diff --git a/account/decorators.py b/account/decorators.py index d2ed1acd..2efdb99e 100644 --- a/account/decorators.py +++ b/account/decorators.py @@ -6,7 +6,7 @@ import functools from django.http import HttpResponseRedirect from django.utils.translation import ugettext as _ -from utils.shortcuts import error_response, error_page +from utils.shortcuts import error_response, error_page, redirect_to_login from .models import AdminType @@ -34,7 +34,7 @@ class BasePermissionDecorator(object): if self.request.is_ajax(): return error_response(_("Please login in first")) else: - return HttpResponseRedirect("/login/?__from=" + urllib.quote(self.request.path)) + return redirect_to_login(self.request) def check_permission(self): raise NotImplementedError() @@ -47,9 +47,11 @@ class login_required(BasePermissionDecorator): class super_admin_required(BasePermissionDecorator): def check_permission(self): - return self.request.user.is_authenticated() and self.request.user.admin_type == AdminType.SUPER_ADMIN + return self.request.user.is_authenticated() and \ + self.request.user.admin_type == AdminType.SUPER_ADMIN class admin_required(BasePermissionDecorator): def check_permission(self): - return self.request.user.is_authenticated() and self.request.user.admin_type in [AdminType.SUPER_ADMIN, AdminType.ADMIN] + return self.request.user.is_authenticated() and \ + self.request.user.admin_type in [AdminType.SUPER_ADMIN, AdminType.ADMIN] diff --git a/account/middleware.py b/account/middleware.py index 91081e9a..8d024c49 100644 --- a/account/middleware.py +++ b/account/middleware.py @@ -3,27 +3,24 @@ import time import json import urllib -from django.http import HttpResponseRedirect, HttpResponse +from django.http import HttpResponse from django.utils.translation import ugettext as _ -from django.contrib import auth -from .models import AdminType, User +from utils.shortcuts import redirect_to_login +from .models import AdminType -# todo remove this -from django.contrib import auth - class SessionSecurityMiddleware(object): def process_request(self, request): if request.user.is_authenticated() and request.user.admin_type in [AdminType.ADMIN, AdminType.SUPER_ADMIN]: if "last_activity" in request.session: - # 24 hours passwd since last visit + # 24 hours passed since last visit if time.time() - request.session["last_activity"] >= 24 * 60 * 60: auth.logout(request) if request.is_ajax(): return HttpResponse(json.dumps({"code": 1, "data": _("Please login in first")}), content_type="application/json") else: - return HttpResponseRedirect("/login/?__from=" + urllib.quote(request.path)) + return redirect_to_login(request) # 更新最后活动日期 request.session["last_activity"] = time.time() diff --git a/account/views.py b/account/views.py index b979aba4..4e997be8 100644 --- a/account/views.py +++ b/account/views.py @@ -1,38 +1,35 @@ # coding=utf-8 -import os -import codecs -import qrcode import StringIO +import codecs +import os -from django import http +import qrcode +from django.conf import settings from django.contrib import auth -from django.shortcuts import render +from django.core.exceptions import MultipleObjectsReturned from django.core.paginator import Paginator from django.db.models import Q -from django.conf import settings -from django.http import HttpResponse -from django.core.exceptions import MultipleObjectsReturned +from django.http import HttpResponse, HttpResponseRedirect +from django.shortcuts import render from django.utils.timezone import now from django.utils.translation import ugettext as _ - -from rest_framework.views import APIView from rest_framework.response import Response +from rest_framework.views import APIView -from utils.shortcuts import (serializer_invalid_response, error_response, - success_response, error_page, paginate, rand_str) from utils.captcha import Captcha from utils.otp_auth import OtpAuth - -from .tasks import _send_email +from utils.shortcuts import (serializer_invalid_response, error_response, + success_response, error_page, paginate, rand_str) from .decorators import login_required -from .models import User, UserProfile, AdminExtraPermission, AdminType +from .decorators import super_admin_required +from .models import User, UserProfile, AdminType from .serializers import (UserLoginSerializer, UserRegisterSerializer, UserChangePasswordSerializer, UserSerializer, EditUserSerializer, ApplyResetPasswordSerializer, ResetPasswordSerializer, SSOSerializer, EditUserProfileSerializer, TwoFactorAuthCodeSerializer) -from .decorators import super_admin_required +from .tasks import _send_email class UserLoginAPIView(APIView): @@ -223,7 +220,7 @@ class UserAdminAPIView(APIView): def logout(request): auth.logout(request) - return http.HttpResponseRedirect("/") + return HttpResponseRedirect("/") def index_page(request): @@ -233,7 +230,7 @@ def index_page(request): if request.META.get('HTTP_REFERER') or request.GET.get("index"): return render(request, "oj/index.html") else: - return http.HttpResponseRedirect('/problems/') + return HttpResponseRedirect('/problems/') class UsernameCheckAPIView(APIView): diff --git a/frontend/admin/index.html b/frontend/admin/index.html index d2ab8fba..2a4e8bc6 100644 --- a/frontend/admin/index.html +++ b/frontend/admin/index.html @@ -6,7 +6,6 @@