def login_view(request):
"""
Handle login
"""
# Only allow users to access login page if they are not logged in
if not request.user.is_anonymous:
return redirect('user:profile', username=request.user.username)
# Handle form
if request.method == 'POST' and 'login-submit' in request.POST:
# Create login form bound to request data
form = LoginForm(request.POST)
# Validate the form
if form.is_valid():
username = form.cleaned_data['username']
password = form.cleaned_data['password']
# Authenticate
user = authenticate(request, username=username, password=password)
# If not authenticated, user will be None
if user is not None:
# The password has been verified for the user
if user.is_active:
# Check for multi factor authentication
mfa_response = has_mfa(request, user.username)
if mfa_response:
return mfa_response
return log_user_in(request, user)
else:
# The password is valid, but the user account has been disabled
# Return a disabled account 'error' message
messages.error(
request,
"Sorry, but your account has been disabled. Please contact the site "
"administrator for more details.")
else:
# User was not authenticated, return errors
messages.warning(
request,
"Whoops! We were not able to log you in. Please check your username and "
"password and try again.")
else:
# Create new empty login form
form = LoginForm()
# Determine if signup is disabled or not
signup_enabled = settings.ENABLE_OPEN_SIGNUP if hasattr(
settings, 'ENABLE_OPEN_SIGNUP') else False
context = {'form': form, 'signup_enabled': signup_enabled}
return render(request, 'tethys_portal/accounts/login.html', context)
def check(request):
if request.method == "GET":
if "mfa" in settings.INSTALLED_APPS and getattr(
settings, "MFA_QUICKLOGIN",
False) and request.COOKIES.get('base_username'):
print("in get funct")
username = request.COOKIES.get('base_username')
from mfa.helpers import has_mfa
res = has_mfa(
username=username,
request=request,
)
if res: return res
return render_to_response("login.html")
if request.method == "POST":
username = request.POST['username']
password = request.POST['password']
print(username)
print(password)
user = authenticate(username=username, password=password)
err = ""
if user is not None:
if user.is_active:
if "mfa" in settings.INSTALLED_APPS:
from mfa.helpers import has_mfa
res = has_mfa(request, username=username)
print(res)
if res:
print("aa")
return res
print("aa")
return log_user_in(request, username)
else:
err = "This user is NOT activated yet."
else:
err = "The username or the password is wrong."
print("Error:", err)
return render_to_response("login.html", {"err": err})
else:
print("a")
return render_to_response("login.html")
def settings(request, username=None):
"""
Handle the settings view. Access to change settings are not publicly accessible
"""
# Get the user object from model
request_user = request.user
# Users are not allowed to make changes to other users settings
if request_user.username != username:
messages.warning(request, "You are not allowed to change other users' settings.")
return redirect('user:profile', username=request_user.username)
if request.method == 'POST' and 'user-settings-submit' in request.POST:
# Create a form populated with request data
form = UserSettingsForm(request.POST)
if form.is_valid():
first_name = form.cleaned_data['first_name']
last_name = form.cleaned_data['last_name']
email = form.cleaned_data['email']
# Update the User Model
request_user.first_name = first_name
request_user.last_name = last_name
request_user.email = email
# Save changes
request_user.save()
# Redirect
return redirect('user:profile', username=username)
else:
# Create a form populated with data from the instance user
form = UserSettingsForm(instance=request_user)
# Create template context object
user_token, token_created = Token.objects.get_or_create(user=request_user)
codename = 'user_workspace_quota'
rqh = WorkspaceQuotaHandler(request_user)
current_use = _convert_storage_units(rqh.units, rqh.get_current_use())
quota = get_quota(request_user, codename)
quota = _check_quota_helper(quota)
context = {'form': form,
'context_user': request.user,
'user_token': user_token.key,
'current_use': current_use,
'quota': quota,
'has_mfa': has_mfa(username=request.user.username, request=request),
'mfa_required': getattr(django_settings, 'MFA_REQUIRED', False),
}
return render(request, 'tethys_portal/user/settings.html', context)
def loginView(request):
context = {}
if request.method == "POST":
username = request.POST["username"]
password = request.POST["password"]
user = authenticate(username=username, password=password)
if user:
from mfa.helpers import has_mfa
res = has_mfa(username=username, request=request
) # has_mfa returns false or HttpResponseRedirect
if res:
return res
return create_session(request, user.username)
context["invalid"] = True
return render(request, "login.html", context)
def loginView(request):
context = {}
if request.method == "POST":
username = request.POST["username"]
password = request.POST["password"]
user = authenticate(username=username, password=password)
if user:
from mfa.helpers import has_mfa
res = has_mfa(username=username, request=request
) # has_mfa returns false or HttpResponseRedirect
if res:
res.set_cookie("base_username",
username,
path="/",
max_age=15 * 24 * 60 * 60)
return res
response = create_session(request, user.username)
response.set_cookie("base_username",
username,
path="/",
max_age=15 * 24 * 60 * 60)
return response
context["invalid"] = True
else:
if "mfa" in settings.INSTALLED_APPS and getattr(
settings, "MFA_QUICKLOGIN",
False) and request.COOKIES.get('base_username'):
username = request.COOKIES.get('base_username')
from mfa.helpers import has_mfa
res = has_mfa(
username=username,
request=request,
)
if res: return res
## continue and return the form.
return render(request, "login.html", context)
def __call__(self, request):
mfa_required = getattr(settings, 'MFA_REQUIRED', False)
sso_mfa_required = getattr(settings, 'SSO_MFA_REQUIRED', False)
admin_mfa_required = getattr(settings, 'ADMIN_MFA_REQUIRED', True)
# Override MFA_REQUIRED setting for API Token authentication
if mfa_required and 'Authorization' in request.headers \
and TokenAuthentication.keyword in request.headers['Authorization']:
# Verify Token
try:
ta = TokenAuthentication()
ta.authenticate(request)
mfa_required = False
except AuthenticationFailed:
pass
# Override MFA_REQUIRED setting for users logged in with SSO
has_social_auth_attr = getattr(request.user, 'social_auth',
None) is not None
if mfa_required and not sso_mfa_required and has_social_auth_attr and request.user.social_auth.count(
) > 0:
mfa_required = False
# Override MFA_REQUIRED setting for staff users
if mfa_required and not admin_mfa_required and request.user.is_staff:
mfa_required = False
if mfa_required and not has_mfa(request, request.user.username):
if '/mfa' not in request.path \
and '/devices' not in request.path \
and '/oauth2' not in request.path \
and '/accounts' not in request.path \
and '/user' not in request.path \
and '/captcha' not in request.path \
and request.path != '/':
messages.error(
request,
'You must configure Multi Factor Authentication to continue.'
)
return redirect('mfa_home')
response = self.get_response(request)
return response
def check(request):
if request.method=="POST":
print "In Check"
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
err=""
if user is not None:
if user.is_active:
if "mfa" in settings.INSTALLED_APPS:
from mfa.helpers import has_mfa
res = has_mfa(request,username=username)
if res: return res
return log_user_in(request,username)
else:
err="This user is NOT activated yet."
else:
err="The username or the password is wrong."
print "Error:", err
return render_to_response("login.html",{"err":err},context_instance=RequestContext(request))
else:
return render_to_response("login.html",context_instance=RequestContext(request))
def profile(request, username=None):
"""
Handle the profile view. Profiles could potentially be publicly accessible.
"""
# The profile should display information about the user that is given in the url.
# However, the template will hide certain information if the username is not the same
# as the username of the user that is accessing the page.
context_user = User.objects.get(username=username)
user_token, token_created = Token.objects.get_or_create(user=context_user)
codename = 'user_workspace_quota'
rqh = WorkspaceQuotaHandler(context_user)
current_use = _convert_storage_units(rqh.units, rqh.get_current_use())
quota = get_quota(context_user, codename)
quota = _check_quota_helper(quota)
context = {
'context_user': context_user,
'user_token': user_token.key,
'current_use': current_use,
'quota': quota,
'has_mfa': has_mfa(username=request.user.username, request=request),
'mfa_required': getattr(django_settings, 'MFA_REQUIRED', False)
}
return render(request, 'tethys_portal/user/profile.html', context)