Commits

Chris Beaven committed b3c8dc6

Added AuthForm, which can be used to allow previewing from authenticated django.contrib.auth users.

Comments (0)

Files changed (2)

 ----------------
 
 - Allow multiple passwords (the passwords setting has changed from
-  ``LOCKDOWN_PASSWORD`` to ``LOCKDOWN_PASSWORDS``
+  ``LOCKDOWN_PASSWORD`` to ``LOCKDOWN_PASSWORDS``.
 
 - Decorator changed to a callable decorator (so settings can be overridden for
   an individual decorator).
 
+- Add ``AuthForm`` which can be used to allow previewing from authenticated
+  users (via ``django.contrib.auth``).
 
 0.1.1 (2009.11.24)
 ------------------

lockdown/forms.py

 from django import forms
+from django.contrib import auth
+from django.contrib.auth.forms import AuthenticationForm
 
 from lockdown import settings
 
 
-class BaseLockdownForm(forms.Form):
+class BasePreviewForm(forms.Form):
     def generate_token(self):
         """
         Generate a token which can be used to authenticate the user for future
         return True
 
 
-class LockdownForm(BaseLockdownForm):
+class LockdownForm(BasePreviewForm):
     password = forms.CharField(widget=forms.PasswordInput(render_value=False))
 
     def __init__(self, passwords=None, *args, **kwargs):
          
         """
         return bool(self.valid_passwords)
+
+
+class AuthForm(AuthenticationForm, BasePreviewForm):
+    def generate_token(self):
+        """
+        Save the password as the authentication token.
+        
+        It's acceptable to store the password raw, as it is stored server-side
+        in the user's session.
+        
+        """
+        user = self.get_user()
+        return '%s:%s' % (user.backend, user.pk)
+
+    def authenticate(self, token_value):
+        """
+        Check that the password is valid.
+        
+        This allows for revoking of a user's preview rights by changing the
+        valid passwords.
+        
+        """
+        try:
+            backend_path, user_id = token_value.split(':', 1)
+        except (ValueError, AttributeError):
+            return False
+        backend = auth.load_backend(backend_path)
+        return bool(backend.get_user(user_id))