django-rest-framework/djangorestframework/utils/staticviews.py

from django.contrib.auth.views import *
from django.conf import settings
from django.http import HttpResponse
from django.shortcuts import render_to_response
from django.template import RequestContext
import base64


# BLERGH
# Replicate django.contrib.auth.views.login simply so we don't have get users to update TEMPLATE_CONTEXT_PROCESSORS
# to add ADMIN_MEDIA_PREFIX to the RequestContext.  I don't like this but really really want users to not have to
# be making settings changes in order to accomodate django-rest-framework
@csrf_protect
@never_cache
def api_login(request, template_name='djangorestframework/login.html',
          redirect_field_name=REDIRECT_FIELD_NAME,
          authentication_form=AuthenticationForm):
    """Displays the login form and handles the login action."""

    redirect_to = request.REQUEST.get(redirect_field_name, '')

    if request.method == "POST":
        form = authentication_form(data=request.POST)
        if form.is_valid():
            # Light security check -- make sure redirect_to isn't garbage.
            if not redirect_to or ' ' in redirect_to:
                redirect_to = settings.LOGIN_REDIRECT_URL

            # Heavier security check -- redirects to http://example.com should
            # not be allowed, but things like /view/?param=http://example.com
            # should be allowed. This regex checks if there is a '//' *before* a
            # question mark.
            elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to):
                    redirect_to = settings.LOGIN_REDIRECT_URL

            # Okay, security checks complete. Log the user in.
            auth_login(request, form.get_user())

            if request.session.test_cookie_worked():
                request.session.delete_test_cookie()

            return HttpResponseRedirect(redirect_to)

    else:
        form = authentication_form(request)

    request.session.set_test_cookie()

    #current_site = get_current_site(request)

    return render_to_response(template_name, {
        'form': form,
        redirect_field_name: redirect_to,
        #'site': current_site,
        #'site_name': current_site.name,
        'ADMIN_MEDIA_PREFIX': settings.ADMIN_MEDIA_PREFIX,
    }, context_instance=RequestContext(request))


def api_logout(request, next_page=None, template_name='djangorestframework/login.html', redirect_field_name=REDIRECT_FIELD_NAME):
    return logout(request, next_page, template_name, redirect_field_name)
Decouple views and resources 2011-05-04 12:21:17 +04:00			`from django.contrib.auth.views import *`
			`from django.conf import settings`
			`from django.http import HttpResponse`
Fixes #102 2011-12-30 20:30:55 +04:00			`from django.shortcuts import render_to_response`
And add RequestContext too 2011-12-30 20:38:03 +04:00			`from django.template import RequestContext`
Decouple views and resources 2011-05-04 12:21:17 +04:00			`import base64`

pep8/pyflakes cleanup 2012-01-21 22:33:34 +04:00
Decouple views and resources 2011-05-04 12:21:17 +04:00			`# BLERGH`
			`# Replicate django.contrib.auth.views.login simply so we don't have get users to update TEMPLATE_CONTEXT_PROCESSORS`
			`# to add ADMIN_MEDIA_PREFIX to the RequestContext. I don't like this but really really want users to not have to`
			`# be making settings changes in order to accomodate django-rest-framework`
			`@csrf_protect`
			`@never_cache`
Rename templates to 'base.html', 'api.html', 'api.txt' and 'login.html' 2012-02-20 17:16:51 +04:00			`def api_login(request, template_name='djangorestframework/login.html',`
Decouple views and resources 2011-05-04 12:21:17 +04:00			`redirect_field_name=REDIRECT_FIELD_NAME,`
			`authentication_form=AuthenticationForm):`
			`"""Displays the login form and handles the login action."""`

			`redirect_to = request.REQUEST.get(redirect_field_name, '')`

			`if request.method == "POST":`
			`form = authentication_form(data=request.POST)`
			`if form.is_valid():`
			`# Light security check -- make sure redirect_to isn't garbage.`
			`if not redirect_to or ' ' in redirect_to:`
			`redirect_to = settings.LOGIN_REDIRECT_URL`

			`# Heavier security check -- redirects to http://example.com should`
			`# not be allowed, but things like /view/?param=http://example.com`
			`# should be allowed. This regex checks if there is a '//' before a`
			`# question mark.`
			`elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to):`
			`redirect_to = settings.LOGIN_REDIRECT_URL`

			`# Okay, security checks complete. Log the user in.`
			`auth_login(request, form.get_user())`

			`if request.session.test_cookie_worked():`
			`request.session.delete_test_cookie()`

			`return HttpResponseRedirect(redirect_to)`

			`else:`
			`form = authentication_form(request)`

			`request.session.set_test_cookie()`

			`#current_site = get_current_site(request)`

			`return render_to_response(template_name, {`
			`'form': form,`
			`redirect_field_name: redirect_to,`
			`#'site': current_site,`
			`#'site_name': current_site.name,`
			`'ADMIN_MEDIA_PREFIX': settings.ADMIN_MEDIA_PREFIX,`
			`}, context_instance=RequestContext(request))`


Rename templates to 'base.html', 'api.html', 'api.txt' and 'login.html' 2012-02-20 17:16:51 +04:00			`def api_logout(request, next_page=None, template_name='djangorestframework/login.html', redirect_field_name=REDIRECT_FIELD_NAME):`
Decouple views and resources 2011-05-04 12:21:17 +04:00			`return logout(request, next_page, template_name, redirect_field_name)`