|
- import functools
- import warnings
-
- from django.conf import settings
- # Avoid shadowing the login() and logout() views below.
- from django.contrib.auth import (
- REDIRECT_FIELD_NAME, get_user_model, login as auth_login,
- logout as auth_logout, update_session_auth_hash,
- )
- from django.contrib.auth.decorators import login_required
- from django.contrib.auth.forms import (
- AuthenticationForm, PasswordChangeForm, PasswordResetForm, SetPasswordForm,
- )
- from django.contrib.auth.tokens import default_token_generator
- from django.contrib.sites.shortcuts import get_current_site
- from django.core.urlresolvers import reverse
- from django.http import HttpResponseRedirect, QueryDict
- from django.shortcuts import resolve_url
- from django.template.response import TemplateResponse
- from django.utils.deprecation import (
- RemovedInDjango20Warning, RemovedInDjango110Warning,
- )
- from django.utils.encoding import force_text
- from django.utils.http import is_safe_url, urlsafe_base64_decode
- from django.utils.six.moves.urllib.parse import urlparse, urlunparse
- from django.utils.translation import ugettext as _
- from django.views.decorators.cache import never_cache
- from django.views.decorators.csrf import csrf_protect
- from django.views.decorators.debug import sensitive_post_parameters
-
-
- def deprecate_current_app(func):
- """
- Handle deprecation of the current_app parameter of the views.
- """
- @functools.wraps(func)
- def inner(*args, **kwargs):
- if 'current_app' in kwargs:
- warnings.warn(
- "Passing `current_app` as a keyword argument is deprecated. "
- "Instead the caller of `{0}` should set "
- "`request.current_app`.".format(func.__name__),
- RemovedInDjango20Warning
- )
- current_app = kwargs.pop('current_app')
- request = kwargs.get('request', None)
- if request and current_app is not None:
- request.current_app = current_app
- return func(*args, **kwargs)
- return inner
-
-
- @deprecate_current_app
- @sensitive_post_parameters()
- @csrf_protect
- @never_cache
- def login(request, template_name='registration/login.html',
- redirect_field_name=REDIRECT_FIELD_NAME,
- authentication_form=AuthenticationForm,
- extra_context=None):
- """
- Displays the login form and handles the login action.
- """
- redirect_to = request.POST.get(redirect_field_name,
- request.GET.get(redirect_field_name, ''))
-
- if request.method == "POST":
- form = authentication_form(request, data=request.POST)
- if form.is_valid():
-
- # Ensure the user-originating redirection url is safe.
- if not is_safe_url(url=redirect_to, host=request.get_host()):
- redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
-
- # Okay, security check complete. Log the user in.
- auth_login(request, form.get_user())
-
- return HttpResponseRedirect(redirect_to)
- else:
- form = authentication_form(request)
-
- current_site = get_current_site(request)
-
- context = {
- 'form': form,
- redirect_field_name: redirect_to,
- 'site': current_site,
- 'site_name': current_site.name,
- }
- if extra_context is not None:
- context.update(extra_context)
-
- return TemplateResponse(request, template_name, context)
-
-
- @deprecate_current_app
- def logout(request, next_page=None,
- template_name='registration/logged_out.html',
- redirect_field_name=REDIRECT_FIELD_NAME,
- extra_context=None):
- """
- Logs out the user and displays 'You are logged out' message.
- """
- auth_logout(request)
-
- if next_page is not None:
- next_page = resolve_url(next_page)
-
- if (redirect_field_name in request.POST or
- redirect_field_name in request.GET):
- next_page = request.POST.get(redirect_field_name,
- request.GET.get(redirect_field_name))
- # Security check -- don't allow redirection to a different host.
- if not is_safe_url(url=next_page, host=request.get_host()):
- next_page = request.path
-
- if next_page:
- # Redirect to this page until the session has been cleared.
- return HttpResponseRedirect(next_page)
-
- current_site = get_current_site(request)
- context = {
- 'site': current_site,
- 'site_name': current_site.name,
- 'title': _('Logged out')
- }
- if extra_context is not None:
- context.update(extra_context)
-
- return TemplateResponse(request, template_name, context)
-
-
- @deprecate_current_app
- def logout_then_login(request, login_url=None, extra_context=None):
- """
- Logs out the user if they are logged in. Then redirects to the log-in page.
- """
- if not login_url:
- login_url = settings.LOGIN_URL
- login_url = resolve_url(login_url)
- return logout(request, login_url, extra_context=extra_context)
-
-
- def redirect_to_login(next, login_url=None,
- redirect_field_name=REDIRECT_FIELD_NAME):
- """
- Redirects the user to the login page, passing the given 'next' page
- """
- resolved_url = resolve_url(login_url or settings.LOGIN_URL)
-
- login_url_parts = list(urlparse(resolved_url))
- if redirect_field_name:
- querystring = QueryDict(login_url_parts[4], mutable=True)
- querystring[redirect_field_name] = next
- login_url_parts[4] = querystring.urlencode(safe='/')
-
- return HttpResponseRedirect(urlunparse(login_url_parts))
-
-
- # 4 views for password reset:
- # - password_reset sends the mail
- # - password_reset_done shows a success message for the above
- # - password_reset_confirm checks the link the user clicked and
- # prompts for a new password
- # - password_reset_complete shows a success message for the above
-
- @deprecate_current_app
- @csrf_protect
- def password_reset(request, is_admin_site=False,
- template_name='registration/password_reset_form.html',
- email_template_name='registration/password_reset_email.html',
- subject_template_name='registration/password_reset_subject.txt',
- password_reset_form=PasswordResetForm,
- token_generator=default_token_generator,
- post_reset_redirect=None,
- from_email=None,
- extra_context=None,
- html_email_template_name=None,
- extra_email_context=None):
- if post_reset_redirect is None:
- post_reset_redirect = reverse('password_reset_done')
- else:
- post_reset_redirect = resolve_url(post_reset_redirect)
- if request.method == "POST":
- form = password_reset_form(request.POST)
- if form.is_valid():
- opts = {
- 'use_https': request.is_secure(),
- 'token_generator': token_generator,
- 'from_email': from_email,
- 'email_template_name': email_template_name,
- 'subject_template_name': subject_template_name,
- 'request': request,
- 'html_email_template_name': html_email_template_name,
- 'extra_email_context': extra_email_context,
- }
- if is_admin_site:
- warnings.warn(
- "The is_admin_site argument to "
- "django.contrib.auth.views.password_reset() is deprecated "
- "and will be removed in Django 1.10.",
- RemovedInDjango110Warning, 3
- )
- opts = dict(opts, domain_override=request.get_host())
- form.save(**opts)
- return HttpResponseRedirect(post_reset_redirect)
- else:
- form = password_reset_form()
- context = {
- 'form': form,
- 'title': _('Password reset'),
- }
- if extra_context is not None:
- context.update(extra_context)
-
- return TemplateResponse(request, template_name, context)
-
-
- @deprecate_current_app
- def password_reset_done(request,
- template_name='registration/password_reset_done.html',
- extra_context=None):
- context = {
- 'title': _('Password reset sent'),
- }
- if extra_context is not None:
- context.update(extra_context)
-
- return TemplateResponse(request, template_name, context)
-
-
- # Doesn't need csrf_protect since no-one can guess the URL
- @sensitive_post_parameters()
- @never_cache
- @deprecate_current_app
- def password_reset_confirm(request, uidb64=None, token=None,
- template_name='registration/password_reset_confirm.html',
- token_generator=default_token_generator,
- set_password_form=SetPasswordForm,
- post_reset_redirect=None,
- extra_context=None):
- """
- View that checks the hash in a password reset link and presents a
- form for entering a new password.
- """
- UserModel = get_user_model()
- assert uidb64 is not None and token is not None # checked by URLconf
- if post_reset_redirect is None:
- post_reset_redirect = reverse('password_reset_complete')
- else:
- post_reset_redirect = resolve_url(post_reset_redirect)
- try:
- # urlsafe_base64_decode() decodes to bytestring on Python 3
- uid = force_text(urlsafe_base64_decode(uidb64))
- user = UserModel._default_manager.get(pk=uid)
- except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
- user = None
-
- if user is not None and token_generator.check_token(user, token):
- validlink = True
- title = _('Enter new password')
- if request.method == 'POST':
- form = set_password_form(user, request.POST)
- if form.is_valid():
- form.save()
- return HttpResponseRedirect(post_reset_redirect)
- else:
- form = set_password_form(user)
- else:
- validlink = False
- form = None
- title = _('Password reset unsuccessful')
- context = {
- 'form': form,
- 'title': title,
- 'validlink': validlink,
- }
- if extra_context is not None:
- context.update(extra_context)
-
- return TemplateResponse(request, template_name, context)
-
-
- @deprecate_current_app
- def password_reset_complete(request,
- template_name='registration/password_reset_complete.html',
- extra_context=None):
- context = {
- 'login_url': resolve_url(settings.LOGIN_URL),
- 'title': _('Password reset complete'),
- }
- if extra_context is not None:
- context.update(extra_context)
-
- return TemplateResponse(request, template_name, context)
-
-
- @sensitive_post_parameters()
- @csrf_protect
- @login_required
- @deprecate_current_app
- def password_change(request,
- template_name='registration/password_change_form.html',
- post_change_redirect=None,
- password_change_form=PasswordChangeForm,
- extra_context=None):
- if post_change_redirect is None:
- post_change_redirect = reverse('password_change_done')
- else:
- post_change_redirect = resolve_url(post_change_redirect)
- if request.method == "POST":
- form = password_change_form(user=request.user, data=request.POST)
- if form.is_valid():
- form.save()
- # Updating the password logs out all other sessions for the user
- # except the current one if
- # django.contrib.auth.middleware.SessionAuthenticationMiddleware
- # is enabled.
- update_session_auth_hash(request, form.user)
- return HttpResponseRedirect(post_change_redirect)
- else:
- form = password_change_form(user=request.user)
- context = {
- 'form': form,
- 'title': _('Password change'),
- }
- if extra_context is not None:
- context.update(extra_context)
-
- return TemplateResponse(request, template_name, context)
-
-
- @login_required
- @deprecate_current_app
- def password_change_done(request,
- template_name='registration/password_change_done.html',
- extra_context=None):
- context = {
- 'title': _('Password change successful'),
- }
- if extra_context is not None:
- context.update(extra_context)
-
- return TemplateResponse(request, template_name, context)
|
