#923: moved admin login form to misago.admin.forms

misago/admin/forms.py

@@ -0,0 +1,48 @@
+from django import forms
+from django.contrib.auth import authenticate
+from django.contrib.auth.forms import AuthenticationForm as BaseAuthenticationForm
+from django.core.exceptions import ValidationError
+from django.utils.translation import ugettext_lazy as _
+
+from misago.users.authmixin import AuthMixin
+
+
+class AdminAuthenticationForm(BaseAuthenticationForm, AuthMixin):
+    username = forms.CharField(
+        label=_("Username or e-mail"),
+        required=False,
+        max_length=254,
+    )
+    password = forms.CharField(
+        label=_("Password"),
+        strip=False,
+        required=False,
+        widget=forms.PasswordInput,
+    )
+
+    error_messages = {
+        'empty_data': _("Fill out both fields."),
+        'invalid_login': _("Login or password is incorrect."),
+        'not_staff': _("Your account does not have admin privileges."),
+    }
+    required_css_class = 'required'
+
+    def clean(self):
+        username = self.cleaned_data.get('username')
+        password = self.cleaned_data.get('password')
+
+        if username and password:
+            self.user_cache = authenticate(username=username, password=password)
+
+            if self.user_cache is None or not self.user_cache.is_active:
+                raise ValidationError(self.error_messages['invalid_login'], code='invalid_login')
+            else:
+                self.confirm_login_allowed(self.user_cache)
+        else:
+            raise ValidationError(self.error_messages['empty_data'], code='empty_data')
+
+        return self.cleaned_data
+
+    def confirm_login_allowed(self, user):
+        if not user.is_staff:
+            raise ValidationError(self.error_messages['not_staff'], code='not_staff')

misago/admin/tests/test_admin_views.py

@@ -133,6 +133,11 @@ class AdminLoginViewTests(TestCase):
 
         self.assertEqual(response.status_code, 302)
 
+    def test_login_no_data(self):
+        """login passess user thats staff and superuser"""
+        response = self.client.post(reverse('misago:admin:index'))
+        self.assertEqual(response.status_code, 200)
+
 
 class AdminLogoutTests(AdminTestCase):
     def test_admin_logout(self):

misago/admin/views/auth.py

@@ -6,7 +6,7 @@ from django.views.decorators.csrf import csrf_protect
 from django.views.decorators.debug import sensitive_post_parameters
 
 from misago.admin import auth
-from misago.users.forms.auth import AdminAuthenticationForm
+from misago.admin.forms import AdminAuthenticationForm
 
 
 @sensitive_post_parameters()

misago/users/api/auth.py

@@ -2,20 +2,17 @@ from rest_framework.decorators import api_view, permission_classes
 from rest_framework.response import Response
 
 from django.contrib import auth
-from django.core.exceptions import ValidationError
 from django.utils.translation import ugettext as _
 from django.views.decorators.csrf import csrf_protect
 from django.shortcuts import get_object_or_404
 
 from misago.conf import settings
 from misago.core.mail import mail_user
-from misago.users.bans import get_user_ban
-from misago.users.forms.auth import AuthenticationForm, ResendActivationForm, ResetPasswordForm
 from misago.users.serializers import (
     AnonymousUserSerializer, AuthenticatedUserSerializer, LoginSerializer,
     ResendActivationSerializer, SendPasswordFormSerializer, ChangePasswordSerializer)
 from misago.users.tokens import (
-    is_password_change_token_valid, make_activation_token, make_password_change_token)
+    make_activation_token, make_password_change_token)
 
 from .rest_permissions import UnbannedAnonOnly, UnbannedOnly
 

misago/users/forms/auth.py

@@ -95,63 +95,3 @@ class AdminAuthenticationForm(AuthenticationForm):
     def confirm_login_allowed(self, user):
         if not user.is_staff:
             raise forms.ValidationError(self.error_messages['not_staff'], code='not_staff')
-
-
-class GetUserForm(MisagoAuthMixin, forms.Form):
-    email = forms.CharField()
-
-    def clean(self):
-        data = super(GetUserForm, self).clean()
-
-        email = data.get('email')
-        if not email or len(email) > 250:
-            raise forms.ValidationError(_("Enter e-mail address."), code='empty_email')
-
-        try:
-            validate_email(email)
-        except forms.ValidationError:
-            raise forms.ValidationError(_("Entered e-mail is invalid."), code='invalid_email')
-
-        try:
-            user = UserModel.objects.get_by_email(data['email'])
-            if not user.is_active:
-                raise UserModel.DoesNotExist()
-            self.user_cache = user
-        except UserModel.DoesNotExist:
-            raise forms.ValidationError(_("No user with this e-mail exists."), code='not_found')
-
-        self.confirm_allowed(user)
-
-        return data
-
-    def confirm_allowed(self, user):
-        """override this method to include additional checks"""
-
-
-class ResendActivationForm(GetUserForm):
-    def confirm_allowed(self, user):
-        username_format = {'user': user.username}
-
-        if not user.requires_activation:
-            message = _("%(user)s, your account is already active.")
-            raise forms.ValidationError(message % username_format, code='already_active')
-
-        if user.requires_activation_by_admin:
-            message = _("%(user)s, only administrator may activate your account.")
-            raise forms.ValidationError(message % username_format, code='inactive_admin')
-
-
-class ResetPasswordForm(GetUserForm):
-    error_messages = {
-        'inactive_user': _(
-            "You have to activate your account before "
-            "you will be able to request new password."
-        ),
-        'inactive_admin': _(
-            "Administrator has to activate your account before "
-            "you will be able to request new password."
-        ),
-    }
-
-    def confirm_allowed(self, user):
-        self.confirm_user_active(user)