **kwargs):
+        super(LockdownForm, self).__init__(*args, **kwargs)
+        if passwords is None:
+            passwords = settings.PASSWORDS
+        self.valid_passwords = passwords
+
     def clean_password(self):
         """
-        Check that the password appears the LOCKDOWN_PASSWORDS setting.
+        Check that the password is valid.
         
         """
         value = self.cleaned_data.get('password')
-        if not value in settings.PASSWORDS:
+        if not value in self.valid_passwords:
             raise forms.ValidationError('Incorrect password.')
         return value
 
 
     def authenticate(self, token_value):
         """
-        Check that the password is still in the LOCKDOWN_PASSWORDS setting.
+        Check that the password is valid.
         
         This allows for revoking of a user's preview rights by changing the
-        passwords.
+        valid passwords.
         
         """
-        return token_value in settings.PASSWORDS
+        return token_value in self.valid_passwords
 
     def show_form(self):
         """
-        Show the form if there are any passwords in the LOCKDOWN_PASSWORDS
-        setting.
+        Show the form if there are any valid passwords.
          
         """
-        return bool(settings.PASSWORDS)
+        return bool(self.valid_passwords)

File lockdown/middleware.py

 from lockdown import settings
 
 
-# An extra layer of indirection here so the tests can force this to be
-# recalculated.
-def _compile_url_exceptions():
-    return [re.compile(p) for p in settings.URL_EXCEPTIONS]
+def compile_url_exceptions(url_exceptions):
+    return [re.compile(p) for p in url_exceptions]
 
-_url_exceptions = _compile_url_exceptions()
+_default_url_exceptions = compile_url_exceptions(settings.URL_EXCEPTIONS)
 
 
 def get_lockdown_form(form_path):
                                    % (module, attr))
     return form
 
-_lockdown_form = get_lockdown_form(settings.FORM)
+_default_form = get_lockdown_form(settings.FORM)
 
 
 class LockdownMiddleware(object):
+    def __init__(self, form=None, session_key=None, url_exceptions=None,
+                 **form_kwargs):
+        if form is None:
+            form = _default_form
+        if session_key is None:
+            session_key = settings.SESSION_KEY
+        if url_exceptions is None:
+            url_exceptions = _default_url_exceptions
+        self.form = form
+        self.form_kwargs = form_kwargs
+        self.session_key = session_key
+        self.url_exceptions = url_exceptions
+
     def process_request(self, request):
         try:
             session = request.session
                                        'sessions framework')
 
         # Don't lock down if the URL matches an exception pattern.
-        for pattern in _url_exceptions:
+        for pattern in self.url_exceptions:
             if pattern.search(request.path):
                 return None
 
         form_data = request.method == 'POST' and request.POST or None
-        form = _lockdown_form(data=form_data)
+        form = self.form(data=form_data, **self.form_kwargs)
 
         # Don't lock down if the user is already authorized for previewing.
-        token = session.get(settings.SESSION_KEY)
+        token = session.get(self.session_key)
         if hasattr(form, 'authenticate'):
             if self.form.authenticate(token):
                 return None
                 token = form.generate_token()
             else:
                 token = True
-            session[settings.SESSION_KEY] = token
+            session[self.session_key] = token
             return HttpResponseRedirect(request.path)
 
         page_data = {}

File tests/tests.py

         settings.PASSWORDS = 'letmein'
         self._old_form = settings.FORM
         settings.FORM = 'lockdown.forms.LockdownForm'
-        middleware._lockdown_form = middleware.get_lockdown_form(settings.FORM)
+        middleware._default_form = middleware.get_lockdown_form(settings.FORM)
         self.client = Client()
 
     def tearDown(self):
         settings.PASSWORDS = self._old_pw
         settings.FORM = self._old_form
-        middleware._lockdown_form = middleware.get_lockdown_form(settings.FORM)
+        middleware._default_form = middleware.get_lockdown_form(settings.FORM)
 
     def test_lockdown_template_used(self):
         response = self.client.get(self._url)
     def test_url_exceptions(self):
         _old_url_exceptions = settings.URL_EXCEPTIONS
         settings.URL_EXCEPTIONS = (r'/view/$',)
-        middleware._url_exceptions = middleware._compile_url_exceptions()
+        middleware._default_url_exceptions = \
+                middleware.compile_url_exceptions(settings.URL_EXCEPTIONS)
 
         response = self.client.get(self._url)
         self.assertContains(response, self._contents)
 
         settings.URL_EXCEPTIONS = _old_url_exceptions
-        middleware._url_exceptions = middleware._compile_url_exceptions()
+        middleware._default_url_exceptions = \
+                middleware.compile_url_exceptions(settings.URL_EXCEPTIONS)
         
     def test_submit_password(self):
         response = self.client.post(self._url, {'password': 'letmein'},
     def test_custom_form(self):
         _old_form = settings.FORM
         settings.FORM = 'tests.forms.CustomLockdownForm'
-        middleware._lockdown_form = middleware.get_lockdown_form(settings.FORM)
+        middleware._default_form = middleware.get_lockdown_form(settings.FORM)
         
         response = self.client.post(self._url, {'answer': '42'},
                                     follow=True)
         self.assertContains(response, self._contents)
                                     
         settings.FORM = _old_form
-        middleware._lockdown_form = middleware.get_lockdown_form(settings.FORM)
+        middleware._default_form = middleware.get_lockdown_form(settings.FORM)
     
 
 class MiddlewareTests(DecoratorTests):