diff options
author | Andrea Lepori <alepori@student.ethz.ch> | 2022-01-02 21:46:17 +0100 |
---|---|---|
committer | Andrea Lepori <alepori@student.ethz.ch> | 2022-01-02 21:46:41 +0100 |
commit | 8eff84fe8b00c32efda5e0090f12d02a01367155 (patch) | |
tree | 1c682a4e9f3c13df5c7267a49abdd3a0f88d92b7 /accounts | |
parent | login/register with midata (diff) | |
download | scout-subs-8eff84fe8b00c32efda5e0090f12d02a01367155.tar.gz scout-subs-8eff84fe8b00c32efda5e0090f12d02a01367155.zip |
disconnect oauth check validity
Diffstat (limited to '')
-rw-r--r-- | accounts/templates/accounts/index.html | 57 | ||||
-rw-r--r-- | accounts/urls.py | 1 | ||||
-rw-r--r-- | accounts/views.py | 34 |
3 files changed, 65 insertions, 27 deletions
diff --git a/accounts/templates/accounts/index.html b/accounts/templates/accounts/index.html index 874231b..7cd287d 100644 --- a/accounts/templates/accounts/index.html +++ b/accounts/templates/accounts/index.html @@ -12,13 +12,14 @@ <li class="tab"><a class="active" href="#personal">Info Personali</a></li> <li class="tab"><a href="#medic">Info Mediche</a></li> <li class="tab"><a href="#misc">Impostazioni</a></li> + <li class="tab"><a href="#test">Woooo</a></li> </ul> </div> {% endblock%} {% block content %} <form action="{% url 'personal'%}" method="post" id="form1" enctype="multipart/form-data"> -<div id="personal" class="row"> +<div "personal" class="row"> <div class="col l8 offset-l2 s12"> <div class="card-panel"> <div class="row"> @@ -310,10 +311,14 @@ <i class="large material-icons">save</i> </a> </div> - </form> </div> </div> </div> +<div id="test" class="row"> + <div class="col s12"> + Helloooooo + </div> +</div> <div id="misc" class="row"> <div class="col l8 offset-l2 s12"> <div class="card-panel"> @@ -322,29 +327,43 @@ <h6>Collegamento con MiData</h6> </div> </div> - <div class="row"> - <div class="col s12"> - Collega il tuo account con MiData per avere un login unico. Attenzione una volta collegato il - tuo account i dati presenti su MiData dovranno essere modificati sulla piattaforma stessa. + {% if midata_user %} + <div class="row"> + <div class="col s12"> + Il tuo utente è già connesso a MiData + </div> + <div class="col m6 s12"> + <a href={% url 'oauth_disconnect' %} style="width: 100%" class="btn waves-effect waves-light {{color}}"> + Scollega da MiData + </a> + </div> </div> - </div> - <div class="row"> - <div class="col m6 s12"> - <a href={% url 'oauth_login' %} style="width: 100%; background-color: #99BF62" class="btn waves-effect waves-light"> - <div class="row"> - <div class="col s2"> - <img style="height: 30px; padding-top: 3px" src="{% static 'pbs_logo.svg' %}" alt="PBS Logo"> - </div> - <div class="col s10"> - Collega a MiData + {% else %} + <div class="row"> + <div class="col s12"> + Collega il tuo account con MiData per avere un login unico. Attenzione una volta collegato il + tuo account i dati presenti su MiData dovranno essere modificati sulla piattaforma stessa. + </div> + </div> + <div class="row"> + <div class="col m6 s12"> + <a href={% url 'oauth_connect' %} style="width: 100%; background-color: #99BF62" class="btn waves-effect waves-light"> + <div class="row"> + <div class="col s2"> + <img style="height: 30px; padding-top: 3px" src="{% static 'pbs_logo.svg' %}" alt="PBS Logo"> + </div> + <div class="col s10"> + Collega a MiData + </div> </div> - </div> - </a> + </a> + </div> </div> - </div> + {% endif %} </div> </div> </div> +</form> {% endblock %} {% block script %} diff --git a/accounts/urls.py b/accounts/urls.py index 5f04051..fa85a5b 100644 --- a/accounts/urls.py +++ b/accounts/urls.py @@ -9,5 +9,6 @@ urlpatterns = [ path('oauth_login/', views.oauth_login, name='oauth_login'), path('auth/', views.auth, name='auth'), path('oauth_connect/', views.oauth_connect, name='oauth_connect'), + path('oauth_disconnect/', views.oauth_disconnect, name='oauth_disconnect'), path('auth_connect/', views.auth_connect, name='auth_connect'), ] diff --git a/accounts/views.py b/accounts/views.py index 06459d7..2b971b3 100644 --- a/accounts/views.py +++ b/accounts/views.py @@ -95,11 +95,22 @@ def auth(request): return HttpResponseRedirect('/') # send to hitobito request to get token +@login_required def oauth_connect(request): redirect_uri = request.build_absolute_uri(reverse('auth_connect')) return hitobito.authorize_redirect(request, redirect_uri) +@login_required +def oauth_disconnect(request): + usercode = UserCode.objects.filter(user=request.user)[0] + usercode.midata_id = 0 + usercode.midata_token = "" + usercode.save() + + return HttpResponseRedirect(reverse("personal") + "#misc") + # callback after acquiring token +@login_required def auth_connect(request): token = hitobito.authorize_access_token(request) @@ -111,13 +122,18 @@ def auth_connect(request): resp = requests.get(api_url, headers=headers) resp_data = resp.json() - # find user with that id - usercode = UserCode.objects.filter(user=user)[0] + # check that account is not linked to another + existing_codes = UserCode.objects.filter(midata_id=resp_data["id"]) + if len(existing_codes) > 0: + return personal_wrapper(request, True, "Questo utente è già collegato ad un altro") + + # save id to user + usercode = UserCode.objects.filter(user=request.user)[0] usercode.midata_id = resp_data["id"] usercode.midata_token = token["access_token"] usercode.save() - return HttpResponseRedirect('/') + return HttpResponseRedirect(reverse("personal") + "#misc") @sensitive_variables("raw_passsword") def signup(request): @@ -169,8 +185,13 @@ def signup(request): } return render(request, 'accounts/signup.html', context) +# create wrapper to send custom error from other views (oauth connect/disconnect) @login_required def personal(request): + return personal_wrapper(request, False, "") + +@login_required +def personal_wrapper(request, error, error_text): context = {} # additional user informations usercode = UserCode.objects.filter(user=request.user)[0] @@ -189,11 +210,6 @@ def personal(request): validation_dic = {} required_fields = ["first_name", "last_name", "email", "parent_name", "via", "cap", "country", "nationality", "phone", "avs_number", "emer_name", "emer_relative", "cell_phone", "address", "health_care", "injuries", "rc", "medic_name", "medic_phone", "medic_address"] - - # variables for throwing errors to the user - error = False - error_text = "" - if request.method == "POST": # requested download if request.POST['action'] == "download_vac": @@ -442,6 +458,7 @@ def personal(request): else: card_name = '' + midata_user = (usercode.midata_id > 0) # fill context context = { @@ -490,6 +507,7 @@ def personal(request): 'vac_certificate': vac_name, 'error': error, 'error_text': error_text, + 'midata_user': midata_user, } return render(request, 'accounts/index.html', context) |