def redirect_to_default(req, domain=None):
if not req.user.is_authenticated:
if domain != None:
url = reverse('domain_login', args=[domain])
else:
url = reverse('login')
elif domain and _two_factor_needed(domain, req):
if MONITOR_2FA_CHANGES.enabled(domain):
from corehq.apps.hqwebapp.utils import monitor_2fa_soft_assert
monitor_2fa_soft_assert(
False, f'2FA required page shown to user '
f'{req.user.username} on {domain} after '
f'login')
return TemplateResponse(
request=req,
template='two_factor/core/otp_required.html',
status=403,
)
else:
if domain:
domain = normalize_domain_name(domain)
domains = [Domain.get_by_name(domain)]
else:
domains = Domain.active_for_user(req.user)
if 0 == len(domains) and not req.user.is_superuser:
return redirect('registration_domain')
elif 1 == len(domains):
from corehq.apps.users.models import DomainMembershipError
if domains[0]:
domain = domains[0].name
couch_user = req.couch_user
try:
role = couch_user.get_role(domain)
except DomainMembershipError:
# commcare users without roles should always be denied access
if couch_user.is_commcare_user():
raise Http404()
else:
# web users without roles are redirected to the dashboard default
# view since some domains allow web users to request access if they
# don't have it
url = reverse("dashboard_domain", args=[domain])
else:
if role and role.default_landing_page:
url = get_redirect_url(role.default_landing_page,
domain)
elif couch_user.is_commcare_user():
url = reverse(get_cloudcare_urlname(domain),
args=[domain])
else:
url = reverse("dashboard_domain", args=[domain])
else:
raise Http404()
else:
url = settings.DOMAIN_SELECT_URL
return HttpResponseRedirect(url)
def dispatch(self, request, *args, **kwargs):
# todo this bit of code should be replaced with a better event logging system
if (request.couch_user.is_commcare_user()
and MONITOR_2FA_CHANGES.enabled(request.couch_user.domain)):
from corehq.apps.hqwebapp.utils import monitor_2fa_soft_assert
monitor_2fa_soft_assert(
False,
f'2FA was ENABLED for mobile worker {request.couch_user.username} '
f'from {request.couch_user.domain}')
return super(TwoFactorSetupCompleteView,
self).dispatch(request, *args, **kwargs)
def get_context_data(self, **kwargs):
context = super(HQLoginView, self).get_context_data(**kwargs)
context.update(self.extra_context)
steps = context.get('wizard', {}).get('steps')
domain = context.get('domain')
is_commcare_user = context.get('is_commcare_user', False)
if (steps and steps.current == 'token'
and is_commcare_user and MONITOR_2FA_CHANGES.enabled(domain)):
username = self.request.POST['auth-username'].lower()
from corehq.apps.hqwebapp.utils import monitor_2fa_soft_assert
monitor_2fa_soft_assert(
False,
f'2FA TOKEN required upon login for mobile worker {username} from {domain}'
)
return context