1
0
mirror of https://github.com/django/django.git synced 2024-12-23 01:25:58 +00:00

Standardized calling decorators on contrib.auth views.

This commit is contained in:
Claude Paroz 2024-08-10 16:57:29 +02:00
parent f16a9a556f
commit 13585de7ac

View File

@ -62,7 +62,10 @@ class RedirectURLMixin:
raise ImproperlyConfigured("No URL to redirect to. Provide a next_page.") raise ImproperlyConfigured("No URL to redirect to. Provide a next_page.")
@method_decorator(login_not_required, name="dispatch") @method_decorator(
[login_not_required, sensitive_post_parameters(), csrf_protect, never_cache],
name="dispatch",
)
class LoginView(RedirectURLMixin, FormView): class LoginView(RedirectURLMixin, FormView):
""" """
Display the login form and handle the login action. Display the login form and handle the login action.
@ -74,9 +77,6 @@ class LoginView(RedirectURLMixin, FormView):
redirect_authenticated_user = False redirect_authenticated_user = False
extra_context = None extra_context = None
@method_decorator(sensitive_post_parameters())
@method_decorator(csrf_protect)
@method_decorator(never_cache)
def dispatch(self, request, *args, **kwargs): def dispatch(self, request, *args, **kwargs):
if self.redirect_authenticated_user and self.request.user.is_authenticated: if self.redirect_authenticated_user and self.request.user.is_authenticated:
redirect_to = self.get_success_url() redirect_to = self.get_success_url()
@ -122,6 +122,7 @@ class LoginView(RedirectURLMixin, FormView):
return context return context
@method_decorator([csrf_protect, never_cache], name="dispatch")
class LogoutView(RedirectURLMixin, TemplateView): class LogoutView(RedirectURLMixin, TemplateView):
""" """
Log out the user and display the 'You are logged out' message. Log out the user and display the 'You are logged out' message.
@ -131,11 +132,6 @@ class LogoutView(RedirectURLMixin, TemplateView):
template_name = "registration/logged_out.html" template_name = "registration/logged_out.html"
extra_context = None extra_context = None
@method_decorator(csrf_protect)
@method_decorator(never_cache)
def dispatch(self, request, *args, **kwargs):
return super().dispatch(request, *args, **kwargs)
def post(self, request, *args, **kwargs): def post(self, request, *args, **kwargs):
"""Logout may be done via POST.""" """Logout may be done via POST."""
auth_logout(request) auth_logout(request)
@ -211,7 +207,7 @@ class PasswordContextMixin:
return context return context
@method_decorator(login_not_required, name="dispatch") @method_decorator([login_not_required, csrf_protect], name="dispatch")
class PasswordResetView(PasswordContextMixin, FormView): class PasswordResetView(PasswordContextMixin, FormView):
email_template_name = "registration/password_reset_email.html" email_template_name = "registration/password_reset_email.html"
extra_email_context = None extra_email_context = None
@ -224,10 +220,6 @@ class PasswordResetView(PasswordContextMixin, FormView):
title = _("Password reset") title = _("Password reset")
token_generator = default_token_generator token_generator = default_token_generator
@method_decorator(csrf_protect)
def dispatch(self, *args, **kwargs):
return super().dispatch(*args, **kwargs)
def form_valid(self, form): def form_valid(self, form):
opts = { opts = {
"use_https": self.request.is_secure(), "use_https": self.request.is_secure(),
@ -252,7 +244,9 @@ class PasswordResetDoneView(PasswordContextMixin, TemplateView):
title = _("Password reset sent") title = _("Password reset sent")
@method_decorator(login_not_required, name="dispatch") @method_decorator(
[login_not_required, sensitive_post_parameters(), never_cache], name="dispatch"
)
class PasswordResetConfirmView(PasswordContextMixin, FormView): class PasswordResetConfirmView(PasswordContextMixin, FormView):
form_class = SetPasswordForm form_class = SetPasswordForm
post_reset_login = False post_reset_login = False
@ -263,8 +257,6 @@ class PasswordResetConfirmView(PasswordContextMixin, FormView):
title = _("Enter new password") title = _("Enter new password")
token_generator = default_token_generator token_generator = default_token_generator
@method_decorator(sensitive_post_parameters())
@method_decorator(never_cache)
def dispatch(self, *args, **kwargs): def dispatch(self, *args, **kwargs):
if "uidb64" not in kwargs or "token" not in kwargs: if "uidb64" not in kwargs or "token" not in kwargs:
raise ImproperlyConfigured( raise ImproperlyConfigured(
@ -350,18 +342,15 @@ class PasswordResetCompleteView(PasswordContextMixin, TemplateView):
return context return context
@method_decorator(
[sensitive_post_parameters(), csrf_protect, login_required], name="dispatch"
)
class PasswordChangeView(PasswordContextMixin, FormView): class PasswordChangeView(PasswordContextMixin, FormView):
form_class = PasswordChangeForm form_class = PasswordChangeForm
success_url = reverse_lazy("password_change_done") success_url = reverse_lazy("password_change_done")
template_name = "registration/password_change_form.html" template_name = "registration/password_change_form.html"
title = _("Password change") title = _("Password change")
@method_decorator(sensitive_post_parameters())
@method_decorator(csrf_protect)
@method_decorator(login_required)
def dispatch(self, *args, **kwargs):
return super().dispatch(*args, **kwargs)
def get_form_kwargs(self): def get_form_kwargs(self):
kwargs = super().get_form_kwargs() kwargs = super().get_form_kwargs()
kwargs["user"] = self.request.user kwargs["user"] = self.request.user
@ -375,10 +364,7 @@ class PasswordChangeView(PasswordContextMixin, FormView):
return super().form_valid(form) return super().form_valid(form)
@method_decorator(login_required, name="dispatch")
class PasswordChangeDoneView(PasswordContextMixin, TemplateView): class PasswordChangeDoneView(PasswordContextMixin, TemplateView):
template_name = "registration/password_change_done.html" template_name = "registration/password_change_done.html"
title = _("Password change successful") title = _("Password change successful")
@method_decorator(login_required)
def dispatch(self, *args, **kwargs):
return super().dispatch(*args, **kwargs)