def api_login(request): """ Function used for API login validation and authentication (:http:post:`POST </accounts/login>`). There are two required parameters. .. http:post:: /accounts/login :DC-bound?: * |dc-no| :Permissions: * |APIAccess| :Asynchronous?: * |async-no| :arg string data.username: **required** - Username used for authentication :arg string data.password: **required** - Password used for authentication :status 200: Login successful :status 400: Bad request """ serializer = APIAuthTokenSerializer(data=request.data) if serializer.is_valid(): user = serializer.object['user'] token, created = Token.objects.get_or_create(user=user) if not created: # Old Token - regenerate token and datetime # TODO: We do this by deleting the old token (could be done better) token.delete() token = Token.objects.create(user=user) auth_logger.info('User %s successfully logged in from %s (%s)', user, get_client_ip(request), request.META.get('HTTP_USER_AGENT', '')) request.user = user request.dc = Dc.objects.get_by_id(user.current_dc_id) return Response( { 'token': token.key, 'expires': (token.created + AUTHTOKEN_TIMEDELTA).isoformat(), 'detail': 'Welcome to Danube Cloud API.' }, status=scode.HTTP_200_OK, request=request) auth_logger.warning('User %s login failed from %s (%s)', request.data.get('username', None), get_client_ip(request), request.META.get('HTTP_USER_AGENT', '')) try: error_message = serializer.errors['non_field_errors'][0] except (KeyError, IndexError): error_message = serializer.errors return Response({'detail': error_message}, status=scode.HTTP_400_BAD_REQUEST)
def logout(request): """ Log users out (destroy all sessions) and re-direct them to the main page. """ # Save profile and user object user = request.user profile = request.user.userprofile # Create guacamole object attached to request.user.username and with current guacamole password g = GuacamoleAuth(request) # Do a guacamole logout gcookie = g.logout() # We can then remove the cached configuration g.del_auth() # Get the response object response = logout_then_login(request) # Remove the guacamole cookie from response object response.delete_cookie(**gcookie['cookie']) # Setup i18n settings of the logged in user into session of an anonymous user profile.activate_locale(request) # Get auth logger and log the logout :) auth_logger.info('User %s successfully logged out from %s (%s)', user, get_client_ip(request), request.META.get('HTTP_USER_AGENT', '')) # Bye bye return response
def api_logout(request): """ Function used for API logout (:http:get:`GET </accounts/logout>`). .. http:get:: /accounts/logout :DC-bound?: * |dc-no| :Permissions: :Asynchronous?: * |async-no| :status 200: Logout successful :status 403: Forbidden """ response = Response({'detail': 'Bye.'}, status=scode.HTTP_200_OK, request=request) user = None # noinspection PyBroadException try: user = request.user request.user = None request.auth.delete() except Exception: pass auth_logger.info('User %s successfully logged out from %s (%s)', user, get_client_ip(request), request.META.get('HTTP_USER_AGENT', '')) return response
def initialize(self): request = self.request self.user_id = str(request.user.id) self.user_ip = get_client_ip(request) self.sess_id = self.socket.sessid self.session_key = request.session.session_key self.last_tasks = deque(maxlen=100) self.setup_user() self.log('API socketio session started for user %s (%s) from %s', self.user_id, self.username, self.user_ip)
def login(request): """ Log users in the system and re-direct them to dashboard or show proper error message when failed. """ response = contrib_login(request, 'gui/accounts/login.html', authentication_form=partial(LoginForm, request)) # Setup i18n settings into session if request.method == 'POST': user = request.user if user.is_authenticated(): auth_logger.info('User %s successfully logged in from %s (%s)', user, get_client_ip(request), request.META.get('HTTP_USER_AGENT', '')) user.userprofile.activate_locale(request) clear_attempts_cache(request, user.username) else: auth_logger.warning('User %s login failed from %s (%s)', request.POST.get('username', None), get_client_ip(request), request.META.get('HTTP_USER_AGENT', '')) return response