Fixed login, logout and password change view.

openslides/users/static/js/users/site.js

@@ -555,14 +555,14 @@ angular.module('OpenSlidesApp.users.site', ['OpenSlidesApp.users'])
                     '/users/setpassword/',
                     {'old_password': $scope.oldPassword, 'new_password': $scope.newPassword}
                 ).then(
-                    function(data) {
+                    function (response) {
                         // Success.
                         $state.go('users.user.list');
                     },
-                    function(data) {
+                    function (response) {
                         // Error, e. g. wrong old password.
                         $scope.oldPassword = $scope.newPassword = $scope.newPassword2 = '';
-                        $scope.formError = data;
+                        $scope.formError = response.data.detail;
                     }
                 );
             }
@@ -709,8 +709,8 @@ angular.module('OpenSlidesApp.users.site', ['OpenSlidesApp.users'])
     'operator',
     'ngDialog',
     function($scope, $http, DS, User, operator, ngDialog) {
-        $scope.logout = function() {
+        $scope.logout = function () {
-            $http.post('/users/logout/').success(function(data) {
+            $http.post('/users/logout/').then(function (response) {
                 operator.setUser(null);
                 // TODO: remove all data from cache and reload page
                 // DS.flush();
@@ -747,18 +747,20 @@ angular.module('OpenSlidesApp.users.site', ['OpenSlidesApp.users'])
             $http.post(
                 '/users/login/',
                 {'username': $scope.username, 'password': $scope.password}
-            ).success(function(data) {
+            ).then(
-                if (data.success) {
+                function (response) {
-                    operator.setUser(data.user_id);
+                    // Success: User logged in.
+                    operator.setUser(response.data.user_id);
                     $scope.closeThisDialog();
-                } else {
+                },
+                function (response) {
+                    // Error: Username or password is not correct.
                     $scope.alerts.push({
                         type: 'danger',
-                        msg: gettextCatalog.getString('Username or password was not correct.')
+                        msg: response.data.detail
                     });
-                    //Username or password is not correct.
                 }
-            });
+            );
         };
         // guest login
         $scope.guestLogin = function () {

openslides/users/views.py

@@ -195,17 +195,13 @@ class UserLoginView(APIView):
 
     def post(self, *args, **kwargs):
         form = AuthenticationForm(self.request, data=self.request.data)
-        if form.is_valid():
+        if not form.is_valid():
+            raise ValidationError({'detail': _('Username or password is not correct.')})
         self.user = form.get_user()
         auth_login(self.request, self.user)
-            self.success = True
-        else:
-            self.success = False
         return super().post(*args, **kwargs)
 
     def get_context_data(self, **context):
-        context['success'] = self.success
-        if self.success:
         context['user_id'] = self.user.pk
         return super().get_context_data(**context)
 
@@ -217,6 +213,8 @@ class UserLogoutView(APIView):
     http_method_names = ['post']
 
     def post(self, *args, **kwargs):
+        if not self.request.user.is_authenticated():
+            raise ValidationError({'detail': _('You are not authenticated.')})
         auth_logout(self.request)
         return super().post(*args, **kwargs)
 
@@ -250,7 +248,7 @@ class SetPasswordView(APIView):
             user.set_password(request.data['new_password'])
             user.save()
         else:
-            raise ValidationError(_('Password does not match.'))
+            raise ValidationError({'detail': _('Old password does not match.')})
         return super().post(request, *args, **kwargs)
 
 

tests/integration/users/test_views.py

@@ -43,7 +43,7 @@ class TestUserLogoutView(TestCase):
     def test_post_anonymous(self):
         response = self.client.post(self.url)
 
-        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.status_code, 400)
 
     def test_post_authenticated_user(self):
         self.client.login(username='admin', password='admin')
@@ -69,8 +69,7 @@ class TestUserLoginView(TestCase):
     def test_post_no_data(self):
         response = self.client.post(self.url)
 
-        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.status_code, 400)
-        self.assertEqual(response.content, b'{"success":false}')
 
     def test_post_correct_data(self):
         response = self.client.post(
@@ -80,17 +79,14 @@ class TestUserLoginView(TestCase):
         self.assertEqual(response.status_code, 200)
         self.assertEqual(
             json.loads(response.content.decode('utf-8')),
-            {'success': True, 'user_id': 1})
+            {'user_id': 1})
 
     def test_post_incorrect_data(self):
         response = self.client.post(
             self.url,
             {'username': 'wrong', 'password': 'wrong'})
 
-        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.status_code, 400)
-        self.assertEqual(
-            json.loads(response.content.decode('utf-8')),
-            {'success': False})
 
 
 class TestUsersPasswordsPDF(TestCase):