def ask_user_for_permission(request):
"""
:param request:
:param user:
:param subacc:
:return:
"""
if 'device_ask_permission' in request.session:
ask_count = int(request.session['device_ask_permission']['count'])
else:
ask_count = 0
ask_count += 1
if 'device_permission' in request.session:
device_id = request.session['device_permission']['subacc']
user_email = request.session['device_permission']['user']
if settings.DEBUG:
print("User: "******"Device:", device_id)
print("Ask Count:", ask_count)
user = get_user_model().objects.get(email=user_email)
device = Device.objects.get(pk=device_id)
else:
if settings.DEBUG:
print("Not passed from Sub-account Login correctly")
messages.error(request, "Unable to Check Permission")
return HttpResponseRedirect(reverse("api:home"))
# Check the number of attempts to get permission
# DONE: Check ask_permission count against settings.
if settings.DEVICE_PERMISSION_COUNT:
max_count = settings.DEVICE_PERMISSION_COUNT
else:
# Set a default
max_count = 3
if max_count > 0:
# We need to check the number of attempts
if ask_count > max_count:
# Set subacc as used
# set message
# return to api:home
device.set_used()
# now we can clear down the count
request.session['device_ask_permission'] = {}
messages.error(
request, "Too many permission attempts. "
"This Sub-Account is locked. "
"The account owner will need to reset "
"this Sub-account")
return HttpResponseRedirect(reverse("api:home"))
# Now to Ask for Permission
if settings.DEBUG:
print("Entering apps.subacc.views.Ask_User_For_Permission")
print("request.user:"******"request.session:", request.session)
print("user passed via session:", user)
print("subacc passed via session:", device)
# We need to work out the user and subacc
# should be able to use request.session
# DONE: Create Ask User For Permission
# DONE: Create Form and View to get permission
# DONE: Add view to urls.py.py
if request.POST:
form = Question_Form(request.POST)
if form.is_valid():
if Check_Answer(user, form.cleaned_data['question'],
form.cleaned_data['answer']):
# True is good. False is BAD
# Finish the login process
# Also have to set subacc.permitted to True
permitted_result = Device_Set_To_Permitted(device)
# DONE: Set subacc.used = True
used_result = device.set_used()
if settings.DEBUG:
print("subacc is now permitted?:", permitted_result)
print("subacc in set to used:", used_result)
User_Model = get_user_model()
user = User_Model.objects.get(email=device.user)
user.backend = 'django.contrib.auth.backends.ModelBackend'
# fix for user.backend attribute
if settings.DEBUG:
print("User_Model:", User_Model)
print("user:"******"ET":
# msg = PERM_MSG0 + user.email + PERM_MSG1 + subacc.subacc + PERM_MSG2
subject = "Device Connected to " + settings.APPLICATION_TITLE
if user.notify_activity in "ET":
send_activity_message(
request,
user,
subject,
template=
"accounts/messages/device_permission_email",
context={
'subacc': device.device,
'email_mask': email_mask(user.email)
},
)
# Otherwise don't send a message
django_login(request, user)
session_set = session_device(request, device.device)
# DONE: Record Access in DeviceAccessLog
dal_result = Post_Device_Access(request,
device,
action="PERMISSION")
if settings.DEBUG:
print("Post to Device Access Log:", dal_result)
# CLEAR DOWN THE REQUEST.SESSION VARIABLE
request.session['device_permission'] = {}
request.session['device_ask_permission'] = {}
if settings.DEBUG:
print("User:"******"Sessions:", request.session)
return HttpResponseRedirect(reverse("api:home"))
else:
# Failed - Go back to Login
messages.error(request, "Sorry - that was the wrong answer")
Post_Device_Access(request, device, action="WRONG")
# DONE: increment counter in request.session
request.session['device_ask_permission'] = {'count': ask_count}
# DONE: Record Access in DeviceAccessLog
return HttpResponseRedirect(reverse('subaccount:device_login'))
else:
messages.error(request, "I am sorry = there was a problem")
render(request, 'subacc/subaccount_permission.html', {
'form': form,
'question': form['question']
})
else:
print("In the GET - about to render question form")
question = Get_Question(request, user)
print("Got from Get_Question:", question[1])
form = Question_Form(initial={'question': question[1]})
if settings.DEBUG:
print("Question to ask:", question)
return render(
request,
'subacc/subaccount_permission.html',
{
'form': form,
'question': question,
'subacc': device
},
)
def Subaccount_Login(request, *args, **kwargs):
"""
Device Login
:param request:
:param args:
:param kwargs:
:return:
"""
if request.method == 'POST':
form = Device_AuthenticationForm(request.POST)
if settings.DEBUG:
print("in apps.subacc.views.Subaccount_Login POST")
if form.is_valid():
if settings.DEBUG:
print("Form is Valid: Authenticating Sub-account")
# DONE: Remove trailing spaces
account = form.cleaned_data['account'].strip()
Dpassword = form.cleaned_data['password'].strip()
device = subaccount_authenticate(
account=account,
password=Dpassword,
)
# device_authenticate will check for active and not deleted
if settings.DEBUG:
print(
"subacc:",
device,
)
permission_check = False
if device is not None:
if device.is_active:
if settings.DEBUG:
print("Active Sub-account:", device.is_active())
print("Request.user:"******"Sub-account.user:"******"Sub-account used:", device.is_used())
# Now get the User Account
User_Model = get_user_model()
user = User_Model.objects.get(email=device.user)
# fix for user.backend attribute
user.backend = 'django.contrib.auth.backends.ModelBackend'
auth_rslt = django_authenticate(username=user.email,
password=user.password)
# DONE: Check for not subacc.used
if not device.used:
if not device.permitted:
# Device has not been used and we need to check permission
# DONE: check permission if subacc is not used before
# We need to Ask Permission and use a challenge question
# Call the ask_permission Screen
if settings.DEBUG:
print("About to ask Permission")
form = Question_Form()
args = {}
args['form'] = form
args['user'] = user.email
args['subacc'] = device.id
request.session['device_permission'] = {
'subacc': device.id,
'user': device.user.email
}
return HttpResponseRedirect(
reverse("subaccount:ask_permission"), args)
else: # subacc.permitted
permission_check = True
if settings.DEBUG:
print("Sub-account Used:", device.used,
" Permitted:", device.permitted)
# Device is permitted
else: # Device has been used
if not device.permitted:
if settings.DEBUG:
print(
"Sub-account Used and Device_Permitted NOT Set"
)
# Failed authorization checks
# So check if permitted
permission_check = False
messages.error(
request,
"You are not permitted access with this Sub-account"
)
Post_Device_Access(request,
device,
action="NOTPERMITD")
# DONE: Record Access in DeviceAccessLog
return HttpResponseRedirect(reverse("api:home"))
else:
if settings.DEBUG:
print("Sub-account Used:", device.used,
" Permitted:", device.permitted)
# Authorized Check is empty - so there were no problems
permission_check = True
else:
permission_check = False
messages.error(request, "Inactive Sub-account.")
Post_Device_Access(request, device, action="INACTIVE")
# DONE: Record Access in DeviceAccessLog
return HttpResponseRedirect(reverse('api:home'))
# End of Insert
# DONE: Call function to get permission
if permission_check:
# We passed the checks so finish the login
django_login(request, user)
session_set = session_device(request, device.device)
# DONE: Record Access in DeviceAccessLog
dal_result = Post_Device_Access(request, device)
if settings.DEBUG:
print("Post to Device Access Log:", dal_result)
if settings.DEBUG:
print("User:"******"Django_auth result:", auth_rslt)
print("Sessions:", request.session)
return HttpResponseRedirect(reverse('api:home'))
else: # subacc.active = False
messages.error(request, "This is an inactive Sub-account.")
return HttpResponseRedirect(reverse('api:home'))
else: # Problem with account or password match
messages.error(request, "Invalid Sub-account or password.")
return render_to_response(
'subacc/subaccount_login.html',
{'form': Device_AuthenticationForm()},
RequestContext(request))
else: # Problem with the form
return render_to_response('subacc/subaccount_login.html',
{'form': form}, RequestContext(request))
else: # GET and not a POST - so setup form
if settings.DEBUG:
print("in Subaccount_Login. Setting up Form")
form = Device_AuthenticationForm()
return render_to_response('subacc/subaccount_login.html', {'form': form},
RequestContext(request))
def Subaccount_Login(request, *args, **kwargs):
"""
Device Login
:param request:
:param args:
:param kwargs:
:return:
"""
if request.method == 'POST':
form = Device_AuthenticationForm(request.POST)
if settings.DEBUG:
print("in apps.subacc.views.Subaccount_Login POST")
if form.is_valid():
if settings.DEBUG:
print("Form is Valid: Authenticating Sub-account")
# DONE: Remove trailing spaces
account = form.cleaned_data['account'].strip()
Dpassword = form.cleaned_data['password'].strip()
device = subaccount_authenticate(account=account,
password=Dpassword,)
# device_authenticate will check for active and not deleted
if settings.DEBUG:
print("subacc:", device,)
permission_check = False
if device is not None:
if device.is_active:
if settings.DEBUG:
print("Active Sub-account:", device.is_active())
print("Request.user:"******"Sub-account.user:"******"Sub-account used:", device.is_used())
# Now get the User Account
User_Model = get_user_model()
user = User_Model.objects.get(email=device.user)
# fix for user.backend attribute
user.backend = 'django.contrib.auth.backends.ModelBackend'
auth_rslt = django_authenticate(username=user.email,
password=user.password)
# DONE: Check for not subacc.used
if not device.used:
if not device.permitted:
# Device has not been used and we need to check permission
# DONE: check permission if subacc is not used before
# We need to Ask Permission and use a challenge question
# Call the ask_permission Screen
if settings.DEBUG:
print("About to ask Permission")
form = Question_Form()
args = {}
args['form'] = form
args['user'] = user.email
args['subacc'] = device.id
request.session['device_permission'] = {'subacc':device.id,
'user':device.user.email}
return HttpResponseRedirect(reverse("subaccount:ask_permission"), args)
else: # subacc.permitted
permission_check = True
if settings.DEBUG:
print("Sub-account Used:", device.used,
" Permitted:", device.permitted)
# Device is permitted
else: # Device has been used
if not device.permitted:
if settings.DEBUG:
print("Sub-account Used and Device_Permitted NOT Set")
# Failed authorization checks
# So check if permitted
permission_check = False
messages.error(request, "You are not permitted access with this Sub-account")
Post_Device_Access(request, device, action="NOTPERMITD")
# DONE: Record Access in DeviceAccessLog
return HttpResponseRedirect(reverse("api:home"))
else:
if settings.DEBUG:
print("Sub-account Used:", device.used,
" Permitted:", device.permitted)
# Authorized Check is empty - so there were no problems
permission_check = True
else:
permission_check = False
messages.error(request,"Inactive Sub-account.")
Post_Device_Access(request, device, action="INACTIVE")
# DONE: Record Access in DeviceAccessLog
return HttpResponseRedirect(reverse('api:home'))
# End of Insert
# DONE: Call function to get permission
if permission_check:
# We passed the checks so finish the login
django_login(request, user)
session_set = session_device(request, device.device)
# DONE: Record Access in DeviceAccessLog
dal_result = Post_Device_Access(request, device)
if settings.DEBUG:
print("Post to Device Access Log:", dal_result)
if settings.DEBUG:
print("User:"******"Django_auth result:", auth_rslt)
print("Sessions:", request.session )
return HttpResponseRedirect(reverse('api:home'))
else: # subacc.active = False
messages.error(request, "This is an inactive Sub-account.")
return HttpResponseRedirect(reverse('api:home'))
else: # Problem with account or password match
messages.error(request, "Invalid Sub-account or password.")
return render_to_response('subacc/subaccount_login.html',
{'form': Device_AuthenticationForm()},
RequestContext(request))
else: # Problem with the form
return render_to_response('subacc/subaccount_login.html',
{'form': form},
RequestContext(request))
else: # GET and not a POST - so setup form
if settings.DEBUG:
print("in Subaccount_Login. Setting up Form")
form = Device_AuthenticationForm()
return render_to_response('subacc/subaccount_login.html', {'form': form},
RequestContext(request))
def ask_user_for_permission(request):
"""
:param request:
:param user:
:param subacc:
:return:
"""
if 'device_ask_permission' in request.session:
ask_count = int(request.session['device_ask_permission']['count'])
else:
ask_count = 0
ask_count += 1
if 'device_permission' in request.session:
device_id = request.session['device_permission']['subacc']
user_email = request.session['device_permission']['user']
if settings.DEBUG:
print("User: "******"Device:", device_id)
print("Ask Count:", ask_count)
user = get_user_model().objects.get(email=user_email)
device = Device.objects.get(pk=device_id)
else:
if settings.DEBUG:
print("Not passed from Sub-account Login correctly")
messages.error(request, "Unable to Check Permission")
return HttpResponseRedirect(reverse("api:home"))
# Check the number of attempts to get permission
# DONE: Check ask_permission count against settings.
if settings.DEVICE_PERMISSION_COUNT:
max_count = settings.DEVICE_PERMISSION_COUNT
else:
# Set a default
max_count = 3
if max_count > 0:
# We need to check the number of attempts
if ask_count > max_count:
# Set subacc as used
# set message
# return to api:home
device.set_used()
# now we can clear down the count
request.session['device_ask_permission'] = {}
messages.error(request, "Too many permission attempts. "
"This Sub-Account is locked. "
"The account owner will need to reset "
"this Sub-account")
return HttpResponseRedirect(reverse("api:home"))
# Now to Ask for Permission
if settings.DEBUG:
print("Entering apps.subacc.views.Ask_User_For_Permission")
print("request.user:"******"request.session:", request.session)
print("user passed via session:", user )
print("subacc passed via session:", device)
# We need to work out the user and subacc
# should be able to use request.session
# DONE: Create Ask User For Permission
# DONE: Create Form and View to get permission
# DONE: Add view to urls.py.py
if request.POST:
form = Question_Form(request.POST)
if form.is_valid():
if Check_Answer(user, form.cleaned_data['question'], form.cleaned_data['answer']):
# True is good. False is BAD
# Finish the login process
# Also have to set subacc.permitted to True
permitted_result = Device_Set_To_Permitted(device)
# DONE: Set subacc.used = True
used_result = device.set_used()
if settings.DEBUG:
print("subacc is now permitted?:", permitted_result)
print("subacc in set to used:", used_result)
User_Model = get_user_model()
user = User_Model.objects.get(email=device.user)
user.backend = 'django.contrib.auth.backends.ModelBackend'
# fix for user.backend attribute
if settings.DEBUG:
print("User_Model:", User_Model)
print("user:"******"ET":
# msg = PERM_MSG0 + user.email + PERM_MSG1 + subacc.subacc + PERM_MSG2
subject = "Device Connected to " + settings.APPLICATION_TITLE
if user.notify_activity in "ET":
send_activity_message(request,
user,
subject,
template="accounts/messages/device_permission_email",
context={'subacc':device.device,
'email_mask':email_mask(user.email)},
)
# Otherwise don't send a message
django_login(request, user)
session_set = session_device(request, device.device)
# DONE: Record Access in DeviceAccessLog
dal_result = Post_Device_Access(request, device, action="PERMISSION")
if settings.DEBUG:
print("Post to Device Access Log:", dal_result)
# CLEAR DOWN THE REQUEST.SESSION VARIABLE
request.session['device_permission'] = {}
request.session['device_ask_permission'] = {}
if settings.DEBUG:
print("User:"******"Sessions:", request.session )
return HttpResponseRedirect(reverse("api:home"))
else:
# Failed - Go back to Login
messages.error(request, "Sorry - that was the wrong answer")
Post_Device_Access(request, device, action="WRONG")
# DONE: increment counter in request.session
request.session['device_ask_permission'] = {'count': ask_count}
# DONE: Record Access in DeviceAccessLog
return HttpResponseRedirect(reverse('subaccount:device_login'))
else:
messages.error(request,"I am sorry = there was a problem")
render(request,
'subacc/subaccount_permission.html',
{'form': form,
'question': form['question']})
else:
print("In the GET - about to render question form")
question = Get_Question(request, user)
print("Got from Get_Question:",question[1])
form = Question_Form(initial={'question': question[1]})
if settings.DEBUG:
print("Question to ask:", question)
return render(request,
'subacc/subaccount_permission.html',
{'form': form,
'question': question,
'subacc': device},
)
def sms_login(request, *args, **kwargs):
# Check session variables to find information carried forward.
access_field = settings.USERNAME_FIELD
# This is the key field name. Probably username or email
if access_field in request.session:
if request.session[access_field] != "":
access_key = request.session[access_field]
else:
access_key = ""
else:
access_key = ""
if settings.DEBUG:
# print(request.GET)
print("SMS_LOGIN.GET:", access_field, ":[%s]" % (access_key))
# print(request.POST)
print(args)
if request.method == 'POST':
form = AuthenticationForm(request.POST)
if request.POST['login'].lower() == 'resend code':
if settings.DEBUG:
print("Resending Code for %s" % request.POST[access_field])
# form = SMSCodeForm(request.POST)
# form.username = request.POST['username']
request.session[access_field] = request.POST[access_field]
return HttpResponseRedirect(reverse('accounts:sms_code'))
if form.is_valid():
print("Authenticating...")
access_key = form.cleaned_data[access_field].lower()
password = form.cleaned_data['password'].lower()
sms_code = form.cleaned_data['sms_code']
if not validate_sms(access_key=access_key, smscode=sms_code):
messages.error(request, "Invalid Access Code.")
return render_to_response('accounts/login.html',
{'form': AuthenticationForm()},
RequestContext(request))
# DONE: Trying to handle LDAP Errors. eg. Not available
try:
user = authenticate(username=access_key, password=password)
except (ldap3.LDAPBindError, ldap3.LDAPSASLPrepError,
ldap3.LDAPSocketOpenError):
print("We got an LDAP Error - Bind:", dir(ldap3.LDAPBindError),
"\nSASL Prep:", ldap3.LDAPSASLPrepError,
"\nSocketOpenError:", ldap3.LDAPSocketOpenError)
messages.error(
request, "We had a problem reaching the Directory Server")
return render_to_response('accounts/login.html',
RequestContext(request))
#######
if user is not None:
if user.is_active:
django_login(request, user)
# DONE: Set a session variable to identify as
# master account and not a subacc
session_device(request, "True", Session="auth_master")
# DONE: Now Send a message on login
if user.notify_activity in "ET":
send_activity_message(request, user)
# Otherwise don't send a message
return HttpResponseRedirect(reverse('home'))
else:
messages.error(request, "Your account is not active.")
return HttpResponseRedirect(reverse('sms_code'))
else:
messages.error(request, "Invalid username or password.")
return render_to_response('accounts/login.html',
{'form': AuthenticationForm()},
RequestContext(request))
else:
print("Error with the POST form", )
return render_to_response('accounts/login.html', {'form': form},
RequestContext(request))
else:
if access_field in request.session:
access_key = request.session[access_field]
else:
access_key = ""
if settings.DEBUG:
print("in sms_login. Setting up Form [", access_key, "]")
form = AuthenticationForm(initial={
access_field: access_key,
})
if settings.DEBUG:
# print(form)
print("Dropping to render_to_response in sms_login")
return render_to_response('accounts/login.html', {'form': form},
RequestContext(request))
def sms_login(request, *args, **kwargs):
# Check session variables to find information carried forward.
access_field = settings.USERNAME_FIELD
# This is the key field name. Probably username or email
if access_field in request.session:
if request.session[access_field] != "":
access_key = request.session[access_field]
else:
access_key = ""
else:
access_key = ""
if settings.DEBUG:
# print(request.GET)
print("SMS_LOGIN.GET:", access_field, ":[%s]" % (access_key))
# print(request.POST)
print(args)
if request.method == 'POST':
form = AuthenticationForm(request.POST)
if request.POST['login'].lower() == 'resend code':
if settings.DEBUG:
print("Resending Code for %s" % request.POST[access_field])
# form = SMSCodeForm(request.POST)
# form.username = request.POST['username']
request.session[access_field] = request.POST[access_field]
return HttpResponseRedirect(reverse('accounts:sms_code'))
if form.is_valid():
print("Authenticating...")
access_key = form.cleaned_data[access_field].lower()
password = form.cleaned_data['password'].lower()
sms_code = form.cleaned_data['sms_code']
if not validate_sms(access_key=access_key, smscode=sms_code):
messages.error(request, "Invalid Access Code.")
return render_to_response('accounts/login.html',
{'form': AuthenticationForm()},
RequestContext(request))
# DONE: Trying to handle LDAP Errors. eg. Not available
try:
user = authenticate(username=access_key, password=password)
except (ldap3.LDAPBindError,
ldap3.LDAPSASLPrepError,
ldap3.LDAPSocketOpenError):
print("We got an LDAP Error - Bind:",dir(ldap3.LDAPBindError),
"\nSASL Prep:", ldap3.LDAPSASLPrepError,
"\nSocketOpenError:",ldap3.LDAPSocketOpenError)
messages.error(request, "We had a problem reaching the Directory Server")
return render_to_response('accounts/login.html',
RequestContext(request))
#######
if user is not None:
if user.is_active:
django_login(request, user)
# DONE: Set a session variable to identify as
# master account and not a subacc
session_device(request,
"True",
Session="auth_master")
# DONE: Now Send a message on login
if user.notify_activity in "ET":
send_activity_message(request,
user)
# Otherwise don't send a message
return HttpResponseRedirect(reverse('home'))
else:
messages.error(request, "Your account is not active.")
return HttpResponseRedirect(reverse('sms_code'))
else:
messages.error(request, "Invalid username or password.")
return render_to_response('accounts/login.html',
{'form': AuthenticationForm()},
RequestContext(request))
else:
print("Error with the POST form", )
return render_to_response('accounts/login.html',
{'form': form},
RequestContext(request))
else:
if access_field in request.session:
access_key = request.session[access_field]
else:
access_key = ""
if settings.DEBUG:
print("in sms_login. Setting up Form [", access_key, "]")
form = AuthenticationForm(initial={access_field: access_key, })
if settings.DEBUG:
# print(form)
print("Dropping to render_to_response in sms_login")
return render_to_response('accounts/login.html', {'form': form},
RequestContext(request))
def sms_login(request, *args, **kwargs):
if 'email' in request.session:
if request.session['email'] != "":
email = request.session['email']
else:
email = ""
else:
email = ""
if settings.DEBUG:
# print(request.GET)
print("SMS_LOGIN.GET:email:[%s]" % (email))
# print(request.POST)
print(args)
if request.method == 'POST':
form = AuthenticationForm(request.POST)
if request.POST['login'].lower() == 'resend code':
if settings.DEBUG:
print("Resending Code for %s" % request.POST['email'])
# form = SMSCodeForm(request.POST)
# form.email = request.POST['email']
request.session['email'] = request.POST['email']
return HttpResponseRedirect(reverse('accounts:sms_code'))
if form.is_valid():
# print("Authenticate")
email = form.cleaned_data['email'].lower()
password = form.cleaned_data['password'].lower()
sms_code = form.cleaned_data['sms_code']
if not validate_sms(username=email, smscode=sms_code):
messages.error(request, "Invalid Access Code.")
return render_to_response('accounts/login.html',
{'form': AuthenticationForm()},
RequestContext(request))
# DONE: Trying to handle LDAP Errors. eg. Not available
try:
user = authenticate(username=email, password=password)
except (ldap3.LDAPBindError,
ldap3.LDAPSASLPrepError,
ldap3.LDAPSocketOpenError):
print("We got an LDAP Error - Bind:",dir(ldap3.LDAPBindError),
"\nSASL Prep:", ldap3.LDAPSASLPrepError,
"\nSocketOpenError:",ldap3.LDAPSocketOpenError)
messages.error(request, "We had a problem reaching the Directory Server")
return render_to_response('accounts/login.html',
RequestContext(request))
#######
if user is not None:
if user.is_active:
django_login(request, user)
# DONE: Set a session variable to identify as
# master account and not a subacc
session_device(request,
"True",
Session="auth_master")
# DONE: Now Send a message on login
if user.notify_activity in "ET":
send_activity_message(request,
user)
# Otherwise don't send a message
return HttpResponseRedirect(reverse('home'))
else:
messages.error(request, "Your account is not active.")
return HttpResponseRedirect(reverse('sms_code'))
else:
messages.error(request, "Invalid username or password.")
return render_to_response('accounts/login.html',
{'form': AuthenticationForm()},
RequestContext(request))
else:
return render_to_response('accounts/login.html',
{'form': form},
RequestContext(request))
else:
if 'email' in request.session:
email = request.session['email']
else:
email = ""
if settings.DEBUG:
print("in sms_login. Setting up Form [", email, "]")
form = AuthenticationForm(initial={'email': email, })
if settings.DEBUG:
# print(form)
print("Dropping to render_to_response in sms_login")
return render_to_response('accounts/login.html', {'form': form},
RequestContext(request))
