def test_only_active(self): # Verify with active user form = AuthenticationForm(data={'username': self.active_user.username, 'password': '******'}) assert form.is_valid() # Verify with inactive user form = AuthenticationForm(data={ 'username': self.inactive_user.username, 'password': '******'}) assert not form.is_valid()
def test_recaptcha_errors_only(self): """Only recaptcha errors should be returned if validation fails. We don't want any information on the username/password returned if the captcha is incorrect. """ form = AuthenticationForm( data={"username": "******", "password": "******", "recaptcha": ""}, use_recaptcha=True ) form.is_valid() assert len(form.errors) == 1 assert "recaptcha" in form.errors
def test_recaptcha_errors_only(self): """Only recaptcha errors should be returned if validation fails. We don't want any information on the username/password returned if the captcha is incorrect. """ form = AuthenticationForm(data={'username': '******', 'password': '******', 'recaptcha': ''}, use_recaptcha=True) form.is_valid() assert len(form.errors) == 1 assert 'recaptcha' in form.errors
def test_only_active(self): # Verify with active user u = User.objects.get(username='******') assert u.is_active form = AuthenticationForm(data={'username': '******', 'password': '******'}) assert form.is_valid() # Verify with inactive user u.is_active = False u.save() u = User.objects.get(username='******') assert not u.is_active form = AuthenticationForm(data={'username': '******', 'password': '******'}) assert not form.is_valid()
def test_if_valid_on_empty_is_teacher(self): form_data = { 'username': '******', 'is_teacher': '', 'password': '******' } form = AuthenticationForm(data=form_data) self.assertTrue(form.is_valid())
def test_allow_inactive(self): # Verify with active user user = User.objects.get(username='******') assert user.is_active form = AuthenticationForm(only_active=False, data={'username': '******', 'password': '******'}) assert form.is_valid() # Verify with inactive user user.is_active = False user.save() user = User.objects.get(username='******') assert not user.is_active form = AuthenticationForm(only_active=False, data={'username': '******', 'password': '******'}) assert form.is_valid()
def login(request): if request.method == 'GET': return {'logged_in': request.user.is_authenticated()} from users.forms import AuthenticationForm form = AuthenticationForm(data=request.POST) if form.is_valid(): auth_login(request, form.get_user()) return {'ok': True} else: return {'form_errors': form.errors}
def handle_signin(request): """Helper function that signs a user in.""" auth.logout(request) if request.method == 'POST': form = AuthenticationForm(data=request.POST) if form.is_valid(): auth.login(request, form.get_user()) if request.session.test_cookie_worked(): request.session.delete_test_cookie() return form request.session.set_test_cookie() return AuthenticationForm()
def handle_login(request, only_active=True): if request.method == 'POST': form = AuthenticationForm(data=request.POST, only_active=only_active) if form.is_valid(): auth.login(request, form.get_user()) if request.session.test_cookie_worked(): request.session.delete_test_cookie() return form request.session.set_test_cookie() return AuthenticationForm()
def login(request): form = AuthenticationForm() if request.method == "POST": form = AuthenticationForm(data=request.POST) if form.is_valid(): user = authenticate(username=request.POST["username"], password=request.POST["password"]) if user is not None: if user.is_active: django_login(request, user) if user.is_teacher: return redirect("/courses/") else: return redirect("/courses/s") return render(request, "login.html", {"form": form})
def login(self, request, *args, **kwargs): form = AuthenticationForm(request, data=request.data) if form.is_valid(): user = form.get_user() if user != request.user: logout(request) login(request, user) request.data.update({'version': self.kwargs['version']}) request.user.set_device(request.data) serializer = self.get_serializer(user) data = serializer.data return Response(data) else: errors = json.loads(form.errors.as_json()) error_data = {e: [code.get('code')] for e, codes in errors.items() for code in codes} return Response(error_data, status=HTTP_400_BAD_REQUEST)
def login_user(request): if request.method == "POST": form = AuthenticationForm(request.POST) if form.is_valid(): email = request.POST['email'] password = request.POST['password'] user = authenticate(request, email=email, password=password) if user is not None: login(request, user) return redirect('/') return HttpResponse( 'You are not registered or check your email and password again' ) else: form = AuthenticationForm() context = {'form': form} return render(request, 'users/login.html', context)
def login(request): """ Log in view """ form = AuthenticationForm() if request.method == 'POST': form = AuthenticationForm(data=request.POST) if form.is_valid(): user = authenticate(email=request.POST['email'], password=request.POST['password']) if user is not None: if user.is_active: django_login(request, user) return redirect('/') else: form.add_error(None, 'Email or Password did not matched') return render(request, 'mainsite/login.jinja', { 'form': form, })
def home(request): if not request.user.is_authenticated(): form = AuthenticationForm() if request.method == 'POST': form = AuthenticationForm(data=request.POST) if form.is_valid(): user = authenticate(username=request.POST['username'], password=request.POST['password']) if user is not None: if user.is_active: django_login(request, user) if user.is_teacher: return redirect('/courses/') else: return redirect('/courses/s') return render(request, 'home.html', {'form': form}) if request.user.is_teacher: return redirect('/courses/') return redirect('/courses/s')
def login(request): """Try to log the user in.""" next_url = _clean_next_url(request) or settings.LOGIN_REDIRECT_URL if request.user.is_authenticated(): return HttpResponseRedirect(next_url) if request.method == 'POST': form = AuthenticationForm(data=request.POST) if form.is_valid(): auth.login(request, form.get_user()) if request.session.test_cookie_worked(): request.session.delete_test_cookie() return HttpResponseRedirect(next_url) else: form = AuthenticationForm(request) request.session.set_test_cookie() return jingo.render(request, 'users/login.html', {'form': form, 'next_url': next_url})
def test_if_not_valid_on_empty_field_except_is_teacher(self): form_data = {'username': '******', 'password': ''} form = AuthenticationForm(data=form_data) self.assertFalse(form.is_valid())
def browserid_register(request): """Handle user creation when assertion is valid, but no existing user""" redirect_to = request.session.get(SESSION_REDIRECT_TO, getattr(settings, 'LOGIN_REDIRECT_URL', reverse('home'))) email = request.session.get(SESSION_VERIFIED_EMAIL, None) if not email: # This is pointless without a verified email. return HttpResponseRedirect(redirect_to) # Set up the initial forms register_form = BrowserIDRegisterForm() login_form = AuthenticationForm() if request.method == 'POST': # If the profile creation form was submitted... if 'register' == request.POST.get('action', None): register_form = BrowserIDRegisterForm(request.POST) if register_form.is_valid(): try: # If the registration form is valid, then create a new # Django user, a new MindTouch user, and link the two # together. # TODO: This all belongs in model classes username = register_form.cleaned_data['username'] user = User.objects.create(username=username, email=email) user.set_unusable_password() user.save() profile = UserProfile.objects.create(user=user) deki_user = DekiUserBackend.post_mindtouch_user(user) profile.deki_user_id = deki_user.id profile.save() user.backend = 'django_browserid.auth.BrowserIDBackend' auth.login(request, user) # Bounce to the newly created profile page, since the user # might want to review & edit. redirect_to = request.session.get(SESSION_REDIRECT_TO, profile.get_absolute_url()) return set_browserid_explained( _redirect_with_mindtouch_login(redirect_to, user.username)) except MindTouchAPIError: if user: user.delete() return jingo.render(request, '500.html', {'error_message': "We couldn't " "register a new account at this time. " "Please try again later."}) else: # If login was valid, then set to the verified email login_form = handle_login(request) if login_form.is_valid(): if request.user.is_authenticated(): # Change email to new verified email, for next time user = request.user user.email = email user.save() return _redirect_with_mindtouch_login(redirect_to, login_form.cleaned_data.get('username'), login_form.cleaned_data.get('password')) # HACK: Pretend the session was modified. Otherwise, the data disappears # for the next request. request.session.modified = True return jingo.render(request, 'users/browserid_register.html', {'login_form': login_form, 'register_form': register_form})
def test_if_valid_on_empty_is_teacher(self): form_data = {'username': '******', 'is_teacher': '', 'password': '******'} form = AuthenticationForm(data=form_data) self.assertTrue(form.is_valid())
def browserid_register(request): """Handle user creation when assertion is valid, but no existing user""" redirect_to = request.session.get( SESSION_REDIRECT_TO, getattr(settings, 'LOGIN_REDIRECT_URL', reverse('home'))) email = request.session.get(SESSION_VERIFIED_EMAIL, None) if not email: # This is pointless without a verified email. return HttpResponseRedirect(redirect_to) # Set up the initial forms register_form = BrowserIDRegisterForm() login_form = AuthenticationForm() if request.method == 'POST': # If the profile creation form was submitted... if 'register' == request.POST.get('action', None): register_form = BrowserIDRegisterForm(request.POST) if register_form.is_valid(): try: # If the registration form is valid, then create a new # Django user, a new MindTouch user, and link the two # together. # TODO: This all belongs in model classes username = register_form.cleaned_data['username'] user = User.objects.create(username=username, email=email) user.set_unusable_password() user.save() profile = UserProfile.objects.create(user=user) if settings.DEKIWIKI_ENDPOINT: deki_user = DekiUserBackend.post_mindtouch_user(user) profile.deki_user_id = deki_user.id profile.save() user.backend = 'django_browserid.auth.BrowserIDBackend' auth.login(request, user) # Bounce to the newly created profile page, since the user # might want to review & edit. redirect_to = request.session.get( SESSION_REDIRECT_TO, profile.get_absolute_url()) return set_browserid_explained( _redirect_with_mindtouch_login(redirect_to, user.username)) except MindTouchAPIError: if user: user.delete() return jingo.render( request, '500.html', { 'error_message': "We couldn't " "register a new account at this time. " "Please try again later." }) else: # If login was valid, then set to the verified email login_form = handle_login(request) if login_form.is_valid(): if request.user.is_authenticated(): # Change email to new verified email, for next time user = request.user user.email = email user.save() return _redirect_with_mindtouch_login( redirect_to, login_form.cleaned_data.get('username'), login_form.cleaned_data.get('password')) # HACK: Pretend the session was modified. Otherwise, the data disappears # for the next request. request.session.modified = True return jingo.render(request, 'users/browserid_register.html', { 'login_form': login_form, 'register_form': register_form })