diff --git a/django/contrib/auth/tests/test_templates.py b/django/contrib/auth/tests/test_templates.py
index c5d4cea..1f521af 100644
--- a/django/contrib/auth/tests/test_templates.py
+++ b/django/contrib/auth/tests/test_templates.py
@@ -43,7 +43,7 @@ class AuthTemplateTests(TestCase):
default_token_generator = PasswordResetTokenGenerator()
token = default_token_generator.make_token(user)
uidb64 = force_text(urlsafe_base64_encode(force_bytes(user.pk)))
- response = password_reset_confirm(request, uidb64, token, post_reset_redirect='dummy/')
+ response = password_reset_confirm(request, uidb64=uidb64, token=token, post_reset_redirect='dummy/')
self.assertContains(response, '
Enter new password')
self.assertContains(response, 'Enter new password
')
diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py
index 969ab81..44d4c9f 100644
--- a/django/contrib/auth/views.py
+++ b/django/contrib/auth/views.py
@@ -5,7 +5,11 @@ from django.template.response import TemplateResponse
from django.utils.http import is_safe_url, urlsafe_base64_decode
from django.utils.translation import ugettext as _
from django.utils.six.moves.urllib.parse import urlparse, urlunparse
+from django.utils.decorators import method_decorator
from django.shortcuts import resolve_url
+from django.views.generic import UpdateView
+from django.views.generic.base import View, TemplateView
+from django.views.generic.edit import FormView
from django.views.decorators.debug import sensitive_post_parameters
from django.views.decorators.cache import never_cache
from django.views.decorators.csrf import csrf_protect
@@ -19,92 +23,123 @@ from django.contrib.auth.tokens import default_token_generator
from django.contrib.sites.shortcuts import get_current_site
-@sensitive_post_parameters()
-@csrf_protect
-@never_cache
-def login(request, template_name='registration/login.html',
- redirect_field_name=REDIRECT_FIELD_NAME,
- authentication_form=AuthenticationForm,
- current_app=None, extra_context=None):
+class Login(FormView):
+ redirect_field_name = REDIRECT_FIELD_NAME
+ template_name = 'registration/login.html'
+ form_class = AuthenticationForm
+ current_app = None
+ extra_context = None
"""
Displays the login form and handles the login action.
"""
- redirect_to = request.POST.get(redirect_field_name,
- request.GET.get(redirect_field_name, ''))
-
- if request.method == "POST":
- form = authentication_form(request, data=request.POST)
- if form.is_valid():
-
- # Ensure the user-originating redirection url is safe.
- if not is_safe_url(url=redirect_to, host=request.get_host()):
- redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
+ @method_decorator(sensitive_post_parameters())
+ @method_decorator(csrf_protect)
+ @method_decorator(never_cache)
+ def dispatch(self, request, *args, **kwargs):
+ return super(Login, self).dispatch(request, *args, **kwargs)
+ def form_valid(self, form):
# Okay, security check complete. Log the user in.
- auth_login(request, form.get_user())
-
- return HttpResponseRedirect(redirect_to)
- else:
- form = authentication_form(request)
-
- current_site = get_current_site(request)
-
- context = {
- 'form': form,
- redirect_field_name: redirect_to,
- 'site': current_site,
- 'site_name': current_site.name,
- }
- if extra_context is not None:
- context.update(extra_context)
- return TemplateResponse(request, template_name, context,
- current_app=current_app)
-
-
-def logout(request, next_page=None,
- template_name='registration/logged_out.html',
- redirect_field_name=REDIRECT_FIELD_NAME,
- current_app=None, extra_context=None):
+ auth_login(self.request, form.get_user())
+ return HttpResponseRedirect(self.get_success_url())
+
+ def get_success_url(self):
+ redirect_to = self.request.POST.get(self.redirect_field_name,
+ self.request.GET.get(self.redirect_field_name, ''))
+ # Ensure the user-originating redirection url is safe.
+ if not is_safe_url(url=redirect_to, host=self.request.get_host()):
+ redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
+ return redirect_to
+
+ def get_context_data(self, **kwargs):
+ context = super(Login, self).get_context_data(**kwargs)
+ current_site = get_current_site(self.request)
+ context.update({
+ 'redirect_field_name': self.get_success_url(),
+ 'site': current_site,
+ 'site_name': current_site.name,
+ 'current_app': self.current_app,
+ })
+ if self.extra_context is not None:
+ context.update(self.extra_context)
+ return context
+
+def login(request, *args, **kwargs):
+ return Login.as_view(**kwargs)(request, *args, **kwargs)
+
+class Logout(TemplateView):
+ next_page = None
+ redirect_field_name = REDIRECT_FIELD_NAME
+ template_name = 'registration/logged_out.html'
+ current_app = None
+ extra_context = None
+
"""
Logs out the user and displays 'You are logged out' message.
"""
- auth_logout(request)
-
- if next_page is not None:
- next_page = resolve_url(next_page)
-
- if (redirect_field_name in request.POST or
- redirect_field_name in request.GET):
- next_page = request.POST.get(redirect_field_name,
- request.GET.get(redirect_field_name))
- # Security check -- don't allow redirection to a different host.
- if not is_safe_url(url=next_page, host=request.get_host()):
- next_page = request.path
-
- if next_page:
+ def get(self, *args, **kwargs):
+ auth_logout(self.request)
+ response_kwargs = {
+ 'redirect_to': self.get_success_url(),
+ }
+ if self.next_page:
+ return HttpResponseRedirect(response_kwargs['redirect_to'])
+ return super(Logout, self).get(*args, **kwargs)
+
+ def post(self, *args, **kwargs):
+ auth_logout(self.request)
# Redirect to this page until the session has been cleared.
- return HttpResponseRedirect(next_page)
-
- current_site = get_current_site(request)
- context = {
- 'site': current_site,
- 'site_name': current_site.name,
- 'title': _('Logged out')
- }
- if extra_context is not None:
- context.update(extra_context)
- return TemplateResponse(request, template_name, context,
- current_app=current_app)
-
-
-def logout_then_login(request, login_url=None, current_app=None, extra_context=None):
+ return HttpResponseRedirect(self.get_success_url())
+
+ def get_success_url(self):
+ if self.next_page is not None:
+ self.next_page = resolve_url(self.next_page)
+
+ if (self.redirect_field_name in self.request.POST or
+ self.redirect_field_name in self.request.GET):
+ self.next_page = self.request.POST.get(self.redirect_field_name,
+ self.request.GET.get(self.redirect_field_name))
+ # Security check -- don't allow redirection to a different host.
+ if not is_safe_url(url=self.next_page, host=self.request.get_host()):
+ self.next_page = self.request.path
+ return self.next_page
+
+ def get_context_data(self, **kwargs):
+ context = super(Logout, self).get_context_data(**kwargs)
+ current_site = get_current_site(self.request)
+ context.update({
+ 'site': current_site,
+ 'site_name': current_site.name,
+ 'title': _('Logged out'),
+ 'current_app': self.current_app,
+ })
+ if self.extra_context is not None:
+ context.update(self.extra_context)
+ return context
+
+
+def logout(request, *args, **kwargs):
+ return Logout.as_view(**kwargs)(request, *args, **kwargs)
+
+class Logout_Then_Login(View):
+ login_url = None
+ current_app = None
+ extra_context = None
"""
Logs out the user if they are logged in. Then redirects to the log-in page.
"""
- if not login_url:
- login_url = settings.LOGIN_URL
- login_url = resolve_url(login_url)
- return logout(request, login_url, current_app=current_app, extra_context=extra_context)
+ def get(self, *args, **kwargs):
+ return logout(self.request, next_page=self.get_success_url(),
+ current_app=self.current_app, extra_context=self.extra_context)
+
+ def get_success_url(self):
+ if not self.login_url:
+ self.login_url = settings.LOGIN_URL
+ login_url = resolve_url(self.login_url)
+ return login_url
+
+def logout_then_login(request, *args, **kwargs):
+ return Logout_Then_Login.as_view(**kwargs)(request, *args, **kwargs)
def redirect_to_login(next, login_url=None,
@@ -130,167 +165,249 @@ def redirect_to_login(next, login_url=None,
# prompts for a new password
# - password_reset_complete shows a success message for the above
-@csrf_protect
-def password_reset(request, is_admin_site=False,
- template_name='registration/password_reset_form.html',
- email_template_name='registration/password_reset_email.html',
- subject_template_name='registration/password_reset_subject.txt',
- password_reset_form=PasswordResetForm,
- token_generator=default_token_generator,
- post_reset_redirect=None,
- from_email=None,
- current_app=None,
- extra_context=None,
- html_email_template_name=None):
- if post_reset_redirect is None:
- post_reset_redirect = reverse('password_reset_done')
- else:
- post_reset_redirect = resolve_url(post_reset_redirect)
- if request.method == "POST":
- form = password_reset_form(request.POST)
- if form.is_valid():
- opts = {
- 'use_https': request.is_secure(),
- 'token_generator': token_generator,
- 'from_email': from_email,
- 'email_template_name': email_template_name,
- 'subject_template_name': subject_template_name,
- 'request': request,
- 'html_email_template_name': html_email_template_name,
- }
- if is_admin_site:
- opts = dict(opts, domain_override=request.get_host())
- form.save(**opts)
- return HttpResponseRedirect(post_reset_redirect)
- else:
- form = password_reset_form()
- context = {
- 'form': form,
- 'title': _('Password reset'),
- }
- if extra_context is not None:
- context.update(extra_context)
- return TemplateResponse(request, template_name, context,
- current_app=current_app)
-
-
-def password_reset_done(request,
- template_name='registration/password_reset_done.html',
- current_app=None, extra_context=None):
- context = {
- 'title': _('Password reset successful'),
- }
- if extra_context is not None:
- context.update(extra_context)
- return TemplateResponse(request, template_name, context,
- current_app=current_app)
-
+class Password_Reset(FormView):
+ is_admin_site = False
+ template_name = 'registration/password_reset_form.html'
+ email_template_name = 'registration/password_reset_email.html'
+ subject_template_name = 'registration/password_reset_subject.txt'
+ password_reset_form = PasswordResetForm
+ token_generator = default_token_generator
+ post_reset_redirect = None
+ from_email = None
+ current_app = None
+ extra_context = None
+ html_email_template_name = None
+
+ @method_decorator(csrf_protect)
+ def dispatch(self, request, *args, **kwargs):
+ return super(Password_Reset, self).dispatch(request, *args, **kwargs)
+
+ def form_valid(self, form):
+ opts = {
+ 'use_https': self.request.is_secure(),
+ 'token_generator': self.token_generator,
+ 'from_email': self.from_email,
+ 'email_template_name': self.email_template_name,
+ 'subject_template_name': self.subject_template_name,
+ 'request': self.request,
+ 'html_email_template_name': self.html_email_template_name,
+ }
+ if self.is_admin_site:
+ opts = dict(opts, domain_override=self.request.get_host())
+ form.save(**opts)
+ return HttpResponseRedirect(self.get_success_url())
+
+ def get_form_class(self):
+ return self.password_reset_form
+
+ def get_success_url(self):
+ if self.post_reset_redirect is None:
+ self.post_reset_redirect = reverse('password_reset_done')
+ else:
+ self.post_reset_redirect = resolve_url(self.post_reset_redirect)
+ return self.post_reset_redirect
+
+ def get_context_data(self, **kwargs):
+ context = super(Password_Reset, self).get_context_data(**kwargs)
+ context.update({
+ 'title': _('Password reset'),
+ 'current_app': self.current_app,
+ })
+ if self.extra_context is not None:
+ context.update(self.extra_context)
+ return context
+
+def password_reset(request, *args, **kwargs):
+ return Password_Reset.as_view(**kwargs)(request, *args, **kwargs)
+
+class Password_Reset_Done(TemplateView):
+ template_name = 'registration/password_reset_done.html'
+ current_app = None
+ extra_context = None
+
+ def get_context_data(self, **kwargs):
+ context = super(Password_Reset_Done, self).get_context_data(**kwargs)
+ context.update({
+ 'title': _('Password reset successful'),
+ 'current_app': self.current_app,
+ })
+ if self.extra_context is not None:
+ context.update(self.extra_context)
+ return context
+
+def password_reset_done(request, *args, **kwargs):
+ return Password_Reset_Done.as_view(**kwargs)(request, *args, **kwargs)
# Doesn't need csrf_protect since no-one can guess the URL
-@sensitive_post_parameters()
-@never_cache
-def password_reset_confirm(request, uidb64=None, token=None,
- template_name='registration/password_reset_confirm.html',
- token_generator=default_token_generator,
- set_password_form=SetPasswordForm,
- post_reset_redirect=None,
- current_app=None, extra_context=None):
+class Password_Reset_Confirm(FormView):
+ uidb64 = None
+ token = None
+ template_name = 'registration/password_reset_confirm.html'
+ token_generator = default_token_generator
+ set_password_form = SetPasswordForm
+ post_reset_redirect = None
+ current_app = None
+ extra_context = None
+
+ user = None
+ validlink = False
+ form = None
+ title = _('Password reset unsuccessful')
+
"""
View that checks the hash in a password reset link and presents a
form for entering a new password.
"""
- UserModel = get_user_model()
- assert uidb64 is not None and token is not None # checked by URLconf
- if post_reset_redirect is None:
- post_reset_redirect = reverse('password_reset_complete')
- else:
- post_reset_redirect = resolve_url(post_reset_redirect)
+ @method_decorator(sensitive_post_parameters())
+ @method_decorator(never_cache)
+ def dispatch(self, request, *args, **kwargs):
+ # checked by URLconf
+ assert self.uidb64 is not None and self.token is not None
+ UserModel = get_user_model()
+ try:
+ uid = urlsafe_base64_decode(self.uidb64)
+ self.user = UserModel._default_manager.get(pk=uid)
+ except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
+ self.user = None
+ return super(Password_Reset_Confirm, self).dispatch(request, *args, **kwargs)
+
+ def get(self, *args, **kwargs):
+ if self.user is not None and self.token_generator.check_token(self.user, self.token):
+ self.validlink = True
+ self.title = _('Enter new password')
+ return super(Password_Reset_Confirm, self).get(*args, **kwargs)
+
+ def form_valid(self, form):
+ form.save()
+ return HttpResponseRedirect(self.get_success_url())
+
+ def get_form(self, form_class):
+ return form_class(self.user, **self.get_form_kwargs())
+
+ def get_form_class(self):
+ return self.set_password_form
+
+ def get_success_url(self):
+ if self.post_reset_redirect is None:
+ self.post_reset_redirect = reverse('password_reset_complete')
+ else:
+ self.post_reset_redirect = resolve_url(self.post_reset_redirect)
+ return self.post_reset_redirect
+
+ def get_context_data(self, **kwargs):
+ context = super(Password_Reset_Confirm, self).get_context_data(**kwargs)
+ context.update({
+ 'title': self.title,
+ 'validlink': self.validlink,
+ 'current_app': self.current_app,
+ })
+ if self.extra_context is not None:
+ context.update(self.extra_context)
+ if self.user is None:
+ context.update({
+ 'form': None,
+ })
+ return context
+
+def password_reset_confirm(request, *args, **kwargs):
try:
- uid = urlsafe_base64_decode(uidb64)
- user = UserModel._default_manager.get(pk=uid)
- except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
- user = None
-
- if user is not None and token_generator.check_token(user, token):
- validlink = True
- title = _('Enter new password')
- if request.method == 'POST':
- form = set_password_form(user, request.POST)
- if form.is_valid():
- form.save()
- return HttpResponseRedirect(post_reset_redirect)
+ uidb64 = args[1] or None
+ token = args[2] or None
+ print(uidb64, token)
+ if uidb64 and token:
+ kwargs.update({
+ 'uidb64': uidb64,
+ 'token': token,
+ })
+ except:
+ pass
+ return Password_Reset_Confirm.as_view(**kwargs)(request, *args, **kwargs)
+
+class Password_Reset_Complete(TemplateView):
+ template_name='registration/password_reset_complete.html'
+ current_app=None
+ extra_context=None
+
+ def get_context_data(self, **kwargs):
+ context = super(Password_Reset_Complete, self).get_context_data(**kwargs)
+ context.update({
+ 'login_url': resolve_url(settings.LOGIN_URL),
+ 'title': _('Password reset complete'),
+ 'current_app': self.current_app,
+ })
+ if self.extra_context is not None:
+ context.update(self.extra_context)
+ return context
+
+def password_reset_complete(request, *args, **kwargs):
+ return Password_Reset_Complete.as_view(**kwargs)(request, *args, **kwargs)
+
+class Password_Change(FormView):
+ template_name='registration/password_change_form.html'
+ post_change_redirect=None
+ password_change_form=PasswordChangeForm
+ current_app=None
+ extra_context=None
+
+ @method_decorator(sensitive_post_parameters())
+ @method_decorator(csrf_protect)
+ @method_decorator(login_required)
+ def dispatch(self, request, *args, **kwargs):
+ return super(Password_Change, self).dispatch(self.request, *args, **kwargs)
+
+ def get_success_url(self):
+ if self.post_change_redirect is None:
+ self.post_change_redirect = reverse('password_change_done')
else:
- form = set_password_form(user)
- else:
- validlink = False
- form = None
- title = _('Password reset unsuccessful')
- context = {
- 'form': form,
- 'title': title,
- 'validlink': validlink,
- }
- if extra_context is not None:
- context.update(extra_context)
- return TemplateResponse(request, template_name, context,
- current_app=current_app)
-
-
-def password_reset_complete(request,
- template_name='registration/password_reset_complete.html',
- current_app=None, extra_context=None):
- context = {
- 'login_url': resolve_url(settings.LOGIN_URL),
- 'title': _('Password reset complete'),
- }
- if extra_context is not None:
- context.update(extra_context)
- return TemplateResponse(request, template_name, context,
- current_app=current_app)
-
-
-@sensitive_post_parameters()
-@csrf_protect
-@login_required
-def password_change(request,
- template_name='registration/password_change_form.html',
- post_change_redirect=None,
- password_change_form=PasswordChangeForm,
- current_app=None, extra_context=None):
- if post_change_redirect is None:
- post_change_redirect = reverse('password_change_done')
- else:
- post_change_redirect = resolve_url(post_change_redirect)
- if request.method == "POST":
- form = password_change_form(user=request.user, data=request.POST)
- if form.is_valid():
- form.save()
- # Updating the password logs out all other sessions for the user
- # except the current one if
- # django.contrib.auth.middleware.SessionAuthenticationMiddleware
- # is enabled.
- update_session_auth_hash(request, form.user)
- return HttpResponseRedirect(post_change_redirect)
- else:
- form = password_change_form(user=request.user)
- context = {
- 'form': form,
- 'title': _('Password change'),
- }
- if extra_context is not None:
- context.update(extra_context)
- return TemplateResponse(request, template_name, context,
- current_app=current_app)
-
-
-@login_required
-def password_change_done(request,
- template_name='registration/password_change_done.html',
- current_app=None, extra_context=None):
- context = {
- 'title': _('Password change successful'),
- }
- if extra_context is not None:
- context.update(extra_context)
- return TemplateResponse(request, template_name, context,
- current_app=current_app)
+ self.post_change_redirect = resolve_url(self.post_change_redirect)
+ return self.post_change_redirect
+
+ def get_form(self, form_class):
+ return form_class(self.request.user, **self.get_form_kwargs())
+
+ def get_form_class(self):
+ return self.password_change_form
+
+ def form_valid(self, form):
+ form.save()
+ # Updating the password logs out all other sessions for the user
+ # except the current one if
+ # django.contrib.auth.middleware.SessionAuthenticationMiddleware
+ # is enabled.
+ update_session_auth_hash(self.request, form.user)
+ return HttpResponseRedirect(self.get_success_url())
+
+ def get_context_data(self, **kwargs):
+ context = super(Password_Change, self).get_context_data(**kwargs)
+ context.update({
+ 'title': _('Password change'),
+ 'current_app': self.current_app,
+ })
+ if self.extra_context is not None:
+ context.update(self.extra_context)
+ return context
+
+def password_change(request, *args, **kwargs):
+ return Password_Change.as_view(**kwargs)(request, *args, **kwargs)
+
+class Password_Change_Done(TemplateView):
+ template_name='registration/password_change_done.html'
+ current_app=None
+ extra_context=None
+
+ @method_decorator(login_required)
+ def dispatch(self, request, *args, **kwargs):
+ return super(Password_Change_Done, self).dispatch(request, *args, **kwargs)
+
+ def get_context_data(self, **kwargs):
+ context = super(Password_Change_Done, self).get_context_data(**kwargs)
+ context.update({
+ 'title': _('Password change successful'),
+ 'current_app': self.current_app,
+ })
+ if self.extra_context is not None:
+ context.update(self.extra_context)
+ return context
+
+def password_change_done(request, *args, **kwargs):
+ return Password_Change_Done.as_view(**kwargs)(request, *args, **kwargs)