def login_view(request):
''' The view of the login page. '''
ANONYMOUS_SESSION = request.session.get('ANONYMOUS_SESSION', False)
page_name = "Login Page"
redirect_to = request.REQUEST.get('next', reverse('homepage'))
if (request.user.is_authenticated() and not ANONYMOUS_SESSION) or (ANONYMOUS_SESSION and request.user.username != ANONYMOUS_USERNAME):
return HttpResponseRedirect(redirect_to)
form = LoginForm(request.POST or None)
if form.is_valid():
username_or_email = form.cleaned_data['username_or_email']
password = form.cleaned_data['password']
username = None
if username == ANONYMOUS_USERNAME:
return red_ext(request, MESSAGES['ANONYMOUS_DENIED'])
temp_user = None
try:
temp_user = User.objects.get(username=username_or_email)
username = username_or_email
except User.DoesNotExist:
try:
temp_user = User.objects.get(email=username_or_email)
username = User.objects.get(email=username_or_email).username
except User.DoesNotExist:
form.errors['__all__'] = form.error_class(["Invalid username/password combination. Please try again."])
if temp_user is not None:
if temp_user.is_active:
user = authenticate(username=username, password=password)
if user is not None:
login(request, user)
if ANONYMOUS_SESSION:
request.session['ANONYMOUS_SESSION'] = True
return HttpResponseRedirect(redirect_to)
else:
reset_url = request.build_absolute_uri(reverse('reset_pw'))
messages.add_message(request, messages.INFO, MESSAGES['RESET_MESSAGE'].format(reset_url=reset_url))
form.errors['__all__'] = form.error_class([MESSAGES['INVALID_LOGIN']])
time.sleep(1) # Invalid login - delay 1 second as rudimentary security against brute force attacks
else:
form.errors['__all__'] = form.error_class(["Your account is not active. Please contact the site administrator to activate your account."])
return render_to_response('login.html', {
'page_name': page_name,
'form': form,
'oauth_providers': _get_oauth_providers(),
'redirect_to': redirect_to,
}, context_instance=RequestContext(request))
