Commit 46126000 authored by frekk's avatar frekk
Browse files

add post-registration page, member middleware & phancy stuffs

parent 7f699435
......@@ -8,4 +8,11 @@
<b>Your membership registration has been submitted.</b><br><br>
Once it has been approved, you will receive an email with instructions to activate your account.
{% endblock %}
{% block form %}{% endblock %}
\ No newline at end of file
{% block form %}
{% if payment_url %}
<div class="form-row readonly">
<a class="button" title="Pay online with card, using Square payments" href="{{ payment_url }}">Pay online now</a>
{% endif %}
{% endblock %}
......@@ -2,24 +2,26 @@ from django.urls import path
from django.contrib.auth import views as auth_views
from django.views.generic.base import TemplateView
from . import views
from .views import MemberHomeView
from .views import MemberHomeView, MemberTokenView
from .register import RegisterView, RenewView
app_name = 'memberdb'
urlpatterns = [
path('', MemberHomeView.as_view(), name='home'),
path('', MemberHomeView.as_view(), name='index'),
# use the django-provided login views with our custom templates
path('login/', auth_views.LoginView.as_view(template_name='login.html'), name='login'),
path('logout/', auth_views.LogoutView.as_view(template_name='logout.html'), name='logout'),
# override the admin login/logout views
path('admin/login/', auth_views.LoginView.as_view(template_name='login.html')),
path('admin/logout/', auth_views.LogoutView.as_view(template_name='logout.html')),
# for members to "login" before having created a user account
path('login/<username>/<member_token>/', MemberTokenView.as_view(), name='login_member'),
path('register/', RegisterView.as_view(), name='register'),
path('renew/', RenewView.as_view(), name='renew'),
path('active/', views.getactive, name='actives'),
path('thanks/', TemplateView.as_view(template_name='thanks.html'), name='thanks'),
#path('<str:username>/',, name='info'),
\ No newline at end of file
from datetime import date
from django.http import HttpResponse, HttpResponseRedirect
from django.http import HttpResponse, HttpResponseRedirect, Http404
from django.shortcuts import render
from django.urls import reverse
from django.forms import ModelForm
from django.contrib import messages
from django.views.generic.base import View
from django.views.generic.edit import UpdateView
from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib.auth.mixins import AccessMixin
from .models import Member, IncAssocMember, Membership
from .forms import MemberHomeForm
def index(request):
member_list = Member.objects.all()
context = {
'member_list': member_list,
return render(request, 'index.html', context)
def getactive(request):
actives = Membership.objects.all().select_related('member')
actives.filter(date_submitted__range=(date(2018, 1, 1), date(2018, 12, 31)))
context = {
'member_list': actives,
return render(request, 'index.html', context)
class MemberMiddleware:
Django middleware to get the member info from a particular session
if logged in, get member from username, otherwise store some metadata in the session thingy
def __init__(self, get_response):
self.get_response = get_response
# One-time configuration and initialization.
def __call__(self, request):
# Code to be executed for each request before
# the view (and later middleware) are called.
request.member = None
if request.user.is_authenticated:
# get the username only when a user is logged in
# note that request.user will still exist even when the user isn't logged in
request.member = Member.objects.filter(username__exact=self.request.user.username).first()
if request.member is not None:
# clean the member's auth token because they now have a working login
request.member.token = None
# request.session is a dictionary-like object, its content is saved in the database
# and only a session ID is stored as a browser cookie (by default, but is configurable)
if 'member_id' in request.session:
# don't store member ID since we look it up by username
del request.session['member_id']
elif 'member_id' in request.session:
request.member = Member.objects.get(id=request.session['member_id'])
response = self.get_response(request)
# Code to be executed for each request/response after
# the view is called.
return response
class MemberAccessMixin(AccessMixin):
"""Verify that the current session has a member object associated with it, or that the user is logged in"""
def dispatch(self, request, *args, **kwargs):
if (not request.user.is_authenticated) and (request.member is None):
return self.handle_no_permission()
return super().dispatch(request, *args, **kwargs)
Can update and create models.
......@@ -49,7 +83,7 @@ class MyUpdateView(UpdateView):
kwargs.update({'request': self.request})
return kwargs
class MemberHomeView(LoginRequiredMixin, MyUpdateView):
class MemberHomeView(MemberAccessMixin, MyUpdateView):
model = Member
template_name = 'home.html'
form_class = MemberHomeForm
......@@ -67,5 +101,20 @@ class MemberHomeView(LoginRequiredMixin, MyUpdateView):
def form_valid(self, form):
messages.success(self.request, 'Member details updated.')
# redirect to ourselves?!! because I can't think of a less hacky way to do this
messages.warning(self.request, 'Could not update user display name in AD. Please try again once this feature has been implemented.')
# redisplay the page
return self.get(request, *args, **kwargs)
class MemberTokenView(View):
""" allow a user to login using a unique (secure) member token """
def get(self, request, **kwargs):
if not ('member_token' in kwargs and 'username' in kwargs) or user.is_authenticated:
raise Http404()
# look up the member using exact match for token and username
member = Member.objects.get(token=kwargs['member_token'], username=kwargs['username'])
if member is None:
raise Http404()
request.session['member_id'] =
return HttpResponseRedirect(reverse('memberdb:home'))
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment