165 lines
6.3 KiB
Python
165 lines
6.3 KiB
Python
from django.http import HttpResponse, HttpResponseRedirect, HttpResponseBadRequest, Http404, HttpResponseForbidden
|
|
from django.shortcuts import render
|
|
# from django.db.models import Manager
|
|
from django.contrib.auth import authenticate, login, logout, update_session_auth_hash
|
|
from django.contrib.auth.hashers import check_password
|
|
from django.contrib.auth.password_validation import validate_password, password_changed
|
|
from django.core.exceptions import ValidationError
|
|
from django.contrib.auth.decorators import login_required, permission_required
|
|
from .models import User
|
|
from .forms import UserRegisterForm
|
|
|
|
|
|
def view_logout(request):
|
|
logout(request)
|
|
# перенаправляем на страницу авторизации
|
|
return HttpResponseRedirect('/account/login')
|
|
|
|
|
|
def view_login(request):
|
|
if request.user.is_authenticated:
|
|
# уже авторизован, перенаправляем либо в корень, либо по пути, указанному в next
|
|
redirect_uri = "/"
|
|
if "next" in request.GET:
|
|
if request.GET['next'] != request.path:
|
|
# чтобы не возникло циклического редиректа
|
|
redirect_uri = request.GET['next']
|
|
return HttpResponseRedirect(redirect_uri)
|
|
|
|
render_context = {
|
|
'message': None
|
|
}
|
|
if request.method == "POST":
|
|
try:
|
|
username = request.POST["username"]
|
|
password = request.POST["password"]
|
|
except KeyError:
|
|
return HttpResponseBadRequest()
|
|
user = authenticate(request, username=username, password=password)
|
|
if user is not None:
|
|
login(request, user)
|
|
redirect_uri = "/"
|
|
if "next" in request.GET:
|
|
if request.GET['next'] != request.path:
|
|
# чтобы не возникло циклического редиректа
|
|
redirect_uri = request.GET['next']
|
|
return HttpResponseRedirect(redirect_uri)
|
|
else:
|
|
render_context['message'] = "Неверный логин или пароль"
|
|
return render(request, 'account/login.html', render_context)
|
|
elif request.method == "GET":
|
|
return render(request, 'account/login.html', render_context)
|
|
else:
|
|
return HttpResponseBadRequest()
|
|
|
|
|
|
@login_required
|
|
def view_account(request, username=None):
|
|
view_user = request.user
|
|
if username is not None:
|
|
if username != view_user.login:
|
|
if request.user.has_perm('users.view_user'):
|
|
try:
|
|
view_user = User.objects.get_by_natural_key(username)
|
|
except:
|
|
return Http404()
|
|
else:
|
|
return HttpResponseForbidden()
|
|
return render(request, 'account/view.html', {'view_user': view_user})
|
|
|
|
|
|
@login_required
|
|
@permission_required(perm='users.add_user', raise_exception=True)
|
|
def view_register(request):
|
|
form = UserRegisterForm(request.POST or None)
|
|
if request.method == 'POST':
|
|
if form.is_valid():
|
|
form.save()
|
|
return HttpResponseRedirect('/account/list')
|
|
return render(request, 'account/register.html', {'form': form})
|
|
|
|
|
|
@login_required
|
|
def view_change_password(request):
|
|
target_user = request.user
|
|
old_password_required = True
|
|
if 'username' in request.GET:
|
|
if request.GET['username'] != target_user.login:
|
|
if request.user.has_perm('users.change_user'):
|
|
old_password_required = False
|
|
try:
|
|
target_user = User.objects.get_by_natural_key(request.GET['username'])
|
|
except:
|
|
return Http404()
|
|
else:
|
|
return HttpResponseForbidden()
|
|
|
|
render_context = {
|
|
'target_user': target_user,
|
|
'old_password_required': old_password_required,
|
|
'old_password_wrong': False,
|
|
'new_password_errors': None,
|
|
'new_password_equals': True
|
|
}
|
|
|
|
if request.method == "POST":
|
|
# для начала проверка того, что старый пароль
|
|
form_valid = True
|
|
try:
|
|
post_curr_pass = request.POST['current_password'] if old_password_required else None
|
|
post_pass1 = request.POST['password1']
|
|
post_pass2 = request.POST['password2']
|
|
except KeyError:
|
|
return HttpResponseBadRequest()
|
|
|
|
if old_password_required:
|
|
if not check_password(post_curr_pass, target_user.password):
|
|
render_context['old_password_wrong'] = False
|
|
form_valid = False
|
|
|
|
# теперь проверим то, что пароли одинаковые
|
|
if post_pass1 != post_pass2:
|
|
render_context['new_password_equals'] = False
|
|
form_valid = False
|
|
|
|
# теперь проверим, что пароль ввели нормальный
|
|
try:
|
|
validate_password(post_pass1, target_user)
|
|
except ValidationError as ve:
|
|
render_context['new_password_errors'] = ve.messages
|
|
form_valid = False
|
|
|
|
if form_valid:
|
|
target_user.set_password(post_pass1)
|
|
target_user.save()
|
|
password_changed(post_pass1, target_user)
|
|
update_session_auth_hash(request, target_user)
|
|
return render(request, 'account/change-password-done.html', {'target_user': target_user})
|
|
|
|
return render(request, 'account/change-password.html', render_context)
|
|
|
|
|
|
@login_required
|
|
@permission_required(perm='users.view_user', raise_exception=True)
|
|
def view_list(request):
|
|
return render(request, 'account/list.html', {'users': User.objects.order_by('login')})
|
|
|
|
|
|
@login_required
|
|
@permission_required(perm='users.delete_user', raise_exception=True)
|
|
def view_delete(request, username):
|
|
if username != request.user.login:
|
|
try:
|
|
target_user = User.objects.get_by_natural_key(username)
|
|
if request.method == 'GET':
|
|
return render(request, 'account/delete.html', {'target_user': target_user})
|
|
elif request.method == 'POST':
|
|
target_user.delete()
|
|
return HttpResponseRedirect('/account/list')
|
|
else:
|
|
return HttpResponseBadRequest()
|
|
except:
|
|
return Http404()
|
|
else:
|
|
return HttpResponseForbidden()
|