def testView(self):
"""
Check that login_required is assignable to normal views.
"""
def normal_view(request):
pass
login_required(normal_view)
def admin(f):
"""
@admin
A decorator that turns a class into ADMIN
"""
import auth.decorators as a_deco
if not inspect.isclass(f):
raise TypeError("@ADMIN expects a Mocha class")
if config("ADMIN_ENABLED", True):
# Index route
index_route = config("ADMIN_INDEX_ROUTE", "/")
# ROLES
min_role = config("ADMIN_MIN_ACL", "ADMIN")
role_name = "accepts_%s_roles" % min_role.lower()
if not hasattr(a_deco, role_name):
raise ValueError("Invalid ADMIN_MIN_ACL: %s" % min_role)
getattr(a_deco, role_name)(f)
a_deco.login_required(f)
set_view_attr(f, "nav_tags", [ADMIN_TAG])
layout = config("ADMIN_LAYOUT") or ADMIN_LAYOUT
return render.template(layout=layout)(f)
else:
set_view_attr(f, "nav_visible", False)
f.before_request = disable_admin
return f
def testView(self):
"""
Check that login_required is assignable to normal views.
"""
def normal_view(request):
pass
login_required(normal_view)
def testCallable(self):
"""
Check that login_required is assignable to callable objects.
"""
class CallableView(object):
def __call__(self, *args, **kwargs):
pass
login_required(CallableView())
def testCallable(self):
"""
Check that login_required is assignable to callable objects.
"""
class CallableView(object):
def __call__(self, *args, **kwargs):
pass
login_required(CallableView())
redis_token_db.set(email, json.dumps(value), ex=ONE_DAY)
return jsonify(value)
def _delete(user_id):
if g.user['id'] != user_id:
""" Only self-delete is permitted"""
return jsonify(message='Unauthorized request'), 403
user = User(id=user_id)
user.delete()
_delete_token()
return jsonify(message='ok'), 200
delete_user = login_required(_delete)
def post_token():
"""Check email/password then return a token. Actually, it's the 'login' function"""
email = request.get_json()['email']
password = request.get_json()['password']
user = User.fetchone(email=email)
if user is None:
return jsonify(error='email address does not exist'), 401
hash = user.hash
if argon2.verify(password, hash):
g.user = user
token = secrets.token_urlsafe(32)
value = {
def auth_processor_perms(request):
return render_to_response('context_processors/auth_attrs_perms.html',
RequestContext(request, {}, processors=[context_processors.auth]))
def auth_processor_messages(request):
info(request, "Message 1")
return render_to_response('context_processors/auth_attrs_messages.html',
RequestContext(request, {}, processors=[context_processors.auth]))
def userpage(request):
pass
# special urls for auth test cases
urlpatterns = urlpatterns + patterns('',
(r'^logout/custom_query/$', 'auth.views.logout', dict(redirect_field_name='follow')),
(r'^logout/next_page/$', 'auth.views.logout', dict(next_page='/somewhere/')),
(r'^remote_user/$', remote_user_auth_view),
(r'^password_reset_from_email/$', 'auth.views.password_reset', dict(from_email='*****@*****.**')),
(r'^admin_password_reset/$', 'auth.views.password_reset', dict(is_admin_site=True)),
(r'^login_required/$', login_required(password_reset)),
(r'^login_required_login_url/$', login_required(password_reset, login_url='/somewhere/')),
(r'^auth_processor_no_attr_access/$', auth_processor_no_attr_access),
(r'^auth_processor_attr_access/$', auth_processor_attr_access),
(r'^auth_processor_user/$', auth_processor_user),
(r'^auth_processor_perms/$', auth_processor_perms),
(r'^auth_processor_messages/$', auth_processor_messages),
url(r'^userpage/(.+)/$', userpage, name="userpage"),
)
from django.conf.urls import url
from auth.decorators import login_required
from . import views
urlpatterns = [
url(r'^$', login_required(views.RevisionList.as_view()), name='list'),
url(r'^new/$', login_required(views.NewRevision.as_view()), name='new'),
url(r'^(?P<revision_id>\d+)/editor/$',
login_required(views.Editor.as_view()),
name='editor'),
url(r'^(?P<revision_id>\d+)/editor/(?P<file_path>.+)/$',
login_required(views.EditFile.as_view()),
name='edit-file'),
url(r'^(?P<revision_id>\d+)/send-for-2i/$',
login_required(views.SendFor2i.as_view()),
name='send-for-2i'),
url(r'^(?P<revision_id>\d+)/send-back/$',
login_required(views.SendBack.as_view()),
name='send-back'),
url(r'^(?P<revision_id>\d+)/publish/$',
login_required(views.Publish.as_view()),
name='publish'),
url(r'^(?P<revision_id>\d+)/activities/$',
login_required(views.Activities.as_view()),
name='activities'),
url(r'^(?P<revision_id>\d+)/changes/$',
login_required(views.Changes.as_view()),
name='changes'),
]
from django.conf.urls import url
from auth.decorators import login_required
from . import views
urlpatterns = [
url(
r'^$',
login_required(views.RevisionList.as_view()),
name='list'
),
url(
r'^new/$',
login_required(views.NewRevision.as_view()),
name='new'
),
url(
r'^(?P<revision_id>\d+)/editor/$',
login_required(views.Editor.as_view()),
name='editor'
),
url(
r'^(?P<revision_id>\d+)/editor/(?P<file_path>.+)/$',
login_required(views.EditFile.as_view()),
name='edit-file'
),
url(
r'^(?P<revision_id>\d+)/send-for-2i/$',
login_required(views.SendFor2i.as_view()),
name='send-for-2i'
),
