forked from CGM_Public/pretix_original
Refs #710 -- Remove monkeypatch for django-hijack
This commit is contained in:
Raphael Michel
@@ -1,16 +1,13 @@
|
|||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.contrib import messages
|
from django.contrib import messages
|
||||||
from django.contrib.auth import get_user_model
|
|
||||||
from django.contrib.auth.mixins import LoginRequiredMixin
|
from django.contrib.auth.mixins import LoginRequiredMixin
|
||||||
from django.core.exceptions import PermissionDenied
|
from django.shortcuts import get_object_or_404, redirect
|
||||||
from django.http import HttpResponseRedirect
|
|
||||||
from django.shortcuts import get_object_or_404, redirect, resolve_url
|
|
||||||
from django.urls import reverse
|
from django.urls import reverse
|
||||||
from django.utils.functional import cached_property
|
from django.utils.functional import cached_property
|
||||||
from django.utils.http import is_safe_url
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
from django.views import View
|
from django.views import View
|
||||||
from django.views.generic import ListView
|
from django.views.generic import ListView
|
||||||
|
from hijack.helpers import login_user, release_hijack
|
||||||
|
|
||||||
from pretix.base.models import User
|
from pretix.base.models import User
|
||||||
from pretix.base.services.mail import SendMailException
|
from pretix.base.services.mail import SendMailException
|
||||||
@@ -164,78 +161,3 @@ class UserCreateView(AdministratorPermissionRequiredMixin, RecentAuthenticationR
|
|||||||
def form_valid(self, form):
|
def form_valid(self, form):
|
||||||
messages.success(self.request, _('The new user has been created.'))
|
messages.success(self.request, _('The new user has been created.'))
|
||||||
return super().form_valid(form)
|
return super().form_valid(form)
|
||||||
|
|
||||||
|
|
||||||
# TODO: COMPAT methods: Remove after https://github.com/arteria/django-hijack/pull/178 is merged
|
|
||||||
def login_user(request, hijacked):
|
|
||||||
from hijack.helpers import (
|
|
||||||
check_hijack_authorization, get_used_backend, no_update_last_login, login,
|
|
||||||
hijack_started, hijack_settings
|
|
||||||
)
|
|
||||||
hijacker = request.user
|
|
||||||
hijack_history = [request.user._meta.pk.value_to_string(hijacker)]
|
|
||||||
if request.session.get('hijack_history'):
|
|
||||||
hijack_history = request.session['hijack_history'] + hijack_history
|
|
||||||
|
|
||||||
check_hijack_authorization(request, hijacked)
|
|
||||||
|
|
||||||
backend = get_used_backend(request)
|
|
||||||
hijacked.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
|
|
||||||
|
|
||||||
with no_update_last_login():
|
|
||||||
# Actually log user in
|
|
||||||
login(request, hijacked)
|
|
||||||
|
|
||||||
hijack_started.send(
|
|
||||||
sender=None, request=request,
|
|
||||||
hijacker=hijacker, hijacked=hijacked,
|
|
||||||
# send IDs for backward compatibility
|
|
||||||
hijacker_id=hijacker.pk, hijacked_id=hijacked.pk)
|
|
||||||
request.session['hijack_history'] = hijack_history
|
|
||||||
request.session['is_hijacked_user'] = True
|
|
||||||
request.session['display_hijack_warning'] = True
|
|
||||||
request.session.modified = True
|
|
||||||
return redirect_to_next(request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
|
|
||||||
|
|
||||||
|
|
||||||
def redirect_to_next(request, default_url):
|
|
||||||
redirect_to = request.GET.get('next', '')
|
|
||||||
if not is_safe_url(redirect_to, allowed_hosts=None):
|
|
||||||
redirect_to = default_url
|
|
||||||
return HttpResponseRedirect(resolve_url(redirect_to))
|
|
||||||
|
|
||||||
|
|
||||||
def release_hijack(request):
|
|
||||||
from hijack.helpers import (
|
|
||||||
get_used_backend, no_update_last_login, login, hijack_ended, hijack_settings
|
|
||||||
)
|
|
||||||
hijack_history = request.session.get('hijack_history', False)
|
|
||||||
|
|
||||||
if not hijack_history:
|
|
||||||
raise PermissionDenied
|
|
||||||
|
|
||||||
hijacker = None
|
|
||||||
hijacked = None
|
|
||||||
if hijack_history:
|
|
||||||
hijacked = request.user
|
|
||||||
user_pk = hijack_history.pop()
|
|
||||||
hijacker = get_object_or_404(get_user_model(), pk=user_pk)
|
|
||||||
backend = get_used_backend(request)
|
|
||||||
hijacker.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
|
|
||||||
with no_update_last_login():
|
|
||||||
login(request, hijacker)
|
|
||||||
if hijack_history:
|
|
||||||
request.session['hijack_history'] = hijack_history
|
|
||||||
request.session['is_hijacked_user'] = True
|
|
||||||
request.session['display_hijack_warning'] = True
|
|
||||||
else:
|
|
||||||
request.session.pop('hijack_history', None)
|
|
||||||
request.session.pop('is_hijacked_user', None)
|
|
||||||
request.session.pop('display_hijack_warning', None)
|
|
||||||
request.session.modified = True
|
|
||||||
hijack_ended.send(
|
|
||||||
sender=None, request=request,
|
|
||||||
hijacker=hijacker, hijacked=hijacked,
|
|
||||||
# send IDs for backward compatibility
|
|
||||||
hijacker_id=hijacker.pk, hijacked_id=hijacked.pk)
|
|
||||||
return redirect_to_next(request, default_url=hijack_settings.HIJACK_LOGOUT_REDIRECT_URL)
|
|
||||||
|
|||||||
@@ -32,7 +32,7 @@ bleach==2.*
|
|||||||
raven
|
raven
|
||||||
babel
|
babel
|
||||||
django-i18nfield>=1.4.0
|
django-i18nfield>=1.4.0
|
||||||
django-hijack==2.1.*
|
django-hijack>=2.1.10,<2.2.0
|
||||||
django-oauth-toolkit==1.2.*
|
django-oauth-toolkit==1.2.*
|
||||||
# Stripe
|
# Stripe
|
||||||
stripe==2.0.*
|
stripe==2.0.*
|
||||||
|
|||||||
Reference in New Issue
Block a user