Compare commits

..

No commits in common. "74afc805dcc2ce7b952b51b364bd40e02a43cc3c" and "ab1981f1bc64faf2538f92779f1dc730d1850054" have entirely different histories.

13 changed files with 88 additions and 169 deletions

View file

@ -8,7 +8,7 @@ export class APIError extends Error {
} }
} }
async function api_request( async function request(
method: HTTPMethod, method: HTTPMethod,
endpoint: string, endpoint: string,
successStatus: number, successStatus: number,
@ -29,7 +29,7 @@ async function api_request(
} }
init.headers.set("Accept", "application/json"); init.headers.set("Accept", "application/json");
init.headers.set("Content-Type", "application/json"); init.headers.set("Content-Type", "application/json");
const response = await fetch(`/api/${endpoint}/`, init); const response = await fetch(`/${endpoint}/`, init);
if (response.status !== 204) { if (response.status !== 204) {
if (response.status === successStatus) { if (response.status === successStatus) {
return await response.json(); return await response.json();
@ -39,6 +39,16 @@ async function api_request(
} }
} }
async function api_request(
method: HTTPMethod,
endpoint: string,
successStatus: number,
data: any,
authToken?: string
) {
return request(method, `api/${endpoint}`, successStatus, data, authToken);
}
export class User { export class User {
email: string | undefined; email: string | undefined;
password: string | undefined; password: string | undefined;
@ -52,7 +62,7 @@ export class User {
} }
async login(): Promise<void> { async login(): Promise<void> {
if (!this.username || !this.password) throw new APIError("", ""); if (!this.email || !this.password) throw new APIError("", "");
// logout any existing sessions // logout any existing sessions
//await logout() //await logout()
@ -63,7 +73,7 @@ export class User {
// authenticate us // authenticate us
const body = new window.FormData(); const body = new window.FormData();
body.append("username", this.username); body.append("username", this.email);
body.append("password", this.password); body.append("password", this.password);
const csrf_token = Cookies.get("csrftoken"); const csrf_token = Cookies.get("csrftoken");
if (csrf_token) body.append("csrfmiddlewaretoken", csrf_token); if (csrf_token) body.append("csrfmiddlewaretoken", csrf_token);
@ -92,7 +102,7 @@ export class User {
async signup(): Promise<void> { async signup(): Promise<void> {
await api_request("POST", "users", 201, { await api_request("POST", "users", 201, {
username: this.username, email: this.email,
password: this.password, password: this.password,
}); });
} }

View file

@ -1,45 +1,38 @@
<template> <template>
<form class="box" @submit.prevent="doAction"> <form class="box" @submit.prevent="doAction">
<div v-if="errorMessage" class="notification is-danger"> <b-field label="E-Mail-Adresse">
{{ errorMessage }} <b-input type="email" v-model="user.email" />
</div>
<b-field label="Benutzername">
<b-input type="text" v-model="user.username" />
</b-field> </b-field>
<b-field label="Kennwort"> <b-field label="Kennwort">
<b-input type="password" v-model="user.password" /> <b-input type="password" v-model="user.password" />
</b-field> </b-field>
<b-field v-if="mode === 'signup'" label="Kennwort wiederholen">
<b-input type="password" v-model="password2" /> <div v-if="false" class="notification is-danger">
</b-field> Email or password was wrong.
</div>
<div class="buttons"> <div class="buttons">
<b-button native-type="submit" type="is-primary"> <b-button
native-type="submit"
type="is-primary"
style="margin-left: auto; margin-right: 0; order: 10"
>
{{ mode === "login" ? "Anmelden" : "Konto anlegen" }} {{ mode === "login" ? "Anmelden" : "Konto anlegen" }}
</b-button> </b-button>
<router-link v-if="mode === 'login'" to="/signup"
>Konto anlegen</router-link
>
<router-link v-else to="/login">Anmelden</router-link>
</div> </div>
</form> </form>
</template> </template>
<script lang="ts"> <script lang="ts">
import { Component, Prop, Watch } from "vue-property-decorator"; import { Component, Prop, Vue, Watch } from "vue-property-decorator";
import { mixins } from "vue-class-component";
import { User } from "@/api"; import { User } from "@/api";
import { Route } from "vue-router"; import { Route } from "vue-router";
import { NotifyMixin } from "@/mixins";
@Component @Component
export default class LoginForm extends mixins(NotifyMixin) { export default class LoginForm extends Vue {
@Prop() private user!: User; @Prop() private user!: User;
private mode: "login" | "signup" = "login"; private mode: "login" | "signup" = "login";
private password2 = "";
private errorMessage = "";
public created(): void { public created(): void {
if (this.$route.name === "signup") this.mode = "signup"; if (this.$route.name === "signup") this.mode = "signup";
@ -55,20 +48,19 @@ export default class LoginForm extends mixins(NotifyMixin) {
} }
private async doAction() { private async doAction() {
try { if (this.mode === "login") {
if (this.mode === "login") { await this.user.login();
await this.user.login(); if (this.$route.name !== "home") this.$router.push({ name: "home" });
if (this.$route.name !== "home") this.$router.push({ name: "home" }); } else {
} else { await this.user.signup();
await this.user.signup(); this.$router.push({ name: "login" });
this.$router.push({ name: "login" }); this.$buefy.toast.open({
this.showSuccess("Du kannst dich nun anmelden."); message:
} "Eine E-Mail zur Bestätigung deiner E-Mail-Adresse wurde versendet.",
} catch { type: "is-success",
this.errorMessage = "Fehler"; });
} }
// TODO: error handling, show confirmation page
} }
} }
</script> </script>
<style lang="scss"></style>

View file

@ -2,12 +2,35 @@
<b-navbar> <b-navbar>
<template #brand> <template #brand>
<b-navbar-item tag="router-link" :to="{ path: '/' }"> <b-navbar-item tag="router-link" :to="{ path: '/' }">
<img src="/img/logo_text.png" alt="userausfall" /> <img
src="/img/logo_text.png"
alt="Lightweight UI components for Vue.js based on Bulma"
/>
</b-navbar-item> </b-navbar-item>
</template> </template>
<template #start> </template> <template #start>
<!--
<b-navbar-item href="#"> Home </b-navbar-item>
<b-navbar-item href="#"> Documentation </b-navbar-item>
<b-navbar-dropdown label="Info">
<b-navbar-item href="#"> About </b-navbar-item>
<b-navbar-item href="#"> Contact </b-navbar-item>
</b-navbar-dropdown>
-->
</template>
<template #end> </template> <template #end>
<b-navbar-item tag="div">
<div class="buttons">
<router-link :to="{ name: 'signup' }" class="button is-primary">
<strong>Konto anlegen</strong>
</router-link>
<router-link :to="{ name: 'login' }" class="button is-light"
>Anmelden</router-link
>
</div>
</b-navbar-item>
</template>
</b-navbar> </b-navbar>
</template> </template>

View file

@ -3,22 +3,17 @@ import Vue from "vue";
@Component @Component
export class NotifyMixin extends Vue { export class NotifyMixin extends Vue {
public showError(): void { showError(): void {
this.showMessage("Es ist leider ein Fehler aufgetreten.", "is-danger"); this.$buefy.toast.open({
message: "Es ist leider ein Fehler aufgetreten.",
type: "is-danger",
});
} }
showSuccess(message: string): void { showSuccess(message: string): void {
this.showMessage(message, "is-success"); this.$buefy.toast.open({
} message,
type: "is-success",
showWarning(message: string): void { });
this.showMessage(message, "is-warning");
}
private showMessage(
message: string,
type: "is-success" | "is-danger" | "is-warning"
): void {
this.$buefy.toast.open({ message, type });
} }
} }

View file

@ -29,7 +29,7 @@ export default class Home extends mixins(NotifyMixin) {
public async created(): Promise<void> { public async created(): Promise<void> {
if (this.$route.name === "confirm") { if (this.$route.name === "confirm") {
await this.doConfirm(); await this.doConfirm();
} else if (!this.user.isAuthenticated && this.$route.name !== "login") { } else if (!this.user.isAuthenticated) {
this.$router.push({ name: "login" }); this.$router.push({ name: "login" });
} }
} }

View file

@ -1,18 +0,0 @@
# Generated by Django 2.2.20 on 2021-07-29 10:10
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('userausfall', '0006_auto_20210521_0805'),
]
operations = [
migrations.AddField(
model_name='user',
name='email_unconfirmed',
field=models.EmailField(blank=True, max_length=254, unique=True, verbose_name='email address'),
),
]

View file

@ -1,25 +0,0 @@
# Generated by Django 2.2.20 on 2021-08-02 07:44
from django.conf import settings
from django.db import migrations, models
import django.db.models.deletion
class Migration(migrations.Migration):
dependencies = [
('userausfall', '0007_user_email_unconfirmed'),
]
operations = [
migrations.AlterField(
model_name='user',
name='confidant',
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='confidants', to=settings.AUTH_USER_MODEL),
),
migrations.AlterField(
model_name='user',
name='confidant_unconfirmed',
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='unconfirmed_confidants', to=settings.AUTH_USER_MODEL),
),
]

View file

@ -1,29 +0,0 @@
# Generated by Django 2.2.20 on 2021-08-02 07:45
import django.contrib.auth.validators
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('userausfall', '0008_auto_20210802_0744'),
]
operations = [
migrations.AlterField(
model_name='user',
name='email',
field=models.EmailField(blank=True, max_length=254, verbose_name='email address'),
),
migrations.AlterField(
model_name='user',
name='email_unconfirmed',
field=models.EmailField(blank=True, max_length=254, verbose_name='email address'),
),
migrations.AlterField(
model_name='user',
name='username',
field=models.CharField(blank=True, error_messages={'unique': 'A user with that username already exists.'}, help_text='Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.', max_length=150, unique=True, validators=[django.contrib.auth.validators.UnicodeUsernameValidator()], verbose_name='username'),
),
]

View file

@ -24,21 +24,21 @@ class PasswordMismatch(Exception):
class UserManager(BaseUserManager): class UserManager(BaseUserManager):
use_in_migrations = True use_in_migrations = True
def _create_user(self, username, password, **extra_fields): def _create_user(self, email, password, **extra_fields):
""" """
Create and save a user with the given username, email, and password. Create and save a user with the given username, email, and password.
""" """
# email = self.normalize_email(email) email = self.normalize_email(email)
username = self.model.normalize_username(username) # TODO: username = self.model.normalize_username(username)
user = self.model(username=username, **extra_fields) user = self.model(email=email, **extra_fields)
user.set_password(password) user.set_password(password)
user.save(using=self._db) user.save(using=self._db)
return user return user
def create_user(self, username, password=None, **extra_fields): def create_user(self, email, password=None, **extra_fields):
extra_fields.setdefault("is_staff", False) extra_fields.setdefault("is_staff", False)
extra_fields.setdefault("is_superuser", False) extra_fields.setdefault("is_superuser", False)
return self._create_user(username, password, **extra_fields) return self._create_user(email, password, **extra_fields)
def create_superuser(self, email, password, **extra_fields): def create_superuser(self, email, password, **extra_fields):
extra_fields.setdefault("is_staff", True) extra_fields.setdefault("is_staff", True)
@ -63,11 +63,9 @@ class User(AbstractBaseUser, PermissionsMixin):
), ),
validators=[username_validator], validators=[username_validator],
error_messages={"unique": _("A user with that username already exists.")}, error_messages={"unique": _("A user with that username already exists.")},
unique=True,
blank=True, blank=True,
) )
email = models.EmailField(_("email address"), blank=True) email = models.EmailField(_("email address"), unique=True, blank=True)
email_unconfirmed = models.EmailField(_("email address"), blank=True)
is_staff = models.BooleanField( is_staff = models.BooleanField(
_("staff status"), _("staff status"),
default=False, default=False,
@ -75,20 +73,19 @@ class User(AbstractBaseUser, PermissionsMixin):
) )
date_joined = models.DateTimeField(_("date joined"), default=timezone.now) date_joined = models.DateTimeField(_("date joined"), default=timezone.now)
confidant = models.ForeignKey( confidant = models.ForeignKey(
"User", on_delete=models.SET_NULL, null=True, blank=True, related_name="confidants" "User", on_delete=models.SET_NULL, null=True, related_name="confidants"
) )
confidant_unconfirmed = models.ForeignKey( confidant_unconfirmed = models.ForeignKey(
"User", "User",
on_delete=models.SET_NULL, on_delete=models.SET_NULL,
null=True, null=True,
blank=True,
related_name="unconfirmed_confidants", related_name="unconfirmed_confidants",
) )
objects = UserManager() objects = UserManager()
EMAIL_FIELD = "email" EMAIL_FIELD = "email"
USERNAME_FIELD = "username" USERNAME_FIELD = "email"
REQUIRED_FIELDS = [] REQUIRED_FIELDS = []
class Meta: class Meta:

View file

@ -1,11 +0,0 @@
from rest_framework import permissions
class UserPermission(permissions.BasePermission):
def has_permission(self, request, view):
if request.method == "POST":
return True
return False
def has_object_permission(self, request, view, obj):
return False

View file

@ -13,19 +13,9 @@ class UserSerializer(serializers.ModelSerializer):
class Meta: class Meta:
model = User model = User
fields = ("pk", "email", "username", "confidant_email") fields = ("pk", "email", "username", "confidant_email")
read_only_fields = ("email",)
def update(self, instance: User, validated_data): def update(self, instance: User, validated_data):
confidant_email = validated_data.pop("confidant_email") confidant_email = validated_data.pop("confidant_email")
confidant, _ = User.objects.get_or_create(email=confidant_email) confidant, _ = User.objects.get_or_create(email=confidant_email)
instance.confidant_unconfirmed = confidant instance.confidant_unconfirmed = confidant
return super().update(instance, validated_data) return super().update(instance, validated_data)
class CreateUserSerializer(serializers.ModelSerializer):
class Meta:
model = User
fields = ("username", "password")
def create(self, validated_data):
return User.objects.create_user(**validated_data)

View file

@ -5,8 +5,7 @@ from rest_framework.response import Response
from djeveric import ConfirmationView from djeveric import ConfirmationView
from userausfall.models import User, MissingUserAttribute, PasswordMismatch from userausfall.models import User, MissingUserAttribute, PasswordMismatch
from userausfall.confirmations import ConfidantConfirmation from userausfall.confirmations import ConfidantConfirmation
from userausfall.rest_api.permissions import UserPermission from userausfall.rest_api.serializers import UserSerializer, UserActivationSerializer
from userausfall.rest_api.serializers import UserSerializer, UserActivationSerializer, CreateUserSerializer
class ConfidantConfirmationView(ConfirmationView): class ConfidantConfirmationView(ConfirmationView):
@ -14,8 +13,8 @@ class ConfidantConfirmationView(ConfirmationView):
class UserViewSet(viewsets.ModelViewSet): class UserViewSet(viewsets.ModelViewSet):
permission_classes = [UserPermission]
queryset = User.objects.all() queryset = User.objects.all()
serializer_class = UserSerializer
@action(detail=True, methods=["post"]) @action(detail=True, methods=["post"])
def activate(self, request, pk=None): def activate(self, request, pk=None):
@ -30,7 +29,3 @@ class UserViewSet(viewsets.ModelViewSet):
return Response(status=status.HTTP_204_NO_CONTENT) return Response(status=status.HTTP_204_NO_CONTENT)
else: else:
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def get_serializer_class(self):
if self.action == "create":
return CreateUserSerializer

View file

@ -19,7 +19,7 @@ DATA_DIR = os.environ.get("USERAUSFALL_DATA_DIR", BASE_DIR)
# See https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/ # See https://docs.djangoproject.com/en/2.2/howto/deployment/checklist/
# SECURITY WARNING: keep the secret key used in production secret! # SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = os.environ.get('LOCAL_DJANGO_SECRET_KEY') SECRET_KEY = os.environ.get('USERAUSFALL_SECRET_KEY')
# SECURITY WARNING: don't run with debug turned on in production! # SECURITY WARNING: don't run with debug turned on in production!
DEBUG = True DEBUG = True