def sys_sudo_mode(request):
if request.method not in ('GET', 'POST'):
return HttpResponseNotAllowed
# here we can't use @sys_staff_required
if not request.user.is_staff:
raise Http404
next_page = request.GET.get('next', reverse('sys_info'))
password_error = False
if request.method == 'POST':
password = request.POST.get('password')
username = request.user.username
ip = get_remote_ip(request)
if password:
user = authenticate(username=username, password=password)
if user:
update_sudo_mode_ts(request)
from seahub.auth.utils import clear_login_failed_attempts
clear_login_failed_attempts(request, username)
return HttpResponseRedirect(next_page)
password_error = True
from seahub.auth.utils import get_login_failed_attempts, incr_login_failed_attempts
failed_attempt = get_login_failed_attempts(username=username, ip=ip)
if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT:
# logout user
from seahub.auth import logout
logout(request)
return HttpResponseRedirect(reverse('auth_login'))
else:
incr_login_failed_attempts(username=username, ip=ip)
enable_shib_login = getattr(settings, 'ENABLE_SHIB_LOGIN', False)
enable_adfs_login = getattr(settings, 'ENABLE_ADFS_LOGIN', False)
return render(
request, 'sysadmin/sudo_mode.html', {
'password_error': password_error,
'enable_sso': enable_shib_login or enable_adfs_login,
'next': next_page,
})
def login(request,
template_name='registration/login.html',
redirect_if_logged_in=None,
redirect_field_name=REDIRECT_FIELD_NAME,
authentication_form=AuthenticationForm):
"""Displays the login form and handles the login action."""
if request.user.is_authenticated() and redirect_if_logged_in:
return HttpResponseRedirect(reverse(redirect_if_logged_in))
redirect_to = request.GET.get(redirect_field_name, '')
ip = get_remote_ip(request)
if request.method == "POST":
login = request.POST.get('login', '').strip()
failed_attempt = get_login_failed_attempts(username=login, ip=ip)
remember_me = True if request.POST.get('remember_me',
'') == 'on' else False
redirect_to = request.POST.get(redirect_field_name, '') or redirect_to
# check the form
used_captcha_already = False
if bool(config.FREEZE_USER_ON_LOGIN_FAILED) is True:
form = authentication_form(data=request.POST)
else:
if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT:
form = CaptchaAuthenticationForm(data=request.POST)
used_captcha_already = True
else:
form = authentication_form(data=request.POST)
if form.is_valid():
return _handle_login_form_valid(request, form.get_user(),
redirect_to, remember_me)
# form is invalid
user_logged_in_failed.send(sender=None, request=request)
failed_attempt = incr_login_failed_attempts(username=login, ip=ip)
if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT:
if bool(config.FREEZE_USER_ON_LOGIN_FAILED) is True:
# log user in if password is valid otherwise freeze account
logger.warn(
'Login attempt limit reached, try freeze the user, email/username: %s, ip: %s, attemps: %d'
% (login, ip, failed_attempt))
email = Profile.objects.get_username_by_login_id(login)
if email is None:
email = login
try:
user = User.objects.get(email)
if user.is_active:
user.freeze_user(notify_admins=True)
logger.warn(
'Login attempt limit reached, freeze the user email/username: %s, ip: %s, attemps: %d'
% (login, ip, failed_attempt))
except User.DoesNotExist:
logger.warn(
'Login attempt limit reached with invalid email/username: %s, ip: %s, attemps: %d'
% (login, ip, failed_attempt))
pass
form.errors['freeze_account'] = _(
'This account has been frozen due to too many failed login attempts.'
)
else:
# use a new form with Captcha
logger.warn(
'Login attempt limit reached, show Captcha, email/username: %s, ip: %s, attemps: %d'
% (login, ip, failed_attempt))
if not used_captcha_already:
form = CaptchaAuthenticationForm()
else:
### GET
failed_attempt = get_login_failed_attempts(ip=ip)
if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT:
if bool(config.FREEZE_USER_ON_LOGIN_FAILED) is True:
form = authentication_form()
else:
logger.warn(
'Login attempt limit reached, show Captcha, ip: %s, attempts: %d'
% (ip, failed_attempt))
form = CaptchaAuthenticationForm()
else:
form = authentication_form()
request.session.set_test_cookie()
current_site = get_current_site(request)
multi_tenancy = getattr(settings, 'MULTI_TENANCY', False)
if config.ENABLE_SIGNUP:
if multi_tenancy:
org_account_only = getattr(settings, 'FORCE_ORG_REGISTER', False)
if org_account_only:
signup_url = reverse('org_register')
else:
signup_url = reverse('choose_register')
else:
signup_url = reverse('registration_register')
else:
signup_url = ''
enable_sso = getattr(settings, 'ENABLE_SHIB_LOGIN', False) or \
getattr(settings, 'ENABLE_KRB5_LOGIN', False) or \
getattr(settings, 'ENABLE_ADFS_LOGIN', False) or \
getattr(settings, 'ENABLE_OAUTH', False) or \
getattr(settings, 'ENABLE_CAS', False)
login_bg_image_path = get_login_bg_image_path()
return render(
request, template_name, {
'form': form,
redirect_field_name: redirect_to,
'site': current_site,
'site_name': get_site_name(),
'remember_days': config.LOGIN_REMEMBER_DAYS,
'signup_url': signup_url,
'enable_sso': enable_sso,
'login_bg_image_path': login_bg_image_path,
})
