def login(request: ExtendedHttpRequest, tag: typing.Optional[str] = None) -> HttpResponse: # Default empty form logger.debug('Tag: %s', tag) if request.method == 'POST': request.session['restricted'] = False # Access is from login form = LoginForm(request.POST, tag=tag) user, data = checkLogin(request, form, tag) if user: response = HttpResponseRedirect(reverse('page.index')) # save tag, weblogin will clear session tag = request.session.get('tag') auth.webLogin(request, response, user, data) # data is user password here # And restore tag request.session['tag'] = tag else: # If error is numeric, redirect... # Error, set error on session for process for js time.sleep(2) # On failure, wait a bit... if isinstance(data, int): return errors.errorView(request, data) request.session['errors'] = [data] return index(request) else: request.session['tag'] = tag response = index(request) return response
def login(request, tag=None): from uds.web.forms.LoginForm import LoginForm from uds.web.util.authentication import checkLogin from uds.core.auths.auth import webLogin from django.http import HttpResponseRedirect # Default empty form if request.method == 'POST': form = LoginForm(request.POST, tag=tag) user, data = checkLogin(request, form, tag) if user: response = HttpResponseRedirect(reverse('page.index')) webLogin(request, response, user, data) # data is user password here else: # If error is numeric, redirect... # Error, set error on session for process for js if isinstance(data, int): return errorView(request, data) request.session['errors'] = [data] return index(request) else: response = index(request) return response
def login(request: HttpRequest, tag: typing.Optional[str] = None) -> HttpResponse: # Default empty form if request.method == 'POST': form = LoginForm(request.POST, tag=tag) user, data = checkLogin(request, form, tag) if user: response = HttpResponseRedirect(reverse('page.index')) auth.webLogin(request, response, user, data) # data is user password here else: # If error is numeric, redirect... # Error, set error on session for process for js if isinstance(data, int): return errors.errorView(request, data) request.session['errors'] = [data] return index(request) else: request.session['tag'] = tag response = index(request) return response
def login(request, tag=None): """ View responsible of logging in an user :param request: http request :param tag: tag of login auth """ # request.session.set_expiry(GlobalConfig.USER_SESSION_LENGTH.getInt()) response = None # Default empty form form = LoginForm(tag=tag) if request.method == 'POST': form = LoginForm(request.POST, tag=tag) user, data = checkLogin(request, form, tag) if user: response = HttpResponseRedirect(reverse('uds.web.views.index')) webLogin(request, response, user, data) # data is user password here else: # error, data = error if isinstance(data, int): return errors.errorView(request, data) # Error to notify form.add_error(None, data) if response is None: response = render(request, theme.template('login.html'), { 'form': form, 'authenticators': Authenticator.getByTag(tag), 'customHtml': GlobalConfig.CUSTOM_HTML_LOGIN.get(True), 'version': VERSION } ) getUDSCookie(request, response) return response
def login(request, tag=None): ''' View responsible of logging in an user :param request: http request :param tag: tag of login auth ''' # request.session.set_expiry(GlobalConfig.USER_SESSION_LENGTH.getInt()) host = request.META.get('HTTP_HOST') or request.META.get('SERVER_NAME') or 'auth_host' # Last one is a placeholder in case we can't locate host name # Get Authenticators limitation logger.debug('Host: {0}'.format(host)) if GlobalConfig.DISALLOW_GLOBAL_LOGIN.getBool(True) is True: if tag is None: try: Authenticator.objects.get(small_name=host) tag = host except Exception: try: tag = Authenticator.objects.order_by('priority')[0].small_name except Exception: # There is no authenticators yet, simply allow global login to nowhere.. :-) tag = None logger.debug('Tag: {0}'.format(tag)) logger.debug(request.method) if request.method == 'POST': if 'uds' not in request.COOKIES: logger.debug('Request does not have uds cookie') return errors.errorView(request, errors.COOKIES_NEEDED) # We need cookies to keep session data request.session.cycle_key() form = LoginForm(request.POST, tag=tag) if form.is_valid(): os = OsDetector.getOsFromUA(request.META.get('HTTP_USER_AGENT')) try: authenticator = Authenticator.objects.get(pk=form.cleaned_data['authenticator']) except Exception: authenticator = Authenticator() userName = form.cleaned_data['user'] cache = Cache('auth') cacheKey = str(authenticator.id) + userName tries = cache.get(cacheKey) if tries is None: tries = 0 if authenticator.getInstance().blockUserOnLoginFailures is True and tries >= GlobalConfig.MAX_LOGIN_TRIES.getInt(): form.add_form_error('Too many authentication errors. User temporarily blocked.') authLogLogin(request, authenticator, userName, 'Temporarily blocked') else: user = authenticate(userName, form.cleaned_data['password'], authenticator) logger.debug('User: {}'.format(user)) if user is None: logger.debug("Invalid credentials for user {0}".format(userName)) tries += 1 cache.put(cacheKey, tries, GlobalConfig.LOGIN_BLOCK.getInt()) form.add_form_error('Invalid credentials') authLogLogin(request, authenticator, userName, 'Invalid credentials') else: logger.debug('User {} has logged in'.format(userName)) cache.remove(cacheKey) # Valid login, remove cached tries response = HttpResponseRedirect(reverse('uds.web.views.index')) webLogin(request, response, user, form.cleaned_data['password']) # Add the "java supported" flag to session request.session['OS'] = os authLogLogin(request, authenticator, user.name) return response else: form = LoginForm(tag=tag) response = render_to_response(theme.template('login.html'), {'form': form, 'customHtml': GlobalConfig.CUSTOM_HTML_LOGIN.get(True)}, context_instance=RequestContext(request)) getUDSCookie(request, response) return response
def login(request, tag=None): ''' View responsible of logging in an user :param request: http request :param tag: tag of login auth ''' # request.session.set_expiry(GlobalConfig.USER_SESSION_LENGTH.getInt()) host = request.META.get('HTTP_HOST') or request.META.get('SERVER_NAME') or 'auth_host' # Last one is a placeholder in case we can't locate host name # Get Authenticators limitation logger.debug('Host: {0}'.format(host)) if GlobalConfig.DISALLOW_GLOBAL_LOGIN.getBool(False) is True: if tag is None: try: Authenticator.objects.get(small_name=host) tag = host except Exception: try: tag = Authenticator.objects.order_by('priority')[0].small_name except Exception: # There is no authenticators yet, simply allow global login to nowhere.. :-) tag = None logger.debug('Tag: {0}'.format(tag)) logger.debug(request.method) if request.method == 'POST': if 'uds' not in request.COOKIES: logger.debug('Request does not have uds cookie') return errors.errorView(request, errors.COOKIES_NEEDED) # We need cookies to keep session data request.session.cycle_key() form = LoginForm(request.POST, tag=tag) if form.is_valid(): os = request.os try: authenticator = Authenticator.objects.get(pk=form.cleaned_data['authenticator']) except Exception: authenticator = Authenticator() userName = form.cleaned_data['user'] if GlobalConfig.LOWERCASE_USERNAME.getBool(True) is True: userName = userName.lower() cache = Cache('auth') cacheKey = str(authenticator.id) + userName tries = cache.get(cacheKey) if tries is None: tries = 0 if authenticator.getInstance().blockUserOnLoginFailures is True and tries >= GlobalConfig.MAX_LOGIN_TRIES.getInt(): form.add_error(None, 'Too many authentication errors. User temporarily blocked.') authLogLogin(request, authenticator, userName, 'Temporarily blocked') else: password = form.cleaned_data['password'] user = None if password == '': password = '******' user = authenticate(userName, password, authenticator) logger.debug('User: {}'.format(user)) if user is None: logger.debug("Invalid credentials for user {0}".format(userName)) tries += 1 cache.put(cacheKey, tries, GlobalConfig.LOGIN_BLOCK.getInt()) form.add_error(None, ugettext('Invalid credentials')) authLogLogin(request, authenticator, userName, 'Invalid credentials') else: logger.debug('User {} has logged in'.format(userName)) cache.remove(cacheKey) # Valid login, remove cached tries response = HttpResponseRedirect(reverse('uds.web.views.index')) webLogin(request, response, user, form.cleaned_data['password']) # Add the "java supported" flag to session request.session['OS'] = os if form.cleaned_data['logouturl'] != '': logger.debug('The logoout url will be {}'.format(form.cleaned_data['logouturl'])) request.session['logouturl'] = form.cleaned_data['logouturl'] authLogLogin(request, authenticator, user.name) return response else: logger.info('Invalid form received') else: form = LoginForm(tag=tag) response = render_to_response( theme.template('login.html'), { 'form': form, 'customHtml': GlobalConfig.CUSTOM_HTML_LOGIN.get(True), 'version': VERSION }, context_instance=RequestContext(request) ) getUDSCookie(request, response) return response