def social_login(self, request, **kwargs):
self.method_check(request, allowed=['post'])
# new way
try:
data = self.get_clean_data(request)
access_token = self.get_clean_token(data)
except:
return self.create_response(request, u'something wrong with args',
HttpBadRequest)
if 'phone_number' in data:
phone_number = self.get_clean_number(data)
number = self.find_number(phone_number)
if number.validated and number.user:
perform_login(request, number.user, None)
user = number.user
else:
# social registration (legacy)
try:
data = self.get_clean_data(request)
access_token = self.get_clean_token(data)
(request, user) = self.social(request, access_token)
except:
logging.error(u'something went wrong with FB')
return self.create_response(request,
{u'something went wrong with FB'},
HttpBadRequest)
###############
result = {
u'api_key': user.api_key.key,
u'userid': user.id,
u'username': user.username
}
return self.create_response(request, result, HttpResponse)
def pre_social_login(self, request, sociallogin):
User = get_user_model()
# TODO: make sure that the partnership is still in good standing or valid or whatever
if sociallogin.user.pk:
set_country(sociallogin.user, request)
logger.info("setting connection to {}".format(
sociallogin.user.profile.country))
return
try:
# if user exists, connect the account to the existing account and login
new_login_user = User.objects.get(email=sociallogin.user.email)
except User.DoesNotExist:
url = reverse('sociallogin_notamember',
kwargs={
'email':
urlsafe_base64_encode(sociallogin.user.email)
})
raise ImmediateHttpResponse(HttpResponseRedirect(url))
sociallogin.connect(request, new_login_user)
set_country(new_login_user, request)
perform_login(request,
new_login_user,
'none',
redirect_url=sociallogin.get_redirect_url(request),
signal_kwargs={"sociallogin": sociallogin})
def pre_social_login(self, request, sociallogin):
user = sociallogin.user
if user.id:
return
if not user.email:
raise ImmediateHttpResponse(
response=HttpResponseRedirect(reverse('home')))
try:
# if user exists, connect the account to the existing account and
# login
user = DplUser.objects.get(email=user.email)
sociallogin.state['process'] = 'connect'
next_url = request.GET.get('next')
if not next_url:
next_url = reverse('home')
perform_login(request,
user,
'none',
redirect_url=next_url,
signal_kwargs=None,
signup=False)
except DplUser.DoesNotExist:
pass
def pre_social_login_(sender, request, sociallogin, **kwargs):
'''
Resolve issue of existing email address. When signing up a social account with the existing
email address it will logged the existing user. And for security hole issue the account
will not successfully logged if their given email address are not verified.
To verify ownership of email this function will automatically send a verification link
to the given email and only legit user can access the said account.
:param sender:
:param request:
:param sociallogin:
:param kwargs:
:return:
'''
email = sociallogin.account.extra_data['email']
_user = get_user_model()
users = _user.objects.filter(email=email)
_s_emails = s_emails.objects.filter(email=email)
e_existing = _s_emails.exists()
u_existing = users.exists()
if u_existing :
if e_existing:
if _s_emails[0].verified:
perform_login(request, users[0], app_settings.EMAIL_VERIFICATION)
raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL))
send_email_confirmation(request, users[0])
raise ImmediateHttpResponse(render(request, 'account/verification_sent.html', {}))
def pre_social_login(self, request, sociallogin):
social_email = sociallogin.account.extra_data.get('email')
try:
customer = CustomUser.objects.get(
email=social_email
) # if user exists, connect the account to the existing account and login
sociallogin.state['process'] = 'connect'
perform_login(request, customer, 'none')
except CustomUser.DoesNotExist:
pass
try:
customer = CustomUser.objects.get(
email1=social_email
) # if user exists, connect the account to the existing account and login
# sociallogin.state['process'] = 'connect'
# perform_login(request, customer, 'none')
if not sociallogin.is_existing:
sociallogin.connect(request, customer)
except CustomUser.DoesNotExist:
pass
try:
customer = CustomUser.objects.get(
email2=social_email
) # if user exists, connect the account to the existing account and login
sociallogin.state['process'] = 'connect'
perform_login(request, customer, 'none')
except CustomUser.DoesNotExist:
pass
def pre_social_login(self, request, sociallogin):
user = sociallogin.user
email = user.email
if not email.split('@')[1] == 'iiitdmj.ac.in':
messages.error(request,
'Use iiitdmj mail to sign in to this account !')
raise ImmediateHttpResponse(
render_to_response('account/exception.html'))
else:
if user.id:
return
try:
# if user exists, connect the account to the existing account and login
u = User.objects.get(email=email)
sociallogin.state['process'] = 'connect'
# authenticate(username=u.username, password=u.password)
perform_login(request, u, 'none')
return redirect('/')
except User.DoesNotExist:
exception_string = "Seems Like you don't \
have an account here! Contact CC admin for your account."
messages.error(request, exception_string)
raise ImmediateHttpResponse(
render_to_response('account/exception_no_account.html'))
def link_to_local_user(sender, request, sociallogin, **kwargs):
email_address = sociallogin.account.extra_data['email']
User = get_user_model()
users = User.objects.filter(email=email_address)
if users:
perform_login(request, users[0], email_verification='optional')
raise ImmediateHttpResponse(
redirect(settings.LOGIN_REDIRECT_URL.format(id=request.user.id)))
def pre_social_login(self, request, sociallogin):
try:
user = User.objects.get(
email=sociallogin.account.extra_data['email'])
perform_login(request, user, email_verification='optional')
raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL))
except User.DoesNotExist:
pass
def _login_social_account(request, account):
user = account.user
perform_login(request, user)
if not user.is_active:
ret = render_to_response("socialaccount/account_inactive.html", {}, context_instance=RequestContext(request))
else:
ret = HttpResponseRedirect(get_login_redirect_url(request))
return ret
def link_to_local_user(sender, request, sociallogin, **kwargs):
email_address = sociallogin.account.extra_data['email']
users = User.objects.filter(email=email_address)
if users:
perform_login(request,
users[0],
email_verification=settings.ACCOUNT_EMAIL_VERIFICATION)
raise ImmediateHttpResponse(redirect('home'))
def pre_social_login(self, request, sociallogin):
try:
print '@---------------------------@'
iUser = User.objects.get(email=sociallogin.account.user.email)
if iUser != None:
perform_login(request, iUser, email_verification='optional')
raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL.format(id=request.user.id)))
except User.DoesNotExist:
pass
def link_to_local_user(sender, request, sociallogin, **kwargs):
email_address = sociallogin.account.extra_data["email"]
users = User.objects.filter(email=email_address)
if users:
perform_login(request,
users[0],
email_verification=app_settings.EMAIL_VERIFICATION)
raise ImmediateHttpResponse(
redirect(settings.LOGIN_REDIRECT_URL.format(id=request.user.id)))
def _login_social_account(request, account):
user = account.user
perform_login(request, user)
if not user.is_active:
ret = render_to_response('socialaccount/account_inactive.html', {},
context_instance=RequestContext(request))
else:
ret = HttpResponseRedirect(get_login_redirect_url(request))
return ret
def pre_social_login(self, request, sociallogin):
user = sociallogin.user
if user.id:
return
try:
usuario = User.objects.get(email=user.email) # if user exists, connect the account to the existing account and login
sociallogin.state['process'] = 'connect'
perform_login(request, usuario, 'none')
except User.DoesNotExist:
pass
def pre_social_login(self, request, sociallogin):
user = sociallogin.user
if user.id:
return
try:
user = User.objects.get(email=user.email)
sociallogin.state['process'] = 'connect'
perform_login(request, user, 'none')
except User.DoesNotExist:
pass
def pre_social_login(self, request, sociallogin):
user = sociallogin.user
if user.id:
return
try:
existing_user = User.objects.get(username=user.username)
sociallogin.state['process'] = 'connect'
perform_login(request, existing_user, request.GET.get('next', '/'))
except User.DoesNotExist:
pass
def pre_social_login(self, request, sociallogin):
user = sociallogin.user
if user.id or not user.email:
return
try:
user = User.objects.get(email=user.email)
sociallogin.state['next'] = reverse('cyclist_dashboard')
sociallogin.state['process'] = 'connect'
perform_login(request, user, 'none')
except User.DoesNotExist:
pass
def pre_social_login(self, request, sociallogin):
user = sociallogin.user
if user.id:
return
try:
customer = User.objects.get(
email=user.email
) # if user exists, connect the account to the existing account and login
sociallogin.state['process'] = 'connect'
perform_login(request, customer, 'none')
except User.DoesNotExist:
pass
def pre_social_login(self, request, sociallogin):
try:
email = sociallogin.account.extra_data['email']
user = User.objects.get(email=email)
# diff between accounts
if not user.socialaccount_set.filter().exists():
sociallogin.connect(request, user)
perform_login(request, user, email_verification='none')
raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL))
except Exception as e:
logger.error("PRE SOCIAL LOGIN FAIL " + str(request.user))
pass
def _login_social_account(request, account):
user = account.user
perform_login(request, user)
engine.check_achievement(user=request.user, key="facebook_login")
if not user.is_active:
ret = render_to_response(
'socialaccount/account_inactive.html',
{},
context_instance=RequestContext(request))
else:
ret = HttpResponseRedirect(get_login_redirect_url(request))
return ret
def _login_social_account(request, account):
user = account.user
perform_login(request, user)
if not user.is_active:
ret = render_to_response("socialaccount/account_inactive.html", {}, context_instance=RequestContext(request))
else:
if request.is_ajax():
ret = HttpResponse(
simplejson.dumps({"status": "ok", "redirect": get_login_redirect_url(request)}),
mimetype="application/json",
)
else:
ret = HttpResponseRedirect(get_login_redirect_url(request))
return ret
def link_to_local_user(sender, request, sociallogin, **kwargs):
email_address = sociallogin.account.extra_data['email']
users = CustomUser.objects.filter(email=email_address)
# profile = Profile.objects.filter(user_id=users)
# if profile:
# login_if_exists(users, profile,sociallogin)
if users:
perform_login(request,
users[0],
email_verification=settings.ACCOUNT_EMAIL_VERIFICATION)
# users.is_active = True
# users.save()
return sociallogin
def pre_social_login(self, request, sociallogin):
user = sociallogin.user
if user.id or not user.email:
return
try:
user = User.objects.get(email=user.email)
sociallogin.state['next'] = reverse('cyclist_dashboard')
sociallogin.state['process'] = 'connect'
perform_login(request, user, 'none')
except User.DoesNotExist:
if 'user_role' not in request.session:
sociallogin.state['next'] = reverse('signup_define_role')
sociallogin.state['process'] = 'redirect'
def pre_social_login(self, request, sociallogin):
"""Add social account to an existing account (if registered with email and password)."""
social_user = sociallogin.user
if social_user.id:
return
# noinspection PyPep8Naming
User = get_user_model()
try:
user = User.objects.get(email=social_user.email)
sociallogin.state['process'] = 'connect'
perform_login(request, user, 'none')
except User.DoesNotExist:
pass
def pre_social_login(self, request, sociallogin):
user = sociallogin.user
if user.id:
return
try:
user = User.objects.get(
email=user.email
) # if user exists, connect the account to the existing account and login
sociallogin.state['process'] = 'connect'
perform_login(request, user, email_verification='mandatory')
except User.DoesNotExist:
username = user.first_name
username = slugify(username) + str(
user.logentry_set.creation_counter)
user.username = username
def get(self, request, *args, **kwargs):
practice_group, created = Group.objects.get_or_create(name='practice')
# Create practice user and save to the database
lst = [
random.choice(string.ascii_letters + string.digits)
for n in range(5)
]
randomstr = "".join(lst)
username = password = "******".format(randomstr)
User = get_user_model()
practice_user = User.objects.create_user(
username, '{}@crazymail.com'.format(username), password)
practice_group.user_set.add(practice_user)
practice_group.save()
credentials = {"username": username, "password": password}
user = get_adapter(self.request).authenticate(self.request,
**credentials)
ret = perform_login(request,
user,
email_verification=False,
redirect_url=reverse_lazy('core:home'))
return ret
def link_to_local_user(sender, request, sociallogin, **kwargs):
""" Login and redirect
This is done in order to tackle the situation where user's email retrieved
from one provider is different from already existing email in the database
(e.g facebook and google both use same email-id). Specifically, this is done to
tackle following issues:
* https://github.com/pennersr/django-allauth/issues/215
"""
email_address = sociallogin.account.extra_data['email']
existing_user = User.objects.filter(email=email_address).first()
link_social_info_to_superuser(existing_user, sociallogin)
if existing_user:
perform_login(request, existing_user, email_verification='optional')
raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL))
def login_on_confirm(self, confirmation):
"""
Simply logging in the user may become a security issue. If you
do not take proper care (e.g. don't purge used email
confirmations), a malicious person that got hold of the link
will be able to login over and over again and the user is
unable to do anything about it. Even restoring his own mailbox
security will not help, as the links will still work. For
password reset this is different, this mechanism works only as
long as the attacker has access to the mailbox. If he no
longer has access he cannot issue a password request and
intercept it. Furthermore, all places where the links are
listed (log files, but even Google Analytics) all of a sudden
need to be secured. Purging the email confirmation once
confirmed changes the behavior -- users will not be able to
repeatedly confirm (in case they forgot that they already
clicked the mail).
All in all, opted for storing the user that is in the process
of signing up in the session to avoid all of the above. This
may not 100% work in case the user closes the browser (and the
session gets lost), but at least we're secure.
"""
user_pk = self.request.session.pop('account_user', None)
user = confirmation.email_address.user
if user_pk == user.pk and self.request.user.is_anonymous():
return perform_login(self.request,
user,
app_settings.EmailVerificationMethod.NONE)
def _process_signup(request, sociallogin):
# If email is specified, check for duplicate and if so, no auto signup.
auto_signup = app_settings.AUTO_SIGNUP
email = sociallogin.account.user.email
if auto_signup:
# Let's check if auto_signup is really possible...
if email:
if account_settings.UNIQUE_EMAIL:
try:
user = User.objects.get(email__iexact=email)
# Oops, another user already has this address. We
# cannot simply connect this social account to the
# existing user. Reason is that the email adress may
# not be verified, meaning, the user may be a hacker
# that has added your email address to his account in
# the hope that you fall in his trap. To solve this,
# we reset the password of the email account and connect
# the user.
user.set_password(md5.new('%s:%s ' % (email, time.time())).hexdigest())
user.save()
context = create_password_reset_context(user)
get_account_adapter().send_mail('account/email/link_facebook',
email, context)
sociallogin.account.user = user
sociallogin.save()
return perform_login(request, user,
redirect_url=sociallogin.get_redirect_url(request))
except User.DoesNotExist:
# No user exists with this email. Let's auto sign up the user.
auto_signup = True
elif account_settings.EMAIL_REQUIRED:
# Nope, email is required and we don't have it yet...
auto_signup = False
if not auto_signup:
request.session['socialaccount_sociallogin'] = sociallogin
url = reverse('socialaccount_signup')
ret = HttpResponseRedirect(url)
else:
# FIXME: This part contains a lot of duplication of logic
# ("closed" rendering, create user, send email, in active
# etc..)
try:
if not get_account_adapter().is_open_for_signup(request):
return render(request,
"account/signup_closed.html")
except ImmediateHttpResponse, e:
return e.response
u = sociallogin.account.user
u.username = generate_unique_username(u.username
or email
or 'user')
u.last_name = (u.last_name or '') \
[0:User._meta.get_field('last_name').max_length]
u.first_name = (u.first_name or '') \
[0:User._meta.get_field('first_name').max_length]
u.email = email or ''
u.set_unusable_password()
sociallogin.save()
send_email_confirmation(request, u)
ret = complete_social_signup(request, sociallogin)
def link_to_local_user(sender, request, sociallogin, **kwargs):
''' Login and redirect
This is done in order to tackle the situation where user's email retrieved
from one provider is different from already existing email in the database
(e.g facebook and google both use same email-id). Specifically, this is done to
tackle following issues:
* https://github.com/pennersr/django-allauth/issues/215
'''
email_address = sociallogin.account.extra_data['email']
User = get_user_model()
users = User.objects.filter(email=email_address)
if users:
# allauth.account.app_settings.EmailVerificationMethod
perform_login(request, users[0], email_verification='optional')
raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL.format(id=request.user.id)))
def link_to_local_user(sender, request, sociallogin, **kwargs):
''' Login and redirect
This is done in order to tackle the situation where user's email retrieved
from one provider is different from already existing email in the database
(e.g facebook and google both use same email-id). Specifically, this is done to
tackle following issues:
* https://github.com/pennersr/django-allauth/issues/215
'''
email_address = sociallogin.account.extra_data['email']
User = get_user_model()
users = User.objects.filter(email=email_address)
if users:
# allauth.account.app_settings.EmailVerificationMethod
perform_login(request, users[0], email_verification='optional')
raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL.format(id=request.user.id)))
def _login_social_account(request, sociallogin):
user = sociallogin.account.user
if not user.is_active:
ret = render_to_response("socialaccount/account_inactive.html", {}, context_instance=RequestContext(request))
else:
ret = perform_login(request, user, redirect_url=sociallogin.get_redirect_url())
return ret
def signup(request):
request.session['inactive_user'] = False
if request.user.is_authenticated():
return redirect('home')
if request.method == 'POST':
email = request.POST.get('email')
first_name = request.POST.get('first_name')
last_name = request.POST.get('last_name')
password = request.POST.get('password1')
terms_agree = request.POST.get('terms_agree')
user = None
if valid_email(email):
user = User.objects.filter(email=email).first()
if user:
if not user.is_active:
request.session['inactive_user'] = True
if password and first_name and last_name and terms_agree:
data = {
'password1': password,
'password2': password,
}
form = AllauthSetPasswordForm(user=user, data=data)
if form.is_valid():
form.save()
user.first_name = first_name
user.last_name = last_name
user.is_active = True
user.save(update_fields=['is_active', 'first_name', 'last_name'])
return perform_login(request, user, email_verification='mandatory')
return allauth_signup(request)
def get(self, request, *args, **kwargs):
redirect_url = request.query_params.get('redirect_url')
token = request.query_params.get('token')
if token is None:
return Response({'detail': 'Missing token.'},
status=status.HTTP_400_BAD_REQUEST)
data = {'token': token}
try:
token, user = self._process_request(data)
except ValidationError as exc:
msg = 'Unknown error. Contact an admin.'
if 'token' in exc.detail:
msg = str(exc.detail['token'][0])
else:
# If it's not the standard token invalid error log as error to see on sentry etc
logger.error(exc)
return render(request, 'token_error.html', {'error_message': msg})
# Get an authenticated web session and do a redirect
ret = perform_login(
request,
user,
email_verification=settings.ACCOUNT_EMAIL_VERIFICATION,
redirect_url=redirect_url)
request.session.set_expiry(settings.SESSION_COOKIE_AGE)
return ret
def pre_social_login(self, request, sociallogin: SocialLogin):
"""
The user is authenticated in some "social app". Consider the following
scenarios:
1 - the user email is found in our DB among registered users' emails
1.1 - the user email is registered. We just "connect" the social account
to the user "CS native" account or if these 2 accounts are already connected
we proceed with logging in.
1.2 - the user email is not registered. We deny the request.
2 - the user email is not found in our DB among registered users' emails
2.1 - the user email is registered. We register an inactive user.
2.2 - the user email is not registered. We either allow or deny registration
based on SOCIALACCOUNT_EMAIL_REQUIRED setting
"""
emails = [e for e in sociallogin.email_addresses if e.primary]
if not emails:
return
email_adr, email_verified = emails[0].email, emails[0].verified
from apps.users.app_vars import SOCIALACCOUNT_EMAIL_VERIFIED_ONLY
if SOCIALACCOUNT_EMAIL_VERIFIED_ONLY.val and not email_verified:
msg = f'Email "{email_adr}" is not verified'
logger.error(msg)
raise PermissionDenied(msg)
try:
user = User.objects.get(email__iexact=email_adr)
except User.DoesNotExist:
return
# we're here: 1 - the user email is found in our DB among registered users' emails
if SOCIALACCOUNT_EMAIL_VERIFIED_ONLY.val and not email_verified:
# 1.2 - deny the request
msg = f'Existing email "{email_adr}" is not verified'
logger.error(msg)
raise PermissionDenied(msg)
try:
if not sociallogin.is_existing:
sociallogin.connect(request, user)
else:
sociallogin.state['process'] = 'login'
perform_login(request, user, 'none')
except Exception as e:
logger.error(f'Error entering social account ({email_adr}): {e}')
raise
def pre_social_login(self, request: HttpRequest,
sociallogin: SocialLogin) -> None:
user = sociallogin.user
process = sociallogin.state.get('process')
if not user.id:
if sociallogin.account.provider not in self.trusted_providers:
return
# todo: we can additionally check if email from social is verified if provider grabs such info
try:
email_address = EmailAddress.objects.get(email=user.email)
except EmailAddress.DoesNotExist:
pass
else:
existing_user = email_address.user
sociallogin.state['process'] = AuthProcess.CONNECT
perform_login(request, existing_user,
account_settings.EmailVerificationMethod.NONE)
elif (process == AuthProcess.LOGIN and sociallogin.is_existing
and request.user.is_authenticated
and sociallogin.user != request.user):
raise self.authentication_error(
request,
sociallogin.account.provider,
error=AuthError.DENIED,
exception=Exception(
'The social account is already connected to a different account.'
))
if process == AuthProcess.CONNECT:
return
referer_url = sociallogin.state.get('next')
if referer_url:
request.session['socialaccount_original_next'] = (
referer_url,
sociallogin.account.provider,
)
assert user.is_authenticated
token = get_login_token_with_auth_info(
user, AuthAction.LOGIN if user.id else AuthAction.REGISTRATION,
AuthProvider.SOCIAL, sociallogin.account.provider)
sociallogin.state['next'] = urljoin(
referer_url, '?' + self.token_param_name + '=' + token)
def login(self, request, redirect_url=None): ret = perform_login(request, self.user, email_verification=app_settings.EMAIL_VERIFICATION, redirect_url=redirect_url) #pylint: disable=no-member remember = app_settings.SESSION_REMEMBER #pylint: disable=no-member if remember is None: remember = self.cleaned_data['remember'] if remember: remember_user(ret, self.user) return ret
def sign_user_in(sender, **kwargs):
"""Automatically signs the user in after a successful password reset.
Implemented via signals because of django-allauth#735.
"""
request = kwargs['request']
user = kwargs['user']
return perform_login(request, user, settings.ACCOUNT_EMAIL_VERIFICATION)
def _login_social_account(request, sociallogin):
return perform_login(
request,
sociallogin.user,
email_verification=app_settings.EMAIL_VERIFICATION,
redirect_url=sociallogin.get_redirect_url(request),
signal_kwargs={"sociallogin": sociallogin},
)
def form_valid(self, form):
super().form_valid(form)
return utils.perform_login(
self.request,
self.reset_user,
email_verification=app_settings.EMAIL_VERIFICATION,
redirect_url=reverse("edit_profile"),
)
def login_with_profile(request, user, verification=None):
if verification is None:
verification = allauth_settings.EMAIL_VERIFICATION
response = perform_login(request, user, verification, redirect_url=None)
token = handle_login_response(response, user, allow_disabled=True)
profile = getattr(getattr(token, 'user', None), 'profile', None)
return token, profile
def _login_social_account(request, sociallogin):
sociallogin.token.expires_at = timezone.now() + timedelta(hours=2)
sociallogin.token.save()
print("updated token {} {}".format(sociallogin.token, sociallogin.token.expires_at))
return perform_login(request, sociallogin.account.user,
email_verification=app_settings.EMAIL_VERIFICATION,
redirect_url=sociallogin.get_redirect_url(request),
signal_kwargs={"sociallogin": sociallogin})
def pre_social_login(self, request, sociallogin):
"""
Login and redirect
This is done in order to tackle the situation where user's email retrieved
from one provider is different from already existing email in the database
(e.g facebook and google both use same email-id). Specifically, this is done to
tackle following issues:
* https://github.com/pennersr/django-allauth/issues/215
"""
email_address = sociallogin.account.extra_data.get('email', None)
if not email_address:
return
try:
user = get_user_model().objects.get(email=email_address)
perform_login(request, user, email_verification=app_settings.EMAIL_VERIFICATION)
if not sociallogin.is_existing:
sociallogin.connect(request, user)
raise ImmediateHttpResponse(redirect(get_login_redirect_url(request)))
except get_user_model().DoesNotExist:
pass
def _login_social_account(request, sociallogin):
user = sociallogin.account.user
if not user.is_active:
ret = render_to_response(
'socialaccount/account_inactive.html',
{},
context_instance=RequestContext(request))
else:
ret = perform_login(request, user,
email_verification=app_settings.EMAIL_VERIFICATION,
redirect_url=sociallogin.get_redirect_url(request))
return ret
def login(self, request, redirect_url=None):
ret = perform_login(request, self.user,
email_verification=app_settings.EMAIL_VERIFICATION,
redirect_url=redirect_url)
remember = app_settings.SESSION_REMEMBER
if remember is None:
remember = self.cleaned_data['remember']
if remember:
request.session.set_expiry(app_settings.SESSION_COOKIE_AGE)
else:
request.session.set_expiry(0)
return ret
def pre_social_login(self, request, sociallogin):
# TODO: make sure that the partnership is still in good standing or valid or whatever
if sociallogin.user.pk:
set_country(sociallogin.user, request)
logger.info("setting connection to {}".format(sociallogin.user.profile.country))
return
try:
# if user exists, connect the account to the existing account and login
new_login_user = User.objects.get(email=sociallogin.user.email)
except User.DoesNotExist:
url = reverse('sociallogin_notamember', kwargs={'email': urlsafe_base64_encode(sociallogin.user.email)})
raise ImmediateHttpResponse(HttpResponseRedirect(url))
sociallogin.connect(request, new_login_user)
set_country(new_login_user, request)
perform_login(
request,
new_login_user,
'none',
redirect_url=sociallogin.get_redirect_url(request),
signal_kwargs={"sociallogin": sociallogin}
)
def log_user_in(request, user):
if not request.user.is_authenticated():
logged_in = False
def check_logged_in(sender, **kwargs):
nonlocal logged_in
if kwargs.get('user') == user:
logged_in = True
user_logged_in.connect(check_logged_in)
response = perform_login(request, user, email_verification=settings.ACCOUNT_EMAIL_VERIFICATION)
user_logged_in.disconnect(check_logged_in)
if logged_in is False:
return response
def _login_social_account(request, sociallogin):
log.debug('socialaccount.helpers._login_social_account')
user = sociallogin.account.user
if app_settings.INVITE_MODE and not user.is_active:
# Check for the case where a user has previously social-signed in without an invite code,
# and subsequently clicked on a valid invitation code
log.debug("Checking whether this user had an invitation code")
if request.session.get('invitation_key', False):
log.debug("Invited - activating user")
user.is_active = True
user.save()
if not user.is_active:
ret = render_to_response(
'socialaccount/account_inactive.html',
{},
context_instance=RequestContext(request))
else:
ret = perform_login(request, user,
redirect_url=sociallogin.get_redirect_url())
return ret
def _handleCreateBookmark(request, subject_class, subject_form_class, *subject_field_ids):
form = subject_form_class(request.POST)
if form.is_valid():
email = form.cleaned_data["email"]
try:
user = User.objects.create_user(username=email, email=email)
except IntegrityError:
user = User.objects.get(username=email)
user = authenticate(key=user.profile.key)
kwargs = {"user": user}
for field in subject_field_ids:
kwargs[field] = form.cleaned_data[field]
# An unverified account can only create unapproved bookmarks.
# When an account is verified, all its bookmarks are
# approved. Whenever someone tries to add a bookmark for
# someone else's email address (or they're not logged in),
# that email address is marked as unverified again. In this
# way we can allow people who remain logged in to add several
# alerts without having to reconfirm by email.
emailaddress = EmailAddress.objects.filter(user=user)
if user == request.user:
kwargs["approved"] = emailaddress.filter(verified=True).exists()
else:
kwargs["approved"] = False
emailaddress.update(verified=False)
subject_class.objects.get_or_create(**kwargs)
if hasattr(request, "user"):
# Log the user out. We don't use Django's built-in logout
# mechanism because that clears the entire session, too,
# and we want to know if someone's logged in previously in
# this session.
request.user = AnonymousUser()
for k in [SESSION_KEY, BACKEND_SESSION_KEY, HASH_SESSION_KEY]:
if k in request.session:
del (request.session[k])
return perform_login(request, user, app_settings.EmailVerificationMethod.MANDATORY, signup=True)
return form
def _login_social_account(request, sociallogin):
return perform_login(request, sociallogin.account.user,
email_verification=app_settings.EMAIL_VERIFICATION,
redirect_url=sociallogin.get_redirect_url(request),
signal_kwargs={"sociallogin": sociallogin})
def link_to_local_user(sender, request, sociallogin, **kwargs):
email_address = sociallogin.account.extra_data['email']
users = User.objects.filter(email=email_address)
if users:
perform_login(request, users[0], email_verification='optional')
raise ImmediateHttpResponse(redirect(settings.LOGIN_REDIRECT_URL.format(id=request.user.id)))
