Commit d6f74c2c authored by Jean-Baptiste Pasquier's avatar Jean-Baptiste Pasquier

Merge branch 'register_redirect' into 'master'

Register redirect

See merge request !44
parents 11375430 e55cdd37
Pipeline #7196 passed with stage
in 27 seconds
...@@ -5,12 +5,12 @@ from django.conf.urls import url, include ...@@ -5,12 +5,12 @@ from django.conf.urls import url, include
from django.contrib.auth.models import Group from django.contrib.auth.models import Group
from django.views.decorators.csrf import csrf_exempt from django.views.decorators.csrf import csrf_exempt
from django_registration.backends.activation.views import RegistrationView
from djangoldp.permissions import LDPPermissions from djangoldp.permissions import LDPPermissions
from djangoldp.views import LDPViewSet from djangoldp.views import LDPViewSet
from djangoldp_account.forms import LDPUserForm from djangoldp_account.forms import LDPUserForm
from .models import ChatProfile, Account from .models import ChatProfile, Account
from .views import userinfocustom, RPLoginView, RPLoginCallBackView, check_user, LDPAccountLoginView, RedirectView from .views import userinfocustom, RPLoginView, RPLoginCallBackView, check_user, LDPAccountLoginView, RedirectView, \
LDPAccountRegsitrationView
Group._meta.serializer_fields = ['name'] Group._meta.serializer_fields = ['name']
Group._meta.anonymous_perms = getattr(settings, 'GROUP_ANONYMOUS_PERMISSIONS', ['view']) Group._meta.anonymous_perms = getattr(settings, 'GROUP_ANONYMOUS_PERMISSIONS', ['view'])
...@@ -24,7 +24,7 @@ urlpatterns = [ ...@@ -24,7 +24,7 @@ urlpatterns = [
) )
), ),
url(r'^auth/register/$', url(r'^auth/register/$',
RegistrationView.as_view( LDPAccountRegsitrationView.as_view(
form_class=LDPUserForm form_class=LDPUserForm
), ),
name='django_registration_register', name='django_registration_register',
......
...@@ -4,5 +4,9 @@ ...@@ -4,5 +4,9 @@
{% block content %} {% block content %}
{% url 'login' as auth_login_url %} {% url 'login' as auth_login_url %}
<h1 class="text-center">{% trans "Thanks, activation complete!" %}</h1> <h1 class="text-center">{% trans "Thanks, activation complete!" %}</h1>
<p class="text-center">{% trans "You may now <a href='{{ auth_login_url }}'>login</a> using the username and password you set at registration." %}</p> <p class="text-center">
{% blocktrans %}
You may now <a href='{{ auth_login_url }}'>login</a> using the username and password you set at registration.
{% endblocktrans %}
</p>
{% endblock %} {% endblock %}
...@@ -12,6 +12,7 @@ ...@@ -12,6 +12,7 @@
{% block content %} {% block content %}
<table> <table>
<form method='post' action=''>{% csrf_token %} <form method='post' action=''>{% csrf_token %}
<input type="hidden" name="next" value="{{ next }}"/>
{{ form }} {{ form }}
<tr> <tr>
<td></td> <td></td>
......
...@@ -61,7 +61,7 @@ ...@@ -61,7 +61,7 @@
<div class="flex-column"> <div class="flex-column">
<p class="other-login-title text-center">{% trans "Doesn't have an account yet?" %}</p> <p class="other-login-title text-center">{% trans "Doesn't have an account yet?" %}</p>
<a class="sib-link sib-register-link" href="{% url 'django_registration_register' %}">{% trans "Register now!" %}</a> <a class="sib-link sib-register-link" href="{% url 'django_registration_register' %}?next={{next|urlencode}}">{% trans "Register now!" %}</a>
</div> </div>
</div> </div>
{% endblock %} {% endblock %}
from django.http import HttpResponse, JsonResponse, HttpResponseRedirect, HttpResponseNotFound from django.http import HttpResponse, JsonResponse, HttpResponseRedirect, HttpResponseNotFound
from django.views import View from django.views import View
from django.contrib.auth.views import LoginView from django.contrib.auth import get_user_model
from django.contrib.auth.views import LoginView, SuccessURLAllowedHostsMixin
from django.shortcuts import redirect, render from django.shortcuts import redirect, render
from django.urls import reverse from django.urls import reverse
from django.utils.http import (
is_safe_url, urlsafe_base64_decode,
)
from django_registration.backends.activation.views import RegistrationView
from djangoldp_account import settings from djangoldp_account import settings
from djangoldp_account.endpoints.rp_login import RPLoginCallBackEndpoint, RPLoginEndpoint from djangoldp_account.endpoints.rp_login import RPLoginCallBackEndpoint, RPLoginEndpoint
...@@ -44,6 +49,20 @@ def check_user(request, *args, **kwargs): ...@@ -44,6 +49,20 @@ def check_user(request, *args, **kwargs):
return HttpResponseNotFound() return HttpResponseNotFound()
# auxiliary function to set a user's default_redirect_uri
def _set_default_redirect_uri(user, redirect_uri):
from django.conf import settings
if redirect_uri is not None and len(redirect_uri) > 1 and redirect_uri != settings.LOGIN_REDIRECT_URL \
and hasattr(user, 'default_redirect_uri'):
try:
user.default_redirect_uri = redirect_uri
user.save()
# if the URL is too long, or invalid, we can just move on
except:
pass
class RedirectView(View): class RedirectView(View):
""" """
View for managing where to redirect the user after a successful login View for managing where to redirect the user after a successful login
...@@ -75,20 +94,54 @@ class LDPAccountLoginView(LoginView): ...@@ -75,20 +94,54 @@ class LDPAccountLoginView(LoginView):
""" """
# Save login url as preferred redirect # Save login url as preferred redirect
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):
from django.conf import settings
return_value = super(LDPAccountLoginView, self).post(request, *args, **kwargs) return_value = super(LDPAccountLoginView, self).post(request, *args, **kwargs)
# if the user has 'next' set which is not default, update their preference # if the user has 'next' set which is not default, update their preference
next = request.POST.get('next') next = request.POST.get('next')
if next is not None and len(next) > 1 and next != settings.LOGIN_REDIRECT_URL\
and request.user.is_authenticated: _set_default_redirect_uri(request.user, next)
try:
request.user.default_redirect_uri = next return return_value
request.user.save()
# if the URL is too long, or invalid, we can just move on
except: class LDPAccountRegsitrationView(SuccessURLAllowedHostsMixin, RegistrationView):
pass """
Extension of django-registration's RegistrationView for managing user's default_redirect_uri
"""
def get_redirect_url(self):
"""Return the user-originating redirect URL if it's safe."""
redirect_to = self.request.POST.get(
'next',
self.request.GET.get('next', '')
)
url_is_safe = is_safe_url(
url=redirect_to,
allowed_hosts=self.get_success_url_allowed_hosts(),
require_https=self.request.is_secure(),
)
return redirect_to if url_is_safe else ''
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
context.update({
'next': self.get_redirect_url(),
})
return context
def post(self, request, *args, **kwargs):
return_value = super(LDPAccountRegsitrationView, self).post(request, *args, **kwargs)
# if the user has 'next' set which is not default, update their preference
next = request.POST.get('next', '')
username = request.POST.get('username')
# fetch the user which should now be created
try:
user = get_user_model().objects.get(username=username)
except get_user_model().DoesNotExist:
return return_value
_set_default_redirect_uri(user, next)
return return_value return return_value
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment