team-3/src/c3nav/site/views.py

import json
from typing import Optional

import qrcode
from django.conf import settings
from django.contrib import messages
from django.contrib.auth import login, logout
from django.contrib.auth.decorators import login_required
from django.contrib.auth.forms import AuthenticationForm, PasswordChangeForm, UserCreationForm
from django.core.serializers.json import DjangoJSONEncoder
from django.db import transaction
from django.http import HttpResponse, HttpResponseBadRequest
from django.shortcuts import redirect, render
from django.urls import reverse
from django.utils import timezone
from django.utils.translation import ugettext_lazy as _
from django.utils.translation import ungettext_lazy
from django.views.decorators.cache import cache_control, never_cache
from django.views.decorators.clickjacking import xframe_options_exempt
from django.views.decorators.http import etag

from c3nav.mapdata.models import Location, Source
from c3nav.mapdata.models.access import AccessPermissionToken
from c3nav.mapdata.models.locations import LocationRedirect, SpecificLocation
from c3nav.mapdata.utils.locations import get_location_by_slug_for_request, levels_by_short_label_for_request
from c3nav.mapdata.utils.user import get_user_data
from c3nav.mapdata.views import set_tile_access_cookie
from c3nav.site.models import Announcement


def check_location(location: Optional[str], request) -> Optional[SpecificLocation]:
    if location is None:
        return None

    location = get_location_by_slug_for_request(location, request)
    if location is None:
        return None

    if isinstance(location, LocationRedirect):
        location: Location = location.target
    if location is None:
        return None

    if not location.can_search:
        location = None

    return location


def map_index(request, mode=None, slug=None, slug2=None, details=None,
              level=None, x=None, y=None, zoom=None, embed=None):
    origin = None
    destination = None
    routing = False
    if slug2 is not None:
        routing = True
        origin = check_location(slug, request)
        destination = check_location(slug2, request)
    else:
        routing = (mode and mode != 'l')
        if mode == 'o':
            origin = check_location(slug, request)
        else:
            destination = check_location(slug, request)

    state = {
        'routing': routing,
        'origin': (origin.serialize(detailed=False, simple_geometry=True, geometry=False)
                   if origin else None),
        'destination': (destination.serialize(detailed=False, simple_geometry=True, geometry=False)
                        if destination else None),
        'sidebar': routing or destination is not None,
        'details': True if details else False,
    }

    levels = levels_by_short_label_for_request(request)

    level = levels.get(level, None) if level else None
    if level is not None:
        state.update({
            'level': level.pk,
            'center': (float(x), float(y)),
            'zoom': float(zoom),
        })

    ctx = {
        'bounds': json.dumps(Source.max_bounds(), separators=(',', ':')),
        'levels': json.dumps(tuple((level.pk, level.short_label) for level in levels.values()), separators=(',', ':')),
        'state': json.dumps(state, separators=(',', ':'), cls=DjangoJSONEncoder),
        'tile_cache_server': settings.TILE_CACHE_SERVER,
        'embed': bool(embed),
    }

    announcement = Announcement.get_current()
    if announcement:
        messages.info(request, announcement.text)

    response = render(request, 'site/map.html', ctx)
    set_tile_access_cookie(request, response)
    if embed:
        xframe_options_exempt(lambda: response)()
    return response


def qr_code_etag(request, path):
    return '1'


@etag(qr_code_etag)
@cache_control(max_age=3600)
def qr_code(request, path):
    data = (request.build_absolute_uri('/'+path) +
            ('?'+request.META['QUERY_STRING'] if request.META['QUERY_STRING'] else ''))
    if len(data) > 256:
        return HttpResponseBadRequest()

    qr = qrcode.QRCode(
        version=1,
        error_correction=qrcode.constants.ERROR_CORRECT_L,
        box_size=10,
        border=2,
    )
    qr.add_data(data)
    qr.make(fit=True)

    response = HttpResponse(content_type='image/png')
    qr.make_image().save(response, 'PNG')
    return response


def close_response(request):
    ajax = request.is_ajax() or 'ajax' in request.GET
    if ajax:
        return HttpResponse(json.dumps(get_user_data(request), cls=DjangoJSONEncoder).encode(),
                            content_type='text/plain')
    redirect_path = request.GET['next'] if request.GET.get('next', '').startswith('/') else reverse('site.index')
    return redirect(redirect_path)


def redeem_token_after_login(request):
    token = request.session.pop('redeem_token_on_login')
    if not token:
        return

    try:
        token = AccessPermissionToken.objects.get(id=token)
    except AccessPermissionToken.DoesNotExist:
        return

    try:
        token.redeem(request.user)
    except AccessPermissionToken.RedeemError:
        messages.error(request, _('Areas could not be unlocked because the token has expired.'))
        return

    messages.success(request, token.redeem_success_message)


@never_cache
def login_view(request):
    if request.user.is_authenticated:
        return close_response(request)

    if request.method == 'POST':
        form = AuthenticationForm(request, data=request.POST)
        if form.is_valid():
            login(request, form.user_cache)
            redeem_token_after_login(request)
            return close_response(request)
    else:
        form = AuthenticationForm(request)

    return render(request, 'site/account_form.html', {
        'title': _('Log in'),
        'form': form,
        'bottom_link_url': reverse('site.register'),
        'bottom_link_text': _('Create new account')
    })


@never_cache
def logout_view(request):
    logout(request)
    return close_response(request)


@never_cache
def register_view(request):
    if request.user.is_authenticated:
        return close_response(request)

    if request.method == 'POST':
        form = UserCreationForm(data=request.POST)
        if form.is_valid():
            user = form.save()
            login(request, user)
            redeem_token_after_login(request)
            return close_response(request)
    else:
        form = UserCreationForm()

    form.fields['username'].max_length = 20
    for field in form.fields.values():
        field.help_text = None

    return render(request, 'site/account_form.html', {
        'title': _('Create new account'),
        'back_url': reverse('site.login'),
        'form': form
    })


@never_cache
@login_required(login_url='site.login')
def change_password_view(request):
    if request.method == 'POST':
        form = PasswordChangeForm(user=request.user, data=request.POST)
        if form.is_valid():
            form.save()
            login(request, request.user)
            messages.success(request, _('Password successfully changed.'))
            return redirect('site.account')
    else:
        form = PasswordChangeForm(user=request.user)

    for field in form.fields.values():
        field.help_text = None

    return render(request, 'site/account_form.html', {
        'title': _('Change password'),
        'back_url': reverse('site.account'),
        'form': form
    })


@never_cache
@login_required(login_url='site.login')
def account_view(request):
    return render(request, 'site/account.html', {})


@never_cache
def access_redeem_view(request, token):
    with transaction.atomic():
        try:
            token = AccessPermissionToken.objects.select_for_update().get(id=token, redeemed=False,
                                                                          valid_until__gte=timezone.now())
        except AccessPermissionToken.DoesNotExist:
            messages.error(request, _('This token does not exist or was already redeemed.'))
            return redirect('site.index')

        num_restrictions = len(token.restrictions)

        if request.method == 'POST':
            token.redeemed = True
            token.save()

            if not request.user.is_authenticated:
                messages.info(request, _('You need to log in to unlock areas.'))
                request.session['redeem_token_on_login'] = str(token.id)
                return redirect('site.login')

            token.redeemed_by = request.user
            token.save()

            messages.success(request, ungettext_lazy('Area successfully unlocked.',
                                                     'Areas successfully unlocked.', num_restrictions))
            return redirect('site.index')

    return render(request, 'site/confirm.html', {
        'title': ungettext_lazy('Unlock area', 'Unlock areas', num_restrictions),
        'texts': (ungettext_lazy('You have been invited to unlock the following area:',
                                 'You have been invited to unlock the following areas:',
                                 num_restrictions),
                  ', '.join(str(restriction.title) for restriction in token.restrictions)),
    })


def choose_language(request):
    return render(request, 'site/language.html', {})
start building a new main site based on leaflet! 2017-10-10 19:31:51 +02:00			`import json`
remove old code 2017-11-28 16:17:08 +01:00			`from typing import Optional`
typeahead inputs for the main site 2016-12-15 17:30:55 +01:00
add qr code view to site 2016-12-22 02:40:12 +01:00			`import qrcode`
add settings to use external cached tile server 2017-11-21 04:34:43 +01:00			`from django.conf import settings`
display success message after changing password 2017-12-07 17:26:51 +01:00			`from django.contrib import messages`
add login view and logic to display it 2017-12-07 13:12:56 +01:00			`from django.contrib.auth import login, logout`
			`from django.contrib.auth.decorators import login_required`
change password and some improvement of account panel 2017-12-07 17:02:44 +01:00			`from django.contrib.auth.forms import AuthenticationForm, PasswordChangeForm, UserCreationForm`
fix json error in state serialization 2017-11-30 13:31:45 +01:00			`from django.core.serializers.json import DjangoJSONEncoder`
redeem access permission tokens 2017-12-10 14:13:20 +01:00			`from django.db import transaction`
show current (maybe anonymous) user and their permissions 2017-12-04 16:11:42 +01:00			`from django.http import HttpResponse, HttpResponseBadRequest`
add login view and logic to display it 2017-12-07 13:12:56 +01:00			`from django.shortcuts import redirect, render`
			`from django.urls import reverse`
redeem access permission tokens 2017-12-10 14:13:20 +01:00			`from django.utils import timezone`
display success message after changing password 2017-12-07 17:26:51 +01:00			`from django.utils.translation import ugettext_lazy as _`
redeem access permission tokens 2017-12-10 14:13:20 +01:00			`from django.utils.translation import ungettext_lazy`
add login view and logic to display it 2017-12-07 13:12:56 +01:00			`from django.views.decorators.cache import cache_control, never_cache`
make c3nav embeddable using iframes 2017-12-07 00:52:13 +01:00			`from django.views.decorators.clickjacking import xframe_options_exempt`
add QR code view 2017-11-30 18:23:47 +01:00			`from django.views.decorators.http import etag`
first stuff for showing the route on the site 2016-12-17 19:25:27 +01:00
represent level in state url as short_label, not its id 2017-10-31 16:08:20 +01:00			`from c3nav.mapdata.models import Location, Source`
redeem access permission tokens 2017-12-10 14:13:20 +01:00			`from c3nav.mapdata.models.access import AccessPermissionToken`
finish history state logic, implement it in python 2017-10-31 15:28:49 +01:00			`from c3nav.mapdata.models.locations import LocationRedirect, SpecificLocation`
levels_by_short_label_for_request 2017-11-28 20:24:39 +01:00			`from c3nav.mapdata.utils.locations import get_location_by_slug_for_request, levels_by_short_label_for_request`
show current (maybe anonymous) user and their permissions 2017-12-04 16:11:42 +01:00			`from c3nav.mapdata.utils.user import get_user_data`
refactor tile code in meny places to allow reusing it 2017-11-21 00:15:49 +01:00			`from c3nav.mapdata.views import set_tile_access_cookie`
show announcements on main page 2017-12-10 15:40:28 +01:00			`from c3nav.site.models import Announcement`
typeahead inputs for the main site 2016-12-15 17:30:55 +01:00
add qr code view to site 2016-12-22 02:40:12 +01:00
finish history state logic, implement it in python 2017-10-31 15:28:49 +01:00			`def check_location(location: Optional[str], request) -> Optional[SpecificLocation]:`
			`if location is None:`
			`return None`

			`location = get_location_by_slug_for_request(location, request)`
			`if location is None:`
change short urls to not rely on doule slashes 2017-10-31 18:35:42 +01:00			`return None`
finish history state logic, implement it in python 2017-10-31 15:28:49 +01:00
			`if isinstance(location, LocationRedirect):`
			`location: Location = location.target`
			`if location is None:`
			`return None`

			`if not location.can_search:`
			`location = None`

			`return location`


make c3nav embeddable using iframes 2017-12-07 00:52:13 +01:00			`def map_index(request, mode=None, slug=None, slug2=None, details=None,`
			`level=None, x=None, y=None, zoom=None, embed=None):`
change short urls to not rely on doule slashes 2017-10-31 18:35:42 +01:00			`origin = None`
			`destination = None`
			`routing = False`
			`if slug2 is not None:`
			`routing = True`
			`origin = check_location(slug, request)`
			`destination = check_location(slug2, request)`
			`else:`
			`routing = (mode and mode != 'l')`
			`if mode == 'o':`
			`origin = check_location(slug, request)`
			`else:`
			`destination = check_location(slug, request)`
finish history state logic, implement it in python 2017-10-31 15:28:49 +01:00
			`state = {`
change short urls to not rely on doule slashes 2017-10-31 18:35:42 +01:00			`'routing': routing,`
finish history state logic, implement it in python 2017-10-31 15:28:49 +01:00			`'origin': (origin.serialize(detailed=False, simple_geometry=True, geometry=False)`
			`if origin else None),`
			`'destination': (destination.serialize(detailed=False, simple_geometry=True, geometry=False)`
			`if destination else None),`
change short urls to not rely on doule slashes 2017-10-31 18:35:42 +01:00			`'sidebar': routing or destination is not None,`
details url and toggle details 2017-11-22 18:02:11 +01:00			`'details': True if details else False,`
finish history state logic, implement it in python 2017-10-31 15:28:49 +01:00			`}`
represent level in state url as short_label, not its id 2017-10-31 16:08:20 +01:00
levels_by_short_label_for_request 2017-11-28 20:24:39 +01:00			`levels = levels_by_short_label_for_request(request)`
represent level in state url as short_label, not its id 2017-10-31 16:08:20 +01:00
			`level = levels.get(level, None) if level else None`
finish history state logic, implement it in python 2017-10-31 15:28:49 +01:00			`if level is not None:`
			`state.update({`
fix python map state parsing 2017-11-28 20:44:15 +01:00			`'level': level.pk,`
finish history state logic, implement it in python 2017-10-31 15:28:49 +01:00			`'center': (float(x), float(y)),`
			`'zoom': float(zoom),`
			`})`

start building a new main site based on leaflet! 2017-10-10 19:31:51 +02:00			`ctx = {`
level control on c3nav main site 2017-10-25 12:15:19 +02:00			`'bounds': json.dumps(Source.max_bounds(), separators=(',', ':')),`
fix data for level selector 2017-11-28 20:38:37 +01:00			`'levels': json.dumps(tuple((level.pk, level.short_label) for level in levels.values()), separators=(',', ':')),`
fix json error in state serialization 2017-11-30 13:31:45 +01:00			`'state': json.dumps(state, separators=(',', ':'), cls=DjangoJSONEncoder),`
add settings to use external cached tile server 2017-11-21 04:34:43 +01:00			`'tile_cache_server': settings.TILE_CACHE_SERVER,`
make c3nav embeddable using iframes 2017-12-07 00:52:13 +01:00			`'embed': bool(embed),`
start building a new main site based on leaflet! 2017-10-10 19:31:51 +02:00			`}`
show announcements on main page 2017-12-10 15:40:28 +01:00
			`announcement = Announcement.get_current()`
			`if announcement:`
			`messages.info(request, announcement.text)`

update tile access cookie setting infrastructure 2017-12-04 17:24:01 +01:00			`response = render(request, 'site/map.html', ctx)`
			`set_tile_access_cookie(request, response)`
make c3nav embeddable using iframes 2017-12-07 00:52:13 +01:00			`if embed:`
			`xframe_options_exempt(lambda: response)()`
update tile access cookie setting infrastructure 2017-12-04 17:24:01 +01:00			`return response`
add QR code view 2017-11-30 18:23:47 +01:00

			`def qr_code_etag(request, path):`
			`return '1'`


			`@etag(qr_code_etag)`
			`@cache_control(max_age=3600)`
			`def qr_code(request, path):`
			`data = (request.build_absolute_uri('/'+path) +`
			`('?'+request.META['QUERY_STRING'] if request.META['QUERY_STRING'] else ''))`
			`if len(data) > 256:`
			`return HttpResponseBadRequest()`

			`qr = qrcode.QRCode(`
			`version=1,`
			`error_correction=qrcode.constants.ERROR_CORRECT_L,`
			`box_size=10,`
add modal base and make the share button work 2017-12-05 16:47:56 +01:00			`border=2,`
add QR code view 2017-11-30 18:23:47 +01:00			`)`
			`qr.add_data(data)`
			`qr.make(fit=True)`

			`response = HttpResponse(content_type='image/png')`
			`qr.make_image().save(response, 'PNG')`
			`return response`
add login view and logic to display it 2017-12-07 13:12:56 +01:00

			`def close_response(request):`
			`ajax = request.is_ajax() or 'ajax' in request.GET`
			`if ajax:`
			`return HttpResponse(json.dumps(get_user_data(request), cls=DjangoJSONEncoder).encode(),`
			`content_type='text/plain')`
			`redirect_path = request.GET['next'] if request.GET.get('next', '').startswith('/') else reverse('site.index')`
			`return redirect(redirect_path)`


redeem token after logging in 2017-12-10 14:46:41 +01:00			`def redeem_token_after_login(request):`
			`token = request.session.pop('redeem_token_on_login')`
			`if not token:`
			`return`

			`try:`
			`token = AccessPermissionToken.objects.get(id=token)`
			`except AccessPermissionToken.DoesNotExist:`
			`return`

			`try:`
			`token.redeem(request.user)`
			`except AccessPermissionToken.RedeemError:`
			`messages.error(request, _('Areas could not be unlocked because the token has expired.'))`
			`return`

			`messages.success(request, token.redeem_success_message)`


add login view and logic to display it 2017-12-07 13:12:56 +01:00			`@never_cache`
			`def login_view(request):`
			`if request.user.is_authenticated:`
			`return close_response(request)`

			`if request.method == 'POST':`
			`form = AuthenticationForm(request, data=request.POST)`
			`if form.is_valid():`
			`login(request, form.user_cache)`
redeem token after logging in 2017-12-10 14:46:41 +01:00			`redeem_token_after_login(request)`
add login view and logic to display it 2017-12-07 13:12:56 +01:00			`return close_response(request)`
			`else:`
			`form = AuthenticationForm(request)`

merge similar forms into account_form.html 2017-12-07 18:02:44 +01:00			`return render(request, 'site/account_form.html', {`
			`'title': _('Log in'),`
			`'form': form,`
			`'bottom_link_url': reverse('site.register'),`
			`'bottom_link_text': _('Create new account')`
			`})`
add login view and logic to display it 2017-12-07 13:12:56 +01:00

			`@never_cache`
			`def logout_view(request):`
			`logout(request)`
			`return close_response(request)`


allow Register new account 2017-12-07 16:46:12 +01:00			`@never_cache`
			`def register_view(request):`
			`if request.user.is_authenticated:`
			`return close_response(request)`

			`if request.method == 'POST':`
			`form = UserCreationForm(data=request.POST)`
			`if form.is_valid():`
			`user = form.save()`
			`login(request, user)`
redeem token after logging in 2017-12-10 14:46:41 +01:00			`redeem_token_after_login(request)`
allow Register new account 2017-12-07 16:46:12 +01:00			`return close_response(request)`
			`else:`
			`form = UserCreationForm()`

change maxlength for username in registration 2017-12-07 16:48:19 +01:00			`form.fields['username'].max_length = 20`
allow Register new account 2017-12-07 16:46:12 +01:00			`for field in form.fields.values():`
			`field.help_text = None`

merge similar forms into account_form.html 2017-12-07 18:02:44 +01:00			`return render(request, 'site/account_form.html', {`
fix typo in registration form 2017-12-10 14:25:25 +01:00			`'title': _('Create new account'),`
merge similar forms into account_form.html 2017-12-07 18:02:44 +01:00			`'back_url': reverse('site.login'),`
			`'form': form`
			`})`
allow Register new account 2017-12-07 16:46:12 +01:00

change password and some improvement of account panel 2017-12-07 17:02:44 +01:00			`@never_cache`
			`@login_required(login_url='site.login')`
			`def change_password_view(request):`
			`if request.method == 'POST':`
			`form = PasswordChangeForm(user=request.user, data=request.POST)`
			`if form.is_valid():`
			`form.save()`
display success message after changing password 2017-12-07 17:26:51 +01:00			`login(request, request.user)`
			`messages.success(request, _('Password successfully changed.'))`
change password and some improvement of account panel 2017-12-07 17:02:44 +01:00			`return redirect('site.account')`
			`else:`
			`form = PasswordChangeForm(user=request.user)`

			`for field in form.fields.values():`
			`field.help_text = None`

merge similar forms into account_form.html 2017-12-07 18:02:44 +01:00			`return render(request, 'site/account_form.html', {`
			`'title': _('Change password'),`
			`'back_url': reverse('site.account'),`
			`'form': form`
			`})`
change password and some improvement of account panel 2017-12-07 17:02:44 +01:00

add login view and logic to display it 2017-12-07 13:12:56 +01:00			`@never_cache`
			`@login_required(login_url='site.login')`
			`def account_view(request):`
add simple account view 2017-12-07 13:19:15 +01:00			`return render(request, 'site/account.html', {})`
redeem access permission tokens 2017-12-10 14:13:20 +01:00

			`@never_cache`
			`def access_redeem_view(request, token):`
			`with transaction.atomic():`
			`try:`
			`token = AccessPermissionToken.objects.select_for_update().get(id=token, redeemed=False,`
			`valid_until__gte=timezone.now())`
			`except AccessPermissionToken.DoesNotExist:`
			`messages.error(request, _('This token does not exist or was already redeemed.'))`
			`return redirect('site.index')`

			`num_restrictions = len(token.restrictions)`

			`if request.method == 'POST':`
			`token.redeemed = True`
			`token.save()`

			`if not request.user.is_authenticated:`
			`messages.info(request, _('You need to log in to unlock areas.'))`
redeem token after logging in 2017-12-10 14:46:41 +01:00			`request.session['redeem_token_on_login'] = str(token.id)`
			`return redirect('site.login')`
redeem access permission tokens 2017-12-10 14:13:20 +01:00
			`token.redeemed_by = request.user`
			`token.save()`

			`messages.success(request, ungettext_lazy('Area successfully unlocked.',`
			`'Areas successfully unlocked.', num_restrictions))`
			`return redirect('site.index')`

			`return render(request, 'site/confirm.html', {`
			`'title': ungettext_lazy('Unlock area', 'Unlock areas', num_restrictions),`
			`'texts': (ungettext_lazy('You have been invited to unlock the following area:',`
			`'You have been invited to unlock the following areas:',`
			`num_restrictions),`
			`', '.join(str(restriction.title) for restriction in token.restrictions)),`
			`})`
choose language 2017-12-10 16:22:26 +01:00

			`def choose_language(request):`
			`return render(request, 'site/language.html', {})`