def test_login_csrf_rotate(self, password='******'): """ Makes sure that a login rotates the currently-used CSRF token. """ # Do a GET to establish a CSRF token # TestClient isn't used here as we're testing middleware, essentially. req = HttpRequest() CsrfViewMiddleware().process_view(req, login_view, (), {}) # get_token() triggers CSRF token inclusion in the response get_token(req) resp = login_view(req) resp2 = CsrfViewMiddleware().process_response(req, resp) csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, None) token1 = csrf_cookie.coded_value # Prepare the POST request req = HttpRequest() req.COOKIES[settings.CSRF_COOKIE_NAME] = token1 req.method = "POST" req.POST = {'username': '******', 'password': password, 'csrfmiddlewaretoken': token1} # Use POST request to log in SessionMiddleware().process_request(req) CsrfViewMiddleware().process_view(req, login_view, (), {}) req.META["SERVER_NAME"] = "testserver" # Required to have redirect work in login view req.META["SERVER_PORT"] = 80 resp = login_view(req) resp2 = CsrfViewMiddleware().process_response(req, resp) csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, None) token2 = csrf_cookie.coded_value # Check the CSRF token switched self.assertNotEqual(token1, token2)
def register(request, registration_form=RegistrationForm): if request.user.is_authenticated(): return redirect(request.GET.get('next', reverse('spirit:user:update'))) if request.method == 'POST': form = registration_form(data=request.POST) if not request.is_limited and form.is_valid(): user = form.save() user.is_active = True user.save() # send_activation_email(request, user) # messages.info( # request, # _("We have sent you an email to %(email)s " # "so you can activate your account!") # % {'email': form.get_email()} # ) # TODO: email-less activation if not settings.REGISTER_EMAIL_ACTIVATION_REQUIRED: login_view(request, user) return redirect(request.GET.get('next', reverse('spirit:user:update'))) return redirect(reverse('spirit:user:auth:login')) else: form = registration_form() context = {'form': form, } return render(request, 'spirit/user/auth/register.html', context)
def test_login_csrf_rotate(self, password='******'): """ Makes sure that a login rotates the currently-used CSRF token. """ # Do a GET to establish a CSRF token # TestClient isn't used here as we're testing middleware, essentially. req = HttpRequest() CsrfViewMiddleware().process_view(req, login_view, (), {}) req.META["CSRF_COOKIE_USED"] = True resp = login_view(req) resp2 = CsrfViewMiddleware().process_response(req, resp) csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, None) token1 = csrf_cookie.coded_value # Prepare the POST request req = HttpRequest() req.COOKIES[settings.CSRF_COOKIE_NAME] = token1 req.method = "POST" req.POST = {'username': '******', 'password': password, 'csrfmiddlewaretoken': token1} # Use POST request to log in SessionMiddleware().process_request(req) CsrfViewMiddleware().process_view(req, login_view, (), {}) req.META["SERVER_NAME"] = "testserver" # Required to have redirect work in login view req.META["SERVER_PORT"] = 80 resp = login_view(req) resp2 = CsrfViewMiddleware().process_response(req, resp) csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, None) token2 = csrf_cookie.coded_value # Check the CSRF token switched self.assertNotEqual(token1, token2)
def login(request): message = None if request.POST: login_view(request) if request.user.is_authenticated(): # logout all other sessions for this user to limit multiples devices using the same user if settings.LINKAGE_ENTERPRISE: from importlib import import_module import datetime from django.contrib.sessions.models import Session from django.http import HttpRequest now = datetime.datetime.now() sessions = Session.objects.filter(expire_date__gt=now) for session in sessions: username = session.get_decoded().get('_auth_user_id') if str( request.user.id ) == username and session.session_key != request.session.session_key: engine = import_module(settings.SESSION_ENGINE) request2 = HttpRequest() request2.session = engine.SessionStore( session.session_key) auth_logout(request2) print( ' Successfully logout other device for %r user.' % username) return redirect('/jobs/add/') else: message = "Please enter a correct username and password" return HttpResponse(templates.login(request, message, SignupForm()))
def scripts_login(request, **kwargs): host = request.META['HTTP_HOST'].split(':')[0] # this part based on django.contrib.auth.views.login redirect_to = request.POST.get(REDIRECT_FIELD_NAME, request.GET.get(REDIRECT_FIELD_NAME, '')) if not is_safe_url(url=redirect_to, host=request.get_host()): redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL) if host in ('localhost', '127.0.0.1'): """ On localhost we can't use certificates, so we'll show a login form (username field only, no password). Any username is accepted, as long as it either (a) exists already in User, or (b) matches an LDAP user. This isn't secure (we can impersonate anyone!) but works great for testing. """ assert settings.DEBUG if request.method == "POST": username = request.POST.get('username', '') user = authenticate(username=username) if user is not None and user.is_active: # login succeeded! login(request, user) return HttpResponseRedirect(redirect_to) # show the login page return login_view(request, **kwargs) elif request.META['SERVER_PORT'] != '444': """ We're (presumably) on a server that can accept certificates, so let's switch to port 444 so the certificate is sent. """ redirect_to = "https://%s:444%s" % (host, request.META['PATH_INFO'], ) return HttpResponseRedirect(redirect_to) else: """ Thanks to RemoteUserMiddleware magic, the certificate has already been read, and a User objected (created on-the-spot, if necessary) is now in request.user. """ if request.user.is_authenticated(): # middleware logged us in return HttpResponseRedirect(redirect_to) else: # didn't work, show the login page again return login_view(request, **kwargs)
def signup_email(request): email_form = SignupEmailForm(request.POST) if email_form.is_valid(): email = email_form.cleaned_data['email_address'] email = email.strip().lower() user = None try: user = User.objects.get(email=email) except User.DoesNotExist: user = None new_user = True if user: # we had this guy before reset his password send_email_auth_token(request, user, new_user=False) logger.debug("User: %s getting new key." % user.username) new_user = False else: user = User.objects.create_user(email, email, '') logger.debug("User: %s created sending email." % user.username) send_email_auth_token(request, user, new_user=True) return render(request, 'signup/email_sent.html', dict(email=email, new_user=new_user)) else: return login_view(request, template_name='signup/login_main.html', extra_context=dict(email_form=email_form))
def login(request): if request.user.is_authenticated(): return shortcuts.redirect(reverse('account-home')) return login_view(request, template_name='account/login.html', authentication_form=LoginForm) # just show 'Email' as label for username
def signup_email(request): """ THis page is for signing in by email. THe user gives their email in a form via POST and the system will respond by sending them a new token via email. """ email_form = SignupEmailForm(request.POST) if email_form.is_valid(): email = email_form.cleaned_data['email_address'] email = email.strip().lower() try: user = User.objects.get(email=email) except User.DoesNotExist: user = None new_user = True if user: # we had this guy before reset his password send_email_auth_token(request, user, new_user=False) logger.debug("User: %s getting new key." % user.username) new_user = False else: user = User.objects.create_user(email, email, '') logger.debug("User: %s created sending email." % user.username) send_email_auth_token(request, user, new_user=True) return render(request, 'email_sent.html', dict(email=email, new_user=new_user)) else: return login_view(request, template_name='login_main.html', extra_context=dict(email_form=email_form))
def arrr_login(request): if request.user.is_authenticated(): return redirect("/") extra_context = {"saml2": hasattr(settings, "SAML_CONFIG")} response = login_view(request, extra_context=extra_context) return response
def user_login(request): if request.user.is_authenticated(): return redirect('users:dashboard') return login_view( request, authentication_form=UserLoginForm, template_name='users/user_login.html' )
def manual_login(request): '''Redirect to root if logged in or present login screen''' if request.user.is_authenticated(): return redirect('/') return login_view(request, template_name='login.html', extra_context={'title': _('Log in')})
def post(self, request, *args, **kwargs): # 「ログイン状態を記憶」しない場合は、セッションの有効期限をブラウザを閉じるまでに限定 if not request.POST.get("remember_me", False): request.session.set_expiry(0) return login_view(request, template_name=self.template_name, extra_context=self.extra_context)
def login_remember_me(request, *args, **kwargs): if request.user.is_authenticated(): return HttpResponseRedirect(reverse('my_account')) """Custom login view that enables "remember me" functionality.""" if request.method == 'POST': if not request.POST.get('remember_me', None): request.session.set_expiry(0) return login_view(request, *args, **kwargs)
def LoginForm(request): if not request.user.is_authenticated(): return login_view(request, template_name='blog/login.html', extra_context = { 'next': '/blog/' } ) else: return HttpResponseRedirect( reverse('blog:index') )
def get(self, request): user = request.user if request.user.is_authenticated(): return render(request, 'app.html', {"user":user}) else: tpl = "login.html" return login_view(request, template_name=tpl)
def login(request): context = getGlobalContext(request) context['next'] = request.GET['next'] if 'next' in request.GET else None context['next_title'] = request.GET[ 'next_title'] if 'next_title' in request.GET else None del (context['form']) return login_view(request, template_name='pages/login.html', extra_context=context)
def signup_login(request): """ This is the GET method for loading the Signup form """ if request.user.is_authenticated(): return redirect(settings.LOGIN_REDIRECT_URL) email_form = SignupEmailForm() return login_view(request, template_name='login_main.html', extra_context=dict(email_form=email_form))
def custom_login(request, **kwargs): # Current Django 1.5 login view does not redirect somewhere if the user is logged in if request.user.is_authenticated(): return redirect(request.GET.get('next', request.user.get_absolute_url())) if request.is_limited and request.method == "POST": return redirect(request.get_full_path()) return login_view(request, authentication_form=LoginForm, **kwargs)
def login(request): kwargs = { 'template_name': 'account/login.html', 'authentication_form': LoginForm } return login_view(request, extra_context={ 'site_name': settings.SITE_NAME, 'title': 'Autenticación' }, **kwargs)
def post(self, request): username = request.POST['username'] password = request.POST['password'] try: user = authenticate(username=username, password=password) except: user = None if user is not None: if user.is_active: login_view(request, user) return redirect('/') else: tpl = "login.html" return login_view(request, template_name=tpl)
def signup(request, *args, **kwargs): if request.method == 'POST': form = SignupForm(request.POST) username = request.POST['username'] password = request.POST['password'] if form.is_valid(): user = form.save() if user.is_active: user = authenticate(username=username, password=password) login(request, user) return HttpResponseRedirect(reverse('mainpage')) else: return login_view(request, kwargs) else: form = SignupForm() return render(request, 'signup.html', {'form' : form })
def login(request, *args, **kwargs): partner = request.partner if partner and partner.sso_url: token = request.GET.get('token') if token: user = authenticate(partner=partner, token=token) if user: auth_login(request, user) # TODO: what if login failed redirect = request.REQUEST.get(REDIRECT_FIELD_NAME, '') else: redirect = '%s?%s' % (partner.sso_url, urllib.urlencode({ 'redirect': request.build_absolute_uri(), 'action': 'login', })) return HttpResponseRedirect(redirect) #return render_to_response('auth/login.html', {'redirect': redirect}) return login_view(request, *args, **kwargs)
def login(request, *args, **kwargs): partner = request.partner if partner and partner.sso_url: token = request.GET.get('token') if token: user = authenticate(partner=partner, token=token) if user: auth_login(request, user) # TODO: what if login failed redirect = request.REQUEST.get(REDIRECT_FIELD_NAME, '') else: redirect = '%s?%s' % ( partner.sso_url, urllib.urlencode({ 'redirect': request.build_absolute_uri(), 'action': 'login', })) return HttpResponseRedirect(redirect) #return render_to_response('auth/login.html', {'redirect': redirect}) return login_view(request, *args, **kwargs)
def login(request, *args, **kwargs): if request.is_ajax(): template_name = 'accounts/login_form.html' else: template_name = 'accounts/login_page.html' form = AuthenticationForm(data=request.POST) response = login_view(request, template_name=template_name, *args, **kwargs) response.delete_cookie('phpbb3_k23kc_u') response.delete_cookie('phpbb3_k23kc_k') response.delete_cookie('phpbb3_k23kc_sid') if request.method == 'POST': if 'remember' not in request.POST: request.session.set_expiry(0) else: request.session.set_expiry(None) if form.is_valid(): return HttpResponse('Success auth') return response
def home(request): if request.method == 'POST': form = AuthenticationRegisterForm(request.POST) if form.is_valid(): register = form.data.get('register', None) login = form.data.get('login', None) if register: return HttpResponseRedirect(reverse('registration_register')) if login: return login_view(request) else: form = AuthenticationRegisterForm() return render_to_response( 'home.html', { 'form': form, 'action': reverse('home') }, context_instance=RequestContext(request) )
def user_login(request): """Handles user login""" assert isinstance(request, HttpRequest) form = BootstrapAuthenticationForm() signup_form = RegistrationForm() if (request.method == 'POST'): return login_view(request, 'app/login.html', authentication_form=BootstrapAuthenticationForm, extra_context={ 'signin_title': 'Login', 'signup_title': 'Sign Up', 'signup_form': RegistrationForm }) else: return render( request, 'app/login.html', { 'signin_title': 'Login', 'signup_title': 'Sign Up', 'form': BootstrapAuthenticationForm, 'signup_form': RegistrationForm })
def login(request): from django.contrib.auth.views import login as login_view from django.contrib.admin.forms import AdminAuthenticationForm if request.user.is_authenticated(): return HttpResponseRedirect('/') redirect_to = request.META.get("HTTP_REFERER", '/') if redirect_to: netloc = urlparse.urlparse(redirect_to)[1] # Security check -- don't allow redirection to a different host. if (netloc and netloc != request.get_host()): redirect_to = '/' context = { 'title': _('Log in'), 'app_path': request.get_full_path(), REDIRECT_FIELD_NAME: redirect_to, } defaults = { 'extra_context': context, 'authentication_form': AdminAuthenticationForm, 'template_name': 'login.html', } return login_view(request, **defaults)
def registration(request): """User registration""" if request.method == 'POST': form = UserRegistrationForm(request.POST) if form.is_valid(): username = form.cleaned_data['username'] first_name = form.cleaned_data['first_name'] last_name = form.cleaned_data['last_name'] email = form.cleaned_data['email'] password = form.cleaned_data['password'] user = User.objects.create_user(username, email, password) user.first_name = first_name user.last_name = last_name user.save() user = authenticate(username=username, password=password) if user is not None: auth_login(request, user) return redirect('main.views.home') else: form = UserRegistrationForm() return login_view(request, 'login.html', extra_context={'registration_form': form})
def collect_login(request, *args, **kwargs): return login_view(request, *args, **kwargs)
def qa_login(request, **kwargs): if request.user.is_authenticated(): return HttpResponseRedirect(reverse('mainpage')) else: return login_view(request, **kwargs)
def login_with_timezone(request): response = login_view(request) if request.user.is_authenticated(): request.user.activate_timezone() return response
def login_shim(request, **kwargs): insert_client(request) return login_view(request, **kwargs)
def signup_login(request): if request.user.is_authenticated(): return redirect(settings.LOGIN_REDIRECT_URL) email_form = SignupEmailForm return login_view(request, template_name='signup/login_main.html', extra_context=dict(email_form=email_form))
def custom_login(request): if request.user.is_authenticated(): return redirect('mysite.bgame.views.index') else: return login_view(request, template_name='login.html')
def login(request): return login_view(request, template_name='profiles/login.html', authentication_form=LoginForm)
def deevo_login(request): if request.user.is_authenticated(): return redirect('/') else: return login_view(request)
def login(request): return login_view(request, 'user_login.html', authentication_form=LoginForm)
def custom_login(request): if request.user.is_authenticated(): return HttpResponseRedirect('/sendlove/') else: return login_view(request)
def auth_login(request): if request.user.is_authenticated(): redirect_url = request.GET.get('next') or LOGIN_REDIRECT_URL return redirect(redirect_url) else: return login_view(request)
def log_in(request): """Log in page""" return login_view(request)
def custom_login(request, **kwargs): if request.user.is_authenticated(): return redirect('where', permanent=True) return login_view(request, **kwargs)
def auth_login(request): if not request.user.is_authenticated(): return login_view(request, template_name='profile/login.jinja.html') else: return redirect('index')
def login(request): is_authenticated = request.user.is_authenticated() if is_authenticated: return HttpResponseRedirect('/chat_home/') else: return login_view(request, 'home.html', authentication_form=LoginForm)
def login(request): return login_view( request, template_name='accounts/login.html', authentication_form=AuthenticationForm)
def get(self, request, *args, **kwargs): return login_view(request, template_name=self.template_name, extra_context=self.extra_context)
def login(request): return login_view(request, 'lame/login.html')
def client_login(request): return login_view(request, template_name='clientapp/login.html', authentication_form=LoginForm, extra_context={'next': '/clientapp/'})
def custom_login(request, **kwargs): if request.user.is_authenticated(): return HttpResponseRedirect(reverse('accounts:profile')) else: return login_view(request, **kwargs)