def post(self, request):
error_msg = ''
if 'login' not in request.POST:
return HttpResponseForbidden()
email = request.POST.get('email', '').strip().lower()
password = request.POST.get('password', '').strip()
if not len(email) or not len(password):
error_msg = 'Заполните email и пароль'
elif not validateEmail(email):
error_msg = 'Неверный email адрес'
else:
auth_user = auth_authenticate(username=email, password=password)
if auth_user:
try:
login(request, auth_user)
next_url = request.GET[
'next'] if 'next' in request.GET else request.POST[
'next'] if 'next' in request.POST else '/'
if next_url:
return HttpResponseRedirect(next_url)
except Exception:
pass
error_msg = "Неизвестная ошибка. Попробуйте позже."
else:
error_msg = "Неправильная пара email-пароль. Попробуйте еще раз."
return render_to_response('alogin.html',
{'login_error_message': error_msg},
context_instance=RequestContext(request))
def register(request):
if request.method == 'POST':
form = SignUpForm(request.POST)
if form.is_valid():
user = form.save()
user.refresh_from_db(
) # load the profile instance created by the signal
user.extendeduser.postal_code = form.cleaned_data.get(
'postal_code')
user.extendeduser.phone_number = form.cleaned_data.get(
'phone_number')
user.extendeduser.nickname = form.cleaned_data.get('username')
user.save()
raw_password = form.cleaned_data.get('password1')
user = auth_authenticate(username=user.username,
password=raw_password)
auth_login(request, user)
return redirect('index')
else:
form = SignUpForm()
feedback = FeedbackSupportForm()
return render(request, 'register.html', {
'form': form,
'feedback': feedback,
})
def login(request):
message = None
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
try:
check_user = User.objects.get(username=username)
if check_user:
user = auth_authenticate(username=username, password=password)
if user:
if user.is_active:
auth_login(request, user)
return HttpResponseRedirect('/index/')
else:
message = "User name or password is incorrect"
except User.DoesNotExist:
user_form = UserForm(data=request.POST)
if user_form.is_valid():
user = user_form.save()
user.set_password(user.password)
user.save()
return HttpResponseRedirect('/index/')
else:
message = user_form.errors
context_dict = {'message': message}
return render(request, 'login.html', context_dict)
def post(self, request):
error_msg = ''
if 'login' not in request.POST:
return HttpResponseForbidden()
email = request.POST.get('email', '').strip().lower()
password = request.POST.get('password', '').strip()
if not len(email) or not len(password):
error_msg = 'Заполните email и пароль'
elif not validateEmail(email):
error_msg = 'Неверный email адрес'
else:
auth_user = auth_authenticate(username=email, password=password)
if auth_user:
try:
login(request, auth_user)
next_url = request.GET['next'] if 'next' in request.GET else request.POST['next'] if 'next' in request.POST else '/'
if next_url:
return HttpResponseRedirect(next_url)
except Exception:
pass
error_msg = "Неизвестная ошибка. Попробуйте позже."
else:
error_msg = "Неправильная пара email-пароль. Попробуйте еще раз."
return render_to_response('alogin.html',
{'login_error_message' : error_msg},
context_instance=RequestContext(request))
def login_local(request):
user = AuthService.get_current_user(request)
login_local_form = LoginLocalInfo()
context = {'user': user, 'login_local_form': login_local_form}
# POST /Link/LoginLocal
if request.method == 'POST':
login_local_form = LoginLocalInfo(request.POST)
if login_local_form.is_valid():
data = login_local_form.clean()
email = data['Email']
password = data['Password']
local_user = auth_authenticate(username=email, password=password)
if local_user:
link_service.link(local_user, user.o365_user)
auth_login(request, local_user)
request.session[
'Message'] = 'Your local account has been successfully linked to your Office 365 account.'
return HttpResponseRedirect('/')
else:
context['errors'] = ['Invalid login attempt.']
return render(request, 'link/loginlocal.html', context)
# GET /Link/LoginLocal
else:
local_user = user_service.get_user_by_email(user.o365_email)
if local_user:
link_service.link(local_user, user.o365_user)
local_user = user_service.get_user(
local_user.id) # reload local user
auth_login(request, local_user)
request.session[
'Message'] = 'Your local account has been successfully linked to your Office 365 account.'
return HttpResponseRedirect('/')
else:
return render(request, 'link/loginlocal.html', context)
def post(self, request):
old_password = request.POST.get('old', '')
new_password = request.POST.get('new', '')
new_repeat_password = request.POST.get('new2', '')
old_pwd_error = get_password_error(old_password)
if old_pwd_error:
return HttpResponse(simplejson.dumps({'error' : True, 'loc' : 'old', 'msg' : old_pwd_error}), mimetype='application/javascript')
auth_user = auth_authenticate(username=self.request.user.email, password=old_password)
if not auth_user:
return HttpResponse(simplejson.dumps({'error' : True, 'loc' : 'old', 'msg' : u"Введен неправильный старый пароль"}), mimetype='application/javascript')
new_pwd_error = get_password_error(new_password)
if new_pwd_error:
return HttpResponse(simplejson.dumps({'error' : True, 'loc' : 'new', 'msg' : new_pwd_error}), mimetype='application/javascript')
if new_password != new_repeat_password:
return HttpResponse(simplejson.dumps({'error' : True, 'loc' : 'new2', 'msg' : u"Введенные пароли не совпадают"}), mimetype='application/javascript')
if new_password == old_password:
return HttpResponse(simplejson.dumps({'error' : True, 'loc' : 'new', 'msg' : u"Старый и новый пароли одинаковые"}), mimetype='application/javascript')
self.request.user.set_password(new_password)
self.request.user.save()
return HttpResponse(simplejson.dumps({}), mimetype='application/javascript')
def login(request):
next = request.GET.get('next')
if request.method == 'POST':
for item in request.session.items():
print(item)
try:
username = request.POST['username']
password = request.POST['password']
except KeyError:
return HttpResponse('username 또는 password는 필수항목입니다')
user = auth_authenticate(
username=username,
password=password
)
if user is not None:
auth_login(request, user)
# 이때 session-id생성
# 이름과 달리 실제로 인증 과정 마무리 단계 담당
# 이 함수를 통해 session 정보를 만들지않으면 다른 페이지 방문할때마다 매번로그인해야한다.
messages.success(request, '로그인에 성공하였습니다')
return redirect(next)
else:
messages.error(request, '로그인에 실패하였습니다')
# context = {
# 'error_message': '로그인에 실패하였습니다'
# }
return render(request, 'member/login.html', {})
else:
return render(request, 'member/login.html', {})
def login(request):
# get으로받은 이전경로 next에 저장
next = request.GET.get('next')
if request.method == "POST":
try:
username = request.POST['username']
password = request.POST['password']
# 데이터베이스와 계정일치여부 확인
# print(1)
user = auth_authenticate(username=username, password=password)
# print (user)
except KeyError:
return HttpResponse('username과 password는 필수입니다')
if user is not None:
# print(2)
# user 정보로 로그인처리
auth_login(request, user)
# message.level == DEFAULT_MESSAGE_LEVELS.SUCCESS
messages.success(request, "로그인 성공")
# 로그인 이전 화면으로 리다이렉트
return redirect(next)
else:
# message.level == DEFAULT_MESSAGE_LEVELS.ERROR
messages.error(request, "로그인 실패")
return render(request, 'member/login.html', {})
else:
# print(3)
return render(request, 'member/login.html')
def test_set_new_password_post(self):
self.register()
user = User.collection.find_one(
{'email': '*****@*****.**'})
link = PasswordRecoveryLink({'user': user['_id']})
link.save()
response = self.client.post('/new-password/' + unicode(link._id) + '/',
{
'new_password': '******',
'new_password_repeat': 'new_password'
})
self.assertEqual(response.status_code, 200)
self.assertIn('password_set', response.context)
self.assertTrue(response.context['password_set'])
link = PasswordRecoveryLink.objects.get_one({'user': user['_id']})
self.assertIsNone(link)
auth_user = auth_authenticate(
username='******',
password='******')
self.assertIsNotNone(auth_user)
response = self.client.get('/')
self.assertEqual(response.status_code, 302)
def login(request):
next = request.GET.get(
'next') #[]는 keyerror가 나오지만 get은 없을 경우에 None이 들어가게 된다.
if request.method == 'POST':
try:
username = request.POST['username']
password = request.POST['password']
except KeyError:
return HttpResponse("username 또는 password는 필수 입니다.")
user = auth_authenticate( # 인증 부분만 담당한다.
username=username, password=password)
if user is not None:
auth_login(
request, user
) # session에 id값을 등록한다. cookey에 id값을 실어서 보내주는것은 middleware가 담당한다.
messages.success(
request,
'로그인에 성공하였습니다') # login에서 render로 보내주면 새로고침 해주면 로그인을 다시해야한다?
return redirect(
next
) # redirect는 browser밖으로 나갔다가 다시 들어오는것이고 render는 장고내부에서 이동한다.
else:
messages.error(request, '로그인에 실패하였습니다')
return render(request, 'member/login.html', {})
else:
return render(request, 'member/login.html', {})
def login(request):
if request.method == 'GET':
next_url = request.GET.get('next', '/home')
c = {'next': next_url}
c.update(csrf(request))
return render_to_response('djsite/login.html', c)
else: # POST
username = request.POST.get('username', '')
password = request.POST.get('password', '')
next_url = request.POST.get('next', '/home')
user = auth_authenticate(username = username, password = password)
# if user and user.is_active:
if user and user.is_active:
auth_login(request, user)
return redirect(next_url)
elif user and not user.is_active:
ctx = {}
ctx['username'] = username
ctx['email'] = user.email
ctx['cookie'] = verification_cookie_of_user(user)
return HttpResponse('<a href="/active?username=%s&email=%s&cookie=%s">Active link</a>' % (
username, email, cookie))
else:
c = {'next': next_url, 'auth_fail' : True,
'username': username, 'password': password}
c.update(csrf(request))
return render_to_response('djsite/login.html', c)
def login(request):
if request.method == 'GET':
next_url = request.GET.get('next', '/home')
c = {'next': next_url}
c.update(csrf(request))
return render_to_response('django_site/login.html', c)
else: # POST
username = request.POST.get('username', '')
password = request.POST.get('password', '')
next_url = request.POST.get('next', '/home')
user = auth_authenticate(username=username, password=password)
# if user and user.is_active:
if user and user.is_active:
auth_login(request, user)
return redirect(next_url)
elif user and not user.is_active:
ctx = {}
ctx['username'] = username
ctx['email'] = user.email
ctx['cookie'] = verification_cookie_of_user(user)
return HttpResponse(
'<a href="/active?username=%s&email=%s&cookie=%s">Active link</a>'
% (username, email, cookie))
else:
c = {
'next': next_url,
'auth_fail': True,
'username': username,
'password': password
}
c.update(csrf(request))
return render_to_response('django_site/login.html', c)
def login_facebook(request):
if request.GET.get('error'):
messages.error(request, '사용자가 페이스북 로그인을 취소했습니다')
return redirect('member:login')
if request.GET.get('code'):
# 사용자가 페이스북로그인 버튼을 눌러 페이스북에서 로그인에 성공했을 경우,
# 페이스북에서 mysite로 access_token을 요청할 수 있는 'code'값을 보내준다
REDIRECT_URL = 'http://127.0.0.1:8000/member/login/facebook/'
code = request.GET.get('code')
access_token = facebook.get_access_token(code, REDIRECT_URL)
user_id = facebook.get_user_id_from_token(access_token)
user_info = facebook.get_user_info(user_id, access_token)
# authenticate backends에 FacebookBackend추가해서 dict_user_info객체로 로그인 가능
user = auth_authenticate(user_info=user_info)
if user is not None:
auth_login(request, user)
messages.success(request, '페이스북 유저로 로그인 되었습니다')
return redirect('blog:post_list')
else:
messages.error(request, '페이스북 로그인에 실패하였습니다')
return redirect('member:login')
def login(request):
loginForm = LoginForm()
error = u''; title = u'登录'
if request.method == 'POST':
loginForm = LoginForm(request.POST)
if loginForm.is_valid():
email = loginForm.cleaned_data['email']
password = loginForm.cleaned_data['password']
rememberme = loginForm.cleaned_data['rememberme']
if rememberme:
request.session.set_expiry(2592000)
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
user = None
if user is not None and user.check_password(password):
user = auth_authenticate(username=user.username, password=password)
if user is not None and user.is_active:
auth_login(request, user)
url_next = '/dashboard/'
if request.GET.get('next') is not None:
url_next = request.GET.get('next')
return HttpResponseRedirect(url_next)
if user is None:
error = u'%s 还没有注册' % email
else:
error = u'密码不正确'
else:
error = u'请检查邮箱密码,验证码是否正确,注意大小写和前后空格。'
response_dictionary = {'error': error, 'title': title, 'loginForm': loginForm}
return render_to_response('user/login.html',
response_dictionary,
context_instance=RequestContext(request))
def post(self, request, *args, **kwargs):
from django.contrib.auth import authenticate as auth_authenticate, login
# self.redirect_to = request.POST.get('next', '') #to be changed, POST does not contain any data
username = request.data.get('username', '')
password = request.data.get('password', '')
email_or_username = username
# match with username if not email
if not re.match(r"[^@]+@[^@]+\.[^@]+", email_or_username):
username = email_or_username
else:
user = get_model_or_none(User, email=email_or_username)
if user is not None:
username = user.username
user = auth_authenticate(username=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
response_data = dict()
response_data["username"] = user.username
response_data["email"] = user.email
response_data["first_name"] = user.first_name
response_data["last_name"] = user.last_name
response_data["date_joined"] = user.date_joined
response_data["last_login"] = user.last_login
response_data["is_requester"] = hasattr(request.user.userprofile, 'requester')
response_data["is_worker"] = hasattr(request.user.userprofile, 'worker')
return Response(response_data, status.HTTP_200_OK)
else:
raise AuthenticationFailed(_('Account is not activated yet.'))
else:
raise AuthenticationFailed(_('Username or password is incorrect.'))
def login_facebook(request):
if request.GET.get('error'):
messages.error(request, '페이스북 로그인을 취소했습니다')
return redirect('member:login')
if request.GET.get('code'):
code = request.GET.get('code')
REDIRECT_URL = 'http://127.0.0.1:8000/member/login/facebook/'
# 모듈화 작업함함
access_token = facebook.get_access_token(code, REDIRECT_URL)
user_id = facebook.get_user_id_from_token(access_token)
dict_user_info = facebook.get_user_info(user_id, access_token)
# 유저를 인증하고 로그인시키자
user = auth_authenticate(user_info=dict_user_info)
if user is not None:
auth_login(request, user)
messages.success(request, '페이스북 로그인 성공')
return redirect('blog:post_list')
else:
messages.error(request, '페이스북 로그인 실패')
return redirect('member:login')
def login(request):
context = {}
if 'POST' == request.method:
username = request.POST['username']
password = request.POST['password']
user = auth_authenticate(username=username, password=password)
if user is not None:
if user.is_active:
auth_login(request, user)
next = request.POST['next'] or \
resolve_url(settings.LOGIN_REDIRECT_URL)
return HttpResponseRedirect(next)
else:
context['error_message'] = _('Disabled account')
else:
context['error_message'] = _('Invalid username or password')
context['username'] = username
else: # GET method
if request.user.is_authenticated():
return HttpResponseRedirect(resolve_url(settings.LOGIN_REDIRECT_URL))
else:
next = request.GET.get('next')
if next:
context['next'] = next
return render(request, 'accounts/login.html', context)
def login(request):
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
print(username)
print(password)
user = auth_authenticate(request, username=username, password=password)
users = User.objects.all()
if user is not None:
auth_login(request, user)
user = request.user.userprofile
owner = True
searched_user_profile = 0
return redirect ('/carte/' + 'account/'+ request.user.username)
#userpage(request, request.POST.get('username'))
#return render(request, 'carte/userpage.html', {'user': user, 'owner': owner})
context = {'request': request,'loggedin_userprofile': user, 'owner': owner}
return JsonResponse (context)
else:
username = request.POST.get("usersearch")
searched_user = get_object_or_404(User, username=username)
owner = True
user = request.user.userprofile
#return render(request, 'carte/mylife.html', {'user': user, 'owner': owner, 'searched_user': searched_user})
context = {'request': request,'loggedin_userprofile': user, 'owner': owner, 'searched_user': searched_user}
return JsonResponse(context)
else:
user_form = UserForm()
#return render(request, 'carte/login.html',
# {'user_form': user_form})
context = {'user_form': user_form }
return JsonResponse (context)
def login_facebook(request):
if request.GET.get('error'):
messages.error(request, '사용자가 페이스북 로그인을 취소했습니다')
return redirect('member:login')
if request.GET.get('code'):
# 사용자가 페이스북로그인 버튼을 눌러 페이스북에서 로그인에 성공했을 경우,
# 페이스북에서 mysite로 access_token을 요청할 수 있는 'code'값을 보내준다
REDIRECT_URL = 'http://127.0.0.1:8000/member/login/facebook/'
code = request.GET.get('code')
access_token = facebook.get_access_token(code, REDIRECT_URL)
user_id = facebook.get_user_id_from_token(access_token)
user_info = facebook.get_user_info(user_id, access_token)
# authenticate backends에 FacebookBackend추가해서 dict_user_info객체로 로그인 가능
user = auth_authenticate(user_info=user_info)
if user is not None:
auth_login(request, user)
messages.success(request, '페이스북 유저로 로그인 되었습니다')
return redirect('blog:post_list')
else:
messages.error(request, '페이스북 로그인에 실패하였습니다')
return redirect('member:login')
def register(request):
context = {}
if request.method == "POST":
form = UserCreationForm(request.POST)
if form.is_valid():
try:
form.save()
except Exception as e:
messages.error(request, '{}'.format(e))
else:
if email_verified:
email = request.POST['email']
password = request.POST['password1']
user = auth_authenticate(username=email, password=password)
auth_login(request, user)
return HttpResponseRedirect(reverse('home'))
else:
messages.success(
request, 'Account created! Verify Email ID by '
'clicking the link in the email sent to your inbox')
return HttpResponseRedirect(settings.LOGIN_URL)
else:
form = UserCreationForm()
return render(request, 'register.html', {
'form': form,
})
def register(request):
if request.method == 'POST':
if 'username' in request.POST:
uform = UserForm(data=request.POST)
if uform.is_valid():
user = uform.save ()
# form brings back a plain text string, not an encrypted password
pw = user.password
# thus we need to use set password to encrypt the password string
user.set_password (pw)
user.save()
#login
username = request.POST.get ('username')
password = request.POST.get ('password')
print (username)
print (password)
user = auth_authenticate(request, username=username, password=password)
auth_login (request, user)
pform = ProfileAccountTypeForm(data=request.POST)
if pform.is_valid():
profile = pform.save(commit=False)
profile.user = user
profile.save()
#forms staff
user_form = 0
profile_form = ProfilePictureForm()
if 'profile_pic' in request.FILES:
pform = ProfilePictureForm(data=request.POST, instance=request.user.userprofile, files=request.FILES)
if pform.is_valid ():
profile = pform.save()
profile.profile_pic = request.FILES['profile_pic']
profile.save()
# forms staff
user_form = 0
profile_form = ProfileLifeForm()
if 'life_desc' in request.POST:
pform = ProfileLifeForm(data=request.POST, instance=request.user.userprofile)
if pform.is_valid():
profile = pform.save()
profile.save()
#forms staff
user_form = 0
profile_form = ProfileWayForm()
if 'way_desc' in request.POST:
pform = ProfileWayForm(data=request.POST, instance=request.user.userprofile)
if pform.is_valid ():
profile = pform.save()
profile.save ()
return redirect('/carte/' + 'account/' + request.user.username )
else:
user_form= UserForm()
profile_form = ProfileAccountTypeForm()
context = {
"user_form": user_form,
"profile_form": profile_form
}
return JsonResponse(context)
def _signin(self, email, password):
"""Attempts to log the user in with the provided credentials"""
user = auth_authenticate(username=email, password=password)
if user:
auth_login(self.request, user)
return user
else:
raise forms.ValidationError(_("Incorrect email or password"))
def login(request):
if request.POST:
user = auth_authenticate(username=request.POST["user"],
password=request.POST["password"])
if user is not None:
auth_login(request, user)
return HttpResponseRedirect(reverse("app:index"))
else:
return render(request, "app/login.html")
def form_valid(self, form):
username = form.cleaned_data['username']
password = form.cleaned_data['password']
user = auth_authenticate(username=username, password=password)
if user is not None:
auth_login(self.request, user)
else:
return HttpResponse('로그인 실패 하였습니다.')
return super().form_valid(form)
def change_password(self):
from django.contrib.auth import authenticate as auth_authenticate
if 'password' not in self.initial_data:
raise ValidationError("Current password needs to be provided")
user = auth_authenticate(username=self.instance.username, password=self.initial_data['password'])
if user is not None:
self.instance.set_password(self.initial_data['password1'])
self.instance.save()
else:
raise ValidationError("Username or password is incorrect.")
def form_valid(self, form):
username = form.cleaned_data.get('username')
password = form.cleaned_data.get('password')
user = auth_authenticate(username=username, password=password)
if user is not None:
auth_login(self.request, user)
# return redirect('photo:photo_list')
else:
pass
return super().form_valid(form)
def change_password(self):
from django.contrib.auth import authenticate as auth_authenticate
if 'password' not in self.initial_data:
raise ValidationError("Current password needs to be provided")
user = auth_authenticate(username=self.instance.username, password=self.initial_data['password'])
if user is not None:
self.instance.set_password(self.initial_data['password1'])
self.instance.save()
else:
raise ValidationError("Old password is incorrect.")
def authenticate(request, service,
template_name='api/sso/base.xml'):
"""
Returns xml blob in the following format. Only accepts POST requests.
<result>
<success>True|False</success>
<error_code>ERROR_CODE</error_code>
<session>
...
</session>
<user>
...
</user>
</result>
"""
if request.method != 'POST':
return HttpResponseBadRequest()
form = forms.AuthenticateInputForm(request.POST)
data = {}
if not form.is_valid():
return render_to_response(template_name, {'success' : False,
'error_code' : ErrorCodes.AUTH_MALFORMED_INPUT})
username = form.cleaned_data.get('username')
password = form.cleaned_data.get('password')
user = auth_authenticate(username=username, password=password)
if user is None:
return render_to_response(template_name, {'success' : False,
'error_code' : ErrorCodes.AUTH_WRONG_CREDENTIALS})
if not user.is_active:
return render_to_response(template_name, {'success' : False,
'error_code' : ErrorCodes.AUTH_USER_INACTIVE})
session = models.get_new_user_session(user)
session_data = {'auth_token' : session.session_key,
'expire' : time.mktime(session.get_expiry_date().timetuple()),
'path' : settings.SESSION_COOKIE_PATH,
'domain': settings.SESSION_COOKIE_DOMAIN}
return render_to_response(template_name,
{'success' : True,
'user' : user,
'session' : session_data,
'groups' : _filter_groups(user, service)})
def iniciar_sesion(request):
if request.method == 'POST':
form = AuthenticationForm(request=request, data=request.POST)
if form.is_valid():
username = form.cleaned_data.get('username')
password = form.cleaned_data.get('password')
user = auth_authenticate(username=username, password=password)
if user is not None:
auth_login(request, user)
return redirect('perfil')
else:
return redirect('login')
def login_as(request, username):
if request.user.is_authenticated():
return HttpResponseBadRequest("Error 400 :(\nNo-no-no!")
user = auth_authenticate(username=username, from_login_as_view=True)
if not user:
return HttpResponseBadRequest("Error 400 ;(\nNo-no-no!")
auth_login(request, user)
return redirect(reverse('index'))
def test_set_new_password_post_incorrect_link(self):
self.register()
user = User.collection.find_one({'email' : '*****@*****.**'})
link = PasswordRecoveryLink({'user':user['_id']})
link.save()
response = self.client.post('/new-password/' + 'abc' + '/', {'new_password' : 'new_password'})
self.assertEqual(response.status_code, 404)
link = PasswordRecoveryLink({'user':user['_id']})
self.assertIsNotNone(link)
auth_user = auth_authenticate(username='******', password='******')
self.assertIsNone(auth_user)
def post(self, request, format=None):
parser = JSONParser().parse(request)
if parser['username'] and parser['password']:
user = auth_authenticate(username=parser['username'], password=parser['password'])
if user is not None:
token = login_token(user)
logger.info("JWT is sent to registered user:{0}".format(parser['username']))
return JsonResponse(data=token, status=status.HTTP_200_OK)
if user is None:
logger.error("JWT generation failed for the user:{0}, exception-{1}".format(parser['username'], status.HTTP_401_UNAUTHORIZED))
return Response(data={'error': 'invalid authentication key'}, status=status.HTTP_401_UNAUTHORIZED)
return Response(data={'error': 'password and username required'}, status=status.HTTP_400_BAD_REQUEST)
def login(request):
context = {}
if request.method == 'POST':
username = request.POST.get('username')
password = request.POST.get('password')
user = auth_authenticate(username=username, password=password)
if user is not None:
auth_login(request, user)
return redirect('photo:photo_list')
else:
return render(request, 'auth/login.html')
def initial_password_set(request, token, template_name='emailauth/set_password.html'):
if request.method == 'POST':
form = PasswordInitialSetForm(request.POST)
if form.is_valid():
user = form.save()
user = auth_authenticate(email = user.primary_email.email, password = form.cleaned_data['password'])
print ("user backend %s" % user.backend)
auth_login(request, user)
return redirect('achievements')
elif token:
form = PasswordInitialSetForm(initial = {'token': token})
else:
raise Http404('Need token')
return render_to_response(template_name, {'form': form, 'token':token}, context_instance=RequestContext(request))
def register(request):
if request.method == 'POST':
form = UserCreationForm(request.POST)
if form.is_valid():
form.save()
username = form.cleaned_data.get('username')
raw_password = form.cleaned_data.get('password1')
person = auth_authenticate(username=username,
password=raw_password)
auth_login(request, person)
return redirect('index')
else:
form = UserCreationForm()
return render(request, 'registration/register.html', {'form': form})
def login(request):
if request.method == 'POST':
form = LoginForm(request.POST)
username = request.POST['username']
password = request.POST['password']
user = auth_authenticate(username = username, password = password)
if user is not None:
auth_login(request, user)
return redirect('home')
else:
return HttpResponse('로그인 실패. 다시 시도 해보세요.')
else:
form = LoginForm()
return render(request, 'login.html', {'form': form})
def resetpassword(request, step):
if step is None:
step = '0'
error = u''
title = u'重置密码'
resetpasswordForm0 = ResetpasswordForm0()
if step == '0' and request.method == 'POST':
resetpasswordForm0 = ResetpasswordForm0(request.POST)
if resetpasswordForm0.is_valid():
email = resetpasswordForm0.cleaned_data['email']
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
user = None
if user is not None and user.is_active:
Mailer().send_resetpassword(email)
return HttpResponseRedirect('/resetpassword/1/')
error = u'邮箱 %s 还没有注册' % email
else:
error = u'请检查邮箱,验证码是否正确'
resetpasswordForm1 = ResetpasswordForm1()
if len(step) > 1 and request.method == 'POST':
resetpasswordForm1 = ResetpasswordForm1(request.POST)
if resetpasswordForm1.is_valid():
email = cache.get(step)
if email is not None and email_re.match(email):
password = resetpasswordForm1.cleaned_data['password']
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
user = None
if user is not None and user.is_active:
user.set_password(password)
user.save()
user = auth_authenticate(username=user.username,
password=password)
auth_login(request, user)
cache.delete(step)
return HttpResponseRedirect('/resetpassword/3/')
return HttpResponseRedirect('/resetpassword/4/')
response_dictionary = {
'step': step,
'error': error,
'title': title,
'resetpasswordForm0': resetpasswordForm0,
'resetpasswordForm1': resetpasswordForm1
}
return render_to_response('user/resetpassword.html',
response_dictionary,
context_instance=RequestContext(request))
def login(request):
if request.method == 'GET':
next_url = request.GET.get('next', '/home')
return render_to_response('djsite/login.html', {'next': next_url}, RequestContext(request))
else: # POST
username = request.POST.get('username', '')
password = request.POST.get('password', '')
next_url = request.POST.get('next', '/home')
user = auth_authenticate(username = username, password = password)
if user and user.is_active:
auth_login(request, user)
return redirect(next)
else:
return render_to_response('djsite/login.html', {'next': next_url}, RequestContext(request))
def login(request):
if request.method == 'POST':
form = LoginForm(request.POST)
if form.is_valid():
values = form.cleaned_data
user = auth_authenticate(username=values['username'], password=values['password'])
if user is not None:
if user.is_active:
auth_login(request, user)
return HttpResponseRedirect('/')
else:
form = LoginForm()
return render(request,'layout.html',{'form': form, 'login': True})
def get(self, request, *args, **kwargs):
csrf_token = unicode(csrf(request)['csrf_token'])
if csrf_token == request.GET.get('state'):
code = request.GET.get("code")
source = self.kwargs['source']
user = auth_authenticate(code=code, source=source)
if user:
if user.is_active:
auth_login(request, user)
else:
error = 'AUTH_DISABLED'
else:
error = 'AUTH_FAILED'
return super(OAuth2Authentication, self).get(request, *args, **kwargs)
def login(request):
"""authorized the user and returns Json web token.
:param request:
:return:JWT
"""
parser = JSONParser().parse(request)
if parser['username'] and parser['password']:
user = auth_authenticate(username=parser['username'], password=parser['password'])
if user is not None:
token = login_token(user)
return JsonResponse(data=token, status=status.HTTP_200_OK)
if user is None:
return Response(data={'error':'invalid authentication key'}, status=status.HTTP_401_UNAUTHORIZED)
else:
return Response(data={'error': 'password and username required'}, status=status.HTTP_400_BAD_REQUEST)
def login(request):
if request.method == 'GET':
return render(request, 'login.html')
elif request.method == 'POST':
username = request.POST.get('username')
raw_password = request.POST.get('password')
user = auth_authenticate(request, username=username, password=raw_password)
if user is not None:
auth_login(request, user)
return redirect(reverse('product_list'))
else:
context = {
'message': 'Invalid login! Please try again.',
}
return render(request, 'login.html', context)
def login_fbv(request):
if request.method == 'POST':
form = LoginForm(request.POST)
if form.is_valid():
username = form.cleaned_data['username']
password = form.cleaned_data['password']
user = auth_authenticate(username=username, password=password)
if user is not None:
auth_login(request, user)
return redirect('photo:photo_list')
else:
return HttpResponse('로그인 실패 하였습니다.')
else:
form = LoginForm()
return render(request, 'member/login.html', {'form': form})
def login(request):
context = RequestContext(request)
if request.user.is_authenticated():
return HttpResponseRedirect(reverse('dashboard'))
elif all((x in request.POST for x in ['email', 'password'])):
email = request.POST['email']
password = request.POST['password']
user = auth_authenticate(username=email, password=password)
auth_login(request, user)
return HttpResponseRedirect(reverse('dashboard'))
else:
template = get_template('dashboard.html')
return HttpResponse(template.render(context))
def signin(request):
errors = []
form = SignInForm()
if request.method == "POST":
form = SignInForm(request.POST)
username = request.POST["email"]
password = request.POST["password"]
user = auth_authenticate(username=username, password=password)
if user is not None:
if user.is_active:
auth_login(request, user)
return HttpResponseRedirect("/")
else:
errors.append("disabled account")
else:
errors.append("username password does not match")
variables = RequestContext(request, {"signInForm": form, "errors": errors})
return render_to_response("auth/signin.html", variables)
def authenticate(self, request):
from django.contrib.auth import authenticate as auth_authenticate
# self.redirect_to = request.POST.get('next', '') #to be changed, POST does not contain any data
username = request.data.get('username', '')
password = request.data.get('password', '')
email_or_username = username
# match with username if not email
if not re.match(r"[^@]+@[^@]+\.[^@]+", email_or_username):
username = email_or_username
else:
user = get_model_or_none(User, email=email_or_username)
if user is not None:
username = user.username
user = auth_authenticate(username=username, password=password)
if user is not None:
if user.is_active:
oauth2_utils = Oauth2Utils()
client = oauth2_utils.create_client(request, user)
response_data = dict()
response_data["client_id"] = client.client_id
response_data["client_secret"] = client.client_secret
response_data["username"] = user.username
response_data["email"] = user.email
response_data["first_name"] = user.first_name
response_data["last_name"] = user.last_name
response_data["date_joined"] = user.date_joined
response_data["last_login"] = user.last_login
response_data["is_requester"] = user.profile.is_requester
response_data["is_worker"] = user.profile.is_worker
return response_data, status.HTTP_201_CREATED
else:
raise AuthenticationFailed(_('Account is not activated yet.'))
else:
raise AuthenticationFailed(_('Username or password is incorrect.'))
def post(self, request, *args, **kwargs):
if request.user.is_authenticated():
return redirect(reverse('index_url'))
if self.request.POST:
username = self.request.POST['username']
password = self.request.POST['password']
user = auth_authenticate(username=username, password=password)
if user is not None:
auth_login(request, user)
if self.request.GET.get('next'):
return redirect(self.request.GET.get('next'))
return redirect(reverse('index_url'))
messages.add_message(request, messages.ERROR, 'Username or password is incorrect. Try again.')
return render(request, self.template_name, self.get_context_data())
def test_set_new_password_post(self):
self.register()
user = User.collection.find_one({'email' : '*****@*****.**'})
link = PasswordRecoveryLink({'user':user['_id']})
link.save()
response = self.client.post('/new-password/' + unicode(link._id) + '/', {'new_password' : 'new_password',
'new_password_repeat' : 'new_password'})
self.assertEqual(response.status_code, 200)
self.assertIn('password_set', response.context)
self.assertTrue(response.context['password_set'])
link = PasswordRecoveryLink.objects.get_one({'user':user['_id']})
self.assertIsNone(link)
auth_user = auth_authenticate(username='******', password='******')
self.assertIsNotNone(auth_user)
response = self.client.get('/')
self.assertEqual(response.status_code, 302)
def login_ajax(request):
if request.is_ajax() and request.method == "POST":
exito = False
formulario = LoginForm(request.POST)
errores = ''
if formulario.is_valid():
username = formulario.cleaned_data['username']
password = formulario.cleaned_data['password']
usuario = auth_authenticate(username=username, password=password)
if usuario is not None and usuario.is_active:
exito = True
auth_login(request, usuario)
return HttpResponseRedirect('/')
else:
errores = formulario.errors
response = {'errores': errores, 'exito': exito}
return HttpResponse(json.dumps(response), mimetype="application/json")
else:
raise Http404
def login(request):
if request.method == 'POST' and not request.user.is_authenticated():
username = request.POST.get('username')
password = request.POST.get('password')
auth_user = auth_authenticate(username=username, password=password)
if auth_user is not None:
if auth_user.is_active:
auth_login(request, auth_user)
return redirect('home')
else:
context = RequestContext(request, {'login_message': 'Your account is not active.'})
return render(request, 'home.html', context)
else:
context = RequestContext(request, {'login_message': 'Wrong username or password.'})
return render(request, 'home.html', context)
else:
return redirect('home')
def resetpassword(request, step):
if step is None:
step = '0'
error = u''; title = u'重置密码'
resetpasswordForm0 = ResetpasswordForm0()
if step == '0' and request.method == 'POST':
resetpasswordForm0 = ResetpasswordForm0(request.POST)
if resetpasswordForm0.is_valid():
email = resetpasswordForm0.cleaned_data['email']
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
user = None
if user is not None and user.is_active:
Mailer().send_resetpassword(email)
return HttpResponseRedirect('/resetpassword/1/')
error = u'邮箱 %s 还没有注册' % email
else:
error = u'请检查邮箱,验证码是否正确'
resetpasswordForm1 = ResetpasswordForm1()
if len(step) > 1 and request.method == 'POST':
resetpasswordForm1 = ResetpasswordForm1(request.POST)
if resetpasswordForm1.is_valid():
email = cache.get(step)
if email is not None and email_re.match(email):
password = resetpasswordForm1.cleaned_data['password']
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
user = None
if user is not None and user.is_active:
user.set_password(password)
user.save()
user = auth_authenticate(username=user.username, password=password)
auth_login(request, user)
cache.delete(step)
return HttpResponseRedirect('/resetpassword/3/')
return HttpResponseRedirect('/resetpassword/4/')
response_dictionary = {'step': step, 'error': error, 'title': title, 'resetpasswordForm0': resetpasswordForm0, 'resetpasswordForm1': resetpasswordForm1}
return render_to_response('user/resetpassword.html',
response_dictionary,
context_instance=RequestContext(request))
def login(request):
if request.method == 'POST':
for item in request.session.items():
print(item)
try:
username = request.POST['username']
password = request.POST['password']
except KeyError:
return HttpResponse('username 또는 password는 필수항목입니다')
user = auth_authenticate(
username=username,
password=password
)
if user is not None:
auth_login(request, user)
return HttpResponse('로그인 되었습니다')
else:
return HttpResponse('로그인에 실패하였습니다')
else:
pass
def post(self, request, *args, **kwargs):
from django.contrib.auth import authenticate as auth_authenticate
email = request.data.get('email', '')
password = request.data.get('password', '')
user = auth_authenticate(username=email, password=password)
if user is not None:
if user.is_active:
response_data = dict()
response_data["email"] = user.email
response_data["client_id"] = settings.CLIENT_ID
if hasattr(user, 'customer'):
response_data["id"] = user.customer.id
elif hasattr(user, 'restaurant'):
response_data["id"] = user.restaurant.id
return Response(response_data, status.HTTP_200_OK)
else:
raise AuthenticationFailed(_('Account is not activated yet.'))
else:
raise AuthenticationFailed(_('Username or password is incorrect.'))
def login(request):
next = request.GET.get('next')
if request.method == 'POST':
try:
username = request.POST['username']
password = request.POST['password']
except KeyError:
return HttpResponse('username 또는 password는 필수항목입니다')
user = auth_authenticate(
username=username,
password=password
)
if user is not None:
auth_login(request, user)
messages.success(request, '로그인에 성공하였습니다')
return redirect(next)
else:
messages.error(request, '로그인에 실패하였습니다')
return render(request, 'member/login.html', {})
else:
return render(request, 'member/login.html', {})
def authenticate(self, request):
from django.contrib.auth import authenticate as auth_authenticate
#self.redirect_to = request.POST.get('next', '') #to be changed, POST does not contain any data
username = request.data.get('username', '')
password = request.data.get('password', '')
email_or_username = username
if not re.match(r"[^@]+@[^@]+\.[^@]+", email_or_username):
username = email_or_username
else:
user = get_model_or_none(User,email=email_or_username)
if user is not None:
username = user.username
user = auth_authenticate(username=username, password=password)
if user is not None:
if user.is_active:
oauth2_utils = Oauth2Utils()
client = oauth2_utils.create_client(request,user)
response_data = {}
response_data["client_id"] = client.client_id
response_data["client_secret"] = client.client_secret
response_data["username"] = user.username
response_data["email"] = user.email
response_data["first_name"] = user.first_name
response_data["last_name"] = user.last_name
response_data["date_joined"] = user.date_joined
response_data["last_login"] = user.last_login
return response_data, status.HTTP_201_CREATED
#return Response(response_data,status=status.HTTP_201_CREATED)
else:
return {
'status': 'Unauthorized',
'message': 'Account is not activated yet.'
}, status.HTTP_401_UNAUTHORIZED
else:
return {
'status': 'Unauthorized',
'message': 'Username or password is incorrect.'
}, status.HTTP_401_UNAUTHORIZED
def create_user(request):
context = RequestContext(request)
if all((x in request.POST for x in ['email', 'password'])):
if User.objects.filter(email=request.POST['email']).count() > 0:
print 'User Already Exists'
template = get_template('login.html')
return HttpResponse(template.render(context))
else:
#Username isn't important for this system so we'll just use the email. Less stuff for the user to fill out
user = User.objects.create_user(request.POST['email'], request.POST['email'], request.POST['password'])
user.save()
user = auth_authenticate(username=request.POST['email'], password=request.POST['password'])
student = Student(user=user)
student.save()
auth_login(request, user)
# student = Student(user=user)
# student.save()
# msg = EmailMultiAlternatives("<<Subject Line>>", "", "sender-email", [user.email])
# msg.attach_alternative(render_to_string("<<Link to HTML representation of email contents>>.html"), "text/html")
# msg.send()
context = RequestContext(request)
template = get_template('dashboard.html')
return HttpResponse(template.render(context))
else:
print "Need to add some shit here to handle missing form fields"
return HttpResponseRedirect(reverse('dashboard'))
def shib_login(request):
#check if there is valid remote user.
#if one exists, try to match them
#if one does not exist, create it and assign to proper institution
#then redirect
#setup the redirect first: code borrowed from django contrib library
redir_to = request.GET.get('next', '/accounts/profile')
netloc = urlparse.urlparse(redir_to)[1]
# Heavier security check -- don't allow redirection to a different
# host.
if netloc and netloc != request.get_host():
redir_to = '/accounts/profile'
#Use EduPersonPrincipalName http://www.incommonfederation.org/attributesummary.html#eduPersonPrincipal
#as username in our system. We could support other persistent identifiers later, but it will take some
#work
if ('REMOTE_USER' in request.META) and ('eppn' in request.META) and (request.META['REMOTE_USER']==request.META['eppn']) and request.META['eppn']:
#if we get here, the user has authenticated properly
shib = {'givenName':'',
'sn':'',
'mail':'',
'affiliation':'',
'Shib-Identity-Provider':'',}
shib.update(request.META)
#Clean up first name, last name, and email address
shib['sn'] = string.split(shib['sn'],";")[0]
shib['givenName'] = string.split(shib['givenName'],";")[0]
if not shib['mail']:
shib['mail'] = shib['eppn']
if not User.objects.filter(username=shib['REMOTE_USER']).exists():
#here, we need to create the new user
ALPHABET = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
rg = random.SystemRandom(random.randint(0,100000))
password = (''.join(rg.choice(ALPHABET) for i in range(16))) + '1' #create a random password, which they will never use
User.objects.create_user(shib['REMOTE_USER'], shib['mail'], password)
# authenticate() always has to be called before login(), and
# will return the user we just created.
new_user = auth_authenticate(username=shib['REMOTE_USER'], password=password)
new_user.first_name, new_user.last_name = shib['givenName'].capitalize(), shib['sn'].capitalize()
new_user.save()
profile = new_user.get_profile()
profile.site_data = shib['affiliation']
if 'stanford.edu' in shib['affiliation']:
profile.institutions.add(Institution.objects.get(title='Stanford'))
profile.save()
auth_login(request, new_user)
signals.user_registered.send(sender=__file__,
user=new_user,
request=request)
else:
#User already exists, so log him/her in
user = User.objects.get(username=shib['REMOTE_USER'])
user.backend = 'django.contrib.auth.backends.ModelBackend'
auth_login(request, user)
messages.add_message(request,messages.SUCCESS, 'You have successfully logged in!')
else:
messages.add_message(request,messages.ERROR, 'WebAuth did not return your identity to us! Please try logging in again. If the problem continues please contact [email protected]')
return HttpResponseRedirect(redir_to)
def _login(req, username, password):
user = auth_authenticate(
username = username,
password = password)
auth_login(req, user)
