def authenticate(self, username, password, cookie=False):
username = username.strip()
# If the user provides an email address when authenticating,
# it is checked against Review Board's email field in the User
# Model. If a match is found, the email will be translated into
# the username field before being passed into this method's
# 'username' argument.
#
# If a match is not found, 'username' will contain whatever was
# entered, which may be the Bugzilla login (email address) for a
# user who does not yet have an entry in the Review Board
# database.
if not cookie:
try:
username = User.objects.get(username=username).email
except User.DoesNotExist:
pass
# There is a *tiny* probability that this will not work, but only if
# user A changes their email address, then user B changes their email
# address to user A's old email, and Review Board doesn't pick up
# user A's change because they aren't currently involved in any
# Review Board reviews. In this case 'username' would have resolved
# to user A's address. There's no easy way to detect this without
# a search on Bugzilla before every log in, and I (mcote) don't think
# that's worth it for such an improbable event.
#
# This also applies to changes to the user's username, since it has
# to be unique (see get_or_create_bugzilla_users()).
try:
bugzilla = Bugzilla()
except BugzillaUrlError:
logging.warn('Login failure for user %s: Bugzilla URL not set.'
% username)
return None
try:
user_data = bugzilla.log_in(username, password, cookie)
except BugzillaError as e:
logging.error('Login failure for user %s: %s' % (username, e))
return None
if not user_data:
return None
users = get_or_create_bugzilla_users(user_data)
if not users:
logging.error('Login failure for user %s: failed to create user.'
% username)
return None
user = users[0]
if not user.is_active:
logging.error('Login failure for user %s: user is not active.'
% username)
return None
return user
def authenticate(self, username, password, cookie=False):
username = username.strip()
logger.info('Login attempt (password) for user %s: ' % username)
# If the user provides an email address when authenticating,
# it is checked against Review Board's email field in the User
# Model. If a match is found, the email will be translated into
# the username field before being passed into this method's
# 'username' argument.
#
# If a match is not found, 'username' will contain whatever was
# entered, which may be the Bugzilla login (email address) for a
# user who does not yet have an entry in the Review Board
# database.
if not cookie:
try:
username = User.objects.get(username=username).email
except User.DoesNotExist:
pass
# There is a *tiny* probability that this will not work, but only if
# user A changes their email address, then user B changes their email
# address to user A's old email, and Review Board doesn't pick up
# user A's change because they aren't currently involved in any
# Review Board reviews. In this case 'username' would have resolved
# to user A's address. There's no easy way to detect this without
# a search on Bugzilla before every log in, and I (mcote) don't think
# that's worth it for such an improbable event.
#
# This also applies to changes to the user's username, since it has
# to be unique (see get_or_create_bugzilla_users()).
try:
bugzilla = Bugzilla()
except BugzillaUrlError:
logger.warn('Login failure (password) for user %s: Bugzilla URL '
' not set.' % username)
return None
try:
user_data = bugzilla.log_in(username, password, cookie)
except BugzillaError as e:
logger.error('Login failure (password) for user %s: %s' %
(username, e))
return None
if not user_data:
return None
users = get_or_create_bugzilla_users(user_data)
if not users:
logger.error('Login failure (password) for user %s: failed to '
'create user.' % username)
return None
user = users[0]
if not user.is_active:
logger.error('Login failure (password) for user %s: user is not '
'active.' % username)
return None
logger.info('Login successful (password) for user %s: ' % username)
return user
