def test_login(self): """ Make sure we didn't break the authentication system This assumes that login urls are named 'login' """ self.assertTrue(has_user_agreed_latest_tos(self.user1)) login = self.client.login(username='******', password='******') self.failUnless(login, 'Could not log in') self.assertTrue(has_user_agreed_latest_tos(self.user1))
def test_need_agreement(self): """ user2 tries to login and then has to go and agree to terms""" self.assertFalse(has_user_agreed_latest_tos(self.user2)) response = self.client.post(self.login_url, dict(username='******', password='******')) self.assertContains(response, "first edition of the terms of service") self.assertFalse(has_user_agreed_latest_tos(self.user2))
def test_reject_agreement(self): self.assertFalse(has_user_agreed_latest_tos(self.user2)) response = self.client.post(self.login_url, dict(username='******', password='******')) self.assertContains(response, "first edition of the terms of service") url = reverse('tos_check_tos') response = self.client.post(url, {'accept': 'reject'}) self.assertFalse(has_user_agreed_latest_tos(self.user2))
def test_user_agreement(self): # simple agreement UserAgreement.objects.create(terms_of_service=self.tos1, user=self.user1) self.assertTrue(has_user_agreed_latest_tos(self.user1)) self.assertFalse(has_user_agreed_latest_tos(self.user2)) self.assertFalse(has_user_agreed_latest_tos(self.user3)) # Now set self.tos2.active to True and see what happens self.tos2.active = True self.tos2.save() self.assertFalse(has_user_agreed_latest_tos(self.user1)) self.assertFalse(has_user_agreed_latest_tos(self.user2)) self.assertFalse(has_user_agreed_latest_tos(self.user3)) # add in a couple agreements and try again UserAgreement.objects.create(terms_of_service=self.tos2, user=self.user1) UserAgreement.objects.create(terms_of_service=self.tos2, user=self.user3) self.assertTrue(has_user_agreed_latest_tos(self.user1)) self.assertFalse(has_user_agreed_latest_tos(self.user2)) self.assertTrue(has_user_agreed_latest_tos(self.user3))
def test_user_agreement(self): # simple agreement UserAgreement.objects.create( terms_of_service=self.tos1, user=self.user1 ) self.assertTrue(has_user_agreed_latest_tos(self.user1)) self.assertFalse(has_user_agreed_latest_tos(self.user2)) self.assertFalse(has_user_agreed_latest_tos(self.user3)) # Now set self.tos2.active to True and see what happens self.tos2.active = True self.tos2.save() self.assertFalse(has_user_agreed_latest_tos(self.user1)) self.assertFalse(has_user_agreed_latest_tos(self.user2)) self.assertFalse(has_user_agreed_latest_tos(self.user3)) # add in a couple agreements and try again UserAgreement.objects.create( terms_of_service=self.tos2, user=self.user1 ) UserAgreement.objects.create( terms_of_service=self.tos2, user=self.user3 ) self.assertTrue(has_user_agreed_latest_tos(self.user1)) self.assertFalse(has_user_agreed_latest_tos(self.user2)) self.assertTrue(has_user_agreed_latest_tos(self.user3))
def login(request, template_name='registration/login.html', redirect_field_name=REDIRECT_FIELD_NAME, authentication_form=AuthenticationForm): """Displays the login form and handles the login action.""" redirect_to = request.REQUEST.get(redirect_field_name, '') if request.method == "POST": form = authentication_form(data=request.POST) if form.is_valid(): redirect_to = _redirect_to(redirect_to) # Okay, security checks complete. Check to see if user agrees to terms user = form.get_user() if has_user_agreed_latest_tos(user): # Log the user in. auth_login(request, user) if request.session.test_cookie_worked(): request.session.delete_test_cookie() return HttpResponseRedirect(redirect_to) else: # user has not yet agreed to latest tos # force them to accept or refuse request.session['tos_user'] = user.pk # Pass the used backend as well since django will require it # and it can only be optained by calling authenticate, but we got no credentials in check_tos. # see: https://docs.djangoproject.com/en/1.6/topics/auth/default/#how-to-log-a-user-in request.session['tos_backend'] = user.backend return render_to_response( 'tos/tos_check.html', { redirect_field_name: redirect_to, 'tos': TermsOfService.objects.get_current_tos() }, context_instance=RequestContext(request)) else: form = authentication_form(request) request.session.set_test_cookie() if Site._meta.installed: current_site = Site.objects.get_current() else: current_site = RequestSite(request) return render_to_response(template_name, { 'form': form, redirect_field_name: redirect_to, 'site': current_site, 'site_name': current_site.name, }, context_instance=RequestContext(request))
def login( request, template_name="registration/login.html", redirect_field_name=REDIRECT_FIELD_NAME, authentication_form=AuthenticationForm, ): """Displays the login form and handles the login action.""" redirect_to = request.REQUEST.get(redirect_field_name, "") if request.method == "POST": form = authentication_form(data=request.POST) if form.is_valid(): redirect_to = _redirect_to(redirect_to) # Okay, security checks complete. Check to see if user agrees to terms user = form.get_user() if has_user_agreed_latest_tos(user): # Log the user in. auth_login(request, user) if request.session.test_cookie_worked(): request.session.delete_test_cookie() return HttpResponseRedirect(redirect_to) else: # user has not yet agreed to latest tos # force them to accept or refuse request.session["tos_user"] = user.pk # Pass the used backend as well since django will require it # and it can only be optained by calling authenticate, but we got no credentials in check_tos. # see: https://docs.djangoproject.com/en/1.6/topics/auth/default/#how-to-log-a-user-in request.session["tos_backend"] = user.backend return render_to_response( "tos/tos_check.html", {redirect_field_name: redirect_to, "tos": TermsOfService.objects.get_current_tos()}, context_instance=RequestContext(request), ) else: form = authentication_form(request) request.session.set_test_cookie() if Site._meta.installed: current_site = Site.objects.get_current() else: current_site = RequestSite(request) return render_to_response( template_name, {"form": form, redirect_field_name: redirect_to, "site": current_site, "site_name": current_site.name}, context_instance=RequestContext(request), )
def test_bump_new_agreement(self): # Change the tos self.tos2.active = True self.tos2.save() # is user1 agreed now? self.assertFalse(has_user_agreed_latest_tos(self.user1)) # user1 agrees again response = self.client.post(self.login_url, dict(username='******', password='******')) self.assertContains(response, "second edition of the terms of service") self.assertFalse(has_user_agreed_latest_tos(self.user2)) url = reverse('tos_check_tos') response = self.client.post(url, {'accept':'accept'}) self.assertTrue(has_user_agreed_latest_tos(self.user1))
def test_bump_new_agreement(self): # Change the tos self.tos2.active = True self.tos2.save() # is user1 agreed now? self.assertFalse(has_user_agreed_latest_tos(self.user1)) # user1 agrees again response = self.client.post(self.login_url, dict(username='******', password='******')) self.assertContains(response, "second edition of the terms of service") self.assertFalse(has_user_agreed_latest_tos(self.user2)) url = reverse('tos_check_tos') response = self.client.post(url, {'accept': 'accept'}) self.assertTrue(has_user_agreed_latest_tos(self.user1))
def test_do_not_need_agreement(self): """ user2 tries to login and has already agreed""" self.assertTrue(has_user_agreed_latest_tos(self.user1)) response = self.client.post( self.login_url, dict(username='******', password='******')) self.assertEqual(302, response.status_code)
def test_do_not_need_agreement(self): """ user2 tries to login and has already agreed""" self.assertTrue(has_user_agreed_latest_tos(self.user1)) response = self.client.post(self.login_url, dict(username='******', password='******')) self.assertEqual(302, response.status_code)
def login( request, template_name="registration/login.html", redirect_field_name=REDIRECT_FIELD_NAME, authentication_form=AuthenticationForm, ): """Displays the login form and handles the login action.""" redirect_to = request.REQUEST.get(redirect_field_name, "") if request.method == "POST": form = authentication_form(data=request.POST) if form.is_valid(): redirect_to = _redirect_to(redirect_to) # Okay, security checks complete. Check to see if user agrees to terms user = form.get_user() if has_user_agreed_latest_tos(user): # Log the user in. auth_login(request, user) if request.session.test_cookie_worked(): request.session.delete_test_cookie() return HttpResponseRedirect(redirect_to) else: # user has not yet agreed to latest tos # force them to accept or refuse request.session["tos_user"] = user return render_to_response( "tos/tos_check.html", {redirect_field_name: redirect_to, "tos": TermsOfService.objects.get_current_tos()}, context_instance=RequestContext(request), ) else: form = authentication_form(request) request.session.set_test_cookie() if Site._meta.installed: current_site = Site.objects.get_current() else: current_site = RequestSite(request) return render_to_response( template_name, {"form": form, "redirect_field_name": redirect_to, "site": current_site, "site_name": current_site.name}, context_instance=RequestContext(request), )
def login_view(request): """ Standard Django login, with additions: Lowercase the login email (username) Check user has accepted ToS, if any. """ if request.method == "POST": redirect_to = request.POST.get('next', request.GET.get('next', False)) if not redirect_to: redirect_to = reverse('seed:home') form = LoginForm(request.POST) if form.is_valid(): new_user = authenticate( username=form.cleaned_data['email'].lower(), password=form.cleaned_data['password'] ) if new_user and new_user.is_active: # determine if user has accepted ToS, if one exists try: user_accepted_tos = has_user_agreed_latest_tos(new_user) except NoActiveTermsOfService: # there's no active ToS, skip interstitial user_accepted_tos = True if user_accepted_tos: login(request, new_user) return HttpResponseRedirect(redirect_to) else: # store login info for django-tos to handle request.session['tos_user'] = new_user.pk request.session['tos_backend'] = new_user.backend context = RequestContext(request) context.update({ 'next': redirect_to, 'tos': TermsOfService.objects.get_current_tos() }) return render_to_response( 'tos/tos_check.html', context_instance=context ) else: errors = ErrorList() errors = form._errors.setdefault(NON_FIELD_ERRORS, errors) errors.append('Username and/or password were invalid.') else: form = LoginForm() return render_to_response( 'landing/login.html', locals(), context_instance=RequestContext(request), )
def login_view(request): """ Standard Django login, with additions: Lowercase the login email (username) Check user has accepted ToS, if any. """ if request.method == "POST": redirect_to = request.REQUEST.get('next', False) if not redirect_to: redirect_to = reverse('seed:home') form = LoginForm(request.POST) if form.is_valid(): new_user = authenticate( username=form.cleaned_data['email'].lower(), password=form.cleaned_data['password'] ) if new_user and new_user.is_active: # determine if user has accepted ToS, if one exists try: user_accepted_tos = has_user_agreed_latest_tos(new_user) except NoActiveTermsOfService: # there's no active ToS, skip interstitial user_accepted_tos = True if user_accepted_tos: login(request, new_user) return HttpResponseRedirect(redirect_to) else: # store login info for django-tos to handle request.session['tos_user'] = new_user.pk request.session['tos_backend'] = new_user.backend context = RequestContext(request) context.update({ 'next': redirect_to, 'tos': TermsOfService.objects.get_current_tos() }) return render_to_response( 'tos/tos_check.html', context_instance=context ) else: errors = ErrorList() errors = form._errors.setdefault(NON_FIELD_ERRORS, errors) errors.append('Username and/or password were invalid.') else: form = LoginForm() return render_to_response( 'landing/login.html', locals(), context_instance=RequestContext(request), )