From b6312ebbfd3a0a6ef822dc0330da6046d2a4d6e5 Mon Sep 17 00:00:00 2001 From: Josue Kouka Date: Wed, 6 Jan 2016 19:10:05 +0100 Subject: [PATCH] handle user association the right way (#9527) --- mandayejs/mandaye/forms.py | 15 ++--- .../mandaye/migrations/0007_auto_20160106_1746.py | 20 +++++++ mandayejs/mandaye/models.py | 4 +- mandayejs/mandaye/views.py | 70 ++++++++++++---------- 4 files changed, 67 insertions(+), 42 deletions(-) create mode 100644 mandayejs/mandaye/migrations/0007_auto_20160106_1746.py diff --git a/mandayejs/mandaye/forms.py b/mandayejs/mandaye/forms.py index 2baff3a..b265083 100644 --- a/mandayejs/mandaye/forms.py +++ b/mandayejs/mandaye/forms.py @@ -13,15 +13,17 @@ # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . +from __future__ import absolute_import from django import forms +from django.conf import settings +from mandayejs.mandaye.models import UserCredentials class FormFactory(forms.Form): def __init__(self, *args, **kwargs): - fields = kwargs.pop('locators', None) super(FormFactory, self).__init__(*args, **kwargs) - + fields = getattr(settings, 'SITE_LOCATORS', []) if fields : for field in fields : if field['kind'] == 'string': @@ -42,13 +44,12 @@ class FormFactory(forms.Form): help_text=field['help'] ) - def is_valid(self,): - is_valid = super(FormFactory, self).is_valid() - if not is_valid: - return is_valid + def is_valid(self): + if not super(FormFactory, self).is_valid(): + return False if self.data == {}: return False - return is_valid + return True diff --git a/mandayejs/mandaye/migrations/0007_auto_20160106_1746.py b/mandayejs/mandaye/migrations/0007_auto_20160106_1746.py new file mode 100644 index 0000000..4f7082e --- /dev/null +++ b/mandayejs/mandaye/migrations/0007_auto_20160106_1746.py @@ -0,0 +1,20 @@ +# -*- coding: utf-8 -*- +from __future__ import unicode_literals + +from django.db import models, migrations + + +class Migration(migrations.Migration): + + dependencies = [ + ('mandaye', '0006_usercredentials_linked'), + ] + + operations = [ + migrations.AlterField( + model_name='usercredentials', + name='linked', + field=models.BooleanField(default=False, verbose_name='associated'), + preserve_default=True, + ), + ] diff --git a/mandayejs/mandaye/models.py b/mandayejs/mandaye/models.py index ee087e9..c7b0154 100644 --- a/mandayejs/mandaye/models.py +++ b/mandayejs/mandaye/models.py @@ -23,7 +23,7 @@ from django.utils.translation import ugettext_lazy as _ class UserCredentials(models.Model): user = models.ForeignKey('auth.User') locators = JSONField(_('locators'), default={}, blank=True) - linked = models.BooleanField(_('associated'), default=True, blank=True) + linked = models.BooleanField(_('associated'), default=False, blank=True) class Meta: unique_together = ('user',) @@ -34,5 +34,5 @@ class UserCredentials(models.Model): or self.user.username def to_login_info(self): - return {'#'+k : v for k,v in self.locators.items() if k != 'csrfmiddlewaretoken' } + return {'#'+k : v for k,v in self.locators.items() } diff --git a/mandayejs/mandaye/views.py b/mandayejs/mandaye/views.py index 4b36d65..a01ce60 100644 --- a/mandayejs/mandaye/views.py +++ b/mandayejs/mandaye/views.py @@ -25,7 +25,7 @@ import urllib from django.conf import settings from django.contrib.auth import views as auth_views from django.contrib.auth import logout as auth_logout -from django.contrib.auth import get_user_model +from django.contrib.auth.models import User from django.contrib.auth.decorators import login_required from django.contrib import messages from django.forms import PasswordInput @@ -69,7 +69,6 @@ class Panel(TemplateView): """Check if user account is associated """ try: - User = get_user_model() user = User.objects.get(username=self.request.user.username) return user.usercredentials_set.get().linked except (User.DoesNotExist, UserCredentials.DoesNotExist) as e: @@ -81,11 +80,10 @@ panel = Panel.as_view() @login_required def post_login(request, *args, **kwargs): try: - user = get_user_model().objects.get(username=request.user.username) + user = User.objects.get(username=request.user.username) logger.debug(user) credentials = UserCredentials.objects.get( - user=user, - linked=True) + user=user) logger.debug(credentials) except (UserCredentials.DoesNotExist,): return HttpResponseRedirect(resolve_url('associate')) @@ -97,35 +95,37 @@ def post_login(request, *args, **kwargs): @login_required @csrf_exempt def associate(request, *args, **kwargs): - if request.POST: - credentials, created = UserCredentials.objects.get_or_create(user=request.user) - credentials.locators = request.POST - credentials.linked = True - credentials.save() - form = FormFactory(request.POST, auto_id=True, locators=settings.SITE_LOCATORS) - else: - form = FormFactory(auto_id=True, locators=settings.SITE_LOCATORS) - if not form.is_valid(): - site_static_root = getattr(settings, 'SITE_STATIC_ROOT_PATH', '') - associate_static = getattr(settings, 'SITE_ASSOCIATE_STATIC', - {'css':'', 'js':''}) - - response = render(request, 'mandaye/associate.html', { - 'form': form, - 'associate_js': os.path.join(site_static_root, associate_static['js']), - 'associate_css': os.path.join(site_static_root, associate_static['css']) - }) - return response + if request.method == 'POST': + + form = FormFactory(request.POST) + if form.is_valid(): + credentials, created = UserCredentials.objects.get_or_create(user=request.user) + credentials.locators = form.cleaned_data + credentials.linked = False + credentials.save() + + return HttpResponseRedirect(resolve_url('post-login')) + else : + form = FormFactory() + + site_static_root = getattr(settings, 'SITE_STATIC_ROOT_PATH', '') + associate_static = getattr(settings, 'SITE_ASSOCIATE_STATIC', + {'css':'', 'js':''}) + + response = render(request, 'mandaye/associate.html', { + 'form': form, + 'associate_js': os.path.join(site_static_root, associate_static['js']), + 'associate_css': os.path.join(site_static_root, associate_static['css']) + }) + return response - return HttpResponseRedirect(resolve_url('post-login')) @login_required def dissociate(request, *args, **kwargs): try: c_user = UserCredentials.objects.get( user__username=request.user.username) - c_user.linked = False - c_user.save() + c_user.delete() logger.debug("{} dissacioted".format(c_user.user.username)) response = HttpResponseRedirect('/') for cookie_key in getattr(settings, 'SITE_AUTH_COOKIE_KEYS', []): @@ -137,7 +137,12 @@ def dissociate(request, *args, **kwargs): @login_required def post_login_do(request, *args, **kwargs): - credentials = get_object_or_404(UserCredentials, user=request.user) + user = User.objects.get(username=request.user.username) + try: + credentials = user.usercredentials_set.get() + except (UserCredentials.DoesNotExist,): + return HttpResponseRedirect(resolve_url('associate')) + site_static_root = os.path.join(getattr(settings, 'STATIC_ROOT'), getattr(settings, 'SITE_STATIC_ROOT_PATH', '')) site_auth_checker = getattr(settings, 'SITE_AUTH_CHECKER', '') login_info = { @@ -150,17 +155,16 @@ def post_login_do(request, *args, **kwargs): logger.debug(login_info) result = exec_phantom(login_info) logger.debug(result) + if result.get('result') != 'ok': logger.debug('authentication failed') - User = get_user_model() - user = User.objects.get(username=request.user.username) - c_user = user.usercredentials_set.get() - c_user.linked = False - c_user.save() logger.debug("redirecting to {}".format(resolve_url('associate'))) + credentials.delete() messages.error(request, _('wrong user credentials')) url = resolve_url('associate') else: + credentials.linked = True + credentials.save() url = getattr(settings, 'SITE_HOME_PATH', '/') template = Template('