def login_user(request, user):
''' hijack mechanism '''
hijack_history = [request.user._meta.pk.value_to_string(request.user)]
if request.session.get('hijack_history'):
hijack_history = request.session['hijack_history'] + hijack_history
check_hijack_authorization(request, user)
hijacker = request.user
hijacked = user
backend = get_used_backend(request)
user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
last_login = user.last_login # Save last_login to reset it after hijack login
login(request, user)
user.last_login = last_login
user.save()
post_superuser_login.send(sender=None, user_id=user.pk)
hijack_started.send(sender=None,
hijacker_id=hijacker.pk,
hijacked_id=hijacked.pk)
request.session['hijack_history'] = hijack_history
request.session['is_hijacked_user'] = True
request.session['display_hijack_warning'] = True
request.session.modified = True
return redirect_to_next(
request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
def login_user(request, hijacked):
''' hijack mechanism '''
hijacker = request.user
hijack_history = [request.user._meta.pk.value_to_string(hijacker)]
if request.session.get('hijack_history'):
hijack_history = request.session['hijack_history'] + hijack_history
check_hijack_authorization(request, hijacked)
backend = get_used_backend(request)
hijacked.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
# Prevent update of hijacked user last_login
signal_was_connected = user_logged_in.disconnect(update_last_login)
# Actually log user in
login(request, hijacked)
# Restore signal if needed
if signal_was_connected:
user_logged_in.connect(update_last_login)
post_superuser_login.send(sender=None, user_id=hijacked.pk) # Send legacy signal
hijack_started.send(sender=None, hijacker_id=hijacker.pk, hijacked_id=hijacked.pk, request=request) # Send official, documented signal
request.session['hijack_history'] = hijack_history
request.session['is_hijacked_user'] = True
request.session['display_hijack_warning'] = True
request.session.modified = True
return redirect_to_next(request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
def login_user(request, hijacked):
''' hijack mechanism '''
hijacker = request.user
hijack_history = [request.user._meta.pk.value_to_string(hijacker)]
if request.session.get('hijack_history'):
hijack_history = request.session['hijack_history'] + hijack_history
check_hijack_authorization(request, hijacked)
backend = get_used_backend(request)
hijacked.backend = "%s.%s" % (backend.__module__,
backend.__class__.__name__)
# Prevent update of hijacked user last_login
signal_was_connected = user_logged_in.disconnect(update_last_login)
# Actually log user in
login(request, hijacked)
# Restore signal if needed
if signal_was_connected:
user_logged_in.connect(update_last_login)
post_superuser_login.send(sender=None,
user_id=hijacked.pk) # Send legacy signal
hijack_started.send(sender=None,
hijacker_id=hijacker.pk,
hijacked_id=hijacked.pk,
request=request) # Send official, documented signal
request.session['hijack_history'] = hijack_history
request.session['is_hijacked_user'] = True
request.session['display_hijack_warning'] = True
request.session.modified = True
return redirect_to_next(
request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
def login_user(request, user):
''' hijack mechanism '''
hijack_history = [request.user.pk]
if request.session.get('hijack_history'):
hijack_history = request.session['hijack_history'] + hijack_history
if not request.user.is_superuser:
if getattr(settings, "ALLOW_STAFF_TO_HIJACKUSER", False):
# staff allowed, so check if user is staff
if not user.is_staff:
raise PermissionDenied
else:
# if user is not super user / staff he should be redirected to the admin login
raise PermissionDenied # pragma: no cover
backend = get_backends()[0]
user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
login(request, user)
post_superuser_login.send(sender=None, user_id=user.pk)
request.session['is_hijacked_user'] = True
request.session['hijack_history'] = hijack_history
request.session.modified = True
redirect_to = request.GET.get(
'next',
getattr(settings, 'HIJACK_LOGIN_REDIRECT_URL',
getattr(settings, 'LOGIN_REDIRECT_URL', '/')))
return HttpResponseRedirect(redirect_to)
def login_user(request, user):
''' hijack mechanism '''
hijack_history = [request.user.pk]
if request.session.get('hijack_history'):
hijack_history = request.session['hijack_history'] + hijack_history
check_hijack_permission(request, user)
backend = get_used_backend(request)
user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
login(request, user)
post_superuser_login.send(sender=None, user_id=user.pk)
request.session['is_hijacked_user'] = True
request.session['hijack_history'] = hijack_history
request.session.modified = True
redirect_to = request.GET.get(
'next',
getattr(settings, 'HIJACK_LOGIN_REDIRECT_URL',
getattr(settings, 'LOGIN_REDIRECT_URL', '/')))
return HttpResponseRedirect(resolve_url(redirect_to))
def login_user(request, user):
''' hijack mechanism '''
hijack_history = [request.user.pk]
if request.session.get('hijack_history'):
hijack_history = request.session['hijack_history'] + hijack_history
if not request.user.is_superuser:
if getattr(settings, "ALLOW_STAFF_TO_HIJACKUSER", False):
# staff allowed, so check if user is staff
if not user.is_staff:
raise PermissionDenied
else:
raise PermissionDenied
backend = get_backends()[0]
user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
login(request, user)
post_superuser_login.send(sender=None, user_id=user.pk)
request.session['is_hijacked_user'] = True
request.session['hijack_history'] = hijack_history
request.session.modified = True
return HttpResponseRedirect(getattr(settings, 'LOGIN_REDIRECT_URL', '/'))
def login_user(request, user):
''' hijack mechanism '''
hijack_history = [request.user.pk]
if request.session.get('hijack_history'):
hijack_history = request.session['hijack_history'] + hijack_history
check_hijack_permission(request, user)
backend = get_backends()[0]
user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
login(request, user)
post_superuser_login.send(sender=None, user_id=user.pk)
request.session['is_hijacked_user'] = True
request.session['hijack_history'] = hijack_history
request.session.modified = True
redirect_to = request.GET.get('next',
getattr(settings,
'HIJACK_LOGIN_REDIRECT_URL',
getattr(settings,
'LOGIN_REDIRECT_URL', '/')))
return HttpResponseRedirect(resolve_url(redirect_to))
def login_user(request, user):
''' hijack mechanism '''
hijack_history = [request.user._meta.pk.value_to_string(request.user)]
if request.session.get('hijack_history'):
hijack_history = request.session['hijack_history'] + hijack_history
check_hijack_authorization(request, user)
hijacker = request.user
hijacked = user
backend = get_used_backend(request)
user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
last_login = user.last_login # Save last_login to reset it after hijack login
login(request, user)
user.last_login = last_login
user.save()
post_superuser_login.send(sender=None, user_id=user.pk)
hijack_started.send(sender=None, hijacker_id=hijacker.id, hijacked_id=hijacked.id)
request.session['hijack_history'] = hijack_history
request.session['is_hijacked_user'] = True
request.session['display_hijack_warning'] = True
request.session.modified = True
return redirect_to_next(request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)