def websso(request): """Logs a user in using a token from Keystone's POST.""" referer = request.META.get('HTTP_REFERER', settings.OPENSTACK_KEYSTONE_URL) auth_url = utils.clean_up_auth_url(referer) token = request.POST.get('token') try: request.user = auth.authenticate(request=request, auth_url=auth_url, token=token) except exceptions.KeystoneAuthException as exc: if utils.is_websso_default_redirect(): res = django_http.HttpResponseRedirect(settings.LOGIN_ERROR) else: msg = 'Login failed: %s' % six.text_type(exc) res = django_http.HttpResponseRedirect(settings.LOGIN_URL) res.set_cookie('logout_reason', msg, max_age=10) return res auth_user.set_session_from_user(request, request.user) auth.login(request, request.user) if request.session.test_cookie_worked(): request.session.delete_test_cookie() return django_http.HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
def websso(request): """Logs a user in using a token from Keystone's POST.""" referer = request.META.get('HTTP_REFERER', settings.OPENSTACK_KEYSTONE_URL) auth_url = utils.clean_up_auth_url(referer) token = request.POST.get('token') try: request.user = auth.authenticate(request=request, auth_url=auth_url, token=token) except exceptions.KeystoneAuthException as exc: if utils.is_websso_default_redirect(): res = django_http.HttpResponseRedirect(settings.LOGIN_ERROR) else: msg = 'Login failed: %s' % six.text_type(exc) res = django_http.HttpResponseRedirect(settings.LOGIN_URL) res.set_cookie('logout_reason', msg, max_age=10) return res auth_user.set_session_from_user(request, request.user) auth.login(request, request.user) if request.session.test_cookie_worked(): request.session.delete_test_cookie() return django_http.HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
def logout(request, login_url=None, **kwargs): """Logs out the user if he is logged in. Then redirects to the log-in page. :param login_url: Once logged out, defines the URL where to redirect after login :param kwargs: see django.contrib.auth.views.logout_then_login extra parameters. """ msg = 'Logging out user "%(username)s".' % \ {'username': request.user.username} LOG.info(msg) """ Securely logs a user out. """ if (utils.is_websso_enabled and utils.is_websso_default_redirect() and utils.get_websso_default_redirect_logout()): auth_user.unset_session_user_variables(request) return django_http.HttpResponseRedirect( utils.get_websso_default_redirect_logout()) else: return django_auth_views.logout_then_login(request, login_url=login_url, **kwargs)
def logout(request, login_url=None, **kwargs): """Logs out the user if he is logged in. Then redirects to the log-in page. :param login_url: Once logged out, defines the URL where to redirect after login :param kwargs: see django.contrib.auth.views.logout_then_login extra parameters. """ msg = 'Logging out user "%(username)s".' % \ {'username': request.user.username} LOG.info(msg) """ Securely logs a user out. """ if (utils.is_websso_enabled and utils.is_websso_default_redirect() and utils.get_websso_default_redirect_logout()): auth_user.unset_session_user_variables(request) return django_http.HttpResponseRedirect( utils.get_websso_default_redirect_logout()) else: return django_auth_views.logout_then_login(request, login_url=login_url, **kwargs)
def login(request, template_name=None, extra_context=None, **kwargs): """Logs a user in using the :class:`~openstack_auth.forms.Login` form.""" # If the user enabled websso and the default redirect # redirect to the default websso url if (request.method == 'GET' and utils.is_websso_enabled and utils.is_websso_default_redirect()): protocol = utils.get_websso_default_redirect_protocol() region = utils.get_websso_default_redirect_region() origin = request.build_absolute_uri('/auth/websso/') url = ('%s/auth/OS-FEDERATION/websso/%s?origin=%s' % (region, protocol, origin)) return shortcuts.redirect(url) # If the user enabled websso and selects default protocol # from the dropdown, We need to redirect user to the websso url if request.method == 'POST': auth_type = request.POST.get('auth_type', 'credentials') if utils.is_websso_enabled() and auth_type != 'credentials': region_id = request.POST.get('region') auth_url = getattr(settings, 'WEBSSO_KEYSTONE_URL', forms.get_region_endpoint(region_id)) url = utils.get_websso_url(request, auth_url, auth_type) return shortcuts.redirect(url) if not request.is_ajax(): # If the user is already authenticated, redirect them to the # dashboard straight away, unless the 'next' parameter is set as it # usually indicates requesting access to a page that requires different # permissions. if (request.user.is_authenticated and auth.REDIRECT_FIELD_NAME not in request.GET and auth.REDIRECT_FIELD_NAME not in request.POST): return shortcuts.redirect(settings.LOGIN_REDIRECT_URL) # Get our initial region for the form. initial = {} current_region = request.session.get('region_endpoint', None) requested_region = request.GET.get('region', None) regions = dict(getattr(settings, "AVAILABLE_REGIONS", [])) if requested_region in regions and requested_region != current_region: initial.update({'region': requested_region}) if request.method == "POST": form = functional.curry(forms.Login) else: form = functional.curry(forms.Login, initial=initial) if extra_context is None: extra_context = {'redirect_field_name': auth.REDIRECT_FIELD_NAME} extra_context['csrf_failure'] = request.GET.get('csrf_failure') choices = getattr(settings, 'WEBSSO_CHOICES', ()) extra_context['show_sso_opts'] = (utils.is_websso_enabled() and len(choices) > 1) if not template_name: if request.is_ajax(): template_name = 'auth/_login.html' extra_context['hide'] = True else: template_name = 'auth/login.html' res = django_auth_views.login(request, template_name=template_name, authentication_form=form, extra_context=extra_context, **kwargs) # Save the region in the cookie, this is used as the default # selected region next time the Login form loads. if request.method == "POST": utils.set_response_cookie(res, 'login_region', request.POST.get('region', '')) utils.set_response_cookie(res, 'login_domain', request.POST.get('domain', '')) # Set the session data here because django's session key rotation # will erase it if we set it earlier. if request.user.is_authenticated: auth_user.set_session_from_user(request, request.user) regions = dict(forms.Login.get_region_choices()) region = request.user.endpoint login_region = request.POST.get('region') region_name = regions.get(login_region) request.session['region_endpoint'] = region request.session['region_name'] = region_name expiration_time = request.user.time_until_expiration() threshold_days = getattr( settings, 'PASSWORD_EXPIRES_WARNING_THRESHOLD_DAYS', -1) if expiration_time is not None and \ expiration_time.days <= threshold_days: expiration_time = str(expiration_time).rsplit(':', 1)[0] msg = (_('Please consider changing your password, it will expire' ' in %s minutes') % expiration_time).replace(':', ' Hours and ') messages.warning(request, msg) return res
def login(request, template_name=None, extra_context=None, **kwargs): """Logs a user in using the :class:`~openstack_auth.forms.Login` form.""" # If the user enabled websso and the default redirect # redirect to the default websso url if (request.method == 'GET' and utils.is_websso_enabled and utils.is_websso_default_redirect()): protocol = utils.get_websso_default_redirect_protocol() region = utils.get_websso_default_redirect_region() origin = utils.build_absolute_uri(request, '/auth/websso/') url = ('%s/auth/OS-FEDERATION/websso/%s?origin=%s' % (region, protocol, origin)) return shortcuts.redirect(url) # If the user enabled websso and selects default protocol # from the dropdown, We need to redirect user to the websso url if request.method == 'POST': auth_type = request.POST.get('auth_type', 'credentials') if utils.is_websso_enabled() and auth_type != 'credentials': region_id = request.POST.get('region') auth_url = getattr(settings, 'WEBSSO_KEYSTONE_URL', forms.get_region_endpoint(region_id)) url = utils.get_websso_url(request, auth_url, auth_type) return shortcuts.redirect(url) if not request.is_ajax(): # If the user is already authenticated, redirect them to the # dashboard straight away, unless the 'next' parameter is set as it # usually indicates requesting access to a page that requires different # permissions. if (request.user.is_authenticated and auth.REDIRECT_FIELD_NAME not in request.GET and auth.REDIRECT_FIELD_NAME not in request.POST): return shortcuts.redirect(settings.LOGIN_REDIRECT_URL) # Get our initial region for the form. initial = {} current_region = request.session.get('region_endpoint', None) requested_region = request.GET.get('region', None) regions = dict(getattr(settings, "AVAILABLE_REGIONS", [])) if requested_region in regions and requested_region != current_region: initial.update({'region': requested_region}) if request.method == "POST": form = functional.curry(forms.Login) else: form = functional.curry(forms.Login, initial=initial) if extra_context is None: extra_context = {'redirect_field_name': auth.REDIRECT_FIELD_NAME} extra_context['csrf_failure'] = request.GET.get('csrf_failure') choices = getattr(settings, 'WEBSSO_CHOICES', ()) extra_context['show_sso_opts'] = (utils.is_websso_enabled() and len(choices) > 1) if not template_name: if request.is_ajax(): template_name = 'auth/_login.html' extra_context['hide'] = True else: template_name = 'auth/login.html' res = django_auth_views.login(request, template_name=template_name, authentication_form=form, extra_context=extra_context, **kwargs) # Save the region in the cookie, this is used as the default # selected region next time the Login form loads. if request.method == "POST": utils.set_response_cookie(res, 'login_region', request.POST.get('region', '')) utils.set_response_cookie(res, 'login_domain', request.POST.get('domain', '')) # Set the session data here because django's session key rotation # will erase it if we set it earlier. if request.user.is_authenticated: auth_user.set_session_from_user(request, request.user) regions = dict(forms.Login.get_region_choices()) region = request.user.endpoint login_region = request.POST.get('region') region_name = regions.get(login_region) request.session['region_endpoint'] = region request.session['region_name'] = region_name expiration_time = request.user.time_until_expiration() threshold_days = getattr( settings, 'PASSWORD_EXPIRES_WARNING_THRESHOLD_DAYS', -1) if expiration_time is not None and \ expiration_time.days <= threshold_days: expiration_time = str(expiration_time).rsplit(':', 1)[0] msg = (_('Please consider changing your password, it will expire' ' in %s minutes') % expiration_time).replace(':', ' Hours and ') messages.warning(request, msg) return res