Ejemplo n.º 1
0
 def location(self, regex_url):
     relative_url = regex_url.regex.pattern.replace("^", "/").replace("$", "")
     return util.make_absolute_url(relative_url, "http")
Ejemplo n.º 2
0
def login(request, default_next='/', staff_protocol='https'):
    def is_secure_password(pw):
        has = lambda cs: any(char in cs for char in pw)
        return len(pw) >= 8 and has(string.lowercase) and has(string.uppercase) and has(string.digits)

    def valid_slug(raw):
        raw = raw.lstrip('#').strip()
        allowed = string.letters + string.digits + '_'
        def process(c):
            if c in allowed:
                return c
            elif c in string.whitespace:
                return '_'
            else:
                return ''

        return (''.join(map(process, raw)))[:20]

    cookies_to_delete = []
    next_ = get_next(request)

    if request.method == 'GET':
        return r2r_jinja('user/login.html', locals(), request)

    signed_request = request.POST.get(u'signed_request', None)
    facebook_id = request.POST.get(u'facebook_id', None)

    if signed_request and facebook_id:
        user = authenticate(request, facebook_id, signed_request)
        if user is None:
            return r2r_jinja('user/login.html', locals(), request)
        # this is a total hack because we don't care to write a backend for the above authenticate method
        user.backend = settings.AUTHENTICATION_BACKENDS[0]
    else:
        username = valid_slug(request.POST.get('username', ''))
        password = request.POST.get('password')

        if check_rate_limit(request, username):
            message = "Too many retries. Wait a minute and try again."
            return r2r_jinja('user/login.html', locals(), request)

        user = auth.authenticate(username=username, password=password)
        if user is None:
            if User.objects.filter(username=username).exists():
                message = "Incorrect username or password."
            else:
                message = "Incorrect username or password."
            return r2r_jinja('user/login.html', locals(), request)

        if user.is_staff:
            if is_secure_password(password):
                next_ = make_absolute_url(next_ or default_next, protocol=staff_protocol)
            else:
                message = ("User is staff and has an insecure password. Please create a more secure one (8 or more "
                           "characters, mixed case and has numbers). Use password reset to fix this.")
                return r2r_jinja('user/login.html', locals(), request)

    auth.login(request, user)

    try:
        (key, post_data) = after_signup.get_posted_comment(request)
        if post_data:
            next_ = post_comment(request, user, post_data, persist_url=False).details().url
            cookies_to_delete.append(after_signup.make_cookie_key('post_comment'))
    except KeyError:
        pass

    def cleanup(response):
        for k in cookies_to_delete:
            response.delete_cookie(k)
        return response

    if next_:
        next_params = request.GET.copy()
        if 'next' in next_params:
            del next_params['next']
        next_params = '?' + urllib.urlencode(next_params) if next_params else ''
        return cleanup(HttpResponseRedirect(next_ + next_params))
    else:
        return cleanup(HttpResponseRedirect('/'))
Ejemplo n.º 3
0
 def test_base_path_with_protocol(self):
     self.assertEqual('https://foo.com/', make_absolute_url('/', protocol='https'))
Ejemplo n.º 4
0
 def location(self, category):
     return util.make_absolute_url(category.get_absolute_url(), "http:")
Ejemplo n.º 5
0
 def test_already_absolute_without_protocol(self):
     self.assertEqual('//foo.com/foo', make_absolute_url('//foo.com/foo'))
Ejemplo n.º 6
0
 def test_already_absolute_without_protocol_with_kwarg(self):
     self.assertEqual('https://foo.com/foo', make_absolute_url('//foo.com/foo', protocol='https'))
Ejemplo n.º 7
0
 def test_without_prepended_slash(self):
     self.assertEqual('//foo.com/foo', make_absolute_url('foo'))
Ejemplo n.º 8
0
 def test_already_absolute(self):
     self.assertEqual('https://foo.com/foo', make_absolute_url('https://foo.com/foo'))
Ejemplo n.º 9
0
 def test_already_absolute_without_protocol_with_kwarg(self):
     self.assertEqual('https://foo.com/foo',
                      make_absolute_url('//foo.com/foo', protocol='https'))
Ejemplo n.º 10
0
 def test_base_path_with_protocol(self):
     self.assertEqual('https://foo.com/',
                      make_absolute_url('/', protocol='https'))
Ejemplo n.º 11
0
 def test_already_absolute_without_protocol(self):
     self.assertEqual('//foo.com/foo', make_absolute_url('//foo.com/foo'))
Ejemplo n.º 12
0
 def test_already_absolute(self):
     self.assertEqual('https://foo.com/foo',
                      make_absolute_url('https://foo.com/foo'))
Ejemplo n.º 13
0
 def test_without_prepended_slash(self):
     self.assertEqual('//foo.com/foo', make_absolute_url('foo'))
Ejemplo n.º 14
0
 def location(self, regex_url):
     relative_url = regex_url.regex.pattern.replace("^",
                                                    "/").replace("$", "")
     return util.make_absolute_url(relative_url, "http")
Ejemplo n.º 15
0
 def location(self, category):
     return util.make_absolute_url(category.get_absolute_url(), "http:")