def change_password(request, user, tmpl='change_password.html'): if request.method == 'POST': form = forms.ChangePasswordForm(request.POST) if form.is_valid(): password_salt = db.get_password_salt(user['username']) request._cmbarter_trx_cost += 2.0 if db.update_password( user['trader_id'], utils.calc_crypt_hash(password_salt + form.cleaned_data['old_password']), utils.calc_crypt_hash(password_salt + form.cleaned_data['password'])): return HttpResponseRedirect( reverse(report_change_password_success, args=[user['trader_id']])) else: form.wrong_password = True else: form = forms.ChangePasswordForm() # Render everything adding CSRF protection. c = {'settings': settings, 'user': user, 'form': form} c.update(csrf(request)) return render_to_response(tmpl, c)
def change_username(request, user, tmpl='change_username.html'): if request.method == 'POST': form = forms.ChangeUsernameForm(request.POST) if form.is_valid(): password_salt = db.get_password_salt(user['username']) request._cmbarter_trx_cost += 4.0 error = db.update_username( user['trader_id'], utils.calc_crypt_hash(password_salt, form.cleaned_data['password']), form.cleaned_data['username']) if 2==error: form.wrong_password = True elif 1==error: form.username_taken = True else: return HttpResponseRedirect(reverse( report_change_username_success, args=[user['trader_id']])) else: form = forms.ChangeUsernameForm() # Render everything adding CSRF protection. c = {'settings': settings, 'user' : user, 'form': form } c.update(csrf(request)) return render_to_response(tmpl, c)
def login(request, tmpl='login.html'): if request.method == 'POST': form = forms.LoginForm(request.POST) if form.is_valid(): username = form.cleaned_data['username'] password_salt = db.get_password_salt(username) password_hash = utils.calc_crypt_hash( password_salt, form.cleaned_data['password']) authentication = db.login_trader(username, password_hash) if (settings.CMBARTER_SHOW_CAPTCHA_ON_REPETITIVE_LOGIN_FAILURE and authentication['needs_captcha']): # Generate a cryptographic nonce and if authentication # was not valid -- invert its bits. The calculation # should take the same amount of time in both cases. nonce1 = os.urandom(16) a = bytearray(nonce1) modifier = {True: 0, False: 0xff}[authentication['is_valid']] for i in xrange(16): a[i] ^= modifier nonce2 = bytes(a) # Challenge the user with a captcha. request.session['auth'] = (b64encode(nonce1), b64encode(cipher.encrypt(nonce2)), authentication['trader_id'], time.time(), username) return HttpResponseRedirect(reverse(login_captcha)) elif authentication['is_valid']: # Log the user in and redirect him to his start-page. trader_id = request.session['trader_id'] = authentication[ 'trader_id'] request.session['ts'] = time.time() if settings.CMBARTER_MAINTAIN_IP_WHITELIST: client_ip = get_client_ip(request) if client_ip: db.insert_whitelist_entry(trader_id, client_ip) show = TRADER_ID_STRING.match(request.GET.get('show', u'')) if show: return HttpResponseRedirect( reverse('products-partner-pricelist', args=[trader_id, int(show.group())])) else: return HttpResponseRedirect( reverse('profiles-check-email', args=[trader_id])) else: form.incorrect_login = True else: prefill_username = request.GET.get('username', u'') form = forms.LoginForm(initial={'username': prefill_username}) form.incorrect_login = bool(prefill_username) # Render everything adding CSRF protection. c = {'settings': settings, 'form': form} c.update(csrf(request)) return render_to_response(tmpl, c)
def login(request, tmpl='xhtml-mp/login.html', method=None): method = method or request.GET.get('method') or request.method if method == 'POST': form = cmbarter.users.forms.LoginForm(request.POST) if form.is_valid(): username = form.cleaned_data['username'] password_salt = db.get_password_salt(username) password_hash = utils.calc_crypt_hash( password_salt + form.cleaned_data['password']) authentication = db.login_trader(username, password_hash) if (settings.CMBARTER_SHOW_CAPTCHA_ON_REPETITIVE_LOGIN_FAILURE and authentication['needs_captcha']): form.needs_captcha = True elif authentication['is_valid']: # Log the user in and redirect him to his start-page. while 1: secret = base64.urlsafe_b64encode( os.urandom(15)).decode('ascii') if db.replace_loginkey( authentication['trader_id'], hashlib.md5(secret.encode('ascii')).hexdigest()): break if settings.CMBARTER_MAINTAIN_IP_WHITELIST: client_ip = get_client_ip(request) if client_ip: db.insert_whitelist_entry(authentication['trader_id'], client_ip) r = HttpResponseRedirect( reverse(show_shopping_list, args=[secret])) r.set_cookie(key='username', value=base64.b16encode( username.encode('utf-8')).decode('ascii'), max_age=60 * 60 * 24 * 365 * 10) return r else: form.incorrect_login = True else: try: username = base64.b16decode( request.COOKIES.get('username', '').encode('ascii')).decode('utf-8') except: username = u'' form = cmbarter.users.forms.LoginForm(initial={'username': username}) # Render everything. c = {'settings': settings, 'form': form} return render(request, tmpl, c)
def login(request, tmpl='xhtml-mp/login.html', method=None): method = method or request.GET.get('method') or request.method if method == 'POST': form = cmbarter.users.forms.LoginForm(request.POST) if form.is_valid(): username = form.cleaned_data['username'] password_salt = db.get_password_salt(username) password_hash = utils.calc_crypt_hash(password_salt + form.cleaned_data['password']) authentication = db.login_trader(username, password_hash) if (settings.CMBARTER_SHOW_CAPTCHA_ON_REPETITIVE_LOGIN_FAILURE and authentication['needs_captcha']): form.needs_captcha = True elif authentication['is_valid']: # Log the user in and redirect him to his start-page. while 1: secret = base64.urlsafe_b64encode(os.urandom(15)).decode('ascii') if db.replace_loginkey(authentication['trader_id'], hashlib.md5(secret.encode('ascii')).hexdigest()): break if settings.CMBARTER_MAINTAIN_IP_WHITELIST: client_ip = get_client_ip(request) if client_ip: db.insert_whitelist_entry(authentication['trader_id'], client_ip) r = HttpResponseRedirect(reverse(show_shopping_list, args=[secret])) r.set_cookie( key='username', value=base64.b16encode(username.encode('utf-8')).decode('ascii'), max_age=60*60*24*365*10) return r else: form.incorrect_login = True else: try: username = base64.b16decode( request.COOKIES.get('username', '').encode('ascii') ).decode('utf-8') except: username = u'' form = cmbarter.users.forms.LoginForm( initial={'username': username }) # Render everything. c = {'settings': settings, 'form': form } return render(request, tmpl, c)
def login(request, tmpl='login.html'): if request.method == 'POST': form = forms.LoginForm(request.POST) if form.is_valid(): username = form.cleaned_data['username'] password_salt = db.get_password_salt(username) password_hash = utils.calc_crypt_hash( password_salt + form.cleaned_data['password']) authentication = db.login_trader(username, password_hash) if (settings.CMBARTER_SHOW_CAPTCHA_ON_REPETITIVE_LOGIN_FAILURE and authentication['needs_captcha']): # Challenge the user with a captcha. request.session['auth_username'] = username request.session['auth_is_valid'] = authentication['is_valid'] request.session['auth_trader_id'] = authentication['trader_id'] return HttpResponseRedirect(reverse(login_captcha)) elif authentication['is_valid']: # Log the user in and redirect him to his start-page. trader_id = request.session['trader_id'] = authentication[ 'trader_id'] request.session[ 'garbage'] = GARBAGE # we tell "real" sessions by the size if settings.CMBARTER_MAINTAIN_IP_WHITELIST: client_ip = get_client_ip(request) if client_ip: db.insert_whitelist_entry(trader_id, client_ip) show = TRADER_ID_STRING.match(request.GET.get('show', u'')) if show: return HttpResponseRedirect( reverse('products-partner-pricelist', args=[trader_id, int(show.group())])) else: return HttpResponseRedirect( reverse('profiles-check-email', args=[trader_id])) else: form.incorrect_login = True else: prefill_username = request.GET.get('username', u'') form = forms.LoginForm(initial={'username': prefill_username}) form.incorrect_login = bool(prefill_username) # Render everything adding CSRF protection. c = {'settings': settings, 'form': form} c.update(csrf(request)) return render_to_response(tmpl, c)
def login(request, tmpl='login.html'): if request.method == 'POST': form = forms.LoginForm(request.POST) if form.is_valid(): username = form.cleaned_data['username'] password_salt = db.get_password_salt(username) password_hash = utils.calc_crypt_hash(password_salt + form.cleaned_data['password']) authentication = db.login_trader(username, password_hash) if (settings.CMBARTER_SHOW_CAPTCHA_ON_REPETITIVE_LOGIN_FAILURE and authentication['needs_captcha']): # Challenge the user with a captcha. request.session['auth_username'] = username request.session['auth_is_valid'] = authentication['is_valid'] request.session['auth_trader_id'] = authentication['trader_id'] return HttpResponseRedirect(reverse(login_captcha)) elif authentication['is_valid']: # Log the user in and redirect him to his start-page. trader_id = request.session['trader_id'] = authentication['trader_id'] request.session['garbage'] = GARBAGE # we tell "real" sessions by the size if settings.CMBARTER_MAINTAIN_IP_WHITELIST: client_ip = get_client_ip(request) if client_ip: db.insert_whitelist_entry(trader_id, client_ip) show = TRADER_ID_STRING.match(request.GET.get('show', u'')) if show: return HttpResponseRedirect(reverse( 'products-partner-pricelist', args=[trader_id, int(show.group())])) else: return HttpResponseRedirect(reverse( 'profiles-check-email', args=[trader_id])) else: form.incorrect_login = True else: prefill_username = request.GET.get('username', u'') form = forms.LoginForm(initial={'username': prefill_username }) form.incorrect_login = bool(prefill_username) # Render everything adding CSRF protection. c = {'settings': settings, 'form': form } c.update(csrf(request)) return render_to_response(tmpl, c)
def signup(request, tmpl='signup.html'): captcha_error = None if request.method == 'POST': if settings.CMBARTER_SHOW_CAPTCHA_ON_SIGNUP: captcha_response = captcha.submit( request.POST.get('recaptcha_challenge_field'), request.POST.get('recaptcha_response_field'), settings.CMBARTER_RECAPTCHA_PIVATE_KEY, request.META['REMOTE_ADDR']) captcha_error = captcha_response.error_code captcha_passed = captcha_response.is_valid else: captcha_passed = True form = forms.SignupForm(request.POST) if captcha_passed and form.is_valid(): username = form.cleaned_data['username'] password_salt = utils.generate_password_salt( settings.CMBARTER_PASSWORD_HASHING_METHOD) password_hash = utils.calc_crypt_hash( password_salt, form.cleaned_data['password']) if settings.CMBARTER_REGISTRATION_SECRET: registration_key = keygen.Keygen( settings.CMBARTER_REGISTRATION_SECRET).validate( form.cleaned_data['registration_key']) else: registration_key = None while 1: # Generate a new trader ID and try to register it. trader_id = utils.vh_compute(random.randrange(1, 100000000)) error = db.insert_trader(trader_id, username, get_language(), password_hash, password_salt, registration_key) if 3 == error: # The registration key is invalid. form.invalid_regkey = True break elif 2 == error: # The username is taken. form.username_taken = True break elif 1 == error: # Probably the ID is taken -- keep trying. continue else: # Successfunl registration -- log the user in, add # the IP to the whitelist, and redirect the user # to copmlete his profile. request.session['trader_id'] = trader_id request.session['ts'] = time.time() if settings.CMBARTER_MAINTAIN_IP_WHITELIST: client_ip = get_client_ip(request) if client_ip: db.insert_whitelist_entry(trader_id, client_ip) return HttpResponseRedirect( reverse(create_profile, args=[trader_id])) else: form = forms.SignupForm() # Render everything adding CSRF protection. c = {'settings': settings, 'form': form, 'captcha_error': captcha_error} c.update(csrf(request)) return render_to_response(tmpl, c)
def signup(request, tmpl='signup.html'): captcha_error = None if request.method == 'POST': if settings.CMBARTER_SHOW_CAPTCHA_ON_SIGNUP: captcha_response = captcha.submit( request.POST.get('recaptcha_challenge_field'), request.POST.get('recaptcha_response_field'), settings.RECAPTCHA_PIVATE_KEY, request.META['REMOTE_ADDR']) captcha_error = captcha_response.error_code captcha_passed = captcha_response.is_valid else: captcha_passed = True form = forms.SignupForm(request.POST) if captcha_passed and form.is_valid(): username = form.cleaned_data['username'] password_salt = utils.generate_password_salt() password_hash = utils.calc_crypt_hash(password_salt + form.cleaned_data['password']) if settings.CMBARTER_REGISTRATION_KEY_IS_REQUIRED: registration_key = keygen.Keygen( settings.SECRET_KEY, settings.CMBARTER_REGISTRATION_KEY_PREFIX ).validate(form.cleaned_data['registration_key']) else: registration_key = None while 1: # Generate a new trader ID and try to register it. trader_id = utils.vh_compute(random.randrange(1, 100000000)) error = db.insert_trader(trader_id, username, get_language(), password_hash, password_salt, registration_key) if 3==error: # The registration key is invalid. form.invalid_regkey = True break elif 2==error: # The username is taken. form.username_taken = True break elif 1==error: # Probably the ID is taken -- keep trying. continue else: # Successfunl registration -- log the user in, add # the IP to the whitelist, and redirect the user # to copmlete his profile. request.session['trader_id'] = trader_id if settings.CMBARTER_MAINTAIN_IP_WHITELIST: client_ip = get_client_ip(request) if client_ip: db.insert_whitelist_entry(trader_id, client_ip) return HttpResponseRedirect(reverse( create_profile, args=[trader_id])) else: form = forms.SignupForm() # Render everything adding CSRF protection. c = {'settings': settings, 'form': form, 'captcha_error': captcha_error } c.update(csrf(request)) return render_to_response(tmpl, c)