Working terms of service views

tos/models.py

@@ -65,4 +65,5 @@ class UserAgreement(BaseModel):
 def has_user_agreed_latest_tos(user):
     if UserAgreement.objects.filter(terms_of_service=TermsOfService.objects.get_current_tos(),user=user):
         return True
-    return False
+    return False
+    

tos/templates/tos/tos.html

@@ -0,0 +1,3 @@
+<h2>Terms of Service as of {{ tos.created|date:"SHORT_DATE_FORMAT }}</h2>
+
+{{ tos.content }}

tos/templates/tos/tos_check.html

@@ -1,10 +1,15 @@
-<h2>Terms of Service as of {{ tos.created }}</h2>
+{% if note %}
+    <h2>{{ note }}</note>
+{% else %}
+    <h2>Terms of Service as of {{ tos.created|date:"SHORT_DATE_FORMAT }}</h2>
+{% endif %}
 
 {{ tos.content }}
 
 <h2>Accept Terms of Service?</h2>
 
-<form method="post" action="#">
-    <button type="submit" name="accept">accept</button>
-    <button type="submit" name="reject">reject</button>
+<form method="post" action="{% url tos_check_tos %}">
+    {% csrf_token %}
+    <button type="submit" name="accept" value="accept">accept</button>
+    <button type="submit" name="accept" value="reject">reject</button>
 </form>

tos/urls.py

@@ -0,0 +1,21 @@
+from django.conf.urls.defaults import * 
+from django.views.generic.simple import direct_to_template
+
+from tos.views import check_tos
+
+urlpatterns = patterns('',
+        # Terms of Service conform 
+        url(
+            regex   = '^confirm/$',
+            view    = check_tos,
+            name    = 'tos_check_tos',
+        ),
+        
+        # Terms of service simple display 
+        url(
+            regex   = '^$',
+            view    = direct_to_template,
+            kwargs  = {'template': 'tos/tos.html'},            
+            name    = 'tos',
+        ),
+    )

tos/views.py

@@ -10,68 +10,62 @@ from django.template import RequestContext
 from django.views.decorators.cache import never_cache
 from django.views.decorators.csrf import csrf_protect
 
-from tos.models import has_user_agreed_latest_tos, TermsOfService
+from tos.models import has_user_agreed_latest_tos, TermsOfService, UserAgreement
+
+def _redirect_to(redirect_to):
+    """ Moved redirect_to logic here to avoid duplication in views"""
+    
+    # Light security check -- make sure redirect_to isn't garbage.
+    if not redirect_to or ' ' in redirect_to:
+        redirect_to = settings.LOGIN_REDIRECT_URL
+
+    # Heavier security check -- redirects to http://example.com should 
+    # not be allowed, but things like /view/?param=http://example.com 
+    # should be allowed. This regex checks if there is a '//' *before* a
+    # question mark.
+    elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to):
+            redirect_to = settings.LOGIN_REDIRECT_URL
+    return redirect_to
 
 @csrf_protect
 @never_cache
-def login_old(request, template_name='registration/login.html',
-          redirect_field_name=REDIRECT_FIELD_NAME,
-          authentication_form=AuthenticationForm):
-    """Displays the login form and handles the login action."""
-
-    redirect_to = request.REQUEST.get(redirect_field_name, '')
+def check_tos(request, template_name='tos/tos_check.html',
+    redirect_field_name=REDIRECT_FIELD_NAME,):
     
-    if request.method == "POST":
-        form = authentication_form(data=request.POST)
-        if form.is_valid():
-                        
-            # Light security check -- make sure redirect_to isn't garbage.
-            if not redirect_to or ' ' in redirect_to:
-                redirect_to = settings.LOGIN_REDIRECT_URL
+    redirect_to = _redirect_to(request.REQUEST.get(redirect_field_name, ''))
+    
+    note=""
+    
+    tos =TermsOfService.objects.get_current_tos()
+    
+    if request.method=="POST":
+        if request.POST.get("accept", "") == "accept":
+            user = request.session['tos_user']
             
-            # Heavier security check -- redirects to http://example.com should 
-            # not be allowed, but things like /view/?param=http://example.com 
-            # should be allowed. This regex checks if there is a '//' *before* a
-            # question mark.
-            elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to):
-                    redirect_to = settings.LOGIN_REDIRECT_URL
+            # Save the user agreement to the new TOS
+            UserAgreement.objects.create(terms_of_service=tos, user=user)
             
-            # Okay, security checks complete. Log the user in.
-            auth_login(request, form.get_user())
+            # Log the user in            
+            auth_login(request, user)
 
             if request.session.test_cookie_worked():
                 request.session.delete_test_cookie()
 
             return HttpResponseRedirect(redirect_to)
+        else:
+            note="You cannot login without agreeing to the terms of this site."
 
-    else:
-        form = authentication_form(request)
-    
-    request.session.set_test_cookie()
-    
-    if Site._meta.installed:
-        current_site = Site.objects.get_current()
-    else:
-        current_site = RequestSite(request)
     
     return render_to_response(template_name, {
-        'form': form,
+        'tos':tos,
+        'note':note,
         redirect_field_name: redirect_to,
-        'site': current_site,
-        'site_name': current_site.name,
     }, context_instance=RequestContext(request))
-
+    
+    
+        
 @csrf_protect
-@never_cache
-def tos_check(request):
-    
-    # force user to agree to TOS
-    # 1. get latest TOS
-    has_user_agreed_latest_tos 
-    
-    # 2. Confirm that user is on the TOS agreement list
-    # 3. redirect them to TOS page if they have not yet agreed
-    
+@never_cache        
 def login(request, template_name='registration/login.html',
           redirect_field_name=REDIRECT_FIELD_NAME,
           authentication_form=AuthenticationForm):
@@ -83,22 +77,14 @@ def login(request, template_name='registration/login.html',
         form = authentication_form(data=request.POST)
         if form.is_valid():
 
-            # Light security check -- make sure redirect_to isn't garbage.
-            if not redirect_to or ' ' in redirect_to:
-                redirect_to = settings.LOGIN_REDIRECT_URL
-
-            # Heavier security check -- redirects to http://example.com should 
-            # not be allowed, but things like /view/?param=http://example.com 
-            # should be allowed. This regex checks if there is a '//' *before* a
-            # question mark.
-            elif '//' in redirect_to and re.match(r'[^\?]*//', redirect_to):
-                    redirect_to = settings.LOGIN_REDIRECT_URL
+            redirect_to = _redirect_to(redirect_to)
                     
             # Okay, security checks complete. Check to see if user agrees to terms
-            if has_user_agreed_latest_tos(form.get_user()):
+            user = form.get_user()
+            if has_user_agreed_latest_tos(user):
 
                 # Log the user in.
-                auth_login(request, form.get_user())
+                auth_login(request, user)
 
                 if request.session.test_cookie_worked():
                     request.session.delete_test_cookie()
@@ -109,11 +95,12 @@ def login(request, template_name='registration/login.html',
                 # user has not yet agreed to latest tos
                 # force them to accept or refuse
                 
+                request.session['tos_user'] = user
+                
                 
                 return render_to_response('tos/tos_check.html', {
                     redirect_field_name: redirect_to,
-                    'tos':TermsOfService.objects.get_current_tos(),
-                    'form':authentication_form(request)
+                    'tos':TermsOfService.objects.get_current_tos()
                 }, context_instance=RequestContext(request))                
 
     else: