0005-views-add-credentials-management-display-view-33550.patch

Valentin Deniaud, 19 juin 2019 17:33

Voir les différences: en ligne côte à côte

Subject: [PATCH] views: add credentials management display view (#33550)

Split ProfileView in half, creating AuthenticatorsView which allows to
display only credentials.
Use it to display a page with only authenticators used as supplementary
authentication factors.

 .../templates/authentic2/accounts.html        |  5 +
 .../templates/authentic2/authenticators.html  | 10 ++
 src/authentic2/urls.py                        |  5 +
 src/authentic2/utils.py                       | 12 ++-
 src/authentic2/views.py                       | 96 +++++++++++--------
 5 files changed, 87 insertions(+), 41 deletions(-)
 create mode 100644 src/authentic2/templates/authentic2/authenticators.html

               </ul>
             </div>
           {% endif %}
           {% if multifactor_available %}
             <p><a href="{% url 'authenticators_profile' %}">
               {% trans "Configure multi-factor authentication" %}
             </a></p>
           {% endif %}
         </div>
       </div>
     {% endblock %}

     {% extends "authentic2/base-page.html" %}
     {% block content %}
       {% for id, block in frontends_block_by_id.items %}
       <div class="block" id="account-management-{{ id }}">
         <h2>{{ block.name }}</h2>
         {{ block.content|safe }}
       </div>
       {% endfor %}
     {% endblock %}

             views.switch_back,
             name='a2-switch-back'),
         # Multi-factor authentication
         url(r'^authenticators/$',
             views.authenticators,
             name='authenticators_profile'),
         # Legacy, only there to provide old view names to resolver
         url(r'^password/change/$',
             views.notimplemented_view,

         '''Return the list of enabled cleaned backends.
         required_auth_level param can be specified in order to filter backends on
         the authentication levels they provide. When set to 0, filtering is
         disabled.
         the authentication levels they provide. The default value of 1 selects only
         level 1 backends, which is also the default level for a backend that do not
         specify one. Conversely, the special value 0 will exclude those backends,
         ie it will only select backend specifying an auth level that is more than 1.
         '''
         backends = []
         for backend_path in getattr(app_settings, setting_name):
-...
             # If no enabled method is defined on the backend, backend enabled by default.
             if hasattr(backend, 'enabled') and not backend.enabled():
                 continue
             auth_level = getattr(backend, 'auth_level', 1)
             if required_auth_level:
                 if not required_auth_level == getattr(backend, 'auth_level', 1):
                 if not required_auth_level == auth_level:
                     continue
             elif auth_level == 1:
                 # required_auth_level null value filters out primary auth factors
                 continue
             kwargs_settings = getattr(app_settings, setting_name + '_KWARGS', {})
             if backend_path in kwargs_settings:
                 kwargs.update(kwargs_settings[backend_path])

     homepage = Homepage.as_view()
     class ProfileView(cbv.TemplateNamesMixin, TemplateView):
         template_names = ['idp/account_management.html', 'authentic2/accounts.html']
         title = _('Your account')
         def dispatch(self, request, *args, **kwargs):
             if app_settings.A2_ACCOUNTS_URL:
                 return utils.redirect(request, app_settings.A2_ACCOUNTS_URL)
             return super(ProfileView, self).dispatch(request, *args, **kwargs)
     class AuthenticatorsView(cbv.TemplateNamesMixin, TemplateView):
         template_name = 'authentic2/authenticators.html'
         title = _('Authenticators')
         authenticators_level = 0
         def get_context_data(self, **kwargs):
             context = super(ProfileView, self).get_context_data(**kwargs)
             context = super(AuthenticatorsView, self).get_context_data(**kwargs)
             request = self.request
             auth_level = int(request.GET.get('auth_level', 0))
             frontends = utils.get_backends('AUTH_FRONTENDS', required_auth_level=auth_level)
             auth_level = self.authenticators_level or int(request.GET.get('auth_level', 0))
             frontends = utils.get_backends('AUTH_FRONTENDS', auth_level)
             if request.method == "POST":
                 for frontend in frontends:
-...
                             if request.session.test_cookie_worked():
                                 request.session.delete_test_cookie()
                             return frontend.post(request, form, None, '/profile')
             # User attributes management
             parameters = {'request': self.request,
                           'context': context}
             profiles = [utils.get_authenticator_method(frontend, 'profile', parameters) for frontend in frontends]
             # Old frontends data structure for templates
             blocks = [block['content'] for block in profiles if block]
             # New frontends data structure for templates
             blocks_by_id = collections.OrderedDict((block['id'], block) for block in profiles if block)
             context.update({
                 'frontends_block': blocks,
                 'frontends_block_by_id': blocks_by_id,
             })
             hooks.call_hooks('modify_context_data', self, context)
             return context
     authenticators = AuthenticatorsView.as_view()
     class ProfileView(AuthenticatorsView):
         template_names = ['idp/account_management.html', 'authentic2/accounts.html']
         title = _('Your account')
         authenticators_level = 1
         def dispatch(self, request, *args, **kwargs):
             if app_settings.A2_ACCOUNTS_URL:
                 return utils.redirect(request, app_settings.A2_ACCOUNTS_URL)
             return super(ProfileView, self).dispatch(request, *args, **kwargs)
         def get_context_data(self, **kwargs):
             context = super(ProfileView, self).get_context_data(**kwargs)
             user = self.request.user
             profile = []
             field_names = app_settings.A2_PROFILE_FIELDS
             if not field_names:
                 field_names = list(app_settings.A2_REGISTRATION_FIELDS)
                 for field_name in getattr(request.user, 'USER_PROFILE', []):
                 for field_name in getattr(user, 'USER_PROFILE', []):
                     if field_name not in field_names:
                         field_names.append(field_name)
                 qs = models.Attribute.objects.filter(Q(user_editable=True) | Q(user_visible=True))
-...
                     if not attribute.user_visible:
                         continue
                     html_value = attribute.get_kind().get('html_value', lambda a, b: b)
                     qs = models.AttributeValue.objects.with_owner(request.user)
                     qs = models.AttributeValue.objects.with_owner(user)
                     qs = qs.filter(attribute=attribute)
                     qs = qs.select_related()
                     value = [at_value.to_python() for at_value in qs]
-...
                 else:
                     # fallback to model attributes
                     try:
                         field = request.user._meta.get_field(field_name)
                         field = user._meta.get_field(field_name)
                     except FieldDoesNotExist:
                         continue
                     if not title:
                         title = field.verbose_name
                     value = getattr(self.request.user, field_name, None)
                     value = getattr(user, field_name, None)
                     attribute = models.Attribute(name=field_name, label=title)
                 raw_value = None
-...
                 if value or app_settings.A2_PROFILE_DISPLAY_EMPTY_FIELDS:
                     profile.append((title, value))
                     attributes.append({'attribute': attribute, 'values': raw_value})
             # Credentials management
             parameters = {'request': request,
                           'context': context}
             profiles = [utils.get_authenticator_method(frontend, 'profile', parameters) for frontend in frontends]
             # Old frontends data structure for templates
             blocks = [block['content'] for block in profiles if block]
             # New frontends data structure for templates
             blocks_by_id = collections.OrderedDict((block['id'], block) for block in profiles if block)
             idp_backends = utils.get_backends()
             # Get actions for federation management
             federation_management = []
             if app_settings.A2_PROFILE_CAN_MANAGE_FEDERATION:
                 for idp_backend in idp_backends:
                     if hasattr(idp_backend, 'federation_management'):
                         federation_management.extend(idp_backend.federation_management(request))
             context.update({
                 'frontends_block': blocks,
                 'frontends_block_by_id': blocks_by_id,
                 'profile': profile,
                 'attributes': attributes,
                 'allow_account_deletion': app_settings.A2_REGISTRATION_CAN_DELETE_ACCOUNT,
                 'allow_profile_edit': EditProfile.can_edit_profile(),
                 'allow_email_change': app_settings.A2_PROFILE_CAN_CHANGE_EMAIL,
                 'multifactor_available': bool(utils.get_backends('AUTH_FRONTENDS', 0)),
                 # TODO: deprecated should be removed when publik-base-theme is updated
                 'allow_password_change': utils.user_can_change_password(request=request),
                 'federation_management': federation_management,
                 'auth_level': auth_level,
                 'allow_password_change': utils.user_can_change_password(request=self.request),
             })
             self.set_federation_management_context(context)
             hooks.call_hooks('modify_context_data', self, context)
             return context
         def set_federation_management_context(self, context):
             idp_backends = utils.get_backends()
             # Get actions for federation management
             federation_management = []
             if app_settings.A2_PROFILE_CAN_MANAGE_FEDERATION:
                 for idp_backend in idp_backends:
                     if hasattr(idp_backend, 'federation_management'):
                         federation_management.extend(idp_backend.federation_management(self.request))
             context['federation_management'] = federation_management
     profile = login_required(ProfileView.as_view())
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0005-views-add-credentials-management-display-view-33550.patch