Ticket #17209: patch.diff

django/contrib/auth/tests/test_templates.py

@@ -43 +43 @@
         default_token_generator = PasswordResetTokenGenerator()
         token = default_token_generator.make_token(user)
         uidb64 = force_text(urlsafe_base64_encode(force_bytes(user.pk)))
-        response = password_reset_confirm(request, uidb64, token, post_reset_redirect='dummy/')
+        response = password_reset_confirm(request, uidb64=uidb64, token=token, post_reset_redirect='dummy/')
         self.assertContains(response, '<title>Enter new password</title>')
         self.assertContains(response, '<h1>Enter new password</h1>')
 

django/contrib/auth/views.py

@@ -5 +5 @@
 from django.utils.http import is_safe_url, urlsafe_base64_decode
 from django.utils.translation import ugettext as _
 from django.utils.six.moves.urllib.parse import urlparse, urlunparse
+from django.utils.decorators import method_decorator
 from django.shortcuts import resolve_url
+from django.views.generic import UpdateView
+from django.views.generic.base import View, TemplateView
+from django.views.generic.edit import FormView
 from django.views.decorators.debug import sensitive_post_parameters
 from django.views.decorators.cache import never_cache
 from django.views.decorators.csrf import csrf_protect
@@ -19 +23 @@
 from django.contrib.sites.shortcuts import get_current_site
 
 
-@sensitive_post_parameters()
-@csrf_protect
-@never_cache
-def login(request, template_name='registration/login.html',
-          redirect_field_name=REDIRECT_FIELD_NAME,
-          authentication_form=AuthenticationForm,
-          current_app=None, extra_context=None):
+class Login(FormView):
+    redirect_field_name = REDIRECT_FIELD_NAME
+    template_name = 'registration/login.html'
+    form_class = AuthenticationForm
+    current_app = None
+    extra_context = None
     """
     Displays the login form and handles the login action.
     """
-    redirect_to = request.POST.get(redirect_field_name,
-                                   request.GET.get(redirect_field_name, ''))
-
-    if request.method == "POST":
-        form = authentication_form(request, data=request.POST)
-        if form.is_valid():
-
-            # Ensure the user-originating redirection url is safe.
-            if not is_safe_url(url=redirect_to, host=request.get_host()):
-                redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
+    @method_decorator(sensitive_post_parameters())
+    @method_decorator(csrf_protect)
+    @method_decorator(never_cache)
+    def dispatch(self, request, *args, **kwargs):
+        return super(Login, self).dispatch(request, *args, **kwargs)
 
+    def form_valid(self, form):
             # Okay, security check complete. Log the user in.
-            auth_login(request, form.get_user())
-
-            return HttpResponseRedirect(redirect_to)
-    else:
-        form = authentication_form(request)
-
-    current_site = get_current_site(request)
-
-    context = {
-        'form': form,
-        redirect_field_name: redirect_to,
-        'site': current_site,
-        'site_name': current_site.name,
-    }
-    if extra_context is not None:
-        context.update(extra_context)
-    return TemplateResponse(request, template_name, context,
-                            current_app=current_app)
-
-
-def logout(request, next_page=None,
-           template_name='registration/logged_out.html',
-           redirect_field_name=REDIRECT_FIELD_NAME,
-           current_app=None, extra_context=None):
+            auth_login(self.request, form.get_user())
+            return HttpResponseRedirect(self.get_success_url())
+
+    def get_success_url(self):
+        redirect_to = self.request.POST.get(self.redirect_field_name,
+                                   self.request.GET.get(self.redirect_field_name, ''))
+        # Ensure the user-originating redirection url is safe.
+        if not is_safe_url(url=redirect_to, host=self.request.get_host()):
+            redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
+        return redirect_to
+
+    def get_context_data(self, **kwargs):
+        context = super(Login, self).get_context_data(**kwargs)
+        current_site = get_current_site(self.request)
+        context.update({
+            'redirect_field_name': self.get_success_url(),
+            'site': current_site,
+            'site_name': current_site.name,
+            'current_app': self.current_app,
+        })
+        if self.extra_context is not None:
+            context.update(self.extra_context)
+        return context
+
+def login(request, *args, **kwargs):
+    return Login.as_view(**kwargs)(request, *args, **kwargs)
+
+class Logout(TemplateView):
+    next_page = None
+    redirect_field_name = REDIRECT_FIELD_NAME
+    template_name = 'registration/logged_out.html'
+    current_app = None
+    extra_context = None
+
     """
     Logs out the user and displays 'You are logged out' message.
     """
-    auth_logout(request)
-
-    if next_page is not None:
-        next_page = resolve_url(next_page)
-
-    if (redirect_field_name in request.POST or
-            redirect_field_name in request.GET):
-        next_page = request.POST.get(redirect_field_name,
-                                     request.GET.get(redirect_field_name))
-        # Security check -- don't allow redirection to a different host.
-        if not is_safe_url(url=next_page, host=request.get_host()):
-            next_page = request.path
-
-    if next_page:
+    def get(self, *args, **kwargs):
+        auth_logout(self.request)
+        response_kwargs = {
+            'redirect_to': self.get_success_url(),
+        }
+        if self.next_page:
+            return HttpResponseRedirect(response_kwargs['redirect_to'])
+        return super(Logout, self).get(*args, **kwargs)
+
+    def post(self, *args, **kwargs):
+        auth_logout(self.request)
         # Redirect to this page until the session has been cleared.
-        return HttpResponseRedirect(next_page)
-
-    current_site = get_current_site(request)
-    context = {
-        'site': current_site,
-        'site_name': current_site.name,
-        'title': _('Logged out')
-    }
-    if extra_context is not None:
-        context.update(extra_context)
-    return TemplateResponse(request, template_name, context,
-        current_app=current_app)
-
-
-def logout_then_login(request, login_url=None, current_app=None, extra_context=None):
+        return HttpResponseRedirect(self.get_success_url())
+
+    def get_success_url(self):
+        if self.next_page is not None:
+            self.next_page = resolve_url(self.next_page)
+
+        if (self.redirect_field_name in self.request.POST or
+                self.redirect_field_name in self.request.GET):
+            self.next_page = self.request.POST.get(self.redirect_field_name,
+                                         self.request.GET.get(self.redirect_field_name))
+            # Security check -- don't allow redirection to a different host.
+            if not is_safe_url(url=self.next_page, host=self.request.get_host()):
+                self.next_page = self.request.path
+        return self.next_page
+
+    def get_context_data(self, **kwargs):
+        context = super(Logout, self).get_context_data(**kwargs)
+        current_site = get_current_site(self.request)
+        context.update({
+            'site': current_site,
+            'site_name': current_site.name,
+            'title': _('Logged out'),
+            'current_app': self.current_app,
+        })
+        if self.extra_context is not None:
+            context.update(self.extra_context)
+        return context
+
+
+def logout(request, *args, **kwargs):
+    return Logout.as_view(**kwargs)(request, *args, **kwargs)
+
+class Logout_Then_Login(View):
+    login_url = None
+    current_app = None
+    extra_context = None
     """
     Logs out the user if they are logged in. Then redirects to the log-in page.
     """
-    if not login_url:
-        login_url = settings.LOGIN_URL
-    login_url = resolve_url(login_url)
-    return logout(request, login_url, current_app=current_app, extra_context=extra_context)
+    def get(self, *args, **kwargs):
+        return logout(self.request, next_page=self.get_success_url(),
+            current_app=self.current_app, extra_context=self.extra_context)
+
+    def get_success_url(self):
+        if not self.login_url:
+            self.login_url = settings.LOGIN_URL
+        login_url = resolve_url(self.login_url)
+        return login_url
+
+def logout_then_login(request, *args, **kwargs):
+    return Logout_Then_Login.as_view(**kwargs)(request, *args, **kwargs)
 
 
 def redirect_to_login(next, login_url=None,
@@ -130 +165 @@
 #   prompts for a new password
 # - password_reset_complete shows a success message for the above
 
-@csrf_protect
-def password_reset(request, is_admin_site=False,
-                   template_name='registration/password_reset_form.html',
-                   email_template_name='registration/password_reset_email.html',
-                   subject_template_name='registration/password_reset_subject.txt',
-                   password_reset_form=PasswordResetForm,
-                   token_generator=default_token_generator,
-                   post_reset_redirect=None,
-                   from_email=None,
-                   current_app=None,
-                   extra_context=None,
-                   html_email_template_name=None):
-    if post_reset_redirect is None:
-        post_reset_redirect = reverse('password_reset_done')
-    else:
-        post_reset_redirect = resolve_url(post_reset_redirect)
-    if request.method == "POST":
-        form = password_reset_form(request.POST)
-        if form.is_valid():
-            opts = {
-                'use_https': request.is_secure(),
-                'token_generator': token_generator,
-                'from_email': from_email,
-                'email_template_name': email_template_name,
-                'subject_template_name': subject_template_name,
-                'request': request,
-                'html_email_template_name': html_email_template_name,
-            }
-            if is_admin_site:
-                opts = dict(opts, domain_override=request.get_host())
-            form.save(**opts)
-            return HttpResponseRedirect(post_reset_redirect)
-    else:
-        form = password_reset_form()
-    context = {
-        'form': form,
-        'title': _('Password reset'),
-    }
-    if extra_context is not None:
-        context.update(extra_context)
-    return TemplateResponse(request, template_name, context,
-                            current_app=current_app)
-
-
-def password_reset_done(request,
-                        template_name='registration/password_reset_done.html',
-                        current_app=None, extra_context=None):
-    context = {
-        'title': _('Password reset successful'),
-    }
-    if extra_context is not None:
-        context.update(extra_context)
-    return TemplateResponse(request, template_name, context,
-                            current_app=current_app)
-
+class Password_Reset(FormView):
+    is_admin_site = False
+    template_name = 'registration/password_reset_form.html'
+    email_template_name = 'registration/password_reset_email.html'
+    subject_template_name = 'registration/password_reset_subject.txt'
+    password_reset_form = PasswordResetForm
+    token_generator = default_token_generator
+    post_reset_redirect = None
+    from_email = None
+    current_app = None
+    extra_context = None
+    html_email_template_name = None
+
+    @method_decorator(csrf_protect)
+    def dispatch(self, request, *args, **kwargs):
+        return super(Password_Reset, self).dispatch(request, *args, **kwargs)
+
+    def form_valid(self, form):
+        opts = {
+            'use_https': self.request.is_secure(),
+            'token_generator': self.token_generator,
+            'from_email': self.from_email,
+            'email_template_name': self.email_template_name,
+            'subject_template_name': self.subject_template_name,
+            'request': self.request,
+            'html_email_template_name': self.html_email_template_name,
+        }
+        if self.is_admin_site:
+            opts = dict(opts, domain_override=self.request.get_host())
+        form.save(**opts)
+        return HttpResponseRedirect(self.get_success_url())
+
+    def get_form_class(self):
+        return self.password_reset_form
+
+    def get_success_url(self):
+        if self.post_reset_redirect is None:
+            self.post_reset_redirect = reverse('password_reset_done')
+        else:
+            self.post_reset_redirect = resolve_url(self.post_reset_redirect)
+        return self.post_reset_redirect
+
+    def get_context_data(self, **kwargs):
+        context = super(Password_Reset, self).get_context_data(**kwargs)
+        context.update({
+            'title': _('Password reset'),
+            'current_app': self.current_app,
+        })
+        if self.extra_context is not None:
+            context.update(self.extra_context)
+        return context
+
+def password_reset(request, *args, **kwargs):
+    return Password_Reset.as_view(**kwargs)(request, *args, **kwargs)
+
+class Password_Reset_Done(TemplateView):
+    template_name = 'registration/password_reset_done.html'
+    current_app = None
+    extra_context = None
+
+    def get_context_data(self, **kwargs):
+        context = super(Password_Reset_Done, self).get_context_data(**kwargs)
+        context.update({
+            'title': _('Password reset successful'),
+            'current_app': self.current_app,
+        })
+        if self.extra_context is not None:
+            context.update(self.extra_context)
+        return context
+
+def password_reset_done(request, *args, **kwargs):
+    return Password_Reset_Done.as_view(**kwargs)(request, *args, **kwargs)
 
 # Doesn't need csrf_protect since no-one can guess the URL
-@sensitive_post_parameters()
-@never_cache
-def password_reset_confirm(request, uidb64=None, token=None,
-                           template_name='registration/password_reset_confirm.html',
-                           token_generator=default_token_generator,
-                           set_password_form=SetPasswordForm,
-                           post_reset_redirect=None,
-                           current_app=None, extra_context=None):
+class Password_Reset_Confirm(FormView):
+    uidb64 = None
+    token = None
+    template_name = 'registration/password_reset_confirm.html'
+    token_generator = default_token_generator
+    set_password_form = SetPasswordForm
+    post_reset_redirect = None
+    current_app = None
+    extra_context = None
+
+    user = None
+    validlink = False
+    form = None
+    title = _('Password reset unsuccessful')
+
     """
     View that checks the hash in a password reset link and presents a
     form for entering a new password.
     """
-    UserModel = get_user_model()
-    assert uidb64 is not None and token is not None  # checked by URLconf
-    if post_reset_redirect is None:
-        post_reset_redirect = reverse('password_reset_complete')
-    else:
-        post_reset_redirect = resolve_url(post_reset_redirect)
+    @method_decorator(sensitive_post_parameters())
+    @method_decorator(never_cache)
+    def dispatch(self, request, *args, **kwargs):
+        # checked by URLconf
+        assert self.uidb64 is not None and self.token is not None
+        UserModel = get_user_model()
+        try:
+            uid = urlsafe_base64_decode(self.uidb64)
+            self.user = UserModel._default_manager.get(pk=uid)
+        except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
+            self.user = None
+        return super(Password_Reset_Confirm, self).dispatch(request, *args, **kwargs)
+
+    def get(self, *args, **kwargs):
+        if self.user is not None and self.token_generator.check_token(self.user, self.token):
+            self.validlink = True
+            self.title = _('Enter new password')
+        return super(Password_Reset_Confirm, self).get(*args, **kwargs)
+
+    def form_valid(self, form):
+        form.save()
+        return HttpResponseRedirect(self.get_success_url())
+
+    def get_form(self, form_class):
+        return form_class(self.user, **self.get_form_kwargs())
+
+    def get_form_class(self):
+        return self.set_password_form
+
+    def get_success_url(self):
+        if self.post_reset_redirect is None:
+            self.post_reset_redirect = reverse('password_reset_complete')
+        else:
+            self.post_reset_redirect = resolve_url(self.post_reset_redirect)
+        return self.post_reset_redirect
+
+    def get_context_data(self, **kwargs):
+        context = super(Password_Reset_Confirm, self).get_context_data(**kwargs)
+        context.update({
+            'title': self.title,
+            'validlink': self.validlink,
+            'current_app': self.current_app,
+        })
+        if self.extra_context is not None:
+            context.update(self.extra_context)
+        if self.user is None:
+            context.update({
+                'form': None,
+            })
+        return context
+
+def password_reset_confirm(request, *args, **kwargs):
     try:
-        uid = urlsafe_base64_decode(uidb64)
-        user = UserModel._default_manager.get(pk=uid)
-    except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
-        user = None
-
-    if user is not None and token_generator.check_token(user, token):
-        validlink = True
-        title = _('Enter new password')
-        if request.method == 'POST':
-            form = set_password_form(user, request.POST)
-            if form.is_valid():
-                form.save()
-                return HttpResponseRedirect(post_reset_redirect)
+        uidb64 = args[1] or None
+        token = args[2] or None
+        print(uidb64, token)
+        if uidb64 and token:
+            kwargs.update({
+                'uidb64': uidb64,
+                'token': token,
+            })
+    except:
+        pass
+    return Password_Reset_Confirm.as_view(**kwargs)(request, *args, **kwargs)
+
+class Password_Reset_Complete(TemplateView):
+    template_name='registration/password_reset_complete.html'
+    current_app=None
+    extra_context=None
+
+    def get_context_data(self, **kwargs):
+        context = super(Password_Reset_Complete, self).get_context_data(**kwargs)
+        context.update({
+            'login_url': resolve_url(settings.LOGIN_URL),
+            'title': _('Password reset complete'),
+            'current_app': self.current_app,
+        })
+        if self.extra_context is not None:
+            context.update(self.extra_context)
+        return context
+
+def password_reset_complete(request, *args, **kwargs):
+    return Password_Reset_Complete.as_view(**kwargs)(request, *args, **kwargs)
+
+class Password_Change(FormView):
+    template_name='registration/password_change_form.html'
+    post_change_redirect=None
+    password_change_form=PasswordChangeForm
+    current_app=None
+    extra_context=None
+
+    @method_decorator(sensitive_post_parameters())
+    @method_decorator(csrf_protect)
+    @method_decorator(login_required)
+    def dispatch(self, request, *args, **kwargs):
+        return super(Password_Change, self).dispatch(self.request, *args, **kwargs)
+
+    def get_success_url(self):
+        if self.post_change_redirect is None:
+            self.post_change_redirect = reverse('password_change_done')
         else:
-            form = set_password_form(user)
-    else:
-        validlink = False
-        form = None
-        title = _('Password reset unsuccessful')
-    context = {
-        'form': form,
-        'title': title,
-        'validlink': validlink,
-    }
-    if extra_context is not None:
-        context.update(extra_context)
-    return TemplateResponse(request, template_name, context,
-                            current_app=current_app)
-
-
-def password_reset_complete(request,
-                            template_name='registration/password_reset_complete.html',
-                            current_app=None, extra_context=None):
-    context = {
-        'login_url': resolve_url(settings.LOGIN_URL),
-        'title': _('Password reset complete'),
-    }
-    if extra_context is not None:
-        context.update(extra_context)
-    return TemplateResponse(request, template_name, context,
-                            current_app=current_app)
-
-
-@sensitive_post_parameters()
-@csrf_protect
-@login_required
-def password_change(request,
-                    template_name='registration/password_change_form.html',
-                    post_change_redirect=None,
-                    password_change_form=PasswordChangeForm,
-                    current_app=None, extra_context=None):
-    if post_change_redirect is None:
-        post_change_redirect = reverse('password_change_done')
-    else:
-        post_change_redirect = resolve_url(post_change_redirect)
-    if request.method == "POST":
-        form = password_change_form(user=request.user, data=request.POST)
-        if form.is_valid():
-            form.save()
-            # Updating the password logs out all other sessions for the user
-            # except the current one if
-            # django.contrib.auth.middleware.SessionAuthenticationMiddleware
-            # is enabled.
-            update_session_auth_hash(request, form.user)
-            return HttpResponseRedirect(post_change_redirect)
-    else:
-        form = password_change_form(user=request.user)
-    context = {
-        'form': form,
-        'title': _('Password change'),
-    }
-    if extra_context is not None:
-        context.update(extra_context)
-    return TemplateResponse(request, template_name, context,
-                            current_app=current_app)
-
-
-@login_required
-def password_change_done(request,
-                         template_name='registration/password_change_done.html',
-                         current_app=None, extra_context=None):
-    context = {
-        'title': _('Password change successful'),
-    }
-    if extra_context is not None:
-        context.update(extra_context)
-    return TemplateResponse(request, template_name, context,
-                            current_app=current_app)
+            self.post_change_redirect = resolve_url(self.post_change_redirect)
+        return self.post_change_redirect
+
+    def get_form(self, form_class):
+        return form_class(self.request.user, **self.get_form_kwargs())
+
+    def get_form_class(self):
+        return self.password_change_form
+
+    def form_valid(self, form):
+        form.save()
+        # Updating the password logs out all other sessions for the user
+        # except the current one if
+        # django.contrib.auth.middleware.SessionAuthenticationMiddleware
+        # is enabled.
+        update_session_auth_hash(self.request, form.user)
+        return HttpResponseRedirect(self.get_success_url())
+
+    def get_context_data(self, **kwargs):
+        context = super(Password_Change, self).get_context_data(**kwargs)
+        context.update({
+            'title': _('Password change'),
+            'current_app': self.current_app,
+        })
+        if self.extra_context is not None:
+            context.update(self.extra_context)
+        return context
+
+def password_change(request, *args, **kwargs):
+    return Password_Change.as_view(**kwargs)(request, *args, **kwargs)
+
+class Password_Change_Done(TemplateView):
+    template_name='registration/password_change_done.html'
+    current_app=None
+    extra_context=None
+
+    @method_decorator(login_required)
+    def dispatch(self, request, *args, **kwargs):
+        return super(Password_Change_Done, self).dispatch(request, *args, **kwargs)
+
+    def get_context_data(self, **kwargs):
+        context = super(Password_Change_Done, self).get_context_data(**kwargs)
+        context.update({
+            'title': _('Password change successful'),
+            'current_app': self.current_app,
+        })
+        if self.extra_context is not None:
+            context.update(self.extra_context)
+        return context
+
+def password_change_done(request, *args, **kwargs):
+    return Password_Change_Done.as_view(**kwargs)(request, *args, **kwargs)