def test_only_active(self):
# Verify with active user
form = AuthenticationForm(data={'username': self.active_user.username,
'password': '******'})
assert form.is_valid()
# Verify with inactive user
form = AuthenticationForm(data={
'username': self.inactive_user.username,
'password': '******'})
assert not form.is_valid()
def test_recaptcha_errors_only(self):
"""Only recaptcha errors should be returned if validation fails.
We don't want any information on the username/password returned if the
captcha is incorrect.
"""
form = AuthenticationForm(
data={"username": "******", "password": "******", "recaptcha": ""}, use_recaptcha=True
)
form.is_valid()
assert len(form.errors) == 1
assert "recaptcha" in form.errors
def test_recaptcha_errors_only(self):
"""Only recaptcha errors should be returned if validation fails.
We don't want any information on the username/password returned if the
captcha is incorrect.
"""
form = AuthenticationForm(data={'username': '******',
'password': '******',
'recaptcha': ''},
use_recaptcha=True)
form.is_valid()
assert len(form.errors) == 1
assert 'recaptcha' in form.errors
def test_recaptcha_errors_only(self):
"""Only recaptcha errors should be returned if validation fails.
We don't want any information on the username/password returned if the
captcha is incorrect.
"""
form = AuthenticationForm(data={'username': '******',
'password': '******',
'recaptcha': ''},
use_recaptcha=True)
form.is_valid()
assert len(form.errors) == 1
assert 'recaptcha' in form.errors
def test_only_active(self):
# Verify with active user
u = User.objects.get(username='******')
assert u.is_active
form = AuthenticationForm(data={'username': '******',
'password': '******'})
assert form.is_valid()
# Verify with inactive user
u.is_active = False
u.save()
u = User.objects.get(username='******')
assert not u.is_active
form = AuthenticationForm(data={'username': '******',
'password': '******'})
assert not form.is_valid()
def test_only_active(self):
# Verify with active user
u = User.objects.get(username='******')
assert u.is_active
form = AuthenticationForm(data={'username': '******',
'password': '******'})
assert form.is_valid()
# Verify with inactive user
u.is_active = False
u.save()
u = User.objects.get(username='******')
assert not u.is_active
form = AuthenticationForm(data={'username': '******',
'password': '******'})
assert not form.is_valid()
def test_if_valid_on_empty_is_teacher(self):
form_data = {
'username': '******',
'is_teacher': '',
'password': '******'
}
form = AuthenticationForm(data=form_data)
self.assertTrue(form.is_valid())
def test_allow_inactive(self):
# Verify with active user
user = User.objects.get(username='******')
assert user.is_active
form = AuthenticationForm(only_active=False,
data={'username': '******',
'password': '******'})
assert form.is_valid()
# Verify with inactive user
user.is_active = False
user.save()
user = User.objects.get(username='******')
assert not user.is_active
form = AuthenticationForm(only_active=False,
data={'username': '******',
'password': '******'})
assert form.is_valid()
def test_allow_inactive(self):
# Verify with active user
user = User.objects.get(username='******')
assert user.is_active
form = AuthenticationForm(only_active=False,
data={'username': '******',
'password': '******'})
assert form.is_valid()
# Verify with inactive user
user.is_active = False
user.save()
user = User.objects.get(username='******')
assert not user.is_active
form = AuthenticationForm(only_active=False,
data={'username': '******',
'password': '******'})
assert form.is_valid()
def login(request):
if request.method == 'GET':
return {'logged_in': request.user.is_authenticated()}
from users.forms import AuthenticationForm
form = AuthenticationForm(data=request.POST)
if form.is_valid():
auth_login(request, form.get_user())
return {'ok': True}
else:
return {'form_errors': form.errors}
def login(request):
if request.method == 'GET':
return {'logged_in': request.user.is_authenticated()}
from users.forms import AuthenticationForm
form = AuthenticationForm(data=request.POST)
if form.is_valid():
auth_login(request, form.get_user())
return {'ok': True}
else:
return {'form_errors': form.errors}
def handle_signin(request):
"""Helper function that signs a user in."""
auth.logout(request)
if request.method == 'POST':
form = AuthenticationForm(data=request.POST)
if form.is_valid():
auth.login(request, form.get_user())
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
return form
request.session.set_test_cookie()
return AuthenticationForm()
def handle_login(request, only_active=True):
if request.method == 'POST':
form = AuthenticationForm(data=request.POST, only_active=only_active)
if form.is_valid():
auth.login(request, form.get_user())
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
return form
request.session.set_test_cookie()
return AuthenticationForm()
def handle_login(request, only_active=True):
if request.method == 'POST':
form = AuthenticationForm(data=request.POST, only_active=only_active)
if form.is_valid():
auth.login(request, form.get_user())
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
return form
request.session.set_test_cookie()
return AuthenticationForm()
def login(request):
form = AuthenticationForm()
if request.method == "POST":
form = AuthenticationForm(data=request.POST)
if form.is_valid():
user = authenticate(username=request.POST["username"], password=request.POST["password"])
if user is not None:
if user.is_active:
django_login(request, user)
if user.is_teacher:
return redirect("/courses/")
else:
return redirect("/courses/s")
return render(request, "login.html", {"form": form})
def login(self, request, *args, **kwargs):
form = AuthenticationForm(request, data=request.data)
if form.is_valid():
user = form.get_user()
if user != request.user:
logout(request)
login(request, user)
request.data.update({'version': self.kwargs['version']})
request.user.set_device(request.data)
serializer = self.get_serializer(user)
data = serializer.data
return Response(data)
else:
errors = json.loads(form.errors.as_json())
error_data = {e: [code.get('code')] for e, codes in errors.items() for code in codes}
return Response(error_data, status=HTTP_400_BAD_REQUEST)
def login_user(request):
if request.method == "POST":
form = AuthenticationForm(request.POST)
if form.is_valid():
email = request.POST['email']
password = request.POST['password']
user = authenticate(request, email=email, password=password)
if user is not None:
login(request, user)
return redirect('/')
return HttpResponse(
'You are not registered or check your email and password again'
)
else:
form = AuthenticationForm()
context = {'form': form}
return render(request, 'users/login.html', context)
def login(request):
"""
Log in view
"""
form = AuthenticationForm()
if request.method == 'POST':
form = AuthenticationForm(data=request.POST)
if form.is_valid():
user = authenticate(email=request.POST['email'],
password=request.POST['password'])
if user is not None:
if user.is_active:
django_login(request, user)
return redirect('/')
else:
form.add_error(None, 'Email or Password did not matched')
return render(request, 'mainsite/login.jinja', {
'form': form,
})
def home(request):
if not request.user.is_authenticated():
form = AuthenticationForm()
if request.method == 'POST':
form = AuthenticationForm(data=request.POST)
if form.is_valid():
user = authenticate(username=request.POST['username'],
password=request.POST['password'])
if user is not None:
if user.is_active:
django_login(request, user)
if user.is_teacher:
return redirect('/courses/')
else:
return redirect('/courses/s')
return render(request, 'home.html', {'form': form})
if request.user.is_teacher:
return redirect('/courses/')
return redirect('/courses/s')
def home(request):
if not request.user.is_authenticated():
form = AuthenticationForm()
if request.method == 'POST':
form = AuthenticationForm(data=request.POST)
if form.is_valid():
user = authenticate(username=request.POST['username'],
password=request.POST['password'])
if user is not None:
if user.is_active:
django_login(request, user)
if user.is_teacher:
return redirect('/courses/')
else:
return redirect('/courses/s')
return render(request, 'home.html', {'form': form})
if request.user.is_teacher:
return redirect('/courses/')
return redirect('/courses/s')
def login(request):
"""Try to log the user in."""
next_url = _clean_next_url(request) or settings.LOGIN_REDIRECT_URL
if request.user.is_authenticated():
return HttpResponseRedirect(next_url)
if request.method == 'POST':
form = AuthenticationForm(data=request.POST)
if form.is_valid():
auth.login(request, form.get_user())
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
return HttpResponseRedirect(next_url)
else:
form = AuthenticationForm(request)
request.session.set_test_cookie()
return jingo.render(request, 'users/login.html',
{'form': form, 'next_url': next_url})
def test_if_not_valid_on_empty_field_except_is_teacher(self):
form_data = {'username': '******', 'password': ''}
form = AuthenticationForm(data=form_data)
self.assertFalse(form.is_valid())
def browserid_register(request):
"""Handle user creation when assertion is valid, but no existing user"""
redirect_to = request.session.get(SESSION_REDIRECT_TO,
getattr(settings, 'LOGIN_REDIRECT_URL', reverse('home')))
email = request.session.get(SESSION_VERIFIED_EMAIL, None)
if not email:
# This is pointless without a verified email.
return HttpResponseRedirect(redirect_to)
# Set up the initial forms
register_form = BrowserIDRegisterForm()
login_form = AuthenticationForm()
if request.method == 'POST':
# If the profile creation form was submitted...
if 'register' == request.POST.get('action', None):
register_form = BrowserIDRegisterForm(request.POST)
if register_form.is_valid():
try:
# If the registration form is valid, then create a new
# Django user, a new MindTouch user, and link the two
# together.
# TODO: This all belongs in model classes
username = register_form.cleaned_data['username']
user = User.objects.create(username=username, email=email)
user.set_unusable_password()
user.save()
profile = UserProfile.objects.create(user=user)
deki_user = DekiUserBackend.post_mindtouch_user(user)
profile.deki_user_id = deki_user.id
profile.save()
user.backend = 'django_browserid.auth.BrowserIDBackend'
auth.login(request, user)
# Bounce to the newly created profile page, since the user
# might want to review & edit.
redirect_to = request.session.get(SESSION_REDIRECT_TO,
profile.get_absolute_url())
return set_browserid_explained(
_redirect_with_mindtouch_login(redirect_to,
user.username))
except MindTouchAPIError:
if user:
user.delete()
return jingo.render(request, '500.html',
{'error_message': "We couldn't "
"register a new account at this time. "
"Please try again later."})
else:
# If login was valid, then set to the verified email
login_form = handle_login(request)
if login_form.is_valid():
if request.user.is_authenticated():
# Change email to new verified email, for next time
user = request.user
user.email = email
user.save()
return _redirect_with_mindtouch_login(redirect_to,
login_form.cleaned_data.get('username'),
login_form.cleaned_data.get('password'))
# HACK: Pretend the session was modified. Otherwise, the data disappears
# for the next request.
request.session.modified = True
return jingo.render(request, 'users/browserid_register.html',
{'login_form': login_form,
'register_form': register_form})
def test_if_not_valid_on_empty_field_except_is_teacher(self):
form_data = {'username': '******', 'password': ''}
form = AuthenticationForm(data=form_data)
self.assertFalse(form.is_valid())
def test_if_valid_on_empty_is_teacher(self):
form_data = {'username': '******', 'is_teacher': '',
'password': '******'}
form = AuthenticationForm(data=form_data)
self.assertTrue(form.is_valid())
def browserid_register(request):
"""Handle user creation when assertion is valid, but no existing user"""
redirect_to = request.session.get(
SESSION_REDIRECT_TO,
getattr(settings, 'LOGIN_REDIRECT_URL', reverse('home')))
email = request.session.get(SESSION_VERIFIED_EMAIL, None)
if not email:
# This is pointless without a verified email.
return HttpResponseRedirect(redirect_to)
# Set up the initial forms
register_form = BrowserIDRegisterForm()
login_form = AuthenticationForm()
if request.method == 'POST':
# If the profile creation form was submitted...
if 'register' == request.POST.get('action', None):
register_form = BrowserIDRegisterForm(request.POST)
if register_form.is_valid():
try:
# If the registration form is valid, then create a new
# Django user, a new MindTouch user, and link the two
# together.
# TODO: This all belongs in model classes
username = register_form.cleaned_data['username']
user = User.objects.create(username=username, email=email)
user.set_unusable_password()
user.save()
profile = UserProfile.objects.create(user=user)
if settings.DEKIWIKI_ENDPOINT:
deki_user = DekiUserBackend.post_mindtouch_user(user)
profile.deki_user_id = deki_user.id
profile.save()
user.backend = 'django_browserid.auth.BrowserIDBackend'
auth.login(request, user)
# Bounce to the newly created profile page, since the user
# might want to review & edit.
redirect_to = request.session.get(
SESSION_REDIRECT_TO, profile.get_absolute_url())
return set_browserid_explained(
_redirect_with_mindtouch_login(redirect_to,
user.username))
except MindTouchAPIError:
if user:
user.delete()
return jingo.render(
request, '500.html', {
'error_message':
"We couldn't "
"register a new account at this time. "
"Please try again later."
})
else:
# If login was valid, then set to the verified email
login_form = handle_login(request)
if login_form.is_valid():
if request.user.is_authenticated():
# Change email to new verified email, for next time
user = request.user
user.email = email
user.save()
return _redirect_with_mindtouch_login(
redirect_to, login_form.cleaned_data.get('username'),
login_form.cleaned_data.get('password'))
# HACK: Pretend the session was modified. Otherwise, the data disappears
# for the next request.
request.session.modified = True
return jingo.render(request, 'users/browserid_register.html', {
'login_form': login_form,
'register_form': register_form
})
