def process_request(self, request):
if self._is_enabled(request):
if not request.session.get('test_cookie_secret'):
request.session['test_cookie_secret'] = str(
RandomPassword().get(ascii=True))
request.session.save()
if not request.COOKIES.get('satctoken'):
UserAuthAttempt.clean()
UserAuthAttempt.store(request)
def process_request(self, request):
if self._is_enabled(request):
if not request.session.get('test_cookie_secret'):
request.session['test_cookie_secret'] = str(
RandomPassword().get(ascii=True))
request.session.save()
if not request.COOKIES.get('satctoken'):
UserAuthAttempt.clean()
UserAuthAttempt.store(request)
def login_confirmation(request, template_name='secureauth/confirmation.html',
authentication_form=ConfirmAuthenticationForm,
extra_context=None, current_app=None
): # pylint: disable=R0913
if CHECK_ATTEMPT and UserAuthAttempt.is_banned(request):
return HttpResponseBadRequest()
data = get_data(request)
if extra_context is None and data.get('extra_context'):
extra_context = data.get('extra_context')
if hasattr(request, 'user') and request.user.is_authenticated():
return HttpResponseRedirect(data.get('redirect_to', '/'))
elif request.method == "POST":
form = authentication_form(data, request.POST)
if form.is_valid():
user = form.get_user()
if user and data.get('user_pk') == user.pk:
auth_login(request, user)
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
if UserAuthLogging.is_enabled(request):
UserAuthActivity.check_location(request)
UserAuthActivity.log_auth(
request, form.cleaned_data.get('auth_type'))
UserAuthNotification.notify(request)
UserAuthAttempt.remove(request)
request.session['ip'] = get_ip(request)
return HttpResponseRedirect(data.get('redirect_to'))
else:
return HttpResponseBadRequest()
elif CHECK_ATTEMPT is True:
UserAuthAttempt.clean()
UserAuthAttempt.store(request)
else:
form = authentication_form(data)
request.session.set_test_cookie()
current_site = get_current_site(request)
context = {
'form': form,
'site': current_site,
'site_name': current_site.name,
'data': request.GET.get('data'),
}
if extra_context is not None:
context.update(extra_context)
if django.VERSION < (1, 8):
return TemplateResponse(
request, template_name, context, current_app=current_app)
else:
return TemplateResponse(
request, template_name, context)
def login_confirmation(request,
template_name='secureauth/confirmation.html',
authentication_form=ConfirmAuthenticationForm,
extra_context=None,
current_app=None): # pylint: disable=R0913
if CHECK_ATTEMPT and UserAuthAttempt.is_banned(request):
return HttpResponseBadRequest()
data = get_data(request)
if extra_context is None and data.get('extra_context'):
extra_context = data.get('extra_context')
if hasattr(request, 'user') and request.user.is_authenticated():
return HttpResponseRedirect(data.get('redirect_to', '/'))
elif request.method == "POST":
form = authentication_form(data, request.POST)
if form.is_valid():
user = form.get_user()
if user and data.get('user_pk') == user.pk:
auth_login(request, user)
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
if UserAuthLogging.is_enabled(request):
UserAuthActivity.check_location(request)
UserAuthActivity.log_auth(
request, form.cleaned_data.get('auth_type'))
UserAuthNotification.notify(request)
UserAuthAttempt.remove(request)
request.session['ip'] = get_ip(request)
return HttpResponseRedirect(data.get('redirect_to'))
else:
return HttpResponseBadRequest()
elif CHECK_ATTEMPT is True:
UserAuthAttempt.clean()
UserAuthAttempt.store(request)
else:
form = authentication_form(data)
request.session.set_test_cookie()
current_site = get_current_site(request)
context = {
'form': form,
'site': current_site,
'site_name': current_site.name,
'data': request.GET.get('data'),
}
if extra_context is not None:
context.update(extra_context)
return TemplateResponse(request,
template_name,
context,
current_app=current_app)
def __init__(self, request, *args, **kwargs):
from secureauth.defaults import CAPTCHA_ATTEMPT, CAPTCHA_ENABLED
test_cookie_enabled = kwargs.pop('test_cookie_enabled', True)
super(BaseAuthForm, self).__init__(request, *args, **kwargs)
if CAPTCHA_ENABLED is True:
if UserAuthAttempt.get_attempts(request) > CAPTCHA_ATTEMPT:
self.fields['captcha'] = CaptchaField()
if test_cookie_enabled is False:
self.request = None
def __init__(self, request, *args, **kwargs):
from secureauth.defaults import CAPTCHA_ATTEMPT, CAPTCHA_ENABLED
test_cookie_enabled = kwargs.pop('test_cookie_enabled', True)
super(BaseAuthForm, self).__init__(request, *args, **kwargs)
if CAPTCHA_ENABLED is True:
if UserAuthAttempt.get_attempts(request) > CAPTCHA_ATTEMPT:
self.fields['captcha'] = CaptchaField()
if test_cookie_enabled is False:
self.request = None
def login_confirmation(
request,
template_name="secureauth/confirmation.html",
authentication_form=ConfirmAuthenticationForm,
extra_context=None,
current_app=None,
):
if CHECK_ATTEMPT and UserAuthAttempt.is_banned(request):
return HttpResponseBadRequest()
data = _get_data(request)
if extra_context is None and data.get("extra_context"):
extra_context = data.get("extra_context")
if hasattr(request, "user") and request.user.is_authenticated():
return HttpResponseRedirect(data.get("redirect_to", "/"))
elif request.method == "POST":
form = authentication_form(data, request.POST)
if form.is_valid():
user = form.get_user()
if user and data.get("user_pk") == user.pk:
auth_login(request, user)
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
if UserAuthLogging.is_enabled(request):
UserAuthActivity.check_location(request)
UserAuthActivity.log_auth(request, form.cleaned_data.get("auth_type"))
UserAuthNotification.notify(request)
UserAuthAttempt.remove(request)
request.session["ip"] = get_ip(request)
return HttpResponseRedirect(data.get("redirect_to"))
else:
return HttpResponseBadRequest()
elif CHECK_ATTEMPT is True:
UserAuthAttempt.clean()
UserAuthAttempt.store(request)
else:
form = authentication_form(data)
request.session.set_test_cookie()
current_site = get_current_site(request)
context = {"form": form, "site": current_site, "site_name": current_site.name, "data": request.GET.get("data")}
if extra_context is not None:
context.update(extra_context)
return TemplateResponse(request, template_name, context, current_app=current_app)
def process_response(self, request, response):
if not self._is_enabled(request):
return response
if UserAuthAttempt.is_banned(request):
return HttpResponseBadRequest()
if not request.COOKIES.get('satctoken'):
iv = TEST_COOKIE_REFRESH_ENCRYPT_COOKIE_IV
key = TEST_COOKIE_REFRESH_ENCRYPT_COOKIE_KEY
moo = AESModeOfOperation()
encrypted = moo.encrypt(
request.session['test_cookie_secret'], 2,
map(ord, key), moo.aes.keySize["SIZE_128"], map(ord, iv)
)
sec_uni = u''.join(map(unichr, encrypted[2]))
return render(
request, 'secureauth/test_cookie.html', {
'test_cookie_enc_key': key,
'test_cookie_enc_iv': iv,
'test_cookie_enc_set': quote(sec_uni.encode("utf-8")),
'test_cookie_next_url': request.get_full_path(),
})
elif response.status_code == 200:
from_cookie = request.COOKIES.get('satctoken').decode('hex')
from_session = request.session.get('test_cookie_secret')
if from_session is None:
self._clean(request, response)
elif from_cookie != from_session:
response.content = render_template(
'secureauth/session_expired.html')
self._clean(request, response)
logout(request)
return response
return response
def process_response(self, request, response):
if not self._is_enabled(request):
return response
if UserAuthAttempt.is_banned(request):
return HttpResponseBadRequest()
if not request.COOKIES.get('satctoken'):
iv = TEST_COOKIE_REFRESH_ENCRYPT_COOKIE_IV
key = TEST_COOKIE_REFRESH_ENCRYPT_COOKIE_KEY
moo = AESModeOfOperation()
encrypted = moo.encrypt(request.session['test_cookie_secret'], 2,
map(ord, key), moo.aes.keySize["SIZE_128"],
map(ord, iv))
sec_uni = u''.join(map(unichr, encrypted[2]))
return render(
request, 'secureauth/test_cookie.html', {
'test_cookie_enc_key': key,
'test_cookie_enc_iv': iv,
'test_cookie_enc_set': quote(sec_uni.encode("utf-8")),
'test_cookie_next_url': request.get_full_path(),
})
elif response.status_code == 200:
from_cookie = request.COOKIES.get('satctoken').decode('hex')
from_session = request.session.get('test_cookie_secret')
if from_session is None:
self._clean(request, response)
elif from_cookie != from_session:
response.content = render_template(
'secureauth/session_expired.html')
self._clean(request, response)
logout(request)
return response
return response
def login(request, template_name='secureauth/login.html',
redirect_field_name=REDIRECT_FIELD_NAME,
authentication_form=BaseAuthForm,
current_app=None, extra_context=None, redirect_to=''
): # pylint: disable=R0913
args = [redirect_field_name, redirect_to]
redirect_to = request.GET.get(*args) or request.POST.get(*args)
if CHECK_ATTEMPT and UserAuthAttempt.is_banned(request):
return HttpResponseBadRequest()
if request.method == "POST":
form = authentication_form(
request, data=request.POST, test_cookie_enabled=False)
if form.is_valid():
if not is_safe_url(url=redirect_to, host=request.get_host()):
redirect_to = settings.LOGIN_REDIRECT_URL
if '/' not in redirect_to and '.' not in redirect_to:
redirect_to = reverse(settings.LOGIN_REDIRECT_URL)
user = form.get_user()
if UserAuthIPRange.is_blocked(request, user):
return render(request, 'secureauth/blocked_ip.html')
if SMS_FORCE or len(get_available_auth_methods(user)) > 1:
data = {
'credentials': form.cleaned_data,
'user_pk': user.pk,
'ip': get_ip(request),
'redirect_to': redirect_to,
'extra_context': extra_context,
}
data = Sign().sign(data)
return HttpResponseRedirect(
'%s?data=%s' % (reverse('auth_confirmation'), data))
else:
auth_login(request, user)
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
if UserAuthLogging.is_enabled(request):
UserAuthActivity.check_location(request)
UserAuthActivity.log_auth(request)
UserAuthAttempt.remove(request)
request.session['ip'] = get_ip(request)
return HttpResponseRedirect(redirect_to)
elif CHECK_ATTEMPT is True:
UserAuthAttempt.clean()
UserAuthAttempt.store(request)
else:
form = authentication_form(request)
request.session.set_test_cookie()
current_site = get_current_site(request)
context = {
'form': form,
redirect_field_name: redirect_to,
'site': current_site,
'site_name': current_site.name,
}
if extra_context is not None:
context.update(extra_context)
if django.VERSION < (1, 8):
return TemplateResponse(
request, template_name, context, current_app=current_app)
else:
return TemplateResponse(
request, template_name, context)
def save(self):
request = RequestFactory().get('/')
request.META['REMOTE_ADDR'] = self.cleaned_data.get('ip')
UserAuthAttempt.remove(request)
def save(self):
request = RequestFactory().get('/')
request.META['REMOTE_ADDR'] = self.cleaned_data.get('ip')
UserAuthAttempt.remove(request)
def login(
request,
template_name="secureauth/login.html",
redirect_field_name=REDIRECT_FIELD_NAME,
authentication_form=BaseAuthForm,
current_app=None,
extra_context=None,
redirect_to="",
):
redirect_to = request.REQUEST.get(redirect_field_name, redirect_to)
if CHECK_ATTEMPT and UserAuthAttempt.is_banned(request):
return HttpResponseBadRequest()
if request.method == "POST":
form = authentication_form(request, data=request.POST, test_cookie_enabled=False)
if form.is_valid():
if not is_safe_url(url=redirect_to, host=request.get_host()):
redirect_to = settings.LOGIN_REDIRECT_URL
if "/" not in redirect_to and "." not in redirect_to:
redirect_to = reverse(settings.LOGIN_REDIRECT_URL)
user = form.get_user()
if UserAuthIPRange.is_blocked(request, user):
return render(request, "secureauth/blocked_ip.html")
if SMS_FORCE or len(get_available_auth_methods(user)) > 1:
data = {
"credentials": form.cleaned_data,
"user_pk": user.pk,
"ip": get_ip(request),
"redirect_to": redirect_to,
"extra_context": extra_context,
}
data = Sign().sign(data)
return HttpResponseRedirect("%s?data=%s" % (reverse("auth_confirmation"), data))
else:
auth_login(request, user)
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
if UserAuthLogging.is_enabled(request):
UserAuthActivity.check_location(request)
UserAuthActivity.log_auth(request)
UserAuthAttempt.remove(request)
request.session["ip"] = get_ip(request)
return HttpResponseRedirect(redirect_to)
elif CHECK_ATTEMPT is True:
UserAuthAttempt.clean()
UserAuthAttempt.store(request)
else:
form = authentication_form(request)
request.session.set_test_cookie()
current_site = get_current_site(request)
context = {"form": form, redirect_field_name: redirect_to, "site": current_site, "site_name": current_site.name}
if extra_context is not None:
context.update(extra_context)
return TemplateResponse(request, template_name, context, current_app=current_app)
def login(request,
template_name='secureauth/login.html',
redirect_field_name=REDIRECT_FIELD_NAME,
authentication_form=BaseAuthForm,
current_app=None,
extra_context=None,
redirect_to=''): # pylint: disable=R0913
args = [redirect_field_name, redirect_to]
redirect_to = request.GET.get(*args) or request.POST.get(*args)
if CHECK_ATTEMPT and UserAuthAttempt.is_banned(request):
return HttpResponseBadRequest()
if request.method == "POST":
form = authentication_form(request,
data=request.POST,
test_cookie_enabled=False)
if form.is_valid():
if not is_safe_url(url=redirect_to, host=request.get_host()):
redirect_to = settings.LOGIN_REDIRECT_URL
if '/' not in redirect_to and '.' not in redirect_to:
redirect_to = reverse(settings.LOGIN_REDIRECT_URL)
user = form.get_user()
if UserAuthIPRange.is_blocked(request, user):
return render(request, 'secureauth/blocked_ip.html')
if SMS_FORCE or len(get_available_auth_methods(user)) > 1:
data = {
'credentials': form.cleaned_data,
'user_pk': user.pk,
'ip': get_ip(request),
'redirect_to': redirect_to,
'extra_context': extra_context,
}
data = Sign().sign(data)
return HttpResponseRedirect(
'%s?data=%s' % (reverse('auth_confirmation'), data))
else:
auth_login(request, user)
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
if UserAuthLogging.is_enabled(request):
UserAuthActivity.check_location(request)
UserAuthActivity.log_auth(request)
UserAuthAttempt.remove(request)
request.session['ip'] = get_ip(request)
return HttpResponseRedirect(redirect_to)
elif CHECK_ATTEMPT is True:
UserAuthAttempt.clean()
UserAuthAttempt.store(request)
else:
form = authentication_form(request)
request.session.set_test_cookie()
current_site = get_current_site(request)
context = {
'form': form,
redirect_field_name: redirect_to,
'site': current_site,
'site_name': current_site.name,
}
if extra_context is not None:
context.update(extra_context)
if django.VERSION < (1, 8):
return TemplateResponse(request,
template_name,
context,
current_app=current_app)
else:
return TemplateResponse(request, template_name, context)
