Ejemplo n.º 1
0
 def process_response(self, request, response):
     # If the "_logout" flag is set on the response, generate a response
     # that will log the user out.
     if getattr(response, '_logout', False):
         return auth.logout(redirect=request.GET.get('redirect', None))
     # If our security token is old, issue a new one.
     if hasattr(request, 'user'):
         cred = getattr(request.user, '_credentials', None)
         if cred and cred.security_token_is_stale:
             auth.attach_credentials(response, request.user)
     return response
Ejemplo n.º 2
0
 def process_response(self, request, response):
     # If the "_logout" flag is set on the response, generate a response
     # that will log the user out.
     if getattr(response, '_logout', False):
         return auth.logout(redirect=request.GET.get('redirect', None))
     # If our security token is old, issue a new one.
     if hasattr(request, 'user'):
         cred = getattr(request.user, '_credentials', None)
         if cred and cred.security_token_is_stale:
             auth.attach_credentials(response, request.user)
     return response
Ejemplo n.º 3
0
 def test_attach_credentials(self):
     # Set up a test user.
     email = '*****@*****.**'
     user = User(email=email)
     # Attach the user's credentials to a test response.
     response = http.HttpResponse('test')
     auth.attach_credentials(response, user)
     # Make sure the response now contains a cookie with the correct
     # security token.
     self.assertTrue(auth._CHIRP_SECURITY_TOKEN_COOKIE in response.cookies)
     token = response.cookies[auth._CHIRP_SECURITY_TOKEN_COOKIE].value
     cred = auth._parse_security_token(token)
     self.assertEqual(email, cred.email)
Ejemplo n.º 4
0
 def test_attach_credentials(self):
     # Set up a test user.
     email = '*****@*****.**'
     user = User(email=email)
     # Attach the user's credentials to a test response.
     response = http.HttpResponse('test')
     auth.attach_credentials(response, user)
     # Make sure the response now contains a cookie with the correct
     # security token.
     self.assertTrue(auth._CHIRP_SECURITY_TOKEN_COOKIE in response.cookies)
     token = response.cookies[auth._CHIRP_SECURITY_TOKEN_COOKIE].value
     cred = auth._parse_security_token(token)
     self.assertEqual(email, cred.email)
Ejemplo n.º 5
0
def reset_password(request):
    """Allow a user to reset their password.

    The user authenticates by presenting a security token.  Users will
    arrive at this page by clicking on the URL in the email they are
    sent by the /auth/forgot_password page.
    """
    if request.user:
        return http.HttpResponseForbidden('Logged-in users prohibited.')
    tmpl = loader.get_template('auth/reset_password.html')
    ctx_vars = {
        'Title': 'Reset Password',
    }
    user = None
    if request.method == 'GET':
        token = request.GET.get('token')
        if token is None:
            return http.HttpResponseForbidden('Missing token')
        email = auth.parse_password_reset_token(token)
        if email is None:
            return http.HttpResponseForbidden('Invalid token')
        ctx_vars['form'] = auth_forms.ResetPasswordForm(
            initial={'token': token})
    else:
        form = auth_forms.ResetPasswordForm(request.POST)
        if not form.is_valid():
            ctx_vars['form'] = form
        else:
            token = form.cleaned_data['token']
            email = token and auth.parse_password_reset_token(token)
            if email is None:
                return http.HttpResponseForbidden('Invalid token')
            user = User.get_by_email(email)
            if user is None:
                return http.HttpResponseForbidden('No user for token')
            user.set_password(form.cleaned_data['new_password'])
            # We are also logging the user in automatically, so record
            # the time.
            user.last_login = datetime.datetime.now()
            AutoRetry(user).save()
            # Attach the user to the request so that our page will
            # display the chrome shown to logged-in users.
            request.user = user
    ctx = RequestContext(request, ctx_vars)
    response = http.HttpResponse(tmpl.render(ctx))
    if request.user:
        auth.attach_credentials(response, request.user)
    return response
Ejemplo n.º 6
0
def reset_password(request):
    """Allow a user to reset their password.

    The user authenticates by presenting a security token.  Users will
    arrive at this page by clicking on the URL in the email they are
    sent by the /auth/forgot_password page.
    """
    if request.user:
        return http.HttpResponseForbidden('Logged-in users prohibited.')
    tmpl = loader.get_template('auth/reset_password.html')
    ctx_vars = {
        'Title': 'Reset Password',
        }
    user = None
    if request.method == 'GET':
        token = request.GET.get('token')
        if token is None:
            return http.HttpResponseForbidden('Missing token')
        email = auth.parse_password_reset_token(token)
        if email is None:
            return http.HttpResponseForbidden('Invalid token')
        ctx_vars['form'] = auth_forms.ResetPasswordForm(
            initial={'token': token})
    else:
        form = auth_forms.ResetPasswordForm(request.POST)
        if not form.is_valid():
            ctx_vars['form'] = form
        else:
            token = form.cleaned_data['token']
            email = token and auth.parse_password_reset_token(token)
            if email is None:
                return http.HttpResponseForbidden('Invalid token')
            user = User.get_by_email(email)
            if user is None:
                return http.HttpResponseForbidden('No user for token')
            user.set_password(form.cleaned_data['new_password'])
            # We are also logging the user in automatically, so record
            # the time.
            user.last_login = datetime.datetime.now()
            AutoRetry(user).save()
            # Attach the user to the request so that our page will
            # display the chrome shown to logged-in users.
            request.user = user
    ctx = RequestContext(request, ctx_vars)
    response = http.HttpResponse(tmpl.render(ctx))
    if request.user:
        auth.attach_credentials(response, request.user)
    return response
Ejemplo n.º 7
0
def hello(request):
    """Implements our login page."""
    redirect = '/'
    tmpl = loader.get_template('auth/hello.html')
    if request.method == 'GET':
        redirect = request.GET.get('redirect', '/')
        # Already signed in?  Then redirect immediately.
        if request.user:
            return http.HttpResponseRedirect(redirect)
        form = auth_forms.LoginForm(initial={
            'redirect': redirect,
        })
    else:
        form = auth_forms.LoginForm(request.POST)
        if form.is_valid():
            response = http.HttpResponseRedirect(form.cleaned_data['redirect'])
            auth.attach_credentials(response, form.user)
            # Update the last login time in the User record.
            form.user.last_login = datetime.datetime.now()
            AutoRetry(form.user).save()
            return response

    ctx = RequestContext(request, {'form': form})
    return http.HttpResponse(tmpl.render(ctx))
Ejemplo n.º 8
0
def hello(request):
    """Implements our login page."""
    redirect = '/'
    tmpl = loader.get_template('auth/hello.html')
    if request.method == 'GET':
        redirect = request.GET.get('redirect', '/')
        # Already signed in?  Then redirect immediately.
        if request.user:
            return http.HttpResponseRedirect(redirect)
        form = auth_forms.LoginForm(initial={
                'redirect': redirect,
                })
    else:
        form = auth_forms.LoginForm(request.POST)
        if form.is_valid():
            response = http.HttpResponseRedirect(form.cleaned_data['redirect'])
            auth.attach_credentials(response, form.user)
            # Update the last login time in the User record.
            form.user.last_login = datetime.datetime.now()
            AutoRetry(form.user).save()
            return response
            
    ctx = RequestContext(request, {'form': form})
    return http.HttpResponse(tmpl.render(ctx))