Moving login and logout functions to subdomains

8 files changed, 65 insertions, 15 deletions

diff --git a/middleware/subdomainmiddleware.py b/middleware/subdomainmiddleware.py
index 479c74d6..b2f39711 100644
--- a/middleware/subdomainmiddleware.py
+++ b/middleware/subdomainmiddleware.py
@@ -24,6 +24,9 @@ class SubdomainURLRouting:
         configured_subdomains = getattr(settings, 'CONFIGURED_SUBDOMAINS', {})
         if request.subdomain:
             if request.subdomain in configured_subdomains:
+                if request.META.get('HTTP_REFERER') is None:
+                    request.META['HTTP_REFERER'] = 'https://{}{}'.format(request.subdomain, settings.HOSTS[0])
+
                 request.urlconf = configured_subdomains[request.subdomain] + '.urls'
             else:
                 if '*' in configured_subdomains:
diff --git a/templates/blog/partials/base.html b/templates/blog/partials/base.html
index e3bf685a..5ba143b9 100644
--- a/templates/blog/partials/base.html
+++ b/templates/blog/partials/base.html
@@ -9,6 +9,7 @@
       name="description"
       content="Welcome to the home of That Computer Scientist. I am Kumar Priyansh. This is my personal website where I share all of my thoughts, ideas, and experiences."
     />
+    <meta name="referrer" content="{{ request.get_host }}" />
     <title>That Computer Scientist - {{ title }}</title>
     <link preload rel="stylesheet" href="{% static 'css/fonts.css' %}" />
     <link preload rel="stylesheet" href="{% static 'css/main.css' %}" />
@@ -43,7 +44,8 @@
           Source Code
         </a></li>
         {% if user.is_authenticated %}
-          <li><a href="{% url 'users:logout' %}">Logout</a></li>
+          {% load subdomainurls %}
+          <li><a href="{% subdomain_url 'users:logout' 'accounts' request.build_absolute_uri %}">Logout</a></li>
         {% endif %}
       </ul>
       <hr>
diff --git a/templates/blog/partials/sidebar.html b/templates/blog/partials/sidebar.html
index 8bf55602..c9bfcfae 100644
--- a/templates/blog/partials/sidebar.html
+++ b/templates/blog/partials/sidebar.html
@@ -6,12 +6,13 @@
     <!-- Login Box -->
     </a> {% endcomment %}
     <div class="lgn-area">
+        {% load subdomainurls %}
     <div>
         {% if user.is_authenticated %}
         {% else %}
         <fieldset>
             <legend>Login Area</legend>
-            <form method="post" action="{% url 'users:login' %} ">
+            <form method="post" action="{% subdomain_url 'users:login' 'accounts' request.build_absolute_uri %}">
                 {% csrf_token %}
                 <label for="username">Username</label>
                 <input type="text" id="username" name="username" placeholder="Username" autocomplete="off">
diff --git a/thatcomputerscientist/settings.py b/thatcomputerscientist/settings.py
index 479fbd5d..304c8815 100644
--- a/thatcomputerscientist/settings.py
+++ b/thatcomputerscientist/settings.py
@@ -31,9 +31,10 @@ SECRET_KEY = os.getenv('AUTHORIZATION_STRING')
 DEBUG = os.getenv('ENVIRONMENT') == 'development' or False
 
 ALLOWED_HOSTS = ["*"]
-CSRF_TRUSTED_ORIGINS = ['http://*.localhost', 'https://*.thatcomputerscientist.com', 'https://*.thatcomputerscientist.fly.dev/']
-SESSION_COOKIE_DOMAIN = "localhost" if os.getenv('ENVIRONMENT') == 'development' else ".thatcomputerscientist.com"
-DOMAIN_NAME = "localhost" if os.getenv('ENVIRONMENT') == 'development' else "thatcomputerscientist.com"
+HOSTS = [".vcap.me"] if os.getenv('ENVIRONMENT') == 'development' else ".thatcomputerscientist.com"
+CSRF_TRUSTED_ORIGINS = ['http://*.localhost', 'https://*.thatcomputerscientist.com', 'https://*.thatcomputerscientist.fly.dev/', 'http://*.vcap.me']
+SESSION_COOKIE_DOMAIN = ".vcap.me" if os.getenv('ENVIRONMENT') == 'development' else ".thatcomputerscientist.com"
+DOMAIN_NAME = "vcap.me" if os.getenv('ENVIRONMENT') == 'development' else "thatcomputerscientist.com"
 
 # Application definition
 
@@ -68,6 +69,7 @@ MIDDLEWARE = [
 
 CONFIGURED_SUBDOMAINS = {
     '': 'thatcomputerscientist',
+    'accounts': 'users',
     '*': 'userpages',
 }
 
diff --git a/thatcomputerscientist/templatetags/subdomainurls.py b/thatcomputerscientist/templatetags/subdomainurls.py
new file mode 100644
index 00000000..fa8af0b0
--- /dev/null
+++ b/thatcomputerscientist/templatetags/subdomainurls.py
@@ -0,0 +1,29 @@
+from django.template import Library
+from django.urls import reverse
+from django.conf import settings
+
+register = Library()
+
[email protected]_tag
+def subdomain_url(view_name, subdomain = None, referrer = None, *args, **kwargs):
+    if subdomain == 'www':
+        subdomain = None
+
+    if subdomain is None:
+        return reverse(view_name, args=args, kwargs=kwargs)
+
+    if referrer:
+        return '{}://{}{}{}?referrer={}'.format(
+        'https' if settings.SECURE_SSL_REDIRECT else 'http',
+        subdomain,
+        settings.HOSTS[0],
+        reverse(view_name, args=args, kwargs=kwargs),
+        referrer
+    )
+
+    return '{}://{}{}{}'.format(
+        'https' if settings.SECURE_SSL_REDIRECT else 'http',
+        subdomain,
+        settings.HOSTS[0],
+        reverse(view_name, args=args, kwargs=kwargs)
+    )
diff --git a/thatcomputerscientist/urls.py b/thatcomputerscientist/urls.py
index 92828e7c..05799c33 100644
--- a/thatcomputerscientist/urls.py
+++ b/thatcomputerscientist/urls.py
@@ -21,7 +21,7 @@ from django.conf.urls.static import static
 urlpatterns = [
     path('admin/', admin.site.urls),
     path('', include('blog.urls', namespace='blog')),
-    path('users/', include('users.urls', namespace='users')),
+    path('', include(('users.urls', 'users'), namespace='users')),
     path('blog-admin/', include('blog_admin.urls', namespace='blog-admin')),
     path('', include(('userpages.urls', 'userpages'), namespace='userpages')),
     path('source/', include(('dev_status.urls', 'dev_status'), namespace='dev_status')),
diff --git a/users/urls.py b/users/urls.py
index c09d7e01..3589c7e0 100644
--- a/users/urls.py
+++ b/users/urls.py
@@ -4,6 +4,7 @@ from django.contrib import admin
 
 app_name = 'users'
 urlpatterns = [
+    path('', views.home, name='home'),
     path('login', views.login_user, name='login'),
     path('logout', views.logout_user, name='logout'),
     path('update', views.update_user, name='update'),
diff --git a/users/views.py b/users/views.py
index de762863..f1a6300b 100644
--- a/users/views.py
+++ b/users/views.py
@@ -1,4 +1,4 @@
-from django.http import HttpResponseRedirect
+from django.http import HttpResponseRedirect, HttpResponse
 from django.shortcuts import render, redirect
 from django.contrib.auth import authenticate, login, logout, update_session_auth_hash
 from django.contrib import messages
@@ -14,17 +14,28 @@ from django.contrib.sites.shortcuts import get_current_site
 from .tokens import account_activation_token, EmailChangeTokenGenerator
 from django.utils.http import urlsafe_base64_decode
 import django.contrib.auth.password_validation as validators
+from django.views.decorators.csrf import csrf_exempt
 
+def get_ref(request):
+    referrer = request.META.get('QUERY_STRING').split('referrer=')[1].split('?')[0]
+    return referrer or request.META.get('HTTP_REFERER')
+
+def home(request):
+    if request.user.is_authenticated:
+        return HttpResponse('Hello, {}! You are logged in!'.format(request.user))
+    else:
+        return HttpResponse('Hello, World! You are not logged in!')
+
+@csrf_exempt
 # Create your views here.
 def login_user(request):
-    # pass
-    next = request.POST.get('next', 'blog:home')
+    referrer = get_ref(request)
     username = request.POST['username']
     password = request.POST['password']
     print (username, password)
     if username == '' or password == '':
-        messages.error(request, 'Please fill in all fields.')
-        return HttpResponseRedirect(next + '?username=' + username)
+        messages.error(request, 'Please fill in all fields.', extra_tags='loginError')
+        return HttpResponseRedirect(referrer)
     else: 
         # check if email is verified
         user = authenticate(request, username=username, password=password)
@@ -32,17 +43,18 @@ def login_user(request):
             email_verified = UserProfile.objects.get(user=user.pk).email_verified
             if email_verified:
                 login(request, user)
-                return HttpResponseRedirect(next)
+                return HttpResponseRedirect(referrer)
             else:
                 messages.error(request, 'EVERR', extra_tags='loginError')
-                return HttpResponseRedirect(next + '?username=' + username)
+                return HttpResponseRedirect(referrer + '?username=' + username)
         else:
             messages.error(request, 'Invalid username or password.', extra_tags='loginError')
-            return HttpResponseRedirect(next + '?username=' + username)
+            return HttpResponseRedirect(referrer + '?username=' + username)
 
 def logout_user(request):
+    referrer = get_ref(request)
     logout(request)
-    return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
+    return HttpResponseRedirect(referrer)
 
 def update_user(request):
     username = request.user