lib/django-1.3/django/contrib/auth/views.py - external/googleappengine/python - Git at Google

 import urlparse

 from django.conf import settings
 from django.core.urlresolvers import reverse
 from django.http import HttpResponseRedirect, QueryDict
 from django.shortcuts import render_to_response
 from django.template import RequestContext
 from django.utils.http import base36_to_int
 from django.utils.translation import ugettext as _
 from django.views.decorators.cache import never_cache
 from django.views.decorators.csrf import csrf_protect

 # Avoid shadowing the login() and logout() views below.
 from django.contrib.auth import REDIRECT_FIELD_NAME, login as auth_login, logout as auth_logout
 from django.contrib.auth.decorators import login_required
 from django.contrib.auth.forms import AuthenticationForm, PasswordResetForm, SetPasswordForm, PasswordChangeForm
 from django.contrib.auth.models import User
 from django.contrib.auth.tokens import default_token_generator
 from django.contrib.sites.models import get_current_site


 @csrf_protect
 @never_cache
 def login(request, template_name='registration/login.html',
           redirect_field_name=REDIRECT_FIELD_NAME,
           authentication_form=AuthenticationForm,
           current_app=None, extra_context=None):
     """
     Displays the login form and handles the login action.
     """
     redirect_to = request.REQUEST.get(redirect_field_name, '')

     if request.method == "POST":
         form = authentication_form(data=request.POST)
         if form.is_valid():
             netloc = urlparse.urlparse(redirect_to)[1]

             # Use default setting if redirect_to is empty
             if not redirect_to:
                 redirect_to = settings.LOGIN_REDIRECT_URL

             # Security check -- don't allow redirection to a different
             # host.
             elif netloc and netloc != request.get_host():
                 redirect_to = settings.LOGIN_REDIRECT_URL

             # Okay, security checks complete. Log the user in.
             auth_login(request, form.get_user())

             if request.session.test_cookie_worked():
                 request.session.delete_test_cookie()

             return HttpResponseRedirect(redirect_to)
     else:
         form = authentication_form(request)

     request.session.set_test_cookie()

     current_site = get_current_site(request)

     context = {
         'form': form,
         redirect_field_name: redirect_to,
         'site': current_site,
         'site_name': current_site.name,
     }
     context.update(extra_context or {})
     return render_to_response(template_name, context,
                               context_instance=RequestContext(request, current_app=current_app))

 def logout(request, next_page=None,
            template_name='registration/logged_out.html',
            redirect_field_name=REDIRECT_FIELD_NAME,
            current_app=None, extra_context=None):
     """
     Logs out the user and displays 'You are logged out' message.
     """
     auth_logout(request)
     redirect_to = request.REQUEST.get(redirect_field_name, '')
     if redirect_to:
         netloc = urlparse.urlparse(redirect_to)[1]
         # Security check -- don't allow redirection to a different host.
         if not (netloc and netloc != request.get_host()):
             return HttpResponseRedirect(redirect_to)

     if next_page is None:
         current_site = get_current_site(request)
         context = {
             'site': current_site,
             'site_name': current_site.name,
             'title': _('Logged out')
         }
         context.update(extra_context or {})
         return render_to_response(template_name, context,
                                   context_instance=RequestContext(request, current_app=current_app))
     else:
         # Redirect to this page until the session has been cleared.
         return HttpResponseRedirect(next_page or request.path)

 def logout_then_login(request, login_url=None, current_app=None, extra_context=None):
     """
     Logs out the user if he is logged in. Then redirects to the log-in page.
     """
     if not login_url:
         login_url = settings.LOGIN_URL
     return logout(request, login_url, current_app=current_app, extra_context=extra_context)

 def redirect_to_login(next, login_url=None,
                       redirect_field_name=REDIRECT_FIELD_NAME):
     """
     Redirects the user to the login page, passing the given 'next' page
     """
     if not login_url:
         login_url = settings.LOGIN_URL

     login_url_parts = list(urlparse.urlparse(login_url))
     if redirect_field_name:
         querystring = QueryDict(login_url_parts[4], mutable=True)
         querystring[redirect_field_name] = next
         login_url_parts[4] = querystring.urlencode(safe='/')

     return HttpResponseRedirect(urlparse.urlunparse(login_url_parts))

 # 4 views for password reset:
 # - password_reset sends the mail
 # - password_reset_done shows a success message for the above
 # - password_reset_confirm checks the link the user clicked and
 #   prompts for a new password
 # - password_reset_complete shows a success message for the above

 @csrf_protect
 def password_reset(request, is_admin_site=False,
                    template_name='registration/password_reset_form.html',
                    email_template_name='registration/password_reset_email.html',
                    password_reset_form=PasswordResetForm,
                    token_generator=default_token_generator,
                    post_reset_redirect=None,
                    from_email=None,
                    current_app=None,
                    extra_context=None):
     if post_reset_redirect is None:
         post_reset_redirect = reverse('django.contrib.auth.views.password_reset_done')
     if request.method == "POST":
         form = password_reset_form(request.POST)
         if form.is_valid():
             opts = {
                 'use_https': request.is_secure(),
                 'token_generator': token_generator,
                 'from_email': from_email,
                 'email_template_name': email_template_name,
                 'request': request,
             }
             if is_admin_site:
                 opts = dict(opts, domain_override=request.META['HTTP_HOST'])
             form.save(**opts)
             return HttpResponseRedirect(post_reset_redirect)
     else:
         form = password_reset_form()
     context = {
         'form': form,
     }
     context.update(extra_context or {})
     return render_to_response(template_name, context,
                               context_instance=RequestContext(request, current_app=current_app))

 def password_reset_done(request,
                         template_name='registration/password_reset_done.html',
                         current_app=None, extra_context=None):
     context = {}
     context.update(extra_context or {})
     return render_to_response(template_name, context,
                               context_instance=RequestContext(request, current_app=current_app))

 # Doesn't need csrf_protect since no-one can guess the URL
 @never_cache
 def password_reset_confirm(request, uidb36=None, token=None,
                            template_name='registration/password_reset_confirm.html',
                            token_generator=default_token_generator,
                            set_password_form=SetPasswordForm,
                            post_reset_redirect=None,
                            current_app=None, extra_context=None):
     """
     View that checks the hash in a password reset link and presents a
     form for entering a new password.
     """
     assert uidb36 is not None and token is not None # checked by URLconf
     if post_reset_redirect is None:
         post_reset_redirect = reverse('django.contrib.auth.views.password_reset_complete')
     try:
         uid_int = base36_to_int(uidb36)
         user = User.objects.get(id=uid_int)
     except (ValueError, User.DoesNotExist):
         user = None

     if user is not None and token_generator.check_token(user, token):
         validlink = True
         if request.method == 'POST':
             form = set_password_form(user, request.POST)
             if form.is_valid():
                 form.save()
                 return HttpResponseRedirect(post_reset_redirect)
         else:
             form = set_password_form(None)
     else:
         validlink = False
         form = None
     context = {
         'form': form,
         'validlink': validlink,
     }
     context.update(extra_context or {})
     return render_to_response(template_name, context,
                               context_instance=RequestContext(request, current_app=current_app))

 def password_reset_complete(request,
                             template_name='registration/password_reset_complete.html',
                             current_app=None, extra_context=None):
     context = {
         'login_url': settings.LOGIN_URL
     }
     context.update(extra_context or {})
     return render_to_response(template_name, context,
                               context_instance=RequestContext(request, current_app=current_app))

 @csrf_protect
 @login_required
 def password_change(request,
                     template_name='registration/password_change_form.html',
                     post_change_redirect=None,
                     password_change_form=PasswordChangeForm,
                     current_app=None, extra_context=None):
     if post_change_redirect is None:
         post_change_redirect = reverse('django.contrib.auth.views.password_change_done')
     if request.method == "POST":
         form = password_change_form(user=request.user, data=request.POST)
         if form.is_valid():
             form.save()
             return HttpResponseRedirect(post_change_redirect)
     else:
         form = password_change_form(user=request.user)
     context = {
         'form': form,
     }
     context.update(extra_context or {})
     return render_to_response(template_name, context,
                               context_instance=RequestContext(request, current_app=current_app))

 def password_change_done(request,
                          template_name='registration/password_change_done.html',
                          current_app=None, extra_context=None):
     context = {}
     context.update(extra_context or {})
     return render_to_response(template_name, context,
                               context_instance=RequestContext(request, current_app=current_app))
	import urlparse

	from django.conf import settings
	from django.core.urlresolvers import reverse
	from django.http import HttpResponseRedirect, QueryDict
	from django.shortcuts import render_to_response
	from django.template import RequestContext
	from django.utils.http import base36_to_int
	from django.utils.translation import ugettext as _
	from django.views.decorators.cache import never_cache
	from django.views.decorators.csrf import csrf_protect

	# Avoid shadowing the login() and logout() views below.
	from django.contrib.auth import REDIRECT_FIELD_NAME, login as auth_login, logout as auth_logout
	from django.contrib.auth.decorators import login_required
	from django.contrib.auth.forms import AuthenticationForm, PasswordResetForm, SetPasswordForm, PasswordChangeForm
	from django.contrib.auth.models import User
	from django.contrib.auth.tokens import default_token_generator
	from django.contrib.sites.models import get_current_site


	@csrf_protect
	@never_cache
	def login(request, template_name='registration/login.html',
	redirect_field_name=REDIRECT_FIELD_NAME,
	authentication_form=AuthenticationForm,
	current_app=None, extra_context=None):
	"""
	Displays the login form and handles the login action.
	"""
	redirect_to = request.REQUEST.get(redirect_field_name, '')

	if request.method == "POST":
	form = authentication_form(data=request.POST)
	if form.is_valid():
	netloc = urlparse.urlparse(redirect_to)[1]

	# Use default setting if redirect_to is empty
	if not redirect_to:
	redirect_to = settings.LOGIN_REDIRECT_URL

	# Security check -- don't allow redirection to a different
	# host.
	elif netloc and netloc != request.get_host():
	redirect_to = settings.LOGIN_REDIRECT_URL

	# Okay, security checks complete. Log the user in.
	auth_login(request, form.get_user())

	if request.session.test_cookie_worked():
	request.session.delete_test_cookie()

	return HttpResponseRedirect(redirect_to)
	else:
	form = authentication_form(request)

	request.session.set_test_cookie()

	current_site = get_current_site(request)

	context = {
	'form': form,
	redirect_field_name: redirect_to,
	'site': current_site,
	'site_name': current_site.name,
	}
	context.update(extra_context or {})
	return render_to_response(template_name, context,
	context_instance=RequestContext(request, current_app=current_app))

	def logout(request, next_page=None,
	template_name='registration/logged_out.html',
	redirect_field_name=REDIRECT_FIELD_NAME,
	current_app=None, extra_context=None):
	"""
	Logs out the user and displays 'You are logged out' message.
	"""
	auth_logout(request)
	redirect_to = request.REQUEST.get(redirect_field_name, '')
	if redirect_to:
	netloc = urlparse.urlparse(redirect_to)[1]
	# Security check -- don't allow redirection to a different host.
	if not (netloc and netloc != request.get_host()):
	return HttpResponseRedirect(redirect_to)

	if next_page is None:
	current_site = get_current_site(request)
	context = {
	'site': current_site,
	'site_name': current_site.name,
	'title': _('Logged out')
	}
	context.update(extra_context or {})
	return render_to_response(template_name, context,
	context_instance=RequestContext(request, current_app=current_app))
	else:
	# Redirect to this page until the session has been cleared.
	return HttpResponseRedirect(next_page or request.path)

	def logout_then_login(request, login_url=None, current_app=None, extra_context=None):
	"""
	Logs out the user if he is logged in. Then redirects to the log-in page.
	"""
	if not login_url:
	login_url = settings.LOGIN_URL
	return logout(request, login_url, current_app=current_app, extra_context=extra_context)

	def redirect_to_login(next, login_url=None,
	redirect_field_name=REDIRECT_FIELD_NAME):
	"""
	Redirects the user to the login page, passing the given 'next' page
	"""
	if not login_url:
	login_url = settings.LOGIN_URL

	login_url_parts = list(urlparse.urlparse(login_url))
	if redirect_field_name:
	querystring = QueryDict(login_url_parts[4], mutable=True)
	querystring[redirect_field_name] = next
	login_url_parts[4] = querystring.urlencode(safe='/')

	return HttpResponseRedirect(urlparse.urlunparse(login_url_parts))

	# 4 views for password reset:
	# - password_reset sends the mail
	# - password_reset_done shows a success message for the above
	# - password_reset_confirm checks the link the user clicked and
	# prompts for a new password
	# - password_reset_complete shows a success message for the above

	@csrf_protect
	def password_reset(request, is_admin_site=False,
	template_name='registration/password_reset_form.html',
	email_template_name='registration/password_reset_email.html',
	password_reset_form=PasswordResetForm,
	token_generator=default_token_generator,
	post_reset_redirect=None,
	from_email=None,
	current_app=None,
	extra_context=None):
	if post_reset_redirect is None:
	post_reset_redirect = reverse('django.contrib.auth.views.password_reset_done')
	if request.method == "POST":
	form = password_reset_form(request.POST)
	if form.is_valid():
	opts = {
	'use_https': request.is_secure(),
	'token_generator': token_generator,
	'from_email': from_email,
	'email_template_name': email_template_name,
	'request': request,
	}
	if is_admin_site:
	opts = dict(opts, domain_override=request.META['HTTP_HOST'])
	form.save(**opts)
	return HttpResponseRedirect(post_reset_redirect)
	else:
	form = password_reset_form()
	context = {
	'form': form,
	}
	context.update(extra_context or {})
	return render_to_response(template_name, context,
	context_instance=RequestContext(request, current_app=current_app))

	def password_reset_done(request,
	template_name='registration/password_reset_done.html',
	current_app=None, extra_context=None):
	context = {}
	context.update(extra_context or {})
	return render_to_response(template_name, context,
	context_instance=RequestContext(request, current_app=current_app))

	# Doesn't need csrf_protect since no-one can guess the URL
	@never_cache
	def password_reset_confirm(request, uidb36=None, token=None,
	template_name='registration/password_reset_confirm.html',
	token_generator=default_token_generator,
	set_password_form=SetPasswordForm,
	post_reset_redirect=None,
	current_app=None, extra_context=None):
	"""
	View that checks the hash in a password reset link and presents a
	form for entering a new password.
	"""
	assert uidb36 is not None and token is not None # checked by URLconf
	if post_reset_redirect is None:
	post_reset_redirect = reverse('django.contrib.auth.views.password_reset_complete')
	try:
	uid_int = base36_to_int(uidb36)
	user = User.objects.get(id=uid_int)
	except (ValueError, User.DoesNotExist):
	user = None

	if user is not None and token_generator.check_token(user, token):
	validlink = True
	if request.method == 'POST':
	form = set_password_form(user, request.POST)
	if form.is_valid():
	form.save()
	return HttpResponseRedirect(post_reset_redirect)
	else:
	form = set_password_form(None)
	else:
	validlink = False
	form = None
	context = {
	'form': form,
	'validlink': validlink,
	}
	context.update(extra_context or {})
	return render_to_response(template_name, context,
	context_instance=RequestContext(request, current_app=current_app))

	def password_reset_complete(request,
	template_name='registration/password_reset_complete.html',
	current_app=None, extra_context=None):
	context = {
	'login_url': settings.LOGIN_URL
	}
	context.update(extra_context or {})
	return render_to_response(template_name, context,
	context_instance=RequestContext(request, current_app=current_app))

	@csrf_protect
	@login_required
	def password_change(request,
	template_name='registration/password_change_form.html',
	post_change_redirect=None,
	password_change_form=PasswordChangeForm,
	current_app=None, extra_context=None):
	if post_change_redirect is None:
	post_change_redirect = reverse('django.contrib.auth.views.password_change_done')
	if request.method == "POST":
	form = password_change_form(user=request.user, data=request.POST)
	if form.is_valid():
	form.save()
	return HttpResponseRedirect(post_change_redirect)
	else:
	form = password_change_form(user=request.user)
	context = {
	'form': form,
	}
	context.update(extra_context or {})
	return render_to_response(template_name, context,
	context_instance=RequestContext(request, current_app=current_app))

	def password_change_done(request,
	template_name='registration/password_change_done.html',
	current_app=None, extra_context=None):
	context = {}
	context.update(extra_context or {})
	return render_to_response(template_name, context,
	context_instance=RequestContext(request, current_app=current_app))