From 74826178638ff8d0923a57f6480ffafa91cc30e3 Mon Sep 17 00:00:00 2001 From: Jason McBrayer Date: Wed, 22 Aug 2018 09:21:09 -0400 Subject: [PATCH] Improve handling of not-logged-in users --- brutaldon/settings.py | 3 ++ brutaldon/templates/base.html | 82 ++++++++++++++++++----------------- brutaldon/views.py | 71 +++++++++++++++++++++++++++--- 3 files changed, 110 insertions(+), 46 deletions(-) diff --git a/brutaldon/settings.py b/brutaldon/settings.py index a679f13..2399123 100644 --- a/brutaldon/settings.py +++ b/brutaldon/settings.py @@ -194,6 +194,9 @@ SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer' # write any magic numbers into the validation code TOOT_MAX_LENGTH = 500 +# URL to redirect users to when not logged in +ANONYMOUS_HOME_URL = 'about' + # Version number displayed on about page BRUTALDON_VERSION = "1.5" diff --git a/brutaldon/templates/base.html b/brutaldon/templates/base.html index c922871..f4eff99 100644 --- a/brutaldon/templates/base.html +++ b/brutaldon/templates/base.html @@ -46,45 +46,49 @@ {% endif %} - + {% if request.session.instance %} + {% if request.session.username or request.session.access_token %} + + {% endif %} + {% endif %} {% endblock %}
diff --git a/brutaldon/views.py b/brutaldon/views.py index b1dfdd8..4220863 100644 --- a/brutaldon/views.py +++ b/brutaldon/views.py @@ -1,6 +1,7 @@ -from django.http import HttpResponse, Http404 +from django.http import HttpResponse, Http404, HttpResponseRedirect from django.conf import settings as django_settings from django.shortcuts import render, redirect +from django.urls import reverse from django.views.decorators.cache import never_cache, cache_page from django.urls import reverse from django.core.files.uploadhandler import TemporaryFileUploadHandler @@ -67,11 +68,50 @@ def get_mastodon(request): def fullbrutalism_p(request): return request.session.get('fullbrutalism', False) +def is_logged_in(request): + return (request.session.has_key('instance') and + (request.session.has_key('username') or + request.session.has_key('access_token'))) + +def br_login_required(function=None, home_url=None, redirect_field_name=None): + """Check that the user is logged in to a Mastodon instance. + + This decorator ensures that the view functions it is called on can be + accessed only by logged in users. When an instanceless user accesses + such a protected view, they are redirected to the address specified in + the field named in `next_field` or, lacking such a value, the URL in + `home_url`, or the `ANONYMOUS_HOME_URL` setting. + """ + if home_url is None: + home_url = django_settings.ANONYMOUS_HOME_URL + + def _dec(view_func): + def _view(request, *args, **kwargs): + if not is_logged_in(request): + url = None + if redirect_field_name and redirect_field_name in request.REQUEST: + url = request.REQUEST[redirect_field_name] + if not url: + url = home_url + if not url: + url = "/" + return HttpResponseRedirect(url) + else: + return view_func(request, *args, **kwargs) + + _view.__name__ = view_func.__name__ + _view.__dict__ = view_func.__dict__ + _view.__doc__ = view_func.__doc__ + + return _view + + if function is None: + return _dec + else: + return _dec(function) + def timeline(request, timeline='home', timeline_name='Home', max_id=None, since_id=None): - try: - mastodon = get_mastodon(request) - except NotLoggedInException: - return redirect(about) + mastodon = get_mastodon(request) data = mastodon.timeline(timeline, limit=100, max_id=max_id, since_id=since_id) form = PostForm(initial={'visibility': request.session['user'].source.privacy}) try: @@ -97,15 +137,19 @@ def timeline(request, timeline='home', timeline_name='Home', max_id=None, since_ 'fullbrutalism': fullbrutalism_p(request), 'prev': prev, 'next': next}) +@br_login_required def home(request, next=None, prev=None): return timeline(request, 'home', 'Home', max_id=next, since_id=prev) +@br_login_required def local(request, next=None, prev=None): return timeline(request, 'local', 'Local', max_id=next, since_id=prev) +@br_login_required def fed(request, next=None, prev=None): return timeline(request, 'public', 'Federated', max_id=next, since_id=prev) +@br_login_required def tag(request, tag): try: mastodon = get_mastodon(request) @@ -248,6 +292,7 @@ def logout(request): def error(request): return render(request, 'error.html', { 'error': "Not logged in yet."}) +@br_login_required def note(request, next=None, prev=None): try: mastodon = get_mastodon(request) @@ -271,6 +316,7 @@ def note(request, next=None, prev=None): 'fullbrutalism': fullbrutalism_p(request), 'prev': prev, 'next': next}) +@br_login_required def thread(request, id): mastodon = get_mastodon(request) context = mastodon.status_context(id) @@ -280,6 +326,7 @@ def thread(request, id): 'own_acct': request.session['user'], 'fullbrutalism': fullbrutalism_p(request)}) +@br_login_required def user(request, username, prev=None, next=None): try: mastodon = get_mastodon(request) @@ -311,6 +358,7 @@ def user(request, username, prev=None, next=None): @never_cache +@br_login_required def settings(request): if request.method == 'POST': form = SettingsForm(request.POST) @@ -338,6 +386,7 @@ def settings(request): 'fullbrutalism': fullbrutalism_p(request)}) @never_cache +@br_login_required def toot(request, mention=None): if request.method == 'GET': if mention: @@ -381,6 +430,7 @@ def toot(request, mention=None): else: return redirect(toot) +@br_login_required def reply(request, id): if request.method == 'GET': mastodon = get_mastodon(request) @@ -432,6 +482,7 @@ def reply(request, id): return redirect(reply, id) @never_cache +@br_login_required def fav(request, id): mastodon = get_mastodon(request) toot = mastodon.status(id) @@ -450,6 +501,7 @@ def fav(request, id): 'fullbrutalism': fullbrutalism_p(request)}) @never_cache +@br_login_required def boost(request, id): mastodon = get_mastodon(request) toot = mastodon.status(id) @@ -468,6 +520,7 @@ def boost(request, id): "fullbrutalism": fullbrutalism_p(request)}) @never_cache +@br_login_required def delete(request, id): mastodon = get_mastodon(request) toot = mastodon.status(id) @@ -485,6 +538,7 @@ def delete(request, id): "fullbrutalism": fullbrutalism_p(request)}) @never_cache +@br_login_required def follow(request, id): mastodon = get_mastodon(request) try: @@ -507,6 +561,7 @@ def follow(request, id): 'fullbrutalism': fullbrutalism_p(request)}) @never_cache +@br_login_required def block(request, id): mastodon = get_mastodon(request) try: @@ -528,8 +583,8 @@ def block(request, id): 'own_acct': request.session['user'], 'fullbrutalism': fullbrutalism_p(request)}) - @never_cache +@br_login_required def mute(request, id): mastodon = get_mastodon(request) try: @@ -551,13 +606,14 @@ def mute(request, id): 'own_acct': request.session['user'], 'fullbrutalism': fullbrutalism_p(request)}) - +@br_login_required def search(request): return render(request, 'main/search.html', {"fullbrutalism": fullbrutalism_p(request), 'own_acct': request.session['user'], }) +@br_login_required def search_results(request): if request.method == 'GET': query = request.GET.get('q', '') @@ -585,6 +641,7 @@ def privacy(request): 'own_acct' : request.session['user']}) @cache_page(60 * 30) +@br_login_required def emoji_reference(request): mastodon = get_mastodon(request) emojos = mastodon.custom_emojis()