def sign_up_confirmation(request, confirmation_key): ''' Handles the sign up confirmation ''' #Check ip has not been locked if is_already_locked(request): raise Http404 try: sign_up = SignUp.objects.get(confirmation_key=confirmation_key) except: #Log access attempt AccessLog.objects.create( user_agent=request.META.get('HTTP_USER_AGENT', '<unknown>')[:255], ip_address=get_ip(request), username=confirmation_key, http_accept=request.META.get('HTTP_ACCEPT', '<unknown>'), path_info=request.META.get('PATH_INFO', '<unknown>'), trusted=False, ) check_request(request, True) raise Http404 if request.method == 'POST': return sign_up_confirmation_post(request, sign_up) translation.activate(sign_up.language) return render(request, 'sign_up/choose_password.html', { 'confirmation_key': confirmation_key, })
def auth_view(request): ''' Handles the authentication from the login screen ''' if is_already_locked(request): return account_locked(request) username = request.POST.get('username', '').lower() password = request.POST.get('password', '') user = auth.authenticate(username=username, password=password) login_unsuccessful = user is None AccessLog.objects.create( user_agent=request.META.get('HTTP_USER_AGENT', '<unknown>')[:255], ip_address=get_ip(request), username=username, http_accept=request.META.get('HTTP_ACCEPT', '<unknown>'), path_info=request.META.get('PATH_INFO', '<unknown>'), trusted=not login_unsuccessful, ) check_request(request, login_unsuccessful) if not login_unsuccessful: auth.login(request, user) return HttpResponseRedirect('/') else: return HttpResponseRedirect('/accounts/invalid')
def auth_view(request): ''' Handles the authentication from the login screen ''' if is_already_locked(request): return account_locked(request) username = request.POST.get('username', '').lower() password = request.POST.get('password', '') user = auth.authenticate(username=username, password=password) login_unsuccessful = user is None AccessLog.objects.create( user_agent=request.META.get('HTTP_USER_AGENT', '<unknown>')[:255], ip_address=get_ip(request), username=username, http_accept=request.META.get('HTTP_ACCEPT', '<unknown>'), path_info=request.META.get('PATH_INFO', '<unknown>'), trusted=not login_unsuccessful, ) check_request(request, login_unsuccessful) if login_unsuccessful: return HttpResponseRedirect('/accounts/invalid') target_url = request.POST.get('next', '/') auth.login(request, user) return HttpResponseRedirect(target_url)
def watch_login(request, successful): axes_dec.AccessLog.objects.create( user_agent=request.META.get('HTTP_USER_AGENT', '<unknown>')[:255], ip_address=axes_dec.get_ip(request), username=request.data['username'], http_accept=request.META.get('HTTP_ACCEPT', '<unknown>'), path_info=request.META.get('PATH_INFO', '<unknown>'), trusted=successful) return axes_dec.check_request(request, not successful)
def test_custom_header_parsing(self): self.ip = '2001:db8:cafe::17' valid_headers = [ ' 2001:db8:cafe::17 , 2001:db8:cafe::18', ] for header in valid_headers: self.request.META[settings.AXES_REVERSE_PROXY_HEADER] = header self.assertEqual(self.ip, get_ip(self.request))
def watch_login(request, successful): axes_dec.AccessLog.objects.create( user_agent=request.META.get('HTTP_USER_AGENT', '<unknown>')[:255], ip_address=axes_dec.get_ip(request), username=request.data['username'], http_accept=request.META.get('HTTP_ACCEPT', '<unknown>'), path_info=request.META.get('PATH_INFO', '<unknown>'), trusted=successful ) return axes_dec.check_request(request, not successful)
def test_iis_ipv4_port_stripping(self): self.ip = '192.168.1.1' valid_headers = [ '192.168.1.1:6112', '192.168.1.1:6033, 192.168.1.2:9001', ] for header in valid_headers: self.request.META['HTTP_X_FORWARDED_FOR'] = header self.assertEqual(self.ip, get_ip(self.request))
def test_header_ordering(self): self.ip = '2.2.2.2' valid_headers = [ '4.4.4.4, 3.3.3.3, 2.2.2.2, 1.1.1.1', ' 3.3.3.3, 2.2.2.2, 1.1.1.1', ' 2.2.2.2, 1.1.1.1', ] for header in valid_headers: self.request.META[settings.AXES_REVERSE_PROXY_HEADER] = header self.assertEqual(self.ip, get_ip(self.request))
def test_valid_ipv6_parsing(self): self.ip = '2001:db8:cafe::17' valid_headers = [ '2001:db8:cafe::17', '2001:db8:cafe::17 , 2001:db8:cafe::18', '2001:db8:cafe::17, 2001:db8:cafe::18, 192.168.1.1', ] for header in valid_headers: self.request.META['HTTP_X_FORWARDED_FOR'] = header self.assertEqual(self.ip, get_ip(self.request))
def get_attemps(request): remain_times = 0 att = 0 try: attempts = AccessAttempt.objects.filter(ip_address=get_ip(request)) if len(attempts) > 0: for attempt in attempts: att = att + attempt.failures_since_start else: remain_times = FAILURE_LIMIT except: print 'something goes wrong!' remain_times = FAILURE_LIMIT - att return remain_times
def confirm_invite(request, confirmation_key): ''' View that confirms an email invite and allows the user to choose a password ''' #Check ip has not been locked if is_already_locked(request): raise Http404 try: invite = EmailConfirmation.objects.get( confirmation_key=confirmation_key) except: #Log access attempt AccessLog.objects.create( user_agent=request.META.get('HTTP_USER_AGENT', '<unknown>')[:255], ip_address=get_ip(request), username=confirmation_key, http_accept=request.META.get('HTTP_ACCEPT', '<unknown>'), path_info=request.META.get('PATH_INFO', '<unknown>'), trusted=False, ) check_request(request, True) return invalid_expired(request) if request.method != 'POST': #Ensure user is logged out auth.logout(request) language = invite.person.language translation.activate(language) return render( request, 'email_confirmation/confirm_invite.html', { 'invite': invite, 'person': invite.person, 'user_who_invited_person': invite.user_who_invited_person, }) else: return confirm_invite_post(request, invite)
def confirm_invite(request, confirmation_key): ''' View that confirms an email invite and allows the user to choose a password ''' #Check ip has not been locked if is_already_locked(request): raise Http404 try: invite = EmailConfirmation.objects.get(confirmation_key=confirmation_key) except: #Log access attempt AccessLog.objects.create( user_agent=request.META.get('HTTP_USER_AGENT', '<unknown>')[:255], ip_address=get_ip(request), username=confirmation_key, http_accept=request.META.get('HTTP_ACCEPT', '<unknown>'), path_info=request.META.get('PATH_INFO', '<unknown>'), trusted=False, ) check_request(request, True) return invalid_expired(request) if request.method != 'POST': #Ensure user is logged out auth.logout(request) template = loader.get_template('email_confirmation/confirm_invite.html') context = RequestContext(request,{ 'invite' : invite, 'person' : invite.person, 'user_who_invited_person' : invite.user_who_invited_person, }) response = template.render(context) return HttpResponse(response) else: return confirm_invite_post(request, invite)
def authenticate(self, username, password, request=None): request_info = request and "%s %s" % (request.path, get_ip(request)) or "" if not username or not password: logger.info("Log In Failure [Empty] %s %s" % (username, request_info)) return None try: server = Server(settings.AD_SERVER_NAME, use_ssl=True) conn = Connection(server, "%s\\%s" % (settings.AD_DOMAIN, username), password, auto_bind=True, authentication=NTLM) user = conn.bound and self.get_or_create_user(username, conn) or None if user is not None: pass else: logger.info("Log In Failure [NOTFOUND] %s %s" % (username, request_info)) return user except LDAPBindError: logger.info("Log In Failure [LDAP] %s %s" % (username, request_info)) return None
def decorated_login(request, *args, **kwargs): # share some useful information if func.__name__ != 'decorated_login' and VERBOSE: # pragma: no cover log.info('AXES: Calling decorated function: %s' % func.__name__) if args: log.info('args: %s' % str(args)) if kwargs: log.info('kwargs: %s' % kwargs) # call the login function response = func(request, *args, **kwargs) if func.__name__ == 'decorated_login': # pragma: no cover return response if request.method == 'POST': # see if the login was successful login_unsuccessful = (response and not response.has_header('location') and response.status_code != 302) user_agent = request.META.get('HTTP_USER_AGENT', '<unknown>')[:255] http_accept = request.META.get('HTTP_ACCEPT', '<unknown>')[:1025] path_info = request.META.get('PATH_INFO', '<unknown>')[:255] AccessLog.objects.create( user_agent=user_agent, ip_address=get_ip(request), username=request.POST.get(USERNAME_FORM_FIELD, None), http_accept=http_accept, path_info=path_info, trusted=not login_unsuccessful, ) if check_request(request, login_unsuccessful): return response else: response.data = {"error_type": "LoginAttemptsExceededError"} response.content = response.rendered_content return response return response
def test_invalid_headers_no_ip(self): self.request.META[settings.AXES_REVERSE_PROXY_HEADER] = '' with self.assertRaises(Warning): get_ip(self.request)
def post_logged_out(sender, request, user, **kwargs): request_info = "%s %s" % (request.path, get_ip(request)) logger.info("Log Out %s %s" % (user and user.username or "none", request_info))
def post_login_failed(sender, request, credentials, **kwargs): request_info = "%s %s" % (request.path, get_ip(request)) logger.info("Signal Log In Failure %s %s" % (credentials.get("username", "-"), request_info))
def post_logged_in(sender, request, user, **kwargs): request_info = "%s %s" % (request.path, get_ip(request)) logger.info("Log In Success %s %s" % (user.username, request_info))