def test_create_admin_post(self):
"""there are so many views, this just makes sure it LOADS"""
self.site.name = "hello"
self.site.save()
self.assertFalse(self.site.allow_registration)
self.assertTrue(self.site.require_confirm_email)
self.assertTrue(self.site.install_mode)
view = views.CreateAdmin.as_view()
form = forms.RegisterForm()
form.data["localname"] = "mouse"
form.data["password"] = "******"
form.data["email"] = "*****@*****.**"
request = self.factory.post("", form.data)
with patch("bookwyrm.views.setup.login") as mock:
view(request)
self.assertTrue(mock.called)
self.site.refresh_from_db()
self.assertFalse(self.site.install_mode)
user = models.User.objects.get()
self.assertTrue(user.is_active)
self.assertTrue(user.is_superuser)
self.assertTrue(user.is_staff)
self.assertTrue(user.shelf_set.exists())
def post(self, request):
"""authentication action"""
if request.user.is_authenticated:
return redirect("/")
login_form = forms.LoginForm(request.POST)
localname = login_form.data["localname"]
if "@" in localname: # looks like an email address to me
email = localname
try:
username = models.User.objects.get(email=email)
except models.User.DoesNotExist: # maybe it's a full username?
username = localname
else:
username = "******" % (localname, DOMAIN)
password = login_form.data["password"]
user = authenticate(request, username=username, password=password)
if user is not None:
# successful login
login(request, user)
user.last_active_date = timezone.now()
user.save(broadcast=False)
return redirect(request.GET.get("next", "/"))
# login errors
login_form.non_field_errors = "Username or password are incorrect"
register_form = forms.RegisterForm()
data = {"login_form": login_form, "register_form": register_form}
return TemplateResponse(request, "login.html", data)
def post(self, request):
''' authentication action '''
login_form = forms.LoginForm(request.POST)
localname = login_form.data['localname']
if '@' in localname: # looks like an email address to me
email = localname
try:
username = models.User.objects.get(email=email)
except models.User.DoesNotExist: # maybe it's a full username?
username = localname
else:
username = '******' % (localname, DOMAIN)
password = login_form.data['password']
user = authenticate(request, username=username, password=password)
if user is not None:
# successful login
login(request, user)
user.last_active_date = timezone.now()
user.save(broadcast=False)
return redirect(request.GET.get('next', '/'))
# login errors
login_form.non_field_errors = 'Username or password are incorrect'
register_form = forms.RegisterForm()
data = {'login_form': login_form, 'register_form': register_form}
return TemplateResponse(request, 'login.html', data)
def get(self, request):
"""tiled book activity page"""
data = {
"register_form": forms.RegisterForm(),
"request_form": forms.InviteRequestForm(),
}
return TemplateResponse(request, "landing/landing.html", data)
def user_login(request):
''' authenticate user login '''
if request.method == 'GET':
return redirect('/login')
login_form = forms.LoginForm(request.POST)
username = login_form.data['username']
username = '******' % (username, DOMAIN)
password = login_form.data['password']
user = authenticate(request, username=username, password=password)
if user is not None:
# successful login
login(request, user)
user.last_active_date = timezone.now()
return redirect(request.GET.get('next', '/'))
login_form.non_field_errors = 'Username or password are incorrect'
register_form = forms.RegisterForm()
data = {
'site_settings': models.SiteSettings.get(),
'login_form': login_form,
'register_form': register_form
}
return TemplateResponse(request, 'login.html', data)
def get(self, request):
''' tiled book activity page '''
books = models.Edition.objects.filter(
review__published_date__isnull=False,
review__user__local=True,
review__privacy__in=['public', 'unlisted'],
).exclude(
cover__exact=''
).annotate(
Max('review__published_date')
).order_by('-review__published_date__max')[:6]
ratings = {}
for book in books:
reviews = models.Review.objects.filter(
book__in=book.parent_work.editions.all()
)
reviews = get_activity_feed(
request.user, ['public', 'unlisted'], queryset=reviews)
ratings[book.id] = reviews.aggregate(Avg('rating'))['rating__avg']
data = {
'title': 'Discover',
'register_form': forms.RegisterForm(),
'books': list(set(books)),
'ratings': ratings
}
return TemplateResponse(request, 'discover.html', data)
def get(self, request):
"""tiled book activity page"""
data = {
"register_form": forms.RegisterForm(),
"request_form": forms.InviteRequestForm(),
"books": helpers.get_discover_books(),
}
return TemplateResponse(request, "discover/discover.html", data)
def get(self, request):
"""Create admin user form"""
# only allow this view when an instance is being configured
site = models.SiteSettings.objects.get()
if not site.install_mode:
raise PermissionDenied()
data = {"register_form": forms.RegisterForm()}
return TemplateResponse(request, "setup/admin.html", data)
def get(self, request):
"""login page"""
if request.user.is_authenticated:
return redirect("/")
# sene user to the login page
data = {
"login_form": forms.LoginForm(),
"register_form": forms.RegisterForm(),
}
return TemplateResponse(request, "login.html", data)
def get(self, request, confirmed=None):
"""login page"""
if request.user.is_authenticated:
return redirect("/")
# send user to the login page
data = {
"show_confirmed_email": confirmed,
"login_form": forms.LoginForm(),
"register_form": forms.RegisterForm(),
}
return TemplateResponse(request, "login.html", data)
def post(self, request):
"""join the server"""
if not models.SiteSettings.get().allow_registration:
invite_code = request.POST.get("invite_code")
if not invite_code:
raise PermissionDenied
invite = get_object_or_404(models.SiteInvite, code=invite_code)
if not invite.valid():
raise PermissionDenied
else:
invite = None
form = forms.RegisterForm(request.POST)
errors = False
if not form.is_valid():
errors = True
localname = form.data["localname"].strip()
email = form.data["email"]
password = form.data["password"]
# check localname and email uniqueness
if models.User.objects.filter(localname=localname).first():
form.errors["localname"] = [
"User with this username already exists"
]
errors = True
if errors:
data = {
"login_form": forms.LoginForm(),
"register_form": form,
"invite": invite,
"valid": invite.valid() if invite else True,
}
if invite:
return TemplateResponse(request, "invite.html", data)
return TemplateResponse(request, "login.html", data)
username = "******" % (localname, DOMAIN)
user = models.User.objects.create_user(username,
email,
password,
localname=localname,
local=True)
if invite:
invite.times_used += 1
invite.invitees.add(user)
invite.save()
login(request, user)
return redirect("get-started-profile")
def login_page(request):
''' authentication '''
if request.user.is_authenticated:
return redirect('/')
# send user to the login page
data = {
'title': 'Login',
'login_form': forms.LoginForm(),
'register_form': forms.RegisterForm(),
}
return TemplateResponse(request, 'login.html', data)
def post(self, request):
''' join the server '''
if not models.SiteSettings.get().allow_registration:
invite_code = request.POST.get('invite_code')
if not invite_code:
raise PermissionDenied
invite = get_object_or_404(models.SiteInvite, code=invite_code)
if not invite.valid():
raise PermissionDenied
else:
invite = None
form = forms.RegisterForm(request.POST)
errors = False
if not form.is_valid():
errors = True
localname = form.data['localname'].strip()
email = form.data['email']
password = form.data['password']
# check localname and email uniqueness
if models.User.objects.filter(localname=localname).first():
form.errors['localname'] = [
'User with this username already exists'
]
errors = True
if errors:
data = {
'login_form': forms.LoginForm(),
'register_form': form,
'invite': invite,
'valid': invite.valid() if invite else True,
}
if invite:
return TemplateResponse(request, 'invite.html', data)
return TemplateResponse(request, 'login.html', data)
username = '******' % (localname, DOMAIN)
user = models.User.objects.create_user(username,
email,
password,
localname=localname,
local=True)
if invite:
invite.times_used += 1
invite.save()
login(request, user)
return redirect('/')
def get(self, request, code):
""" endpoint for using an invites """
if request.user.is_authenticated:
return redirect("/")
invite = get_object_or_404(models.SiteInvite, code=code)
data = {
"register_form": forms.RegisterForm(),
"invite": invite,
"valid": invite.valid() if invite else True,
}
return TemplateResponse(request, "invite.html", data)
def get(self, request, code):
''' endpoint for using an invites '''
if request.user.is_authenticated:
return redirect('/')
invite = get_object_or_404(models.SiteInvite, code=code)
data = {
'title': 'Join',
'register_form': forms.RegisterForm(),
'invite': invite,
'valid': invite.valid() if invite else True,
}
return TemplateResponse(request, 'invite.html', data)
def get(self, request):
""" tiled book activity page """
books = (models.Edition.objects.filter(
review__published_date__isnull=False,
review__deleted=False,
review__user__local=True,
review__privacy__in=["public", "unlisted"],
).exclude(cover__exact="").annotate(
Max("review__published_date")).order_by(
"-review__published_date__max")[:6])
data = {
"register_form": forms.RegisterForm(),
"books": list(set(books)),
}
return TemplateResponse(request, "discover/discover.html", data)
def register(request):
''' join the server '''
if request.method == 'GET':
return redirect('/login')
if not models.SiteSettings.get().allow_registration:
invite_code = request.POST.get('invite_code')
if not invite_code:
raise PermissionDenied
try:
invite = models.SiteInvite.objects.get(code=invite_code)
except models.SiteInvite.DoesNotExist:
raise PermissionDenied
else:
invite = None
form = forms.RegisterForm(request.POST)
errors = False
if not form.is_valid():
errors = True
username = form.data['username']
email = form.data['email']
password = form.data['password']
# check username and email uniqueness
if models.User.objects.filter(localname=username).first():
form.add_error('username', 'User with this username already exists')
errors = True
if errors:
data = {
'site_settings': models.SiteSettings.get(),
'login_form': forms.LoginForm(),
'register_form': form
}
return TemplateResponse(request, 'login.html', data)
user = models.User.objects.create_user(username, email, password)
if invite:
invite.times_used += 1
invite.save()
login(request, user)
return redirect('/')
def invite_page(request, code):
''' endpoint for sending invites '''
if request.user.is_authenticated:
return redirect('/')
try:
invite = models.SiteInvite.objects.get(code=code)
if not invite.valid():
raise PermissionDenied
except models.SiteInvite.DoesNotExist:
raise PermissionDenied
data = {
'title': 'Join',
'register_form': forms.RegisterForm(),
'invite': invite,
}
return TemplateResponse(request, 'invite.html', data)
def post(self, request):
"""authentication action"""
if request.user.is_authenticated:
return redirect("/")
login_form = forms.LoginForm(request.POST)
localname = login_form.data["localname"]
if "@" in localname: # looks like an email address to me
try:
username = models.User.objects.get(email=localname).username
except models.User.DoesNotExist: # maybe it's a full username?
username = localname
else:
username = "******" % (localname, DOMAIN)
password = login_form.data["password"]
# perform authentication
user = authenticate(request, username=username, password=password)
if user is not None:
# successful login
login(request, user)
user.last_active_date = timezone.now()
user.save(broadcast=False, update_fields=["last_active_date"])
if request.POST.get("first_login"):
return redirect("get-started-profile")
return redirect(request.GET.get("next", "/"))
# maybe the user is pending email confirmation
if models.User.objects.filter(username=username,
is_active=False,
deactivation_reason="pending").exists():
return redirect("confirm-email")
# login errors
login_form.non_field_errors = _("Username or password are incorrect")
register_form = forms.RegisterForm()
data = {"login_form": login_form, "register_form": register_form}
return TemplateResponse(request, "login.html", data)
def post(self, request):
"""Create that user"""
site = models.SiteSettings.objects.get()
# you can't create an admin user if you're in config mode
if not site.install_mode:
raise PermissionDenied()
form = forms.RegisterForm(request.POST)
if not form.is_valid():
data = {"register_form": form}
return TemplateResponse(request, "setup/admin.html", data)
localname = form.data["localname"].strip()
username = f"{localname}@{settings.DOMAIN}"
user = models.User.objects.create_superuser(
username,
form.data["email"],
form.data["password"],
localname=localname,
local=True,
deactivation_reason=None,
is_active=True,
)
# Set "admin" role
try:
user.groups.set(
Group.objects.filter(name__in=["admin", "moderator"]))
except Group.DoesNotExist:
# this should only happen in tests
pass
login(request, user)
site.install_mode = False
site.save()
return redirect("settings-site")
def post(self, request):
"""join the server"""
settings = models.SiteSettings.get()
# no registration allowed when the site is being installed
if settings.install_mode:
raise PermissionDenied()
if not settings.allow_registration:
invite_code = request.POST.get("invite_code")
if not invite_code:
raise PermissionDenied()
invite = get_object_or_404(models.SiteInvite, code=invite_code)
if not invite.valid():
raise PermissionDenied()
else:
invite = None
form = forms.RegisterForm(request.POST)
if not form.is_valid():
data = {
"login_form": forms.LoginForm(),
"register_form": form,
"invite": invite,
"valid": invite.valid() if invite else True,
}
if invite:
return TemplateResponse(request, "landing/invite.html", data)
return TemplateResponse(request, "landing/login.html", data)
localname = form.data["localname"].strip()
email = form.data["email"]
password = form.data["password"]
# make sure the email isn't blocked as spam
email_domain = email.split("@")[-1]
if models.EmailBlocklist.objects.filter(domain=email_domain).exists():
# treat this like a successful registration, but don't do anything
return redirect("confirm-email")
username = f"{localname}@{DOMAIN}"
user = models.User.objects.create_user(
username,
email,
password,
localname=localname,
local=True,
deactivation_reason="pending" if settings.require_confirm_email else None,
is_active=not settings.require_confirm_email,
)
if invite:
invite.times_used += 1
invite.invitees.add(user)
invite.save()
if settings.require_confirm_email:
emailing.email_confirmation_email(user)
return redirect("confirm-email")
login(request, user)
return redirect("get-started-profile")
