moviewyrm/bookwyrm/views/authentication.py

""" class views for login/register views """
from django.contrib.auth import authenticate, login, logout
from django.contrib.auth.decorators import login_required
from django.core.exceptions import PermissionDenied
from django.shortcuts import get_object_or_404, redirect
from django.template.response import TemplateResponse
from django.utils import timezone
from django.utils.decorators import method_decorator
from django.views.decorators.csrf import csrf_exempt
from django.views import View

from bookwyrm import forms, models
from bookwyrm.settings import DOMAIN


# pylint: disable= no-self-use
@method_decorator(csrf_exempt, name="dispatch")
class Login(View):
    """ authenticate an existing user """

    def get(self, request):
        """ login page """
        if request.user.is_authenticated:
            return redirect("/")
        # sene user to the login page
        data = {
            "login_form": forms.LoginForm(),
            "register_form": forms.RegisterForm(),
        }
        return TemplateResponse(request, "login.html", data)

    def post(self, request):
        """ authentication action """
        if request.user.is_authenticated:
            return redirect("/")
        login_form = forms.LoginForm(request.POST)

        localname = login_form.data["localname"]
        if "@" in localname:  # looks like an email address to me
            email = localname
            try:
                username = models.User.objects.get(email=email)
            except models.User.DoesNotExist:  # maybe it's a full username?
                username = localname
        else:
            username = "%s@%s" % (localname, DOMAIN)
        password = login_form.data["password"]
        user = authenticate(request, username=username, password=password)
        if user is not None:
            # successful login
            login(request, user)
            user.last_active_date = timezone.now()
            user.save(broadcast=False)
            return redirect(request.GET.get("next", "/"))

        # login errors
        login_form.non_field_errors = "Username or password are incorrect"
        register_form = forms.RegisterForm()
        data = {"login_form": login_form, "register_form": register_form}
        return TemplateResponse(request, "login.html", data)


class Register(View):
    """ register a user """

    def post(self, request):
        """ join the server """
        if not models.SiteSettings.get().allow_registration:
            invite_code = request.POST.get("invite_code")

            if not invite_code:
                raise PermissionDenied

            invite = get_object_or_404(models.SiteInvite, code=invite_code)
            if not invite.valid():
                raise PermissionDenied
        else:
            invite = None

        form = forms.RegisterForm(request.POST)
        errors = False
        if not form.is_valid():
            errors = True

        localname = form.data["localname"].strip()
        email = form.data["email"]
        password = form.data["password"]

        # check localname and email uniqueness
        if models.User.objects.filter(localname=localname).first():
            form.errors["localname"] = ["User with this username already exists"]
            errors = True

        if errors:
            data = {
                "login_form": forms.LoginForm(),
                "register_form": form,
                "invite": invite,
                "valid": invite.valid() if invite else True,
            }
            if invite:
                return TemplateResponse(request, "invite.html", data)
            return TemplateResponse(request, "login.html", data)

        username = "%s@%s" % (localname, DOMAIN)
        user = models.User.objects.create_user(
            username, email, password, localname=localname, local=True
        )
        if invite:
            invite.times_used += 1
            invite.invitees.add(user)
            invite.save()

        login(request, user)
        return redirect("get-started-profile")


@method_decorator(login_required, name="dispatch")
class Logout(View):
    """ log out """

    def get(self, request):
        """ done with this place! outa here! """
        logout(request)
        return redirect("/")
Runs black 2021-03-08 16:49:10 +00:00			`""" class views for login/register views """`
Password reset and change password flows 2021-01-12 16:48:31 +00:00			`from django.contrib.auth import authenticate, login, logout`
			`from django.contrib.auth.decorators import login_required`
Adds registration view 2021-01-12 16:19:08 +00:00			`from django.core.exceptions import PermissionDenied`
			`from django.shortcuts import get_object_or_404, redirect`
Adds login class view 2021-01-12 16:08:43 +00:00			`from django.template.response import TemplateResponse`
			`from django.utils import timezone`
Password reset and change password flows 2021-01-12 16:48:31 +00:00			`from django.utils.decorators import method_decorator`
Fixes csrf failure logging on from multiple tabs 2021-02-28 19:47:30 +00:00			`from django.views.decorators.csrf import csrf_exempt`
Adds login class view 2021-01-12 16:08:43 +00:00			`from django.views import View`

Adds registration view 2021-01-12 16:19:08 +00:00			`from bookwyrm import forms, models`
Adds login class view 2021-01-12 16:08:43 +00:00			`from bookwyrm.settings import DOMAIN`


Adds registration view 2021-01-12 16:19:08 +00:00			`# pylint: disable= no-self-use`
Runs black 2021-03-08 16:49:10 +00:00			`@method_decorator(csrf_exempt, name="dispatch")`
Password reset and change password flows 2021-01-12 16:48:31 +00:00			`class Login(View):`
Runs black 2021-03-08 16:49:10 +00:00			`""" authenticate an existing user """`

Adds login class view 2021-01-12 16:08:43 +00:00			`def get(self, request):`
Runs black 2021-03-08 16:49:10 +00:00			`""" login page """`
Adds login class view 2021-01-12 16:08:43 +00:00			`if request.user.is_authenticated:`
Runs black 2021-03-08 16:49:10 +00:00			`return redirect("/")`
Fixes authentication tests 2021-01-12 17:53:04 +00:00			`# sene user to the login page`
Adds login class view 2021-01-12 16:08:43 +00:00			`data = {`
Runs black 2021-03-08 16:49:10 +00:00			`"login_form": forms.LoginForm(),`
			`"register_form": forms.RegisterForm(),`
Adds login class view 2021-01-12 16:08:43 +00:00			`}`
Runs black 2021-03-08 16:49:10 +00:00			`return TemplateResponse(request, "login.html", data)`
Adds login class view 2021-01-12 16:08:43 +00:00
			`def post(self, request):`
Runs black 2021-03-08 16:49:10 +00:00			`""" authentication action """`
Fixes csrf failure logging on from multiple tabs 2021-02-28 19:47:30 +00:00			`if request.user.is_authenticated:`
Runs black 2021-03-08 16:49:10 +00:00			`return redirect("/")`
Adds login class view 2021-01-12 16:08:43 +00:00			`login_form = forms.LoginForm(request.POST)`

Runs black 2021-03-08 16:49:10 +00:00			`localname = login_form.data["localname"]`
			`if "@" in localname: # looks like an email address to me`
Allow users to log in with email or username 2021-01-18 19:01:06 +00:00			`email = localname`
			`try:`
			`username = models.User.objects.get(email=email)`
Runs black 2021-03-08 16:49:10 +00:00			`except models.User.DoesNotExist: # maybe it's a full username?`
Allow users to log in with email or username 2021-01-18 19:01:06 +00:00			`username = localname`
			`else:`
Runs black 2021-03-08 16:49:10 +00:00			`username = "%s@%s" % (localname, DOMAIN)`
			`password = login_form.data["password"]`
Adds login class view 2021-01-12 16:08:43 +00:00			`user = authenticate(request, username=username, password=password)`
			`if user is not None:`
			`# successful login`
			`login(request, user)`
			`user.last_active_date = timezone.now()`
Use save method override instead of a signal and gets the new test file working 2021-02-06 20:00:47 +00:00			`user.save(broadcast=False)`
Runs black 2021-03-08 16:49:10 +00:00			`return redirect(request.GET.get("next", "/"))`
Adds login class view 2021-01-12 16:08:43 +00:00
			`# login errors`
Runs black 2021-03-08 16:49:10 +00:00			`login_form.non_field_errors = "Username or password are incorrect"`
Adds login class view 2021-01-12 16:08:43 +00:00			`register_form = forms.RegisterForm()`
Runs black 2021-03-08 16:49:10 +00:00			`data = {"login_form": login_form, "register_form": register_form}`
			`return TemplateResponse(request, "login.html", data)`
Adds registration view 2021-01-12 16:19:08 +00:00

Password reset and change password flows 2021-01-12 16:48:31 +00:00			`class Register(View):`
Runs black 2021-03-08 16:49:10 +00:00			`""" register a user """`

Adds registration view 2021-01-12 16:19:08 +00:00			`def post(self, request):`
Runs black 2021-03-08 16:49:10 +00:00			`""" join the server """`
Adds registration view 2021-01-12 16:19:08 +00:00			`if not models.SiteSettings.get().allow_registration:`
Runs black 2021-03-08 16:49:10 +00:00			`invite_code = request.POST.get("invite_code")`
Adds registration view 2021-01-12 16:19:08 +00:00
			`if not invite_code:`
			`raise PermissionDenied`

			`invite = get_object_or_404(models.SiteInvite, code=invite_code)`
			`if not invite.valid():`
			`raise PermissionDenied`
			`else:`
			`invite = None`

			`form = forms.RegisterForm(request.POST)`
			`errors = False`
			`if not form.is_valid():`
			`errors = True`

Runs black 2021-03-08 16:49:10 +00:00			`localname = form.data["localname"].strip()`
			`email = form.data["email"]`
			`password = form.data["password"]`
Adds registration view 2021-01-12 16:19:08 +00:00
			`# check localname and email uniqueness`
			`if models.User.objects.filter(localname=localname).first():`
Runs black 2021-03-08 16:49:10 +00:00			`form.errors["localname"] = ["User with this username already exists"]`
Adds registration view 2021-01-12 16:19:08 +00:00			`errors = True`

			`if errors:`
			`data = {`
Runs black 2021-03-08 16:49:10 +00:00			`"login_form": forms.LoginForm(),`
			`"register_form": form,`
			`"invite": invite,`
			`"valid": invite.valid() if invite else True,`
Adds registration view 2021-01-12 16:19:08 +00:00			`}`
			`if invite:`
Runs black 2021-03-08 16:49:10 +00:00			`return TemplateResponse(request, "invite.html", data)`
			`return TemplateResponse(request, "login.html", data)`
Adds registration view 2021-01-12 16:19:08 +00:00
Runs black 2021-03-08 16:49:10 +00:00			`username = "%s@%s" % (localname, DOMAIN)`
Adds registration view 2021-01-12 16:19:08 +00:00			`user = models.User.objects.create_user(`
Runs black 2021-03-08 16:49:10 +00:00			`username, email, password, localname=localname, local=True`
			`)`
Adds registration view 2021-01-12 16:19:08 +00:00			`if invite:`
			`invite.times_used += 1`
Associate users with their invites 2021-04-02 00:19:29 +00:00			`invite.invitees.add(user)`
Adds registration view 2021-01-12 16:19:08 +00:00			`invite.save()`

			`login(request, user)`
Changes the header copy 2021-04-01 19:46:38 +00:00			`return redirect("get-started-profile")`
Password reset and change password flows 2021-01-12 16:48:31 +00:00

Runs black 2021-03-08 16:49:10 +00:00			`@method_decorator(login_required, name="dispatch")`
Password reset and change password flows 2021-01-12 16:48:31 +00:00			`class Logout(View):`
Runs black 2021-03-08 16:49:10 +00:00			`""" log out """`

Password reset and change password flows 2021-01-12 16:48:31 +00:00			`def get(self, request):`
Runs black 2021-03-08 16:49:10 +00:00			`""" done with this place! outa here! """`
Password reset and change password flows 2021-01-12 16:48:31 +00:00			`logout(request)`
Runs black 2021-03-08 16:49:10 +00:00			`return redirect("/")`