From 416efd52672387d98ad38af6661c1ce07ac2d739 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@ens.fr>
Date: Mon, 21 Dec 2020 13:38:18 +0100
Subject: [PATCH] =?UTF-8?q?Authentification=20CAS=20par=20d=C3=A9faut,=20p?=
 =?UTF-8?q?ermet=20de=20choisir=20entre=20CAS=20et=20mdp=20lorsque=20la=20?=
 =?UTF-8?q?variable=20`election`=20exite=20dans=20le=20template?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 elections/mixins.py                     |  2 +-
 elections/models.py                     |  6 ++++
 shared/auth/forms.py                    |  4 +--
 shared/auth/views.py                    |  4 ++-
 shared/templates/auth/login_select.html | 44 +++++++++++++++++++++++++
 shared/templates/auth/pwd_login.html    | 38 +++++++++++++++++++++
 shared/templates/base.html              | 11 ++++++-
 7 files changed, 104 insertions(+), 5 deletions(-)

diff --git a/elections/mixins.py b/elections/mixins.py
index a54c583..484d7da 100644
--- a/elections/mixins.py
+++ b/elections/mixins.py
@@ -76,7 +76,7 @@ class CreatorOnlyEditMixin(CreatorOnlyMixin, SingleObjectMixin):
         return filters
 
 
-class AdministratorOnlyMixin:
+class AdministratorOnlyMixin(LoginRequiredMixin):
     """Restreint l'accès aux admins"""
 
 
diff --git a/elections/models.py b/elections/models.py
index 0eafee0..58befe9 100644
--- a/elections/models.py
+++ b/elections/models.py
@@ -34,6 +34,12 @@ class Election(models.Model):
 
     archived = models.BooleanField(_("archivée"), default=False)
 
+    @property
+    def preferred_method(self):
+        if self.restricted:
+            return "PWD"
+        return "CAS"
+
     class Meta:
         ordering = ["-start_date", "-end_date"]
 
diff --git a/shared/auth/forms.py b/shared/auth/forms.py
index a4e8765..be55a01 100644
--- a/shared/auth/forms.py
+++ b/shared/auth/forms.py
@@ -5,7 +5,7 @@ from django.utils.translation import gettext_lazy as _
 
 
 class ElectionAuthForm(forms.Form):
-    """Adapts Django's AuthenticationForm to allow for OldCAS login."""
+    """Adapts Django's AuthenticationForm to allow for an election specific login."""
 
     login = auth_forms.UsernameField(label=_("Identifiant"), max_length=255)
     password = forms.CharField(label=_("Mot de passe"), strip=False)
@@ -17,7 +17,7 @@ class ElectionAuthForm(forms.Form):
         super().__init__(*args, **kwargs)
 
     def clean(self):
-        login = self.cleaned_data.get("cas_login")
+        login = self.cleaned_data.get("login")
         password = self.cleaned_data.get("password")
         election_id = self.cleaned_data.get("election_id")
 
diff --git a/shared/auth/views.py b/shared/auth/views.py
index e9b0986..831e42a 100644
--- a/shared/auth/views.py
+++ b/shared/auth/views.py
@@ -45,6 +45,8 @@ class LoginSelectView(NextPageMixin, TemplateView):
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         context["next"] = self.get_next_url()
+        context["method"] = self.request.GET.get("method", "CAS")
+        context["election_id"] = self.request.GET.get("election_id", None)
 
         return context
 
@@ -82,7 +84,7 @@ class PasswordLoginView(auth_views.LoginView):
     authentication_form = ElectionAuthForm
 
     def get_initial(self):
-        return {"election_id": self.request.GET.get("election", None)}
+        return {"election_id": self.request.GET.get("election_id", None)}
 
 
 class LogoutView(auth_views.LogoutView):
diff --git a/shared/templates/auth/login_select.html b/shared/templates/auth/login_select.html
index 37d50df..50af8a0 100644
--- a/shared/templates/auth/login_select.html
+++ b/shared/templates/auth/login_select.html
@@ -1,3 +1,47 @@
 {% extends "base.html" %}
 {% load i18n %}
 
+
+{% block content %}
+
+<h1 class="title">{% trans "Choisissez la méthode de connexion" %}</h1>
+<hr>
+
+{# Indications de connexion #}
+<div class="message is-warning">
+  <div class="message-body">
+    {% if method == "PWD" %}
+    {% trans "Pour voter lors de cette élection, vous devez vous connecter à l'aide des identifiants reçus par mail. Choisissez la connexion par mot de passe." %}
+    {% else %}
+    {% trans "Pour voter lors de cette élection, vous devez vous connecter à l'aide du CAS élève." %}
+    {% endif %}
+  </div>
+</div>
+
+
+<div class="tile is-ancestor">
+  <div class="tile is-parent">
+    <a class="tile is-child notification is-primary" href="{% url "auth.cas" %}?next={{ next }}">
+      <div class="subtitle has-text-centered mb-2">
+        <span class="icon has-text-white">
+          <i class="fas fa-school"></i>
+        </span>
+        <span class="ml-3">{% trans "Connexion via CAS" %}</span>
+      </div>
+    </a>
+  </div>
+
+  <div class="tile is-parent">
+    <a class="tile is-child notification" href="{% url "auth.pwd" %}?next={{ next }}&election_id={{ election_id }}">
+      <div class="subtitle has-text-centered mb-2">
+        <span class="icon">
+          <i class="fas fa-key"></i>
+        </span>
+        <span class="ml-3">{% trans "Connexion par mot de passe" %}</span>
+      </div>
+    </a>
+  </div>
+</div>
+
+
+{% endblock %}
diff --git a/shared/templates/auth/pwd_login.html b/shared/templates/auth/pwd_login.html
index c4c0b0f..4819b09 100644
--- a/shared/templates/auth/pwd_login.html
+++ b/shared/templates/auth/pwd_login.html
@@ -1,2 +1,40 @@
 {% extends "base.html" %}
 {% load i18n %}
+
+
+{% block content %}
+
+<h1 class="title">{% trans "Connexion par mot de passe" %}</h1>
+<hr>
+
+<div class="columns is-centered">
+  <div class="column is-two-thirds">
+    <form action="" method="post">
+      {% csrf_token %}
+      {{ form.errors }}
+
+      {% include "forms/form.html" with errors=True %}
+
+      <div class="field is-grouped is-centered">
+        <div class="control is-expanded">
+          <button class="button is-fullwidth is-outlined is-primary is-light">
+            <span class="icon is-small">
+              <i class="fas fa-check"></i>
+            </span>
+            <span>{% trans "Enregistrer" %}</span>
+          </button>
+        </div>
+        <div class="control">
+          <a class="button is-primary" href="{% url 'auth.select' %}?next={{ next }}&election_id={{ election_id }}&method={{ method }}">
+            <span class="icon is-small">
+              <i class="fas fa-undo-alt"></i>
+            </span>
+            <span>{% trans "Retour" %}</span>
+          </a>
+        </div>
+      </div>
+    </form>
+  </div>
+</div>
+
+{% endblock %}
diff --git a/shared/templates/base.html b/shared/templates/base.html
index c46d9eb..4facd59 100644
--- a/shared/templates/base.html
+++ b/shared/templates/base.html
@@ -42,6 +42,7 @@
         <h1 class="has-text-primary-light is-size-1 is-family-secondary">Kadenios</h1>
       </div>
     </div>
+
     <div class="level-right pr-5">
       {% if user.is_authenticated %}
       <div class="level-item mr-5">
@@ -49,16 +50,24 @@
           {% blocktrans with name=user.base_username connection=user.connection_method %}Connecté·e en tant que {{ name }} par {{ connection }}{% endblocktrans %}
         </div>
       </div>
+
       <div class="level-item ml-3">
         <a class="icon is-size-1 has-text-white" href="{% url 'auth.logout' %}?next={{ view.get_next_url }}">
           <i class="fas fa-sign-out-alt"></i>
         </a>
       </div>
       {% else %}
+
       <div class="level-item">
-        <a class="icon is-size-1 has-text-white" href="{% url 'auth.select' %}?next={{ request.path }}">
+        {% if election %}
+        <a class="icon is-size-1 has-text-white" href="{% url 'auth.select' %}?next={{ request.path }}&election_id={{ election.id }}&method={{ election.preferred_method }}">
           <i class="fas fa-sign-in-alt"></i>
         </a>
+        {% else %}
+        <a class="icon is-size-1 has-text-white" href="{% url 'auth.cas' %}?next={{ request.path }}">
+          <i class="fas fa-sign-in-alt"></i>
+        </a>
+        {% endif %}
       </div>
       {% endif %}
     </div>