Mercurial > public > sg101

annotate accounts/views.py @ 690:988782c6ce6c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
For #48, rework blocking code to use fail2ban.
author Brian Neal <bgneal@gmail.com>
date Sun, 01 Sep 2013 00:15:42 -0500
parents 89b240fe9297
children 81e0be69b3a5
rev   line source
bgneal@500 1 """
bgneal@500 2 Views for the accounts application.
gremmie@1 3
bgneal@500 4 """
bgneal@679 5 import json
bgneal@74 6 import logging
bgneal@74 7
bgneal@659 8 from django.shortcuts import render
gremmie@1 9 from django.template import RequestContext
bgneal@500 10 from django.template.loader import render_to_string
bgneal@500 11 from django.http import HttpResponse, HttpResponseRedirect
gremmie@1 12 from django.core.urlresolvers import reverse
bgneal@6 13 from django.conf import settings
bgneal@500 14 from django.contrib.auth.forms import AuthenticationForm
bgneal@500 15 from django.contrib.auth import login
gremmie@1 16
gremmie@1 17 from accounts.models import PendingUser
bgneal@659 18 from accounts.forms import RegisterForm, ForgotUsernameForm
bgneal@347 19 from accounts import create_new_user
bgneal@690 20 from antispam.decorators import log_auth_failures
gremmie@1 21
gremmie@1 22
bgneal@690 23 logger = logging.getLogger('auth')
bgneal@690 24
gremmie@1 25 #######################################################################
gremmie@1 26
bgneal@690 27 @log_auth_failures('Register')
gremmie@1 28 def register(request):
bgneal@74 29 if request.user.is_authenticated():
bgneal@74 30 return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
gremmie@1 31
bgneal@74 32 if request.method == 'POST':
bgneal@74 33 form = RegisterForm(request.POST, ip=request.META.get('REMOTE_ADDR', '?'))
bgneal@74 34 if form.is_valid():
bgneal@74 35 form.save()
bgneal@74 36 return HttpResponseRedirect(reverse('accounts.views.register_thanks'))
bgneal@74 37 else:
bgneal@74 38 form = RegisterForm()
gremmie@1 39
bgneal@659 40 return render(request, 'accounts/register.html', {'form': form})
gremmie@1 41
gremmie@1 42 #######################################################################
gremmie@1 43
gremmie@1 44 def register_thanks(request):
bgneal@74 45 if request.user.is_authenticated():
bgneal@74 46 return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
gremmie@1 47
bgneal@659 48 return render(request, 'accounts/register_thanks.html')
gremmie@1 49
gremmie@1 50 #######################################################################
gremmie@1 51
gremmie@1 52 def register_confirm(request, username, key):
bgneal@74 53 if request.user.is_authenticated():
bgneal@74 54 return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
bgneal@316 55
bgneal@74 56 # purge expired users
gremmie@1 57
bgneal@74 58 PendingUser.objects.purge_expired()
gremmie@1 59
bgneal@74 60 ip = request.META.get('REMOTE_ADDR', '?')
bgneal@74 61 try:
bgneal@74 62 pending_user = PendingUser.objects.get(username = username)
bgneal@74 63 except PendingUser.DoesNotExist:
bgneal@690 64 logger.error('Accounts register_confirm [%s]: user does not exist: %s', ip, username)
bgneal@659 65 return render(request,
bgneal@659 66 'accounts/register_failure.html',
bgneal@659 67 {'username': username})
gremmie@1 68
bgneal@74 69 if pending_user.key != key:
bgneal@690 70 logger.error('Accounts register_confirm [%s]: key error: %s', ip, username)
bgneal@659 71 return render(request,
bgneal@659 72 'accounts/register_failure.html',
bgneal@659 73 {'username': username})
gremmie@1 74
bgneal@347 75 create_new_user(pending_user, ip)
gremmie@1 76
bgneal@659 77 return render(request,
bgneal@659 78 'accounts/register_success.html',
bgneal@659 79 {'username': username})
bgneal@500 80
bgneal@500 81 #######################################################################
bgneal@500 82
bgneal@690 83 @log_auth_failures
bgneal@500 84 def login_ajax(request):
bgneal@500 85 """
bgneal@500 86 This view function handles a login via AJAX.
bgneal@500 87
bgneal@500 88 """
bgneal@500 89 if not request.is_ajax():
bgneal@500 90 return HttpResponseRedirect(reverse('accounts-login'))
bgneal@500 91
bgneal@500 92 response = {
bgneal@500 93 'success': False,
bgneal@500 94 'error': '',
bgneal@500 95 'navbar_html': ''
bgneal@500 96 }
bgneal@500 97
bgneal@500 98 if request.method == "POST":
bgneal@500 99 form = AuthenticationForm(data=request.POST)
bgneal@500 100 if form.is_valid():
bgneal@500 101 login(request, form.get_user())
bgneal@500 102 response['success'] = True
bgneal@500 103 response['navbar_html'] = render_to_string('navbar.html',
bgneal@500 104 {'user': request.user}, RequestContext(request))
bgneal@500 105 else:
bgneal@500 106 response['error'] = 'Invalid username or password'
bgneal@500 107
bgneal@679 108 return HttpResponse(json.dumps(response), content_type='application/json')
bgneal@659 109
bgneal@659 110 #######################################################################
bgneal@659 111
bgneal@659 112 def username_query(request):
bgneal@659 113 """This view handles forgotten username queries."""
bgneal@659 114 if request.user.is_authenticated():
bgneal@659 115 return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
bgneal@659 116
bgneal@659 117 if request.method == 'POST':
bgneal@659 118 form = ForgotUsernameForm(data=request.POST)
bgneal@659 119 if form.is_valid():
bgneal@659 120 form.save()
bgneal@659 121 return HttpResponseRedirect(reverse('accounts-username_sent'))
bgneal@659 122 else:
bgneal@659 123 form = ForgotUsernameForm()
bgneal@659 124
bgneal@659 125 return render(request, 'accounts/username_query.html', {'form': form})