Indicate user locked state and allow unlocking from users admin (#600)

* Use custom template for account lock * Rename Baby Buddy base template tags * Add user unlock view * Add user unlock test
2023-02-11 09:02:23 -08:00 · 2023-02-11 09:02:23 -08:00 · 996d81966c
parent bf2884f544
commit 996d81966c
17 changed files with 136 additions and 23 deletions
--- a/babybuddy/settings/base.py
+++ b/babybuddy/settings/base.py
@ -337,6 +337,10 @@ AXES_COOLOFF_TIME = 1
 AXES_FAILURE_LIMIT = 5
 AXES_LOCKOUT_TEMPLATE = "error/lockout.html"
 AXES_LOCKOUT_URL = "/login/lock"
 # Session configuration
 # Used by RollingSessionMiddleware to determine how often to reset the session.
 # See https://docs.djangoproject.com/en/4.0/topics/http/sessions/
--- a/babybuddy/templates/babybuddy/base.html
+++ b/babybuddy/templates/babybuddy/base.html
@ -1,4 +1,4 @@
-{% load babybuddy_tags i18n static %}
+{% load babybuddy i18n static %}
 {% get_current_language as LANGUAGE_CODE %}
 {% get_current_locale as LOCALE %}
 {% get_current_timezone as TIMEZONE %}
--- a/babybuddy/templates/babybuddy/login_qr_code.txt
+++ b/babybuddy/templates/babybuddy/login_qr_code.txt
@ -1,4 +1,4 @@
-{% load i18n widget_tweaks babybuddy_tags qr_code %}
+{% load i18n widget_tweaks babybuddy qr_code %}
 {% url 'babybuddy:root-router' as relative_root_url %}
 {% make_absolute_url relative_root_url as absolute_root_url %}
 BABYBUDDY-LOGIN:{"url":"{{ absolute_root_url }}","api_key":"{{ user.settings.api_key }}"}
--- a/babybuddy/templates/babybuddy/nav-dropdown.html
+++ b/babybuddy/templates/babybuddy/nav-dropdown.html
@ -1,5 +1,5 @@
 {% extends 'babybuddy/base.html' %}
-{% load babybuddy_tags i18n static timers %}
+{% load babybuddy i18n static timers %}
 {% block nav %}
    <nav class="navbar navbar-expand-md navbar-dark bg-dark sticky-top">
--- a/babybuddy/templates/babybuddy/paginator.html
+++ b/babybuddy/templates/babybuddy/paginator.html
@ -1,4 +1,4 @@
-{% load i18n babybuddy_tags %}
+{% load i18n babybuddy %}
 {% if is_paginated %}
    <nav aria-label="Page navigation">
--- a/babybuddy/templates/babybuddy/user_add_device.html
+++ b/babybuddy/templates/babybuddy/user_add_device.html
@ -1,5 +1,5 @@
 {% extends 'babybuddy/page.html' %}
-{% load i18n widget_tweaks babybuddy_tags qr_code %}
+{% load i18n widget_tweaks babybuddy qr_code %}
 {% block title %}{% trans "Add a device" %}{% endblock %}
--- a/babybuddy/templates/babybuddy/user_confirm_unlock.html
+++ b/babybuddy/templates/babybuddy/user_confirm_unlock.html
@ -0,0 +1,21 @@
 {% extends 'babybuddy/page.html' %}
 {% load i18n widget_tweaks %}
 {% block title %}{% trans "Unlock User" %}{% endblock %}
 {% block breadcrumbs %}
    <li class="breadcrumb-item"><a href="{% url 'babybuddy:user-list' %}">{% trans "Users" %}</a></li>
    <li class="breadcrumb-item">{{ object }}</li>
    <li class="breadcrumb-item active" aria-current="page">{% trans "Unlock" %}</li>
 {% endblock %}
 {% block content %}
    <form role="form" method="post">
        {% csrf_token %}
        {% blocktrans trimmed %}
            <h1>Are you sure you want to unlock <span class="text-info">{{ object }}</span>?</h1>
        {% endblocktrans %}
        <input type="submit" value="{% trans "Unlock" %}" class="btn btn-danger" />
        <a href="{% url 'babybuddy:user-update' object.pk %}" class="btn btn-default">{% trans "Cancel" %}</a>
    </form>
 {% endblock %}
--- a/babybuddy/templates/babybuddy/user_form.html
+++ b/babybuddy/templates/babybuddy/user_form.html
@ -1,5 +1,5 @@
 {% extends 'babybuddy/page.html' %}
-{% load i18n %}
+{% load babybuddy i18n %}
 {% block title %}
    {% if object %}
@ -21,6 +21,17 @@
 {% block content %}
    {% if object %}
        {% user_is_locked object as is_locked %}
        {% if is_locked %}
            <div class="alert alert-danger">
                <div class="alert-heading h4">
                    {% blocktrans %}User locked.{% endblocktrans %}
                </div>
                <a href="{% url 'babybuddy:user-unlock' object.id %}" class="btn btn-danger">
                    {% blocktrans %}Unlock{% endblocktrans %}
                </a>
            </div>
        {% endif %}
        {% blocktrans trimmed %}
            <h1>Update <span class="text-info">{{ object }}</span></h1>
        {% endblocktrans %}
--- a/babybuddy/templates/babybuddy/user_list.html
+++ b/babybuddy/templates/babybuddy/user_list.html
@ -1,5 +1,5 @@
 {% extends 'babybuddy/page.html' %}
-{% load babybuddy_tags bootstrap i18n widget_tweaks %}
+{% load babybuddy bootstrap i18n widget_tweaks %}
 {% block title %}{% trans "Users" %}{% endblock %}
@ -18,9 +18,10 @@
                    <th>{% trans "First Name" %}</th>
                    <th>{% trans "Last Name" %}</th>
                    <th>{% trans "Email" %}</th>
-                    <th>{% trans "Read only" %}</th>
+                    <th class="text-center">{% trans "Read only" %}</th>
-                    <th>{% trans "Staff" %}</th>
+                    <th class="text-center">{% trans "Staff" %}</th>
-                    <th>{% trans "Active" %}</th>
+                    <th class="text-center">{% trans "Active" %}</th>
                    <th class="text-center">{% trans "Locked" %}</th>
                    <th class="text-center">{% trans "Actions" %}</th>
                </tr>
            </thead>
@ -32,9 +33,11 @@
                        <td>{{ object.last_name }}</td>
                        <td>{{ object.email }}</td>
                        {% user_is_read_only object as is_read_only %}
-                        <td>{{ is_read_only|bool_icon }}</td>
+                        <td class="text-center">{{ is_read_only|bool_icon }}</td>
-                        <td>{{ object.is_staff|bool_icon }}</td>
+                        <td class="text-center">{{ object.is_staff|bool_icon }}</td>
-                        <td>{{ object.is_active|bool_icon }}</td>
+                        <td class="text-center">{{ object.is_active|bool_icon }}</td>
                        {% user_is_locked object as is_locked %}
                        <td class="text-center">{{ is_locked|bool_icon }}</td>
                        <td class="text-center">
                            <div class="btn-group btn-group-sm" role="group" aria-label="Actions">
--- a/babybuddy/templates/babybuddy/user_settings_form.html
+++ b/babybuddy/templates/babybuddy/user_settings_form.html
@ -1,5 +1,5 @@
 {% extends 'babybuddy/page.html' %}
-{% load i18n widget_tweaks babybuddy_tags %}
+{% load i18n widget_tweaks babybuddy %}
 {% block title %}{% trans "User Settings" %}{% endblock %}
--- a/babybuddy/templates/error/lockout.html
+++ b/babybuddy/templates/error/lockout.html
@ -0,0 +1,8 @@
 {% extends 'error/base.html' %}
 {% load babybuddy i18n %}
 {% block title %}403 {% trans "Too Many Login Attempts" %}{% endblock %}
 {% block content %}
    <h1>{% axes_lockout_message %}</h1>
 {% endblock %}
--- a/babybuddy/templatetags/babybuddy_tags.py
+++ b/babybuddy/templatetags/babybuddy_tags.py
@ -5,11 +5,19 @@ from django.apps import apps
 from django.utils import timezone
 from django.utils.translation import to_locale, get_language
 from axes.helpers import get_lockout_message
 from axes.models import AccessAttempt
 from core.models import Child
 register = template.Library()
@register.simple_tag
 def axes_lockout_message():
    return get_lockout_message()
@register.simple_tag(takes_context=True)
 def relative_url(context, field_name, value):
    """
@ -65,6 +73,11 @@ def make_absolute_url(context, url):
    return abs_url
@register.simple_tag()
 def user_is_locked(user):
    return AccessAttempt.objects.filter(username=user.username).exists()
@register.simple_tag()
 def user_is_read_only(user):
    return user.groups.filter(name="read_only").exists()
--- a/babybuddy/tests/tests_templatetags.py
+++ b/babybuddy/tests/tests_templatetags.py
@ -5,27 +5,27 @@ from django.test import TestCase
 from django.utils import timezone
 from core.models import Child
-from babybuddy.templatetags import babybuddy_tags
+from babybuddy.templatetags import babybuddy
 class TemplateTagsTestCase(TestCase):
    def test_child_count(self):
-        self.assertEqual(babybuddy_tags.get_child_count(), 0)
+        self.assertEqual(babybuddy.get_child_count(), 0)
        Child.objects.create(
            first_name="Test", last_name="Child", birth_date=timezone.localdate()
        )
-        self.assertEqual(babybuddy_tags.get_child_count(), 1)
+        self.assertEqual(babybuddy.get_child_count(), 1)
        Child.objects.create(
            first_name="Test", last_name="Child 2", birth_date=timezone.localdate()
        )
-        self.assertEqual(babybuddy_tags.get_child_count(), 2)
+        self.assertEqual(babybuddy.get_child_count(), 2)
    def user_is_read_only(self):
        user = get_user_model().objects.create_user(
            username="readonly", password="readonly", is_superuser=False, is_staf=False
        )
-        self.assertFalse(babybuddy_tags.user_is_read_only(user))
+        self.assertFalse(babybuddy.user_is_read_only(user))
        group = Group.objects.get(name="read_only")
        user.groups.add(group)
-        self.assertTrue(babybuddy_tags.user_is_read_only(user))
+        self.assertTrue(babybuddy.user_is_read_only(user))
--- a/babybuddy/tests/tests_views.py
+++ b/babybuddy/tests/tests_views.py
@ -10,6 +10,8 @@ from django.core.management import call_command
 from faker import Faker
 from babybuddy.views import UserUnlock
 class ViewsTestCase(TestCase):
    @classmethod
@ -77,6 +79,20 @@ class ViewsTestCase(TestCase):
        page = self.c.get("/users/{}/delete/".format(entry.id))
        self.assertEqual(page.status_code, 200)
    def test_user_unlock(self):
        # Staff setting is required to unlock users.
        self.user.is_staff = True
        self.user.save()
        entry = get_user_model().objects.first()
        url = "/users/{}/unlock/".format(entry.id)
        page = self.c.get(url)
        self.assertEqual(page.status_code, 200)
        page = self.c.post(url, follow=True)
        self.assertEqual(page.status_code, 200)
        self.assertContains(page, UserUnlock.success_message)
    def test_welcome(self):
        page = self.c.get("/welcome/")
        self.assertEqual(page.status_code, 200)
--- a/babybuddy/urls.py
+++ b/babybuddy/urls.py
@ -39,6 +39,7 @@ app_patterns = [
    path("users/", views.UserList.as_view(), name="user-list"),
    path("users/add/", views.UserAdd.as_view(), name="user-add"),
    path("users/<int:pk>/edit/", views.UserUpdate.as_view(), name="user-update"),
    path("users/<int:pk>/unlock/", views.UserUnlock.as_view(), name="user-unlock"),
    path("users/<int:pk>/delete/", views.UserDelete.as_view(), name="user-delete"),
    path("user/password/", views.UserPassword.as_view(), name="user-password"),
    path("user/settings/", views.UserSettings.as_view(), name="user-settings"),
--- a/babybuddy/views.py
+++ b/babybuddy/views.py
@ -1,11 +1,12 @@
 # -*- coding: utf-8 -*-
 from django.contrib import messages
 from django.contrib.auth import get_user_model
 from django.contrib.auth import update_session_auth_hash
 from django.contrib.auth.forms import PasswordChangeForm
 from django.contrib.auth import get_user_model
 from django.contrib.auth.views import LogoutView as LogoutViewBase
 from django.contrib.messages.views import SuccessMessageMixin
 from django.core.exceptions import BadRequest
 from django.forms import Form
 from django.http import HttpResponseForbidden
 from django.middleware.csrf import REASON_BAD_ORIGIN
 from django.shortcuts import redirect, render
@ -21,9 +22,17 @@ from django.views.decorators.csrf import csrf_protect
 from django.views.decorators.http import require_POST
 from django.views.generic import View
 from django.views.generic.base import TemplateView, RedirectView
-from django.views.generic.edit import CreateView, UpdateView, DeleteView
+from django.views.generic.detail import BaseDetailView
 from django.views.generic.edit import (
    CreateView,
    DeleteView,
    FormMixin,
    SingleObjectTemplateResponseMixin,
    UpdateView,
 )
 from django.views.i18n import set_language
 from axes.utils import reset
 from django_filters.views import FilterView
 from babybuddy import forms
@ -114,6 +123,33 @@ class UserUpdate(
    success_message = gettext_lazy("User %(username)s updated.")
 class UserUnlock(
    StaffOnlyMixin,
    PermissionRequiredMixin,
    SuccessMessageMixin,
    FormMixin,
    SingleObjectTemplateResponseMixin,
    BaseDetailView,
 ):
    model = get_user_model()
    template_name = "babybuddy/user_confirm_unlock.html"
    permission_required = ("admin.change_user",)
    form_class = Form
    success_message = gettext_lazy("User unlocked.")
    def post(self, request, *args, **kwargs):
        user = self.get_object()
        form = self.get_form()
        if form.is_valid():
            reset(username=user.username)
            return self.form_valid(form)
        else:
            return self.form_invalid(form)
    def get_success_url(self):
        return reverse("babybuddy:user-update", kwargs={"pk": self.kwargs["pk"]})
 class UserDelete(
    StaffOnlyMixin, PermissionRequiredMixin, DeleteView, SuccessMessageMixin
 ):
--- a/core/templates/core/timer_detail.html
+++ b/core/templates/core/timer_detail.html
@ -1,5 +1,5 @@
 {% extends 'babybuddy/page.html' %}
-{% load babybuddy_tags duration i18n timers %}
+{% load babybuddy duration i18n timers %}
 {% get_child_count as CHILD_COUNT %}
 {% block title %}{{ object }}{% endblock %}