mybuddy/babybuddy/views.py

290 lines
9.3 KiB
Python
Raw Normal View History

2017-11-09 12:24:32 +00:00
# -*- coding: utf-8 -*-
import json
from django.contrib import messages
from django.contrib.auth import get_user_model
2017-12-02 21:20:15 +00:00
from django.contrib.auth import update_session_auth_hash
from django.contrib.auth.forms import PasswordChangeForm
2021-12-18 22:38:08 +00:00
from django.contrib.auth.views import LogoutView as LogoutViewBase
from django.contrib.messages.views import SuccessMessageMixin
from django.core.exceptions import BadRequest
from django.forms import Form
from django.http import HttpResponseForbidden
from django.middleware.csrf import REASON_BAD_ORIGIN
2017-11-11 22:27:42 +00:00
from django.shortcuts import redirect, render
2022-02-22 16:31:14 +00:00
from django.template import loader
from django.urls import reverse, reverse_lazy
from django.utils import translation
2021-12-18 22:38:08 +00:00
from django.utils.decorators import method_decorator
from django.utils.text import format_lazy
2020-02-14 17:22:25 +00:00
from django.utils.translation import gettext as _, gettext_lazy
from django.views import csrf
2021-12-18 22:38:08 +00:00
from django.views.decorators.cache import never_cache
from django.views.decorators.csrf import csrf_protect
from django.views.decorators.http import require_POST
2017-11-11 22:27:42 +00:00
from django.views.generic import View
2017-11-09 12:24:32 +00:00
from django.views.generic.base import TemplateView, RedirectView
from django.views.generic.detail import BaseDetailView
from django.views.generic.edit import (
CreateView,
DeleteView,
FormMixin,
SingleObjectTemplateResponseMixin,
UpdateView,
)
from django.views.i18n import set_language
from axes.utils import reset
from django_filters.views import FilterView
2017-11-09 12:24:32 +00:00
from babybuddy import forms
2022-02-10 00:00:30 +00:00
from babybuddy.mixins import LoginRequiredMixin, PermissionRequiredMixin, StaffOnlyMixin
2017-11-09 12:24:32 +00:00
def csrf_failure(request, reason=""):
"""
Overrides the 403 CSRF failure template for bad origins in order to provide more
userful information about how to resolve the issue.
"""
2022-02-22 16:31:14 +00:00
if (
"HTTP_ORIGIN" in request.META
and reason == REASON_BAD_ORIGIN % request.META["HTTP_ORIGIN"]
):
2022-02-22 16:37:34 +00:00
context = {
"title": _("Forbidden"),
"main": _("CSRF verification failed. Request aborted."),
"reason": reason,
"origin": request.META["HTTP_ORIGIN"],
}
2022-02-22 16:31:14 +00:00
template = loader.get_template("error/403_csrf_bad_origin.html")
2022-02-22 16:37:34 +00:00
return HttpResponseForbidden(template.render(context), content_type="text/html")
return csrf.csrf_failure(request, reason, "403_csrf.html")
2017-11-09 12:24:32 +00:00
class RootRouter(LoginRequiredMixin, RedirectView):
2017-11-11 22:27:42 +00:00
"""
Redirects to the site dashboard.
2017-11-11 22:27:42 +00:00
"""
2022-02-10 00:00:30 +00:00
2017-11-09 12:24:32 +00:00
def get_redirect_url(self, *args, **kwargs):
2022-02-10 00:00:30 +00:00
self.url = reverse("dashboard:dashboard")
2017-11-09 12:24:32 +00:00
return super(RootRouter, self).get_redirect_url(self, *args, **kwargs)
class BabyBuddyFilterView(FilterView):
"""
Disables "strictness" for django-filter. It is unclear from the
documentation exactly what this does...
"""
2022-02-10 00:00:30 +00:00
# TODO Figure out the correct way to use this.
strict = False
def get_context_data(self, **kwargs):
context = super().get_context_data(**kwargs)
2022-02-10 00:00:30 +00:00
children = {o.child for o in context["object_list"] if hasattr(o, "child")}
if len(children) == 1:
2022-02-10 00:00:30 +00:00
context["unique_child"] = True
return context
2022-02-10 00:00:30 +00:00
@method_decorator(csrf_protect, name="dispatch")
@method_decorator(never_cache, name="dispatch")
@method_decorator(require_POST, name="dispatch")
2021-12-18 22:38:08 +00:00
class LogoutView(LogoutViewBase):
pass
class UserList(StaffOnlyMixin, BabyBuddyFilterView):
model = get_user_model()
2022-02-10 00:00:30 +00:00
template_name = "babybuddy/user_list.html"
ordering = "username"
paginate_by = 10
2022-02-10 00:00:30 +00:00
filterset_fields = ("username", "first_name", "last_name", "email")
2022-02-10 00:00:30 +00:00
class UserAdd(StaffOnlyMixin, PermissionRequiredMixin, SuccessMessageMixin, CreateView):
model = get_user_model()
2022-02-10 00:00:30 +00:00
template_name = "babybuddy/user_form.html"
permission_required = ("admin.add_user",)
form_class = forms.UserAddForm
2022-02-10 00:00:30 +00:00
success_url = reverse_lazy("babybuddy:user-list")
success_message = gettext_lazy("User %(username)s added!")
2022-02-10 00:00:30 +00:00
class UserUpdate(
StaffOnlyMixin, PermissionRequiredMixin, SuccessMessageMixin, UpdateView
):
model = get_user_model()
2022-02-10 00:00:30 +00:00
template_name = "babybuddy/user_form.html"
permission_required = ("admin.change_user",)
form_class = forms.UserUpdateForm
2022-02-10 00:00:30 +00:00
success_url = reverse_lazy("babybuddy:user-list")
success_message = gettext_lazy("User %(username)s updated.")
class UserUnlock(
StaffOnlyMixin,
PermissionRequiredMixin,
SuccessMessageMixin,
FormMixin,
SingleObjectTemplateResponseMixin,
BaseDetailView,
):
model = get_user_model()
template_name = "babybuddy/user_confirm_unlock.html"
permission_required = ("admin.change_user",)
form_class = Form
success_message = gettext_lazy("User unlocked.")
def post(self, request, *args, **kwargs):
user = self.get_object()
form = self.get_form()
if form.is_valid():
reset(username=user.username)
return self.form_valid(form)
else:
return self.form_invalid(form)
def get_success_url(self):
return reverse("babybuddy:user-update", kwargs={"pk": self.kwargs["pk"]})
2022-02-10 00:00:30 +00:00
class UserDelete(
StaffOnlyMixin, PermissionRequiredMixin, DeleteView, SuccessMessageMixin
):
model = get_user_model()
2022-02-10 00:00:30 +00:00
template_name = "babybuddy/user_confirm_delete.html"
permission_required = ("admin.delete_user",)
success_url = reverse_lazy("babybuddy:user-list")
2022-01-16 03:32:18 +00:00
def get_success_message(self, cleaned_data):
2022-02-10 00:00:30 +00:00
return format_lazy(gettext_lazy("User {user} deleted."), user=self.get_object())
2017-12-02 21:20:15 +00:00
class UserPassword(LoginRequiredMixin, View):
"""
Handles user password changes.
"""
2022-02-10 00:00:30 +00:00
form_class = forms.UserPasswordForm
2022-02-10 00:00:30 +00:00
template_name = "babybuddy/user_password_form.html"
2017-12-02 21:20:15 +00:00
def get(self, request):
2022-02-10 00:00:30 +00:00
return render(
request, self.template_name, {"form": self.form_class(request.user)}
)
2017-12-02 21:20:15 +00:00
def post(self, request):
form = PasswordChangeForm(request.user, request.POST)
if form.is_valid():
user = form.save()
update_session_auth_hash(request, user)
2022-02-10 00:00:30 +00:00
messages.success(request, _("Password updated."))
return render(request, self.template_name, {"form": form})
2017-12-02 21:20:15 +00:00
def handle_api_regenerate_request(request) -> bool:
"""
Checks if the current request contains a request to update the API key
and if it does, updeates the API key.
Returns True, if the API-key regenerate request was detected and handled.
"""
if request.POST.get("api_key_regenerate"):
request.user.settings.api_key(reset=True)
messages.success(request, _("User API key regenerated."))
return True
return False
class UserSettings(LoginRequiredMixin, View):
2017-11-11 22:27:42 +00:00
"""
Handles both the User and Settings models.
Based on this SO answer: https://stackoverflow.com/a/45056835.
"""
2022-02-10 00:00:30 +00:00
form_user_class = forms.UserForm
form_settings_class = forms.UserSettingsForm
2022-02-10 00:00:30 +00:00
template_name = "babybuddy/user_settings_form.html"
2017-11-11 22:27:42 +00:00
def get(self, request):
2022-08-24 20:20:08 +00:00
settings = request.user.settings
2022-02-10 00:00:30 +00:00
return render(
request,
self.template_name,
{
"form_user": self.form_user_class(instance=request.user),
"form_settings": self.form_settings_class(instance=settings),
2022-02-10 00:00:30 +00:00
},
)
2017-11-11 22:27:42 +00:00
def post(self, request):
if handle_api_regenerate_request(request):
2022-02-10 00:00:30 +00:00
return redirect("babybuddy:user-settings")
2022-10-17 07:48:26 +00:00
2022-02-10 00:00:30 +00:00
form_user = self.form_user_class(instance=request.user, data=request.POST)
2017-11-11 22:27:42 +00:00
form_settings = self.form_settings_class(
2022-02-10 00:00:30 +00:00
instance=request.user.settings, data=request.POST
)
2017-11-11 22:27:42 +00:00
if form_user.is_valid() and form_settings.is_valid():
user = form_user.save(commit=False)
user_settings = form_settings.save(commit=False)
user.settings = user_settings
user.save()
translation.activate(user.settings.language)
2022-02-10 00:00:30 +00:00
messages.success(request, _("Settings saved!"))
translation.deactivate()
return set_language(request)
2022-02-10 00:00:30 +00:00
return render(
request,
self.template_name,
{"user_form": form_user, "settings_form": form_settings},
)
2017-11-11 22:27:42 +00:00
class UserAddDevice(LoginRequiredMixin, View):
form_user_class = forms.UserForm
template_name = "babybuddy/user_add_device.html"
qr_code_template = "babybuddy/login_qr_code.txt"
def get(self, request):
session_cookies = {}
if request.is_homeassistant_ingress_request:
2023-06-25 21:31:22 +00:00
session_cookies["ingress_session"] = request.COOKIES.get("ingress_session")
qr_code_response = render(
request,
self.qr_code_template,
2023-06-25 21:31:22 +00:00
{"session_cookies": json.dumps(session_cookies)},
)
qr_code_data = qr_code_response.content.decode().strip()
return render(
request,
self.template_name,
{
"form_user": self.form_user_class(instance=request.user),
"qr_code_data": qr_code_data,
},
)
def post(self, request):
if handle_api_regenerate_request(request):
return redirect("babybuddy:user-add-device")
else:
raise BadRequest()
2017-11-09 12:24:32 +00:00
class Welcome(LoginRequiredMixin, TemplateView):
2017-11-11 22:27:42 +00:00
"""
Basic introduction to Baby Buddy (meant to be shown when no data is in the
database).
"""
2022-02-10 00:00:30 +00:00
template_name = "babybuddy/welcome.html"