Ejemplo n.º 1
0
 def social_login(self, request, **kwargs):
     self.method_check(request, allowed=['post'])
     # new way
     try:
         data = self.get_clean_data(request)
         access_token = self.get_clean_token(data)
     except:
         return self.create_response(request, u'something wrong with args',
                                     HttpBadRequest)
     if 'phone_number' in data:
         phone_number = self.get_clean_number(data)
         number = self.find_number(phone_number)
         if number.validated and number.user:
             perform_login(request, number.user, None)
             user = number.user
     else:
         # social registration (legacy)
         try:
             data = self.get_clean_data(request)
             access_token = self.get_clean_token(data)
             (request, user) = self.social(request, access_token)
         except:
             logging.error(u'something went wrong with FB')
             return self.create_response(request,
                                         {u'something went wrong with FB'},
                                         HttpBadRequest)
         ###############
     result = {
         u'api_key': user.api_key.key,
         u'userid': user.id,
         u'username': user.username
     }
     return self.create_response(request, result, HttpResponse)
Ejemplo n.º 2
0
    def pre_social_login(self, request, sociallogin):
        User = get_user_model()

        # TODO: make sure that the partnership is still in good standing or valid or whatever
        if sociallogin.user.pk:
            set_country(sociallogin.user, request)
            logger.info("setting connection to {}".format(
                sociallogin.user.profile.country))
            return
        try:
            # if user exists, connect the account to the existing account and login
            new_login_user = User.objects.get(email=sociallogin.user.email)
        except User.DoesNotExist:
            url = reverse('sociallogin_notamember',
                          kwargs={
                              'email':
                              urlsafe_base64_encode(sociallogin.user.email)
                          })
            raise ImmediateHttpResponse(HttpResponseRedirect(url))

        sociallogin.connect(request, new_login_user)
        set_country(new_login_user, request)
        perform_login(request,
                      new_login_user,
                      'none',
                      redirect_url=sociallogin.get_redirect_url(request),
                      signal_kwargs={"sociallogin": sociallogin})
Ejemplo n.º 3
0
    def pre_social_login(self, request, sociallogin):
        user = sociallogin.user

        if user.id:
            return

        if not user.email:
            raise ImmediateHttpResponse(
                response=HttpResponseRedirect(reverse('home')))

        try:
            # if user exists, connect the account to the existing account and
            # login
            user = DplUser.objects.get(email=user.email)
            sociallogin.state['process'] = 'connect'
            next_url = request.GET.get('next')
            if not next_url:
                next_url = reverse('home')
            perform_login(request,
                          user,
                          'none',
                          redirect_url=next_url,
                          signal_kwargs=None,
                          signup=False)
        except DplUser.DoesNotExist:
            pass
Ejemplo n.º 4
0
def pre_social_login_(sender, request, sociallogin, **kwargs):
    '''
    Resolve issue of existing email address. When signing up a social account with the existing
    email address it will logged the existing user. And for security hole issue the account
    will not successfully logged if their given email address are not verified.
    To verify ownership of email this function will automatically send a verification link
    to the given email and only legit user can access the said account.
    :param sender:
    :param request:
    :param sociallogin:
    :param kwargs:
    :return:
    '''

    email = sociallogin.account.extra_data['email']
    _user = get_user_model()
    users = _user.objects.filter(email=email)
    _s_emails = s_emails.objects.filter(email=email)
    e_existing = _s_emails.exists()
    u_existing = users.exists()

    if u_existing :
        if e_existing:
            if _s_emails[0].verified:
                perform_login(request, users[0], app_settings.EMAIL_VERIFICATION)
                raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL))

        send_email_confirmation(request, users[0])
        raise ImmediateHttpResponse(render(request, 'account/verification_sent.html', {}))
Ejemplo n.º 5
0
    def pre_social_login(self, request, sociallogin):
        social_email = sociallogin.account.extra_data.get('email')

        try:
            customer = CustomUser.objects.get(
                email=social_email
            )  # if user exists, connect the account to the existing account and login
            sociallogin.state['process'] = 'connect'
            perform_login(request, customer, 'none')
        except CustomUser.DoesNotExist:
            pass

        try:
            customer = CustomUser.objects.get(
                email1=social_email
            )  # if user exists, connect the account to the existing account and login
            # sociallogin.state['process'] = 'connect'
            # perform_login(request, customer, 'none')
            if not sociallogin.is_existing:
                sociallogin.connect(request, customer)
        except CustomUser.DoesNotExist:
            pass

        try:
            customer = CustomUser.objects.get(
                email2=social_email
            )  # if user exists, connect the account to the existing account and login
            sociallogin.state['process'] = 'connect'
            perform_login(request, customer, 'none')
        except CustomUser.DoesNotExist:
            pass
Ejemplo n.º 6
0
    def pre_social_login(self, request, sociallogin):
        user = sociallogin.user
        email = user.email
        if not email.split('@')[1] == 'iiitdmj.ac.in':
            messages.error(request,
                           'Use iiitdmj mail to sign in to this account !')
            raise ImmediateHttpResponse(
                render_to_response('account/exception.html'))

        else:
            if user.id:
                return
            try:
                # if user exists, connect the account to the existing account and login
                u = User.objects.get(email=email)
                sociallogin.state['process'] = 'connect'
                # authenticate(username=u.username, password=u.password)
                perform_login(request, u, 'none')
                return redirect('/')
            except User.DoesNotExist:
                exception_string = "Seems Like you don't \
                                    have an account here! Contact CC admin for your account."

                messages.error(request, exception_string)
                raise ImmediateHttpResponse(
                    render_to_response('account/exception_no_account.html'))
Ejemplo n.º 7
0
def link_to_local_user(sender, request, sociallogin, **kwargs):
    email_address = sociallogin.account.extra_data['email']
    User = get_user_model()
    users = User.objects.filter(email=email_address)
    if users:
        perform_login(request, users[0], email_verification='optional')
        raise ImmediateHttpResponse(
            redirect(settings.LOGIN_REDIRECT_URL.format(id=request.user.id)))
Ejemplo n.º 8
0
 def pre_social_login(self, request, sociallogin):
     try:
         user = User.objects.get(
             email=sociallogin.account.extra_data['email'])
         perform_login(request, user, email_verification='optional')
         raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL))
     except User.DoesNotExist:
         pass
Ejemplo n.º 9
0
def _login_social_account(request, account):
    user = account.user
    perform_login(request, user)
    if not user.is_active:
        ret = render_to_response("socialaccount/account_inactive.html", {}, context_instance=RequestContext(request))
    else:
        ret = HttpResponseRedirect(get_login_redirect_url(request))
    return ret
Ejemplo n.º 10
0
def link_to_local_user(sender, request, sociallogin, **kwargs):
    email_address = sociallogin.account.extra_data['email']
    users = User.objects.filter(email=email_address)
    if users:
        perform_login(request,
                      users[0],
                      email_verification=settings.ACCOUNT_EMAIL_VERIFICATION)
        raise ImmediateHttpResponse(redirect('home'))
Ejemplo n.º 11
0
 def pre_social_login(self, request, sociallogin):
     try:
         print '@---------------------------@'
         iUser   = User.objects.get(email=sociallogin.account.user.email)
         if iUser != None:
             perform_login(request, iUser, email_verification='optional')
             raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL.format(id=request.user.id)))
     except User.DoesNotExist:
         pass
Ejemplo n.º 12
0
def link_to_local_user(sender, request, sociallogin, **kwargs):
    email_address = sociallogin.account.extra_data["email"]
    users = User.objects.filter(email=email_address)
    if users:
        perform_login(request,
                      users[0],
                      email_verification=app_settings.EMAIL_VERIFICATION)
        raise ImmediateHttpResponse(
            redirect(settings.LOGIN_REDIRECT_URL.format(id=request.user.id)))
Ejemplo n.º 13
0
def _login_social_account(request, account):
    user = account.user
    perform_login(request, user)
    if not user.is_active:
        ret = render_to_response('socialaccount/account_inactive.html', {},
                                 context_instance=RequestContext(request))
    else:
        ret = HttpResponseRedirect(get_login_redirect_url(request))
    return ret
Ejemplo n.º 14
0
 def pre_social_login(self, request, sociallogin):
     user = sociallogin.user
     if user.id:
         return
     try:
         usuario = User.objects.get(email=user.email)  # if user exists, connect the account to the existing account and login
         sociallogin.state['process'] = 'connect'
         perform_login(request, usuario, 'none')
     except User.DoesNotExist:
         pass
Ejemplo n.º 15
0
 def pre_social_login(self, request, sociallogin):
     user = sociallogin.user
     if user.id:
         return
     try:
         user = User.objects.get(email=user.email)
         sociallogin.state['process'] = 'connect'
         perform_login(request, user, 'none')
     except User.DoesNotExist:
         pass
Ejemplo n.º 16
0
 def pre_social_login(self, request, sociallogin):
     user = sociallogin.user
     if user.id:
         return
     try:
         existing_user = User.objects.get(username=user.username)
         sociallogin.state['process'] = 'connect'
         perform_login(request, existing_user, request.GET.get('next', '/'))
     except User.DoesNotExist:
         pass
Ejemplo n.º 17
0
    def pre_social_login(self, request, sociallogin):
        user = sociallogin.user

        if user.id or not user.email:
            return
        try:
            user = User.objects.get(email=user.email)
            sociallogin.state['next'] = reverse('cyclist_dashboard')
            sociallogin.state['process'] = 'connect'
            perform_login(request, user, 'none')
        except User.DoesNotExist:
            pass
Ejemplo n.º 18
0
 def pre_social_login(self, request, sociallogin):
     user = sociallogin.user
     if user.id:
         return
     try:
         customer = User.objects.get(
             email=user.email
         )  # if user exists, connect the account to the existing account and login
         sociallogin.state['process'] = 'connect'
         perform_login(request, customer, 'none')
     except User.DoesNotExist:
         pass
Ejemplo n.º 19
0
 def pre_social_login(self, request, sociallogin):
     try:
         email = sociallogin.account.extra_data['email']
         user = User.objects.get(email=email)
         # diff between accounts
         if not user.socialaccount_set.filter().exists():
             sociallogin.connect(request, user)
         perform_login(request, user, email_verification='none')
         raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL))
     except Exception as e:
         logger.error("PRE SOCIAL LOGIN FAIL " + str(request.user))
         pass
Ejemplo n.º 20
0
def _login_social_account(request, account):
    user = account.user
    perform_login(request, user)
    engine.check_achievement(user=request.user, key="facebook_login")
    if not user.is_active:
        ret = render_to_response(
            'socialaccount/account_inactive.html',
            {},
            context_instance=RequestContext(request))
    else:
        ret = HttpResponseRedirect(get_login_redirect_url(request))
    return ret
Ejemplo n.º 21
0
def _login_social_account(request, account):
    user = account.user
    perform_login(request, user)
    if not user.is_active:
        ret = render_to_response("socialaccount/account_inactive.html", {}, context_instance=RequestContext(request))
    else:
        if request.is_ajax():
            ret = HttpResponse(
                simplejson.dumps({"status": "ok", "redirect": get_login_redirect_url(request)}),
                mimetype="application/json",
            )
        else:
            ret = HttpResponseRedirect(get_login_redirect_url(request))
    return ret
Ejemplo n.º 22
0
def link_to_local_user(sender, request, sociallogin, **kwargs):
    email_address = sociallogin.account.extra_data['email']
    users = CustomUser.objects.filter(email=email_address)
    # profile = Profile.objects.filter(user_id=users)
    # if profile:
    #     login_if_exists(users, profile,sociallogin)
    if users:
        perform_login(request,
                      users[0],
                      email_verification=settings.ACCOUNT_EMAIL_VERIFICATION)

    # users.is_active = True
    # users.save()
    return sociallogin
Ejemplo n.º 23
0
    def pre_social_login(self, request, sociallogin):
        user = sociallogin.user

        if user.id or not user.email:
            return
        try:
            user = User.objects.get(email=user.email)
            sociallogin.state['next'] = reverse('cyclist_dashboard')
            sociallogin.state['process'] = 'connect'
            perform_login(request, user, 'none')
        except User.DoesNotExist:
            if 'user_role' not in request.session:
                sociallogin.state['next'] = reverse('signup_define_role')
                sociallogin.state['process'] = 'redirect'
Ejemplo n.º 24
0
    def pre_social_login(self, request, sociallogin):
        """Add social account to an existing account (if registered with email and password)."""
        social_user = sociallogin.user
        if social_user.id:
            return

        # noinspection PyPep8Naming
        User = get_user_model()
        try:
            user = User.objects.get(email=social_user.email)
            sociallogin.state['process'] = 'connect'
            perform_login(request, user, 'none')
        except User.DoesNotExist:
            pass
Ejemplo n.º 25
0
 def pre_social_login(self, request, sociallogin):
     user = sociallogin.user
     if user.id:
         return
     try:
         user = User.objects.get(
             email=user.email
         )  # if user exists, connect the account to the existing account and login
         sociallogin.state['process'] = 'connect'
         perform_login(request, user, email_verification='mandatory')
     except User.DoesNotExist:
         username = user.first_name
         username = slugify(username) + str(
             user.logentry_set.creation_counter)
         user.username = username
Ejemplo n.º 26
0
    def get(self, request, *args, **kwargs):
        practice_group, created = Group.objects.get_or_create(name='practice')

        # Create practice user and save to the database
        lst = [
            random.choice(string.ascii_letters + string.digits)
            for n in range(5)
        ]
        randomstr = "".join(lst)
        username = password = "******".format(randomstr)
        User = get_user_model()
        practice_user = User.objects.create_user(
            username, '{}@crazymail.com'.format(username), password)

        practice_group.user_set.add(practice_user)
        practice_group.save()

        credentials = {"username": username, "password": password}

        user = get_adapter(self.request).authenticate(self.request,
                                                      **credentials)
        ret = perform_login(request,
                            user,
                            email_verification=False,
                            redirect_url=reverse_lazy('core:home'))
        return ret
Ejemplo n.º 27
0
def link_to_local_user(sender, request, sociallogin, **kwargs):
    """ Login and redirect
    This is done in order to tackle the situation where user's email retrieved
    from one provider is different from already existing email in the database
    (e.g facebook and google both use same email-id). Specifically, this is done to
    tackle following issues:
    * https://github.com/pennersr/django-allauth/issues/215

    """

    email_address = sociallogin.account.extra_data['email']
    existing_user = User.objects.filter(email=email_address).first()
    link_social_info_to_superuser(existing_user, sociallogin)
    if existing_user:
        perform_login(request, existing_user, email_verification='optional')
        raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL))
Ejemplo n.º 28
0
    def login_on_confirm(self, confirmation):
        """
        Simply logging in the user may become a security issue. If you
        do not take proper care (e.g. don't purge used email
        confirmations), a malicious person that got hold of the link
        will be able to login over and over again and the user is
        unable to do anything about it. Even restoring his own mailbox
        security will not help, as the links will still work. For
        password reset this is different, this mechanism works only as
        long as the attacker has access to the mailbox. If he no
        longer has access he cannot issue a password request and
        intercept it. Furthermore, all places where the links are
        listed (log files, but even Google Analytics) all of a sudden
        need to be secured. Purging the email confirmation once
        confirmed changes the behavior -- users will not be able to
        repeatedly confirm (in case they forgot that they already
        clicked the mail).

        All in all, opted for storing the user that is in the process
        of signing up in the session to avoid all of the above.  This
        may not 100% work in case the user closes the browser (and the
        session gets lost), but at least we're secure.
        """
        user_pk = self.request.session.pop('account_user', None)
        user = confirmation.email_address.user
        if user_pk == user.pk and self.request.user.is_anonymous():
            return perform_login(self.request,
                                 user,
                                 app_settings.EmailVerificationMethod.NONE)
Ejemplo n.º 29
0
def _process_signup(request, sociallogin):
    # If email is specified, check for duplicate and if so, no auto signup.
    auto_signup = app_settings.AUTO_SIGNUP
    email = sociallogin.account.user.email
    if auto_signup:
        # Let's check if auto_signup is really possible...
        if email:
            if account_settings.UNIQUE_EMAIL:
                try:
                    user = User.objects.get(email__iexact=email)
                    # Oops, another user already has this address.  We
                    # cannot simply connect this social account to the
                    # existing user. Reason is that the email adress may
                    # not be verified, meaning, the user may be a hacker
                    # that has added your email address to his account in
                    # the hope that you fall in his trap. To solve this,
                    # we reset the password of the email account and connect
                    # the user.
                    user.set_password(md5.new('%s:%s ' % (email, time.time())).hexdigest())
                    user.save()
                    context = create_password_reset_context(user)
                    get_account_adapter().send_mail('account/email/link_facebook',
                                                    email, context)
                    sociallogin.account.user = user
                    sociallogin.save()
                    return perform_login(request, user, 
                                         redirect_url=sociallogin.get_redirect_url(request))
                except User.DoesNotExist:
                    # No user exists with this email. Let's auto sign up the user.
                    auto_signup = True
        elif account_settings.EMAIL_REQUIRED:
            # Nope, email is required and we don't have it yet...
            auto_signup = False
    if not auto_signup:
        request.session['socialaccount_sociallogin'] = sociallogin
        url = reverse('socialaccount_signup')
        ret = HttpResponseRedirect(url)
    else:
        # FIXME: This part contains a lot of duplication of logic
        # ("closed" rendering, create user, send email, in active
        # etc..)
        try:
            if not get_account_adapter().is_open_for_signup(request):
                return render(request,
                              "account/signup_closed.html")
        except ImmediateHttpResponse, e:
            return e.response
        u = sociallogin.account.user
        u.username = generate_unique_username(u.username
                                              or email 
                                              or 'user')
        u.last_name = (u.last_name or '') \
            [0:User._meta.get_field('last_name').max_length]
        u.first_name = (u.first_name or '') \
            [0:User._meta.get_field('first_name').max_length]
        u.email = email or ''
        u.set_unusable_password()
        sociallogin.save()
        send_email_confirmation(request, u)
        ret = complete_social_signup(request, sociallogin)
Ejemplo n.º 30
0
def link_to_local_user(sender, request, sociallogin, **kwargs):
    ''' Login and redirect
    This is done in order to tackle the situation where user's email retrieved
    from one provider is different from already existing email in the database
    (e.g facebook and google both use same email-id). Specifically, this is done to
    tackle following issues:
    * https://github.com/pennersr/django-allauth/issues/215

    '''
    email_address = sociallogin.account.extra_data['email']
    User = get_user_model()
    users = User.objects.filter(email=email_address)
    if users:
        # allauth.account.app_settings.EmailVerificationMethod
        perform_login(request, users[0], email_verification='optional')
        raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL.format(id=request.user.id)))
Ejemplo n.º 31
0
def link_to_local_user(sender, request, sociallogin, **kwargs):
    ''' Login and redirect
    This is done in order to tackle the situation where user's email retrieved
    from one provider is different from already existing email in the database
    (e.g facebook and google both use same email-id). Specifically, this is done to
    tackle following issues:
    * https://github.com/pennersr/django-allauth/issues/215

    '''
    email_address = sociallogin.account.extra_data['email']
    User = get_user_model()
    users = User.objects.filter(email=email_address)
    if users:
        # allauth.account.app_settings.EmailVerificationMethod
        perform_login(request, users[0], email_verification='optional')
        raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL.format(id=request.user.id)))
Ejemplo n.º 32
0
def _login_social_account(request, sociallogin):
    user = sociallogin.account.user
    if not user.is_active:
        ret = render_to_response("socialaccount/account_inactive.html", {}, context_instance=RequestContext(request))
    else:
        ret = perform_login(request, user, redirect_url=sociallogin.get_redirect_url())
    return ret
Ejemplo n.º 33
0
def signup(request):
    request.session['inactive_user'] = False
    if request.user.is_authenticated():
        return redirect('home')
    if request.method == 'POST':
        email = request.POST.get('email')
        first_name = request.POST.get('first_name')
        last_name = request.POST.get('last_name')
        password = request.POST.get('password1')
        terms_agree = request.POST.get('terms_agree')

        user = None
        if valid_email(email):
            user = User.objects.filter(email=email).first()
        if user:
            if not user.is_active:
                request.session['inactive_user'] = True
                if password and first_name and last_name and terms_agree:
                    data = {
                        'password1': password,
                        'password2': password,
                    }
                    form = AllauthSetPasswordForm(user=user, data=data)
                    if form.is_valid():
                        form.save()
                        user.first_name = first_name
                        user.last_name = last_name
                        user.is_active = True
                        user.save(update_fields=['is_active', 'first_name', 'last_name'])

                        return perform_login(request, user, email_verification='mandatory')
    return allauth_signup(request)
Ejemplo n.º 34
0
    def get(self, request, *args, **kwargs):
        redirect_url = request.query_params.get('redirect_url')
        token = request.query_params.get('token')
        if token is None:
            return Response({'detail': 'Missing token.'},
                            status=status.HTTP_400_BAD_REQUEST)

        data = {'token': token}

        try:
            token, user = self._process_request(data)
        except ValidationError as exc:
            msg = 'Unknown error. Contact an admin.'
            if 'token' in exc.detail:
                msg = str(exc.detail['token'][0])
            else:
                # If it's not the standard token invalid error log as error to see on sentry etc
                logger.error(exc)

            return render(request, 'token_error.html', {'error_message': msg})

        # Get an authenticated web session and do a redirect
        ret = perform_login(
            request,
            user,
            email_verification=settings.ACCOUNT_EMAIL_VERIFICATION,
            redirect_url=redirect_url)
        request.session.set_expiry(settings.SESSION_COOKIE_AGE)
        return ret
Ejemplo n.º 35
0
    def pre_social_login(self, request, sociallogin: SocialLogin):
        """
        The user is authenticated in some "social app". Consider the following
        scenarios:
        1 - the user email is found in our DB among registered users' emails
        1.1 - the user email is registered. We just "connect" the social account
              to the user "CS native" account or if these 2 accounts are already connected
              we proceed with logging in.
        1.2 - the user email is not registered. We deny the request.

        2 - the user email is not found in our DB among registered users' emails
        2.1 - the user email is registered. We register an inactive user.
        2.2 - the user email is not registered. We either allow or deny registration
              based on SOCIALACCOUNT_EMAIL_REQUIRED setting
        """

        emails = [e for e in sociallogin.email_addresses if e.primary]
        if not emails:
            return
        email_adr, email_verified = emails[0].email, emails[0].verified
        from apps.users.app_vars import SOCIALACCOUNT_EMAIL_VERIFIED_ONLY
        if SOCIALACCOUNT_EMAIL_VERIFIED_ONLY.val and not email_verified:
            msg = f'Email "{email_adr}" is not verified'
            logger.error(msg)
            raise PermissionDenied(msg)

        try:
            user = User.objects.get(email__iexact=email_adr)
        except User.DoesNotExist:
            return

        # we're here: 1 - the user email is found in our DB among registered users' emails
        if SOCIALACCOUNT_EMAIL_VERIFIED_ONLY.val and not email_verified:
            # 1.2 - deny the request
            msg = f'Existing email "{email_adr}" is not verified'
            logger.error(msg)
            raise PermissionDenied(msg)

        try:
            if not sociallogin.is_existing:
                sociallogin.connect(request, user)
            else:
                sociallogin.state['process'] = 'login'
                perform_login(request, user, 'none')
        except Exception as e:
            logger.error(f'Error entering social account ({email_adr}): {e}')
            raise
Ejemplo n.º 36
0
    def pre_social_login(self, request: HttpRequest,
                         sociallogin: SocialLogin) -> None:
        user = sociallogin.user
        process = sociallogin.state.get('process')

        if not user.id:
            if sociallogin.account.provider not in self.trusted_providers:
                return
            # todo: we can additionally check if email from social is verified if provider grabs such info
            try:
                email_address = EmailAddress.objects.get(email=user.email)
            except EmailAddress.DoesNotExist:
                pass
            else:
                existing_user = email_address.user
                sociallogin.state['process'] = AuthProcess.CONNECT
                perform_login(request, existing_user,
                              account_settings.EmailVerificationMethod.NONE)
        elif (process == AuthProcess.LOGIN and sociallogin.is_existing
              and request.user.is_authenticated
              and sociallogin.user != request.user):

            raise self.authentication_error(
                request,
                sociallogin.account.provider,
                error=AuthError.DENIED,
                exception=Exception(
                    'The social account is already connected to a different account.'
                ))

        if process == AuthProcess.CONNECT:
            return

        referer_url = sociallogin.state.get('next')
        if referer_url:
            request.session['socialaccount_original_next'] = (
                referer_url,
                sociallogin.account.provider,
            )

            assert user.is_authenticated
            token = get_login_token_with_auth_info(
                user, AuthAction.LOGIN if user.id else AuthAction.REGISTRATION,
                AuthProvider.SOCIAL, sociallogin.account.provider)

            sociallogin.state['next'] = urljoin(
                referer_url, '?' + self.token_param_name + '=' + token)
Ejemplo n.º 37
0
	def login(self, request, redirect_url=None):
		ret = perform_login(request, self.user, email_verification=app_settings.EMAIL_VERIFICATION, redirect_url=redirect_url) #pylint: disable=no-member
		remember = app_settings.SESSION_REMEMBER #pylint: disable=no-member
		if remember is None:
			remember = self.cleaned_data['remember']
		if remember:
			remember_user(ret, self.user)
		return ret
Ejemplo n.º 38
0
def sign_user_in(sender, **kwargs):
    """Automatically signs the user in after a successful password reset.

    Implemented via signals because of django-allauth#735.
    """
    request = kwargs['request']
    user = kwargs['user']
    return perform_login(request, user, settings.ACCOUNT_EMAIL_VERIFICATION)
Ejemplo n.º 39
0
def _login_social_account(request, sociallogin):
    return perform_login(
        request,
        sociallogin.user,
        email_verification=app_settings.EMAIL_VERIFICATION,
        redirect_url=sociallogin.get_redirect_url(request),
        signal_kwargs={"sociallogin": sociallogin},
    )
Ejemplo n.º 40
0
 def form_valid(self, form):
     super().form_valid(form)
     return utils.perform_login(
         self.request,
         self.reset_user,
         email_verification=app_settings.EMAIL_VERIFICATION,
         redirect_url=reverse("edit_profile"),
     )
Ejemplo n.º 41
0
def login_with_profile(request, user, verification=None):
    if verification is None:
        verification = allauth_settings.EMAIL_VERIFICATION

    response = perform_login(request, user, verification, redirect_url=None)
    token = handle_login_response(response, user, allow_disabled=True)
    profile = getattr(getattr(token, 'user', None), 'profile', None)
    return token, profile
Ejemplo n.º 42
0
def _login_social_account(request, sociallogin):
    sociallogin.token.expires_at = timezone.now() + timedelta(hours=2)
    sociallogin.token.save()
    print("updated token {} {}".format(sociallogin.token, sociallogin.token.expires_at))
    return perform_login(request, sociallogin.account.user,
                         email_verification=app_settings.EMAIL_VERIFICATION,
                         redirect_url=sociallogin.get_redirect_url(request),
                         signal_kwargs={"sociallogin": sociallogin})
Ejemplo n.º 43
0
 def pre_social_login(self, request, sociallogin):
     """
     Login and redirect
     This is done in order to tackle the situation where user's email retrieved
     from one provider is different from already existing email in the database
     (e.g facebook and google both use same email-id). Specifically, this is done to
     tackle following issues:
     * https://github.com/pennersr/django-allauth/issues/215
     """
     email_address = sociallogin.account.extra_data.get('email', None)
     if not email_address:
         return
     try:
         user = get_user_model().objects.get(email=email_address)
         perform_login(request, user, email_verification=app_settings.EMAIL_VERIFICATION)
         if not sociallogin.is_existing:
             sociallogin.connect(request, user)
         raise ImmediateHttpResponse(redirect(get_login_redirect_url(request)))
     except get_user_model().DoesNotExist:
         pass
Ejemplo n.º 44
0
def _login_social_account(request, sociallogin):
    user = sociallogin.account.user
    if not user.is_active:
        ret = render_to_response(
            'socialaccount/account_inactive.html',
            {},
            context_instance=RequestContext(request))
    else:
        ret = perform_login(request, user, 
                            email_verification=app_settings.EMAIL_VERIFICATION,
                            redirect_url=sociallogin.get_redirect_url(request))
    return ret
Ejemplo n.º 45
0
 def login(self, request, redirect_url=None):
     ret = perform_login(request, self.user,
                         email_verification=app_settings.EMAIL_VERIFICATION,
                         redirect_url=redirect_url)
     remember = app_settings.SESSION_REMEMBER
     if remember is None:
         remember = self.cleaned_data['remember']
     if remember:
         request.session.set_expiry(app_settings.SESSION_COOKIE_AGE)
     else:
         request.session.set_expiry(0)
     return ret
Ejemplo n.º 46
0
    def pre_social_login(self, request, sociallogin):
        # TODO: make sure that the partnership is still in good standing or valid or whatever
        if sociallogin.user.pk:
            set_country(sociallogin.user, request)
            logger.info("setting connection to {}".format(sociallogin.user.profile.country))
            return
        try:
            # if user exists, connect the account to the existing account and login
            new_login_user = User.objects.get(email=sociallogin.user.email)
        except User.DoesNotExist:
            url = reverse('sociallogin_notamember', kwargs={'email': urlsafe_base64_encode(sociallogin.user.email)})
            raise ImmediateHttpResponse(HttpResponseRedirect(url))

        sociallogin.connect(request, new_login_user)
        set_country(new_login_user, request)
        perform_login(
            request,
            new_login_user,
            'none',
            redirect_url=sociallogin.get_redirect_url(request),
            signal_kwargs={"sociallogin": sociallogin}
        )
Ejemplo n.º 47
0
def log_user_in(request, user):
    if not request.user.is_authenticated():
        logged_in = False

        def check_logged_in(sender, **kwargs):
            nonlocal logged_in
            if kwargs.get('user') == user:
                logged_in = True

        user_logged_in.connect(check_logged_in)
        response = perform_login(request, user, email_verification=settings.ACCOUNT_EMAIL_VERIFICATION)
        user_logged_in.disconnect(check_logged_in)

        if logged_in is False:
            return response
Ejemplo n.º 48
0
def _login_social_account(request, sociallogin):
    log.debug('socialaccount.helpers._login_social_account')
    user = sociallogin.account.user
    if app_settings.INVITE_MODE and not user.is_active:
        # Check for the case where a user has previously social-signed in without an invite code, 
        # and subsequently clicked on a valid invitation code
        log.debug("Checking whether this user had an invitation code")
        if request.session.get('invitation_key', False): 
            log.debug("Invited - activating user")
            user.is_active = True
            user.save()

    if not user.is_active:
        ret = render_to_response(
            'socialaccount/account_inactive.html',
            {},
            context_instance=RequestContext(request))
    else:
        ret = perform_login(request, user, 
                            redirect_url=sociallogin.get_redirect_url())
    return ret
Ejemplo n.º 49
0
def _handleCreateBookmark(request, subject_class, subject_form_class, *subject_field_ids):
    form = subject_form_class(request.POST)
    if form.is_valid():
        email = form.cleaned_data["email"]
        try:
            user = User.objects.create_user(username=email, email=email)
        except IntegrityError:
            user = User.objects.get(username=email)
        user = authenticate(key=user.profile.key)
        kwargs = {"user": user}
        for field in subject_field_ids:
            kwargs[field] = form.cleaned_data[field]
        # An unverified account can only create unapproved bookmarks.
        # When an account is verified, all its bookmarks are
        # approved. Whenever someone tries to add a bookmark for
        # someone else's email address (or they're not logged in),
        # that email address is marked as unverified again.  In this
        # way we can allow people who remain logged in to add several
        # alerts without having to reconfirm by email.
        emailaddress = EmailAddress.objects.filter(user=user)
        if user == request.user:
            kwargs["approved"] = emailaddress.filter(verified=True).exists()
        else:
            kwargs["approved"] = False
            emailaddress.update(verified=False)
        subject_class.objects.get_or_create(**kwargs)
        if hasattr(request, "user"):
            # Log the user out. We don't use Django's built-in logout
            # mechanism because that clears the entire session, too,
            # and we want to know if someone's logged in previously in
            # this session.
            request.user = AnonymousUser()
            for k in [SESSION_KEY, BACKEND_SESSION_KEY, HASH_SESSION_KEY]:
                if k in request.session:
                    del (request.session[k])
        return perform_login(request, user, app_settings.EmailVerificationMethod.MANDATORY, signup=True)
    return form
Ejemplo n.º 50
0
def _login_social_account(request, sociallogin):
    return perform_login(request, sociallogin.account.user,
                         email_verification=app_settings.EMAIL_VERIFICATION,
                         redirect_url=sociallogin.get_redirect_url(request),
                         signal_kwargs={"sociallogin": sociallogin})
Ejemplo n.º 51
0
def link_to_local_user(sender, request, sociallogin, **kwargs):
    email_address = sociallogin.account.extra_data['email']
    users = User.objects.filter(email=email_address)
    if users:
        perform_login(request, users[0], email_verification='optional')
        raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL.format(id=request.user.id)))