search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Django-magic to prevent cross-site request forgery for POST requests
[mygpo.git] / mygpo / web / views / settings.py
blob874986399d34e12fd8e92d8b038fab9a43f7fc9c
1 #
2 # This file is part of my.gpodder.org.
3 #
4 # my.gpodder.org is free software: you can redistribute it and/or modify it
5 # under the terms of the GNU Affero General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or (at your
7 # option) any later version.
8 #
9 # my.gpodder.org is distributed in the hope that it will be useful, but
10 # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
11 # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
12 # License for more details.
13 #
14 # You should have received a copy of the GNU Affero General Public License
15 # along with my.gpodder.org. If not, see <http://www.gnu.org/licenses/>.
16 #
17
18 from django.shortcuts import render_to_response
19 from django.http import HttpResponseRedirect
20 from django.contrib.auth import logout
21 from django.template import RequestContext
22 from mygpo.api.models import Podcast, Subscription, SubscriptionMeta
23 from mygpo.web.models import SecurityToken
24 from mygpo.web.forms import UserAccountForm
25 from django.forms import ValidationError
26 from django.utils.translation import ugettext as _
27 from mygpo.api.basic_auth import require_valid_user
28 from django.contrib.auth.decorators import login_required
29 from django.shortcuts import get_object_or_404
30 from django.contrib.sites.models import Site
31
32 @login_required
33 def account(request):
34 success = False
35 error_message = ''
36
37 if request.method == 'GET':
38
39 form = UserAccountForm({
40 'email': request.user.email,
41 'public': request.user.get_profile().public_profile
42 })
43
44 return render_to_response('account.html', {
45 'form': form,
46 }, context_instance=RequestContext(request))
47
48 try:
49 form = UserAccountForm(request.POST)
50
51 if not form.is_valid():
52 raise ValueError(_('Oops! Something went wrong. Please double-check the data you entered.'))
53
54 if form.cleaned_data['password_current']:
55 if not request.user.check_password(form.cleaned_data['password_current']):
56 raise ValueError('Current password is incorrect')
57
58 request.user.set_password(form.cleaned_data['password1'])
59
60 request.user.email = form.cleaned_data['email']
61 request.user.save()
62 request.user.get_profile().save()
63
64 success = True
65
66 except ValueError, e:
67 success = False
68 error_message = e
69
70 except ValidationError, e:
71 success = False
72 error_message = e
73
74 return render_to_response('account.html', {
75 'form': form,
76 'success': success,
77 'error_message': error_message
78 }, context_instance=RequestContext(request))
79
80
81 @login_required
82 def delete_account(request):
83
84 if request.method == 'GET':
85 return render_to_response('delete_account.html', context_instance=RequestContext(request))
86
87 request.user.is_active = False
88 request.user.save()
89 logout(request)
90 return render_to_response('delete_account.html', {
91 'success': True
92 }, context_instance=RequestContext(request))
93
94
95 @login_required
96 def privacy(request):
97
98 if request.method == 'GET':
99 form = UserAccountForm({
100 'email': request.user.email,
101 'public': request.user.get_profile().public_profile
102 })
103
104 if 'private_subscriptions' in request.GET:
105 request.user.get_profile().public_profile = False
106 request.user.get_profile().save()
107
108 elif 'public_subscriptions' in request.GET:
109 request.user.get_profile().public_profile = True
110 request.user.get_profile().save()
111
112 if 'exclude' in request.GET:
113 id = request.GET['exclude']
114 try:
115 podcast = Podcast.objects.get(pk=id)
116 sm, c = SubscriptionMeta.objects.get_or_create(user=request.user, podcast=podcast, defaults={'public': False})
117
118 if not c:
119 sm.public=False
120 sm.save()
121
122 except Podcast.DoesNotExist:
123 pass
124
125 if 'include' in request.GET:
126 id = request.GET['include']
127 try:
128 podcast = Podcast.objects.get(pk=id)
129 sm, c = SubscriptionMeta.objects.get_or_create(user=request.user, podcast=podcast, defaults={'public': True})
130
131 if not c:
132 sm.public=True
133 sm.save()
134
135 except Podcast.DoesNotExist:
136 pass
137
138 subscriptions = [s for s in Subscription.objects.filter(user=request.user)]
139 included_subscriptions = set([s.podcast for s in subscriptions if s.get_meta().public])
140 excluded_subscriptions = set([s.podcast for s in subscriptions if not s.get_meta().public])
141
142 return render_to_response('privacy.html', {
143 'public_subscriptions': request.user.get_profile().public_profile,
144 'included_subscriptions': included_subscriptions,
145 'excluded_subscriptions': excluded_subscriptions,
146 }, context_instance=RequestContext(request))
147
148
149 @login_required
150 def share(request):
151 site = Site.objects.get_current()
152 token, c = SecurityToken.objects.get_or_create(user=request.user, object='subscriptions', action='r')
153
154
155 if 'public_subscriptions' in request.GET:
156 token.token = ''
157 token.save()
158
159 elif 'private_subscriptions' in request.GET:
160 token.random_token()
161 token.save()
162
163 return render_to_response('share.html', {
164 'site': site,
165 'token': token.token,
166 }, context_instance=RequestContext(request))
gpodder.net is a webservice that connects podcast players