views.py

import hashlib
import uuid
from typing import Optional

from django.conf import settings
from django.contrib import auth
from django.contrib.auth.decorators import login_required
from django.contrib.auth.decorators import permission_required
from django.contrib.auth.models import Group
from django.contrib.auth.models import User
from django.core.mail import send_mail
from django.db import transaction
from django.http import Http404
from django.http import HttpRequest
from django.http import HttpResponse
from django.http import JsonResponse
from django.shortcuts import get_object_or_404
from django.shortcuts import redirect
from django.shortcuts import render
from django.urls import reverse
from django.views.decorators.debug import sensitive_post_parameters
from django.views.decorators.debug import sensitive_variables

from . import forms
from . import models
from bde.models import Contributor
from core.cache import cache_unless
from notifications.shortcuts import notify


@sensitive_variables("password")
@sensitive_post_parameters("password")
def login(request: HttpRequest) -> HttpResponse:
    context = {}

    if request.user.is_authenticated:
        return redirect(request.POST.get("next", reverse("news:index")))
    if request.POST:
        email = request.POST["email"]
        password = request.POST["password"]
        user = auth.authenticate(username=email, password=password)
        if user:
            auth.login(request, user)
            return redirect(request.POST.get("next", reverse("news:index")))
        else:
            context["error"] = "Invalid user"

    context["next"] = request.GET.get("next", reverse("news:index"))
    return render(request, "login.html", context)


@login_required
def logout(request: HttpRequest) -> HttpResponse:
    auth.logout(request)
    return redirect(reverse("news:index"))


@login_required
def profile(request: HttpRequest) -> HttpResponse:
    return redirect(
        reverse("accounts:show", kwargs={"username": request.user.username})
    )


@login_required
def show(request: HttpRequest, username: str) -> HttpResponse:
    try:
        user = User.objects.select_related("profile").get(username=username)
    except User.DoesNotExist:
        raise Http404(f"User {username} does not exist")

    context = {
        "user": user,
        "display_name": str(user.profile),
    }
    return render(request, "accounts/show.html", context)


@permission_required("permissions.default_rights")
def edit(request: HttpRequest, username: str) -> HttpResponse:
    if request.user.username != username:
        return redirect(reverse("accounts:show", kwargs={"username": username}))

    try:
        user = User.objects.get(username=username)
    except User.DoesNotExist:
        pass

    if request.method == "POST":
        userform = forms.UserForm(request.POST, instance=user)
        passwordform = auth.forms.PasswordChangeForm(user, request.POST)
        profileform = forms.ProfileForm(request.POST, instance=user.profile)
        profileimgform = forms.ImageProfileForm(
            request.POST, request.FILES, instance=user.profile
        )
        addressform = forms.AddressForm(request.POST, instance=user.profile.address)

        error = False
        if userform.has_changed() and userform.is_valid():
            userform.save()
        elif userform.has_changed():
            error = True
        else:
            userform = forms.UserForm(instance=user)

        if passwordform.has_changed() and passwordform.is_valid():
            passwordform.save()
        elif passwordform.has_changed():
            error = True
        else:
            passwordform = auth.forms.PasswordChangeForm(user)

        if profileform.has_changed() and profileform.is_valid():
            profileform.save()
        elif profileform.has_changed():
            error = True
        else:
            profileform = forms.ProfileForm(instance=user.profile)

        if profileimgform.has_changed() and profileimgform.is_valid():
            profileimgform.save()
        elif profileimgform.has_changed():
            error = True
        else:
            profileimgform = forms.ImageProfileForm(instance=user.profile)

        if addressform.has_changed() and addressform.is_valid():
            addressform.save()
        elif addressform.has_changed():
            error = True
        else:
            addressform = forms.AddressForm(instance=user.profile.address)

        if error:
            context = {
                "userform": userform.as_p(),
                "passwordform": passwordform.as_p(),
                "profileform": profileform.as_p(),
                "profileimgform": profileimgform.as_p(),
                "addressform": addressform.as_p(),
            }

            return render(request, "accounts/edit.html", context)
        else:
            return redirect(reverse("accounts:edit", kwargs={"username": username}))
    else:
        userform = forms.UserForm(instance=user)
        passwordform = auth.forms.PasswordChangeForm(user)
        profileform = forms.ProfileForm(instance=user.profile)
        profileimgform = forms.ImageProfileForm(instance=user.profile)
        addressform = forms.AddressForm(instance=user.profile.address)

        context = {
            "userform": userform.as_p(),
            "passwordform": passwordform.as_p(),
            "profileform": profileform.as_p(),
            "profileimgform": profileimgform.as_p(),
            "addressform": addressform.as_p(),
        }

        return render(request, "accounts/edit.html", context)


def get_contrib(user: User) -> Optional[str]:
    try:
        return user.contribution.current_type
    except Contributor.DoesNotExist:
        return None


@permission_required("permissions.default_rights")
@cache_unless("members", methods=["OPTIONS"])
def members(request: HttpRequest) -> HttpResponse:
    if request.method == "OPTIONS":
        users = [
            {
                "id": user.id,
                "display_name": str(user.profile),
                "picture": user.profile.get_picture_url(),
                "profile_url": user.profile.get_url(),
                "first_name": user.first_name,
                "last_name": user.last_name,
                "username": user.username,
                "nickname": user.profile.nickname,
                "contribution": get_contrib(user),
                "email": user.email,
            }
            for user in User.objects.select_related("profile")
            .select_related("contribution")
            .all()
            .only(
                "id",
                "first_name",
                "last_name",
                "username",
                "profile",
                "email",
                "contribution",
            )
        ]
        return JsonResponse({"users": users})

    return render(request, "accounts/list.html", {})


@permission_required("permissions.default_rights")
def groups(request: HttpRequest) -> HttpResponse:
    if request.method == "OPTIONS":
        groups = [
            {
                "id": group.id,
                "name": group.name,
                "color": "#%s" % (hashlib.md5(group.name.encode()).hexdigest()[:6]),
            }
            for group in Group.objects.all()
        ]
        return JsonResponse({"groups": groups})
    return redirect("accounts:list")


def account_request(request: HttpRequest) -> HttpResponse:
    if request.user.is_authenticated:
        return redirect(reverse("news:index"))

    if request.method == "POST":
        form = forms.UserRequestForm(request.POST)
        if form.is_valid():
            form.save()
            notify(
                "Une demande de création de compte à été déposée.",
                "accounts:list_request",
                groups=Group.objects.filter(name=settings.BDE_GROUP_NAME),
            )
            return redirect(reverse("accounts:confirmation"))
    else:
        form = forms.UserRequestForm()

    context = {"form": form}
    return render(request, "accounts/request.html", context)


@permission_required("accounts.manage_account_request")
def list_request(request: HttpRequest, error: Optional[str] = None) -> HttpResponse:
    context = {
        "requests": models.UserRequest.objects.all(),
        "error": error,
    }

    return render(request, "accounts/list-request.html", context)


ACCEPT_MAIL_TPL = """Bonjour {first_name} {last_name},

Votre compte enib.net à été créé.
Vous pouvez dés maintenant vous connecter avec votre adresse email et le mot de
passe suivant:

{password}

Pour garantir la sécurité de votre compte nous vous conseillons
fortement de le changer dès votre première connexion.
"""


REJECT_MAIL_TPL = """Bonjour {first_name} {last_name},

Votre demande de création de compte sur enib.net à été rejetée.
"""


@sensitive_variables("password")
@permission_required("accounts.manage_account_request")
def accept_request(request: HttpRequest, rid: int) -> HttpResponse:
    user_request = get_object_or_404(models.UserRequest, id=rid)
    username = (
        "%s_%s" % (user_request.first_name[0], user_request.last_name[:6])
    ).lower()

    if User.objects.filter(email=user_request.email).count() != 0:
        return redirect("accounts:list_request", error="email")
    if User.objects.filter(username=username).count() != 0:
        return redirect("accounts:list_request", error="username")

    with transaction.atomic():
        user = User.objects.create(
            username=username,
            email=user_request.email,
            first_name=user_request.first_name,
            last_name=user_request.last_name,
        )

        password = str(uuid.uuid4())
        user.set_password(password)
        user.save()
        user_request.delete()

        send_mail(
            "Création de votre compte enib.net",
            ACCEPT_MAIL_TPL.format(
                first_name=user_request.first_name,
                last_name=user_request.last_name,
                password=password,
            ),
            "bde@enib.fr",
            [user.email],
            fail_silently=False,
        )

    return redirect(reverse("accounts:list_request"))


@permission_required("accounts.manage_account_request")
def reject_request(request: HttpRequest, rid: int) -> HttpResponse:
    user_request = get_object_or_404(models.UserRequest, id=rid)
    user_request.delete()

    send_mail(
        "Rejet de votre demande de création de compte enib.net",
        REJECT_MAIL_TPL.format(
            first_name=user_request.first_name,
            last_name=user_request.last_name,
        ),
        "bde@enib.fr",
        [user_request.email],
        fail_silently=False,
    )
    return redirect(reverse("accounts:list_request"))


def confirmation_request(request: HttpRequest) -> HttpResponse:
    return render(request, "accounts/confirmation.html")