From f4c9ac19cfb47a1c5c35af92f0c2de3441f5f591 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 15 Apr 2019 09:28:19 +0200 Subject: [PATCH 1/6] Override Django Contrib Auth templates This override Django Contrib Auth templates to make them more integrated with the user site. More precisely the breadcrumb now redirects to the index page rather to the Django Contrib Admin index page. *It also fix a security vulnerability in Re2o.* Without this patch users are able to request for a new password AND the existing login name. So just with access to someone mail, it would be possible to hack into his account. And yes, Re2o implements another password system. But this one is not disabled (see by yourself : https://intranet.crans.org/password_reset/). This also is part of the Aube patch-set for Re2o and one of Aube goal is to drop the custom admin password reset system and use the Django Contrib Auth one. --- templates/registration/password_change_done.html | 13 +++++++++++++ templates/registration/password_change_form.html | 13 +++++++++++++ templates/registration/password_reset_complete.html | 13 +++++++++++++ templates/registration/password_reset_confirm.html | 13 +++++++++++++ templates/registration/password_reset_done.html | 13 +++++++++++++ templates/registration/password_reset_email.html | 13 +++++++++++++ templates/registration/password_reset_form.html | 13 +++++++++++++ 7 files changed, 91 insertions(+) create mode 100644 templates/registration/password_change_done.html create mode 100644 templates/registration/password_change_form.html create mode 100644 templates/registration/password_reset_complete.html create mode 100644 templates/registration/password_reset_confirm.html create mode 100644 templates/registration/password_reset_done.html create mode 100644 templates/registration/password_reset_email.html create mode 100644 templates/registration/password_reset_form.html diff --git a/templates/registration/password_change_done.html b/templates/registration/password_change_done.html new file mode 100644 index 00000000..0e514b53 --- /dev/null +++ b/templates/registration/password_change_done.html @@ -0,0 +1,13 @@ +{% extends "registration/password_change_done.html" %} +{% comment %} +SPDX-License-Identifier: GPL-2.0-or-later + +Copyright © 2019 Alexandre Iooss +{% endcomment %} +{% load i18n %} + +{% block breadcrumbs %} +
+ {% trans 'Home' %} › {% trans 'Password change' %} +
+{% endblock %} diff --git a/templates/registration/password_change_form.html b/templates/registration/password_change_form.html new file mode 100644 index 00000000..5524bfa0 --- /dev/null +++ b/templates/registration/password_change_form.html @@ -0,0 +1,13 @@ +{% extends "registration/password_change_form.html" %} +{% comment %} +SPDX-License-Identifier: GPL-2.0-or-later + +Copyright © 2019 Alexandre Iooss +{% endcomment %} +{% load i18n %} + +{% block breadcrumbs %} +
+ {% trans 'Home' %} › {% trans 'Password change' %} +
+{% endblock %} diff --git a/templates/registration/password_reset_complete.html b/templates/registration/password_reset_complete.html new file mode 100644 index 00000000..506c0981 --- /dev/null +++ b/templates/registration/password_reset_complete.html @@ -0,0 +1,13 @@ +{% extends "registration/password_reset_complete.html" %} +{% comment %} +SPDX-License-Identifier: GPL-2.0-or-later + +Copyright © 2019 Alexandre Iooss +{% endcomment %} +{% load i18n %} + +{% block breadcrumbs %} +
+ {% trans 'Home' %} › {% trans 'Password reset' %} +
+{% endblock %} diff --git a/templates/registration/password_reset_confirm.html b/templates/registration/password_reset_confirm.html new file mode 100644 index 00000000..de710a83 --- /dev/null +++ b/templates/registration/password_reset_confirm.html @@ -0,0 +1,13 @@ +{% extends "registration/password_reset_confirm.html" %} +{% comment %} +SPDX-License-Identifier: GPL-2.0-or-later + +Copyright © 2019 Alexandre Iooss +{% endcomment %} +{% load i18n %} + +{% block breadcrumbs %} +
+ {% trans 'Home' %} › {% trans 'Password reset confirmation' %} +
+{% endblock %} diff --git a/templates/registration/password_reset_done.html b/templates/registration/password_reset_done.html new file mode 100644 index 00000000..5e008001 --- /dev/null +++ b/templates/registration/password_reset_done.html @@ -0,0 +1,13 @@ +{% extends "registration/password_reset_done.html" %} +{% comment %} +SPDX-License-Identifier: GPL-2.0-or-later + +Copyright © 2019 Alexandre Iooss +{% endcomment %} +{% load i18n %} + +{% block breadcrumbs %} +
+ {% trans 'Home' %} › {% trans 'Password reset' %} +
+{% endblock %} diff --git a/templates/registration/password_reset_email.html b/templates/registration/password_reset_email.html new file mode 100644 index 00000000..f43d80c3 --- /dev/null +++ b/templates/registration/password_reset_email.html @@ -0,0 +1,13 @@ +{% load i18n %}{% autoescape off %} +{% blocktrans %}You're receiving this email because you requested a password reset for your user account at {{ site_name }}.{% endblocktrans %} + +{% trans "Please go to the following page and choose a new password:" %} +{% block reset_link %} +{{ protocol }}://{{ domain }}{% url 'password_reset_confirm' uidb64=uid token=token %} +{% endblock %} + +{% trans "Thanks for using our site!" %} + +{% blocktrans %}The {{ site_name }} team{% endblocktrans %} + +{% endautoescape %} diff --git a/templates/registration/password_reset_form.html b/templates/registration/password_reset_form.html new file mode 100644 index 00000000..26c1e282 --- /dev/null +++ b/templates/registration/password_reset_form.html @@ -0,0 +1,13 @@ +{% extends "registration/password_reset_form.html" %} +{% comment %} +SPDX-License-Identifier: GPL-2.0-or-later + +Copyright © 2019 Alexandre Iooss +{% endcomment %} +{% load i18n %} + +{% block breadcrumbs %} +
+ {% trans 'Home' %} › {% trans 'Password reset' %} +
+{% endblock %} From 58196cadad6ae69aaa01bfeb28d355517c8e8e20 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 15 Apr 2019 09:37:33 +0200 Subject: [PATCH 2/6] Redirect Django Contrib Admin login page Without this patch, Re2o has two login screen with different features. This patch redirects `/admin/login/` to the login page. This patch is part of the Aube patchset for Re2o. This helps in the goal to unify the login process and drop the custom login page. --- re2o/urls.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/re2o/urls.py b/re2o/urls.py index 39f51ec3..2e18a863 100644 --- a/re2o/urls.py +++ b/re2o/urls.py @@ -47,6 +47,7 @@ from django.conf import settings from django.conf.urls import include, url from django.contrib import admin from django.contrib.auth import views as auth_views +from django.views.generic import RedirectView from .views import index, about_page, contact_page @@ -74,6 +75,9 @@ urlpatterns = [ r'^preferences/', include('preferences.urls', namespace='preferences') ), + + # manage/login/ is redirected to the non-admin login page + url(r'^manage/login/$', RedirectView.as_view(pattern_name='login')), ] # Add debug_toolbar URLs if activated if 'debug_toolbar' in settings.INSTALLED_APPS: From a7d7cbd261718455d713549f59dc866fbf66ad71 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 15 Apr 2019 09:43:18 +0200 Subject: [PATCH 3/6] Add a logout confirmation This patch remove the custom rule in router responsible to redirect logout to index page and place a template with pre-translated strings. This is part of Aube patchset for Re2o to unify the login procedure with Django Contrib Auth. --- re2o/urls.py | 2 -- templates/registration/logged_out.html | 18 ++++++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) create mode 100644 templates/registration/logged_out.html diff --git a/re2o/urls.py b/re2o/urls.py index 2e18a863..fb6fcc6a 100644 --- a/re2o/urls.py +++ b/re2o/urls.py @@ -46,7 +46,6 @@ from __future__ import unicode_literals from django.conf import settings from django.conf.urls import include, url from django.contrib import admin -from django.contrib.auth import views as auth_views from django.views.generic import RedirectView from .views import index, about_page, contact_page @@ -58,7 +57,6 @@ urlpatterns = [ url(r'^$', index, name='index'), url(r'^about/$', about_page, name='about'), url(r'^contact/$', contact_page, name='contact'), - url('^logout/', auth_views.logout, {'next_page': '/'}), url('^', include('django.contrib.auth.urls')), url(r'^i18n/', include('django.conf.urls.i18n')), url(r'^admin/', include(admin.site.urls)), diff --git a/templates/registration/logged_out.html b/templates/registration/logged_out.html new file mode 100644 index 00000000..c3feb15d --- /dev/null +++ b/templates/registration/logged_out.html @@ -0,0 +1,18 @@ +{% extends "registration/logged_out.html" %} +{% comment %} +SPDX-License-Identifier: GPL-2.0-or-later + +Copyright © 2019 Alexandre Iooss +{% endcomment %} +{% load i18n %} + +{% block breadcrumbs %} +
+ {% trans 'Home' %} +
+{% endblock %} + +{% block content %} +

{% trans "Thanks for spending some quality time with the Web site today." %}

+

{% trans 'Log in again' %}

+{% endblock %} From 10c6a268d25d9101b9a29448c5279dd6b720bc91 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Mon, 15 Apr 2019 09:45:08 +0200 Subject: [PATCH 4/6] Add customisation to Django Contrib Admin The default theme of Django Contrib Admin is not really great. This theme the Django Admin with Re2o logo and colors. It also comes with a new dynamic-generated menu to navigate in the admin interface. A new index page override the global index of Django Contrib Admin to prepare for new features. This patch is part of the Aube patchset for Re2o, targeting the use of Django Contrib Admin as a manage interface for active members. --- re2o/urls.py | 5 + static/css/admin.css | 158 ++++++++++++++++++++++++++++++ templates/admin/base_site.html | 91 +++++++++++++++++ templates/admin/custom_index.html | 57 +++++++++++ 4 files changed, 311 insertions(+) create mode 100644 static/css/admin.css create mode 100644 templates/admin/base_site.html create mode 100644 templates/admin/custom_index.html diff --git a/re2o/urls.py b/re2o/urls.py index fb6fcc6a..9c13965b 100644 --- a/re2o/urls.py +++ b/re2o/urls.py @@ -46,10 +46,15 @@ from __future__ import unicode_literals from django.conf import settings from django.conf.urls import include, url from django.contrib import admin +from django.utils.translation import gettext_lazy as _ from django.views.generic import RedirectView from .views import index, about_page, contact_page +# Admin site configuration +admin.site.index_title = _('Homepage') +admin.site.index_template = 'admin/custom_index.html' + handler500 = 're2o.views.handler500' handler404 = 're2o.views.handler404' diff --git a/static/css/admin.css b/static/css/admin.css new file mode 100644 index 00000000..b8888ae4 --- /dev/null +++ b/static/css/admin.css @@ -0,0 +1,158 @@ +/* + * SPDX-License-Identifier: GPL-2.0-or-later + * + * Copyright © 2019 Alexandre Iooss + * + * This is the custom style for Django Contrib Admin + */ + +/* Colors */ +#header { + background-color: #222; + border-bottom: solid 3px #f9a01b; +} + +.module h2, .module caption, .inline-group h2 { + background: #e6e0d8; + color: #222; +} + +a.section:link, a.section:visited { + color: #222; +} + +#user-tools a { + border-bottom: none; + font-weight: bold; +} + +div.breadcrumbs { + background: #3c3c3c; +} + +.button, input[type=submit], input[type=button], .submit-row input, a.button { + background: #d8a456; +} + +.button:active, input[type=submit]:active, input[type=button]:active, .button:focus, input[type=submit]:focus, +input[type=button]:focus, .button:hover, input[type=submit]:hover, input[type=button]:hover { + background: #b98d4a; +} + +.button.default, input[type=submit].default, .submit-row input.default { + background: #b98d4a; +} + +.button.default:active, input[type=submit].default:active, .button.default:focus, input[type=submit].default:focus, +.button.default:hover, input[type=submit].default:hover { + background: #a7752b; +} + +/* Image in branding */ +img.banding-logo { + margin-top: -3px; + height: 32px; +} + +/* Navbar menu */ +#nav { + padding: 0; + margin: 0 0 0 20px; + font-weight: 300; + font-size: 11px; + letter-spacing: 0.5px; + text-transform: uppercase; + text-align: left; +} + +#nav a { + border-bottom: none; + font-weight: bold; + display: inline-block; +} + +#nav div.dropdown:hover > a, #nav div.dropdown:focus > a { + text-decoration: none; + color: #79aec8; +} + +#nav a.activated { + text-decoration: underline; +} + +#nav div.dropdown { + position: relative; /* needed to position the dropdown content */ + display: inline-block; +} + +#nav div.dropdown-content { + display: none; + position: absolute; + background-color: #444444; + min-width: 220px; + box-shadow: 0 8px 16px 0 rgba(0, 0, 0, 0.2); + z-index: 100; +} + +#nav div.dropdown-content a { + color: #fff; + padding: 7px 8px; + text-decoration: none; + display: block; + line-height: 16px; +} + +#nav div.dropdown-content a:hover { + background-color: #636363; +} + +#nav div.dropdown:hover .dropdown-content { + display: block; +} + +/* Fix navigation hidden */ +#header { + overflow: visible; +} + +.login #header { + overflow: hidden; +} + +/* Footer */ +#footer { + padding: 20px 40px; + color: #999; +} + +.login #footer { + padding: 10px; +} + +#footer a { + color: #777; +} + +#footer select { + height: 24px; + padding: 0; +} + +/* Pull footer to bottom */ +#content { + min-height: calc(100vh - 310px); +} + +.login #content { + min-height: 0; +} + +/* Recenter login button */ +.login .submit-row { + padding: 1em 0 0 8.5em !important; +} + +/* Dashboard should take all page */ +.dashboard #content { + width: auto; +} diff --git a/templates/admin/base_site.html b/templates/admin/base_site.html new file mode 100644 index 00000000..ebccdad7 --- /dev/null +++ b/templates/admin/base_site.html @@ -0,0 +1,91 @@ +{% extends "admin/base.html" %} +{% comment %} +SPDX-License-Identifier: GPL-2.0-or-later + +Copyright © 2019 Alexandre Iooss +{% endcomment %} + +{% load i18n staticfiles %} + +{% block title %}{{ title }} | {{ name_website }}{% endblock %} + +{% block branding %} +

+ + + + + {{ name_website }} + +

+{% endblock %} + +{% block nav-global %} + +{% endblock %} + +{% block extrahead %} + {# Favicon with iOS, Android, touchbar support #} + + + + + + + +{% endblock %} + +{% block extrastyle %} + +{% endblock %} + +{% block footer %} + +{% endblock %} diff --git a/templates/admin/custom_index.html b/templates/admin/custom_index.html new file mode 100644 index 00000000..df0a330c --- /dev/null +++ b/templates/admin/custom_index.html @@ -0,0 +1,57 @@ +{% extends "admin/index.html" %} +{% comment %} +SPDX-License-Identifier: GPL-2.0-or-later + +Copyright © 2019 Alexandre Iooss +{% endcomment %} + +{% load i18n static %} + +{% block content_title %} +

{% blocktrans %}Welcome to {{ name_website }}{% endblocktrans %}

+{% endblock %} + +{% block content %} +
+

+ {% blocktrans %}You are on the operator interface. Here you will be able to manage the network and users + from the top left menu. You can also go read the developer documentation.{% endblocktrans %} +

+

+ {% blocktrans %}To go back to the main site, click "View site" button in top right menu.{% endblocktrans %} +

+
+{% endblock %} + +{% block sidebar %} +
+
+

{% trans 'My account' %}

+

{% trans 'My recent actions' %}

+ {% load log %} + {% get_admin_log 10 as admin_log for_user user %} + {% if not admin_log %} +

{% trans 'None available' %}

+ {% else %} +
    + {% for entry in admin_log %} +
  • + {% if entry.is_deletion or not entry.get_admin_url %} + {{ entry.object_repr }} + {% else %} + {{ entry.object_repr }} + {% endif %} +
    + {% if entry.content_type %} + {% filter capfirst %} + {{ entry.content_type }}{% endfilter %} + {% else %} + {% trans 'Unknown content' %} + {% endif %} +
    • + {% endfor %} +
+ {% endif %} +
+
+{% endblock %} From 831e0c0690a4fa99d46fe4261f9f278691fa7c77 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sat, 20 Apr 2019 19:24:49 +0200 Subject: [PATCH 5/6] Link to login page when logged out --- templates/registration/logged_out.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/registration/logged_out.html b/templates/registration/logged_out.html index c3feb15d..b700f171 100644 --- a/templates/registration/logged_out.html +++ b/templates/registration/logged_out.html @@ -14,5 +14,5 @@ Copyright © 2019 Alexandre Iooss {% block content %}

{% trans "Thanks for spending some quality time with the Web site today." %}

-

{% trans 'Log in again' %}

+

{% trans 'Log in again' %}

{% endblock %} From e900ce0d0d2653bef504812842192f60621722d1 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Sat, 20 Apr 2019 19:25:24 +0200 Subject: [PATCH 6/6] Fix login screen not being redirected --- re2o/urls.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/re2o/urls.py b/re2o/urls.py index 9c13965b..37497572 100644 --- a/re2o/urls.py +++ b/re2o/urls.py @@ -62,9 +62,7 @@ urlpatterns = [ url(r'^$', index, name='index'), url(r'^about/$', about_page, name='about'), url(r'^contact/$', contact_page, name='contact'), - url('^', include('django.contrib.auth.urls')), url(r'^i18n/', include('django.conf.urls.i18n')), - url(r'^admin/', include(admin.site.urls)), url(r'^users/', include('users.urls', namespace='users')), url(r'^search/', include('search.urls', namespace='search')), url( @@ -79,8 +77,11 @@ urlpatterns = [ include('preferences.urls', namespace='preferences') ), + # Include contrib auth and contrib admin # manage/login/ is redirected to the non-admin login page - url(r'^manage/login/$', RedirectView.as_view(pattern_name='login')), + url(r'^', include('django.contrib.auth.urls')), + url(r'^admin/login/$', RedirectView.as_view(pattern_name='login')), + url(r'^admin/', include(admin.site.urls)), ] # Add debug_toolbar URLs if activated if 'debug_toolbar' in settings.INSTALLED_APPS: