Example #1
0
def redirect_to_default(req, domain=None):
    if not req.user.is_authenticated:
        if domain != None:
            url = reverse('domain_login', args=[domain])
        else:
            url = reverse('login')
    elif domain and _two_factor_needed(domain, req):
        if MONITOR_2FA_CHANGES.enabled(domain):
            from corehq.apps.hqwebapp.utils import monitor_2fa_soft_assert
            monitor_2fa_soft_assert(
                False, f'2FA required page shown to user '
                f'{req.user.username} on {domain} after '
                f'login')
        return TemplateResponse(
            request=req,
            template='two_factor/core/otp_required.html',
            status=403,
        )
    else:
        if domain:
            domain = normalize_domain_name(domain)
            domains = [Domain.get_by_name(domain)]
        else:
            domains = Domain.active_for_user(req.user)

        if 0 == len(domains) and not req.user.is_superuser:
            return redirect('registration_domain')
        elif 1 == len(domains):
            from corehq.apps.users.models import DomainMembershipError
            if domains[0]:
                domain = domains[0].name
                couch_user = req.couch_user
                try:
                    role = couch_user.get_role(domain)
                except DomainMembershipError:
                    # commcare users without roles should always be denied access
                    if couch_user.is_commcare_user():
                        raise Http404()
                    else:
                        # web users without roles are redirected to the dashboard default
                        # view since some domains allow web users to request access if they
                        # don't have it
                        url = reverse("dashboard_domain", args=[domain])
                else:
                    if role and role.default_landing_page:
                        url = get_redirect_url(role.default_landing_page,
                                               domain)
                    elif couch_user.is_commcare_user():
                        url = reverse(get_cloudcare_urlname(domain),
                                      args=[domain])
                    else:
                        url = reverse("dashboard_domain", args=[domain])
            else:
                raise Http404()
        else:
            url = settings.DOMAIN_SELECT_URL
    return HttpResponseRedirect(url)
Example #2
0
 def dispatch(self, request, *args, **kwargs):
     # todo this bit of code should be replaced with a better event logging system
     if (request.couch_user.is_commcare_user()
             and MONITOR_2FA_CHANGES.enabled(request.couch_user.domain)):
         from corehq.apps.hqwebapp.utils import monitor_2fa_soft_assert
         monitor_2fa_soft_assert(
             False,
             f'2FA was ENABLED for mobile worker {request.couch_user.username} '
             f'from {request.couch_user.domain}')
     return super(TwoFactorSetupCompleteView,
                  self).dispatch(request, *args, **kwargs)
Example #3
0
    def get_context_data(self, **kwargs):
        context = super(HQLoginView, self).get_context_data(**kwargs)
        context.update(self.extra_context)

        steps = context.get('wizard', {}).get('steps')
        domain = context.get('domain')
        is_commcare_user = context.get('is_commcare_user', False)
        if (steps and steps.current == 'token'
                and is_commcare_user and MONITOR_2FA_CHANGES.enabled(domain)):
            username = self.request.POST['auth-username'].lower()
            from corehq.apps.hqwebapp.utils import monitor_2fa_soft_assert
            monitor_2fa_soft_assert(
                False,
                f'2FA TOKEN required upon login for mobile worker {username} from {domain}'
            )

        return context