fix errors in login / profile / create user, update unique var in licence_id

10 months ago · e04c308c61
parent 4bc5875385
commit e04c308c61
18 changed files with 232 additions and 25 deletions
--- a/padelclub_backend/settings.py
+++ b/padelclub_backend/settings.py
@ -155,3 +155,10 @@ AUTHENTICATION_BACKENDS = [
    'tournaments.backends.EmailOrUsernameModelBackend',  # replace 'yourapp' with your actual app name
    'django.contrib.auth.backends.ModelBackend',
 ]
+
+CSRF_COOKIE_SECURE = True  # if using HTTPS
+CSRF_COOKIE_HTTPONLY = False  # needed for AJAX requests
+CSRF_USE_SESSIONS = False  # store CSRF token in cookie instead of session
+CSRF_COOKIE_SAMESITE = 'Lax'  # or 'Strict' for more security
+LOGIN_URL = 'login'
+PASSWORD_CHANGE_REDIRECT_URL = 'profile'  # Redirect back to profile after password change
--- a/padelclub_backend/urls.py
+++ b/padelclub_backend/urls.py
@ -25,6 +25,6 @@ urlpatterns = [
    path('kingdom/', admin.site.urls),
    path('api-auth/', include('rest_framework.urls')),

-    path('dj-auth/', include('django.contrib.auth.urls')),
+    #path('dj-auth/', include('django.contrib.auth.urls')),

 ]
--- a/tournaments/backends.py
+++ b/tournaments/backends.py
@ -1,8 +1,4 @@
 # backends.py
-from django.contrib.auth import get_user_model
-from django.contrib.auth.backends import ModelBackend
-from django.db.models import Q
-
 from django.contrib.auth import get_user_model
 from django.contrib.auth.backends import ModelBackend
 from django.db.models import Q
--- a/tournaments/forms.py
+++ b/tournaments/forms.py
@ -14,6 +14,19 @@ class CustomUserCreationForm(UserCreationForm):

    class Meta:
        model = CustomUser
+        error_messages = {
+            'email': {
+                'unique': "Cette adresse email est déjà utilisée.",
+            },
+            'username': {
+                'unique': "Ce nom d'utilisateur est déjà pris.",
+            },
+            'licence_id': {
+                'unique': "Cette licence est déjà utilisée par un autre compte.",
+            },
+
+        }
+
        fields = UserCreationForm.Meta.fields + ('umpire_code', 'clubs', 'phone', 'first_name', 'last_name', 'licence_id', 'country')

 class SimpleCustomUserCreationForm(UserCreationForm):
@ -21,6 +34,18 @@ class SimpleCustomUserCreationForm(UserCreationForm):
    class Meta:
        model = CustomUser
        fields = UserCreationForm.Meta.fields + ('email', 'phone', 'first_name', 'last_name', 'licence_id', 'country')
+        error_messages = {
+            'email': {
+                'unique': "Cette adresse email est déjà utilisée.",
+            },
+            'username': {
+                'unique': "Ce nom d'utilisateur est déjà pris.",
+            },
+            'licence_id': {
+                'unique': "Cette licence est déjà utilisée par un autre compte.",
+            },
+
+        }
        labels = {
            'username': 'Nom d’utilisateur',
            'email': 'E-mail',
@ -38,6 +63,18 @@ class CustomUserChangeForm(UserChangeForm):

    class Meta:
        model = CustomUser
+        error_messages = {
+            'email': {
+                'unique': "Cette adresse email est déjà utilisée.",
+            },
+            'username': {
+                'unique': "Ce nom d'utilisateur est déjà pris.",
+            },
+            'licence_id': {
+                'unique': "Cette licence est déjà utilisée par un autre compte.",
+            },
+
+        }
        fields = UserCreationForm.Meta.fields + ('umpire_code', 'clubs', 'phone', 'first_name', 'last_name', 'licence_id', 'country')

 class SimpleForm(forms.Form):
@ -156,6 +193,17 @@ class ProfileUpdateForm(forms.ModelForm):
            'last_name': 'Nom de famille',
            'licence_id': 'Numéro de licence',
        }
+        error_messages = {
+            'email': {
+                'unique': "Cette adresse email est déjà utilisée.",
+            },
+            'username': {
+                'unique': "Ce nom d'utilisateur est déjà pris.",
+            },
+            'licence_id': {
+                'unique': "Cette licence est déjà utilisée par un autre compte.",
+            },
+        }

 from django.contrib.auth.forms import PasswordChangeForm

@ -197,7 +245,7 @@ class EmailOrUsernameAuthenticationForm(AuthenticationForm):
                print("Authentication failed")  # Debug print
                logger.warning("Authentication failed")
                raise forms.ValidationError(
-                    "Please enter a correct username/email and password.",
+                    "Identifiant/E-mail ou mot de passe incorrect. Les champs sont sensibles à la casse.",
                    code='invalid_login'
                )
            else:
--- a/tournaments/migrations/0105_playerregistration_registered_online_and_more.py
+++ b/tournaments/migrations/0105_playerregistration_registered_online_and_more.py
@ -0,0 +1,23 @@
+# Generated by Django 4.2.11 on 2025-01-15 07:49
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('tournaments', '0104_remove_tournament_target_team_count'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='playerregistration',
+            name='registered_online',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AlterField(
+            model_name='playerregistration',
+            name='source',
+            field=models.IntegerField(blank=True, choices=[(0, 'French Federation'), (1, 'Beach Padel')], null=True),
+        ),
+    ]
--- a/tournaments/migrations/0106_alter_customuser_licence_id.py
+++ b/tournaments/migrations/0106_alter_customuser_licence_id.py
@ -0,0 +1,18 @@
+# Generated by Django 4.2.11 on 2025-01-15 07:53
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('tournaments', '0105_playerregistration_registered_online_and_more'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='customuser',
+            name='licence_id',
+            field=models.CharField(blank=True, max_length=10, null=True, unique=True),
+        ),
+    ]
--- a/tournaments/models/custom_user.py
+++ b/tournaments/models/custom_user.py
@ -6,13 +6,25 @@ import uuid
 class CustomUser(AbstractUser):
    pass
    id = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=True)
-    email = models.EmailField(unique=True)
+    email = models.EmailField(
+        unique=True,
+        error_messages={
+            'unique': "Cette adresse email est déjà utilisée.",
+        }
+    )
+    username = models.CharField(
+        max_length=150,
+        unique=True,
+        error_messages={
+            'unique': "Ce nom d'utilisateur est déjà pris.",
+        }
+    )
    umpire_code = models.CharField(max_length=50, blank=True, null=True)
    clubs = models.ManyToManyField(club.Club, blank=True)
    phone = models.CharField(max_length=15, null=True, blank=True)
    first_name = models.CharField(max_length=50)
    last_name = models.CharField(max_length=50)
-    licence_id = models.CharField(max_length=10, null=True, blank=True)
+    licence_id = models.CharField(max_length=10, unique=True, null=True, blank=True)
    country = models.CharField(max_length=40, null=True, blank=True)

    summons_message_body = models.TextField(blank=True, null=True)
--- a/tournaments/models/player_enums.py
+++ b/tournaments/models/player_enums.py
@ -15,7 +15,6 @@ class PlayerPaymentType(models.IntegerChoices):
 class PlayerDataSource(models.IntegerChoices):
    FRENCH_FEDERATION = 0, 'French Federation'
    BEACH_PADEL = 1, 'Beach Padel'
-    ONLINE_REGISTRATION = 2, 'Online Registration'

 class PlayerSexType(models.IntegerChoices):
    FEMALE = 0, 'Female'
--- a/tournaments/models/player_registration.py
+++ b/tournaments/models/player_registration.py
@ -36,6 +36,7 @@ class PlayerRegistration(models.Model):
    has_arrived = models.BooleanField(default=False)
    captain = models.BooleanField(default=False)
    coach = models.BooleanField(default=False)
+    registered_online = models.BooleanField(default=False)

    def __str__(self):
        return self.name()
--- a/tournaments/repositories.py
+++ b/tournaments/repositories.py
@ -31,10 +31,15 @@ class TournamentRegistrationRepository:
                player_data
            )

+            data_source = None
+            if player_data.get('found_in_french_federation', False) == True:
+                data_source = PlayerDataSource.FRENCH_FEDERATION
+
            player_registration = PlayerRegistration.objects.create(
                team_registration=team_registration,
                captain=is_captain,
-                source=PlayerDataSource.ONLINE_REGISTRATION,
+                source=data_source,
+                registered_online=True,
                first_name=player_data.get('first_name'),
                last_name=player_data.get('last_name'),
                points=player_data.get('points'),
--- a/tournaments/services/tournament_registration.py
+++ b/tournaments/services/tournament_registration.py
@ -162,7 +162,8 @@ class TournamentRegistrationService:
                'tournament_count': data.get('tournament_count'),
                'ligue_name': data.get('ligue_name'),
                'club_name': data.get('club_name'),
-                'birth_year': data.get('birth_year')
+                'birth_year': data.get('birth_year'),
+                'found': True,
            })

        return player_data
@ -252,6 +253,7 @@ class TournamentRegistrationService:
            'ligue_name': csv_data.get('ligue_name'),
            'club_name': csv_data.get('club_name'),
            'birth_year': csv_data.get('birth_year'),
+            'found': True,
            'email': None,
            'phone': None,
        })
--- a/tournaments/signals.py
+++ b/tournaments/signals.py
@ -92,14 +92,14 @@ def unregister_team(sender, instance, **kwargs):
            else:
                waiting_other_player = player

-        if waiting_captain is not None and waiting_captain.source == PlayerDataSource.ONLINE_REGISTRATION and waiting_captain.email is not None:
+        if waiting_captain is not None and waiting_captain.registered_online == True and waiting_captain.email is not None:
            TournamentEmailService.send_out_of_waiting_list_confirmation(
                waiting_captain,
                tournament,
                waiting_other_player
            )

-    if captain is not None and captain.source == PlayerDataSource.ONLINE_REGISTRATION and captain.email is not None:
+    if captain is not None and captain.registered_online == True and captain.email is not None:
        TournamentEmailService.send_unregistration_confirmation(
            captain,
            tournament,
--- a/tournaments/templates/profile.html
+++ b/tournaments/templates/profile.html
@ -23,6 +23,24 @@
 <div class="cell medium-6 large-6 topblock my-block">
    <div class="bubble">
        <label class="title">Mes informations</label>
+        {% if form.errors %}
+            <div class="alert">
+                {% for field, errors in form.errors.items %}
+                    {% for error in errors %}
+                        <p>{{ error }}</p>
+                    {% endfor %}
+                {% endfor %}
+            </div>
+        {% endif %}
+
+        <!-- Add non-field errors (if any) -->
+        {% if form.non_field_errors %}
+            <div class="alert">
+                {% for error in form.non_field_errors %}
+                    <p>{{ error }}</p>
+                {% endfor %}
+            </div>
+        {% endif %}
        <form method="post">
            {% csrf_token %}
            {{ form.as_p }}
@ -33,6 +51,24 @@
 <div class="cell medium-6 large-6 topblock my-block">
    <div class="bubble">
        <label class="title">Mot de passe</label>
+        {% if password_change_form.errors %}
+            <div class="alert">
+                {% for field, errors in password_change_form.errors.items %}
+                    {% for error in errors %}
+                        <p>{{ error }}</p>
+                    {% endfor %}
+                {% endfor %}
+            </div>
+        {% endif %}
+
+        {% if password_change_form.non_field_errors %}
+            <div class="alert">
+                {% for error in password_change_form.non_field_errors %}
+                    <p>{{ error }}</p>
+                {% endfor %}
+            </div>
+        {% endif %}
+
        <form method="post" action="{% url 'password_change' %}">
            {% csrf_token %}
            {{ password_change_form.as_p }}
--- a/tournaments/templates/registration/password_reset_confirm.html
+++ b/tournaments/templates/registration/password_reset_confirm.html
@ -7,6 +7,24 @@
 <div class="grid-x">
 <div class="bubble">
    <div class="cell medium-6 large-6 my-block">
+        {% if form.errors %}
+            <div class="alert">
+                {% for field, errors in form.errors.items %}
+                    {% for error in errors %}
+                        <p>{{ error }}</p>
+                    {% endfor %}
+                {% endfor %}
+            </div>
+        {% endif %}
+
+        <!-- Add non-field errors (if any) -->
+        {% if form.non_field_errors %}
+            <div class="alert">
+                {% for error in form.non_field_errors %}
+                    <p>{{ error }}</p>
+                {% endfor %}
+            </div>
+        {% endif %}
        <form method="post">
            {% csrf_token %}
            <label for="new_password1">Nouveau mot de passe :</label>
--- a/tournaments/templates/registration/password_reset_form.html
+++ b/tournaments/templates/registration/password_reset_form.html
@ -7,6 +7,24 @@
 <div class="grid-x">
 <div class="bubble">
    <div class="cell medium-6 large-6 my-block">
+        {% if form.errors %}
+            <div class="alert">
+                {% for field, errors in form.errors.items %}
+                    {% for error in errors %}
+                        <p>{{ error }}</p>
+                    {% endfor %}
+                {% endfor %}
+            </div>
+        {% endif %}
+
+        <!-- Add non-field errors (if any) -->
+        {% if form.non_field_errors %}
+            <div class="alert">
+                {% for error in form.non_field_errors %}
+                    <p>{{ error }}</p>
+                {% endfor %}
+            </div>
+        {% endif %}
        <form method="post" action="{% url 'password_reset' %}">
            {% csrf_token %}
            <label for="email">Adresse e-mail :</label>
--- a/tournaments/templates/registration/signup.html
+++ b/tournaments/templates/registration/signup.html
@ -11,6 +11,25 @@
 <div class="grid-x">
 <div class="bubble">
    <div class="cell medium-6 large-6 my-block">
+        {% if form.errors %}
+            <div class="alert">
+                {% for field, errors in form.errors.items %}
+                    {% for error in errors %}
+                        <p>{{ error }}</p>
+                    {% endfor %}
+                {% endfor %}
+            </div>
+        {% endif %}
+
+        <!-- Add non-field errors (if any) -->
+        {% if form.non_field_errors %}
+            <div class="alert">
+                {% for error in form.non_field_errors %}
+                    <p>{{ error }}</p>
+                {% endfor %}
+            </div>
+        {% endif %}
+
        <form method="post">
            {% csrf_token %}
            {{ form.as_p }}
--- a/tournaments/urls.py
+++ b/tournaments/urls.py
@ -1,8 +1,6 @@
 from django.contrib.auth import views as auth_views
 from django.urls import include, path
-from .forms import EmailOrUsernameAuthenticationForm
-from django.views.decorators.csrf import ensure_csrf_cookie
-from django.utils.decorators import method_decorator
+from .forms import EmailOrUsernameAuthenticationForm, CustomPasswordChangeForm

 from . import views

@ -44,10 +42,17 @@ urlpatterns = [
    path('terms-of-use/', views.terms_of_use, name='terms-of-use'),
    path('utils/xls-to-csv/', views.xls_to_csv, name='xls-to-csv'),
    path('mail-test/', views.simple_form_view, name='mail-test'),
-    path('login/', method_decorator(ensure_csrf_cookie)(auth_views.LoginView.as_view(
+    path('login/', auth_views.LoginView.as_view(
        template_name='registration/login.html',
-        form_class=EmailOrUsernameAuthenticationForm
-    )), name='login'),
+        authentication_form=EmailOrUsernameAuthenticationForm
+    ), name='login'),
+    path('password_change/',
+        auth_views.PasswordChangeView.as_view(
+            success_url='/profile/',  # Redirect back to profile after success
+            form_class=CustomPasswordChangeForm
+        ),
+        name='password_change'
+    ),
    path('logout/', auth_views.LogoutView.as_view(), name='logout'),
    path('signup/', views.signup, name='signup'),  # URL pattern for signup
 #    path('profile/', views.profile, name='profile'),  # URL pattern for signup
--- a/tournaments/views.py
+++ b/tournaments/views.py
@ -583,24 +583,24 @@ def send_email(mail, name):
    email.send()

 def signup(request):
-    next_url = request.GET.get('next', '/')  # Get the 'next' parameter from the request
-    print('next_url', next_url)
+    next_url = request.GET.get('next', '/')

    if request.method == 'POST':
        form = SimpleCustomUserCreationForm(request.POST)
        if form.is_valid():
            user = form.save(commit=False)
-            user.is_active = False  # Deactivate account until email is verified
+            user.is_active = False
            user.save()

-            # Send verification email
            send_verification_email(request, user, next_url)

            messages.success(request, "Votre compte a été créé ! Veuillez vérifier votre e-mail pour confirmer votre compte.")
-            return redirect(next_url)  # Redirect directly to the 'next' URL
+            return redirect(next_url)
    else:
        form = SimpleCustomUserCreationForm()
-    return render(request, 'registration/signup.html', {'form': form})
+
+    response = render(request, 'registration/signup.html', {'form': form})
+    return response

 def send_verification_email(request, user, next_url):
    print('next_url', next_url)