2017-11-09 12:24:32 +00:00
|
|
|
# -*- coding: utf-8 -*-
|
2017-12-06 18:03:26 +00:00
|
|
|
from django.contrib import messages
|
2023-02-11 17:02:23 +00:00
|
|
|
from django.contrib.auth import get_user_model
|
2017-12-02 21:20:15 +00:00
|
|
|
from django.contrib.auth import update_session_auth_hash
|
|
|
|
from django.contrib.auth.forms import PasswordChangeForm
|
2021-12-18 22:38:08 +00:00
|
|
|
from django.contrib.auth.views import LogoutView as LogoutViewBase
|
2017-12-11 02:36:25 +00:00
|
|
|
from django.contrib.messages.views import SuccessMessageMixin
|
2022-10-17 07:40:06 +00:00
|
|
|
from django.core.exceptions import BadRequest
|
2023-02-11 17:02:23 +00:00
|
|
|
from django.forms import Form
|
2022-02-22 05:26:12 +00:00
|
|
|
from django.http import HttpResponseForbidden
|
|
|
|
from django.middleware.csrf import REASON_BAD_ORIGIN
|
2017-11-11 22:27:42 +00:00
|
|
|
from django.shortcuts import redirect, render
|
2022-02-22 16:31:14 +00:00
|
|
|
from django.template import loader
|
2017-12-11 02:36:25 +00:00
|
|
|
from django.urls import reverse, reverse_lazy
|
2021-11-28 19:05:56 +00:00
|
|
|
from django.utils import translation
|
2021-12-18 22:38:08 +00:00
|
|
|
from django.utils.decorators import method_decorator
|
2019-04-14 21:42:58 +00:00
|
|
|
from django.utils.text import format_lazy
|
2020-02-14 17:22:25 +00:00
|
|
|
from django.utils.translation import gettext as _, gettext_lazy
|
2022-02-22 05:26:12 +00:00
|
|
|
from django.views import csrf
|
2021-12-18 22:38:08 +00:00
|
|
|
from django.views.decorators.cache import never_cache
|
|
|
|
from django.views.decorators.csrf import csrf_protect
|
|
|
|
from django.views.decorators.http import require_POST
|
2017-11-11 22:27:42 +00:00
|
|
|
from django.views.generic import View
|
2017-11-09 12:24:32 +00:00
|
|
|
from django.views.generic.base import TemplateView, RedirectView
|
2023-02-11 17:02:23 +00:00
|
|
|
from django.views.generic.detail import BaseDetailView
|
|
|
|
from django.views.generic.edit import (
|
|
|
|
CreateView,
|
|
|
|
DeleteView,
|
|
|
|
FormMixin,
|
|
|
|
SingleObjectTemplateResponseMixin,
|
|
|
|
UpdateView,
|
|
|
|
)
|
2020-02-14 20:35:02 +00:00
|
|
|
from django.views.i18n import set_language
|
2017-12-11 02:36:25 +00:00
|
|
|
|
2023-02-11 17:02:23 +00:00
|
|
|
from axes.utils import reset
|
2017-12-11 02:36:25 +00:00
|
|
|
from django_filters.views import FilterView
|
2017-11-09 12:24:32 +00:00
|
|
|
|
2017-12-11 02:36:25 +00:00
|
|
|
from babybuddy import forms
|
2022-02-10 00:00:30 +00:00
|
|
|
from babybuddy.mixins import LoginRequiredMixin, PermissionRequiredMixin, StaffOnlyMixin
|
2022-08-14 23:38:59 +00:00
|
|
|
from babybuddy.models import SiteSettings
|
2017-11-09 12:24:32 +00:00
|
|
|
|
|
|
|
|
2022-02-22 05:26:12 +00:00
|
|
|
def csrf_failure(request, reason=""):
|
|
|
|
"""
|
|
|
|
Overrides the 403 CSRF failure template for bad origins in order to provide more
|
|
|
|
userful information about how to resolve the issue.
|
|
|
|
"""
|
2022-02-22 16:31:14 +00:00
|
|
|
|
2022-02-22 05:26:12 +00:00
|
|
|
if (
|
|
|
|
"HTTP_ORIGIN" in request.META
|
|
|
|
and reason == REASON_BAD_ORIGIN % request.META["HTTP_ORIGIN"]
|
|
|
|
):
|
2022-02-22 16:37:34 +00:00
|
|
|
context = {
|
2022-02-22 05:26:12 +00:00
|
|
|
"title": _("Forbidden"),
|
|
|
|
"main": _("CSRF verification failed. Request aborted."),
|
|
|
|
"reason": reason,
|
|
|
|
"origin": request.META["HTTP_ORIGIN"],
|
|
|
|
}
|
2022-02-22 16:31:14 +00:00
|
|
|
template = loader.get_template("error/403_csrf_bad_origin.html")
|
2022-02-22 16:37:34 +00:00
|
|
|
return HttpResponseForbidden(template.render(context), content_type="text/html")
|
2022-02-22 05:26:12 +00:00
|
|
|
|
|
|
|
return csrf.csrf_failure(request, reason, "403_csrf.html")
|
|
|
|
|
|
|
|
|
2017-11-09 12:24:32 +00:00
|
|
|
class RootRouter(LoginRequiredMixin, RedirectView):
|
2017-11-11 22:27:42 +00:00
|
|
|
"""
|
2018-05-20 21:40:09 +00:00
|
|
|
Redirects to the site dashboard.
|
2017-11-11 22:27:42 +00:00
|
|
|
"""
|
2022-02-10 00:00:30 +00:00
|
|
|
|
2017-11-09 12:24:32 +00:00
|
|
|
def get_redirect_url(self, *args, **kwargs):
|
2022-02-10 00:00:30 +00:00
|
|
|
self.url = reverse("dashboard:dashboard")
|
2017-11-09 12:24:32 +00:00
|
|
|
return super(RootRouter, self).get_redirect_url(self, *args, **kwargs)
|
|
|
|
|
|
|
|
|
2018-08-04 20:00:51 +00:00
|
|
|
class BabyBuddyFilterView(FilterView):
|
|
|
|
"""
|
|
|
|
Disables "strictness" for django-filter. It is unclear from the
|
|
|
|
documentation exactly what this does...
|
|
|
|
"""
|
2022-02-10 00:00:30 +00:00
|
|
|
|
2018-08-04 20:00:51 +00:00
|
|
|
# TODO Figure out the correct way to use this.
|
|
|
|
strict = False
|
|
|
|
|
2021-08-02 20:32:49 +00:00
|
|
|
def get_context_data(self, **kwargs):
|
|
|
|
context = super().get_context_data(**kwargs)
|
2022-02-10 00:00:30 +00:00
|
|
|
children = {o.child for o in context["object_list"] if hasattr(o, "child")}
|
2021-08-02 20:32:49 +00:00
|
|
|
if len(children) == 1:
|
2022-02-10 00:00:30 +00:00
|
|
|
context["unique_child"] = True
|
2021-08-02 20:32:49 +00:00
|
|
|
return context
|
|
|
|
|
2018-08-04 20:00:51 +00:00
|
|
|
|
2022-02-10 00:00:30 +00:00
|
|
|
@method_decorator(csrf_protect, name="dispatch")
|
|
|
|
@method_decorator(never_cache, name="dispatch")
|
|
|
|
@method_decorator(require_POST, name="dispatch")
|
2021-12-18 22:38:08 +00:00
|
|
|
class LogoutView(LogoutViewBase):
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
2022-08-14 23:38:59 +00:00
|
|
|
class SiteSettingsUpdate(StaffOnlyMixin, SuccessMessageMixin, UpdateView):
|
|
|
|
model = SiteSettings
|
|
|
|
template_name = "babybuddy/site_settings_form.html"
|
|
|
|
form_class = forms.SiteSettingsForm
|
|
|
|
success_url = reverse_lazy("babybuddy:site-settings-update")
|
|
|
|
success_message = gettext_lazy("Site settings updated.")
|
|
|
|
|
|
|
|
def get_object(self, queryset=None):
|
|
|
|
return SiteSettings.objects.get_or_create(pk=1)[0]
|
|
|
|
|
|
|
|
|
2018-08-04 20:00:51 +00:00
|
|
|
class UserList(StaffOnlyMixin, BabyBuddyFilterView):
|
2023-02-06 14:59:57 +00:00
|
|
|
model = get_user_model()
|
2022-02-10 00:00:30 +00:00
|
|
|
template_name = "babybuddy/user_list.html"
|
|
|
|
ordering = "username"
|
2017-12-11 02:36:25 +00:00
|
|
|
paginate_by = 10
|
2022-02-10 00:00:30 +00:00
|
|
|
filterset_fields = ("username", "first_name", "last_name", "email")
|
2017-12-11 02:36:25 +00:00
|
|
|
|
|
|
|
|
2022-02-10 00:00:30 +00:00
|
|
|
class UserAdd(StaffOnlyMixin, PermissionRequiredMixin, SuccessMessageMixin, CreateView):
|
2023-02-06 14:59:57 +00:00
|
|
|
model = get_user_model()
|
2022-02-10 00:00:30 +00:00
|
|
|
template_name = "babybuddy/user_form.html"
|
|
|
|
permission_required = ("admin.add_user",)
|
2017-12-11 02:36:25 +00:00
|
|
|
form_class = forms.UserAddForm
|
2022-02-10 00:00:30 +00:00
|
|
|
success_url = reverse_lazy("babybuddy:user-list")
|
|
|
|
success_message = gettext_lazy("User %(username)s added!")
|
2017-12-11 02:36:25 +00:00
|
|
|
|
|
|
|
|
2022-02-10 00:00:30 +00:00
|
|
|
class UserUpdate(
|
|
|
|
StaffOnlyMixin, PermissionRequiredMixin, SuccessMessageMixin, UpdateView
|
|
|
|
):
|
2023-02-06 14:59:57 +00:00
|
|
|
model = get_user_model()
|
2022-02-10 00:00:30 +00:00
|
|
|
template_name = "babybuddy/user_form.html"
|
|
|
|
permission_required = ("admin.change_user",)
|
2017-12-11 02:36:25 +00:00
|
|
|
form_class = forms.UserUpdateForm
|
2022-02-10 00:00:30 +00:00
|
|
|
success_url = reverse_lazy("babybuddy:user-list")
|
|
|
|
success_message = gettext_lazy("User %(username)s updated.")
|
2017-12-11 02:36:25 +00:00
|
|
|
|
|
|
|
|
2023-02-11 17:02:23 +00:00
|
|
|
class UserUnlock(
|
|
|
|
StaffOnlyMixin,
|
|
|
|
PermissionRequiredMixin,
|
|
|
|
SuccessMessageMixin,
|
|
|
|
FormMixin,
|
|
|
|
SingleObjectTemplateResponseMixin,
|
|
|
|
BaseDetailView,
|
|
|
|
):
|
|
|
|
model = get_user_model()
|
|
|
|
template_name = "babybuddy/user_confirm_unlock.html"
|
|
|
|
permission_required = ("admin.change_user",)
|
|
|
|
form_class = Form
|
|
|
|
success_message = gettext_lazy("User unlocked.")
|
|
|
|
|
|
|
|
def post(self, request, *args, **kwargs):
|
|
|
|
user = self.get_object()
|
|
|
|
form = self.get_form()
|
|
|
|
if form.is_valid():
|
|
|
|
reset(username=user.username)
|
|
|
|
return self.form_valid(form)
|
|
|
|
else:
|
|
|
|
return self.form_invalid(form)
|
|
|
|
|
|
|
|
def get_success_url(self):
|
|
|
|
return reverse("babybuddy:user-update", kwargs={"pk": self.kwargs["pk"]})
|
|
|
|
|
|
|
|
|
2022-02-10 00:00:30 +00:00
|
|
|
class UserDelete(
|
|
|
|
StaffOnlyMixin, PermissionRequiredMixin, DeleteView, SuccessMessageMixin
|
|
|
|
):
|
2023-02-06 14:59:57 +00:00
|
|
|
model = get_user_model()
|
2022-02-10 00:00:30 +00:00
|
|
|
template_name = "babybuddy/user_confirm_delete.html"
|
|
|
|
permission_required = ("admin.delete_user",)
|
|
|
|
success_url = reverse_lazy("babybuddy:user-list")
|
2017-12-11 02:36:25 +00:00
|
|
|
|
2022-01-16 03:32:18 +00:00
|
|
|
def get_success_message(self, cleaned_data):
|
2022-02-10 00:00:30 +00:00
|
|
|
return format_lazy(gettext_lazy("User {user} deleted."), user=self.get_object())
|
2017-12-11 02:36:25 +00:00
|
|
|
|
|
|
|
|
2017-12-02 21:20:15 +00:00
|
|
|
class UserPassword(LoginRequiredMixin, View):
|
|
|
|
"""
|
|
|
|
Handles user password changes.
|
|
|
|
"""
|
2022-02-10 00:00:30 +00:00
|
|
|
|
2017-12-11 02:36:25 +00:00
|
|
|
form_class = forms.UserPasswordForm
|
2022-02-10 00:00:30 +00:00
|
|
|
template_name = "babybuddy/user_password_form.html"
|
2017-12-02 21:20:15 +00:00
|
|
|
|
|
|
|
def get(self, request):
|
2022-02-10 00:00:30 +00:00
|
|
|
return render(
|
|
|
|
request, self.template_name, {"form": self.form_class(request.user)}
|
|
|
|
)
|
2017-12-02 21:20:15 +00:00
|
|
|
|
|
|
|
def post(self, request):
|
|
|
|
form = PasswordChangeForm(request.user, request.POST)
|
|
|
|
if form.is_valid():
|
|
|
|
user = form.save()
|
|
|
|
update_session_auth_hash(request, user)
|
2022-02-10 00:00:30 +00:00
|
|
|
messages.success(request, _("Password updated."))
|
|
|
|
return render(request, self.template_name, {"form": form})
|
2017-12-02 21:20:15 +00:00
|
|
|
|
|
|
|
|
2022-10-20 08:53:10 +00:00
|
|
|
def handle_api_regenerate_request(request) -> bool:
|
|
|
|
"""
|
|
|
|
Checks if the current request contains a request to update the API key
|
|
|
|
and if it does, updeates the API key.
|
|
|
|
|
|
|
|
Returns True, if the API-key regenerate request was detected and handled.
|
|
|
|
"""
|
|
|
|
|
|
|
|
if request.POST.get("api_key_regenerate"):
|
|
|
|
request.user.settings.api_key(reset=True)
|
|
|
|
messages.success(request, _("User API key regenerated."))
|
|
|
|
return True
|
|
|
|
return False
|
2022-10-17 07:40:06 +00:00
|
|
|
|
|
|
|
|
2022-10-20 08:53:10 +00:00
|
|
|
class UserSettings(LoginRequiredMixin, View):
|
2017-11-11 22:27:42 +00:00
|
|
|
"""
|
|
|
|
Handles both the User and Settings models.
|
|
|
|
Based on this SO answer: https://stackoverflow.com/a/45056835.
|
|
|
|
"""
|
2022-02-10 00:00:30 +00:00
|
|
|
|
2017-12-11 02:36:25 +00:00
|
|
|
form_user_class = forms.UserForm
|
|
|
|
form_settings_class = forms.UserSettingsForm
|
2022-02-10 00:00:30 +00:00
|
|
|
template_name = "babybuddy/user_settings_form.html"
|
2017-11-11 22:27:42 +00:00
|
|
|
|
|
|
|
def get(self, request):
|
2022-08-24 20:20:08 +00:00
|
|
|
settings = request.user.settings
|
|
|
|
|
2022-02-10 00:00:30 +00:00
|
|
|
return render(
|
|
|
|
request,
|
|
|
|
self.template_name,
|
|
|
|
{
|
|
|
|
"form_user": self.form_user_class(instance=request.user),
|
2022-08-25 21:56:18 +00:00
|
|
|
"form_settings": self.form_settings_class(instance=settings),
|
2022-02-10 00:00:30 +00:00
|
|
|
},
|
|
|
|
)
|
2017-11-11 22:27:42 +00:00
|
|
|
|
|
|
|
def post(self, request):
|
2022-10-20 08:53:10 +00:00
|
|
|
if handle_api_regenerate_request(request):
|
2022-02-10 00:00:30 +00:00
|
|
|
return redirect("babybuddy:user-settings")
|
2022-10-17 07:48:26 +00:00
|
|
|
|
2022-02-10 00:00:30 +00:00
|
|
|
form_user = self.form_user_class(instance=request.user, data=request.POST)
|
2017-11-11 22:27:42 +00:00
|
|
|
form_settings = self.form_settings_class(
|
2022-02-10 00:00:30 +00:00
|
|
|
instance=request.user.settings, data=request.POST
|
|
|
|
)
|
2017-11-11 22:27:42 +00:00
|
|
|
if form_user.is_valid() and form_settings.is_valid():
|
|
|
|
user = form_user.save(commit=False)
|
|
|
|
user_settings = form_settings.save(commit=False)
|
|
|
|
user.settings = user_settings
|
|
|
|
user.save()
|
2021-11-28 19:05:56 +00:00
|
|
|
translation.activate(user.settings.language)
|
2022-02-10 00:00:30 +00:00
|
|
|
messages.success(request, _("Settings saved!"))
|
2021-11-28 19:05:56 +00:00
|
|
|
translation.deactivate()
|
2020-01-04 16:09:28 +00:00
|
|
|
return set_language(request)
|
2022-02-10 00:00:30 +00:00
|
|
|
return render(
|
|
|
|
request,
|
|
|
|
self.template_name,
|
|
|
|
{"user_form": form_user, "settings_form": form_settings},
|
|
|
|
)
|
2017-11-11 22:27:42 +00:00
|
|
|
|
|
|
|
|
2022-10-20 08:53:10 +00:00
|
|
|
class UserAddDevice(LoginRequiredMixin, View):
|
2022-10-17 07:40:06 +00:00
|
|
|
form_user_class = forms.UserForm
|
|
|
|
template_name = "babybuddy/user_add_device.html"
|
|
|
|
qr_code_template = "babybuddy/login_qr_code.txt"
|
|
|
|
|
|
|
|
def get(self, request):
|
|
|
|
qr_code_response = render(request, self.qr_code_template)
|
|
|
|
qr_code_data = qr_code_response.content.decode().strip()
|
|
|
|
|
|
|
|
return render(
|
|
|
|
request,
|
|
|
|
self.template_name,
|
|
|
|
{
|
|
|
|
"form_user": self.form_user_class(instance=request.user),
|
|
|
|
"qr_code_data": qr_code_data,
|
|
|
|
},
|
|
|
|
)
|
|
|
|
|
|
|
|
def post(self, request):
|
2022-10-20 08:53:10 +00:00
|
|
|
if handle_api_regenerate_request(request):
|
2022-10-19 19:30:21 +00:00
|
|
|
return redirect("babybuddy:user-add-device")
|
2022-10-17 07:40:06 +00:00
|
|
|
else:
|
|
|
|
raise BadRequest()
|
|
|
|
|
|
|
|
|
2017-11-09 12:24:32 +00:00
|
|
|
class Welcome(LoginRequiredMixin, TemplateView):
|
2017-11-11 22:27:42 +00:00
|
|
|
"""
|
|
|
|
Basic introduction to Baby Buddy (meant to be shown when no data is in the
|
|
|
|
database).
|
|
|
|
"""
|
2022-02-10 00:00:30 +00:00
|
|
|
|
|
|
|
template_name = "babybuddy/welcome.html"
|