def process_response(self, request, response):
# If the "_logout" flag is set on the response, generate a response
# that will log the user out.
if getattr(response, '_logout', False):
return auth.logout(redirect=request.GET.get('redirect', None))
# If our security token is old, issue a new one.
if hasattr(request, 'user'):
cred = getattr(request.user, '_credentials', None)
if cred and cred.security_token_is_stale:
auth.attach_credentials(response, request.user)
return response
def process_response(self, request, response):
# If the "_logout" flag is set on the response, generate a response
# that will log the user out.
if getattr(response, '_logout', False):
return auth.logout(redirect=request.GET.get('redirect', None))
# If our security token is old, issue a new one.
if hasattr(request, 'user'):
cred = getattr(request.user, '_credentials', None)
if cred and cred.security_token_is_stale:
auth.attach_credentials(response, request.user)
return response
def test_attach_credentials(self):
# Set up a test user.
email = '*****@*****.**'
user = User(email=email)
# Attach the user's credentials to a test response.
response = http.HttpResponse('test')
auth.attach_credentials(response, user)
# Make sure the response now contains a cookie with the correct
# security token.
self.assertTrue(auth._CHIRP_SECURITY_TOKEN_COOKIE in response.cookies)
token = response.cookies[auth._CHIRP_SECURITY_TOKEN_COOKIE].value
cred = auth._parse_security_token(token)
self.assertEqual(email, cred.email)
def test_attach_credentials(self):
# Set up a test user.
email = '*****@*****.**'
user = User(email=email)
# Attach the user's credentials to a test response.
response = http.HttpResponse('test')
auth.attach_credentials(response, user)
# Make sure the response now contains a cookie with the correct
# security token.
self.assertTrue(auth._CHIRP_SECURITY_TOKEN_COOKIE in response.cookies)
token = response.cookies[auth._CHIRP_SECURITY_TOKEN_COOKIE].value
cred = auth._parse_security_token(token)
self.assertEqual(email, cred.email)
def reset_password(request):
"""Allow a user to reset their password.
The user authenticates by presenting a security token. Users will
arrive at this page by clicking on the URL in the email they are
sent by the /auth/forgot_password page.
"""
if request.user:
return http.HttpResponseForbidden('Logged-in users prohibited.')
tmpl = loader.get_template('auth/reset_password.html')
ctx_vars = {
'Title': 'Reset Password',
}
user = None
if request.method == 'GET':
token = request.GET.get('token')
if token is None:
return http.HttpResponseForbidden('Missing token')
email = auth.parse_password_reset_token(token)
if email is None:
return http.HttpResponseForbidden('Invalid token')
ctx_vars['form'] = auth_forms.ResetPasswordForm(
initial={'token': token})
else:
form = auth_forms.ResetPasswordForm(request.POST)
if not form.is_valid():
ctx_vars['form'] = form
else:
token = form.cleaned_data['token']
email = token and auth.parse_password_reset_token(token)
if email is None:
return http.HttpResponseForbidden('Invalid token')
user = User.get_by_email(email)
if user is None:
return http.HttpResponseForbidden('No user for token')
user.set_password(form.cleaned_data['new_password'])
# We are also logging the user in automatically, so record
# the time.
user.last_login = datetime.datetime.now()
AutoRetry(user).save()
# Attach the user to the request so that our page will
# display the chrome shown to logged-in users.
request.user = user
ctx = RequestContext(request, ctx_vars)
response = http.HttpResponse(tmpl.render(ctx))
if request.user:
auth.attach_credentials(response, request.user)
return response
def reset_password(request):
"""Allow a user to reset their password.
The user authenticates by presenting a security token. Users will
arrive at this page by clicking on the URL in the email they are
sent by the /auth/forgot_password page.
"""
if request.user:
return http.HttpResponseForbidden('Logged-in users prohibited.')
tmpl = loader.get_template('auth/reset_password.html')
ctx_vars = {
'Title': 'Reset Password',
}
user = None
if request.method == 'GET':
token = request.GET.get('token')
if token is None:
return http.HttpResponseForbidden('Missing token')
email = auth.parse_password_reset_token(token)
if email is None:
return http.HttpResponseForbidden('Invalid token')
ctx_vars['form'] = auth_forms.ResetPasswordForm(
initial={'token': token})
else:
form = auth_forms.ResetPasswordForm(request.POST)
if not form.is_valid():
ctx_vars['form'] = form
else:
token = form.cleaned_data['token']
email = token and auth.parse_password_reset_token(token)
if email is None:
return http.HttpResponseForbidden('Invalid token')
user = User.get_by_email(email)
if user is None:
return http.HttpResponseForbidden('No user for token')
user.set_password(form.cleaned_data['new_password'])
# We are also logging the user in automatically, so record
# the time.
user.last_login = datetime.datetime.now()
AutoRetry(user).save()
# Attach the user to the request so that our page will
# display the chrome shown to logged-in users.
request.user = user
ctx = RequestContext(request, ctx_vars)
response = http.HttpResponse(tmpl.render(ctx))
if request.user:
auth.attach_credentials(response, request.user)
return response
def hello(request):
"""Implements our login page."""
redirect = '/'
tmpl = loader.get_template('auth/hello.html')
if request.method == 'GET':
redirect = request.GET.get('redirect', '/')
# Already signed in? Then redirect immediately.
if request.user:
return http.HttpResponseRedirect(redirect)
form = auth_forms.LoginForm(initial={
'redirect': redirect,
})
else:
form = auth_forms.LoginForm(request.POST)
if form.is_valid():
response = http.HttpResponseRedirect(form.cleaned_data['redirect'])
auth.attach_credentials(response, form.user)
# Update the last login time in the User record.
form.user.last_login = datetime.datetime.now()
AutoRetry(form.user).save()
return response
ctx = RequestContext(request, {'form': form})
return http.HttpResponse(tmpl.render(ctx))
def hello(request):
"""Implements our login page."""
redirect = '/'
tmpl = loader.get_template('auth/hello.html')
if request.method == 'GET':
redirect = request.GET.get('redirect', '/')
# Already signed in? Then redirect immediately.
if request.user:
return http.HttpResponseRedirect(redirect)
form = auth_forms.LoginForm(initial={
'redirect': redirect,
})
else:
form = auth_forms.LoginForm(request.POST)
if form.is_valid():
response = http.HttpResponseRedirect(form.cleaned_data['redirect'])
auth.attach_credentials(response, form.user)
# Update the last login time in the User record.
form.user.last_login = datetime.datetime.now()
AutoRetry(form.user).save()
return response
ctx = RequestContext(request, {'form': form})
return http.HttpResponse(tmpl.render(ctx))