forked from Hostea/dashboard
fix & chore: inject CSRF token in login form and refactor login_view
parent
542ce0182d
commit
3054fe5e9f
|
@ -3,6 +3,7 @@
|
||||||
<h2>Login</h2>
|
<h2>Login</h2>
|
||||||
<form action="{% url 'accounts.login' %}" method="POST" class="form" accept-charset="utf-8">
|
<form action="{% url 'accounts.login' %}" method="POST" class="form" accept-charset="utf-8">
|
||||||
{% include "common/components/error.html" %}
|
{% include "common/components/error.html" %}
|
||||||
|
{% csrf_token %}
|
||||||
<label class="form__label" for="login">
|
<label class="form__label" for="login">
|
||||||
Username or Email
|
Username or Email
|
||||||
<input
|
<input
|
||||||
|
|
|
@ -1,59 +1,63 @@
|
||||||
|
# Copyright © 2022 Aravinth Manivannan <realaravinth@batsense.net>
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU Affero General Public License as
|
||||||
|
# published by the Free Software Foundation, either version 3 of the
|
||||||
|
# License, or (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU Affero General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU Affero General Public License
|
||||||
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
from django.shortcuts import render, redirect
|
from django.shortcuts import render, redirect
|
||||||
from django.contrib.auth import authenticate, login, logout
|
from django.contrib.auth import authenticate, login, logout
|
||||||
|
from django.contrib.auth import get_user_model
|
||||||
from django.contrib.auth.decorators import login_required
|
from django.contrib.auth.decorators import login_required
|
||||||
from django.http import HttpResponse
|
from django.http import HttpResponse
|
||||||
from django.views.decorators.csrf import csrf_protect
|
from django.views.decorators.csrf import csrf_protect
|
||||||
from django.urls import reverse
|
from django.urls import reverse
|
||||||
|
|
||||||
GREETINGS = {
|
|
||||||
"greeting": "Welcome to Hostea - Free Forge Ecosystem for Free Developers",
|
|
||||||
"features": [
|
|
||||||
"Fully managed",
|
|
||||||
"100% Free Software",
|
|
||||||
"Fully Self-Hostable",
|
|
||||||
"Observable and reliable",
|
|
||||||
"Federation when available",
|
|
||||||
"Radically transparent",
|
|
||||||
"Horizontal community",
|
|
||||||
"Run Hostea and become a service provider!",
|
|
||||||
],
|
|
||||||
}
|
|
||||||
|
|
||||||
LOGIN_CONTENT = {
|
|
||||||
"login_name": "Username or Email",
|
|
||||||
"action": "Login",
|
|
||||||
"password": "Password",
|
|
||||||
"forgot_password": "Forgot password?",
|
|
||||||
"register_prompt": "New to Hostea?",
|
|
||||||
"register_action_link_text": "Create an account",
|
|
||||||
"greetings": GREETINGS,
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
@csrf_protect
|
@csrf_protect
|
||||||
def login_view(request):
|
def login_view(request):
|
||||||
if request.method == "POST":
|
if request.method == "GET":
|
||||||
|
ctx = {}
|
||||||
|
if "next" in request.GET:
|
||||||
|
ctx["next"] = request.GET["next"]
|
||||||
|
return render(request, "accounts/auth/login.html", ctx)
|
||||||
|
|
||||||
|
login_cred = request.POST["login"]
|
||||||
|
user = None
|
||||||
|
|
||||||
|
if "@" in login_cred:
|
||||||
user = authenticate(
|
user = authenticate(
|
||||||
request,
|
email=login_cred,
|
||||||
username=request.POST["username"],
|
|
||||||
password=request.POST["password"],
|
password=request.POST["password"],
|
||||||
)
|
)
|
||||||
|
else:
|
||||||
|
user = authenticate(
|
||||||
|
username=login_cred,
|
||||||
|
password=request.POST["password"],
|
||||||
|
)
|
||||||
|
|
||||||
if user is not None:
|
if user is not None:
|
||||||
login(request, user)
|
login(request, user)
|
||||||
print("user logged in")
|
|
||||||
if "next" in request.POST:
|
if "next" in request.POST:
|
||||||
next_url = request.POST["next"]
|
next_url = request.POST["next"]
|
||||||
if next_url:
|
if next_url:
|
||||||
return redirect(next_url)
|
return redirect(next_url)
|
||||||
return redirect(reverse("accounts.protected"))
|
return redirect(reverse("accounts.protected"))
|
||||||
else:
|
|
||||||
return HttpResponse("Login required")
|
|
||||||
|
|
||||||
ctx = LOGIN_CONTENT
|
ctx = {
|
||||||
if "next" in request.GET:
|
"error": {
|
||||||
ctx["next"] = request.GET["next"]
|
"title": "Login Failed",
|
||||||
|
"reason": "Username or passwrod is incorrect, please try again.",
|
||||||
return render(request, "accounts/auth/login.html", ctx)
|
}
|
||||||
|
}
|
||||||
|
return render(request, "accounts/auth/login.html", status=401, context=ctx)
|
||||||
|
|
||||||
|
|
||||||
@login_required
|
@login_required
|
||||||
|
|
Loading…
Reference in New Issue