def post_account_linking(request): logger.info('auth2_ssl Return after account linking form filled') if request.method == "POST": if 'do_creation' in request.POST \ and request.POST['do_creation'] == 'on': logger.info('account creation asked') request.session['do_creation'] = 'do_creation' return redirect_to_login(request, login_url='user_signin_ssl') form = AuthenticationForm(data=request.POST) if form.is_valid(): logger.info('form valid') user = form.get_user() try: login(request, user) record_authentication_event(request, how='password') except: logger.error('login() failed') messages.add_message(request, messages.ERROR, _('SSL Client Authentication failed. Internal server error.')) logger.debug('session opened') return redirect_to_login(request, login_url='user_signin_ssl') else: logger.warning('form not valid - Try again! (Brute force?)') return render(request, 'auth/account_linking_ssl.html') else: return render(request, 'auth/account_linking_ssl.html')
def post_account_linking(request): logger.info('auth2_ssl Return after account linking form filled') if request.method == "POST": if 'do_creation' in request.POST \ and request.POST['do_creation'] == 'on': logger.info('account creation asked') request.session['do_creation'] = 'do_creation' return redirect_to_login(request, login_url='user_signin_ssl') form = AuthenticationForm(data=request.POST) if form.is_valid(): logger.info('form valid') user = form.get_user() try: login(request, user) record_authentication_event(request, how='password') except: logger.error('login() failed') messages.add_message( request, messages.ERROR, _('SSL Client Authentication failed. Internal server error.' )) logger.debug('session opened') return redirect_to_login(request, login_url='user_signin_ssl') else: logger.warning('form not valid - Try again! (Brute force?)') return render(request, 'auth/account_linking_ssl.html') else: return render(request, 'auth/account_linking_ssl.html')
def test_redirect_to_login(self): from authentic2.utils import redirect_to_login from django.test.client import RequestFactory rf = RequestFactory() request = rf.get('/coin', data={'next': '..'}) response = redirect_to_login(request) self.assertEqualsURL(response['Location'], '/login/?next=..')
def login(self, request, *args, **kwargs): context = kwargs.pop('context', {}) submit_name = 'login-%s' % self.id context['submit_name'] = submit_name if request.method == 'POST' and submit_name in request.POST: return redirect_to_login(request, login_url='mellon_login') return render(request, 'authentic2_auth_saml/login.html', context)
def handle_request(request): # Check certificate validity ssl_info = util.SSLInfo(request) accept_self_signed = app_settings.ACCEPT_SELF_SIGNED if not ssl_info.cert: logger.error('SSL Client Authentication failed: ' 'SSL CGI variable CERT is missing') messages.add_message( request, messages.ERROR, _('SSL Client Authentication failed. ' 'No client certificate found.')) return redirect_to_login(request) elif not accept_self_signed and not ssl_info.verify: logger.error('SSL Client Authentication failed: ' 'SSL CGI variable VERIFY is not SUCCESS') messages.add_message( request, messages.ERROR, _('SSL Client Authentication failed. ' 'Your client certificate is not valid.')) return redirect_to_login(request) # SSL entries for this certificate? user = authenticate(ssl_info=ssl_info) # If the user is logged in, no need to create an account # If there is an SSL entries, no need for account creation, # just need to login, treated after if 'do_creation' in request.session and not user \ and not request.user.is_authenticated(): from backends import SSLBackend if SSLBackend().create_user(ssl_info): user = authenticate(ssl_info=ssl_info) logger.info(u'account created for %s', user) else: logger.error('account creation failure') messages.add_message( request, messages.ERROR, _('SSL Client Authentication failed. Internal server error.')) return redirect_to_login(request) # No SSL entries and no user session, redirect account linking page if not user and not request.user.is_authenticated(): return render(request, 'auth/account_linking_ssl.html') # No SSL entries but active user session, perform account linking if not user and request.user.is_authenticated(): from backend import SSLBackend if SSLBackend().link_user(ssl_info, request.user): logger.info('Successful linking of the SSL ' 'Certificate to an account, redirection to %s' % next_url) else: logger.error('login() failed') messages.add_message( request, messages.ERROR, _('SSL Client Authentication failed. Internal server error.')) return redirect_to_login(request) # SSL Entries found for this certificate, # if the user is logged out, we login if not request.user.is_authenticated(): login(request, user) record_authentication_event(request, how='ssl') return continue_to_next_url(request) # SSL Entries found for this certificate, if the user is logged in, we # check that the SSL entry for the certificate is this user. # else, we make this certificate point on that user. if user.username != request.user.username: logger.warning( u'The certificate belongs to %s, ' 'but %s is logged with, we change the association!', user, request.user) from backends import SSLBackend cert = SSLBackend().get_certificate(ssl_info) cert.user = request.user cert.save() return continue_to_next_url(request)
def post(self, request, form, nonce, next_url): return redirect_to_login( request, login_url='user_signin_ssl', )
def post(self, request, form, nonce, next_url): return redirect_to_login(request, login_url="user_signin_ssl")
def handle_request(request): # Check certificate validity ssl_info = util.SSLInfo(request) accept_self_signed = app_settings.ACCEPT_SELF_SIGNED if not ssl_info.cert: logger.error('SSL Client Authentication failed: ' 'SSL CGI variable CERT is missing') messages.add_message(request, messages.ERROR, _('SSL Client Authentication failed. ' 'No client certificate found.')) return redirect_to_login(request) elif not accept_self_signed and not ssl_info.verify: logger.error('SSL Client Authentication failed: ' 'SSL CGI variable VERIFY is not SUCCESS') messages.add_message(request, messages.ERROR, _('SSL Client Authentication failed. ' 'Your client certificate is not valid.')) return redirect_to_login(request) # SSL entries for this certificate? user = authenticate(ssl_info=ssl_info) # If the user is logged in, no need to create an account # If there is an SSL entries, no need for account creation, # just need to login, treated after if 'do_creation' in request.session and not user \ and not request.user.is_authenticated(): from backends import SSLBackend if SSLBackend().create_user(ssl_info): user = authenticate(ssl_info=ssl_info) logger.info(u'account created for %s', user) else: logger.error('account creation failure') messages.add_message(request, messages.ERROR, _('SSL Client Authentication failed. Internal server error.')) return redirect_to_login(request) # No SSL entries and no user session, redirect account linking page if not user and not request.user.is_authenticated(): return render_to_response('auth/account_linking_ssl.html', context_instance=RequestContext(request)) # No SSL entries but active user session, perform account linking if not user and request.user.is_authenticated(): from backend import SSLBackend if SSLBackend().link_user(ssl_info, request.user): logger.info('Successful linking of the SSL ' 'Certificate to an account, redirection to %s' % next_url) else: logger.error('login() failed') messages.add_message(request, messages.ERROR, _('SSL Client Authentication failed. Internal server error.')) return redirect_to_login(request) # SSL Entries found for this certificate, # if the user is logged out, we login if not request.user.is_authenticated(): login(request, user) record_authentication_event(request, how='ssl') return continue_to_next_url(request) # SSL Entries found for this certificate, if the user is logged in, we # check that the SSL entry for the certificate is this user. # else, we make this certificate point on that user. if user.username != request.user.username: logger.warning(u'The certificate belongs to %s, ' 'but %s is logged with, we change the association!', user, request.user) from backends import SSLBackend cert = SSLBackend().get_certificate(ssl_info) cert.user = request.user cert.save() return continue_to_next_url(request)