def __init__(self, *args, **kwargs): super(Login, self).__init__(*args, **kwargs) fields_ordering = ['username', 'password', 'region'] if getattr(settings, 'OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT', False): last_domain = self.request.COOKIES.get('login_domain', None) self.fields['domain'] = forms.CharField( initial=last_domain, label=_("Domain"), required=True, widget=forms.TextInput(attrs={"autofocus": "autofocus"})) self.fields['username'].widget = forms.widgets.TextInput() fields_ordering = ['domain', 'username', 'password', 'region'] self.fields['region'].choices = self.get_region_choices() if len(self.fields['region'].choices) == 1: self.fields['region'].initial = self.fields['region'].choices[0][0] self.fields['region'].widget = forms.widgets.HiddenInput() elif len(self.fields['region'].choices) > 1: self.fields['region'].initial = self.request.COOKIES.get( 'login_region') # if websso is enabled and keystone version supported # prepend the websso_choices select input to the form if utils.is_websso_enabled(): initial = getattr(settings, 'WEBSSO_INITIAL_CHOICE', 'credentials') self.fields['auth_type'] = forms.ChoiceField( label=_("Authenticate using"), choices=getattr(settings, 'WEBSSO_CHOICES', ()), required=False, initial=initial) # add auth_type to the top of the list fields_ordering.insert(0, 'auth_type') # websso is enabled, but keystone version is not supported elif getattr(settings, 'WEBSSO_ENABLED', False): msg = ("Websso is enabled but horizon is not configured to work " + "with keystone version 3 or above.") LOG.warning(msg) self.fields = collections.OrderedDict( (key, self.fields[key]) for key in fields_ordering)
# You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or # implied. # See the License for the specific language governing permissions and # limitations under the License. from django.conf.urls import url from idm_auth import utils from idm_auth import views utils.patch_middleware_get_user() urlpatterns = [ url(r"^login/$", views.login, name='login'), url(r"^logout/$", views.logout, name='logout'), url(r'^switch/(?P<tenant_id>[^/]+)/$', views.switch, name='switch_tenants'), url(r'^switch_services_region/(?P<region_name>[^/]+)/$', views.switch_region, name='switch_services_region') ] if utils.is_websso_enabled(): urlpatterns.append(url(r"^websso/$", views.websso, name='websso'))
def login(request, template_name=None, extra_context=None, **kwargs): """Logs a user in using the :class:`~openstack_auth.forms.Login` form.""" # If the user enabled websso and selects default protocol # from the dropdown, We need to redirect user to the websso url if request.method == 'POST': auth_type = request.POST.get('auth_type', 'credentials') if utils.is_websso_enabled() and auth_type != 'credentials': auth_url = request.POST.get('region') url = utils.get_websso_url(request, auth_url, auth_type) return shortcuts.redirect(url) if not request.is_ajax(): # If the user is already authenticated, redirect them to the # dashboard straight away, unless the 'next' parameter is set as it # usually indicates requesting access to a page that requires different # permissions. if (request.user.is_authenticated() and auth.REDIRECT_FIELD_NAME not in request.GET and auth.REDIRECT_FIELD_NAME not in request.POST): return shortcuts.redirect(settings.LOGIN_REDIRECT_URL) # Get our initial region for the form. initial = {} current_region = request.session.get('region_endpoint', None) requested_region = request.GET.get('region', None) regions = dict(getattr(settings, "AVAILABLE_REGIONS", [])) if requested_region in regions and requested_region != current_region: initial.update({'region': requested_region}) if request.method == "POST": form = functional.curry(forms.Login) else: form = functional.curry(forms.Login, initial=initial) if extra_context is None: extra_context = {'redirect_field_name': auth.REDIRECT_FIELD_NAME} if not template_name: if request.is_ajax(): template_name = 'auth/_login.html' extra_context['hide'] = True else: template_name = 'auth/login.html' res = django_auth_views.login(request, template_name=template_name, authentication_form=form, extra_context=extra_context, **kwargs) # Save the region in the cookie, this is used as the default # selected region next time the Login form loads. if request.method == "POST": utils.set_response_cookie(res, 'login_region', request.POST.get('region', '')) utils.set_response_cookie(res, 'login_domain', request.POST.get('domain', '')) # Set the session data here because django's session key rotation # will erase it if we set it earlier. if request.user.is_authenticated(): auth_user.set_session_from_user(request, request.user) regions = dict(forms.Login.get_region_choices()) region = request.user.endpoint login_region = request.POST.get('region') region_name = regions.get(login_region) request.session['region_endpoint'] = region request.session['region_name'] = region_name return res
# # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or # implied. # See the License for the specific language governing permissions and # limitations under the License. from django.conf.urls import url from idm_auth import utils from idm_auth import views utils.patch_middleware_get_user() urlpatterns = [ url(r"^login/$", views.login, name='login'), url(r"^logout/$", views.logout, name='logout'), url(r'^switch/(?P<tenant_id>[^/]+)/$', views.switch, name='switch_tenants'), url(r'^switch_services_region/(?P<region_name>[^/]+)/$', views.switch_region, name='switch_services_region') ] if utils.is_websso_enabled(): urlpatterns.append(url(r"^websso/$", views.websso, name='websso'))