Example #1
0
def login_user(request, user):
    ''' hijack mechanism '''
    hijack_history = [request.user._meta.pk.value_to_string(request.user)]
    if request.session.get('hijack_history'):
        hijack_history = request.session['hijack_history'] + hijack_history

    check_hijack_authorization(request, user)
    hijacker = request.user
    hijacked = user

    backend = get_used_backend(request)
    user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
    last_login = user.last_login  # Save last_login to reset it after hijack login
    login(request, user)
    user.last_login = last_login
    user.save()
    post_superuser_login.send(sender=None, user_id=user.pk)
    hijack_started.send(sender=None,
                        hijacker_id=hijacker.pk,
                        hijacked_id=hijacked.pk)
    request.session['hijack_history'] = hijack_history
    request.session['is_hijacked_user'] = True
    request.session['display_hijack_warning'] = True
    request.session.modified = True
    return redirect_to_next(
        request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
Example #2
0
def login_user(request, hijacked):
    ''' hijack mechanism '''
    hijacker = request.user
    hijack_history = [request.user._meta.pk.value_to_string(hijacker)]
    if request.session.get('hijack_history'):
        hijack_history = request.session['hijack_history'] + hijack_history

    check_hijack_authorization(request, hijacked)

    backend = get_used_backend(request)
    hijacked.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)

    # Prevent update of hijacked user last_login
    signal_was_connected = user_logged_in.disconnect(update_last_login)

    # Actually log user in
    login(request, hijacked)

    # Restore signal if needed
    if signal_was_connected:
        user_logged_in.connect(update_last_login)

    post_superuser_login.send(sender=None, user_id=hijacked.pk)  # Send legacy signal
    hijack_started.send(sender=None, hijacker_id=hijacker.pk, hijacked_id=hijacked.pk, request=request)  # Send official, documented signal
    request.session['hijack_history'] = hijack_history
    request.session['is_hijacked_user'] = True
    request.session['display_hijack_warning'] = True
    request.session.modified = True
    return redirect_to_next(request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
Example #3
0
def login_user(request, hijacked):
    ''' hijack mechanism '''
    hijacker = request.user
    hijack_history = [request.user._meta.pk.value_to_string(hijacker)]
    if request.session.get('hijack_history'):
        hijack_history = request.session['hijack_history'] + hijack_history

    check_hijack_authorization(request, hijacked)

    backend = get_used_backend(request)
    hijacked.backend = "%s.%s" % (backend.__module__,
                                  backend.__class__.__name__)

    # Prevent update of hijacked user last_login
    signal_was_connected = user_logged_in.disconnect(update_last_login)

    # Actually log user in
    login(request, hijacked)

    # Restore signal if needed
    if signal_was_connected:
        user_logged_in.connect(update_last_login)

    post_superuser_login.send(sender=None,
                              user_id=hijacked.pk)  # Send legacy signal
    hijack_started.send(sender=None,
                        hijacker_id=hijacker.pk,
                        hijacked_id=hijacked.pk,
                        request=request)  # Send official, documented signal
    request.session['hijack_history'] = hijack_history
    request.session['is_hijacked_user'] = True
    request.session['display_hijack_warning'] = True
    request.session.modified = True
    return redirect_to_next(
        request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
Example #4
0
def login_user(request, user):
    ''' hijack mechanism '''
    hijack_history = [request.user.pk]
    if request.session.get('hijack_history'):
        hijack_history = request.session['hijack_history'] + hijack_history
    if not request.user.is_superuser:
        if getattr(settings, "ALLOW_STAFF_TO_HIJACKUSER", False):
            # staff allowed, so check if user is staff
            if not user.is_staff:
                raise PermissionDenied
        else:
            # if user is not super user / staff he should be redirected to the admin login
            raise PermissionDenied  # pragma: no cover
    backend = get_backends()[0]
    user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
    login(request, user)
    post_superuser_login.send(sender=None, user_id=user.pk)
    request.session['is_hijacked_user'] = True
    request.session['hijack_history'] = hijack_history
    request.session.modified = True
    redirect_to = request.GET.get(
        'next',
        getattr(settings, 'HIJACK_LOGIN_REDIRECT_URL',
                getattr(settings, 'LOGIN_REDIRECT_URL', '/')))
    return HttpResponseRedirect(redirect_to)
Example #5
0
def login_user(request, user):
    ''' hijack mechanism '''
    hijack_history = [request.user.pk]
    if request.session.get('hijack_history'):
        hijack_history = request.session['hijack_history'] + hijack_history

    check_hijack_permission(request, user)

    backend = get_used_backend(request)
    user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
    login(request, user)
    post_superuser_login.send(sender=None, user_id=user.pk)
    request.session['is_hijacked_user'] = True
    request.session['hijack_history'] = hijack_history
    request.session.modified = True
    redirect_to = request.GET.get(
        'next',
        getattr(settings, 'HIJACK_LOGIN_REDIRECT_URL',
                getattr(settings, 'LOGIN_REDIRECT_URL', '/')))
    return HttpResponseRedirect(resolve_url(redirect_to))
Example #6
0
def login_user(request, user):
    ''' hijack mechanism '''
    hijack_history = [request.user.pk]
    if request.session.get('hijack_history'):
        hijack_history = request.session['hijack_history'] + hijack_history
    if not request.user.is_superuser:
        if getattr(settings, "ALLOW_STAFF_TO_HIJACKUSER", False):
            # staff allowed, so check if user is staff
            if not user.is_staff:
                raise PermissionDenied
        else:
            raise PermissionDenied
    backend = get_backends()[0]
    user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
    login(request, user)
    post_superuser_login.send(sender=None, user_id=user.pk)
    request.session['is_hijacked_user'] = True
    request.session['hijack_history'] = hijack_history
    request.session.modified = True
    return HttpResponseRedirect(getattr(settings, 'LOGIN_REDIRECT_URL', '/'))
Example #7
0
def login_user(request, user):
    ''' hijack mechanism '''
    hijack_history = [request.user.pk]
    if request.session.get('hijack_history'):
        hijack_history = request.session['hijack_history'] + hijack_history

    check_hijack_permission(request, user)

    backend = get_backends()[0]
    user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
    login(request, user)
    post_superuser_login.send(sender=None, user_id=user.pk)
    request.session['is_hijacked_user'] = True
    request.session['hijack_history'] = hijack_history
    request.session.modified = True
    redirect_to = request.GET.get('next',
                                  getattr(settings,
                                          'HIJACK_LOGIN_REDIRECT_URL',
                                          getattr(settings,
                                                  'LOGIN_REDIRECT_URL', '/')))
    return HttpResponseRedirect(resolve_url(redirect_to))
Example #8
0
def login_user(request, user):
    ''' hijack mechanism '''
    hijack_history = [request.user._meta.pk.value_to_string(request.user)]
    if request.session.get('hijack_history'):
        hijack_history = request.session['hijack_history'] + hijack_history

    check_hijack_authorization(request, user)
    hijacker = request.user
    hijacked = user

    backend = get_used_backend(request)
    user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
    last_login = user.last_login  # Save last_login to reset it after hijack login
    login(request, user)
    user.last_login = last_login
    user.save()
    post_superuser_login.send(sender=None, user_id=user.pk)
    hijack_started.send(sender=None, hijacker_id=hijacker.id, hijacked_id=hijacked.id)
    request.session['hijack_history'] = hijack_history
    request.session['is_hijacked_user'] = True
    request.session['display_hijack_warning'] = True
    request.session.modified = True
    return redirect_to_next(request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)