fix & chore: inject CSRF token in login form and refactor login_view
parent
542ce0182d
commit
3054fe5e9f
|
@ -3,6 +3,7 @@
|
|||
<h2>Login</h2>
|
||||
<form action="{% url 'accounts.login' %}" method="POST" class="form" accept-charset="utf-8">
|
||||
{% include "common/components/error.html" %}
|
||||
{% csrf_token %}
|
||||
<label class="form__label" for="login">
|
||||
Username or Email
|
||||
<input
|
||||
|
|
|
@ -1,59 +1,63 @@
|
|||
# Copyright © 2022 Aravinth Manivannan <realaravinth@batsense.net>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as
|
||||
# published by the Free Software Foundation, either version 3 of the
|
||||
# License, or (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
from django.shortcuts import render, redirect
|
||||
from django.contrib.auth import authenticate, login, logout
|
||||
from django.contrib.auth import get_user_model
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.http import HttpResponse
|
||||
from django.views.decorators.csrf import csrf_protect
|
||||
from django.urls import reverse
|
||||
|
||||
GREETINGS = {
|
||||
"greeting": "Welcome to Hostea - Free Forge Ecosystem for Free Developers",
|
||||
"features": [
|
||||
"Fully managed",
|
||||
"100% Free Software",
|
||||
"Fully Self-Hostable",
|
||||
"Observable and reliable",
|
||||
"Federation when available",
|
||||
"Radically transparent",
|
||||
"Horizontal community",
|
||||
"Run Hostea and become a service provider!",
|
||||
],
|
||||
}
|
||||
|
||||
LOGIN_CONTENT = {
|
||||
"login_name": "Username or Email",
|
||||
"action": "Login",
|
||||
"password": "Password",
|
||||
"forgot_password": "Forgot password?",
|
||||
"register_prompt": "New to Hostea?",
|
||||
"register_action_link_text": "Create an account",
|
||||
"greetings": GREETINGS,
|
||||
}
|
||||
|
||||
|
||||
@csrf_protect
|
||||
def login_view(request):
|
||||
if request.method == "POST":
|
||||
if request.method == "GET":
|
||||
ctx = {}
|
||||
if "next" in request.GET:
|
||||
ctx["next"] = request.GET["next"]
|
||||
return render(request, "accounts/auth/login.html", ctx)
|
||||
|
||||
login_cred = request.POST["login"]
|
||||
user = None
|
||||
|
||||
if "@" in login_cred:
|
||||
user = authenticate(
|
||||
request,
|
||||
username=request.POST["username"],
|
||||
email=login_cred,
|
||||
password=request.POST["password"],
|
||||
)
|
||||
else:
|
||||
user = authenticate(
|
||||
username=login_cred,
|
||||
password=request.POST["password"],
|
||||
)
|
||||
if user is not None:
|
||||
login(request, user)
|
||||
print("user logged in")
|
||||
if "next" in request.POST:
|
||||
next_url = request.POST["next"]
|
||||
if next_url:
|
||||
return redirect(next_url)
|
||||
return redirect(reverse("accounts.protected"))
|
||||
else:
|
||||
return HttpResponse("Login required")
|
||||
|
||||
ctx = LOGIN_CONTENT
|
||||
if "next" in request.GET:
|
||||
ctx["next"] = request.GET["next"]
|
||||
if user is not None:
|
||||
login(request, user)
|
||||
if "next" in request.POST:
|
||||
next_url = request.POST["next"]
|
||||
if next_url:
|
||||
return redirect(next_url)
|
||||
return redirect(reverse("accounts.protected"))
|
||||
|
||||
return render(request, "accounts/auth/login.html", ctx)
|
||||
ctx = {
|
||||
"error": {
|
||||
"title": "Login Failed",
|
||||
"reason": "Username or passwrod is incorrect, please try again.",
|
||||
}
|
||||
}
|
||||
return render(request, "accounts/auth/login.html", status=401, context=ctx)
|
||||
|
||||
|
||||
@login_required
|
||||
|
|
Loading…
Reference in New Issue