Slow beginnings with Misago Admin

misago/admin/auth.py

@@ -0,0 +1,26 @@
+from hashlib import md5
+from django.contrib import auth as dj_auth
+
+
+def make_user_admin_token(user):
+    formula = '%s:%s:%s' % (user.pk, user.email, user.password)
+    return md5(formula).hexdigest()
+
+
+def login(request, user):
+    pass
+
+
+def logout(request):
+    pass
+
+
+def is_admin_session(request):
+    if request.user.is_anonymous:
+        return False
+
+    if not (request.user.is_staff and request.user.is_superuser):
+        return False
+
+    admin_token = request.session.get('misago_admin_token')
+    return admin_token == make_user_admin_token(request.user)

misago/admin/middleware.py

@@ -0,0 +1,13 @@
+from django.conf import settings
+from misago.admin.auth import is_admin_session
+from misago.admin.views.auth import login
+
+
+class AdminAuthMiddleware(object):
+    def process_view(self, request, view_func, view_args, view_kwargs):
+        url_namespace = request.resolver_match.namespace
+        admin_request = url_namespace in settings.MISAGO_ADMIN_NAMESPACES
+        request.misago_admin_auth = admin_request
+
+        if request.misago_admin_auth and not is_admin_session(request):
+            return login(request)

misago/admin/views/auth.py

@@ -0,0 +1,26 @@
+from django.contrib import messages
+from django.http import Http404
+from django.shortcuts import render, redirect
+from django.utils.translation import ugettext as _
+from django.views.decorators.debug import sensitive_post_parameters
+from django.views.decorators.cache import never_cache
+from django.views.decorators.csrf import csrf_protect
+from misago.admin import auth
+from misago.users.forms.auth import AdminAuthenticationForm
+
+
+@sensitive_post_parameters()
+@csrf_protect
+@never_cache
+def login(request):
+    url_namespace = request.resolver_match.namespace
+    form = AdminAuthenticationForm(request)
+
+    if request.method == 'POST':
+        form = AdminAuthenticationForm(request, data=request.POST)
+        if form.is_valid():
+            auth.login(request, form.user_cache)
+            return redirect('%s:index' % url_namespace)
+
+    return render(request, 'misago/admin/login.html',
+                  {'form': form, 'namespace': url_namespace})

misago/conf/defaults.py

@@ -90,6 +90,7 @@ MIDDLEWARE_CLASSES = (
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'misago.core.middleware.threadstore.ThreadStoreMiddleware',
     'misago.core.middleware.exceptionhandler.ExceptionHandlerMiddleware',
+    'misago.admin.middleware.AdminAuthMiddleware',
 )
 
 TEMPLATE_CONTEXT_PROCESSORS = (
@@ -155,3 +156,9 @@ LOGOUT_URL = 'misago:logout'
 # Omit starting and trailing slashes
 # To disable Misago admin, empty this value
 MISAGO_ADMIN_PATH = 'admincp'
+
+# Admin urls namespaces that Misago's AdminAuthMiddleware should protect
+MISAGO_ADMIN_NAMESPACES = (
+    'admin',
+    'misago:admin',
+)

misago/templates/admin/login.html

@@ -1,56 +0,0 @@
-{# Django 1.7 Admin Login template here cos 1.6 template fails to work with floppyforms. #}
-{% extends "admin/base_site.html" %}
-{% load i18n admin_static %}
-
-{% block extrastyle %}{{ block.super }}<link rel="stylesheet" type="text/css" href="{% static "admin/css/login.css" %}" />{% endblock %}
-
-{% block bodyclass %}{{ block.super }} login{% endblock %}
-
-{% block nav-global %}{% endblock %}
-
-{% block content_title %}{% endblock %}
-
-{% block breadcrumbs %}{% endblock %}
-
-{% block content %}
-{% if form.errors and not form.non_field_errors %}
-<p class="errornote">
-{% if form.errors.items|length == 1 %}{% trans "Please correct the error below." %}{% else %}{% trans "Please correct the errors below." %}{% endif %}
-</p>
-{% endif %}
-
-{% if form.non_field_errors %}
-{% for error in form.non_field_errors %}
-<p class="errornote">
-    {{ error }}
-</p>
-{% endfor %}
-{% endif %}
-
-<div id="content-main">
-<form action="{{ app_path }}" method="post" id="login-form">{% csrf_token %}
-  <div class="form-row">
-    {{ form.username.errors }}
-    {{ form.username.label_tag }} {{ form.username }}
-  </div>
-  <div class="form-row">
-    {{ form.password.errors }}
-    {{ form.password.label_tag }} {{ form.password }}
-    <input type="hidden" name="next" value="{{ next }}" />
-  </div>
-  {% url 'admin_password_reset' as password_reset_url %}
-  {% if password_reset_url %}
-  <div class="password-reset-link">
-    <a href="{{ password_reset_url }}">{% trans 'Forgotten your password or username?' %}</a>
-  </div>
-  {% endif %}
-  <div class="submit-row">
-    <label>&nbsp;</label><input type="submit" value="{% trans 'Log in' %}" />
-  </div>
-</form>
-
-<script type="text/javascript">
-document.getElementById('id_username').focus()
-</script>
-</div>
-{% endblock %}

misago/templates/misago/admin/base.html

@@ -0,0 +1,39 @@
+{% load compressed %}
+{% load i18n %}
+{% load staticfiles %}
+<!DOCTYPE html>
+<html lang="{{ LANGUAGE_CODE }}">
+  <head>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>{% block title %}{{ misago_settings.forum_name }}{% endblock %}</title>
+    <meta name="description" content="{% block meta_description %}{% endblock %}">
+    <!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
+    <!--[if lt IE 9]>
+      <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
+      <script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
+    <![endif]-->
+    {% compressed_css 'misago' %}
+    <link rel="apple-touch-icon-precomposed" sizes="144x144" href="{% static 'apple-touch-icon-144-precomposed.png' %}">
+    <link rel="apple-touch-icon-precomposed" sizes="114x114" href="{% static 'apple-touch-icon-114-precomposed.png' %}">
+    <link rel="apple-touch-icon-precomposed" sizes="72x72" href="{% static 'apple-touch-icon-72-precomposed.png' %}">
+    <link rel="apple-touch-icon-precomposed" href="{% static 'apple-touch-icon-57-precomposed.png' %}">
+    <link rel="shortcut icon" href="{% static 'favicon.ico' %}">
+  </head>
+  <body>
+
+    {% include "misago/navbar.html" %}
+    {% include "misago/jumbotron.html" %}
+    {% include "misago/messages.html" %}
+
+    {% block content %}{% endblock %}
+
+    {% include "misago/footer.html" %}
+
+    {# We include JavaScript at the end of page body so it loads faster #}
+    {% compressed_js 'misago' %}
+    {% block extra_scripts %}{% endblock %}
+
+  </body>
+</html>

misago/templates/misago/admin/login.html

@@ -0,0 +1,8 @@
+{% load i18n%}
+
+
+{% if namespace == "misago:admin" %}
+{% trans "Misago Admin" %}
+{% else %}
+{% trans "Django Admin" %}
+{% endif %}

misago/users/views/auth.py

@@ -21,8 +21,8 @@ def login(request):
     if request.method == 'POST':
         form = AuthenticationForm(request, data=request.POST)
         if form.is_valid():
-            message = _("Welcome back, %(username)s! You have been signed "
-                        "in successfully.")
+            message = _("Welcome back, %(username)s! You have been "
+                        "signed in successfully.")
             messages.success(
                 request, message % {'username': form.user_cache.username})
             auth.login(request, form.user_cache)