Adapt user login (based on django.contrib.auth)

This commit is contained in:
Santiago L 2023-11-21 13:56:09 +01:00
parent 471e137673
commit ea632ca17f
5 changed files with 46 additions and 48 deletions

View File

@ -220,8 +220,22 @@ EMAIL_BACKEND = 'orchestra.contrib.mailer.backends.EmailBackend'
DATA_UPLOAD_MAX_NUMBER_FIELDS = None DATA_UPLOAD_MAX_NUMBER_FIELDS = None
############################
## MUSICIAN CONFIGURATION ##
############################
# Direcction than go when you login
LOGIN_REDIRECT_URL = 'musician:dashboard'
# Where requests are redirected for login
LOGIN_URL = 'musician:login'
# The URL or named URL pattern where requests are redirected after logout
LOGOUT_REDIRECT_URL = 'musician:login'
################################# #################################
## 3RD PARTY APPS CONIGURATION ## ## 3RD PARTY APPS CONFIGURATION ##
################################# #################################
# Admin Tools # Admin Tools

View File

@ -1,12 +1,13 @@
import urllib.parse import urllib.parse
import requests
from django.conf import settings from django.conf import settings
from django.contrib.auth import authenticate, login
from django.http import Http404 from django.http import Http404
from django.urls.exceptions import NoReverseMatch from django.urls.exceptions import NoReverseMatch
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
from .models import Address, DatabaseService, Domain, Mailbox, SaasService, UserAccount, WebSite from .models import (Address, DatabaseService, Domain, Mailbox, SaasService,
UserAccount, WebSite)
DOMAINS_PATH = 'domains/' DOMAINS_PATH = 'domains/'
TOKEN_PATH = '/api-token-auth/' TOKEN_PATH = '/api-token-auth/'
@ -37,14 +38,10 @@ API_PATHS = {
class Orchestra(object): class Orchestra(object):
def __init__(self, *args, username=None, password=None, **kwargs): def __init__(self, request, username=None, password=None, **kwargs):
self.base_url = kwargs.pop('base_url', settings.API_BASE_URL) self.request = request
self.username = username self.username = username
self.session = requests.Session() self.user = self.authenticate(self.username, password)
self.auth_token = kwargs.pop("auth_token", None)
if self.auth_token is None:
self.auth_token = self.authenticate(self.username, password)
def build_absolute_uri(self, path_name): def build_absolute_uri(self, path_name):
path = API_PATHS.get(path_name, None) path = API_PATHS.get(path_name, None)
@ -55,13 +52,14 @@ class Orchestra(object):
return urllib.parse.urljoin(self.base_url, path) return urllib.parse.urljoin(self.base_url, path)
def authenticate(self, username, password): def authenticate(self, username, password):
url = self.build_absolute_uri('token-auth') user = authenticate(self.request, username=username, password=password)
response = self.session.post(
url,
data={"username": username, "password": password},
)
return response.json().get("token", None) if user is not None:
login(self.request, user)
return user
# Return an 'invalid login' error message.
return None
def request(self, verb, resource=None, url=None, data=None, render_as="json", querystring=None, raise_exception=True): def request(self, verb, resource=None, url=None, data=None, render_as="json", querystring=None, raise_exception=True):
assert verb in ["HEAD", "GET", "POST", "PATCH", "PUT", "DELETE"] assert verb in ["HEAD", "GET", "POST", "PATCH", "PUT", "DELETE"]

View File

@ -6,6 +6,7 @@ from django.utils.translation import gettext_lazy as _
from . import api from . import api
class LoginForm(AuthenticationForm): class LoginForm(AuthenticationForm):
def clean(self): def clean(self):
@ -13,14 +14,13 @@ class LoginForm(AuthenticationForm):
password = self.cleaned_data.get('password') password = self.cleaned_data.get('password')
if username is not None and password: if username is not None and password:
orchestra = api.Orchestra(username=username, password=password) orchestra = api.Orchestra(self.request, username=username, password=password)
if orchestra.auth_token is None: if orchestra.user is None:
raise self.get_invalid_login_error() raise self.get_invalid_login_error()
else: else:
self.username = username self.username = username
self.token = orchestra.auth_token self.user = orchestra.user
self.user = orchestra.retrieve_profile()
return self.cleaned_data return self.cleaned_data

View File

@ -1,9 +1,10 @@
from django.contrib.auth.mixins import UserPassesTestMixin from django.conf import settings
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
from django.views.generic.base import ContextMixin from django.views.generic.base import ContextMixin
from django.conf import settings
from orchestra import get_version from orchestra import get_version
from . import api from . import api
from .auth import SESSION_KEY_TOKEN from .auth import SESSION_KEY_TOKEN
@ -49,30 +50,13 @@ class ExtendedPaginationMixin:
return paginate_by return paginate_by
class UserTokenRequiredMixin(UserPassesTestMixin): class UserTokenRequiredMixin(LoginRequiredMixin):
"""
Checks that the request has a token that authenticates him/her.
If the user is logged adds context variable 'profile' with its information.
"""
def test_func(self):
"""Check that the user has an authorized token."""
token = self.request.session.get(SESSION_KEY_TOKEN, None)
if token is None:
return False
# initialize orchestra api orm
self.orchestra = api.Orchestra(auth_token=token)
# verify if the token is valid
if self.orchestra.verify_credentials() is None:
return False
return True
# TODO XXX adapt this code
def get_context_data(self, **kwargs): def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs) context = super().get_context_data(**kwargs)
context.update({ context.update({
'profile': self.orchestra.retrieve_profile(), # TODO XXX
# 'profile': self.orchestra.retrieve_profile(),
}) })
return context return context

View File

@ -1,12 +1,13 @@
import datetime
import logging import logging
import smtplib import smtplib
import datetime
from django.conf import settings from django.conf import settings
from django.contrib import messages from django.contrib import messages
from django.core.exceptions import ImproperlyConfigured from django.core.exceptions import ImproperlyConfigured
from django.core.mail import mail_managers from django.core.mail import mail_managers
from django.http import HttpResponse, HttpResponseNotFound, HttpResponseRedirect from django.http import (HttpResponse, HttpResponseNotFound,
HttpResponseRedirect)
from django.urls import reverse_lazy from django.urls import reverse_lazy
from django.utils import translation from django.utils import translation
from django.utils.html import format_html from django.utils.html import format_html
@ -20,9 +21,11 @@ from django.views.generic.list import ListView
from requests.exceptions import HTTPError from requests.exceptions import HTTPError
from orchestra import get_version from orchestra import get_version
from .auth import login as auth_login
# from .auth import login as auth_login
from .auth import logout as auth_logout from .auth import logout as auth_logout
from .forms import LoginForm, MailboxChangePasswordForm, MailboxCreateForm, MailboxUpdateForm, MailForm from .forms import (LoginForm, MailboxChangePasswordForm, MailboxCreateForm,
MailboxUpdateForm, MailForm)
from .mixins import (CustomContextMixin, ExtendedPaginationMixin, from .mixins import (CustomContextMixin, ExtendedPaginationMixin,
UserTokenRequiredMixin) UserTokenRequiredMixin)
from .models import (Address, Bill, DatabaseService, Mailbox, from .models import (Address, Bill, DatabaseService, Mailbox,
@ -553,7 +556,6 @@ class LoginView(FormView):
def form_valid(self, form): def form_valid(self, form):
"""Security check complete. Log the user in.""" """Security check complete. Log the user in."""
auth_login(self.request, form.username, form.token)
# set user language as active language # set user language as active language
user_language = form.user.language user_language = form.user.language