django.contrib.auth.views: 137 total statements, 0.0% covered

Generated: Wed 2013-03-13 10:33 CET

Source file: /media/Envs/Envs/filer-gallery/lib/python2.7/site-packages/django/contrib/auth/views.py

Stats: 0 executed, 121 missed, 16 excluded, 124 ignored

  1. import urlparse
  2. from django.conf import settings
  3. from django.core.urlresolvers import reverse
  4. from django.http import HttpResponseRedirect, QueryDict
  5. from django.template.response import TemplateResponse
  6. from django.utils.http import base36_to_int, is_safe_url
  7. from django.utils.translation import ugettext as _
  8. from django.views.decorators.debug import sensitive_post_parameters
  9. from django.views.decorators.cache import never_cache
  10. from django.views.decorators.csrf import csrf_protect
  11. # Avoid shadowing the login() and logout() views below.
  12. from django.contrib.auth import REDIRECT_FIELD_NAME, login as auth_login, logout as auth_logout
  13. from django.contrib.auth.decorators import login_required
  14. from django.contrib.auth.forms import AuthenticationForm, PasswordResetForm, SetPasswordForm, PasswordChangeForm
  15. from django.contrib.auth.models import User
  16. from django.contrib.auth.tokens import default_token_generator
  17. from django.contrib.sites.models import get_current_site
  18. @sensitive_post_parameters()
  19. @csrf_protect
  20. @never_cache
  21. def login(request, template_name='registration/login.html',
  22. redirect_field_name=REDIRECT_FIELD_NAME,
  23. authentication_form=AuthenticationForm,
  24. current_app=None, extra_context=None):
  25. """
  26. Displays the login form and handles the login action.
  27. """
  28. redirect_to = request.REQUEST.get(redirect_field_name, '')
  29. if request.method == "POST":
  30. form = authentication_form(data=request.POST)
  31. if form.is_valid():
  32. # Ensure the user-originating redirection url is safe.
  33. if not is_safe_url(url=redirect_to, host=request.get_host()):
  34. redirect_to = settings.LOGIN_REDIRECT_URL
  35. # Okay, security check complete. Log the user in.
  36. auth_login(request, form.get_user())
  37. if request.session.test_cookie_worked():
  38. request.session.delete_test_cookie()
  39. return HttpResponseRedirect(redirect_to)
  40. else:
  41. form = authentication_form(request)
  42. request.session.set_test_cookie()
  43. current_site = get_current_site(request)
  44. context = {
  45. 'form': form,
  46. redirect_field_name: redirect_to,
  47. 'site': current_site,
  48. 'site_name': current_site.name,
  49. }
  50. if extra_context is not None:
  51. context.update(extra_context)
  52. return TemplateResponse(request, template_name, context,
  53. current_app=current_app)
  54. def logout(request, next_page=None,
  55. template_name='registration/logged_out.html',
  56. redirect_field_name=REDIRECT_FIELD_NAME,
  57. current_app=None, extra_context=None):
  58. """
  59. Logs out the user and displays 'You are logged out' message.
  60. """
  61. auth_logout(request)
  62. if redirect_field_name in request.REQUEST:
  63. next_page = request.REQUEST[redirect_field_name]
  64. # Security check -- don't allow redirection to a different host.
  65. if not is_safe_url(url=next_page, host=request.get_host()):
  66. next_page = request.path
  67. if next_page:
  68. # Redirect to this page until the session has been cleared.
  69. return HttpResponseRedirect(next_page)
  70. current_site = get_current_site(request)
  71. context = {
  72. 'site': current_site,
  73. 'site_name': current_site.name,
  74. 'title': _('Logged out')
  75. }
  76. if extra_context is not None:
  77. context.update(extra_context)
  78. return TemplateResponse(request, template_name, context,
  79. current_app=current_app)
  80. def logout_then_login(request, login_url=None, current_app=None, extra_context=None):
  81. """
  82. Logs out the user if he is logged in. Then redirects to the log-in page.
  83. """
  84. if not login_url:
  85. login_url = settings.LOGIN_URL
  86. return logout(request, login_url, current_app=current_app, extra_context=extra_context)
  87. def redirect_to_login(next, login_url=None,
  88. redirect_field_name=REDIRECT_FIELD_NAME):
  89. """
  90. Redirects the user to the login page, passing the given 'next' page
  91. """
  92. if not login_url:
  93. login_url = settings.LOGIN_URL
  94. login_url_parts = list(urlparse.urlparse(login_url))
  95. if redirect_field_name:
  96. querystring = QueryDict(login_url_parts[4], mutable=True)
  97. querystring[redirect_field_name] = next
  98. login_url_parts[4] = querystring.urlencode(safe='/')
  99. return HttpResponseRedirect(urlparse.urlunparse(login_url_parts))
  100. # 4 views for password reset:
  101. # - password_reset sends the mail
  102. # - password_reset_done shows a success message for the above
  103. # - password_reset_confirm checks the link the user clicked and
  104. # prompts for a new password
  105. # - password_reset_complete shows a success message for the above
  106. @csrf_protect
  107. def password_reset(request, is_admin_site=False,
  108. template_name='registration/password_reset_form.html',
  109. email_template_name='registration/password_reset_email.html',
  110. subject_template_name='registration/password_reset_subject.txt',
  111. password_reset_form=PasswordResetForm,
  112. token_generator=default_token_generator,
  113. post_reset_redirect=None,
  114. from_email=None,
  115. current_app=None,
  116. extra_context=None):
  117. if post_reset_redirect is None:
  118. post_reset_redirect = reverse('django.contrib.auth.views.password_reset_done')
  119. if request.method == "POST":
  120. form = password_reset_form(request.POST)
  121. if form.is_valid():
  122. opts = {
  123. 'use_https': request.is_secure(),
  124. 'token_generator': token_generator,
  125. 'from_email': from_email,
  126. 'email_template_name': email_template_name,
  127. 'subject_template_name': subject_template_name,
  128. 'request': request,
  129. }
  130. if is_admin_site:
  131. opts = dict(opts, domain_override=request.get_host())
  132. form.save(**opts)
  133. return HttpResponseRedirect(post_reset_redirect)
  134. else:
  135. form = password_reset_form()
  136. context = {
  137. 'form': form,
  138. }
  139. if extra_context is not None:
  140. context.update(extra_context)
  141. return TemplateResponse(request, template_name, context,
  142. current_app=current_app)
  143. def password_reset_done(request,
  144. template_name='registration/password_reset_done.html',
  145. current_app=None, extra_context=None):
  146. context = {}
  147. if extra_context is not None:
  148. context.update(extra_context)
  149. return TemplateResponse(request, template_name, context,
  150. current_app=current_app)
  151. # Doesn't need csrf_protect since no-one can guess the URL
  152. @sensitive_post_parameters()
  153. @never_cache
  154. def password_reset_confirm(request, uidb36=None, token=None,
  155. template_name='registration/password_reset_confirm.html',
  156. token_generator=default_token_generator,
  157. set_password_form=SetPasswordForm,
  158. post_reset_redirect=None,
  159. current_app=None, extra_context=None):
  160. """
  161. View that checks the hash in a password reset link and presents a
  162. form for entering a new password.
  163. """
  164. assert uidb36 is not None and token is not None # checked by URLconf
  165. if post_reset_redirect is None:
  166. post_reset_redirect = reverse('django.contrib.auth.views.password_reset_complete')
  167. try:
  168. uid_int = base36_to_int(uidb36)
  169. user = User.objects.get(id=uid_int)
  170. except (ValueError, User.DoesNotExist):
  171. user = None
  172. if user is not None and token_generator.check_token(user, token):
  173. validlink = True
  174. if request.method == 'POST':
  175. form = set_password_form(user, request.POST)
  176. if form.is_valid():
  177. form.save()
  178. return HttpResponseRedirect(post_reset_redirect)
  179. else:
  180. form = set_password_form(None)
  181. else:
  182. validlink = False
  183. form = None
  184. context = {
  185. 'form': form,
  186. 'validlink': validlink,
  187. }
  188. if extra_context is not None:
  189. context.update(extra_context)
  190. return TemplateResponse(request, template_name, context,
  191. current_app=current_app)
  192. def password_reset_complete(request,
  193. template_name='registration/password_reset_complete.html',
  194. current_app=None, extra_context=None):
  195. context = {
  196. 'login_url': settings.LOGIN_URL
  197. }
  198. if extra_context is not None:
  199. context.update(extra_context)
  200. return TemplateResponse(request, template_name, context,
  201. current_app=current_app)
  202. @sensitive_post_parameters()
  203. @csrf_protect
  204. @login_required
  205. def password_change(request,
  206. template_name='registration/password_change_form.html',
  207. post_change_redirect=None,
  208. password_change_form=PasswordChangeForm,
  209. current_app=None, extra_context=None):
  210. if post_change_redirect is None:
  211. post_change_redirect = reverse('django.contrib.auth.views.password_change_done')
  212. if request.method == "POST":
  213. form = password_change_form(user=request.user, data=request.POST)
  214. if form.is_valid():
  215. form.save()
  216. return HttpResponseRedirect(post_change_redirect)
  217. else:
  218. form = password_change_form(user=request.user)
  219. context = {
  220. 'form': form,
  221. }
  222. if extra_context is not None:
  223. context.update(extra_context)
  224. return TemplateResponse(request, template_name, context,
  225. current_app=current_app)
  226. @login_required
  227. def password_change_done(request,
  228. template_name='registration/password_change_done.html',
  229. current_app=None, extra_context=None):
  230. context = {}
  231. if extra_context is not None:
  232. context.update(extra_context)
  233. return TemplateResponse(request, template_name, context,
  234. current_app=current_app)