core: cleanup

passbook/core/models.py

@@ -64,7 +64,8 @@ class Application(RuleModel):
 
     def user_is_authorized(self, user: User) -> bool:
         """Check if user is authorized to use this application"""
-        raise NotImplementedError()
+        from passbook.core.rules import RuleEngine
+        return RuleEngine(self).for_user(user).result
 
     def __str__(self):
         return self.name

passbook/core/views/access.py

@@ -1,6 +1,10 @@
 """passbook access helper classes"""
 from logging import getLogger
 
+from django.http import Http404
+
+from passbook.core.models import Application
+
 LOGGER = getLogger(__name__)
 
 class AccessMixin:
@@ -9,7 +13,12 @@ class AccessMixin:
 
     def provider_to_application(self, provider):
         """Lookup application assigned to provider, throw error if no application assigned"""
+        try:
             return provider.application
+        except Application.DoesNotExist as exc:
+            # TODO: Log that no provider has no application assigned
+            LOGGER.warning('Provider "%s" has no application assigned...', provider)
+            raise Http404 from exc
 
     def user_has_access(self, application, user):
         """Check if user has access to application."""

passbook/core/views/authentication.py

@@ -26,7 +26,17 @@ class LoginView(UserPassesTestMixin, FormView):
 
     # Allow only not authenticated users to login
     def test_func(self):
-        return not self.request.user.is_authenticated
+        return self.request.user.is_authenticated is False
+
+    def handle_no_permission(self):
+        return self.logged_in_redirect()
+
+    def logged_in_redirect(self):
+        """User failed check so user is authenticated already.
+        Either redirect to ?next param or home."""
+        if 'next' in self.request.GET:
+            return redirect(self.request.GET.get('next'))
+        return redirect(reverse('passbook_core:overview'))
 
     def get_context_data(self, **kwargs):
         kwargs['config'] = CONFIG.get('passbook')
@@ -80,11 +90,7 @@ class LoginView(UserPassesTestMixin, FormView):
             request.session.set_expiry(0)  # Expires when browser is closed
         messages.success(request, _("Successfully logged in!"))
         LOGGER.debug("Successfully logged in %s", user.username)
-        # Check if there is a next GET parameter and redirect to that
-        if 'next' in request.GET:
-            return redirect(request.GET.get('next'))
-        # Otherwise just index
-        return redirect(reverse('passbook_core:overview'))
+        return self.logged_in_redirect()
 
     def invalid_login(self, request: HttpRequest, disabled_user: User = None) -> HttpResponse:
         """Handle login for disabled users/invalid login attempts"""

passbook/oauth_client/backends.py

@@ -19,8 +19,6 @@ class AuthorizedServiceBackend(ModelBackend):
                 source_q, identifier=identifier
             ).select_related('user')[0]
         except IndexError:
-            print('hmm')
             return None
         else:
-            print('a')
             return access.user

passbook/oauth_client/views/core.py

@@ -1,17 +1,14 @@
 """Core OAauth Views"""
 
-import base64
-import hashlib
 from logging import getLogger
 
 from django.conf import settings
 from django.contrib import messages
-from django.contrib.auth import authenticate, get_user_model, login
+from django.contrib.auth import authenticate, login
 from django.contrib.auth.mixins import LoginRequiredMixin
 from django.http import Http404
 from django.shortcuts import get_object_or_404, redirect, render
 from django.urls import reverse
-from django.utils.encoding import force_text, smart_bytes
 from django.utils.translation import ugettext as _
 from django.views.generic import RedirectView, View
 

setup.cfg

@@ -0,0 +1,3 @@
+[pycodestyle]
+ignore = E731,E121
+max-line-length = 100