def location(self, regex_url): relative_url = regex_url.regex.pattern.replace("^", "/").replace("$", "") return util.make_absolute_url(relative_url, "http")
def login(request, default_next='/', staff_protocol='https'): def is_secure_password(pw): has = lambda cs: any(char in cs for char in pw) return len(pw) >= 8 and has(string.lowercase) and has(string.uppercase) and has(string.digits) def valid_slug(raw): raw = raw.lstrip('#').strip() allowed = string.letters + string.digits + '_' def process(c): if c in allowed: return c elif c in string.whitespace: return '_' else: return '' return (''.join(map(process, raw)))[:20] cookies_to_delete = [] next_ = get_next(request) if request.method == 'GET': return r2r_jinja('user/login.html', locals(), request) signed_request = request.POST.get(u'signed_request', None) facebook_id = request.POST.get(u'facebook_id', None) if signed_request and facebook_id: user = authenticate(request, facebook_id, signed_request) if user is None: return r2r_jinja('user/login.html', locals(), request) # this is a total hack because we don't care to write a backend for the above authenticate method user.backend = settings.AUTHENTICATION_BACKENDS[0] else: username = valid_slug(request.POST.get('username', '')) password = request.POST.get('password') if check_rate_limit(request, username): message = "Too many retries. Wait a minute and try again." return r2r_jinja('user/login.html', locals(), request) user = auth.authenticate(username=username, password=password) if user is None: if User.objects.filter(username=username).exists(): message = "Incorrect username or password." else: message = "Incorrect username or password." return r2r_jinja('user/login.html', locals(), request) if user.is_staff: if is_secure_password(password): next_ = make_absolute_url(next_ or default_next, protocol=staff_protocol) else: message = ("User is staff and has an insecure password. Please create a more secure one (8 or more " "characters, mixed case and has numbers). Use password reset to fix this.") return r2r_jinja('user/login.html', locals(), request) auth.login(request, user) try: (key, post_data) = after_signup.get_posted_comment(request) if post_data: next_ = post_comment(request, user, post_data, persist_url=False).details().url cookies_to_delete.append(after_signup.make_cookie_key('post_comment')) except KeyError: pass def cleanup(response): for k in cookies_to_delete: response.delete_cookie(k) return response if next_: next_params = request.GET.copy() if 'next' in next_params: del next_params['next'] next_params = '?' + urllib.urlencode(next_params) if next_params else '' return cleanup(HttpResponseRedirect(next_ + next_params)) else: return cleanup(HttpResponseRedirect('/'))
def test_base_path_with_protocol(self): self.assertEqual('https://foo.com/', make_absolute_url('/', protocol='https'))
def location(self, category): return util.make_absolute_url(category.get_absolute_url(), "http:")
def test_already_absolute_without_protocol(self): self.assertEqual('//foo.com/foo', make_absolute_url('//foo.com/foo'))
def test_already_absolute_without_protocol_with_kwarg(self): self.assertEqual('https://foo.com/foo', make_absolute_url('//foo.com/foo', protocol='https'))
def test_without_prepended_slash(self): self.assertEqual('//foo.com/foo', make_absolute_url('foo'))
def test_already_absolute(self): self.assertEqual('https://foo.com/foo', make_absolute_url('https://foo.com/foo'))