Signup and invite tweaks

This commit is contained in:
Andrew Godwin 2022-11-18 00:09:04 -07:00
parent b3072c81ba
commit 1b44a25331
19 changed files with 285 additions and 116 deletions

View file

@ -61,8 +61,8 @@ the less sure I am about it.
- [x] Profile pages
- [x] Settable icon and background image for profiles
- [x] User search
- [ ] Following page
- [ ] Followers page
- [x] Following page
- [x] Followers page
- [x] Multiple domain support
- [x] Multiple identity support
- [x] Serverless-friendly worker subsystem

View file

@ -1,3 +1,6 @@
from core.models import Config
class AlwaysSecureMiddleware:
"""
Locks the request object as always being secure, for when it's behind
@ -11,3 +14,17 @@ class AlwaysSecureMiddleware:
request.__class__.scheme = "https"
response = self.get_response(request)
return response
class ConfigLoadingMiddleware:
"""
Caches the system config every request
"""
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
Config.system = Config.load_system()
response = self.get_response(request)
return response

View file

@ -160,7 +160,9 @@ class Config(models.Model):
site_icon: UploadedImage = static("img/icon-128.png")
site_banner: UploadedImage = static("img/fjords-banner-600.jpg")
allow_signups: bool = False
signup_allowed: bool = False
signup_invite_only: bool = False
signup_text: str = ""
post_length: int = 500
identity_max_per_user: int = 5

View file

@ -28,6 +28,7 @@ MIDDLEWARE = [
"django.contrib.messages.middleware.MessageMiddleware",
"django.middleware.clickjacking.XFrameOptionsMiddleware",
"django_htmx.middleware.HtmxMiddleware",
"core.middleware.ConfigLoadingMiddleware",
"users.middleware.IdentityMiddleware",
]

View file

@ -48,37 +48,42 @@ urlpatterns = [
),
path(
"admin/basic/",
admin.BasicPage.as_view(),
admin.BasicSettings.as_view(),
name="admin_basic",
),
path(
"admin/domains/",
admin.DomainsPage.as_view(),
admin.Domains.as_view(),
name="admin_domains",
),
path(
"admin/domains/create/",
admin.DomainCreatePage.as_view(),
admin.DomainCreate.as_view(),
name="admin_domains_create",
),
path(
"admin/domains/<domain>/",
admin.DomainEditPage.as_view(),
admin.DomainEdit.as_view(),
),
path(
"admin/domains/<domain>/delete/",
admin.DomainDeletePage.as_view(),
admin.DomainDelete.as_view(),
),
path(
"admin/users/",
admin.UsersPage.as_view(),
admin.Users.as_view(),
name="admin_users",
),
path(
"admin/identities/",
admin.IdentitiesPage.as_view(),
admin.Identities.as_view(),
name="admin_identities",
),
path(
"admin/invites/",
admin.Invites.as_view(),
name="admin_invites",
),
# Identity views
path("@<handle>/", identity.ViewIdentity.as_view()),
path("@<handle>/actor/", activitypub.Actor.as_view()),

View file

@ -27,10 +27,12 @@
<i class="fa-solid fa-city"></i> Local Posts
</a>
<h3></h3>
{% if config.signup_allowed %}
<a href="{% url "signup" %}" {% if current_page == "signup" %}class="selected"{% endif %}>
<i class="fa-solid fa-user-plus"></i> Create Account
</a>
{% endif %}
{% endif %}
</nav>
{% if current_page == "home" %}

View file

@ -0,0 +1,9 @@
{% extends "settings/base.html" %}
{% block subtitle %}Invites{% endblock %}
{% block content %}
<p>
Please use the <a href="/djadmin/users/invite/">Django Admin</a> for now.
</p>
{% endblock %}

View file

@ -7,6 +7,7 @@
{% csrf_token %}
<fieldset>
<legend>Create An Account</legend>
{{ config.signup_text|safe|linebreaks }}
{% for field in form %}
{% include "forms/_field.html" %}
{% endfor %}

View file

@ -30,6 +30,9 @@
<a href="{% url "admin_identities" %}" {% if section == "identities" %}class="selected"{% endif %}>
<i class="fa-solid fa-id-card"></i> Identities
</a>
<a href="{% url "admin_invites" %}" {% if section == "invites" %}class="selected"{% endif %}>
<i class="fa-solid fa-envelope"></i> Invites
</a>
<a href="/djadmin">
<i class="fa-solid fa-gear"></i> Django Admin
</a>

View file

@ -5,6 +5,7 @@ from users.models import (
Follow,
Identity,
InboxMessage,
Invite,
PasswordReset,
User,
UserEvent,
@ -66,3 +67,8 @@ class InboxMessageAdmin(admin.ModelAdmin):
def reset_state(self, request, queryset):
for instance in queryset:
instance.transition_perform("received")
@admin.register(Invite)
class InviteAdmin(admin.ModelAdmin):
list_display = ["id", "created", "token", "note"]

View file

@ -0,0 +1,32 @@
# Generated by Django 4.1.3 on 2022-11-18 06:34
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("users", "0004_passwordreset"),
]
operations = [
migrations.CreateModel(
name="Invite",
fields=[
(
"id",
models.BigAutoField(
auto_created=True,
primary_key=True,
serialize=False,
verbose_name="ID",
),
),
("token", models.CharField(max_length=500, unique=True)),
("email", models.EmailField(blank=True, max_length=254, null=True)),
("note", models.TextField(blank=True, null=True)),
("created", models.DateTimeField(auto_now_add=True)),
("updated", models.DateTimeField(auto_now=True)),
],
),
]

View file

@ -3,6 +3,7 @@ from .domain import Domain # noqa
from .follow import Follow, FollowStates # noqa
from .identity import Identity, IdentityStates # noqa
from .inbox_message import InboxMessage, InboxMessageStates # noqa
from .invite import Invite # noqa
from .password_reset import PasswordReset # noqa
from .user import User # noqa
from .user_event import UserEvent # noqa

30
users/models/invite.py Normal file
View file

@ -0,0 +1,30 @@
import random
from django.db import models
class Invite(models.Model):
"""
An invite token, good for one signup.
"""
# Should always be lowercase
token = models.CharField(max_length=500, unique=True)
# Is it limited to a specific email?
email = models.EmailField(null=True, blank=True)
# Admin note about this code
note = models.TextField(null=True, blank=True)
created = models.DateTimeField(auto_now_add=True)
updated = models.DateTimeField(auto_now=True)
@classmethod
def create_random(cls, email=None):
return cls.objects.create(
token="".join(
random.choice("abcdefghkmnpqrstuvwxyz23456789") for i in range(20)
),
email=email,
)

View file

@ -27,7 +27,7 @@ class PasswordResetStates(StateGraph):
await sync_to_async(send_mail)(
subject=f"{Config.system.site_name}: Confirm new account",
message=render_to_string(
"emails/new_account.txt",
"emails/account_new.txt",
{
"reset": reset,
"config": Config.system,

View file

@ -0,0 +1,56 @@
from django import forms
from django.utils.decorators import method_decorator
from django.views.generic import FormView, RedirectView, TemplateView
from users.decorators import admin_required
from users.models import Identity, User
from users.views.admin.domains import ( # noqa
DomainCreate,
DomainDelete,
DomainEdit,
Domains,
)
from users.views.admin.settings import BasicSettings # noqa
@method_decorator(admin_required, name="dispatch")
class AdminRoot(RedirectView):
pattern_name = "admin_basic"
@method_decorator(admin_required, name="dispatch")
class Users(TemplateView):
template_name = "admin/users.html"
def get_context_data(self):
return {
"users": User.objects.order_by("email"),
"section": "users",
}
@method_decorator(admin_required, name="dispatch")
class Identities(TemplateView):
template_name = "admin/identities.html"
def get_context_data(self):
return {
"identities": Identity.objects.order_by("username"),
"section": "identities",
}
@method_decorator(admin_required, name="dispatch")
class Invites(FormView):
template_name = "admin/invites.html"
extra_context = {"section": "invites"}
class form_class(forms.Form):
note = forms.CharField()
def get_context_data(self, *args, **kwargs):
context = super().get_context_data(*args, **kwargs)
return context

View file

@ -4,85 +4,14 @@ from django import forms
from django.db import models
from django.shortcuts import get_object_or_404, redirect
from django.utils.decorators import method_decorator
from django.views.generic import FormView, RedirectView, TemplateView
from django.views.generic import FormView, TemplateView
from core.models import Config
from users.decorators import admin_required
from users.models import Domain, Identity, User
from users.views.settings import SettingsPage
from users.models import Domain
@method_decorator(admin_required, name="dispatch")
class AdminRoot(RedirectView):
pattern_name = "admin_basic"
@method_decorator(admin_required, name="dispatch")
class AdminSettingsPage(SettingsPage):
"""
Shows a settings page dynamically created from our settings layout
at the bottom of the page. Don't add this to a URL directly - subclass!
"""
options_class = Config.SystemOptions
def load_config(self):
return Config.load_system()
def save_config(self, key, value):
Config.set_system(key, value)
class BasicPage(AdminSettingsPage):
section = "basic"
options = {
"site_name": {
"title": "Site Name",
},
"highlight_color": {
"title": "Highlight Color",
"help_text": "Used for logo background and other highlights",
},
"post_length": {
"title": "Maximum Post Length",
"help_text": "The maximum number of characters allowed per post",
},
"site_about": {
"title": "About This Site",
"help_text": "Displayed on the homepage and the about page",
"display": "textarea",
},
"site_icon": {
"title": "Site Icon",
"help_text": "Minimum size 64x64px. Should be square.",
},
"site_banner": {
"title": "Site Banner",
"help_text": "Must be at least 650px wide. 3:1 ratio of width:height recommended.",
},
"identity_max_per_user": {
"title": "Maximum Identities Per User",
"help_text": "Non-admins will be blocked from creating more than this",
},
}
layout = {
"Branding": [
"site_name",
"site_about",
"site_icon",
"site_banner",
"highlight_color",
],
"Posts": ["post_length"],
"Identities": ["identity_max_per_user"],
}
@method_decorator(admin_required, name="dispatch")
class DomainsPage(TemplateView):
class Domains(TemplateView):
template_name = "admin/domains.html"
@ -94,7 +23,7 @@ class DomainsPage(TemplateView):
@method_decorator(admin_required, name="dispatch")
class DomainCreatePage(FormView):
class DomainCreate(FormView):
template_name = "admin/domain_create.html"
extra_context = {"section": "domains"}
@ -154,7 +83,7 @@ class DomainCreatePage(FormView):
@method_decorator(admin_required, name="dispatch")
class DomainEditPage(FormView):
class DomainEdit(FormView):
template_name = "admin/domain_edit.html"
extra_context = {"section": "domains"}
@ -200,7 +129,7 @@ class DomainEditPage(FormView):
@method_decorator(admin_required, name="dispatch")
class DomainDeletePage(TemplateView):
class DomainDelete(TemplateView):
template_name = "admin/domain_delete.html"
@ -222,27 +151,3 @@ class DomainDeletePage(TemplateView):
raise ValueError("Tried to delete domain with identities!")
self.domain.delete()
return redirect("/settings/system/domains/")
@method_decorator(admin_required, name="dispatch")
class UsersPage(TemplateView):
template_name = "admin/users.html"
def get_context_data(self):
return {
"users": User.objects.order_by("email"),
"section": "users",
}
@method_decorator(admin_required, name="dispatch")
class IdentitiesPage(TemplateView):
template_name = "admin/identities.html"
def get_context_data(self):
return {
"identities": Identity.objects.order_by("username"),
"section": "identities",
}

View file

@ -0,0 +1,83 @@
from django.utils.decorators import method_decorator
from core.models import Config
from users.decorators import admin_required
from users.views.settings import SettingsPage
@method_decorator(admin_required, name="dispatch")
class AdminSettingsPage(SettingsPage):
"""
Shows a settings page dynamically created from our settings layout
at the bottom of the page. Don't add this to a URL directly - subclass!
"""
options_class = Config.SystemOptions
def load_config(self):
return Config.load_system()
def save_config(self, key, value):
Config.set_system(key, value)
class BasicSettings(AdminSettingsPage):
section = "basic"
options = {
"site_name": {
"title": "Site Name",
},
"highlight_color": {
"title": "Highlight Color",
"help_text": "Used for logo background and other highlights",
},
"post_length": {
"title": "Maximum Post Length",
"help_text": "The maximum number of characters allowed per post",
},
"site_about": {
"title": "About This Site",
"help_text": "Displayed on the homepage and the about page",
"display": "textarea",
},
"site_icon": {
"title": "Site Icon",
"help_text": "Minimum size 64x64px. Should be square.",
},
"site_banner": {
"title": "Site Banner",
"help_text": "Must be at least 650px wide. 3:1 ratio of width:height recommended.",
},
"identity_max_per_user": {
"title": "Maximum Identities Per User",
"help_text": "Non-admins will be blocked from creating more than this",
},
"signup_allowed": {
"title": "Signups Allowed",
"help_text": "If signups are allowed at all",
},
"signup_invite_only": {
"title": "Invite-Only",
"help_text": "If signups require an invite code",
},
"signup_text": {
"title": "Signup Page Text",
"help_text": "Shown above the signup form",
"display": "textarea",
},
}
layout = {
"Branding": [
"site_name",
"site_about",
"site_icon",
"site_banner",
"highlight_color",
],
"Signups": ["signup_allowed", "signup_invite_only", "signup_text"],
"Posts": ["post_length"],
"Identities": ["identity_max_per_user"],
}

View file

@ -4,7 +4,8 @@ from django.contrib.auth.views import LoginView, LogoutView
from django.shortcuts import get_object_or_404, render
from django.views.generic import FormView
from users.models import PasswordReset, User
from core.models import Config
from users.models import Invite, PasswordReset, User
class Login(LoginView):
@ -26,6 +27,13 @@ class Signup(FormView):
help_text="We will send a link to this email to set your password and create your account",
)
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
if Config.system.signup_invite_only:
self.fields["invite_code"] = forms.CharField(
help_text="Your invite code from one of our admins"
)
def clean_email(self):
email = self.cleaned_data.get("email").lower()
if not email:
@ -34,9 +42,17 @@ class Signup(FormView):
raise forms.ValidationError("This email already has an account")
return email
def clean_invite_code(self):
invite_code = self.cleaned_data["invite_code"].lower().strip()
if not Invite.objects.filter(token=invite_code).exists():
raise forms.ValidationError("That is not a valid invite code")
return invite_code
def form_valid(self, form):
user = User.objects.create(email=form.cleaned_data["email"])
PasswordReset.create_for_user(user)
if "invite_code" in form.cleaned_data:
Invite.objects.filter(token=form.cleaned_data["invite_code"]).delete()
return render(
self.request,
"auth/signup_success.html",