diff options
Diffstat (limited to 'webapp/django/contrib/auth/views.py')
-rw-r--r-- | webapp/django/contrib/auth/views.py | 157 |
1 files changed, 157 insertions, 0 deletions
diff --git a/webapp/django/contrib/auth/views.py b/webapp/django/contrib/auth/views.py new file mode 100644 index 0000000000..e1f0d43c00 --- /dev/null +++ b/webapp/django/contrib/auth/views.py @@ -0,0 +1,157 @@ +from django.conf import settings +from django.contrib.auth import REDIRECT_FIELD_NAME +from django.contrib.auth.decorators import login_required +from django.contrib.auth.forms import AuthenticationForm +from django.contrib.auth.forms import PasswordResetForm, SetPasswordForm, PasswordChangeForm +from django.contrib.auth.tokens import default_token_generator +from django.core.urlresolvers import reverse +from django.shortcuts import render_to_response, get_object_or_404 +from django.contrib.sites.models import Site, RequestSite +from django.http import HttpResponseRedirect, Http404 +from django.template import RequestContext +from django.utils.http import urlquote, base36_to_int +from django.utils.translation import ugettext as _ +from django.contrib.auth.models import User +from django.views.decorators.cache import never_cache + +def login(request, template_name='registration/login.html', redirect_field_name=REDIRECT_FIELD_NAME): + "Displays the login form and handles the login action." + redirect_to = request.REQUEST.get(redirect_field_name, '') + if request.method == "POST": + form = AuthenticationForm(data=request.POST) + if form.is_valid(): + # Light security check -- make sure redirect_to isn't garbage. + if not redirect_to or '//' in redirect_to or ' ' in redirect_to: + redirect_to = settings.LOGIN_REDIRECT_URL + from django.contrib.auth import login + login(request, form.get_user()) + if request.session.test_cookie_worked(): + request.session.delete_test_cookie() + return HttpResponseRedirect(redirect_to) + else: + form = AuthenticationForm(request) + request.session.set_test_cookie() + if Site._meta.installed: + current_site = Site.objects.get_current() + else: + current_site = RequestSite(request) + return render_to_response(template_name, { + 'form': form, + redirect_field_name: redirect_to, + 'site_name': current_site.name, + }, context_instance=RequestContext(request)) +login = never_cache(login) + +def logout(request, next_page=None, template_name='registration/logged_out.html'): + "Logs out the user and displays 'You are logged out' message." + from django.contrib.auth import logout + logout(request) + if next_page is None: + return render_to_response(template_name, {'title': _('Logged out')}, context_instance=RequestContext(request)) + else: + # Redirect to this page until the session has been cleared. + return HttpResponseRedirect(next_page or request.path) + +def logout_then_login(request, login_url=None): + "Logs out the user if he is logged in. Then redirects to the log-in page." + if not login_url: + login_url = settings.LOGIN_URL + return logout(request, login_url) + +def redirect_to_login(next, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME): + "Redirects the user to the login page, passing the given 'next' page" + if not login_url: + login_url = settings.LOGIN_URL + return HttpResponseRedirect('%s?%s=%s' % (login_url, urlquote(redirect_field_name), urlquote(next))) + +# 4 views for password reset: +# - password_reset sends the mail +# - password_reset_done shows a success message for the above +# - password_reset_confirm checks the link the user clicked and +# prompts for a new password +# - password_reset_complete shows a success message for the above + +def password_reset(request, is_admin_site=False, template_name='registration/password_reset_form.html', + email_template_name='registration/password_reset_email.html', + password_reset_form=PasswordResetForm, token_generator=default_token_generator, + post_reset_redirect=None): + if post_reset_redirect is None: + post_reset_redirect = reverse('django.contrib.auth.views.password_reset_done') + if request.method == "POST": + form = password_reset_form(request.POST) + if form.is_valid(): + opts = {} + opts['use_https'] = request.is_secure() + opts['token_generator'] = token_generator + if is_admin_site: + opts['domain_override'] = request.META['HTTP_HOST'] + else: + opts['email_template_name'] = email_template_name + if not Site._meta.installed: + opts['domain_override'] = RequestSite(request).domain + form.save(**opts) + return HttpResponseRedirect(post_reset_redirect) + else: + form = password_reset_form() + return render_to_response(template_name, { + 'form': form, + }, context_instance=RequestContext(request)) + +def password_reset_done(request, template_name='registration/password_reset_done.html'): + return render_to_response(template_name, context_instance=RequestContext(request)) + +def password_reset_confirm(request, uidb36=None, token=None, template_name='registration/password_reset_confirm.html', + token_generator=default_token_generator, set_password_form=SetPasswordForm, + post_reset_redirect=None): + """ + View that checks the hash in a password reset link and presents a + form for entering a new password. + """ + assert uidb36 is not None and token is not None # checked by URLconf + if post_reset_redirect is None: + post_reset_redirect = reverse('django.contrib.auth.views.password_reset_complete') + try: + uid_int = base36_to_int(uidb36) + except ValueError: + raise Http404 + + user = get_object_or_404(User, id=uid_int) + context_instance = RequestContext(request) + + if token_generator.check_token(user, token): + context_instance['validlink'] = True + if request.method == 'POST': + form = set_password_form(user, request.POST) + if form.is_valid(): + form.save() + return HttpResponseRedirect(post_reset_redirect) + else: + form = set_password_form(None) + else: + context_instance['validlink'] = False + form = None + context_instance['form'] = form + return render_to_response(template_name, context_instance=context_instance) + +def password_reset_complete(request, template_name='registration/password_reset_complete.html'): + return render_to_response(template_name, context_instance=RequestContext(request, + {'login_url': settings.LOGIN_URL})) + +def password_change(request, template_name='registration/password_change_form.html', + post_change_redirect=None): + if post_change_redirect is None: + post_change_redirect = reverse('django.contrib.auth.views.password_change_done') + if request.method == "POST": + form = PasswordChangeForm(request.user, request.POST) + if form.is_valid(): + form.save() + return HttpResponseRedirect(post_change_redirect) + else: + form = PasswordChangeForm(request.user) + return render_to_response(template_name, { + 'form': form, + }, context_instance=RequestContext(request)) +password_change = login_required(password_change) + +def password_change_done(request, template_name='registration/password_change_done.html'): + return render_to_response(template_name, context_instance=RequestContext(request)) |