from django.contrib.auth.decorators import login_required
from django.shortcuts import get_object_or_404, redirect, render
from django.contrib import messages
from django.core.exceptions import PermissionDenied
from django.conf import settings
from django.http import HttpResponse, HttpResponseBadRequest
from django.views.decorators.http import require_POST
from django.views.decorators.csrf import csrf_exempt
from django.contrib.auth import authenticate, get_user_model
from .forms import UserForm, ProfileForm
@login_required
def profile(request):
user_form = UserForm(request.POST or None, instance=request.user)
profile_form = ProfileForm(request.POST or None, instance=request.user.profile)
forms = [user_form, profile_form]
if request.method == 'POST' and all(form.is_valid() for form in forms):
for form in forms:
form.save()
messages.success(request, 'Profil mis à jour avec succès !')
return redirect('profile')
return render(request, 'accounts/profile.html', {
'user_form': user_form,
'profile_form': profile_form,
})
@require_POST
@csrf_exempt
def auth_api(request, token):
# token could not be None due to url regex
if token != getattr(settings, 'AUTH_API_TOKEN', None):
raise PermissionDenied
username = request.POST.get('username')
if not username:
return HttpResponseBadRequest()
password = request.POST.get('password')
if password:
user = authenticate(username=username, password=password)
if user is None:
return HttpResponse('401 Unauthorized
', status=401)
else:
user = get_object_or_404(get_user_model(), username=username)
required_groups = request.POST.get('groups')
if required_groups and not user.is_superuser: # skip groups check for superusers
required_groups = set(required_groups.split(' '))
user_groups = set(map(lambda g: g.name, user.groups.all()))
if required_groups - user_groups:
return HttpResponse('401 Unauthorized
', status=401)
return HttpResponse()