mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-30 13:34:00 +03:00
62 lines
2.4 KiB
Python
62 lines
2.4 KiB
Python
from django.contrib.auth.views import *
|
|
from django.conf import settings
|
|
from django.http import HttpResponse
|
|
from django.shortcuts import render_to_response
|
|
from django.template import RequestContext
|
|
import base64
|
|
|
|
|
|
# BLERGH
|
|
# Replicate django.contrib.auth.views.login simply so we don't have get users to update TEMPLATE_CONTEXT_PROCESSORS
|
|
# to add ADMIN_MEDIA_PREFIX to the RequestContext. I don't like this but really really want users to not have to
|
|
# be making settings changes in order to accomodate django-rest-framework
|
|
@csrf_protect
|
|
@never_cache
|
|
def api_login(request, template_name='api_login.html',
|
|
redirect_field_name=REDIRECT_FIELD_NAME,
|
|
authentication_form=AuthenticationForm):
|
|
"""Displays the login form and handles the login action."""
|
|
|
|
redirect_to = request.REQUEST.get(redirect_field_name, '')
|
|
|
|
if request.method == "POST":
|
|
form = authentication_form(data=request.POST)
|
|
if form.is_valid():
|
|
# Light security check -- make sure redirect_to isn't garbage.
|
|
if not redirect_to or ' ' in redirect_to:
|
|
redirect_to = settings.LOGIN_REDIRECT_URL
|
|
|
|
# Heavier security check -- redirects to http://example.com should
|
|
# not be allowed, but things like /view/?param=http://example.com
|
|
# should be allowed. This regex checks if there is a '//' *before* a
|
|
# question mark.
|
|
elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to):
|
|
redirect_to = settings.LOGIN_REDIRECT_URL
|
|
|
|
# Okay, security checks complete. Log the user in.
|
|
auth_login(request, form.get_user())
|
|
|
|
if request.session.test_cookie_worked():
|
|
request.session.delete_test_cookie()
|
|
|
|
return HttpResponseRedirect(redirect_to)
|
|
|
|
else:
|
|
form = authentication_form(request)
|
|
|
|
request.session.set_test_cookie()
|
|
|
|
#current_site = get_current_site(request)
|
|
|
|
return render_to_response(template_name, {
|
|
'form': form,
|
|
redirect_field_name: redirect_to,
|
|
#'site': current_site,
|
|
#'site_name': current_site.name,
|
|
'ADMIN_MEDIA_PREFIX': settings.ADMIN_MEDIA_PREFIX,
|
|
}, context_instance=RequestContext(request))
|
|
|
|
|
|
def api_logout(request, next_page=None, template_name='api_login.html', redirect_field_name=REDIRECT_FIELD_NAME):
|
|
return logout(request, next_page, template_name, redirect_field_name)
|