def login_user(request, user): ''' hijack mechanism ''' hijack_history = [request.user._meta.pk.value_to_string(request.user)] if request.session.get('hijack_history'): hijack_history = request.session['hijack_history'] + hijack_history check_hijack_authorization(request, user) hijacker = request.user hijacked = user backend = get_used_backend(request) user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) last_login = user.last_login # Save last_login to reset it after hijack login login(request, user) user.last_login = last_login user.save() post_superuser_login.send(sender=None, user_id=user.pk) hijack_started.send(sender=None, hijacker_id=hijacker.pk, hijacked_id=hijacked.pk) request.session['hijack_history'] = hijack_history request.session['is_hijacked_user'] = True request.session['display_hijack_warning'] = True request.session.modified = True return redirect_to_next( request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
def login_user(request, hijacked): """Hijack user login.""" hijacker = request.user hijack_history = [request.user._meta.pk.value_to_string(hijacker)] if request.session.get("hijack_history"): hijack_history = request.session["hijack_history"] + hijack_history check_hijack_authorization(request, hijacked) backend = get_used_backend(request) hijacked.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) with no_update_last_login(): # Actually log user in login(request, hijacked) hijack_started.send( sender=None, request=request, hijacker=hijacker, hijacked=hijacked, # send IDs for backward compatibility hijacker_id=hijacker.pk, hijacked_id=hijacked.pk, ) request.session["hijack_history"] = hijack_history request.session["is_hijacked_user"] = True request.session["display_hijack_warning"] = True request.session.modified = True return redirect_to_next( request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
def login_user(request, hijacked): ''' hijack mechanism ''' hijacker = request.user hijack_history = [request.user._meta.pk.value_to_string(hijacker)] if request.session.get('hijack_history'): hijack_history = request.session['hijack_history'] + hijack_history check_hijack_authorization(request, hijacked) backend = get_used_backend(request) hijacked.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) with no_update_last_login(): # Actually log user in login(request, hijacked) hijack_started.send( sender=None, request=request, hijacker=hijacker, hijacked=hijacked, # send IDs for backward compatibility hijacker_id=hijacker.pk, hijacked_id=hijacked.pk) request.session['hijack_history'] = hijack_history request.session['is_hijacked_user'] = True request.session['display_hijack_warning'] = True request.session.modified = True return redirect_to_next(request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
def login_user(request, hijacked): ''' hijack mechanism ''' hijacker = request.user hijack_history = [request.user._meta.pk.value_to_string(hijacker)] if request.session.get('hijack_history'): hijack_history = request.session['hijack_history'] + hijack_history check_hijack_authorization(request, hijacked) backend = get_used_backend(request) hijacked.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) # Prevent update of hijacked user last_login signal_was_connected = user_logged_in.disconnect(update_last_login) # Actually log user in login(request, hijacked) # Restore signal if needed if signal_was_connected: user_logged_in.connect(update_last_login) post_superuser_login.send(sender=None, user_id=hijacked.pk) # Send legacy signal hijack_started.send(sender=None, hijacker_id=hijacker.pk, hijacked_id=hijacked.pk, request=request) # Send official, documented signal request.session['hijack_history'] = hijack_history request.session['is_hijacked_user'] = True request.session['display_hijack_warning'] = True request.session.modified = True return redirect_to_next( request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
def login_user(request, hijacked): ''' hijack mechanism ''' hijacker = request.user hijack_history = [request.user._meta.pk.value_to_string(hijacker)] if request.session.get('hijack_history'): hijack_history = request.session['hijack_history'] + hijack_history check_hijack_authorization(request, hijacked) backend = get_used_backend(request) hijacked.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) # Prevent update of hijacked user last_login signal_was_connected = user_logged_in.disconnect(update_last_login) # Actually log user in login(request, hijacked) # Restore signal if needed if signal_was_connected: user_logged_in.connect(update_last_login) post_superuser_login.send(sender=None, user_id=hijacked.pk) # Send legacy signal hijack_started.send(sender=None, hijacker_id=hijacker.pk, hijacked_id=hijacked.pk, request=request) # Send official, documented signal request.session['hijack_history'] = hijack_history request.session['is_hijacked_user'] = True request.session['display_hijack_warning'] = True request.session.modified = True return redirect_to_next(request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
def login_user(request, hijacked): ''' hijack mechanism ''' hijacker = request.user hijack_history = [request.user._meta.pk.value_to_string(hijacker)] if request.session.get('hijack_history'): hijack_history = request.session['hijack_history'] + hijack_history check_hijack_authorization(request, hijacked) backend = get_used_backend(request) hijacked.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) with no_update_last_login(): # Actually log user in login(request, hijacked) hijack_started.send(sender=None, hijacker_id=hijacker.pk, hijacked_id=hijacked.pk, request=request) # Send official, documented signal request.session['hijack_history'] = hijack_history request.session['is_hijacked_user'] = True request.session['display_hijack_warning'] = True request.session.modified = True return redirect_to_next(request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
def login_user(request, user): ''' hijack mechanism ''' hijack_history = [request.user._meta.pk.value_to_string(request.user)] if request.session.get('hijack_history'): hijack_history = request.session['hijack_history'] + hijack_history check_hijack_authorization(request, user) hijacker = request.user hijacked = user backend = get_used_backend(request) user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) last_login = user.last_login # Save last_login to reset it after hijack login login(request, user) user.last_login = last_login user.save() post_superuser_login.send(sender=None, user_id=user.pk) hijack_started.send(sender=None, hijacker_id=hijacker.id, hijacked_id=hijacked.id) request.session['hijack_history'] = hijack_history request.session['is_hijacked_user'] = True request.session['display_hijack_warning'] = True request.session.modified = True return redirect_to_next(request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)