Coverage for crateweb/core/auth_views.py: 43%
30 statements
« prev ^ index » next coverage.py v7.8.0, created at 2025-08-27 10:34 -0500
1"""
2crate_anon/crateweb/core/auth_views.py
4===============================================================================
6 Copyright (C) 2015, University of Cambridge, Department of Psychiatry.
7 Created by Rudolf Cardinal (rnc1001@cam.ac.uk).
9 This file is part of CRATE.
11 CRATE is free software: you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation, either version 3 of the License, or
14 (at your option) any later version.
16 CRATE is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with CRATE. If not, see <https://www.gnu.org/licenses/>.
24===============================================================================
26**Authentication views.**
28"""
30import logging
31from urllib.parse import quote_plus
33from django.contrib.auth import login, logout, update_session_auth_hash
34from django.contrib.auth.forms import AuthenticationForm, PasswordChangeForm
35from django.http import HttpResponse, HttpResponseRedirect
36from django.http.request import HttpRequest
37from django.shortcuts import redirect, render
38from django.urls import reverse
40from crate_anon.crateweb.config.constants import UrlNames, UrlKeys
42log = logging.getLogger(__name__)
45def login_view(request: HttpRequest) -> HttpResponse:
46 """
47 Main login view.
48 """
49 # don't call it login (name clash with django.contrib.auth.login)
50 # https://www.fir3net.com/Web-Development/Django/django.html
51 # http://www.flagonwiththedragon.com/2011/06/16/django-authenticationform-for-user-login/ # noqa: E501
52 # https://stackoverflow.com/questions/16750464/django-redirect-after-login-not-working-next-not-posting # noqa: E501
54 # Where to after a successful login?
55 # noinspection PyCallByClass,PyTypeChecker
56 nextpage = request.GET.get(UrlKeys.NEXT, reverse(UrlNames.HOME))
57 nextpage_quoted = quote_plus(nextpage)
58 # log.debug(f"login_view: nextpage: {nextpage}")
59 # log.debug(f"login_view: nextpage_quoted: {nextpage_quoted}")
61 if request.user.is_authenticated:
62 # Authenticated, en route somewhere else.
63 return HttpResponseRedirect(nextpage)
64 # Otherwise, not authenticated. Offer an authentication form.
65 form = AuthenticationForm(
66 None, request.POST if request.method == "POST" else None
67 )
68 if form.is_valid():
69 # ... the form handles a bunch of user validation
70 login(request, form.get_user())
71 return HttpResponseRedirect(nextpage)
72 return render(
73 request,
74 "login.html",
75 {
76 "form": form,
77 "next": nextpage_quoted,
78 },
79 )
82def logout_view(request: HttpRequest) -> HttpResponse:
83 """
84 "You have logged out" view.
85 """
86 logout(request)
87 return render(request, "logged_out.html")
90def password_change(request: HttpRequest) -> HttpResponse:
91 """
92 View to change your password.
93 """
94 # https://docs.djangoproject.com/en/1.8/topics/auth/default/#module-django.contrib.auth.forms # noqa: E501
95 form = PasswordChangeForm(
96 data=request.POST if request.method == "POST" else None,
97 user=request.user,
98 )
99 if form.is_valid():
100 form.save()
101 update_session_auth_hash(request, form.user)
102 # ... so the user isn't immediately logged out
103 return redirect(UrlNames.HOME)
104 return render(request, "password_change.html", {"form": form})
107# No password_reset function yet (would use PasswordResetForm)
108# ... that's to reset forgotten passwords.