mybuddy/babybuddy/views.py

# -*- coding: utf-8 -*-
from xmlrpc.client import Boolean
from django.contrib import messages
from django.contrib.auth import update_session_auth_hash
from django.contrib.auth.forms import PasswordChangeForm
from django.contrib.auth.models import User
from django.contrib.auth.views import LogoutView as LogoutViewBase
from django.contrib.messages.views import SuccessMessageMixin
from django.core.exceptions import BadRequest
from django.http import HttpResponseForbidden
from django.middleware.csrf import REASON_BAD_ORIGIN
from django.shortcuts import redirect, render
from django.template import loader
from django.urls import reverse, reverse_lazy
from django.utils import translation
from django.utils.decorators import method_decorator
from django.utils.text import format_lazy
from django.utils.translation import gettext as _, gettext_lazy
from django.views import csrf
from django.views.decorators.cache import never_cache
from django.views.decorators.csrf import csrf_protect
from django.views.decorators.http import require_POST
from django.views.generic import View
from django.views.generic.base import TemplateView, RedirectView
from django.views.generic.edit import CreateView, UpdateView, DeleteView
from django.views.i18n import set_language

from django_filters.views import FilterView

from babybuddy import forms
from babybuddy.mixins import LoginRequiredMixin, PermissionRequiredMixin, StaffOnlyMixin


def csrf_failure(request, reason=""):
    """
    Overrides the 403 CSRF failure template for bad origins in order to provide more
    userful information about how to resolve the issue.
    """

    if (
        "HTTP_ORIGIN" in request.META
        and reason == REASON_BAD_ORIGIN % request.META["HTTP_ORIGIN"]
    ):
        context = {
            "title": _("Forbidden"),
            "main": _("CSRF verification failed. Request aborted."),
            "reason": reason,
            "origin": request.META["HTTP_ORIGIN"],
        }
        template = loader.get_template("error/403_csrf_bad_origin.html")
        return HttpResponseForbidden(template.render(context), content_type="text/html")

    return csrf.csrf_failure(request, reason, "403_csrf.html")


class RootRouter(LoginRequiredMixin, RedirectView):
    """
    Redirects to the site dashboard.
    """

    def get_redirect_url(self, *args, **kwargs):
        self.url = reverse("dashboard:dashboard")
        return super(RootRouter, self).get_redirect_url(self, *args, **kwargs)


class BabyBuddyFilterView(FilterView):
    """
    Disables "strictness" for django-filter. It is unclear from the
    documentation exactly what this does...
    """

    # TODO Figure out the correct way to use this.
    strict = False

    def get_context_data(self, **kwargs):
        context = super().get_context_data(**kwargs)
        children = {o.child for o in context["object_list"] if hasattr(o, "child")}
        if len(children) == 1:
            context["unique_child"] = True
        return context


@method_decorator(csrf_protect, name="dispatch")
@method_decorator(never_cache, name="dispatch")
@method_decorator(require_POST, name="dispatch")
class LogoutView(LogoutViewBase):
    pass


class UserList(StaffOnlyMixin, BabyBuddyFilterView):
    model = User
    template_name = "babybuddy/user_list.html"
    ordering = "username"
    paginate_by = 10
    filterset_fields = ("username", "first_name", "last_name", "email")


class UserAdd(StaffOnlyMixin, PermissionRequiredMixin, SuccessMessageMixin, CreateView):
    model = User
    template_name = "babybuddy/user_form.html"
    permission_required = ("admin.add_user",)
    form_class = forms.UserAddForm
    success_url = reverse_lazy("babybuddy:user-list")
    success_message = gettext_lazy("User %(username)s added!")


class UserUpdate(
    StaffOnlyMixin, PermissionRequiredMixin, SuccessMessageMixin, UpdateView
):
    model = User
    template_name = "babybuddy/user_form.html"
    permission_required = ("admin.change_user",)
    form_class = forms.UserUpdateForm
    success_url = reverse_lazy("babybuddy:user-list")
    success_message = gettext_lazy("User %(username)s updated.")


class UserDelete(
    StaffOnlyMixin, PermissionRequiredMixin, DeleteView, SuccessMessageMixin
):
    model = User
    template_name = "babybuddy/user_confirm_delete.html"
    permission_required = ("admin.delete_user",)
    success_url = reverse_lazy("babybuddy:user-list")

    def get_success_message(self, cleaned_data):
        return format_lazy(gettext_lazy("User {user} deleted."), user=self.get_object())


class UserPassword(LoginRequiredMixin, View):
    """
    Handles user password changes.
    """

    form_class = forms.UserPasswordForm
    template_name = "babybuddy/user_password_form.html"

    def get(self, request):
        return render(
            request, self.template_name, {"form": self.form_class(request.user)}
        )

    def post(self, request):
        form = PasswordChangeForm(request.user, request.POST)
        if form.is_valid():
            user = form.save()
            update_session_auth_hash(request, user)
            messages.success(request, _("Password updated."))
        return render(request, self.template_name, {"form": form})


class RegenerateApiKey:
    def handle_api_key_post(self, request) -> Boolean:
        if request.POST.get("api_key_regenerate"):
            request.user.settings.api_key(reset=True)
            messages.success(request, _("User API key regenerated."))
            return True
        return False


class UserSettings(LoginRequiredMixin, RegenerateApiKey, View):
    """
    Handles both the User and Settings models.
    Based on this SO answer: https://stackoverflow.com/a/45056835.
    """

    form_user_class = forms.UserForm
    form_settings_class = forms.UserSettingsForm
    template_name = "babybuddy/user_settings_form.html"

    def get(self, request):
        settings = request.user.settings

        return render(
            request,
            self.template_name,
            {
                "form_user": self.form_user_class(instance=request.user),
                "form_settings": self.form_settings_class(instance=settings),
            },
        )

    def post(self, request):
        if self.handle_api_key_post(request):
            return redirect("babybuddy:user-settings")

        form_user = self.form_user_class(instance=request.user, data=request.POST)
        form_settings = self.form_settings_class(
            instance=request.user.settings, data=request.POST
        )
        if form_user.is_valid() and form_settings.is_valid():
            user = form_user.save(commit=False)
            user_settings = form_settings.save(commit=False)
            user.settings = user_settings
            user.save()
            translation.activate(user.settings.language)
            messages.success(request, _("Settings saved!"))
            translation.deactivate()
            return set_language(request)
        return render(
            request,
            self.template_name,
            {"user_form": form_user, "settings_form": form_settings},
        )


class UserAddDevice(LoginRequiredMixin, RegenerateApiKey, View):
    form_user_class = forms.UserForm
    template_name = "babybuddy/user_add_device.html"
    qr_code_template = "babybuddy/login_qr_code.txt"

    def get(self, request):
        qr_code_response = render(request, self.qr_code_template)
        qr_code_data = qr_code_response.content.decode().strip()

        return render(
            request,
            self.template_name,
            {
                "form_user": self.form_user_class(instance=request.user),
                "qr_code_data": qr_code_data,
            },
        )

    def post(self, request):
        if self.handle_api_key_post(request):
            return redirect("babybuddy:user-add-device")
        else:
            raise BadRequest()


class Welcome(LoginRequiredMixin, TemplateView):
    """
    Basic introduction to Baby Buddy (meant to be shown when no data is in the
    database).
    """

    template_name = "babybuddy/welcome.html"
Add a basic Welcome page. 2017-11-09 12:24:32 +00:00			`# -- coding: utf-8 --`
Add new "Add a device" view, remove QR-code from settings-view 2022-10-17 07:40:06 +00:00			`from xmlrpc.client import Boolean`
Add status messages for babybuddy app views. 2017-12-06 18:03:26 +00:00			`from django.contrib import messages`
Add a user password change form. 2017-12-02 21:20:15 +00:00			`from django.contrib.auth import update_session_auth_hash`
			`from django.contrib.auth.forms import PasswordChangeForm`
Add basic user management forms and views. 2017-12-11 02:36:25 +00:00			`from django.contrib.auth.models import User`
Support POST only for logout 2021-12-18 22:38:08 +00:00			`from django.contrib.auth.views import LogoutView as LogoutViewBase`
Add basic user management forms and views. 2017-12-11 02:36:25 +00:00			`from django.contrib.messages.views import SuccessMessageMixin`
Add new "Add a device" view, remove QR-code from settings-view 2022-10-17 07:40:06 +00:00			`from django.core.exceptions import BadRequest`
Add template for 403 CSRF Bad Origin failure 2022-02-22 05:26:12 +00:00			`from django.http import HttpResponseForbidden`
			`from django.middleware.csrf import REASON_BAD_ORIGIN`
Add Settings model extending User. 2017-11-11 22:27:42 +00:00			`from django.shortcuts import redirect, render`
Create base error template 2022-02-22 16:31:14 +00:00			`from django.template import loader`
Add basic user management forms and views. 2017-12-11 02:36:25 +00:00			`from django.urls import reverse, reverse_lazy`
Ensure "settings saved" is translated (#346) 2021-11-28 19:05:56 +00:00			`from django.utils import translation`
Support POST only for logout 2021-12-18 22:38:08 +00:00			`from django.utils.decorators import method_decorator`
Add translatable strings support to formatted strings (WIP). 2019-04-14 21:42:58 +00:00			`from django.utils.text import format_lazy`
Add user configurable timezone setting 2020-02-14 17:22:25 +00:00			`from django.utils.translation import gettext as _, gettext_lazy`
Add template for 403 CSRF Bad Origin failure 2022-02-22 05:26:12 +00:00			`from django.views import csrf`
Support POST only for logout 2021-12-18 22:38:08 +00:00			`from django.views.decorators.cache import never_cache`
			`from django.views.decorators.csrf import csrf_protect`
			`from django.views.decorators.http import require_POST`
Add Settings model extending User. 2017-11-11 22:27:42 +00:00			`from django.views.generic import View`
Add a basic Welcome page. 2017-11-09 12:24:32 +00:00			`from django.views.generic.base import TemplateView, RedirectView`
Add basic user management forms and views. 2017-12-11 02:36:25 +00:00			`from django.views.generic.edit import CreateView, UpdateView, DeleteView`
Persist user timezone setting with middleware 2020-02-14 20:35:02 +00:00			`from django.views.i18n import set_language`
Add basic user management forms and views. 2017-12-11 02:36:25 +00:00
			`from django_filters.views import FilterView`
Add a basic Welcome page. 2017-11-09 12:24:32 +00:00
Add basic user management forms and views. 2017-12-11 02:36:25 +00:00			`from babybuddy import forms`
Format code with black 2022-02-10 00:00:30 +00:00			`from babybuddy.mixins import LoginRequiredMixin, PermissionRequiredMixin, StaffOnlyMixin`
Add a basic Welcome page. 2017-11-09 12:24:32 +00:00

Add template for 403 CSRF Bad Origin failure 2022-02-22 05:26:12 +00:00			`def csrf_failure(request, reason=""):`
			`"""`
			`Overrides the 403 CSRF failure template for bad origins in order to provide more`
			`userful information about how to resolve the issue.`
			`"""`
Create base error template 2022-02-22 16:31:14 +00:00
Add template for 403 CSRF Bad Origin failure 2022-02-22 05:26:12 +00:00			`if (`
			`"HTTP_ORIGIN" in request.META`
			`and reason == REASON_BAD_ORIGIN % request.META["HTTP_ORIGIN"]`
			`):`
Fix variable spelling 2022-02-22 16:37:34 +00:00			`context = {`
Add template for 403 CSRF Bad Origin failure 2022-02-22 05:26:12 +00:00			`"title": _("Forbidden"),`
			`"main": _("CSRF verification failed. Request aborted."),`
			`"reason": reason,`
			`"origin": request.META["HTTP_ORIGIN"],`
			`}`
Create base error template 2022-02-22 16:31:14 +00:00			`template = loader.get_template("error/403_csrf_bad_origin.html")`
Fix variable spelling 2022-02-22 16:37:34 +00:00			`return HttpResponseForbidden(template.render(context), content_type="text/html")`
Add template for 403 CSRF Bad Origin failure 2022-02-22 05:26:12 +00:00
			`return csrf.csrf_failure(request, reason, "403_csrf.html")`


Add a basic Welcome page. 2017-11-09 12:24:32 +00:00			`class RootRouter(LoginRequiredMixin, RedirectView):`
Add Settings model extending User. 2017-11-11 22:27:42 +00:00			`"""`
Raise permission denied instead of redirecting to login (#49). 2018-05-20 21:40:09 +00:00			`Redirects to the site dashboard.`
Add Settings model extending User. 2017-11-11 22:27:42 +00:00			`"""`
Format code with black 2022-02-10 00:00:30 +00:00
Add a basic Welcome page. 2017-11-09 12:24:32 +00:00			`def get_redirect_url(self, args, *kwargs):`
Format code with black 2022-02-10 00:00:30 +00:00			`self.url = reverse("dashboard:dashboard")`
Add a basic Welcome page. 2017-11-09 12:24:32 +00:00			`return super(RootRouter, self).get_redirect_url(self, args, *kwargs)`


Add support for Django 2.1 and Django Filters 2.0.0. 2018-08-04 20:00:51 +00:00			`class BabyBuddyFilterView(FilterView):`
			`"""`
			`Disables "strictness" for django-filter. It is unclear from the`
			`documentation exactly what this does...`
			`"""`
Format code with black 2022-02-10 00:00:30 +00:00
Add support for Django 2.1 and Django Filters 2.0.0. 2018-08-04 20:00:51 +00:00			`# TODO Figure out the correct way to use this.`
			`strict = False`

Hide child column if only one child is shown Fixes #233 2021-08-02 20:32:49 +00:00			`def get_context_data(self, **kwargs):`
			`context = super().get_context_data(**kwargs)`
Format code with black 2022-02-10 00:00:30 +00:00			`children = {o.child for o in context["object_list"] if hasattr(o, "child")}`
Hide child column if only one child is shown Fixes #233 2021-08-02 20:32:49 +00:00			`if len(children) == 1:`
Format code with black 2022-02-10 00:00:30 +00:00			`context["unique_child"] = True`
Hide child column if only one child is shown Fixes #233 2021-08-02 20:32:49 +00:00			`return context`

Add support for Django 2.1 and Django Filters 2.0.0. 2018-08-04 20:00:51 +00:00
Format code with black 2022-02-10 00:00:30 +00:00			`@method_decorator(csrf_protect, name="dispatch")`
			`@method_decorator(never_cache, name="dispatch")`
			`@method_decorator(require_POST, name="dispatch")`
Support POST only for logout 2021-12-18 22:38:08 +00:00			`class LogoutView(LogoutViewBase):`
			`pass`


Add support for Django 2.1 and Django Filters 2.0.0. 2018-08-04 20:00:51 +00:00			`class UserList(StaffOnlyMixin, BabyBuddyFilterView):`
Add basic user management forms and views. 2017-12-11 02:36:25 +00:00			`model = User`
Format code with black 2022-02-10 00:00:30 +00:00			`template_name = "babybuddy/user_list.html"`
			`ordering = "username"`
Add basic user management forms and views. 2017-12-11 02:36:25 +00:00			`paginate_by = 10`
Format code with black 2022-02-10 00:00:30 +00:00			`filterset_fields = ("username", "first_name", "last_name", "email")`
Add basic user management forms and views. 2017-12-11 02:36:25 +00:00

Format code with black 2022-02-10 00:00:30 +00:00			`class UserAdd(StaffOnlyMixin, PermissionRequiredMixin, SuccessMessageMixin, CreateView):`
Add basic user management forms and views. 2017-12-11 02:36:25 +00:00			`model = User`
Format code with black 2022-02-10 00:00:30 +00:00			`template_name = "babybuddy/user_form.html"`
			`permission_required = ("admin.add_user",)`
Add basic user management forms and views. 2017-12-11 02:36:25 +00:00			`form_class = forms.UserAddForm`
Format code with black 2022-02-10 00:00:30 +00:00			`success_url = reverse_lazy("babybuddy:user-list")`
			`success_message = gettext_lazy("User %(username)s added!")`
Add basic user management forms and views. 2017-12-11 02:36:25 +00:00

Format code with black 2022-02-10 00:00:30 +00:00			`class UserUpdate(`
			`StaffOnlyMixin, PermissionRequiredMixin, SuccessMessageMixin, UpdateView`
			`):`
Add basic user management forms and views. 2017-12-11 02:36:25 +00:00			`model = User`
Format code with black 2022-02-10 00:00:30 +00:00			`template_name = "babybuddy/user_form.html"`
			`permission_required = ("admin.change_user",)`
Add basic user management forms and views. 2017-12-11 02:36:25 +00:00			`form_class = forms.UserUpdateForm`
Format code with black 2022-02-10 00:00:30 +00:00			`success_url = reverse_lazy("babybuddy:user-list")`
			`success_message = gettext_lazy("User %(username)s updated.")`
Add basic user management forms and views. 2017-12-11 02:36:25 +00:00

Format code with black 2022-02-10 00:00:30 +00:00			`class UserDelete(`
			`StaffOnlyMixin, PermissionRequiredMixin, DeleteView, SuccessMessageMixin`
			`):`
Add basic user management forms and views. 2017-12-11 02:36:25 +00:00			`model = User`
Format code with black 2022-02-10 00:00:30 +00:00			`template_name = "babybuddy/user_confirm_delete.html"`
			`permission_required = ("admin.delete_user",)`
			`success_url = reverse_lazy("babybuddy:user-list")`
Add basic user management forms and views. 2017-12-11 02:36:25 +00:00
Update Django to 4.x 2022-01-16 03:32:18 +00:00			`def get_success_message(self, cleaned_data):`
Format code with black 2022-02-10 00:00:30 +00:00			`return format_lazy(gettext_lazy("User {user} deleted."), user=self.get_object())`
Add basic user management forms and views. 2017-12-11 02:36:25 +00:00

Add a user password change form. 2017-12-02 21:20:15 +00:00			`class UserPassword(LoginRequiredMixin, View):`
			`"""`
			`Handles user password changes.`
			`"""`
Format code with black 2022-02-10 00:00:30 +00:00
Add basic user management forms and views. 2017-12-11 02:36:25 +00:00			`form_class = forms.UserPasswordForm`
Format code with black 2022-02-10 00:00:30 +00:00			`template_name = "babybuddy/user_password_form.html"`
Add a user password change form. 2017-12-02 21:20:15 +00:00
			`def get(self, request):`
Format code with black 2022-02-10 00:00:30 +00:00			`return render(`
			`request, self.template_name, {"form": self.form_class(request.user)}`
			`)`
Add a user password change form. 2017-12-02 21:20:15 +00:00
			`def post(self, request):`
			`form = PasswordChangeForm(request.user, request.POST)`
			`if form.is_valid():`
			`user = form.save()`
			`update_session_auth_hash(request, user)`
Format code with black 2022-02-10 00:00:30 +00:00			`messages.success(request, _("Password updated."))`
			`return render(request, self.template_name, {"form": form})`
Add a user password change form. 2017-12-02 21:20:15 +00:00

Add new "Add a device" view, remove QR-code from settings-view 2022-10-17 07:40:06 +00:00			`class RegenerateApiKey:`
			`def handle_api_key_post(self, request) -> Boolean:`
			`if request.POST.get("api_key_regenerate"):`
			`request.user.settings.api_key(reset=True)`
			`messages.success(request, _("User API key regenerated."))`
			`return True`
			`return False`


			`class UserSettings(LoginRequiredMixin, RegenerateApiKey, View):`
Add Settings model extending User. 2017-11-11 22:27:42 +00:00			`"""`
			`Handles both the User and Settings models.`
			`Based on this SO answer: https://stackoverflow.com/a/45056835.`
			`"""`
Format code with black 2022-02-10 00:00:30 +00:00
Add basic user management forms and views. 2017-12-11 02:36:25 +00:00			`form_user_class = forms.UserForm`
			`form_settings_class = forms.UserSettingsForm`
Format code with black 2022-02-10 00:00:30 +00:00			`template_name = "babybuddy/user_settings_form.html"`
Add Settings model extending User. 2017-11-11 22:27:42 +00:00
			`def get(self, request):`
Add login QR-code to settings-page 2022-08-24 20:20:08 +00:00			`settings = request.user.settings`

Format code with black 2022-02-10 00:00:30 +00:00			`return render(`
			`request,`
			`self.template_name,`
			`{`
			`"form_user": self.form_user_class(instance=request.user),`
Replace qrcode generator with template tag 2022-08-25 21:56:18 +00:00			`"form_settings": self.form_settings_class(instance=settings),`
Format code with black 2022-02-10 00:00:30 +00:00			`},`
			`)`
Add Settings model extending User. 2017-11-11 22:27:42 +00:00
			`def post(self, request):`
Add new "Add a device" view, remove QR-code from settings-view 2022-10-17 07:40:06 +00:00			`if self.handle_api_key_post(request):`
Format code with black 2022-02-10 00:00:30 +00:00			`return redirect("babybuddy:user-settings")`
Black 2022-10-17 07:48:26 +00:00
Format code with black 2022-02-10 00:00:30 +00:00			`form_user = self.form_user_class(instance=request.user, data=request.POST)`
Add Settings model extending User. 2017-11-11 22:27:42 +00:00			`form_settings = self.form_settings_class(`
Format code with black 2022-02-10 00:00:30 +00:00			`instance=request.user.settings, data=request.POST`
			`)`
Add Settings model extending User. 2017-11-11 22:27:42 +00:00			`if form_user.is_valid() and form_settings.is_valid():`
			`user = form_user.save(commit=False)`
			`user_settings = form_settings.save(commit=False)`
			`user.settings = user_settings`
			`user.save()`
Ensure "settings saved" is translated (#346) 2021-11-28 19:05:56 +00:00			`translation.activate(user.settings.language)`
Format code with black 2022-02-10 00:00:30 +00:00			`messages.success(request, _("Settings saved!"))`
Ensure "settings saved" is translated (#346) 2021-11-28 19:05:56 +00:00			`translation.deactivate()`
Use cookie for language setting Django 4.0 will deprecate the use of session for language setting. 2020-01-04 16:09:28 +00:00			`return set_language(request)`
Format code with black 2022-02-10 00:00:30 +00:00			`return render(`
			`request,`
			`self.template_name,`
			`{"user_form": form_user, "settings_form": form_settings},`
			`)`
Add Settings model extending User. 2017-11-11 22:27:42 +00:00

Add new "Add a device" view, remove QR-code from settings-view 2022-10-17 07:40:06 +00:00			`class UserAddDevice(LoginRequiredMixin, RegenerateApiKey, View):`
			`form_user_class = forms.UserForm`
			`template_name = "babybuddy/user_add_device.html"`
			`qr_code_template = "babybuddy/login_qr_code.txt"`

			`def get(self, request):`
			`qr_code_response = render(request, self.qr_code_template)`
			`qr_code_data = qr_code_response.content.decode().strip()`

			`return render(`
			`request,`
			`self.template_name,`
			`{`
			`"form_user": self.form_user_class(instance=request.user),`
			`"qr_code_data": qr_code_data,`
			`},`
			`)`

			`def post(self, request):`
			`if self.handle_api_key_post(request):`
Fix copy-pasta mistake redirecting to the wrong page 2022-10-19 19:30:21 +00:00			`return redirect("babybuddy:user-add-device")`
Add new "Add a device" view, remove QR-code from settings-view 2022-10-17 07:40:06 +00:00			`else:`
			`raise BadRequest()`


Add a basic Welcome page. 2017-11-09 12:24:32 +00:00			`class Welcome(LoginRequiredMixin, TemplateView):`
Add Settings model extending User. 2017-11-11 22:27:42 +00:00			`"""`
			`Basic introduction to Baby Buddy (meant to be shown when no data is in the`
			`database).`
			`"""`
Format code with black 2022-02-10 00:00:30 +00:00
			`template_name = "babybuddy/welcome.html"`