implement access token activate/read/write stuff

2016-12-21 19:37:23 +01:00 · 2016-12-21 19:37:23 +01:00 · 642a73c235
commit 642a73c235
parent 8026b78f42
4 changed files with 60 additions and 8 deletions
--- a/src/c3nav/access/admin.py
+++ b/src/c3nav/access/admin.py
@ -29,7 +29,7 @@ admin.site.register(User, UserAdmin)
 class AccessTokenInline(admin.TabularInline):
    model = AccessToken
    show_change_link = True
-    readonly_fields = ('author', 'permissions', 'description', 'creation_date', 'expires', 'expired')
+    readonly_fields = ('author', 'permissions', 'description', 'creation_date', 'activated', 'expires', 'expired')

    def has_add_permission(self, request):
        return False
@ -55,9 +55,9 @@ class AccessTokenInstanceInline(admin.TabularInline):
@admin.register(AccessToken)
 class AccessTokenAdmin(admin.ModelAdmin):
    inlines = (AccessTokenInstanceInline,)
-    list_display = ('__str__', 'user', 'permissions', 'author', 'creation_date', 'expires', 'expired')
-    fields = ('user', 'permissions', 'author', 'creation_date', 'expires', 'expired')
-    readonly_fields = ('user', 'creation_date', 'expired')
+    list_display = ('__str__', 'user', 'permissions', 'author', 'creation_date', 'activated', 'expires', 'expired')
+    fields = ('user', 'permissions', 'author', 'creation_date', 'activated', 'expires', 'expired')
+    readonly_fields = ('user', 'creation_date', 'activated', 'expired')

    def has_add_permission(self, request):
        return False
--- a/src/c3nav/access/middleware.py
+++ b/src/c3nav/access/middleware.py
@ -0,0 +1,50 @@
+import re
+from datetime import timedelta
+
+from django.db import transaction
+from django.db.models import Q
+from django.utils import timezone
+
+from c3nav.access.models import AccessTokenInstance
+
+
+class AccessTokenMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        request.c3nav_access_instance = None
+        request.c3nav_access_token = None
+        request.c3nav_new_access_token = False
+
+        access_cookie = request.COOKIES.get('c3nav_access')
+        if access_cookie and re.match(r'^[0-9]+:[a-zA-Z0-9]+$', access_cookie):
+            pk, secret = access_cookie.split(':')
+            queryset = AccessTokenInstance.objects.filter(Q(access_token__id=int(pk), secret=secret),
+                                                          Q(expires__isnull=True) | Q(expires__gt=timezone.now()),
+                                                          Q(access_token__expired=False),
+                                                          Q(access_token__expires__isnull=True) |
+                                                          Q(access_token__expires__gt=timezone.now()))
+            access_instance = queryset.select_related('access_token').first()
+            if access_instance:
+                request.c3nav_access_instance = access_instance
+                request.c3nav_access_token = access_instance.access_token
+                request.c3nav_access_token.instances.filter(creation_date__lt=access_instance.creation_date).delete()
+
+        response = self.get_response(request)
+
+        if request.c3nav_access_token is not None:
+            with transaction.atomic():
+                cookie_value = request.c3nav_access_token.new_instance()
+                response.set_cookie('c3nav_access', cookie_value, expires=timezone.now() + timedelta(days=30))
+
+                if request.c3nav_new_access_token:
+                    request.c3nav_access_token.activated = True
+                    request.c3nav_access_token.save()
+
+                    if request.c3nav_access_instance:
+                        access_token = request.c3nav_access_instance.access_token
+                        access_token.expired = True
+                        access_token.save()
+
+        return response
--- a/src/c3nav/access/views.py
+++ b/src/c3nav/access/views.py
@ -69,8 +69,9 @@ def prove(request):


 def activate_token(request, pk, secret):
-    token = get_object_or_404(AccessToken, expired=False, id=pk, secret=secret)  # noqa
-
+    token = get_object_or_404(AccessToken, expired=False, activated=False, id=pk, secret=secret)
+    request.c3nav_access_token = token
+    request.c3nav_new_access_token = True
    return render(request, 'access/activate.html', context={
        'success': True,
    })
--- a/src/c3nav/settings.py
+++ b/src/c3nav/settings.py
@ -151,7 +151,7 @@ INSTALLED_APPS = [
    'c3nav.editor',
 ]

-MIDDLEWARE_CLASSES = [
+MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.locale.LocaleMiddleware',
@ -161,6 +161,7 @@ MIDDLEWARE_CLASSES = [
    'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    'c3nav.access.middleware.AccessTokenMiddleware',
 ]

 try:
@ -168,7 +169,7 @@ try:
 except ImportError:
    pass
 else:
-    MIDDLEWARE_CLASSES += [
+    MIDDLEWARE += [
        'htmlmin.middleware.HtmlMinifyMiddleware',
        'htmlmin.middleware.MarkRequestMiddleware',
    ]