login view added. Also test 'harness'

README.rst

@@ -7,10 +7,10 @@ This project gives the admin the ability to reset terms of agreement with the en
 Summary
 =======
 
-    - based flatpage
-    - keep track of when TOS is changed
-    - Users need to be informed and reagree when they relogin (custom login)
-    - 2 models likely (TOS table and user re-agree)
+    - based on flatpages
+    - keeps track of when TOS is changed
+    - Users need to be informed and agree/re-agree when they login (custom login is provided)
+    - Just two models (TOS and user agreement)
     
 Installation
 ============
@@ -27,4 +27,6 @@ django-tos relies on django-flatpages so you have to follow those rules of insta
 
  5. Add `django.contrib.flatpages.middleware.FlatpageFallbackMiddleware` to your MIDDLEWARE_CLASSES setting.
 
- 5. Run the command `manage.py syncdb`.
+ 6. Run the command `manage.py syncdb`.
+ 
+ 7. In your root urlconf file `urls.py` add `(r'^login/$', 'tos.views.login', {}, 'login',),` to your url patterns.

tos/admin.py

@@ -1,12 +1,15 @@
+# TODO - enhance with FlatPage inline
+
 from django.contrib import admin 
 
 from tos.models import TermsOfService, UserAgreement
 
 class TermsOfServiceAdmin(admin.ModelAdmin): 
-    model = TermsOfService
+    model = TermsOfService   
 
 admin.site.register(TermsOfService, TermsOfServiceAdmin)
 
+
 class UserAgreementAdmin(admin.ModelAdmin): 
     model = UserAgreement
 

tos/views.py

@@ -0,0 +1,59 @@
+from django.conf import settings
+from django.contrib.auth import login as auth_login
+from django.contrib.auth import REDIRECT_FIELD_NAME
+from django.contrib.auth.forms import AuthenticationForm
+from django.contrib.auth.models import User
+from django.contrib.sites.models import Site, RequestSite
+from django.http import HttpResponseRedirect
+from django.shortcuts import render_to_response
+from django.template import RequestContext
+from django.views.decorators.cache import never_cache
+from django.views.decorators.csrf import csrf_protect
+
+@csrf_protect
+@never_cache
+def login(request, template_name='registration/login.html',
+          redirect_field_name=REDIRECT_FIELD_NAME,
+          authentication_form=AuthenticationForm):
+    """Displays the login form and handles the login action."""
+
+    redirect_to = request.REQUEST.get(redirect_field_name, '')
+    
+    if request.method == "POST":
+        form = authentication_form(data=request.POST)
+        if form.is_valid():
+            # Light security check -- make sure redirect_to isn't garbage.
+            if not redirect_to or ' ' in redirect_to:
+                redirect_to = settings.LOGIN_REDIRECT_URL
+            
+            # Heavier security check -- redirects to http://example.com should 
+            # not be allowed, but things like /view/?param=http://example.com 
+            # should be allowed. This regex checks if there is a '//' *before* a
+            # question mark.
+            elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to):
+                    redirect_to = settings.LOGIN_REDIRECT_URL
+            
+            # Okay, security checks complete. Log the user in.
+            auth_login(request, form.get_user())
+
+            if request.session.test_cookie_worked():
+                request.session.delete_test_cookie()
+
+            return HttpResponseRedirect(redirect_to)
+
+    else:
+        form = authentication_form(request)
+    
+    request.session.set_test_cookie()
+    
+    if Site._meta.installed:
+        current_site = Site.objects.get_current()
+    else:
+        current_site = RequestSite(request)
+    
+    return render_to_response(template_name, {
+        'form': form,
+        redirect_field_name: redirect_to,
+        'site': current_site,
+        'site_name': current_site.name,
+    }, context_instance=RequestContext(request))