dashboard/accounts/views.py

184 lines
5.8 KiB
Python
Raw Normal View History

# Copyright © 2022 Aravinth Manivannan <realaravinth@batsense.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from django.shortcuts import render, redirect, get_object_or_404
from django.utils.http import urlencode
2022-06-10 11:52:54 +00:00
from django.contrib.auth import authenticate, login, logout
from django.contrib.auth import get_user_model
2022-06-10 11:52:54 +00:00
from django.contrib.auth.decorators import login_required
from django.http import HttpResponse
from django.views.decorators.csrf import csrf_protect
from django.urls import reverse
from .models import AccountConfirmChallenge
from .utils import send_verification_email
2022-06-10 11:52:54 +00:00
@csrf_protect
def login_view(request):
def default_login_ctx():
return {
"title": "Login",
}
if request.method == "GET":
ctx = default_login_ctx()
if "next" in request.GET:
ctx["next"] = request.GET["next"]
return render(request, "accounts/auth/login.html", ctx)
login_cred = request.POST["login"]
user = None
if "@" in login_cred:
user = authenticate(
email=login_cred,
password=request.POST["password"],
)
else:
user = authenticate(
username=login_cred,
password=request.POST["password"],
)
2022-06-10 11:52:54 +00:00
if user is not None:
login(request, user)
if "next" in request.POST:
next_url = request.POST["next"]
if next_url:
return redirect(next_url)
return redirect(reverse("accounts.home"))
2022-06-10 11:52:54 +00:00
ctx = default_login_ctx()
ctx["error"] = {
"title": "Login Failed",
"reason": "Username or passwrod is incorrect, please try again.",
}
return render(request, "accounts/auth/login.html", status=401, context=ctx)
2022-06-10 11:52:54 +00:00
2022-06-10 11:52:54 +00:00
@login_required
def protected_view(request):
return redirect(reverse("dash.home"))
2022-06-10 11:52:54 +00:00
def default_login_url(request):
ctx = {"next": request.GET["next"]}
return redirect(f"{reverse('accounts.login')}?{urlencode(ctx)}")
2022-06-10 11:52:54 +00:00
@login_required
def logout_view(request):
logout(request)
return redirect(reverse("accounts.login"))
2022-06-10 11:52:54 +00:00
def register_view(request):
def default_register_ctx(username=None, email=None):
return {
"title": "Register",
"username": username,
"email": username,
}
if request.method == "GET":
ctx = default_register_ctx()
if "next" in request.GET:
ctx["next"] = request.GET["next"]
return render(request, "accounts/auth/register.html", ctx)
confirm_password = request.POST["confirm_password"]
password = request.POST["password"]
username = request.POST["username"]
email = request.POST["email"]
if password != confirm_password:
ctx = default_register_ctx(username=username, email=email)
ctx["error"] = {
"title": "Registration Failed",
"reason": "Passwords don't match, please verify input",
}
return render(request, "accounts/auth/register.html", status=400, context=ctx)
User = get_user_model()
if User.objects.filter(email=email).exists():
ctx = default_register_ctx(username=username, email=email)
ctx["error"] = {
"title": "Registration Failed",
"reason": "Email is already registered",
}
return render(request, "accounts/auth/register.html", status=400, context=ctx)
if User.objects.filter(username=username).exists():
ctx = default_register_ctx(username=username, email=email)
ctx["error"] = {
"title": "Registration Failed",
"reason": "Username is already registered",
}
return render(request, "accounts/auth/register.html", status=400, context=ctx)
user = get_user_model().objects.create_user(
username=username,
email=email,
is_active=False,
password=password,
) # TODO: get email from settings.py
challenge = None
if not AccountConfirmChallenge.objects.filter(owned_by=user).exists():
challenge = AccountConfirmChallenge(owned_by=user)
challenge.save()
send_verification_email(request, challenge=challenge)
else:
challenge = AccountConfirmChallenge.objects.get(owned_by=user)
user.is_active = False
user.save()
return redirect(challenge.pending_url())
def verification_pending_view(request, public_ref):
challenge = get_object_or_404(AccountConfirmChallenge, public_ref=public_ref)
ctx = {
"email": challenge.owned_by.email,
"public_ref": challenge.public_ref,
}
return render(request, "accounts/auth/verification-pending.html", context=ctx)
def resend_verification_email_view(request, public_ref):
challenge = get_object_or_404(AccountConfirmChallenge, public_ref=public_ref)
send_verification_email(request, challenge=challenge)
return redirect(challenge.pending_url())
def verify_account(request, challenge):
challenge = get_object_or_404(AccountConfirmChallenge, challenge_text=challenge)
if request.method == "GET":
ctx = {
"challenge": challenge,
}
return render(request, "accounts/auth/verify.html", context=ctx)
challenge.owned_by.is_active = True
challenge.owned_by.save()
challenge.delete()
return redirect("accounts.login")