Authentication: Use class based views

Update all views to use the new Django authentication class
based views.

Signed-off-by: Roberto Rosario <Roberto.Rosario@mayan-edms.com>

mayan/apps/authentication/forms.py

@@ -23,8 +23,10 @@ class EmailAuthenticationForm(forms.Form):
     remember_me = forms.BooleanField(label=_('Remember me'), required=False)
 
     error_messages = {
-        'invalid_login': _('Please enter a correct email and password. '
+        'invalid_login': _(
-                           'Note that the password field is case-sensitive.'),
+            'Please enter a correct email and password. Note that the '
+            'password field is case-sensitive.'
+        ),
         'inactive': _('This account is inactive.'),
     }
 
@@ -56,8 +58,10 @@ class EmailAuthenticationForm(forms.Form):
         return self.cleaned_data
 
     def check_for_test_cookie(self):
-        warnings.warn('check_for_test_cookie is deprecated; ensure your login '
+        warnings.warn(
-                      'view is CSRF-protected.', DeprecationWarning)
+            'check_for_test_cookie is deprecated; ensure your login view '
+            'is CSRF-protected.', DeprecationWarning
+        )
 
     def get_user_id(self):
         if self.user_cache:

mayan/apps/authentication/templates/authentication/password_reset_complete.html

@@ -14,8 +14,7 @@
         <div class="col-xs-10 col-xs-offset-1 col-sm-8 col-sm-offset-2 col-md-6 col-md-offset-3 col-lg-4 col-lg-offset-4">
             <div class="alert alert-success" role="alert">{% trans 'Password reset complete! Click the link below to login.' %}</div>
 
-            <div class="text-center"><a class="btn btn-primary" href="{% url 'authentication:logout_view' %}">{% trans 'Login page' %}</a></div>
+            <div class="text-center"><a class="btn btn-primary" href="{% url 'authentication:login_view' %}">{% trans 'Login page' %}</a></div>
         </div>
     </div>
-
 {% endblock content_plain %}

mayan/apps/authentication/urls.py

@@ -1,43 +1,44 @@
 from __future__ import unicode_literals
 
-from django.conf import settings
 from django.conf.urls import url
-from django.contrib.auth.views import logout
 
 from .views import (
-    login_view, password_change_done, password_change_view,
+    MayanLoginView, MayanLogoutView, MayanPasswordChangeDoneView,
-    password_reset_complete_view, password_reset_confirm_view,
+    MayanPasswordChangeView, MayanPasswordResetCompleteView,
-    password_reset_done_view, password_reset_view
+    MayanPasswordResetConfirmView, MayanPasswordResetDoneView,
+    MayanPasswordResetView
 )
 
+
 urlpatterns = [
-    url(regex=r'^login/$', name='login_view', view=login_view),
+    url(regex=r'^login/$', name='login_view', view=MayanLoginView.as_view()),
     url(
-        regex=r'^logout/$', kwargs={'next_page': settings.LOGIN_REDIRECT_URL},
+        regex=r'^logout/$', name='logout_view', view=MayanLogoutView.as_view()
-        name='logout_view', view=logout
     ),
     url(
         regex=r'^password/change/$', name='password_change_view',
-        view=password_change_view
+        view=MayanPasswordChangeView.as_view()
     ),
     url(
         regex=r'^password/change/done/$', name='password_change_done',
-        view=password_change_done
+        view=MayanPasswordChangeDoneView.as_view()
     ),
     url(
         regex=r'^password/reset/$', name='password_reset_view',
-        view=password_reset_view
+        view=MayanPasswordResetView.as_view()
     ),
     url(
         regex=r'^password/reset/confirm/(?P<uidb64>[0-9A-Za-z_\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$',
-        name='password_reset_confirm_view', view=password_reset_confirm_view
+        name='password_reset_confirm_view',
+        view=MayanPasswordResetConfirmView.as_view()
     ),
     url(
         regex=r'^password/reset/complete/$',
-        name='password_reset_complete_view', view=password_reset_complete_view
+        name='password_reset_complete_view',
+        view=MayanPasswordResetCompleteView.as_view()
     ),
     url(
         regex=r'^password/reset/done/$', name='password_reset_done_view',
-        view=password_reset_done_view
+        view=MayanPasswordResetDoneView.as_view()
     ),
 ]

mayan/apps/authentication/views.py

@@ -1,19 +1,17 @@
 from __future__ import absolute_import, unicode_literals
 
-from django.conf import settings
 from django.contrib import messages
-from django.contrib.auth import REDIRECT_FIELD_NAME
 from django.contrib.auth.views import (
-    login, password_change, password_reset, password_reset_complete,
+    LoginView, LogoutView, PasswordChangeDoneView, PasswordChangeView,
-    password_reset_confirm, password_reset_done
+    PasswordResetCompleteView, PasswordResetConfirmView, PasswordResetDoneView,
+    PasswordResetView
 )
 from django.http import HttpResponseRedirect
-from django.shortcuts import redirect, resolve_url
+from django.shortcuts import redirect
-from django.urls import reverse
+from django.urls import reverse, reverse_lazy
-from django.utils.http import is_safe_url
 from django.utils.translation import ugettext_lazy as _
 
-from stronghold.decorators import public
+from stronghold.views import StrongholdPublicMixin
 
 import mayan
 from mayan.apps.common.settings import (
@@ -24,143 +22,108 @@ from .forms import EmailAuthenticationForm, UsernameAuthenticationForm
 from .settings import setting_login_method, setting_maximum_session_length
 
 
-@public
+class MayanLoginView(StrongholdPublicMixin, LoginView):
-def login_view(request):
+    extra_context = {
-    """
+        'appearance_type': 'plain'
-    Control how the use is to be authenticated, options are 'email' and
+    }
-    'username'
+    template_name = 'authentication/login.html'
-    """
+    redirect_authenticated_user = True
-    success_url_allowed_hosts = set()
-    kwargs = {'template_name': 'authentication/login.html'}
 
-    if setting_login_method.value == 'email':
+    def form_valid(self, form):
-        kwargs['authentication_form'] = EmailAuthenticationForm
+        result = super(MayanLoginView, self).form_valid(form=form)
-    else:
+        remember_me = form.cleaned_data.get('remember_me')
-        kwargs['authentication_form'] = UsernameAuthenticationForm
 
-    allowed_hosts = {request.get_host()}
+        # remember_me values:
-    allowed_hosts.update(success_url_allowed_hosts)
+        # True - long session
+        # False - short session
+        # None - Form has no remember_me value and we let the session
+        # expiration default.
 
-    redirect_to = request.POST.get(
+        if remember_me is True:
-        REDIRECT_FIELD_NAME, request.GET.get(REDIRECT_FIELD_NAME, '')
+            self.request.session.set_expiry(
-    )
+                setting_maximum_session_length.value
-
-    url_is_safe = is_safe_url(
-        url=redirect_to,
-        allowed_hosts=allowed_hosts,
-        require_https=request.is_secure(),
-    )
-
-    url = redirect_to if url_is_safe else ''
-
-    if not request.user.is_authenticated:
-        extra_context = {
-            'appearance_type': 'plain',
-            REDIRECT_FIELD_NAME: url or resolve_url(settings.LOGIN_REDIRECT_URL)
-        }
-
-        result = login(request, extra_context=extra_context, **kwargs)
-        if request.method == 'POST':
-            form = kwargs['authentication_form'](request, data=request.POST)
-            if form.is_valid():
-                if form.cleaned_data['remember_me']:
-                    request.session.set_expiry(
-                        setting_maximum_session_length.value
-                    )
-                else:
-                    request.session.set_expiry(0)
-        return result
-    else:
-        return HttpResponseRedirect(resolve_url(settings.LOGIN_REDIRECT_URL))
-
-
-def password_change_view(request):
-    """
-    Password change wrapper for better control
-    """
-    extra_context = {'title': _('Current user password change')}
-
-    if request.user.user_options.block_password_change:
-        messages.error(
-            request, _(
-                'Changing the password is not allowed for this account.'
             )
+        elif remember_me is False:
+            self.request.session.set_expiry(0)
+
+        return result
+
+    def get_form_class(self):
+        if setting_login_method.value == 'email':
+            return EmailAuthenticationForm
+        else:
+            return UsernameAuthenticationForm
+
+
+class MayanLogoutView(LogoutView):
+    """No current change or overrides, left here for future expansion"""
+
+
+class MayanPasswordChangeDoneView(PasswordChangeDoneView):
+    def dispatch(self, *args, **kwargs):
+        messages.success(
+            message=_('Your password has been successfully changed.'),
+            request=self.request
         )
-        return HttpResponseRedirect(reverse(setting_home_view.view))
+        return redirect(to='common:current_user_details')
-
-    return password_change(
-        request, extra_context=extra_context,
-        template_name='appearance/generic_form.html',
-        post_change_redirect=reverse(viewname='authentication:password_change_done'),
-    )
 
 
-def password_change_done(request):
+class MayanPasswordChangeView(PasswordChangeView):
-    """
+    extra_context = {'title': _('Current user password change')}
-    View called when the new user password has been accepted
+    success_url = reverse_lazy(viewname='authentication:password_change_done')
-    """
+    template_name = 'appearance/generic_form.html'
-    messages.success(
+
-        request, _('Your password has been successfully changed.')
+    def dispatch(self, *args, **kwargs):
-    )
+        if self.request.user.user_options.block_password_change:
-    return redirect('common:current_user_details')
+            messages.error(
+                message=_(
+                    'Changing the password is not allowed for this account.'
+                ), request=self.request
+            )
+            return HttpResponseRedirect(
+                redirect_to=reverse(viewname=setting_home_view.view)
+            )
+
+        return super(MayanPasswordChangeView, self).dispatch(*args, **kwargs)
 
 
-@public
+class MayanPasswordResetCompleteView(StrongholdPublicMixin, PasswordResetCompleteView):
-def password_reset_complete_view(request):
     extra_context = {
         'appearance_type': 'plain'
     }
-
+    template_name = 'authentication/password_reset_complete.html'
-    return password_reset_complete(
-        request=request, extra_context=extra_context,
-        template_name='authentication/password_reset_complete.html'
-    )
 
 
-@public
+class MayanPasswordResetConfirmView(StrongholdPublicMixin, PasswordResetConfirmView):
-def password_reset_confirm_view(request, uidb64=None, token=None):
     extra_context = {
         'appearance_type': 'plain'
     }
-
+    success_url = reverse_lazy(
-    return password_reset_confirm(
+        viewname='authentication:password_reset_complete_view'
-        request=request, extra_context=extra_context,
-        template_name='authentication/password_reset_confirm.html',
-        post_reset_redirect=reverse(
-            'authentication:password_reset_complete_view'
-        ), uidb64=uidb64, token=token
     )
+    template_name = 'authentication/password_reset_confirm.html'
 
 
-@public
+class MayanPasswordResetDoneView(StrongholdPublicMixin, PasswordResetDoneView):
-def password_reset_done_view(request):
     extra_context = {
         'appearance_type': 'plain'
     }
-
+    template_name = 'authentication/password_reset_done.html'
-    return password_reset_done(
-        request=request, extra_context=extra_context,
-        template_name='authentication/password_reset_done.html'
-    )
 
 
-@public
+class MayanPasswordResetView(StrongholdPublicMixin, PasswordResetView):
-def password_reset_view(request):
+    email_template_name = 'authentication/password_reset_email.html'
     extra_context = {
         'appearance_type': 'plain'
     }
-
+    extra_email_context = {
-    return password_reset(
+        'project_copyright': mayan.__copyright__,
-        request=request, extra_context=extra_context,
+        'project_license': mayan.__license__,
-        email_template_name='authentication/password_reset_email.html',
+        'project_title': setting_project_title.value,
-        extra_email_context={
+        'project_website': setting_project_url.value
-            'project_title': setting_project_title.value,
+    }
-            'project_website': setting_project_url.value,
+    subject_template_name = 'authentication/password_reset_subject.txt'
-            'project_copyright': mayan.__copyright__,
+    success_url = reverse_lazy(
-            'project_license': mayan.__license__,
+        viewname='authentication:password_reset_done_view'
-        }, subject_template_name='authentication/password_reset_subject.txt',
-        template_name='authentication/password_reset_form.html',
-        post_reset_redirect=reverse(
-            'authentication:password_reset_done_view'
-        )
     )
+    template_name = 'authentication/password_reset_form.html'