Ticket #17209: patch.diff

File patch.diff, 24.4 KB (added by japrogramer, 8 years ago)

this patch changes the auth view functions to CBV, maintaining backwards compatibility and tests passing ;)

  • django/contrib/auth/tests/test_templates.py

    diff --git a/django/contrib/auth/tests/test_templates.py b/django/contrib/auth/tests/test_templates.py
    index c5d4cea..1f521af 100644
    a b class AuthTemplateTests(TestCase): 
    4343        default_token_generator = PasswordResetTokenGenerator()
    4444        token = default_token_generator.make_token(user)
    4545        uidb64 = force_text(urlsafe_base64_encode(force_bytes(user.pk)))
    46         response = password_reset_confirm(request, uidb64, token, post_reset_redirect='dummy/')
     46        response = password_reset_confirm(request, uidb64=uidb64, token=token, post_reset_redirect='dummy/')
    4747        self.assertContains(response, '<title>Enter new password</title>')
    4848        self.assertContains(response, '<h1>Enter new password</h1>')
    4949
  • django/contrib/auth/views.py

    diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py
    index 969ab81..44d4c9f 100644
    a b from django.template.response import TemplateResponse 
    55from django.utils.http import is_safe_url, urlsafe_base64_decode
    66from django.utils.translation import ugettext as _
    77from django.utils.six.moves.urllib.parse import urlparse, urlunparse
     8from django.utils.decorators import method_decorator
    89from django.shortcuts import resolve_url
     10from django.views.generic import UpdateView
     11from django.views.generic.base import View, TemplateView
     12from django.views.generic.edit import FormView
    913from django.views.decorators.debug import sensitive_post_parameters
    1014from django.views.decorators.cache import never_cache
    1115from django.views.decorators.csrf import csrf_protect
    from django.contrib.auth.tokens import default_token_generator 
    1923from django.contrib.sites.shortcuts import get_current_site
    2024
    2125
    22 @sensitive_post_parameters()
    23 @csrf_protect
    24 @never_cache
    25 def login(request, template_name='registration/login.html',
    26           redirect_field_name=REDIRECT_FIELD_NAME,
    27           authentication_form=AuthenticationForm,
    28           current_app=None, extra_context=None):
     26class Login(FormView):
     27    redirect_field_name = REDIRECT_FIELD_NAME
     28    template_name = 'registration/login.html'
     29    form_class = AuthenticationForm
     30    current_app = None
     31    extra_context = None
    2932    """
    3033    Displays the login form and handles the login action.
    3134    """
    32     redirect_to = request.POST.get(redirect_field_name,
    33                                    request.GET.get(redirect_field_name, ''))
    34 
    35     if request.method == "POST":
    36         form = authentication_form(request, data=request.POST)
    37         if form.is_valid():
    38 
    39             # Ensure the user-originating redirection url is safe.
    40             if not is_safe_url(url=redirect_to, host=request.get_host()):
    41                 redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
     35    @method_decorator(sensitive_post_parameters())
     36    @method_decorator(csrf_protect)
     37    @method_decorator(never_cache)
     38    def dispatch(self, request, *args, **kwargs):
     39        return super(Login, self).dispatch(request, *args, **kwargs)
    4240
     41    def form_valid(self, form):
    4342            # Okay, security check complete. Log the user in.
    44             auth_login(request, form.get_user())
    45 
    46             return HttpResponseRedirect(redirect_to)
    47     else:
    48         form = authentication_form(request)
    49 
    50     current_site = get_current_site(request)
    51 
    52     context = {
    53         'form': form,
    54         redirect_field_name: redirect_to,
    55         'site': current_site,
    56         'site_name': current_site.name,
    57     }
    58     if extra_context is not None:
    59         context.update(extra_context)
    60     return TemplateResponse(request, template_name, context,
    61                             current_app=current_app)
    62 
    63 
    64 def logout(request, next_page=None,
    65            template_name='registration/logged_out.html',
    66            redirect_field_name=REDIRECT_FIELD_NAME,
    67            current_app=None, extra_context=None):
     43            auth_login(self.request, form.get_user())
     44            return HttpResponseRedirect(self.get_success_url())
     45
     46    def get_success_url(self):
     47        redirect_to = self.request.POST.get(self.redirect_field_name,
     48                                   self.request.GET.get(self.redirect_field_name, ''))
     49        # Ensure the user-originating redirection url is safe.
     50        if not is_safe_url(url=redirect_to, host=self.request.get_host()):
     51            redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
     52        return redirect_to
     53
     54    def get_context_data(self, **kwargs):
     55        context = super(Login, self).get_context_data(**kwargs)
     56        current_site = get_current_site(self.request)
     57        context.update({
     58            'redirect_field_name': self.get_success_url(),
     59            'site': current_site,
     60            'site_name': current_site.name,
     61            'current_app': self.current_app,
     62        })
     63        if self.extra_context is not None:
     64            context.update(self.extra_context)
     65        return context
     66
     67def login(request, *args, **kwargs):
     68    return Login.as_view(**kwargs)(request, *args, **kwargs)
     69
     70class Logout(TemplateView):
     71    next_page = None
     72    redirect_field_name = REDIRECT_FIELD_NAME
     73    template_name = 'registration/logged_out.html'
     74    current_app = None
     75    extra_context = None
     76
    6877    """
    6978    Logs out the user and displays 'You are logged out' message.
    7079    """
    71     auth_logout(request)
    72 
    73     if next_page is not None:
    74         next_page = resolve_url(next_page)
    75 
    76     if (redirect_field_name in request.POST or
    77             redirect_field_name in request.GET):
    78         next_page = request.POST.get(redirect_field_name,
    79                                      request.GET.get(redirect_field_name))
    80         # Security check -- don't allow redirection to a different host.
    81         if not is_safe_url(url=next_page, host=request.get_host()):
    82             next_page = request.path
    83 
    84     if next_page:
     80    def get(self, *args, **kwargs):
     81        auth_logout(self.request)
     82        response_kwargs = {
     83            'redirect_to': self.get_success_url(),
     84        }
     85        if self.next_page:
     86            return HttpResponseRedirect(response_kwargs['redirect_to'])
     87        return super(Logout, self).get(*args, **kwargs)
     88
     89    def post(self, *args, **kwargs):
     90        auth_logout(self.request)
    8591        # Redirect to this page until the session has been cleared.
    86         return HttpResponseRedirect(next_page)
    87 
    88     current_site = get_current_site(request)
    89     context = {
    90         'site': current_site,
    91         'site_name': current_site.name,
    92         'title': _('Logged out')
    93     }
    94     if extra_context is not None:
    95         context.update(extra_context)
    96     return TemplateResponse(request, template_name, context,
    97         current_app=current_app)
    98 
    99 
    100 def logout_then_login(request, login_url=None, current_app=None, extra_context=None):
     92        return HttpResponseRedirect(self.get_success_url())
     93
     94    def get_success_url(self):
     95        if self.next_page is not None:
     96            self.next_page = resolve_url(self.next_page)
     97
     98        if (self.redirect_field_name in self.request.POST or
     99                self.redirect_field_name in self.request.GET):
     100            self.next_page = self.request.POST.get(self.redirect_field_name,
     101                                         self.request.GET.get(self.redirect_field_name))
     102            # Security check -- don't allow redirection to a different host.
     103            if not is_safe_url(url=self.next_page, host=self.request.get_host()):
     104                self.next_page = self.request.path
     105        return self.next_page
     106
     107    def get_context_data(self, **kwargs):
     108        context = super(Logout, self).get_context_data(**kwargs)
     109        current_site = get_current_site(self.request)
     110        context.update({
     111            'site': current_site,
     112            'site_name': current_site.name,
     113            'title': _('Logged out'),
     114            'current_app': self.current_app,
     115        })
     116        if self.extra_context is not None:
     117            context.update(self.extra_context)
     118        return context
     119
     120
     121def logout(request, *args, **kwargs):
     122    return Logout.as_view(**kwargs)(request, *args, **kwargs)
     123
     124class Logout_Then_Login(View):
     125    login_url = None
     126    current_app = None
     127    extra_context = None
    101128    """
    102129    Logs out the user if they are logged in. Then redirects to the log-in page.
    103130    """
    104     if not login_url:
    105         login_url = settings.LOGIN_URL
    106     login_url = resolve_url(login_url)
    107     return logout(request, login_url, current_app=current_app, extra_context=extra_context)
     131    def get(self, *args, **kwargs):
     132        return logout(self.request, next_page=self.get_success_url(),
     133            current_app=self.current_app, extra_context=self.extra_context)
     134
     135    def get_success_url(self):
     136        if not self.login_url:
     137            self.login_url = settings.LOGIN_URL
     138        login_url = resolve_url(self.login_url)
     139        return login_url
     140
     141def logout_then_login(request, *args, **kwargs):
     142    return Logout_Then_Login.as_view(**kwargs)(request, *args, **kwargs)
    108143
    109144
    110145def redirect_to_login(next, login_url=None,
    def redirect_to_login(next, login_url=None, 
    130165#   prompts for a new password
    131166# - password_reset_complete shows a success message for the above
    132167
    133 @csrf_protect
    134 def password_reset(request, is_admin_site=False,
    135                    template_name='registration/password_reset_form.html',
    136                    email_template_name='registration/password_reset_email.html',
    137                    subject_template_name='registration/password_reset_subject.txt',
    138                    password_reset_form=PasswordResetForm,
    139                    token_generator=default_token_generator,
    140                    post_reset_redirect=None,
    141                    from_email=None,
    142                    current_app=None,
    143                    extra_context=None,
    144                    html_email_template_name=None):
    145     if post_reset_redirect is None:
    146         post_reset_redirect = reverse('password_reset_done')
    147     else:
    148         post_reset_redirect = resolve_url(post_reset_redirect)
    149     if request.method == "POST":
    150         form = password_reset_form(request.POST)
    151         if form.is_valid():
    152             opts = {
    153                 'use_https': request.is_secure(),
    154                 'token_generator': token_generator,
    155                 'from_email': from_email,
    156                 'email_template_name': email_template_name,
    157                 'subject_template_name': subject_template_name,
    158                 'request': request,
    159                 'html_email_template_name': html_email_template_name,
    160             }
    161             if is_admin_site:
    162                 opts = dict(opts, domain_override=request.get_host())
    163             form.save(**opts)
    164             return HttpResponseRedirect(post_reset_redirect)
    165     else:
    166         form = password_reset_form()
    167     context = {
    168         'form': form,
    169         'title': _('Password reset'),
    170     }
    171     if extra_context is not None:
    172         context.update(extra_context)
    173     return TemplateResponse(request, template_name, context,
    174                             current_app=current_app)
    175 
    176 
    177 def password_reset_done(request,
    178                         template_name='registration/password_reset_done.html',
    179                         current_app=None, extra_context=None):
    180     context = {
    181         'title': _('Password reset successful'),
    182     }
    183     if extra_context is not None:
    184         context.update(extra_context)
    185     return TemplateResponse(request, template_name, context,
    186                             current_app=current_app)
    187 
     168class Password_Reset(FormView):
     169    is_admin_site = False
     170    template_name = 'registration/password_reset_form.html'
     171    email_template_name = 'registration/password_reset_email.html'
     172    subject_template_name = 'registration/password_reset_subject.txt'
     173    password_reset_form = PasswordResetForm
     174    token_generator = default_token_generator
     175    post_reset_redirect = None
     176    from_email = None
     177    current_app = None
     178    extra_context = None
     179    html_email_template_name = None
     180
     181    @method_decorator(csrf_protect)
     182    def dispatch(self, request, *args, **kwargs):
     183        return super(Password_Reset, self).dispatch(request, *args, **kwargs)
     184
     185    def form_valid(self, form):
     186        opts = {
     187            'use_https': self.request.is_secure(),
     188            'token_generator': self.token_generator,
     189            'from_email': self.from_email,
     190            'email_template_name': self.email_template_name,
     191            'subject_template_name': self.subject_template_name,
     192            'request': self.request,
     193            'html_email_template_name': self.html_email_template_name,
     194        }
     195        if self.is_admin_site:
     196            opts = dict(opts, domain_override=self.request.get_host())
     197        form.save(**opts)
     198        return HttpResponseRedirect(self.get_success_url())
     199
     200    def get_form_class(self):
     201        return self.password_reset_form
     202
     203    def get_success_url(self):
     204        if self.post_reset_redirect is None:
     205            self.post_reset_redirect = reverse('password_reset_done')
     206        else:
     207            self.post_reset_redirect = resolve_url(self.post_reset_redirect)
     208        return self.post_reset_redirect
     209
     210    def get_context_data(self, **kwargs):
     211        context = super(Password_Reset, self).get_context_data(**kwargs)
     212        context.update({
     213            'title': _('Password reset'),
     214            'current_app': self.current_app,
     215        })
     216        if self.extra_context is not None:
     217            context.update(self.extra_context)
     218        return context
     219
     220def password_reset(request, *args, **kwargs):
     221    return Password_Reset.as_view(**kwargs)(request, *args, **kwargs)
     222
     223class Password_Reset_Done(TemplateView):
     224    template_name = 'registration/password_reset_done.html'
     225    current_app = None
     226    extra_context = None
     227
     228    def get_context_data(self, **kwargs):
     229        context = super(Password_Reset_Done, self).get_context_data(**kwargs)
     230        context.update({
     231            'title': _('Password reset successful'),
     232            'current_app': self.current_app,
     233        })
     234        if self.extra_context is not None:
     235            context.update(self.extra_context)
     236        return context
     237
     238def password_reset_done(request, *args, **kwargs):
     239    return Password_Reset_Done.as_view(**kwargs)(request, *args, **kwargs)
    188240
    189241# Doesn't need csrf_protect since no-one can guess the URL
    190 @sensitive_post_parameters()
    191 @never_cache
    192 def password_reset_confirm(request, uidb64=None, token=None,
    193                            template_name='registration/password_reset_confirm.html',
    194                            token_generator=default_token_generator,
    195                            set_password_form=SetPasswordForm,
    196                            post_reset_redirect=None,
    197                            current_app=None, extra_context=None):
     242class Password_Reset_Confirm(FormView):
     243    uidb64 = None
     244    token = None
     245    template_name = 'registration/password_reset_confirm.html'
     246    token_generator = default_token_generator
     247    set_password_form = SetPasswordForm
     248    post_reset_redirect = None
     249    current_app = None
     250    extra_context = None
     251
     252    user = None
     253    validlink = False
     254    form = None
     255    title = _('Password reset unsuccessful')
     256
    198257    """
    199258    View that checks the hash in a password reset link and presents a
    200259    form for entering a new password.
    201260    """
    202     UserModel = get_user_model()
    203     assert uidb64 is not None and token is not None  # checked by URLconf
    204     if post_reset_redirect is None:
    205         post_reset_redirect = reverse('password_reset_complete')
    206     else:
    207         post_reset_redirect = resolve_url(post_reset_redirect)
     261    @method_decorator(sensitive_post_parameters())
     262    @method_decorator(never_cache)
     263    def dispatch(self, request, *args, **kwargs):
     264        # checked by URLconf
     265        assert self.uidb64 is not None and self.token is not None
     266        UserModel = get_user_model()
     267        try:
     268            uid = urlsafe_base64_decode(self.uidb64)
     269            self.user = UserModel._default_manager.get(pk=uid)
     270        except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
     271            self.user = None
     272        return super(Password_Reset_Confirm, self).dispatch(request, *args, **kwargs)
     273
     274    def get(self, *args, **kwargs):
     275        if self.user is not None and self.token_generator.check_token(self.user, self.token):
     276            self.validlink = True
     277            self.title = _('Enter new password')
     278        return super(Password_Reset_Confirm, self).get(*args, **kwargs)
     279
     280    def form_valid(self, form):
     281        form.save()
     282        return HttpResponseRedirect(self.get_success_url())
     283
     284    def get_form(self, form_class):
     285        return form_class(self.user, **self.get_form_kwargs())
     286
     287    def get_form_class(self):
     288        return self.set_password_form
     289
     290    def get_success_url(self):
     291        if self.post_reset_redirect is None:
     292            self.post_reset_redirect = reverse('password_reset_complete')
     293        else:
     294            self.post_reset_redirect = resolve_url(self.post_reset_redirect)
     295        return self.post_reset_redirect
     296
     297    def get_context_data(self, **kwargs):
     298        context = super(Password_Reset_Confirm, self).get_context_data(**kwargs)
     299        context.update({
     300            'title': self.title,
     301            'validlink': self.validlink,
     302            'current_app': self.current_app,
     303        })
     304        if self.extra_context is not None:
     305            context.update(self.extra_context)
     306        if self.user is None:
     307            context.update({
     308                'form': None,
     309            })
     310        return context
     311
     312def password_reset_confirm(request, *args, **kwargs):
    208313    try:
    209         uid = urlsafe_base64_decode(uidb64)
    210         user = UserModel._default_manager.get(pk=uid)
    211     except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
    212         user = None
    213 
    214     if user is not None and token_generator.check_token(user, token):
    215         validlink = True
    216         title = _('Enter new password')
    217         if request.method == 'POST':
    218             form = set_password_form(user, request.POST)
    219             if form.is_valid():
    220                 form.save()
    221                 return HttpResponseRedirect(post_reset_redirect)
     314        uidb64 = args[1] or None
     315        token = args[2] or None
     316        print(uidb64, token)
     317        if uidb64 and token:
     318            kwargs.update({
     319                'uidb64': uidb64,
     320                'token': token,
     321            })
     322    except:
     323        pass
     324    return Password_Reset_Confirm.as_view(**kwargs)(request, *args, **kwargs)
     325
     326class Password_Reset_Complete(TemplateView):
     327    template_name='registration/password_reset_complete.html'
     328    current_app=None
     329    extra_context=None
     330
     331    def get_context_data(self, **kwargs):
     332        context = super(Password_Reset_Complete, self).get_context_data(**kwargs)
     333        context.update({
     334            'login_url': resolve_url(settings.LOGIN_URL),
     335            'title': _('Password reset complete'),
     336            'current_app': self.current_app,
     337        })
     338        if self.extra_context is not None:
     339            context.update(self.extra_context)
     340        return context
     341
     342def password_reset_complete(request, *args, **kwargs):
     343    return Password_Reset_Complete.as_view(**kwargs)(request, *args, **kwargs)
     344
     345class Password_Change(FormView):
     346    template_name='registration/password_change_form.html'
     347    post_change_redirect=None
     348    password_change_form=PasswordChangeForm
     349    current_app=None
     350    extra_context=None
     351
     352    @method_decorator(sensitive_post_parameters())
     353    @method_decorator(csrf_protect)
     354    @method_decorator(login_required)
     355    def dispatch(self, request, *args, **kwargs):
     356        return super(Password_Change, self).dispatch(self.request, *args, **kwargs)
     357
     358    def get_success_url(self):
     359        if self.post_change_redirect is None:
     360            self.post_change_redirect = reverse('password_change_done')
    222361        else:
    223             form = set_password_form(user)
    224     else:
    225         validlink = False
    226         form = None
    227         title = _('Password reset unsuccessful')
    228     context = {
    229         'form': form,
    230         'title': title,
    231         'validlink': validlink,
    232     }
    233     if extra_context is not None:
    234         context.update(extra_context)
    235     return TemplateResponse(request, template_name, context,
    236                             current_app=current_app)
    237 
    238 
    239 def password_reset_complete(request,
    240                             template_name='registration/password_reset_complete.html',
    241                             current_app=None, extra_context=None):
    242     context = {
    243         'login_url': resolve_url(settings.LOGIN_URL),
    244         'title': _('Password reset complete'),
    245     }
    246     if extra_context is not None:
    247         context.update(extra_context)
    248     return TemplateResponse(request, template_name, context,
    249                             current_app=current_app)
    250 
    251 
    252 @sensitive_post_parameters()
    253 @csrf_protect
    254 @login_required
    255 def password_change(request,
    256                     template_name='registration/password_change_form.html',
    257                     post_change_redirect=None,
    258                     password_change_form=PasswordChangeForm,
    259                     current_app=None, extra_context=None):
    260     if post_change_redirect is None:
    261         post_change_redirect = reverse('password_change_done')
    262     else:
    263         post_change_redirect = resolve_url(post_change_redirect)
    264     if request.method == "POST":
    265         form = password_change_form(user=request.user, data=request.POST)
    266         if form.is_valid():
    267             form.save()
    268             # Updating the password logs out all other sessions for the user
    269             # except the current one if
    270             # django.contrib.auth.middleware.SessionAuthenticationMiddleware
    271             # is enabled.
    272             update_session_auth_hash(request, form.user)
    273             return HttpResponseRedirect(post_change_redirect)
    274     else:
    275         form = password_change_form(user=request.user)
    276     context = {
    277         'form': form,
    278         'title': _('Password change'),
    279     }
    280     if extra_context is not None:
    281         context.update(extra_context)
    282     return TemplateResponse(request, template_name, context,
    283                             current_app=current_app)
    284 
    285 
    286 @login_required
    287 def password_change_done(request,
    288                          template_name='registration/password_change_done.html',
    289                          current_app=None, extra_context=None):
    290     context = {
    291         'title': _('Password change successful'),
    292     }
    293     if extra_context is not None:
    294         context.update(extra_context)
    295     return TemplateResponse(request, template_name, context,
    296                             current_app=current_app)
     362            self.post_change_redirect = resolve_url(self.post_change_redirect)
     363        return self.post_change_redirect
     364
     365    def get_form(self, form_class):
     366        return form_class(self.request.user, **self.get_form_kwargs())
     367
     368    def get_form_class(self):
     369        return self.password_change_form
     370
     371    def form_valid(self, form):
     372        form.save()
     373        # Updating the password logs out all other sessions for the user
     374        # except the current one if
     375        # django.contrib.auth.middleware.SessionAuthenticationMiddleware
     376        # is enabled.
     377        update_session_auth_hash(self.request, form.user)
     378        return HttpResponseRedirect(self.get_success_url())
     379
     380    def get_context_data(self, **kwargs):
     381        context = super(Password_Change, self).get_context_data(**kwargs)
     382        context.update({
     383            'title': _('Password change'),
     384            'current_app': self.current_app,
     385        })
     386        if self.extra_context is not None:
     387            context.update(self.extra_context)
     388        return context
     389
     390def password_change(request, *args, **kwargs):
     391    return Password_Change.as_view(**kwargs)(request, *args, **kwargs)
     392
     393class Password_Change_Done(TemplateView):
     394    template_name='registration/password_change_done.html'
     395    current_app=None
     396    extra_context=None
     397
     398    @method_decorator(login_required)
     399    def dispatch(self, request, *args, **kwargs):
     400        return super(Password_Change_Done, self).dispatch(request, *args, **kwargs)
     401
     402    def get_context_data(self, **kwargs):
     403        context = super(Password_Change_Done, self).get_context_data(**kwargs)
     404        context.update({
     405            'title': _('Password change successful'),
     406            'current_app': self.current_app,
     407        })
     408        if self.extra_context is not None:
     409            context.update(self.extra_context)
     410        return context
     411
     412def password_change_done(request, *args, **kwargs):
     413    return Password_Change_Done.as_view(**kwargs)(request, *args, **kwargs)
Back to Top