login code; base template

templates/auth_logged_in.html

@@ -0,0 +1,8 @@
+{% extends "base.html" %}
+
+{% block body %}
+<p>You are logged in as {{ user.username }}.</p>
+<form action="/auth" method="POST">
+<input type="submit" value="Log out">
+</form>
+{% endblock %}

templates/auth_login.html

@@ -0,0 +1,11 @@
+{% extends "base.html" %}
+
+{% block body %}
+<form action="/auth" method="POST">
+<h3>Log in</h3>
+<ul>
+{{ auth_form.as_ul }}
+</ul>
+<input type="submit" value="Log in">
+</form>
+{% endblock %}

templates/base.html

@@ -0,0 +1,12 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+    <title>{% block title %}Music Hub{% endblock %}</title>
+    {% block extra_head %}{% endblock %}
+</head>
+<body>
+{% block body %}{% endblock %}
+</body>
+</html>

tests.py

@@ -115,7 +115,42 @@ def test_get_file(self):
 class OtherPagesTest(unittest.TestCase):
     def setUp(self):
         self.client = Client()
+        self.gigel = User.objects.create_user('gigel', 'gigel@example.com', 'gigi')
+
+    def tearDown(self):
+        self.gigel.delete()
 
     def test_404(self):
         response = self.client.get('/no_such_file')
         self.failUnlessEqual(response.status_code, 404)
+
+    def test_login(self):
+        # login page
+        response = self.client.get('/auth')
+        self.failUnlessEqual(response.status_code, 200)
+        self.failUnless('Log in' in response.content)
+        self.failUnless('<form' in response.content)
+
+        # submit login (bad user)
+        response = self.client.post('/auth', {'do': 'login', 'username': 'bebe', 'password': '123'})
+        self.failUnlessEqual(response.status_code, 200)
+        self.failUnless('Please enter a correct username and password' in response.content)
+
+        # submit login (good user)
+        response = self.client.post('/auth', {'do': 'login', 'username': 'gigel', 'password': 'gigi'})
+        self.failUnlessEqual(response.status_code, 200)
+        self.failUnless('You are logged in as gigel' in self.client.get('/auth').content)
+
+    def test_logout(self):
+        self.failUnless(self.client.login(username='gigel', password='gigi'))
+
+        # check auth page
+        response = self.client.get('/auth')
+        self.failUnlessEqual(response.status_code, 200)
+        self.failUnless('You are logged in as gigel' in self.client.get('/auth').content)
+
+        # check log out
+        response = self.client.post('/auth', {'do': 'logout'})
+        self.failUnlessEqual(response.status_code, 200)
+        self.failUnless('Log in' in response.content)
+        self.failUnless('<form' in response.content)

urls.py

@@ -13,5 +13,7 @@
     (r'^list/(?P<username>[^/]+)$', 'music_hub.views.file_listing'),
     (r'^files/(?P<file_code>[0-9a-f]+)$', 'music_hub.views.get_file'),
 
+    (r'^auth$', 'music_hub.views.auth'),
+
     (r'^admin/(.*)', admin.site.root),
 )

views.py

@@ -1,10 +1,6 @@
-import os
 from django.shortcuts import render_to_response, get_object_or_404
-from django.core.files.uploadedfile import SimpleUploadedFile
 from django.contrib.auth.models import User, AnonymousUser
-from django.core.exceptions import ObjectDoesNotExist
 from django.http import HttpResponse, HttpResponseNotAllowed, HttpResponseForbidden, HttpResponseBadRequest
-from django.core.servers.basehttp import FileWrapper
 from django.conf import settings
 
 from models import MusicFile, MusicFileForm
@@ -26,6 +22,7 @@ def upload(request):
     return render_to_response('file_upload.html', {'form': form})
 
 def delete(request):
+    from django.core.exceptions import ObjectDoesNotExist
     if request.method != 'POST':
         return HttpResponseNotAllowed(['POST'])
 
@@ -48,6 +45,8 @@ def file_listing(request, username):
     return render_to_response('file_list.html', {'files': files})
 
 def get_file(request, file_code):
+    import os
+    from django.core.servers.basehttp import FileWrapper
     if isinstance(request.user, AnonymousUser):
         return HttpResponseForbidden('Only logged-in users can download files.')
 
@@ -60,3 +59,36 @@ def get_file(request, file_code):
     response['Content-Disposition'] = 'attachment; filename=%s' % music_file.file_name
     response['Content-Length'] = os.path.getsize(file_path)
     return response
+
+def auth(request):
+    from django.contrib.auth.forms import AuthenticationForm
+    from django.contrib.auth import login, logout
+
+    if isinstance(request.user, AnonymousUser):
+        if request.method == 'POST':
+            if request.POST.get('do', None) != 'login':
+                return HttpResponseBadRequest('Logged-in users can only perform logout.')
+
+            auth_form = AuthenticationForm(request, request.POST)
+            if auth_form.is_valid():
+                login(request, auth_form.get_user())
+                if request.session.test_cookie_worked():
+                    request.session.delete_test_cookie()
+                return render_to_response('auth_logged_in.html', {'user': request.user})
+
+        else:
+            auth_form = AuthenticationForm()
+
+        request.session.set_test_cookie()
+        return render_to_response('auth_login.html', {'auth_form': auth_form})
+
+    else:
+        if request.method == 'POST':
+            if request.POST.get('do', None) != 'logout':
+                return HttpResponseBadRequest('Logged-in users can only perform logout.')
+
+            logout(request)
+            return render_to_response('auth_login.html', {'auth_form': AuthenticationForm()})
+
+        else:
+            return render_to_response('auth_logged_in.html', {'user': request.user})