Accueil Explorer Aide
Connexion
tetaneutral.net
/
djadhere
5
1
Fork 1
Fichiers Tickets 14 Pull Requests 2 Wiki
Aborescence: 095491d219
Branches Tags
djadhere
/
accounts
/
views.py

views.py 2.1 KB
Historique Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152 
  1. from django.contrib.auth.decorators import login_required
    2. 

  2. from django.shortcuts import get_object_or_404, redirect, render
    3. 

  3. from django.contrib import messages
    4. 

  4. from django.core.exceptions import PermissionDenied
    5. 

  5. from django.conf import settings
    6. 

  6. from django.http import HttpResponse, HttpResponseBadRequest
    7. 

  7. from django.views.decorators.http import require_POST
    8. 

  8. from django.views.decorators.csrf import csrf_exempt
    9. 

  9. from django.contrib.auth import authenticate, get_user_model
    10. 

  10. 

  11. from .forms import UserForm, ProfileForm
    12. 

  12. 

  13. 

  14. @login_required
    15. 

  15. def profile(request):
    16. 

  16.     user_form = UserForm(request.POST or None, instance=request.user)
    17. 

  17.     profile_form = ProfileForm(request.POST or None, instance=request.user.profile)
    18. 

  18.     forms = [user_form, profile_form]
    19. 

  19.     if request.method == 'POST' and all(form.is_valid() for form in forms):
    20. 

  20.         for form in forms:
    21. 

  21.             form.save()
    22. 

  22.         messages.success(request, 'Profil mis à jour avec succès !')
    23. 

  23.         return redirect('profile')
    24. 

  24.     return render(request, 'accounts/profile.html', {
    25. 

  25.         'user_form': user_form,
    26. 

  26.         'profile_form': profile_form,
    27. 

  27.     })
    28. 

  28. 

  29. 

  30. @require_POST
    31. 

  31. @csrf_exempt
    32. 

  32. def auth_api(request, token):
    33. 

  33.     # token could not be None due to url regex
    34. 

  34.     if token != getattr(settings, 'AUTH_API_TOKEN', None):
    35. 

  35.         raise PermissionDenied
    36. 

  36.     username = request.POST.get('username')
    37. 

  37.     if not username:
    38. 

  38.         return HttpResponseBadRequest()
    39. 

  39.     password = request.POST.get('password')
    40. 

  40.     if password:
    41. 

  41.         user = authenticate(username=username, password=password)
    42. 

  42.         if user is None:
    43. 

  43.             return HttpResponse('<h1>401 Unauthorized</h1>', status=401)
    44. 

  44.     else:
    45. 

  45.         user = get_object_or_404(get_user_model(), username=username)
    46. 

  46.     required_groups = request.POST.get('groups')
    47. 

  47.     if required_groups and not user.is_superuser: # skip groups check for superusers
    48. 

  48.         required_groups = set(required_groups.split(' '))
    49. 

  49.         user_groups = set(map(lambda g: g.name, user.groups.all()))
    50. 

  50.         if required_groups - user_groups:
    51. 

  51.             return HttpResponse('<h1>401 Unauthorized</h1>', status=401)
    52. 

  52.     return HttpResponse()
    53.