Example #1
0
    def test_1_process(self):
        self.assertEqual(
            PostponedTaskPrototype._model_class.objects.all().count(), 0)
        self.assertEqual(
            ChangeCredentialsTaskPrototype._model_class.objects.all().count(),
            0)

        new_password = self.task.process(logger=mock.Mock())
        self.assertTrue(self.task.is_processed)
        self.assertEqual(
            django_authenticate(nick=self.account.nick, password='******').id,
            self.account.id)

        self.assertEqual(
            PostponedTaskPrototype._model_class.objects.all().count(), 1)
        self.assertEqual(
            ChangeCredentialsTaskPrototype._model_class.objects.all().count(),
            1)

        PostponedTaskPrototype._db_get_object(0).process(logger=mock.Mock())

        self.assertEqual(
            django_authenticate(nick=self.account.nick, password='******'),
            None)
        self.assertEqual(
            django_authenticate(nick=self.account.nick,
                                password=new_password).id, self.account.id)
Example #2
0
def login_user(request):
    context = {}
    if request.method == "POST":
        username = request.POST['username']
        password = request.POST['password']
        user = django_authenticate(username=username, password=password)
        if user is not None:
            if user.is_active:
                django_login(request, user)
                return redirect('user_profile:client')
            else:
                context['message'] = 'Account disabled'
        else:
            context['message'] = "Invalid"
        return render(request, 'registration/login.html', context)
    elif request.user.is_authenticated:
        username = request.POST.get('username')
        password = request.POST.get('password')
        user = django_authenticate(username=username, password=password)
        if user is not None:
            if user.is_active:
                django_login(request, user)
                return redirect('user_profile:client')
            else:
                context['message'] = 'Account Disabled'
        else:
            context['message'] = 'Invalid Login'
        return render(request, 'registration/login.html', context)
    else:
        return render(request, 'registration/login.html',
                      {'errormsg': 'error'})
Example #3
0
def get_resource(request, file_location):
    try:
        username = request.session.get('username', None)
        remote_ip = request.META.get('REMOTE_ADDR', None)
        if remote_ip is not None:
            #Authenticated if the instance requests resource.
            instances = Instance.objects.filter(ip_address=remote_ip)
            authenticated = len(instances) > 0
        elif username is not None:
            django_authenticate(username=username, password="")
            #User Authenticated by this line
            authenticated = True

        if not authenticated:
            raise Exception("Unauthorized access")
        path = settings.PROJECT_ROOT+"/init_files/"+file_location
        if os.path.exists(path):
            file = open(path, 'r')
            content = file.read()
            response = HttpResponse(content)
            #Download it, even if it looks like text
            response['Content-Disposition'] = \
                'attachment; filename=%s' % file_location.split("/")[-1]
            return response
        template = get_template('404.html')
        variables = RequestContext(request, {
            'message': '%s not found' % (file_location,)
        })
        output = template.render(variables)
        return HttpResponse(output)
    except Exception, e:
        logger.debug("Resource request failed")
        logger.exception(e)
        return HttpResponseRedirect(settings.REDIRECT_URL+"/login")
Example #4
0
def get_resource(request, file_location):
    try:
        username = request.session.get('username', None)
        remote_ip = request.META.get('REMOTE_ADDR', None)
        if remote_ip is not None:
            #Authenticated if the instance requests resource.
            instances = Instance.objects.filter(ip_address=remote_ip)
            authenticated = len(instances) > 0
        elif username is not None:
            django_authenticate(username=username, password="")
            #User Authenticated by this line
            authenticated = True

        if not authenticated:
            raise Exception("Unauthorized access")
        path = settings.PROJECT_ROOT + "/init_files/" + file_location
        if os.path.exists(path):
            file = open(path, 'r')
            content = file.read()
            response = HttpResponse(content)
            #Download it, even if it looks like text
            response['Content-Disposition'] = \
                'attachment; filename=%s' % file_location.split("/")[-1]
            return response
        template = get_template('404.html')
        variables = RequestContext(
            request, {'message': '%s not found' % (file_location, )})
        output = template.render(variables)
        return HttpResponse(output)
    except Exception, e:
        logger.debug("Resource request failed")
        logger.exception(e)
        return HttpResponseRedirect(settings.REDIRECT_URL + "/login")
Example #5
0
    def test_change_credentials_email(self):
        self.account.change_credentials(new_email='*****@*****.**')

        self.assertEqual(Message.objects.all().count(), 0)

        self.assertEqual(self.account.email, '*****@*****.**')
        self.assertEqual(django_authenticate(nick='test_user', password='******').id, self.account.id)
        self.assertEqual(django_authenticate(nick='test_user', password='******').nick, 'test_user')
Example #6
0
def authenticate(username, password):
    if DJANGO_VERSION[1] > 10:
        request = create_request()
        return django_authenticate(request=request,
                                   username=username,
                                   password=password)
    else:
        return django_authenticate(username=username, password=password)
Example #7
0
    def test_change_credentials_email(self):
        self.account.change_credentials(new_email="*****@*****.**")

        self.assertEqual(Message.objects.all().count(), 0)

        self.assertEqual(self.account.email, "*****@*****.**")
        self.assertEqual(django_authenticate(nick="test_user", password="******").id, self.account.id)
        self.assertEqual(django_authenticate(nick="test_user", password="******").nick, "test_user")
Example #8
0
 def test_profile_update_duplicate_nick(self):
     register_user('duplicated_user', '*****@*****.**', '111111')
     self.request_login(self.account.email)
     response = self.client.post(reverse('accounts:profile:update'), {'nick': 'duplicated_user', 'email': '*****@*****.**'})
     self.check_ajax_error(response, 'accounts.profile.update.used_nick')
     self.assertEqual(ChangeCredentialsTask.objects.all().count(), 0)
     self.assertEqual(Message.objects.all().count(), 0)
     self.assertEqual(django_authenticate(nick=self.account_nick, password='******').id, self.account.id)
     self.assertEqual(django_authenticate(nick=self.account_nick, password='******').email, self.account_email)
Example #9
0
 def test_profile_update_email(self):
     self.request_login(self.account.email)
     response = self.client.post(reverse('accounts:profile:update'), {'email': '*****@*****.**', 'nick': 'test_nick'})
     self.assertEqual(response.status_code, 200)
     self.check_ajax_ok(response, data={'next_url': reverse('accounts:profile:confirm-email-request')})
     self.assertEqual(ChangeCredentialsTask.objects.all().count(), 1)
     self.assertEqual(ChangeCredentialsTask.objects.all()[0].state, relations.CHANGE_CREDENTIALS_TASK_STATE.EMAIL_SENT)
     self.assertEqual(Message.objects.all().count(), 1)
     self.assertEqual(django_authenticate(nick=self.account_nick, password='******').id, self.account.id)
     self.assertEqual(django_authenticate(nick=self.account_nick, password='******').email, self.account_email)
Example #10
0
    def test_change_credentials_email(self):
        nick = self.account.nick

        self.account.change_credentials(new_email='*****@*****.**')

        self.assertEqual(Message.objects.all().count(), 0)

        self.assertEqual(self.account.email, '*****@*****.**')
        self.assertEqual(django_authenticate(nick=nick, password='******').id, self.account.id)
        self.assertEqual(django_authenticate(nick=nick, password='******').nick, nick)
Example #11
0
 def test_profile_update_duplicate_nick(self):
     account = self.accounts_factory.create_account()
     self.request_login(self.account.email)
     response = self.client.post(
         reverse("accounts:profile:update"), {"nick": account.nick, "email": "*****@*****.**"}
     )
     self.check_ajax_error(response, "accounts.profile.update.used_nick")
     self.assertEqual(ChangeCredentialsTask.objects.all().count(), 0)
     self.assertEqual(Message.objects.all().count(), 0)
     self.assertEqual(django_authenticate(nick=self.account_nick, password="******").id, self.account.id)
     self.assertEqual(django_authenticate(nick=self.account_nick, password="******").email, self.account_email)
Example #12
0
    def test_process_email_sent(self):
        task = ChangeCredentialsTaskPrototype.create(self.test_account, new_email='*****@*****.**', new_password='******')
        postponed_task = task.process(FakeLogger())
        self.assertEqual(postponed_task, None)
        self.assertEqual(task.state, relations.CHANGE_CREDENTIALS_TASK_STATE.EMAIL_SENT)
        self.assertEqual(Message.objects.all().count(), 1)
        self.assertEqual(django_authenticate(nick='test_user', password='******').id, task.account.id)
        self.assertEqual(django_authenticate(nick='test_user', password='******'), None)

        postponed_task = task.process(FakeLogger())
        self.assertEqual(task.state, relations.CHANGE_CREDENTIALS_TASK_STATE.CHANGING)
        self.assertNotEqual(postponed_task, None)
Example #13
0
    def test_1_process(self):
        self.assertEqual(PostponedTaskPrototype._model_class.objects.all().count(), 0)
        self.assertEqual(ChangeCredentialsTaskPrototype._model_class.objects.all().count(), 0)

        new_password = self.task.process(logger=mock.Mock())
        self.assertTrue(self.task.is_processed)
        self.assertEqual(django_authenticate(nick='test_user', password='******').id, self.account.id)

        self.assertEqual(PostponedTaskPrototype._model_class.objects.all().count(), 1)
        self.assertEqual(ChangeCredentialsTaskPrototype._model_class.objects.all().count(), 1)

        PostponedTaskPrototype._db_get_object(0).process(logger=mock.Mock())

        self.assertEqual(django_authenticate(nick='test_user', password='******'), None)
        self.assertEqual(django_authenticate(nick='test_user', password=new_password).id, self.account.id)
Example #14
0
def login(request):
    if request.user.is_authenticated():
        return HttpResponseRedirect('/')

    if request.method == 'POST':
        errors = []
        form = LoginForm(data=request.POST)
        if form.is_valid():
            account = django_authenticate(email=request.POST['email'],
                                          password=request.POST['password'])
            if account and account.is_active:
                django_login(request, account)
                return HttpResponseRedirect('/')
            else:
                errors.append("Login failed")
                return render(request, 'authentication/login.html', {
                    'form': form,
                    'errors': errors
                })
        else:
            errors.append("Form invalid")
            return render(request, 'authentication/login.html', {
                'form': form,
                'errors': errors
            })
    else:
        form = LoginForm()
        return render(request, 'authentication/login.html', {'form': form})
Example #15
0
def login(request):
    if request.user.is_authenticated:
        return redirect('home')

    else:
        if request.method == 'POST':
            form = AuthenticationForm(data=request.POST)
            if form.is_valid():
                email = request.POST['email']
                password = request.POST['password']
                user = django_authenticate(email=email, password=password)
                if user is not None:
                    if user.is_active:
                        django_login(request, user)
                        # user is redirected to dashboard
                        return redirect('home')
                else:
                    messages.error(request, 'username or password not correct')
                    return redirect('login')
        else:
            form = AuthenticationForm()
        page_title = 'Login Page'
        return render(request, 'accounts/login.html', {
            'form': form,
            'page_title': page_title
        })
Example #16
0
    def login(self, request):
        # get username and password from request
        # data就是用户post的request中的数据
        # check request
        serializer = LoginSerializer(data=request.data)
        if not serializer.is_valid():  # 如果登录出错
            return Response(
                {
                    "success": False,
                    "message": "Please check input.",
                    "errors": serializer.errors,
                },
                status=400)

        # validation ok
        # check password
        username = serializer.validated_data['username']
        password = serializer.validated_data['password']
        user = django_authenticate(username=username, password=password)
        if not user or user.is_anonymous:
            return Response(
                {
                    "success": False,
                    "message": "Username and password does not match.",
                },
                status=400)

        # login
        django_login(request, user)
        return Response({
            "success": True,
            "user": UserSerializer(user).data,
        })
Example #17
0
def update_password(request):
    if not request.method == 'POST':
        return JSON_error("error")

    d = JSON_parse(request.POST.get('data'))

    if 'current_password' not in d or 'password1' not in d or 'password2' not in d:
        return JSON_error('error', _('Something went wrong during password saving. Contact support.'))

    if d['password1'] != d['password2']:
        return JSON_error('new_password_mismatch', _('New passwords do not match'))

    if not min_password_requirments(d['password1']):
        return JSON_error('min_pass_requirement_failed', _('Password minimal requirments failed.'))

    user = django_authenticate(username=request.user.email, password=d['current_password'])
    if user is None:
        return JSON_error('wrong_current_password')

    if user is not None:
        # saves in django table
        user.set_password(d['password1'])
        user.save()

        user.update_user_profile()

        return JSON_ok()

    return JSON_error('error', _('Something went wrong during password saving. Contact support.'))
Example #18
0
def callback(request, redirect_url=None):
    odesk_client = DefaultClient()
    if request.session.get(ODESK_REQUEST_TOKEN):
        t, s = request.session.get(ODESK_REQUEST_TOKEN)
        odesk_client.auth.request_token = t
        odesk_client.auth.request_token_secret = s
        del request.session[ODESK_REQUEST_TOKEN]
    else:
        return HttpResponseRedirect(odesk_client.auth.get_authorize_url())

    verifer = request.GET.get('oauth_verifier', None)
    access_token = odesk_client.auth.get_access_token(verifer)

    if access_token:
        request.session[ODESK_ACCESS_TOKEN] = access_token
        #TODO: Get rid of (conceptually correct) additional request to odesk.com
        user = django_authenticate(token = access_token)
        if user:
            login(request, user)
        else:
            pass
            #Probably the odesk auth backend is missing. Should we raise an error?
        redirect_url = request.session.pop(ODESK_REDIRECT_SESSION_KEY,
                                           redirect_url)
        response = HttpResponseRedirect(redirect_url or '/')
        return response
    else:
        return HttpResponseRedirect(odesk_client.auth.get_authorize_url())
Example #19
0
def login(request):
    """
    Check (lowercased) usename and password and do login if they matched.
    Only POST request is allowed.
    Return status and message in a dictionary.
    """
    success = False
    data = {}
    message = u''
    if request.method != 'POST':
        message =  _("Only POST method is allowed when you log in.")
        return False, None, message

    sessionid = None
    if "username" in request.POST and "password" in request.POST:
        user = django_authenticate(username=request.POST["username"].lower(),
                                   password=request.POST["password"])
    else:
        message =  _("Missing username and/or password parameter.")
        return False, None, message
    if user is not None:
        if user.is_active:
            success = True
            message =  _("Login OK")
            # This puts sessionid cookie into the response headers:
            django_login(request, user)
            sessionid = request.session.session_key
        else:
            message =  _("Your account has been disabled!")
    else:
        message =  _("Your username and password did not match.")
    data = {"sessionid": sessionid}
    return success, data, message
Example #20
0
def callback(request, redirect_url=None):
    odesk_client = DefaultClient()
    frob = request.GET.get('frob', None)
    if frob:
        try:
            token, auth_user = odesk_client.auth.get_token(frob)
        except:
            if not redirect_url:
                redirect_url = '/'
            return HttpResponseRedirect(redirect_url)
        request.session[ODESK_TOKEN_SESSION_KEY] = token
        #TODO: Get rid of (conceptually correct) additional request to odesk.com
        user = django_authenticate(token=token)
        if user:
            login(request, user)
        else:
            pass
            #Probably the odesk auth backend is missing. Should we raise an error?
        redirect_url = request.session.pop(ODESK_REDIRECT_SESSION_KEY,
                                           redirect_url)
        if not redirect_url:
            redirect_url = '/'
        return HttpResponseRedirect(redirect_url)

    else:
        return HttpResponseRedirect(odesk_client.auth.auth_url())
Example #21
0
 def test_process_timeout(self):
     task = ChangeCredentialsTaskPrototype.create(self.test_account, new_email='*****@*****.**')
     task._model.created_at = datetime.datetime.fromtimestamp(0)
     task.process(FakeLogger())
     self.assertEqual(task.state, relations.CHANGE_CREDENTIALS_TASK_STATE.TIMEOUT)
     self.assertEqual(task._model.comment, 'timeout')
     self.assertEqual(django_authenticate(nick='test_user', password='******').id, task.account.id)
Example #22
0
 def post(self, request, *args, **kwargs):
     data = request.data
     print(request.data)
     username = data.get('phone', None)
     password = data.get('password', None)
     dat = json.dumps({"username": username, "password": password})
     try:
         req = Request(
             config('HOST_URL') + '/api/token-auth',
             bytes(dat, encoding="utf-8"),
             {'Content-Type': 'application/json'})
         req.data
         response_body = urlopen(req)
         data = response_body.read()
         encoding = response_body.info().get_content_charset('utf-8')
         result = json.loads(data.decode(encoding))
         user = django_authenticate(username=username, password=password)
         if user is not None:
             django_login(request, user)
             result_data = {"user_id": user.id, "token": result['token']}
             return Response(result_data, status=status.HTTP_200_OK)
         return Response({"error": "User not found."},
                         status=status.HTTP_404_NOT_FOUND)
     except User.DoesNotExist:
         return Response({"error": 'User does not exist.'},
                         status=status.HTTP_404_NOT_FOUND)
     except:
         return Response({"error": "Incorrect username or password"},
                         status=status.HTTP_400_BAD_REQUEST)
Example #23
0
    def authenticate(self, request, **kwargs):
        '''
        Checks a user's basic auth credentials against the current
        Django auth backend.
        
        Should return either ``True`` if allowed, ``False`` if not or an
        ``HttpResponse`` if you need something custom.
        '''
        if not request.META.get('HTTP_AUTHORIZATION'):
            self._unauthorized()
        
        try:
            (auth_type, data) = request.META['HTTP_AUTHORIZATION'].split()
            if auth_type.lower() != 'basic':
                return self._unauthorized()
            user_pass = base64.b64decode(data)
        except:
            self._unauthorized()

        bits = user_pass.split(':')
        
        if len(bits) != 2:
            self._unauthorized()

        if self.backend:
            user = self.backend.authenticate(username=bits[0], password=bits[1])
        else:
            user = django_authenticate(username=bits[0], password=bits[1])

        if user is None:
            self._unauthorized()

        request.user = user
Example #24
0
 def test_profile_update_duplicate_nick(self):
     account = self.accounts_factory.create_account()
     self.request_login(self.account.email)
     response = self.client.post(reverse('accounts:profile:update'), {
         'nick': account.nick,
         'email': '*****@*****.**'
     })
     self.check_ajax_error(response, 'accounts.profile.update.used_nick')
     self.assertEqual(ChangeCredentialsTask.objects.all().count(), 0)
     self.assertEqual(Message.objects.all().count(), 0)
     self.assertEqual(
         django_authenticate(nick=self.account_nick, password='******').id,
         self.account.id)
     self.assertEqual(
         django_authenticate(nick=self.account_nick,
                             password='******').email, self.account_email)
Example #25
0
def login(request):
    '''Take in a username and password, check it against DB'''

    #Get the username and password.  We'll use python's .get for dicts to 
    #   ensure that something is returned, albeit an empty string
    username = cgi.escape(request.POST.get('username', ''))
    password = cgi.escape(request.POST.get('password', ''))

    #Create an empty response string
    res = 'Success'

    #Return an user object if the username and password match
    user = django_authenticate(username=username, password=password)

    #See if we got back a user
    if user is not None:
        #We got a user

        #For now, set a character to logged in
        cur_character = Character.objects.get(account=user.get_profile())
        cur_character.is_logged_in = True
        cur_character.save()

        #Call django's built in login
        django_login(request, user)

    else:
        #Raise an error so the requester knows the login was incorrect
        raise Http404

    return HttpResponse(res)
Example #26
0
    def login(self, request):
        serializer = LoginSerializer(data=request.data)
        if not serializer.is_valid():
            return Response(
                {
                    "success": False,
                    "message": "Input is not valid. Please check input",
                    "errors": serializer.errors,
                },
                status=400)

        username = serializer.validated_data['username']
        password = serializer.validated_data['password']

        user = django_authenticate(username=username, password=password)
        if not user or user.is_anonymous:
            return Response(
                {
                    "success":
                    False,
                    "message":
                    "Username and password are not matched. Please try again",
                },
                status=400)

        django_login(request, user)
        return Response({
            "success": True,
            "user": UserSerializer(user).data,
        })
Example #27
0
def callback(request, redirect_url=None):
    odesk_client = DefaultClient()
    frob = request.GET.get('frob', None)
    if frob:
        try:
            token, auth_user = odesk_client.auth.get_token(frob)
        except Exception, exc:
            msg = "get_token(%(frob)r) failed with %(exc)s" % {
                'frob': frob,
                'exc': exc,
                'req': request,
            }
            logging.error(msg)
            return HttpResponseRedirect(redirect_url or '/')
        request.session[ODESK_TOKEN_SESSION_KEY] = token
        #TODO: Get rid of (conceptually correct) additional request to odesk.com
        user = django_authenticate(token = token)
        if user:
            login(request, user)
        else:
            pass
            #Probably the odesk auth backend is missing. Should we raise an error?
        redirect_url = request.session.pop(ODESK_REDIRECT_SESSION_KEY,
                                           redirect_url)
        return HttpResponseRedirect(redirect_url or '/')
Example #28
0
    def authenticate(self, request):

        # Get the username and password
        username = request.data['username']
        password = request.data['password']
        print('USERNAME', username)
        print('PASSWORD', password)

        if not username or not password:
            raise exceptions.AuthenticationFailed(
                "No credentials provided. You're probably logged out. Please login to continue."
            )

        credentials = {
            get_user_model().USERNAME_FIELD: username,
            'password': password
        }

        user = django_authenticate(**credentials)

        if user is None:
            raise exceptions.AuthenticationFailed('Invalid username/password.')

        if not user.is_active:
            raise exceptions.AuthenticationFailed('User inactive or deleted.')

        return (user, None)  # authentication successful
Example #29
0
def generate_new_user(request):
    username = get_rand_name()
    if User.objects.filter(username__exact=username).exists():
        user = User.objects.get(username=username)
    else:
        if User.objects.exclude(sid__exact="")\
                       .exclude(sid__exact="Deleted Content").count() == 0:
            # if there are no users with sids, give sid "s1"
            sid = "s1"
        else:
            previous_sid = User.objects.all()\
                                       .exclude(sid__exact="Deleted Content")\
                                       .last().sid
            previous_sid_num = previous_sid[1:]
            new_sid_num = int(previous_sid_num) + 1
            sid = "s" + str(new_sid_num)
        user = User.objects.create_user(username=username, password="",
                                        sid=sid)
        user.slug = slugify(user.username, max_length=100)
        user.save()
    user = django_authenticate(username=user.username, password="")
    if user is not None and settings.ENVIRONMENT == "dev":
        # django.contrib.auth.login only works in development environments. In
        # production, use django.contrib.auth.views.login.
        django_auth_login(request, user)
        return user
    else:
        raise Exception("User is None, or you tried to generate a new user "
                        "in a production environment!")
Example #30
0
    def login(self, request):
        serializer = LoginSerializer(data=request.data)
        if not serializer.is_valid():
            return Response(
                {
                    'success': False,
                    'message': "Please check input",
                    'errors': serializer.errors,
                },
                status=400)
        username = serializer.validated_data['username']
        password = serializer.validated_data['password']

        # queryset = User.objects.filter(username=username)
        # print(queryset.query)

        user = django_authenticate(username=username, password=password)
        if not user or user.is_anonymous:
            return Response(
                {
                    'success': False,
                    'message': "username and password does not match",
                },
                status=400)
        django_login(request, user)
        return Response({
            'success': True,
            'user': UserSerializer(instance=user).data
        })
Example #31
0
    def test_fast_profile_confirm_email(self):
        self.client.post(reverse('accounts:registration:fast'))
        PostponedTaskPrototype(model=PostponedTask.objects.all()[0]).process(
            FakeLogger())

        self.client.post(
            reverse('accounts:profile:update'), {
                'email': '*****@*****.**',
                'nick': 'test_nick',
                'password': '******'
            })
        self.assertEqual(Message.objects.all().count(), 1)

        uuid = ChangeCredentialsTask.objects.all()[0].uuid

        response = self.client.get(
            reverse('accounts:profile:confirm-email') + '?uuid=' + uuid)
        self.check_response_redirect(
            response,
            PostponedTaskPrototype._db_get_object(1).wait_url)

        self.assertEqual(ChangeCredentialsTask.objects.all().count(), 1)
        self.assertEqual(ChangeCredentialsTask.objects.all()[0].state,
                         relations.CHANGE_CREDENTIALS_TASK_STATE.CHANGING)

        self.assertEqual(
            django_authenticate(nick='test_nick', password='******'), None)
Example #32
0
def login_execute(request, form: LoginForm):
    user = User.objects.filter(email=form.cleaned_data['email']).first()

    if user == None:
        form.add_error('email', 'Incorrect email.')
        return render(request, 'main/login.html', {'form': form})

    if not user.organization_set.filter(
            id=form.cleaned_data['organization']).exists():
        form.add_error('organization',
                       'This user have not access to this organization.')
        return render(request, 'main/login.html', {'form': form})

    user = django_authenticate(username=user.username,
                               password=form.cleaned_data['password'])
    if user is None:
        form.add_error('password', 'Incorrect password.')
        return render(request, 'main/login.html', {'form': form})
    else:
        django_login(request, user)
        organization = Organization.objects.get(
            id=form.cleaned_data['organization'])
        request.session['org_id'] = organization.id
        request.session['org_name'] = organization.name

    return HttpResponseRedirect(reverse('main:task_lists'))
Example #33
0
    def login(self, request):
        serializer = LoginSerializer(data=request.data)
        if not serializer.is_valid():
            return Response(
                {
                    "success": False,
                    "massage": "Please check input.",
                    "errors": serializer.errors,
                },
                status=400)
        #validation ok , login
        username = serializer.validated_data['username']
        password = serializer.validated_data['password']

        if not User.objects.filter(username=username).exists():
            return Response(
                {
                    "success": False,
                    "massage": "User does not exists."
                },
                status=400)

        user = django_authenticate(username=username, password=password)
        if not user or user.is_anonymous:
            return Response(
                {
                    "success": False,
                    "massage": "Username and password does not match.",
                },
                status=400)
        django_login(request, user)
        return Response({
            "success": True,
            "user": UserSerializer(instance=user).data
        })
Example #34
0
 def login(self, request):
     """
     默认的 username 是 admin, password 也是 admin
     """
     # get post request body
     serializer = LoginSerializer(data=request.data)
     if not serializer.is_valid():
         return Response({
             "success": False,
             "message": "Please check input.",
             "errors": serializer.errors,
         }, status=400)
     username = serializer.validated_data['username']
     password = serializer.validated_data['password']
     user = django_authenticate(username=username, password=password)
     # User.objects.filter(username=username) will be translated to a query
     # you can debug by
     # queryset = User.objects.filter(username=username)
     # print(queryset.query)
     if not User.objects.filter(username=username).exists():
         return Response({
             "success": False,
             "message": "Please check input."
         }, status=400)
     if not user or user.is_anonymous:
         return Response({
             "success": False,
             "message": "Username and password does not match.",
         }, status=400)
     django_login(request, user)
     return Response({
         "success": True,
         "user": UserSerializer(instance=user).data,
     })
Example #35
0
    def authenticate(self, context, required=False):
        for (k, v) in context.invocation_metadata():
            if (k.lower() == "authorization"):
                (method, auth) = v.split(" ", 1)
                if (method.lower() == "basic"):
                    auth = base64.b64decode(auth)
                    (username, password) = auth.split(":")
                    user = django_authenticate(username=username,
                                               password=password)
                    if not user:
                        raise XOSPermissionDenied(
                            "failed to authenticate %s:%s" %
                            (username, password))
                    print "authenticated %s:%s as %s" % (username, password,
                                                         user)
                    return user
            elif (k.lower() == "x-xossession"):
                s = SessionStore(session_key=v)
                id = s.get("_auth_user_id", None)
                if not id:
                    raise XOSPermissionDenied(
                        "failed to authenticate token %s" % v)
                user = User.objects.get(id=id)
                print "authenticated sessionid %s as %s" % (v, user)
                return user

        if required:
            raise XOSPermissionDenied("This API requires authentication")

        return None
Example #36
0
def _let_user_login(request, user, email, password, next=''):

    user = django_authenticate(email=email, password=password)
    django_login(request, user)
    if next:
        return HttpResponseRedirect(redirect_to=next)
    return HttpResponseRedirect(redirect_to='/')
Example #37
0
    def test_change_credentials__with_referral(self):
        self.fast_account._model.referral_of = self.account._model
        self.fast_account.save()

        self.assertTrue(AccountPrototype.get_by_id(self.fast_account.id).is_fast)

        with mock.patch("the_tale.game.workers.supervisor.Worker.cmd_update_hero_with_account_data") as fake_cmd:
            with mock.patch(
                "the_tale.accounts.workers.accounts_manager.Worker.cmd_run_account_method"
            ) as cmd_run_account_method:
                self.fast_account.change_credentials(
                    new_email="*****@*****.**", new_password=make_password("222222"), new_nick="test_nick"
                )

        self.assertEqual(cmd_run_account_method.call_count, 1)
        self.assertEqual(
            cmd_run_account_method.call_args,
            mock.call(
                account_id=self.account.id, method_name=AccountPrototype.update_referrals_number.__name__, data={}
            ),
        )

        self.assertEqual(django_authenticate(nick="test_nick", password="******").id, self.fast_account.id)
        self.assertFalse(AccountPrototype.get_by_id(self.fast_account.id).is_fast)
        self.assertEqual(fake_cmd.call_count, 1)
        self.assertFalse(fake_cmd.call_args[1]["is_fast"])
Example #38
0
    def login(self, request):
        serializer = LoginSerializer(data=request.data)
        if not serializer.is_valid():
            return Response({
                "success": False,
                "error": serializer.errors,
            },
                            status=status.HTTP_400_BAD_REQUEST)

        # login
        username = serializer.validated_data['username']
        password = serializer.validated_data['password']
        user = django_authenticate(request,
                                   username=username,
                                   password=password)

        # username and password not match
        if not user or user.is_anonymous:
            return Response(
                {
                    "success": False,
                    "message": "Username and password not match"
                },
                status=status.HTTP_400_BAD_REQUEST)

        # valid username and password
        django_login(request, user)
        return Response(
            {
                "success": True,
                "user": UserSerializer(instance=user).data,
            },
            status=status.HTTP_200_OK)
Example #39
0
 def test_process(self):
     self.assertEqual(self.postponed_task.process(main_task=mock.Mock()),
                      POSTPONED_TASK_LOGIC_RESULT.SUCCESS)
     self.assertTrue(self.postponed_task.state.is_PROCESSED)
     self.assertEqual(
         django_authenticate(nick='test_nick', password='******').email,
         '*****@*****.**')
Example #40
0
def login(request):
    # Actually `username` can represent nickname and email
    username = str(request.POST['username'])
    password = str(request.POST['password'])

    # Authenticate
    user = django_authenticate(username=username, password=password)

    # Generate Response
    if user:
        # Check destroyed
        if user.destroyed:
            result = {"status": False, "result": _("User destroyed!")}
            return JsonResponse(result)
        # Check is_active
        if not user.is_active:
            result = {"status": False, "result": _("User is not active!")}
            return JsonResponse(result)
        # Check Blocked
        if user.blocked:
            result = {"status": False, "result": _("User blocked!")}
            return JsonResponse(result)
        # Set session
        django_login(request, user)
        result = {"status": True, "result": _("Login succeed!")}
        return JsonResponse(result)
    result = {"status": False, "result": _("Login Failed!")}
    return JsonResponse(result)
Example #41
0
def login(request):
    if request.method == 'POST':
        form = AuthenticationForm(data = request.POST)
        if form.is_valid():
            email = request.POST['email']
            password = request.POST['password']
            user = django_authenticate(email=email, password=password)
            if user is not None:
                if user.is_active and user.is_staff:
                    django_login(request,user)
                    return redirect('/dashboard') #user is redirected to dashboard
                else:
                    django_login(request,user)
                    return redirect('/dashboard2')
            else:
                form = AuthenticationForm()
                return render(request,'My_App/login.html',{'form':form,'error':'Incorrent Email and Password Try Again!'})
    else:
        if request.user.is_authenticated and request.user.is_staff:
            return redirect('/dashboard')
        elif request.user.is_authenticated:
            return redirect('/dashboard2')

        form = AuthenticationForm()

    return render(request,'My_App/login.html',{'form':form,})
Example #42
0
    def post(self, request, *args, **kwargs):
        form = self.get_form()
        if form.is_valid():
            username = request.POST['username']
            password = request.POST['password']
            user = django_authenticate(username=username, password=password)
            if user:
                if not user.is_validated:
                    msg = _('User is not validated.')
                    form._errors['__all__'] = form.error_class([msg])
                elif user.is_locked:
                    if datetime.now(pytz.utc) < user.locked_until:
                        msg = _('Your account is locked. Please try again in an hour')
                        form._errors['__all__'] = form.error_class([msg])
                    else:
                        user.unlock_user
                        return self.login_user(user)
                else:
                    return self.login_user(user)
            else:
                try:
                    user = User.objects.get(username=username)
                    user.add_login_attempt()
                except User.DoesNotExist:
                    pass

                if user.is_locked:
                    msg = _('Your account is locked. Please try again in an hour')
                    form._errors['__all__'] = form.error_class([msg])
                else:
                    msg = _('Invalid password.')
                    form._errors['password'] = form.error_class([msg])
        return self.render_to_response({'form': form})
Example #43
0
    def test_change_credentials__with_referral(self):
        self.fast_account._model.referral_of = self.account._model
        self.fast_account.save()

        self.assertTrue(
            AccountPrototype.get_by_id(self.fast_account.id).is_fast)

        with mock.patch(
                'the_tale.game.workers.supervisor.Worker.cmd_update_hero_with_account_data'
        ) as fake_cmd:
            with mock.patch(
                    'the_tale.accounts.workers.accounts_manager.Worker.cmd_run_account_method'
            ) as cmd_run_account_method:
                self.fast_account.change_credentials(
                    new_email='*****@*****.**',
                    new_password=make_password('222222'),
                    new_nick='test_nick')

        self.assertEqual(cmd_run_account_method.call_count, 1)
        self.assertEqual(
            cmd_run_account_method.call_args,
            mock.call(
                account_id=self.account.id,
                method_name=AccountPrototype.update_referrals_number.__name__,
                data={}))

        self.assertEqual(
            django_authenticate(nick='test_nick', password='******').id,
            self.fast_account.id)
        self.assertFalse(
            AccountPrototype.get_by_id(self.fast_account.id).is_fast)
        self.assertEqual(fake_cmd.call_count, 1)
        self.assertFalse(fake_cmd.call_args[1]['is_fast'])
Example #44
0
 def login(self, request):
     """
     默认的 username 是 admin, password 也是 admin
     """
     serializer = LoginSerializer(data=request.data)
     if not serializer.is_valid():
         return Response(
             {
                 "success": False,
                 "message": "Please check input",
                 "errors": serializer.errors,
             },
             status=400)
     username = serializer.validated_data['username']
     password = serializer.validated_data['password']
     user = django_authenticate(username=username, password=password)
     if not user or user.is_anonymous:
         return Response(
             {
                 "success": False,
                 "message": "username and password does not match",
             },
             status=400)
     django_login(request, user)
     return Response({
         "success": True,
         "user": UserSerializer(instance=user).data,
     })
Example #45
0
    def test_change_credentials_password(self):
        self.account.change_credentials(new_password=make_password('222222'))

        self.assertEqual(Message.objects.all().count(), 0)

        self.assertEqual(self.account.email, '*****@*****.**')
        user = django_authenticate(nick='test_user', password='******')
        self.assertEqual(user.id, self.account.id)
Example #46
0
 def test_reset_password_success(self):
     self.check_ajax_ok(
         self.client.post(reverse('accounts:profile:reset-password'),
                          {'email': self.account.email}))
     self.assertEqual(
         django_authenticate(nick=self.account.nick, password='******').id,
         self.account.id)
     self.assertEqual(ResetPasswordTask.objects.all().count(), 1)
Example #47
0
    def test_change_credentials_password(self):
        self.account.change_credentials(new_password=make_password("222222"))

        self.assertEqual(Message.objects.all().count(), 0)

        self.assertEqual(self.account.email, "*****@*****.**")
        user = django_authenticate(nick="test_user", password="******")
        self.assertEqual(user.id, self.account.id)
Example #48
0
    def test_change_credentials_nick(self):

        with mock.patch('the_tale.game.workers.supervisor.Worker.cmd_update_hero_with_account_data') as fake_cmd:
            self.account.change_credentials(new_nick='test_nick')

        self.assertEqual(Message.objects.all().count(), 0)
        self.assertEqual(fake_cmd.call_count, 0)
        self.assertEqual(django_authenticate(nick='test_nick', password='******').id, self.account.id)
Example #49
0
    def test_change_credentials_password(self):
        self.account.change_credentials(new_password=make_password('222222'))

        self.assertEqual(Message.objects.all().count(), 0)

        self.assertEqual(self.account.email, '*****@*****.**')
        user = django_authenticate(nick='test_user', password='******')
        self.assertEqual(user.id, self.account.id)
Example #50
0
    def test_change_credentials_nick(self):

        with mock.patch("the_tale.game.workers.supervisor.Worker.cmd_update_hero_with_account_data") as fake_cmd:
            self.account.change_credentials(new_nick="test_nick")

        self.assertEqual(Message.objects.all().count(), 0)
        self.assertEqual(fake_cmd.call_count, 0)
        self.assertEqual(django_authenticate(nick="test_nick", password="******").id, self.account.id)
Example #51
0
 def test_reset_password_page_for_wrong_email(self):
     self.check_ajax_error(
         self.client.post(reverse('accounts:profile:reset-password'),
                          {'email': '*****@*****.**'}),
         'accounts.profile.reset_password.wrong_email')
     self.assertEqual(
         django_authenticate(nick=self.account.nick, password='******').id,
         self.account.id)
     self.assertEqual(ResetPasswordTask.objects.all().count(), 0)
Example #52
0
def login_user(request, nick=None, password=None, remember=False):
    user = django_authenticate(nick=nick, password=password)

    if request.user.id != user.id:
        request.session.flush()

    django_login(request, user)

    if remember:
        request.session.set_expiry(accounts_settings.SESSION_REMEMBER_TIME)
Example #53
0
def authenticate(username, password):
    """
    Authenticate a given username/password with Django and make sure
    they're also a staff user.
    """
    user = django_authenticate(username=username, password=password)
    if not user or not user.is_staff:
        return False
    else:
        return True
Example #54
0
    def setUp(self):
        super(TestRequestsBase, self).setUp()
        create_test_map()
        self.client = client.Client()

        register_user('test_user', '*****@*****.**', '111111')
        register_user('test_user_2', '*****@*****.**', '111111')

        account = django_authenticate(nick='test_user_2', password='******')
        account.is_staff = True
        account.save()
Example #55
0
    def setUp(self):
        super(TestRequestsBase, self).setUp()
        create_test_map()
        self.client = client.Client()

        self.account_1 = self.accounts_factory.create_account()
        self.account_2 = self.accounts_factory.create_account()

        staff_account = django_authenticate(nick=self.account_2.nick, password='******')
        staff_account.is_staff = True
        staff_account.save()
Example #56
0
    def test_change_credentials_password(self):
        nick = self.account.nick
        email = self.account.email

        self.account.change_credentials(new_password=make_password('222222'))

        self.assertEqual(Message.objects.all().count(), 0)

        self.assertEqual(self.account.email, email)
        user = django_authenticate(nick=nick, password='******')
        self.assertEqual(user.id, self.account.id)
Example #57
0
def authenticate(request):
    user = django_authenticate()
    if user is not None:
        django_login(request, user)
        #redirect to valid logged page (preferably the user's request)
        redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, '')
        if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
            redirect_to = '/'
        return HttpResponseRedirect(redirect_to)
    else:
        # return invalid login page
        return HttpResponseRedirect('/invalid')
Example #58
0
    def test_reset_password_processed(self):
        task = ResetPasswordTaskPrototype.create(self.account)

        self.assertEqual(PostponedTaskPrototype._model_class.objects.all().count(), 0)
        self.assertEqual(ChangeCredentialsTaskPrototype._model_class.objects.all().count(), 0)

        self.check_html_ok(self.request_html(reverse('accounts:profile:reset-password-processed') + ('?task=%s' % task.uuid)))

        self.assertEqual(PostponedTaskPrototype._model_class.objects.all().count(), 1)
        self.assertEqual(ChangeCredentialsTaskPrototype._model_class.objects.all().count(), 1)

        self.assertEqual(django_authenticate(nick='test_user', password='******').id, self.account.id)
Example #59
0
def authenticate(request):
    user = django_authenticate(request=request)
    if user is not None:
        django_login(request, user)
        #redirect to valid login page
        response = HttpResponseRedirect(request.GET.get('next', '/'))
        set_cookie(response, "fb_user", user.id,
                   max_age=30 * 86400)
        return response
    else:
        # return invalid login page
        return HttpResponse('Invalid', 'text/plain')