nielsperetzke
/
healthchecks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 32 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
503 Commits
2 Branches
15 MiB
Tree: d8bceac13f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd8bceac13f'
${ noResults }
healthchecks/hc/accounts/views.py

363 lines
11 KiB
Raw Normal View History

Initial commit
10 years ago
Badges
8 years ago
Initial commit
10 years ago
REGISTRATION_OPEN setting. superuser accounts by default have team access enabled. Fixes #97 and #113
8 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Organize imports using isort.
9 years ago
logout, unified login
10 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Initial commit
10 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Team Access, test cleanup
9 years ago
Initial commit
10 years ago
"Close Account" section in Settings page. Fixes #95
8 years ago
Team access WIP
9 years ago
Team Access, test cleanup
9 years ago
Team access WIP
9 years ago
Notification Channels WIP
9 years ago
Badges
8 years ago
"Close Account" section in Settings page. Fixes #95
8 years ago
Initial commit
10 years ago
logout, unified login
10 years ago
Store the one time login token in profile so user.password can be used for regular passwords.
9 years ago
logout, unified login
10 years ago
Account creation
10 years ago
REGISTRATION_OPEN setting. superuser accounts by default have team access enabled. Fixes #97 and #113
8 years ago
Team Access, test cleanup
9 years ago
Notification Channels WIP
9 years ago
logout, unified login
10 years ago
Account creation
10 years ago
Better welcome page.
10 years ago
_associate_demo_check was crashing for returning users after cleaning up old checks.
8 years ago
Better welcome page.
10 years ago
_associate_demo_check was crashing for returning users after cleaning up old checks.
8 years ago
Only associate demo check if it doesn't have an owner already.
9 years ago
_associate_demo_check was crashing for returning users after cleaning up old checks.
8 years ago
Notification Channels WIP
9 years ago
_associate_demo_check was crashing for returning users after cleaning up old checks.
8 years ago
Notification Channels WIP
9 years ago
_associate_demo_check was crashing for returning users after cleaning up old checks.
8 years ago
Better welcome page.
10 years ago
/admin/login/ uses the same login view as the main site.
8 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Initial commit
10 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Initial commit
10 years ago
logout, unified login
10 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
/admin/login/ uses the same login view as the main site.
8 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
REGISTRATION_OPEN setting. superuser accounts by default have team access enabled. Fixes #97 and #113
8 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
REGISTRATION_OPEN setting. superuser accounts by default have team access enabled. Fixes #97 and #113
8 years ago
Initial commit
10 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Initial commit
10 years ago
check token redirect to login on bad token
9 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
/admin/login/ uses the same login view as the main site.
8 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Initial commit
10 years ago
logout, unified login
10 years ago
Initial commit
10 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Login works, stubbed out canary index page
10 years ago
Django 1.10
8 years ago
redirect already logged in user
9 years ago
A work around for email servers that open our one-time login links.
8 years ago
More content in docs section
9 years ago
A work around for email servers that open our one-time login links.
8 years ago
More content in docs section
9 years ago
A work around for email servers that open our one-time login links.
8 years ago
Login works, stubbed out canary index page
10 years ago
A work around for email servers that open our one-time login links.
8 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Team Access, test cleanup
9 years ago
Adding on_delete keywords, more to come.
8 years ago
Team Access refinements.
9 years ago
Adding on_delete keywords, more to come.
8 years ago
Team Access refinements.
9 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Set and revoke API key in Settings page.
9 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Set and revoke API key in Settings page.
9 years ago
Support for "Add to Slack" button
8 years ago
Set and revoke API key in Settings page.
9 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Set and revoke API key in Settings page.
9 years ago
Team access WIP
9 years ago
Access rights checks for team access stuff in profile page.
9 years ago
Team access WIP
9 years ago
Support for "Add to Slack" button
8 years ago
Team access WIP
9 years ago
Tests for team access.
9 years ago
Team access WIP
9 years ago
Team Access, test cleanup
9 years ago
Access rights checks for team access stuff in profile page.
9 years ago
Team Access, test cleanup
9 years ago
Support for "Add to Slack" button
8 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Split "Account Settings" page into subpages.
8 years ago
Adding on_delete keywords, more to come.
8 years ago
Split "Account Settings" page into subpages.
8 years ago
Adding on_delete keywords, more to come.
8 years ago
Split "Account Settings" page into subpages.
8 years ago
Badges
8 years ago
Badges can now return either SVG or JSON
7 years ago
Badges
8 years ago
Badges can now return either SVG or JSON
7 years ago
Badges
8 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Material icons.
8 years ago
Badges can now return either SVG or JSON
7 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Split "Account Settings" page into subpages.
8 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Team Access, test cleanup
9 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Support for "Add to Slack" button
8 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
First stab at API, POST /api/v1/checks
9 years ago
Users can add passwords to their accounts. Fixes #6
9 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Team Access, test cleanup
9 years ago
Code to send monthly reports (but no management command yet to actually send them)
9 years ago
Team Access, test cleanup
9 years ago
/switch_team/ requires login and a valid target username
8 years ago
Team Access, test cleanup
9 years ago
/switch_team/ requires login and a valid target username
8 years ago
Team Access, test cleanup
9 years ago
Fix bug in /accounts/switch_team/, updated messaging.
9 years ago
Team Access, test cleanup
9 years ago
Fix bug in /accounts/switch_team/, updated messaging.
9 years ago
Split "Account Settings" page into subpages.
8 years ago
Fix bug in /accounts/switch_team/, updated messaging.
9 years ago
Split "Account Settings" page into subpages.
8 years ago
Fix bug in /accounts/switch_team/, updated messaging.
9 years ago
Team Access, test cleanup
9 years ago
"Close Account" section in Settings page. Fixes #95
8 years ago
Adding on_delete keywords, more to come.
8 years ago
"Close Account" section in Settings page. Fixes #95
8 years ago
 
  1. import uuid
  2. import re
  3. 

  4. from django.conf import settings
  5. from django.contrib import messages
  6. from django.contrib.auth import login as auth_login
  7. from django.contrib.auth import logout as auth_logout
  8. from django.contrib.auth import authenticate
  9. from django.contrib.auth.decorators import login_required
  10. from django.contrib.auth.hashers import check_password
  11. from django.contrib.auth.models import User
  12. from django.core import signing
  13. from django.http import HttpResponseForbidden, HttpResponseBadRequest
  14. from django.shortcuts import redirect, render
  15. from django.views.decorators.http import require_POST
  16. from hc.accounts.forms import (EmailPasswordForm, InviteTeamMemberForm,
  17.                                RemoveTeamMemberForm, ReportSettingsForm,
  18.                                SetPasswordForm, TeamNameForm)
  19. from hc.accounts.models import Profile, Member
  20. from hc.api.models import Channel, Check
  21. from hc.lib.badges import get_badge_url
  22. from hc.payments.models import Subscription
  23. 

  24. 

  25. def _make_user(email):
  26.     username = str(uuid.uuid4())[:30]
  27.     user = User(username=username, email=email)
  28.     user.set_unusable_password()
  29.     user.save()
  30. 

  31.     # Ensure a profile gets created
  32.     Profile.objects.for_user(user)
  33. 

  34.     channel = Channel()
  35.     channel.user = user
  36.     channel.kind = "email"
  37.     channel.value = email
  38.     channel.email_verified = True
  39.     channel.save()
  40. 

  41.     return user
  42. 

  43. 

  44. def _associate_demo_check(request, user):
  45.     if "welcome_code" not in request.session:
  46.         return
  47. 

  48.     try:
  49.         check = Check.objects.get(code=request.session["welcome_code"])
  50.     except Check.DoesNotExist:
  51.         return
  52. 

  53.     # Only associate demo check if it doesn't have an owner already.
  54.     if check.user:
  55.         return
  56. 

  57.     check.user = user
  58.     check.save()
  59. 

  60.     check.assign_all_channels()
  61. 

  62.     del request.session["welcome_code"]
  63. 

  64. 

  65. def login(request, show_password=False):
  66.     bad_credentials = False
  67.     if request.method == 'POST':
  68.         form = EmailPasswordForm(request.POST)
  69.         if form.is_valid():
  70.             email = form.cleaned_data["email"]
  71.             password = form.cleaned_data["password"]
  72.             if len(password):
  73.                 user = authenticate(username=email, password=password)
  74.                 if user is not None and user.is_active:
  75.                     auth_login(request, user)
  76.                     return redirect("hc-checks")
  77.                 bad_credentials = True
  78.                 show_password = True
  79.             else:
  80.                 user = None
  81.                 try:
  82.                     user = User.objects.get(email=email)
  83.                 except User.DoesNotExist:
  84.                     if settings.REGISTRATION_OPEN:
  85.                         user = _make_user(email)
  86.                         _associate_demo_check(request, user)
  87.                     else:
  88.                         bad_credentials = True
  89. 

  90.                 if user:
  91.                     profile = Profile.objects.for_user(user)
  92.                     profile.send_instant_login_link()
  93.                     return redirect("hc-login-link-sent")
  94. 

  95.     else:
  96.         form = EmailPasswordForm()
  97. 

  98.     bad_link = request.session.pop("bad_link", None)
  99.     ctx = {
  100.         "form": form,
  101.         "bad_credentials": bad_credentials,
  102.         "bad_link": bad_link,
  103.         "show_password": show_password
  104.     }
  105.     return render(request, "accounts/login.html", ctx)
  106. 

  107. 

  108. def logout(request):
  109.     auth_logout(request)
  110.     return redirect("hc-index")
  111. 

  112. 

  113. def login_link_sent(request):
  114.     return render(request, "accounts/login_link_sent.html")
  115. 

  116. 

  117. def set_password_link_sent(request):
  118.     return render(request, "accounts/set_password_link_sent.html")
  119. 

  120. 

  121. def check_token(request, username, token):
  122.     if request.user.is_authenticated and request.user.username == username:
  123.         # User is already logged in
  124.         return redirect("hc-checks")
  125. 

  126.     # Some email servers open links in emails to check for malicious content.
  127.     # To work around this, we sign user in if the method is POST.
  128.     #
  129.     # If the method is GET, we instead serve a HTML form and a piece
  130.     # of Javascript to automatically submit it.
  131. 

  132.     if request.method == "POST":
  133.         user = authenticate(username=username, token=token)
  134.         if user is not None and user.is_active:
  135.             # This should get rid of "welcome_code" in session
  136.             request.session.flush()
  137. 

  138.             user.profile.token = ""
  139.             user.profile.save()
  140.             auth_login(request, user)
  141. 

  142.             return redirect("hc-checks")
  143. 

  144.         request.session["bad_link"] = True
  145.         return redirect("hc-login")
  146. 

  147.     return render(request, "accounts/check_token_submit.html")
  148. 

  149. 

  150. @login_required
  151. def profile(request):
  152.     profile = request.user.profile
  153.     # Switch user back to its own team
  154.     if request.team != profile:
  155.         request.team = profile
  156.         profile.current_team = profile
  157.         profile.save()
  158. 

  159.     show_api_key = False
  160.     if request.method == "POST":
  161.         if "set_password" in request.POST:
  162.             profile.send_set_password_link()
  163.             return redirect("hc-set-password-link-sent")
  164.         elif "create_api_key" in request.POST:
  165.             profile.set_api_key()
  166.             show_api_key = True
  167.             messages.success(request, "The API key has been created!")
  168.         elif "revoke_api_key" in request.POST:
  169.             profile.api_key = ""
  170.             profile.save()
  171.             messages.info(request, "The API key has been revoked!")
  172.         elif "show_api_key" in request.POST:
  173.             show_api_key = True
  174.         elif "invite_team_member" in request.POST:
  175.             if not profile.team_access_allowed:
  176.                 return HttpResponseForbidden()
  177. 

  178.             form = InviteTeamMemberForm(request.POST)
  179.             if form.is_valid():
  180. 

  181.                 email = form.cleaned_data["email"]
  182.                 try:
  183.                     user = User.objects.get(email=email)
  184.                 except User.DoesNotExist:
  185.                     user = _make_user(email)
  186. 

  187.                 profile.invite(user)
  188.                 messages.success(request, "Invitation to %s sent!" % email)
  189.         elif "remove_team_member" in request.POST:
  190.             form = RemoveTeamMemberForm(request.POST)
  191.             if form.is_valid():
  192. 

  193.                 email = form.cleaned_data["email"]
  194.                 farewell_user = User.objects.get(email=email)
  195.                 farewell_user.profile.current_team = None
  196.                 farewell_user.profile.save()
  197. 

  198.                 Member.objects.filter(team=profile,
  199.                                       user=farewell_user).delete()
  200. 

  201.                 messages.info(request, "%s removed from team!" % email)
  202.         elif "set_team_name" in request.POST:
  203.             if not profile.team_access_allowed:
  204.                 return HttpResponseForbidden()
  205. 

  206.             form = TeamNameForm(request.POST)
  207.             if form.is_valid():
  208.                 profile.team_name = form.cleaned_data["team_name"]
  209.                 profile.save()
  210.                 messages.success(request, "Team Name updated!")
  211. 

  212.     ctx = {
  213.         "page": "profile",
  214.         "profile": profile,
  215.         "show_api_key": show_api_key
  216.     }
  217. 

  218.     return render(request, "accounts/profile.html", ctx)
  219. 

  220. 

  221. @login_required
  222. def notifications(request):
  223.     profile = request.user.profile
  224.     # Switch user back to its default team
  225.     if profile.current_team_id != profile.id:
  226.         request.team = profile
  227.         profile.current_team_id = profile.id
  228.         profile.save()
  229. 

  230.     if request.method == "POST":
  231.         form = ReportSettingsForm(request.POST)
  232.         if form.is_valid():
  233.             profile.reports_allowed = form.cleaned_data["reports_allowed"]
  234.             profile.save()
  235.             messages.success(request, "Your settings have been updated!")
  236. 

  237.     ctx = {
  238.         "page": "profile",
  239.         "profile": profile,
  240.     }
  241. 

  242.     return render(request, "accounts/notifications.html", ctx)
  243. 

  244. 

  245. @login_required
  246. def badges(request):
  247.     profile = request.user.profile
  248.     # Switch user back to its own team
  249.     if request.team != profile:
  250.         request.team = profile
  251.         profile.current_team = profile
  252.         profile.save()
  253. 

  254.     tags = set()
  255.     for check in Check.objects.filter(user=request.team.user):
  256.         tags.update(check.tags_list())
  257. 

  258.     username = request.team.user.username
  259.     urls = []
  260.     for tag in sorted(tags, key=lambda s: s.lower()):
  261.         if not re.match("^[\w-]+$", tag):
  262.             continue
  263. 

  264.         urls.append({
  265.             "svg": get_badge_url(username, tag),
  266.             "json": get_badge_url(username, tag, format="json"),
  267.         })
  268. 

  269.     ctx = {
  270.         "page": "profile",
  271.         "urls": urls
  272.     }
  273. 

  274.     return render(request, "accounts/badges.html", ctx)
  275. 

  276. 

  277. @login_required
  278. def set_password(request, token):
  279.     profile = request.user.profile
  280.     if not check_password(token, profile.token):
  281.         return HttpResponseBadRequest()
  282. 

  283.     if request.method == "POST":
  284.         form = SetPasswordForm(request.POST)
  285.         if form.is_valid():
  286.             password = form.cleaned_data["password"]
  287.             request.user.set_password(password)
  288.             request.user.save()
  289. 

  290.             profile.token = ""
  291.             profile.save()
  292. 

  293.             # Setting a password logs the user out, so here we
  294.             # log them back in.
  295.             u = authenticate(username=request.user.email, password=password)
  296.             auth_login(request, u)
  297. 

  298.             messages.success(request, "Your password has been set!")
  299.             return redirect("hc-profile")
  300. 

  301.     return render(request, "accounts/set_password.html", {})
  302. 

  303. 

  304. def unsubscribe_reports(request, username):
  305.     try:
  306.         signing.Signer().unsign(request.GET.get("token"))
  307.     except signing.BadSignature:
  308.         return HttpResponseBadRequest()
  309. 

  310.     user = User.objects.get(username=username)
  311.     user.profile.reports_allowed = False
  312.     user.profile.save()
  313. 

  314.     return render(request, "accounts/unsubscribed.html")
  315. 

  316. 

  317. @login_required
  318. def switch_team(request, target_username):
  319.     try:
  320.         other_user = User.objects.get(username=target_username)
  321.     except User.DoesNotExist:
  322.         return HttpResponseForbidden()
  323. 

  324.     # The rules:
  325.     # Superuser can switch to any team.
  326.     access_ok = request.user.is_superuser
  327. 

  328.     # Users can switch to their own teams.
  329.     if not access_ok and other_user.id == request.user.id:
  330.         access_ok = True
  331. 

  332.     # Users can switch to teams they are members of.
  333.     if not access_ok:
  334.         for membership in request.user.member_set.all():
  335.             if membership.team.user.id == other_user.id:
  336.                 access_ok = True
  337.                 break
  338. 

  339.     if not access_ok:
  340.         return HttpResponseForbidden()
  341. 

  342.     request.user.profile.current_team = other_user.profile
  343.     request.user.profile.save()
  344. 

  345.     return redirect("hc-checks")
  346. 

  347. 

  348. @require_POST
  349. @login_required
  350. def close(request):
  351.     user = request.user
  352. 

  353.     # Subscription needs to be canceled before it is deleted:
  354.     sub = Subscription.objects.filter(user=user).first()
  355.     if sub:
  356.         sub.cancel()
  357. 

  358.     user.delete()
  359. 

  360.     # Deleting user also deletes its profile, checks, channels etc.
  361. 

  362.     request.session.flush()
  363.     return redirect("hc-index")