def log_user_in(request, user, redirect_to):
# Ensure the user-originating redirection url is safe.
if not is_safe_url(url=redirect_to, host=request.get_host()):
redirect_to = settings.LOGIN_REDIRECT_URL
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
clear_login_failed_attempts(request, user.username)
if two_factor_auth_enabled(user) and \
not is_device_remembered(request.COOKIES.get('S2FA', ''), user):
return handle_two_factor_auth(request, user, redirect_to)
# Okay, security checks complete. Log the user in.
auth_login(request, user)
return HttpResponseRedirect(redirect_to)
def sys_sudo_mode(request):
if request.method not in ('GET', 'POST'):
return HttpResponseNotAllowed
# here we can't use @sys_staff_required
if not request.user.is_staff:
raise Http404
next_page = request.GET.get('next', reverse('sys_info'))
password_error = False
if request.method == 'POST':
password = request.POST.get('password')
username = request.user.username
ip = get_remote_ip(request)
if password:
user = authenticate(username=username, password=password)
if user:
update_sudo_mode_ts(request)
from seahub.auth.utils import clear_login_failed_attempts
clear_login_failed_attempts(request, username)
return HttpResponseRedirect(next_page)
password_error = True
from seahub.auth.utils import get_login_failed_attempts, incr_login_failed_attempts
failed_attempt = get_login_failed_attempts(username=username, ip=ip)
if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT:
# logout user
from seahub.auth import logout
logout(request)
return HttpResponseRedirect(reverse('auth_login'))
else:
incr_login_failed_attempts(username=username, ip=ip)
enable_shib_login = getattr(settings, 'ENABLE_SHIB_LOGIN', False)
enable_adfs_login = getattr(settings, 'ENABLE_ADFS_LOGIN', False)
return render(
request, 'sysadmin/sudo_mode.html', {
'password_error': password_error,
'enable_sso': enable_shib_login or enable_adfs_login,
'next': next_page,
})
