From 1527f07fa315bd57ab167f299d77e2c1cb7b1c41 Mon Sep 17 00:00:00 2001
From: Gesche Gierse <gesche@someserver.de>
Date: Tue, 4 May 2021 23:13:35 +0200
Subject: [PATCH] login: make login required and add a login html

---
 stories/stories/settings.py                   |  2 ++
 stories/stories/urls.py                       |  1 +
 .../templates/registration/login.html         | 36 +++++++++++++++++++
 stories/writingtogether/tests/test_views.py   |  5 +--
 stories/writingtogether/views.py              | 13 +++----
 5 files changed, 49 insertions(+), 8 deletions(-)
 create mode 100644 stories/writingtogether/templates/registration/login.html

diff --git a/stories/stories/settings.py b/stories/stories/settings.py
index de5ab2f..e39078b 100644
--- a/stories/stories/settings.py
+++ b/stories/stories/settings.py
@@ -119,3 +119,5 @@ USE_TZ = True
 # https://docs.djangoproject.com/en/3.1/howto/static-files/
 
 STATIC_URL = '/static/'
+
+LOGIN_URL = '/accounts/login/'
diff --git a/stories/stories/urls.py b/stories/stories/urls.py
index 7da4322..7e21201 100644
--- a/stories/stories/urls.py
+++ b/stories/stories/urls.py
@@ -18,5 +18,6 @@ from django.urls import path, include
 
 urlpatterns = [
     path('writing/', include('writingtogether.urls')),
+    path('accounts/', include('django.contrib.auth.urls')),
     path('admin/', admin.site.urls),
 ]
diff --git a/stories/writingtogether/templates/registration/login.html b/stories/writingtogether/templates/registration/login.html
new file mode 100644
index 0000000..cabf78a
--- /dev/null
+++ b/stories/writingtogether/templates/registration/login.html
@@ -0,0 +1,36 @@
+{% block content %}
+
+{% if form.errors %}
+<p>Your username and password didn't match. Please try again.</p>
+{% endif %}
+
+{% if next %}
+    {% if user.is_authenticated %}
+    <p>Your account doesn't have access to this page. To proceed,
+    please login with an account that has access.</p>
+    {% else %}
+    <p>Please login to see this page.</p>
+    {% endif %}
+{% endif %}
+
+<form method="post" action="{% url 'login' %}">
+{% csrf_token %}
+<table>
+<tr>
+    <td>{{ form.username.label_tag }}</td>
+    <td>{{ form.username }}</td>
+</tr>
+<tr>
+    <td>{{ form.password.label_tag }}</td>
+    <td>{{ form.password }}</td>
+</tr>
+</table>
+
+<input type="submit" value="login">
+<input type="hidden" name="next" value="{{ next }}">
+</form>
+
+{# Assumes you setup the password_reset view in your URLconf #}
+<p><a href="{% url 'password_reset' %}">Lost password?</a></p>
+
+{% endblock %}
\ No newline at end of file
diff --git a/stories/writingtogether/tests/test_views.py b/stories/writingtogether/tests/test_views.py
index 36cb83e..4dfb6b6 100644
--- a/stories/writingtogether/tests/test_views.py
+++ b/stories/writingtogether/tests/test_views.py
@@ -9,8 +9,9 @@ User = get_user_model()
 
 class TestViews(TestCase):
     def setUp(self) -> None:
-        self.user1 = User.objects.create(username='player1')
-        self.user2 = User.objects.create(username='player2')
+        self.user1 = User.objects.create_user(username='player1', password='12345')
+        self.user2 = User.objects.create_user(username='player2')
+        self.client.login(username='player1', password='12345')
 
     def test_create_story_round_two_rounds(self):
 
diff --git a/stories/writingtogether/views.py b/stories/writingtogether/views.py
index ec7454c..dbb3790 100644
--- a/stories/writingtogether/views.py
+++ b/stories/writingtogether/views.py
@@ -1,4 +1,5 @@
 from django import forms
+from django.contrib.auth.mixins import LoginRequiredMixin
 from django.http import HttpResponseRedirect
 from django.shortcuts import render, get_object_or_404
 
@@ -10,7 +11,7 @@ from django.views.generic import CreateView, UpdateView, RedirectView
 from writingtogether.models import Story, StoryPart, StoryRound
 
 
-class IndexView(generic.ListView):
+class IndexView(LoginRequiredMixin, generic.ListView):
     template_name = 'writingtogether/index.html'
     context_object_name = 'open_story_round_list'
 
@@ -19,12 +20,12 @@ class IndexView(generic.ListView):
         return StoryRound.objects.order_by('-created')[:5]
 
 
-class DetailView(generic.DetailView):
+class DetailView(LoginRequiredMixin, generic.DetailView):
     model = StoryRound
     template_name = 'writingtogether/detail.html'
 
 
-class StoryRoundCreate(CreateView):
+class StoryRoundCreate(LoginRequiredMixin, CreateView):
     model = StoryRound
     fields = ['name', 'participants', 'number_of_rounds']
     success_url = reverse_lazy('writing:index')
@@ -53,12 +54,12 @@ class StoryRoundCreate(CreateView):
         return HttpResponseRedirect(self.get_success_url())
 
 
-class StoryUpdate(UpdateView):
+class StoryUpdate(LoginRequiredMixin, UpdateView):
     model = Story
     fields = ['name']
 
 
-class StoryPartUpdate(UpdateView):
+class StoryPartUpdate(LoginRequiredMixin, UpdateView):
     model = StoryPart
     fields = ['text']
     template_name = 'writingtogether/story_part.html'
@@ -70,7 +71,7 @@ class StoryPartUpdate(UpdateView):
     #    return super().form_valid(form)
 
 
-class RedirectToNextOpenPart(RedirectView):
+class RedirectToNextOpenPart(LoginRequiredMixin, RedirectView):
     permanent = False
     query_string = True
     pattern_name = 'writing:update_story_part'