def post(self, request, organization=None, *args, **kwargs):
"""
Process a login request via username/password. SSO login is handled
elsewhere.
"""
login_form = AuthenticationForm(request, request.data)
# Rate limit logins
is_limited = ratelimiter.is_limited(
"auth:login:username:{}".format(
md5_text(
login_form.clean_username(
request.data.get("username"))).hexdigest()),
limit=10,
window=60, # 10 per minute should be enough for anyone
)
if is_limited:
errors = {"__all__": [login_form.error_messages["rate_limited"]]}
metrics.incr("login.attempt",
instance="rate_limited",
skip_internal=True,
sample_rate=1.0)
return self.respond_with_error(errors)
if not login_form.is_valid():
metrics.incr("login.attempt",
instance="failure",
skip_internal=True,
sample_rate=1.0)
return self.respond_with_error(login_form.errors)
user = login_form.get_user()
auth.login(request,
user,
organization_id=organization.id if organization else None)
metrics.incr("login.attempt",
instance="success",
skip_internal=True,
sample_rate=1.0)
if not user.is_active:
return Response({
"nextUri":
"/auth/reactivate/",
"user":
serialize(user, user, DetailedUserSerializer()),
})
active_org = self.get_active_organization(request)
redirect_url = auth.get_org_redirect_url(request, active_org)
return Response({
"nextUri":
auth.get_login_redirect(request, redirect_url),
"user":
serialize(user, user, DetailedUserSerializer()),
})
def post(self, request, organization=None, *args, **kwargs):
"""
Process a login request via username/password. SSO login is handled
elsewhere.
"""
login_form = AuthenticationForm(request, request.DATA)
# Rate limit logins
is_limited = ratelimiter.is_limited(
u'auth:login:username:{}'.format(
md5_text(request.DATA.get('username').lower()).hexdigest()),
limit=10,
window=60, # 10 per minute should be enough for anyone
)
if is_limited:
errors = {'__all__': [login_form.error_messages['rate_limited']]}
metrics.incr('login.attempt',
instance='rate_limited',
skip_internal=True,
sample_rate=1.0)
return self.respond_with_error(errors)
if not login_form.is_valid():
metrics.incr('login.attempt',
instance='failure',
skip_internal=True,
sample_rate=1.0)
return self.respond_with_error(login_form.errors)
user = login_form.get_user()
auth.login(
request,
user,
organization_id=organization.id if organization else None,
)
metrics.incr('login.attempt',
instance='success',
skip_internal=True,
sample_rate=1.0)
if not user.is_active:
return Response({
'nextUri':
'/auth/reactivate/',
'user':
serialize(user, user, DetailedUserSerializer()),
})
active_org = self.get_active_organization(request)
redirect_url = auth.get_org_redirect_url(request, active_org)
return Response({
'nextUri':
auth.get_login_redirect(request, redirect_url),
'user':
serialize(user, user, DetailedUserSerializer()),
})
def respond_authenticated(self, request):
next_uri = self.get_next_uri(request)
if not auth.is_valid_redirect(next_uri, host=request.get_host()):
active_org = self.get_active_organization(request)
next_uri = auth.get_org_redirect_url(request, active_org)
return Response({"nextUri": next_uri})
