From da5568b5714ed68681fbdf001b2358a56e5a1ad5 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 25 Feb 2019 13:02:50 +0100 Subject: [PATCH] cleanup, fix Permission Denied when Cancelling login, fix display of messages on login template --- passbook/core/auth/view.py | 7 +- passbook/core/templates/base/skeleton.html | 6 ++ passbook/core/templates/login/base.html | 82 ++++++++++++---------- passbook/core/templates/login/form.html | 1 - passbook/core/views/authentication.py | 3 +- passbook/otp/factors.py | 12 +++- passbook/otp/templates/otp/factor.html | 8 +++ passbook/otp/views.py | 4 +- 8 files changed, 73 insertions(+), 50 deletions(-) create mode 100644 passbook/otp/templates/otp/factor.html diff --git a/passbook/core/auth/view.py b/passbook/core/auth/view.py index a63561aba..74914e91b 100644 --- a/passbook/core/auth/view.py +++ b/passbook/core/auth/view.py @@ -9,6 +9,7 @@ from django.views.generic import View from passbook.core.models import Factor, User from passbook.core.views.utils import PermissionDeniedView from passbook.lib.utils.reflection import class_to_path, path_to_class +from passbook.lib.utils.urls import is_url_absolute LOGGER = getLogger(__name__) @@ -39,7 +40,6 @@ class AuthenticationView(UserPassesTestMixin, View): return redirect(reverse('passbook_core:overview')) def dispatch(self, request, *args, **kwargs): - print(request.session.keys()) # Extract pending user from session (only remember uid) if AuthenticationView.SESSION_PENDING_USER in request.session: self.pending_user = get_object_or_404( @@ -122,7 +122,9 @@ class AuthenticationView(UserPassesTestMixin, View): LOGGER.debug("Logged in user %s", self.pending_user) # Cleanup self._cleanup() - # TODO: ?next=... + next_param = self.request.GET.get('next', None) + if next_param and is_url_absolute(next_param): + return redirect(next_param) return redirect(reverse('passbook_core:overview')) def _cleanup(self): @@ -132,7 +134,6 @@ class AuthenticationView(UserPassesTestMixin, View): for key in session_keys: if key in self.request.session: del self.request.session[key] - print(self.request.session.keys()) LOGGER.debug("Cleaned up sessions") class FactorPermissionDeniedView(PermissionDeniedView): diff --git a/passbook/core/templates/base/skeleton.html b/passbook/core/templates/base/skeleton.html index 5334d5a0c..038d0a5f6 100644 --- a/passbook/core/templates/base/skeleton.html +++ b/passbook/core/templates/base/skeleton.html @@ -15,6 +15,12 @@ + {% block head %} {% endblock %} diff --git a/passbook/core/templates/login/base.html b/passbook/core/templates/login/base.html index d35db2556..429f90c62 100644 --- a/passbook/core/templates/login/base.html +++ b/passbook/core/templates/login/base.html @@ -5,53 +5,57 @@ {% block head %} {% endblock %} {% block body %}
-
-
-
- +
- {% block row %} -
-
- {% block card %} - {% endblock %} -
- -
- {% endblock %} +
+ {% include 'partials/messages.html' %} +
+
+ +
+ {% block row %} +
+
+ {% block card %} + {% endblock %} +
+ +
+ {% endblock %} +
+
-
-
-
+
{% endblock %} diff --git a/passbook/core/templates/login/form.html b/passbook/core/templates/login/form.html index b12c9ae41..13d264fcf 100644 --- a/passbook/core/templates/login/form.html +++ b/passbook/core/templates/login/form.html @@ -7,7 +7,6 @@

{% trans title %}

-{% include 'partials/messages.html' %}
{% csrf_token %} {% block above_form %} diff --git a/passbook/core/views/authentication.py b/passbook/core/views/authentication.py index cb4466ace..b2d4d47df 100644 --- a/passbook/core/views/authentication.py +++ b/passbook/core/views/authentication.py @@ -62,8 +62,7 @@ class LoginView(UserPassesTestMixin, FormView): if not pre_user: # No user found return self.invalid_login(self.request) - if AuthenticationView.SESSION_FACTOR in self.request.session: - del self.request.session[AuthenticationView.SESSION_FACTOR] + self.request.session.flush() self.request.session[AuthenticationView.SESSION_PENDING_USER] = pre_user.pk return redirect(reverse('passbook_core:auth-process')) diff --git a/passbook/otp/factors.py b/passbook/otp/factors.py index 69bcd224c..3b7bdfb54 100644 --- a/passbook/otp/factors.py +++ b/passbook/otp/factors.py @@ -15,9 +15,14 @@ LOGGER = getLogger(__name__) class OTPFactor(FormView, AuthenticationFactor): """OTP Factor View""" - template_name = 'login/form_with_user.html' + template_name = 'otp/factor.html' form_class = OTPVerifyForm + def get_context_data(self, **kwargs): + kwargs = super().get_context_data(**kwargs) + kwargs['title'] = _('Enter Verification Code') + return kwargs + def get(self, request, *args, **kwargs): """Check if User has OTP enabled and if OTP is enforced""" if not user_has_device(self.pending_user): @@ -27,7 +32,8 @@ class OTPFactor(FormView, AuthenticationFactor): LOGGER.debug("OTP is enforced, redirecting to setup") request.user = self.pending_user LOGGER.debug("Passing GET to EnableView") - return EnableView().dispatch(request) + messages.info(request, _('OTP is enforced. Please setup OTP.')) + return EnableView.as_view()(request) LOGGER.debug("OTP is not enforced, skipping form") return self.authenticator.user_ok() return super().get(request, *args, **kwargs) @@ -37,7 +43,7 @@ class OTPFactor(FormView, AuthenticationFactor): if OTP_SETTING_UP_KEY in request.session: LOGGER.debug("Passing POST to EnableView") request.user = self.pending_user - return EnableView().dispatch(request) + return EnableView.as_view()(request) return super().post(self, request, *args, **kwargs) def form_valid(self, form: OTPVerifyForm): diff --git a/passbook/otp/templates/otp/factor.html b/passbook/otp/templates/otp/factor.html new file mode 100644 index 000000000..c95f13cbe --- /dev/null +++ b/passbook/otp/templates/otp/factor.html @@ -0,0 +1,8 @@ +{% extends 'login/form_with_user.html' %} + +{% load i18n %} + +{% block above_form %} +{{ block.super }} +

{% trans 'Enter the Verification Code from your Authenticator App.' %}

+{% endblock %} diff --git a/passbook/otp/views.py b/passbook/otp/views.py index 4b0fa9dc7..d79f302fd 100644 --- a/passbook/otp/views.py +++ b/passbook/otp/views.py @@ -107,8 +107,8 @@ class EnableView(LoginRequiredMixin, FormView): self.static_device = StaticDevice(user=request.user, confirmed=False) self.static_device.save() # Create 9 tokens and save them - # pylint: disable=unused-variable - for counter in range(0, 9): + # TODO: Send static tokens via E-Mail + for _counter in range(0, 9): token = StaticToken(device=self.static_device, token=StaticToken.random_token()) token.save() else: