1
2
from django.conf import settings
2
3
from django.contrib.auth import REDIRECT_FIELD_NAME
4
# Avoid shadowing the login() view below.
5
from django.contrib.auth import login as auth_login
3
6
from django.contrib.auth.decorators import login_required
4
7
from django.contrib.auth.forms import AuthenticationForm
5
8
from django.contrib.auth.forms import PasswordResetForm, SetPasswordForm, PasswordChangeForm
6
9
from django.contrib.auth.tokens import default_token_generator
10
from django.views.decorators.csrf import csrf_protect
7
11
from django.core.urlresolvers import reverse
8
12
from django.shortcuts import render_to_response, get_object_or_404
9
13
from django.contrib.sites.models import Site, RequestSite
14
18
from django.contrib.auth.models import User
15
19
from django.views.decorators.cache import never_cache
17
def login(request, template_name='registration/login.html', redirect_field_name=REDIRECT_FIELD_NAME):
18
"Displays the login form and handles the login action."
23
def login(request, template_name='registration/login.html',
24
redirect_field_name=REDIRECT_FIELD_NAME,
25
authentication_form=AuthenticationForm):
26
"""Displays the login form and handles the login action."""
19
28
redirect_to = request.REQUEST.get(redirect_field_name, '')
20
30
if request.method == "POST":
21
form = AuthenticationForm(data=request.POST)
31
form = authentication_form(data=request.POST)
22
32
if form.is_valid():
23
33
# Light security check -- make sure redirect_to isn't garbage.
24
if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
34
if not redirect_to or ' ' in redirect_to:
25
35
redirect_to = settings.LOGIN_REDIRECT_URL
26
from django.contrib.auth import login
27
login(request, form.get_user())
37
# Heavier security check -- redirects to http://example.com should
38
# not be allowed, but things like /view/?param=http://example.com
39
# should be allowed. This regex checks if there is a '//' *before* a
41
elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to):
42
redirect_to = settings.LOGIN_REDIRECT_URL
44
# Okay, security checks complete. Log the user in.
45
auth_login(request, form.get_user())
28
47
if request.session.test_cookie_worked():
29
48
request.session.delete_test_cookie()
30
50
return HttpResponseRedirect(redirect_to)
32
form = AuthenticationForm(request)
53
form = authentication_form(request)
33
55
request.session.set_test_cookie()
34
57
if Site._meta.installed:
35
58
current_site = Site.objects.get_current()
37
60
current_site = RequestSite(request)
38
62
return render_to_response(template_name, {
40
64
redirect_field_name: redirect_to,
41
65
'site': current_site,
42
66
'site_name': current_site.name,
43
67
}, context_instance=RequestContext(request))
44
login = never_cache(login)
46
69
def logout(request, next_page=None, template_name='registration/logged_out.html', redirect_field_name=REDIRECT_FIELD_NAME):
47
70
"Logs out the user and displays 'You are logged out' message."
78
101
# prompts for a new password
79
102
# - password_reset_complete shows a success message for the above
81
105
def password_reset(request, is_admin_site=False, template_name='registration/password_reset_form.html',
82
106
email_template_name='registration/password_reset_email.html',
83
107
password_reset_form=PasswordResetForm, token_generator=default_token_generator,
107
131
def password_reset_done(request, template_name='registration/password_reset_done.html'):
108
132
return render_to_response(template_name, context_instance=RequestContext(request))
134
# Doesn't need csrf_protect since no-one can guess the URL
110
135
def password_reset_confirm(request, uidb36=None, token=None, template_name='registration/password_reset_confirm.html',
111
136
token_generator=default_token_generator, set_password_form=SetPasswordForm,
112
137
post_reset_redirect=None):
138
163
context_instance['validlink'] = False
140
context_instance['form'] = form
165
context_instance['form'] = form
141
166
return render_to_response(template_name, context_instance=context_instance)
143
168
def password_reset_complete(request, template_name='registration/password_reset_complete.html'):
144
169
return render_to_response(template_name, context_instance=RequestContext(request,
145
170
{'login_url': settings.LOGIN_URL}))
147
174
def password_change(request, template_name='registration/password_change_form.html',
148
post_change_redirect=None):
175
post_change_redirect=None, password_change_form=PasswordChangeForm):
149
176
if post_change_redirect is None:
150
177
post_change_redirect = reverse('django.contrib.auth.views.password_change_done')
151
178
if request.method == "POST":
152
form = PasswordChangeForm(request.user, request.POST)
179
form = password_change_form(user=request.user, data=request.POST)
153
180
if form.is_valid():
155
182
return HttpResponseRedirect(post_change_redirect)
157
form = PasswordChangeForm(request.user)
184
form = password_change_form(user=request.user)
158
185
return render_to_response(template_name, {
160
187
}, context_instance=RequestContext(request))
161
password_change = login_required(password_change)
163
189
def password_change_done(request, template_name='registration/password_change_done.html'):
164
190
return render_to_response(template_name, context_instance=RequestContext(request))