aboutsummaryrefslogtreecommitdiffstats
path: root/accounts/views.py
diff options
context:
space:
mode:
authorAndrea Lepori <alepori@student.ethz.ch>2022-01-02 21:46:17 +0100
committerAndrea Lepori <alepori@student.ethz.ch>2022-01-02 21:46:41 +0100
commit8eff84fe8b00c32efda5e0090f12d02a01367155 (patch)
tree1c682a4e9f3c13df5c7267a49abdd3a0f88d92b7 /accounts/views.py
parentlogin/register with midata (diff)
downloadscout-subs-8eff84fe8b00c32efda5e0090f12d02a01367155.tar.gz
scout-subs-8eff84fe8b00c32efda5e0090f12d02a01367155.zip
disconnect oauth check validity
Diffstat (limited to '')
-rw-r--r--accounts/views.py34
1 files changed, 26 insertions, 8 deletions
diff --git a/accounts/views.py b/accounts/views.py
index 06459d7..2b971b3 100644
--- a/accounts/views.py
+++ b/accounts/views.py
@@ -95,11 +95,22 @@ def auth(request):
return HttpResponseRedirect('/')
# send to hitobito request to get token
+@login_required
def oauth_connect(request):
redirect_uri = request.build_absolute_uri(reverse('auth_connect'))
return hitobito.authorize_redirect(request, redirect_uri)
+@login_required
+def oauth_disconnect(request):
+ usercode = UserCode.objects.filter(user=request.user)[0]
+ usercode.midata_id = 0
+ usercode.midata_token = ""
+ usercode.save()
+
+ return HttpResponseRedirect(reverse("personal") + "#misc")
+
# callback after acquiring token
+@login_required
def auth_connect(request):
token = hitobito.authorize_access_token(request)
@@ -111,13 +122,18 @@ def auth_connect(request):
resp = requests.get(api_url, headers=headers)
resp_data = resp.json()
- # find user with that id
- usercode = UserCode.objects.filter(user=user)[0]
+ # check that account is not linked to another
+ existing_codes = UserCode.objects.filter(midata_id=resp_data["id"])
+ if len(existing_codes) > 0:
+ return personal_wrapper(request, True, "Questo utente è già collegato ad un altro")
+
+ # save id to user
+ usercode = UserCode.objects.filter(user=request.user)[0]
usercode.midata_id = resp_data["id"]
usercode.midata_token = token["access_token"]
usercode.save()
- return HttpResponseRedirect('/')
+ return HttpResponseRedirect(reverse("personal") + "#misc")
@sensitive_variables("raw_passsword")
def signup(request):
@@ -169,8 +185,13 @@ def signup(request):
}
return render(request, 'accounts/signup.html', context)
+# create wrapper to send custom error from other views (oauth connect/disconnect)
@login_required
def personal(request):
+ return personal_wrapper(request, False, "")
+
+@login_required
+def personal_wrapper(request, error, error_text):
context = {}
# additional user informations
usercode = UserCode.objects.filter(user=request.user)[0]
@@ -189,11 +210,6 @@ def personal(request):
validation_dic = {}
required_fields = ["first_name", "last_name", "email", "parent_name", "via", "cap", "country", "nationality", "phone", "avs_number", "emer_name", "emer_relative", "cell_phone", "address", "health_care", "injuries", "rc", "medic_name", "medic_phone", "medic_address"]
-
- # variables for throwing errors to the user
- error = False
- error_text = ""
-
if request.method == "POST":
# requested download
if request.POST['action'] == "download_vac":
@@ -442,6 +458,7 @@ def personal(request):
else:
card_name = ''
+ midata_user = (usercode.midata_id > 0)
# fill context
context = {
@@ -490,6 +507,7 @@ def personal(request):
'vac_certificate': vac_name,
'error': error,
'error_text': error_text,
+ 'midata_user': midata_user,
}
return render(request, 'accounts/index.html', context)