diff --git a/openslides/users/static/js/users/site.js b/openslides/users/static/js/users/site.js index 01d41d968..0e5ad7035 100644 --- a/openslides/users/static/js/users/site.js +++ b/openslides/users/static/js/users/site.js @@ -555,14 +555,14 @@ angular.module('OpenSlidesApp.users.site', ['OpenSlidesApp.users']) '/users/setpassword/', {'old_password': $scope.oldPassword, 'new_password': $scope.newPassword} ).then( - function(data) { + function (response) { // Success. $state.go('users.user.list'); }, - function(data) { + function (response) { // Error, e. g. wrong old password. $scope.oldPassword = $scope.newPassword = $scope.newPassword2 = ''; - $scope.formError = data; + $scope.formError = response.data.detail; } ); } @@ -709,8 +709,8 @@ angular.module('OpenSlidesApp.users.site', ['OpenSlidesApp.users']) 'operator', 'ngDialog', function($scope, $http, DS, User, operator, ngDialog) { - $scope.logout = function() { - $http.post('/users/logout/').success(function(data) { + $scope.logout = function () { + $http.post('/users/logout/').then(function (response) { operator.setUser(null); // TODO: remove all data from cache and reload page // DS.flush(); @@ -747,18 +747,20 @@ angular.module('OpenSlidesApp.users.site', ['OpenSlidesApp.users']) $http.post( '/users/login/', {'username': $scope.username, 'password': $scope.password} - ).success(function(data) { - if (data.success) { - operator.setUser(data.user_id); + ).then( + function (response) { + // Success: User logged in. + operator.setUser(response.data.user_id); $scope.closeThisDialog(); - } else { + }, + function (response) { + // Error: Username or password is not correct. $scope.alerts.push({ type: 'danger', - msg: gettextCatalog.getString('Username or password was not correct.') + msg: response.data.detail }); - //Username or password is not correct. } - }); + ); }; // guest login $scope.guestLogin = function () { diff --git a/openslides/users/views.py b/openslides/users/views.py index 905f600ce..938194609 100644 --- a/openslides/users/views.py +++ b/openslides/users/views.py @@ -195,18 +195,14 @@ class UserLoginView(APIView): def post(self, *args, **kwargs): form = AuthenticationForm(self.request, data=self.request.data) - if form.is_valid(): - self.user = form.get_user() - auth_login(self.request, self.user) - self.success = True - else: - self.success = False + if not form.is_valid(): + raise ValidationError({'detail': _('Username or password is not correct.')}) + self.user = form.get_user() + auth_login(self.request, self.user) return super().post(*args, **kwargs) def get_context_data(self, **context): - context['success'] = self.success - if self.success: - context['user_id'] = self.user.pk + context['user_id'] = self.user.pk return super().get_context_data(**context) @@ -217,6 +213,8 @@ class UserLogoutView(APIView): http_method_names = ['post'] def post(self, *args, **kwargs): + if not self.request.user.is_authenticated(): + raise ValidationError({'detail': _('You are not authenticated.')}) auth_logout(self.request) return super().post(*args, **kwargs) @@ -250,7 +248,7 @@ class SetPasswordView(APIView): user.set_password(request.data['new_password']) user.save() else: - raise ValidationError(_('Password does not match.')) + raise ValidationError({'detail': _('Old password does not match.')}) return super().post(request, *args, **kwargs) diff --git a/tests/integration/users/test_views.py b/tests/integration/users/test_views.py index 97a7678be..f3aceac17 100644 --- a/tests/integration/users/test_views.py +++ b/tests/integration/users/test_views.py @@ -43,7 +43,7 @@ class TestUserLogoutView(TestCase): def test_post_anonymous(self): response = self.client.post(self.url) - self.assertEqual(response.status_code, 200) + self.assertEqual(response.status_code, 400) def test_post_authenticated_user(self): self.client.login(username='admin', password='admin') @@ -69,8 +69,7 @@ class TestUserLoginView(TestCase): def test_post_no_data(self): response = self.client.post(self.url) - self.assertEqual(response.status_code, 200) - self.assertEqual(response.content, b'{"success":false}') + self.assertEqual(response.status_code, 400) def test_post_correct_data(self): response = self.client.post( @@ -80,17 +79,14 @@ class TestUserLoginView(TestCase): self.assertEqual(response.status_code, 200) self.assertEqual( json.loads(response.content.decode('utf-8')), - {'success': True, 'user_id': 1}) + {'user_id': 1}) def test_post_incorrect_data(self): response = self.client.post( self.url, {'username': 'wrong', 'password': 'wrong'}) - self.assertEqual(response.status_code, 200) - self.assertEqual( - json.loads(response.content.decode('utf-8')), - {'success': False}) + self.assertEqual(response.status_code, 400) class TestUsersPasswordsPDF(TestCase):