def test_login_csrf_rotate(self, password='******'):
"""
Makes sure that a login rotates the currently-used CSRF token.
"""
# Do a GET to establish a CSRF token
# TestClient isn't used here as we're testing middleware, essentially.
req = HttpRequest()
CsrfViewMiddleware().process_view(req, login_view, (), {})
# get_token() triggers CSRF token inclusion in the response
get_token(req)
resp = login_view(req)
resp2 = CsrfViewMiddleware().process_response(req, resp)
csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, None)
token1 = csrf_cookie.coded_value
# Prepare the POST request
req = HttpRequest()
req.COOKIES[settings.CSRF_COOKIE_NAME] = token1
req.method = "POST"
req.POST = {'username': '******', 'password': password, 'csrfmiddlewaretoken': token1}
# Use POST request to log in
SessionMiddleware().process_request(req)
CsrfViewMiddleware().process_view(req, login_view, (), {})
req.META["SERVER_NAME"] = "testserver" # Required to have redirect work in login view
req.META["SERVER_PORT"] = 80
resp = login_view(req)
resp2 = CsrfViewMiddleware().process_response(req, resp)
csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, None)
token2 = csrf_cookie.coded_value
# Check the CSRF token switched
self.assertNotEqual(token1, token2)
def register(request, registration_form=RegistrationForm):
if request.user.is_authenticated():
return redirect(request.GET.get('next', reverse('spirit:user:update')))
if request.method == 'POST':
form = registration_form(data=request.POST)
if not request.is_limited and form.is_valid():
user = form.save()
user.is_active = True
user.save()
# send_activation_email(request, user)
# messages.info(
# request,
# _("We have sent you an email to %(email)s "
# "so you can activate your account!")
# % {'email': form.get_email()}
# )
# TODO: email-less activation
if not settings.REGISTER_EMAIL_ACTIVATION_REQUIRED:
login_view(request, user)
return redirect(request.GET.get('next', reverse('spirit:user:update')))
return redirect(reverse('spirit:user:auth:login'))
else:
form = registration_form()
context = {'form': form, }
return render(request, 'spirit/user/auth/register.html', context)
def test_login_csrf_rotate(self, password='******'):
"""
Makes sure that a login rotates the currently-used CSRF token.
"""
# Do a GET to establish a CSRF token
# TestClient isn't used here as we're testing middleware, essentially.
req = HttpRequest()
CsrfViewMiddleware().process_view(req, login_view, (), {})
req.META["CSRF_COOKIE_USED"] = True
resp = login_view(req)
resp2 = CsrfViewMiddleware().process_response(req, resp)
csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, None)
token1 = csrf_cookie.coded_value
# Prepare the POST request
req = HttpRequest()
req.COOKIES[settings.CSRF_COOKIE_NAME] = token1
req.method = "POST"
req.POST = {'username': '******', 'password': password, 'csrfmiddlewaretoken': token1}
# Use POST request to log in
SessionMiddleware().process_request(req)
CsrfViewMiddleware().process_view(req, login_view, (), {})
req.META["SERVER_NAME"] = "testserver" # Required to have redirect work in login view
req.META["SERVER_PORT"] = 80
resp = login_view(req)
resp2 = CsrfViewMiddleware().process_response(req, resp)
csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, None)
token2 = csrf_cookie.coded_value
# Check the CSRF token switched
self.assertNotEqual(token1, token2)
def login(request):
message = None
if request.POST:
login_view(request)
if request.user.is_authenticated():
# logout all other sessions for this user to limit multiples devices using the same user
if settings.LINKAGE_ENTERPRISE:
from importlib import import_module
import datetime
from django.contrib.sessions.models import Session
from django.http import HttpRequest
now = datetime.datetime.now()
sessions = Session.objects.filter(expire_date__gt=now)
for session in sessions:
username = session.get_decoded().get('_auth_user_id')
if str(
request.user.id
) == username and session.session_key != request.session.session_key:
engine = import_module(settings.SESSION_ENGINE)
request2 = HttpRequest()
request2.session = engine.SessionStore(
session.session_key)
auth_logout(request2)
print(
' Successfully logout other device for %r user.'
% username)
return redirect('/jobs/add/')
else:
message = "Please enter a correct username and password"
return HttpResponse(templates.login(request, message, SignupForm()))
def scripts_login(request, **kwargs):
host = request.META['HTTP_HOST'].split(':')[0]
# this part based on django.contrib.auth.views.login
redirect_to = request.POST.get(REDIRECT_FIELD_NAME,
request.GET.get(REDIRECT_FIELD_NAME, ''))
if not is_safe_url(url=redirect_to, host=request.get_host()):
redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
if host in ('localhost', '127.0.0.1'):
"""
On localhost we can't use certificates, so we'll show a login form
(username field only, no password). Any username is accepted, as long
as it either (a) exists already in User, or (b) matches an LDAP user.
This isn't secure (we can impersonate anyone!) but works great for
testing.
"""
assert settings.DEBUG
if request.method == "POST":
username = request.POST.get('username', '')
user = authenticate(username=username)
if user is not None and user.is_active:
# login succeeded!
login(request, user)
return HttpResponseRedirect(redirect_to)
# show the login page
return login_view(request, **kwargs)
elif request.META['SERVER_PORT'] != '444':
"""
We're (presumably) on a server that can accept certificates, so let's
switch to port 444 so the certificate is sent.
"""
redirect_to = "https://%s:444%s" % (host, request.META['PATH_INFO'], )
return HttpResponseRedirect(redirect_to)
else:
"""
Thanks to RemoteUserMiddleware magic, the certificate has already been
read, and a User objected (created on-the-spot, if necessary) is now
in request.user.
"""
if request.user.is_authenticated():
# middleware logged us in
return HttpResponseRedirect(redirect_to)
else:
# didn't work, show the login page again
return login_view(request, **kwargs)
def signup_email(request):
email_form = SignupEmailForm(request.POST)
if email_form.is_valid():
email = email_form.cleaned_data['email_address']
email = email.strip().lower()
user = None
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
user = None
new_user = True
if user:
# we had this guy before reset his password
send_email_auth_token(request, user, new_user=False)
logger.debug("User: %s getting new key." % user.username)
new_user = False
else:
user = User.objects.create_user(email, email, '')
logger.debug("User: %s created sending email." % user.username)
send_email_auth_token(request, user, new_user=True)
return render(request, 'signup/email_sent.html', dict(email=email, new_user=new_user))
else:
return login_view(request, template_name='signup/login_main.html',
extra_context=dict(email_form=email_form))
def login(request):
if request.user.is_authenticated():
return shortcuts.redirect(reverse('account-home'))
return login_view(request,
template_name='account/login.html',
authentication_form=LoginForm) # just show 'Email' as label for username
def signup_email(request):
"""
THis page is for signing in by email. THe user gives their email in a form via POST
and the system will respond by sending them a new token via email.
"""
email_form = SignupEmailForm(request.POST)
if email_form.is_valid():
email = email_form.cleaned_data['email_address']
email = email.strip().lower()
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
user = None
new_user = True
if user:
# we had this guy before reset his password
send_email_auth_token(request, user, new_user=False)
logger.debug("User: %s getting new key." % user.username)
new_user = False
else:
user = User.objects.create_user(email, email, '')
logger.debug("User: %s created sending email." % user.username)
send_email_auth_token(request, user, new_user=True)
return render(request, 'email_sent.html', dict(email=email, new_user=new_user))
else:
return login_view(request, template_name='login_main.html',
extra_context=dict(email_form=email_form))
def arrr_login(request):
if request.user.is_authenticated():
return redirect("/")
extra_context = {"saml2": hasattr(settings, "SAML_CONFIG")}
response = login_view(request, extra_context=extra_context)
return response
def login(request):
if request.user.is_authenticated():
return shortcuts.redirect(reverse('account-home'))
return login_view(request,
template_name='account/login.html',
authentication_form=LoginForm) # just show 'Email' as label for username
def user_login(request):
if request.user.is_authenticated():
return redirect('users:dashboard')
return login_view(
request,
authentication_form=UserLoginForm,
template_name='users/user_login.html'
)
def manual_login(request):
'''Redirect to root if logged in or present login screen'''
if request.user.is_authenticated():
return redirect('/')
return login_view(request,
template_name='login.html',
extra_context={'title': _('Log in')})
def post(self, request, *args, **kwargs):
# 「ログイン状態を記憶」しない場合は、セッションの有効期限をブラウザを閉じるまでに限定
if not request.POST.get("remember_me", False):
request.session.set_expiry(0)
return login_view(request,
template_name=self.template_name,
extra_context=self.extra_context)
def login_remember_me(request, *args, **kwargs):
if request.user.is_authenticated():
return HttpResponseRedirect(reverse('my_account'))
"""Custom login view that enables "remember me" functionality."""
if request.method == 'POST':
if not request.POST.get('remember_me', None):
request.session.set_expiry(0)
return login_view(request, *args, **kwargs)
def LoginForm(request):
if not request.user.is_authenticated():
return login_view(request, template_name='blog/login.html', extra_context =
{
'next': '/blog/'
}
)
else:
return HttpResponseRedirect( reverse('blog:index') )
def get(self, request):
user = request.user
if request.user.is_authenticated():
return render(request, 'app.html', {"user":user})
else:
tpl = "login.html"
return login_view(request, template_name=tpl)
def login(request):
context = getGlobalContext(request)
context['next'] = request.GET['next'] if 'next' in request.GET else None
context['next_title'] = request.GET[
'next_title'] if 'next_title' in request.GET else None
del (context['form'])
return login_view(request,
template_name='pages/login.html',
extra_context=context)
def signup_login(request):
"""
This is the GET method for loading the Signup form
"""
if request.user.is_authenticated():
return redirect(settings.LOGIN_REDIRECT_URL)
email_form = SignupEmailForm()
return login_view(request, template_name='login_main.html',
extra_context=dict(email_form=email_form))
def custom_login(request, **kwargs):
# Current Django 1.5 login view does not redirect somewhere if the user is logged in
if request.user.is_authenticated():
return redirect(request.GET.get('next', request.user.get_absolute_url()))
if request.is_limited and request.method == "POST":
return redirect(request.get_full_path())
return login_view(request, authentication_form=LoginForm, **kwargs)
def custom_login(request, **kwargs):
# Current Django 1.5 login view does not redirect somewhere if the user is logged in
if request.user.is_authenticated():
return redirect(request.GET.get('next', request.user.get_absolute_url()))
if request.is_limited and request.method == "POST":
return redirect(request.get_full_path())
return login_view(request, authentication_form=LoginForm, **kwargs)
def login(request):
kwargs = {
'template_name': 'account/login.html',
'authentication_form': LoginForm
}
return login_view(request,
extra_context={
'site_name': settings.SITE_NAME,
'title': 'Autenticación'
},
**kwargs)
def post(self, request):
username = request.POST['username']
password = request.POST['password']
try:
user = authenticate(username=username, password=password)
except:
user = None
if user is not None:
if user.is_active:
login_view(request, user)
return redirect('/')
else:
tpl = "login.html"
return login_view(request, template_name=tpl)
def signup(request, *args, **kwargs):
if request.method == 'POST':
form = SignupForm(request.POST)
username = request.POST['username']
password = request.POST['password']
if form.is_valid():
user = form.save()
if user.is_active:
user = authenticate(username=username, password=password)
login(request, user)
return HttpResponseRedirect(reverse('mainpage'))
else:
return login_view(request, kwargs)
else:
form = SignupForm()
return render(request, 'signup.html', {'form' : form })
def login(request, *args, **kwargs):
partner = request.partner
if partner and partner.sso_url:
token = request.GET.get('token')
if token:
user = authenticate(partner=partner, token=token)
if user:
auth_login(request, user)
# TODO: what if login failed
redirect = request.REQUEST.get(REDIRECT_FIELD_NAME, '')
else:
redirect = '%s?%s' % (partner.sso_url, urllib.urlencode({
'redirect': request.build_absolute_uri(),
'action': 'login',
}))
return HttpResponseRedirect(redirect)
#return render_to_response('auth/login.html', {'redirect': redirect})
return login_view(request, *args, **kwargs)
def login(request, *args, **kwargs):
partner = request.partner
if partner and partner.sso_url:
token = request.GET.get('token')
if token:
user = authenticate(partner=partner, token=token)
if user:
auth_login(request, user)
# TODO: what if login failed
redirect = request.REQUEST.get(REDIRECT_FIELD_NAME, '')
else:
redirect = '%s?%s' % (
partner.sso_url,
urllib.urlencode({
'redirect': request.build_absolute_uri(),
'action': 'login',
}))
return HttpResponseRedirect(redirect)
#return render_to_response('auth/login.html', {'redirect': redirect})
return login_view(request, *args, **kwargs)
def login(request, *args, **kwargs):
if request.is_ajax():
template_name = 'accounts/login_form.html'
else:
template_name = 'accounts/login_page.html'
form = AuthenticationForm(data=request.POST)
response = login_view(request,
template_name=template_name,
*args,
**kwargs)
response.delete_cookie('phpbb3_k23kc_u')
response.delete_cookie('phpbb3_k23kc_k')
response.delete_cookie('phpbb3_k23kc_sid')
if request.method == 'POST':
if 'remember' not in request.POST:
request.session.set_expiry(0)
else:
request.session.set_expiry(None)
if form.is_valid():
return HttpResponse('Success auth')
return response
def home(request):
if request.method == 'POST':
form = AuthenticationRegisterForm(request.POST)
if form.is_valid():
register = form.data.get('register', None)
login = form.data.get('login', None)
if register:
return HttpResponseRedirect(reverse('registration_register'))
if login:
return login_view(request)
else:
form = AuthenticationRegisterForm()
return render_to_response(
'home.html',
{
'form': form,
'action': reverse('home')
},
context_instance=RequestContext(request)
)
def user_login(request):
"""Handles user login"""
assert isinstance(request, HttpRequest)
form = BootstrapAuthenticationForm()
signup_form = RegistrationForm()
if (request.method == 'POST'):
return login_view(request,
'app/login.html',
authentication_form=BootstrapAuthenticationForm,
extra_context={
'signin_title': 'Login',
'signup_title': 'Sign Up',
'signup_form': RegistrationForm
})
else:
return render(
request, 'app/login.html', {
'signin_title': 'Login',
'signup_title': 'Sign Up',
'form': BootstrapAuthenticationForm,
'signup_form': RegistrationForm
})
def login(request):
from django.contrib.auth.views import login as login_view
from django.contrib.admin.forms import AdminAuthenticationForm
if request.user.is_authenticated():
return HttpResponseRedirect('/')
redirect_to = request.META.get("HTTP_REFERER", '/')
if redirect_to:
netloc = urlparse.urlparse(redirect_to)[1]
# Security check -- don't allow redirection to a different host.
if (netloc and netloc != request.get_host()):
redirect_to = '/'
context = {
'title': _('Log in'),
'app_path': request.get_full_path(),
REDIRECT_FIELD_NAME: redirect_to,
}
defaults = {
'extra_context': context,
'authentication_form': AdminAuthenticationForm,
'template_name': 'login.html',
}
return login_view(request, **defaults)
def registration(request):
"""User registration"""
if request.method == 'POST':
form = UserRegistrationForm(request.POST)
if form.is_valid():
username = form.cleaned_data['username']
first_name = form.cleaned_data['first_name']
last_name = form.cleaned_data['last_name']
email = form.cleaned_data['email']
password = form.cleaned_data['password']
user = User.objects.create_user(username, email, password)
user.first_name = first_name
user.last_name = last_name
user.save()
user = authenticate(username=username, password=password)
if user is not None:
auth_login(request, user)
return redirect('main.views.home')
else:
form = UserRegistrationForm()
return login_view(request, 'login.html', extra_context={'registration_form': form})
def collect_login(request, *args, **kwargs):
return login_view(request, *args, **kwargs)
def qa_login(request, **kwargs):
if request.user.is_authenticated():
return HttpResponseRedirect(reverse('mainpage'))
else:
return login_view(request, **kwargs)
def login_with_timezone(request):
response = login_view(request)
if request.user.is_authenticated():
request.user.activate_timezone()
return response
def login_shim(request, **kwargs):
insert_client(request)
return login_view(request, **kwargs)
def signup_login(request):
if request.user.is_authenticated():
return redirect(settings.LOGIN_REDIRECT_URL)
email_form = SignupEmailForm
return login_view(request, template_name='signup/login_main.html',
extra_context=dict(email_form=email_form))
def login_shim(request, **kwargs):
insert_client(request)
return login_view(request, **kwargs)
def custom_login(request):
if request.user.is_authenticated():
return redirect('mysite.bgame.views.index')
else:
return login_view(request, template_name='login.html')
def login(request):
return login_view(request, template_name='profiles/login.html', authentication_form=LoginForm)
def deevo_login(request):
if request.user.is_authenticated():
return redirect('/')
else:
return login_view(request)
def login(request):
return login_view(request,
'user_login.html',
authentication_form=LoginForm)
def collect_login(request, *args, **kwargs):
return login_view(request, *args, **kwargs)
def custom_login(request):
if request.user.is_authenticated():
return HttpResponseRedirect('/sendlove/')
else:
return login_view(request)
def auth_login(request):
if request.user.is_authenticated():
redirect_url = request.GET.get('next') or LOGIN_REDIRECT_URL
return redirect(redirect_url)
else:
return login_view(request)
def log_in(request):
"""Log in page"""
return login_view(request)
def custom_login(request, **kwargs):
if request.user.is_authenticated():
return redirect('where', permanent=True)
return login_view(request, **kwargs)
def auth_login(request):
if not request.user.is_authenticated():
return login_view(request, template_name='profile/login.jinja.html')
else:
return redirect('index')
def login(request):
is_authenticated = request.user.is_authenticated()
if is_authenticated:
return HttpResponseRedirect('/chat_home/')
else:
return login_view(request, 'home.html', authentication_form=LoginForm)
def login(request):
return login_view(
request, template_name='accounts/login.html',
authentication_form=AuthenticationForm)
def get(self, request, *args, **kwargs):
return login_view(request,
template_name=self.template_name,
extra_context=self.extra_context)
def login(request):
return login_view(request, 'lame/login.html')
def client_login(request):
return login_view(request,
template_name='clientapp/login.html',
authentication_form=LoginForm,
extra_context={'next': '/clientapp/'})
def custom_login(request, **kwargs):
if request.user.is_authenticated():
return HttpResponseRedirect(reverse('accounts:profile'))
else:
return login_view(request, **kwargs)
