rushilwiz/tjdests
1
0
Fork 0
mirror of https://github.com/etnguyen03/tjdests.git synced 2025-04-20 17:50:16 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat(authentication): add ability to lock login

Browse Source
This commit is contained in:
Ethan Nguyen 2021-07-30 18:37:22 -04:00
parent 10508eb5d4
commit 11234a520b
No known key found for this signature in database
GPG Key ID: B4CA5339AF911920
4 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
tjdests/apps/authentication/tests.py
View File

@ -33,6 +33,19 @@ class AuthenticationTest(TJDestsTestCase):
self.assertEqual(302, response.status_code) self.assertEqual(302, response.status_code)
self.assertNotIn("_auth_user_id", self.client.session) self.assertNotIn("_auth_user_id", self.client.session)
# Test login lock
self.login(make_student=True, make_superuser=False)
with self.settings(LOGIN_LOCKED=True):
response = self.client.get(reverse("authentication:tos"))
self.assertEqual(302, response.status_code)
self.assertNotIn("_auth_user_id", self.client.session)
# but superusers should be fine
self.login(make_student=True, make_superuser=True)
with self.settings(LOGIN_LOCKED=True):
response = self.client.get(reverse("authentication:tos"))
self.assertEqual(200, response.status_code)
# Make us a student and try again # Make us a student and try again
user = self.login(make_student=True) user = self.login(make_student=True)
response = self.client.get(reverse("authentication:tos")) response = self.client.get(reverse("authentication:tos"))

7
tjdests/apps/authentication/views.py
View File

@ -1,3 +1,4 @@
from django.conf import settings
from django.contrib import messages from django.contrib import messages
from django.contrib.auth import login, logout from django.contrib.auth import login, logout
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
@ -17,6 +18,12 @@ class IndexView(TemplateView):
def accept_tos_view(request: HttpRequest) -> HttpResponse: def accept_tos_view(request: HttpRequest) -> HttpResponse:
assert request.user.is_authenticated assert request.user.is_authenticated
if settings.LOGIN_LOCKED:
if not request.user.is_superuser:
logout(request)
messages.error(request, "Login is restricted to administrators only.")
return redirect(reverse("authentication:index"))
if not request.user.is_student: if not request.user.is_student:
logout(request) logout(request)
messages.error(request, "You must be a student to access this site.") messages.error(request, "You must be a student to access this site.")

1
tjdests/settings/__init__.py
View File

@ -167,6 +167,7 @@ MESSAGE_TAGS = {
SENIOR_GRAD_YEAR: int = -1 SENIOR_GRAD_YEAR: int = -1
BRANDING_NAME: str = "UNDEFINED" BRANDING_NAME: str = "UNDEFINED"
GLOBAL_MESSAGE: Optional[str] = None GLOBAL_MESSAGE: Optional[str] = None
LOGIN_LOCKED = False
try: try:
from .secret import * # noqa # pylint: disable=unused-import from .secret import * # noqa # pylint: disable=unused-import

3
tjdests/settings/secret.sample.py
View File

@ -21,3 +21,6 @@ SOCIAL_AUTH_ION_SECRET = "ionsecret"
# Message blast - treated as HTML safe text # Message blast - treated as HTML safe text
# type is str # type is str
GLOBAL_MESSAGE = None GLOBAL_MESSAGE = None
# Login lock: if True, restrict login to superusers only
LOGIN_LOCKED = False