Ejemplo n.º 1
0
def _login_view(request):
    if DEBUG:
        print("auth debug mode is on!")

    if not request.is_ajax():
        # Do nothing, if it's not a ajax request.
        if settings.DEBUG:
            messages.error(request, "Ignore login request, because it's not AJAX.")
        return

    if request.method != 'GET':
        debug_msg = "request method %r wrong, only GET allowed" % request.method
        return bad_request(APP_LABEL, "_login_view() error", debug_msg) # Return HttpResponseBadRequest

    next_url = request.GET.get("next_url", request.path)

    if "//" in next_url: # FIXME: How to validate this better?
        # Don't redirect to other pages.
        debug_msg = "next url %r seems to be wrong!" % next_url
        return bad_request(APP_LABEL, "_login_view() error", debug_msg) # Return HttpResponseBadRequest

    form = ShaLoginForm()

    # create a new challenge and add it to session
    challenge = _get_challenge(request)

    context = {
        "challenge": challenge,
        "salt_len": crypt.SALT_LEN,
        "hash_len": crypt.HASH_LEN,
        "get_salt_url": request.path + "?auth=get_salt",
        "sha_auth_url": request.path + "?auth=sha_auth",
        "next_url": next_url,
        "form": form,
        "pass_reset_link": "#TODO",
    }

    # IMPORTANT: We must do the following, so that the
    # CsrfViewMiddleware.process_response() would set the CSRF_COOKIE
    # see also # https://github.com/jedie/PyLucid/issues/61
    # XXX in Django => 1.4 we can use @ensure_csrf_cookie
    # https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#django.views.decorators.csrf.ensure_csrf_cookie
    request.META["CSRF_COOKIE_USED"] = True

    # return a string for replacing the normal cms page content
    return ajax_response(request, 'auth/sha_form.html', context, context_instance=RequestContext(request))
Ejemplo n.º 2
0
def _login_view(request):
    """
    For better JavaScript debugging: Enable settings.DEBUG and request the page
    via GET with: "...?auth=login"
    """
    if DEBUG:
        print("auth debug mode is on!")

    if request.method != 'GET':
        debug_msg = "request method %r wrong, only GET allowed" % request.method
        return bad_request(APP_LABEL, "_login_view() error",
                           debug_msg)  # Return HttpResponseBadRequest

    next_url = request.GET.get("next_url", request.path)

    if "//" in next_url:  # FIXME: How to validate this better?
        # Don't redirect to other pages.
        debug_msg = "next url %r seems to be wrong!" % next_url
        return bad_request(APP_LABEL, "_login_view() error",
                           debug_msg)  # Return HttpResponseBadRequest

    form = ShaLoginForm()

    # create a new challenge and add it to session
    challenge = _get_challenge(request)

    try:
        # url from django-authopenid, only available if the urls.py are included
        reset_link = urlresolvers.reverse("auth_password_reset")
    except urlresolvers.NoReverseMatch:
        try:
            # DjangoBB glue plugin adds the urls from django-authopenid
            reset_link = PluginPage.objects.reverse("djangobb_plugin",
                                                    "auth_password_reset")
        except KeyError:
            # plugin is not installed
            reset_link = None
        except urlresolvers.NoReverseMatch:
            # plugin is installed, but not in used (no PluginPage created)
            reset_link = None

    loop_count = _get_loop_count()  # get "loop_count" from AuthPreferencesForm

    context = {
        "challenge": challenge,
        "old_salt_len": crypt.OLD_SALT_LEN,
        "salt_len": crypt.SALT_LEN,
        "hash_len": crypt.HASH_LEN,
        "loop_count": loop_count,
        "get_salt_url": request.path + "?auth=get_salt",
        "sha_auth_url": request.path + "?auth=sha_auth",
        "next_url": next_url,
        "form": form,
        "pass_reset_link": reset_link,
    }

    # IMPORTANT: We must do the following, so that the
    # CsrfViewMiddleware.process_response() would set the CSRF_COOKIE
    # see also # https://github.com/jedie/PyLucid/issues/61
    # XXX in Django => 1.4 we can use @ensure_csrf_cookie
    # https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#django.views.decorators.csrf.ensure_csrf_cookie
    request.META["CSRF_COOKIE_USED"] = True

    # return a string for replacing the normal cms page content
    if not request.is_ajax():
        response = render_to_response('auth/sha_form_debug.html',
                                      context,
                                      context_instance=RequestContext(request))
    else:
        response = ajax_response(request,
                                 'auth/sha_form.html',
                                 context,
                                 context_instance=RequestContext(request))

    return response
Ejemplo n.º 3
0
def _login_view(request):
    """
    For better JavaScript debugging: Enable settings.DEBUG and request the page
    via GET with: "...?auth=login"
    """
    if DEBUG:
        print ("auth debug mode is on!")

    if request.method != "GET":
        debug_msg = "request method %r wrong, only GET allowed" % request.method
        return bad_request(APP_LABEL, "_login_view() error", debug_msg)  # Return HttpResponseBadRequest

    next_url = request.GET.get("next_url", request.path)

    if "//" in next_url:  # FIXME: How to validate this better?
        # Don't redirect to other pages.
        debug_msg = "next url %r seems to be wrong!" % next_url
        return bad_request(APP_LABEL, "_login_view() error", debug_msg)  # Return HttpResponseBadRequest

    form = ShaLoginForm()

    # create a new challenge and add it to session
    challenge = _get_challenge(request)

    try:
        # url from django-authopenid, only available if the urls.py are included
        reset_link = urlresolvers.reverse("auth_password_reset")
    except urlresolvers.NoReverseMatch:
        try:
            # DjangoBB glue plugin adds the urls from django-authopenid
            reset_link = PluginPage.objects.reverse("djangobb_plugin", "auth_password_reset")
        except KeyError:
            # plugin is not installed
            reset_link = None
        except urlresolvers.NoReverseMatch:
            # plugin is installed, but not in used (no PluginPage created)
            reset_link = None

    loop_count = _get_loop_count()  # get "loop_count" from AuthPreferencesForm

    context = {
        "challenge": challenge,
        "old_salt_len": crypt.OLD_SALT_LEN,
        "salt_len": crypt.SALT_LEN,
        "hash_len": crypt.HASH_LEN,
        "loop_count": loop_count,
        "get_salt_url": request.path + "?auth=get_salt",
        "sha_auth_url": request.path + "?auth=sha_auth",
        "next_url": next_url,
        "form": form,
        "pass_reset_link": reset_link,
    }

    # IMPORTANT: We must do the following, so that the
    # CsrfViewMiddleware.process_response() would set the CSRF_COOKIE
    # see also # https://github.com/jedie/PyLucid/issues/61
    # XXX in Django => 1.4 we can use @ensure_csrf_cookie
    # https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#django.views.decorators.csrf.ensure_csrf_cookie
    request.META["CSRF_COOKIE_USED"] = True

    # return a string for replacing the normal cms page content
    if not request.is_ajax():
        response = render_to_response("auth/sha_form_debug.html", context, context_instance=RequestContext(request))
    else:
        response = ajax_response(request, "auth/sha_form.html", context, context_instance=RequestContext(request))

    return response