from django.http import HttpResponseRedirect from django.shortcuts import render from django.urls import reverse_lazy from django.utils.http import is_safe_url from django.views.generic.base import RedirectView, TemplateView from django.views.generic.edit import FormView from . import api, get_version from .auth import login as auth_login from .auth import logout as auth_logout from .forms import LoginForm from .mixins import CustomContextMixin, UserTokenRequiredMixin class DashboardView(CustomContextMixin, UserTokenRequiredMixin, TemplateView): template_name = "musician/dashboard.html" def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) # TODO retrieve all data needed from orchestra raw_domains = self.orchestra.retrieve_domains() context.update({ 'domains': raw_domains }) return context class MailView(CustomContextMixin, UserTokenRequiredMixin, TemplateView): template_name = "musician/mail.html" class MailingListsView(CustomContextMixin, UserTokenRequiredMixin, TemplateView): template_name = "musician/mailinglists.html" class DatabasesView(CustomContextMixin, UserTokenRequiredMixin, TemplateView): template_name = "musician/databases.html" class SaasView(CustomContextMixin, UserTokenRequiredMixin, TemplateView): template_name = "musician/saas.html" class LoginView(FormView): template_name = 'auth/login.html' form_class = LoginForm success_url = reverse_lazy('musician:dashboard') redirect_field_name = 'next' extra_context = {'version': get_version()} def get_form_kwargs(self): kwargs = super().get_form_kwargs() kwargs['request'] = self.request return kwargs def form_valid(self, form): """Security check complete. Log the user in.""" auth_login(self.request, form.username, form.token) return HttpResponseRedirect(self.get_success_url()) def get_success_url(self): url = self.get_redirect_url() return url or self.success_url def get_redirect_url(self): """Return the user-originating redirect URL if it's safe.""" redirect_to = self.request.POST.get( self.redirect_field_name, self.request.GET.get(self.redirect_field_name, '') ) url_is_safe = is_safe_url( url=redirect_to, allowed_hosts={self.request.get_host()}, require_https=self.request.is_secure(), ) return redirect_to if url_is_safe else '' def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) context.update({ self.redirect_field_name: self.get_redirect_url(), **(self.extra_context or {}) }) return context class LogoutView(RedirectView): """ Log out the user. """ permanent = False pattern_name = 'musician:login' def get_redirect_url(self, *args, **kwargs): """ Logs out the user. """ auth_logout(self.request) return super().get_redirect_url(*args, **kwargs) def post(self, request, *args, **kwargs): """Logout may be done via POST.""" return self.get(request, *args, **kwargs)