91 lines
3.2 KiB
Python
91 lines
3.2 KiB
Python
import json
|
|
|
|
from django.shortcuts import render
|
|
from django.shortcuts import redirect
|
|
from django.conf import settings
|
|
import django.contrib.auth
|
|
from django.contrib.auth import get_user_model
|
|
|
|
from ..item.utils import render_to_json
|
|
from ..utils import default_context
|
|
|
|
from brake.decorators import ratelimit
|
|
|
|
User = get_user_model()
|
|
|
|
|
|
@ratelimit(method="POST", block=True, rate="5/m")
|
|
def register(request):
|
|
context = default_context(request)
|
|
response = {}
|
|
request_type = 'json'
|
|
if request.method == "POST":
|
|
if "username" in request.POST and "password" in request.POST:
|
|
data = request.POST
|
|
request_type = 'html'
|
|
else:
|
|
data = json.loads(request.body)
|
|
if User.objects.filter(username__iexact=data['username']).exists():
|
|
response['error'] = 'username not allowed'
|
|
elif User.objects.filter(email__iexact=data['email']).exists():
|
|
response['error'] = 'username not allowed'
|
|
elif not data['password']:
|
|
response['error'] = 'password too simple'
|
|
if not response:
|
|
user = User(username=data['username'], email=data['email'].lower())
|
|
user.set_password(data['password'])
|
|
user.is_active = True
|
|
user.save()
|
|
user = django.contrib.auth.authenticate(username=data['username'], password=data['password'])
|
|
django.contrib.auth.login(request, user)
|
|
response['user'] = user.username
|
|
if request_type == 'html':
|
|
if 'error' in response:
|
|
context['error'] = response['error']
|
|
return render(request, 'register.html', context)
|
|
else:
|
|
return redirect('/')
|
|
return render_to_json(response)
|
|
else:
|
|
if request.user.is_authenticated:
|
|
return redirect('/')
|
|
context = default_context(request)
|
|
return render(request, 'register.html', context)
|
|
|
|
|
|
@ratelimit(method="POST", block=True, rate="5/m")
|
|
def login(request):
|
|
context = default_context(request)
|
|
response = {}
|
|
request_type = 'json'
|
|
if request.method == "POST":
|
|
if "username" in request.POST and "password" in request.POST:
|
|
data = request.POST
|
|
request_type = 'html'
|
|
else:
|
|
data = json.loads(request.body)
|
|
user = django.contrib.auth.authenticate(username=data['username'], password=data['password'])
|
|
if user is not None and user.is_active:
|
|
django.contrib.auth.login(request, user)
|
|
response['user'] = user.username
|
|
if request_type == 'html':
|
|
return redirect('/')
|
|
else:
|
|
response['error'] = 'login failed'
|
|
if request_type == 'html':
|
|
context['error'] = response['error']
|
|
return render(request, 'login.html', context)
|
|
return render_to_json(response)
|
|
else:
|
|
if request.user.is_authenticated:
|
|
return redirect('/')
|
|
return render(request, 'login.html', context)
|
|
|
|
|
|
def logout(request):
|
|
if request.user.is_authenticated:
|
|
django.contrib.auth.logout(request)
|
|
if request.method == "POST":
|
|
data = json.loads(request.body)
|
|
return render_to_json({})
|
|
return redirect('/')
|