def connexion(request):
error = False
if request.method == 'POST':
form = ConnexionForm(request.POST)
if form.is_valid():
username = form.cleaned_data["username"]
password = form.cleaned_data["password"]
remember = form.cleaned_data["remember"]
user = authenticate(username=username, password=password)
if user:
login(request, user)
# On retient l'utilisateur
if remember:
remember_user(request, user)
txtmessage = _('Vous êtes maintenant connecté.')
messages.add_message(request, messages.SUCCESS, txtmessage)
else:
error = True
else:
error = True
else:
form = ConnexionForm()
return render(request, 'users/connexion.html', {'form':form, 'error':error})
def account_login(request):
form = LoginForm(request.POST or None)
redirect_to = request.REQUEST.get('next', '')
if request.method == "GET":
if redirect_to and request.user.is_authenticated():
return HttpResponseRedirect(redirect_to)
if request.method == 'POST':
if form.is_valid():
if not redirect_to:
redirect_to = settings.LOGIN_REDIRECT_URL
data = form.cleaned_data
user = authenticate(
username=data['username'],
password=data['password'])
if user:
login(request, user)
if data['remember_me']:
remember_user(request, user)
return HttpResponseRedirect(redirect_to)
else:
form.add_non_field_error(
_("Sorry, you have entered wrong E-mail or Password"))
return render_to_response('account_login.html',
RequestContext(request, {
'form': form,
'next': redirect_to,
}))
def login(request, username, password, remember_me):
logger.debug("login: username: %s;password: %s" % (username, password))
form = LoginForm({'username': username, 'password': password})
if not form.is_valid():
logger.debug("form is invalid")
logger.warn(form.errors)
return simplejson.dumps({'ret_code': 1000, 'ret_msg': u'用户名或密码格式不正确!'})
data = form.cleaned_data
logger.debug("username: %s; password: %s" % (data['username'], data['password']))
user = auth.authenticate(username=data['username'], password=data['password'])
if user is None:
logger.debug("user is not authenticated")
return simplejson.dumps({'ret_code': 1000, 'ret_msg': u'用户名或密码不正确!'})
if not user.is_active:
logger.debug("user is not active")
return simplejson.dumps({'ret_code': 1000, 'ret_msg': u'账号被锁定,登录失败!'})
logger.debug("user is authenticated")
auth.login(request, user)
if remember_me:
remember_user(request, user)
return simplejson.dumps({'ret_code': 0})
def account_login(request):
form = LoginForm(request.POST or None)
redirect_to = request.REQUEST.get('next', '')
if request.method == "GET":
if redirect_to and request.user.is_authenticated():
return HttpResponseRedirect(redirect_to)
if request.method == 'POST':
if form.is_valid():
if not redirect_to:
redirect_to = settings.LOGIN_REDIRECT_URL
data = form.cleaned_data
user = authenticate(username=data['username'],
password=data['password'])
if user:
login(request, user)
if data['remember_me']:
remember_user(request, user)
return HttpResponseRedirect(redirect_to)
else:
form.add_non_field_error(
_("Sorry, you have entered wrong E-mail or Password"))
return render_to_response(
'account_login.html',
RequestContext(request, {
'form': form,
'next': redirect_to,
}))
def login(self):
"""
Attempt to log a user in.
Currently, Flavrs uses Oauth2 to do this process. The main reason for
this decision was to easily allow outside API usage in the future without
a refactor.
The Django app responsible is:
https://github.com/caffeinehit/django-oauth2-provider
For integrity and security reasons, the decision was made not to use
the default URLS provided from django-oauth2-provider directly and use
a wrapper for them instead.
The reason for this was to prevent having to write an exception outside
of the Flavrs url schema.
Lastly, until further testing of django-oauth2-provider views is done,
a request from this function will be made directly to the proper oauth
url. This method is slower, but more reliable.
"""
url = get_home_url()+reverse('oauth2:access_token')
r = requests.post(url,data=self.data)
#Now, lets check if the user authenticated successfully.
self._set_log({'status': 'error'})
response = ast.literal_eval(r.text)
if response.get('access_token',False):
#Access token granted, lets log them in through Django so the
#session gets created properly.
user = authenticate(username=self.data['username'],
password=self.data['password'])
if user is not None and user.is_active:
if self.data.get('remember_me', None):
remember_user(self.request,user)
login(self.request,user)
self._set_log({
'status': 'success',
'msg': 'Login Successful. Welcome!',
'response': response
})
else:
self._set_log({
'level': 'validation',
'msg': 'Account No Longer Active.'
})
else:
#Users login failed
self._set_log({
'level': 'validation',
'msg': 'Login Credentials Were Incorrect.'
})
return response
def login(request):
form = LoginForm(request.POST or None)
if form.is_valid():
data = form.cleaned_data
user = auth.authenticate(
username=data['username'], password=data['password'])
if user:
auth.login(request, user)
if data['remember_me']:
remember_user(request, user)
else:
form.add_non_field_error(_("Invalid username/password"))
return TemplateResponse(request, 'login.html', {
'form': form,
'user': request.user
})
def login(request):
form = LoginForm(request.POST or None)
if form.is_valid():
data = form.cleaned_data
user = auth.authenticate(username=data['username'],
password=data['password'])
if user:
auth.login(request, user)
if data['remember_me']:
remember_user(request, user)
else:
form.add_non_field_error(_("Invalid username/password"))
return TemplateResponse(request, 'login.html', {
'form': form,
'user': request.user
})
def test_middleware_set_remember_token(self):
from auth_remember import remember_user
from auth_remember import settings
from auth_remember.middleware import AuthRememberMiddleware
request = self.factory.get('/')
response = HttpResponse("Test response")
# Do nothing (no cookies should be set)
middleware = AuthRememberMiddleware()
middleware.process_response(request, response)
self.assertFalse(response.cookies)
# Set remember user (sets the remember token)
remember_user(request, self.user)
middleware.process_response(request, response)
self.assertTrue(response.cookies)
cookie = response.cookies[settings.COOKIE_NAME]
# Validate the remember token in the cookie
user = auth.authenticate(token_string=cookie.value, request=request)
self.assertEqual(self.user, user)
def test_middleware_set_remember_token(self):
from auth_remember import remember_user
from auth_remember import settings
from auth_remember.middleware import AuthRememberMiddleware
request = self.factory.get('/')
response = HttpResponse("Test response")
# Do nothing (no cookies should be set)
middleware = AuthRememberMiddleware()
middleware.process_response(request, response)
self.assertFalse(response.cookies)
# Set remember user (sets the remember token)
remember_user(request, self.user)
middleware.process_response(request, response)
self.assertTrue(response.cookies)
cookie = response.cookies[settings.COOKIE_NAME]
# Validate the remember token in the cookie
user = auth.authenticate(token_string=cookie.value, request=request)
self.assertEqual(self.user, user)
