def login(request): error = None notice = None # If form has been submitted if request.method == 'POST': form = LoginForm(request.POST) username = request.POST['username'] password = request.POST['password'] logging.info('Trying user %s authentication', username) user = authenticate(username=username, password=password) # Check if user correct if user is not None: django_login(request, user) logging.info("User %s logged in", user.username) if user.get_profile().is_administrator(): cursor = connections['principal'].cursor() Region.fetch_all(cursor) cursor.close() return index(request) # If user is incorrect, error else: logging.error("User %s: bad credentials", username) request.flash['error'] = 'Nombre de usuario o contraseña incorrectos' # If it hasn't been submitted, display any pending notices else: form = LoginForm() # If user couldn't access anywhere for any reason, return to login form return render_to_response('login.html', { 'form': form, }, context_instance=RequestContext(request))
def registration(request): ''' A form to allow for registration of new users ''' template_data = {} template_data.update(csrf(request)) # Don't use captcha when registering through an app is_app = check_request_amazon(request) or check_request_android(request) FormClass = RegistrationFormNoCaptcha if is_app else RegistrationForm # Redirect regular users, in case they reached the registration page if request.user.is_authenticated() and not request.user.userprofile.is_temporary: return HttpResponseRedirect(reverse('core:dashboard')) if request.method == 'POST': form = FormClass(data=request.POST) # If the data is valid, log in and redirect if form.is_valid(): username = form.cleaned_data['username'] password = form.cleaned_data['password1'] email = form.cleaned_data['email'] user = Django_User.objects.create_user(username, email, password) user.save() # Pre-set some values of the user's profile language = Language.objects.get(short_name=translation.get_language()) user.userprofile.notification_language = language # Set default gym, if needed gym_config = GymConfig.objects.get(pk=1) if gym_config.default_gym: user.userprofile.gym = gym_config.default_gym # Create gym user configuration object config = GymUserConfig() config.gym = gym_config.default_gym config.user = user config.save() user.userprofile.save() user = authenticate(username=username, password=password) django_login(request, user) messages.success(request, _('You were successfully registered')) return HttpResponseRedirect(reverse('core:dashboard')) else: form = FormClass() template_data['form'] = form template_data['title'] = _('Register') template_data['form_fields'] = [i for i in form] template_data['form_action'] = reverse('core:user:registration') template_data['submit_text'] = _('Register') template_data['extend_template'] = 'base.html' return render(request, 'form.html', template_data)
def openid_get_identity(request, identity_url): """ Select openid based on claim (identity_url). If none was claimed identity_url will be 'http://specs.openid.net/auth/2.0/identifier_select' - in that case return default one - if user has no default one, return any - in other case return None! """ for openid in request.user.openid_set.iterator(): if identity_url == request.build_absolute_uri( reverse('openid-provider-identity', args=[openid.openid])): custom_log(request, "Found a valid OpenID identity: %s" % openid) return openid if identity_url == 'http://specs.openid.net/auth/2.0/identifier_select': # no claim was made, choose user default openid: openids = request.user.openid_set.filter(default=True) if openids.count() == 1: custom_log(request, "No claim was made. Chose ID %s" % openids[0]) return openids[0] if request.user.openid_set.count() > 0: custom_log(request, "No claim was made. Chose ID %s" % request.user.openid_set.all()[0]) return request.user.openid_set.all()[0] (user, _) = DjangoUser.objects.get_or_create(username=request.browser.user.username, defaults={"email": request.browser.user.email, "is_staff": False, "is_active": True, "is_superuser": False, "last_login": datetime.datetime.now(), "date_joined": datetime.datetime.now()}) user.backend = 'django.contrib.auth.backends.ModelBackend' # Horrible hack. django_login(request, user) custom_log(request, "Creating new OpenID association for %s" % user.username, level="info") (openid, _) = OpenID.objects.get_or_create(user=user, openid=user.username) return openid
def login(request): """ The page a user can log in. """ response = None context = { 'data': None, 'errors': None } login_form = LoginForm(request.POST) if request.method == 'POST': if login_form.is_valid(): django_login(request, login_form.get_user()) response = redirect('users:home') else: copy_global_error(login_form, 'login_failed', 'username_email') copy_global_error(login_form, 'not_validated', 'username_email') context.update({ 'data': login_form.data, 'errors': login_form.errors }) if not response: context['fields'] = login_form.fields return render(request, 'users/login.html', context) return response
def login(request): logger.debug("in login") error_message = '' if request.method == 'POST': logger.debug("in login POST") form = Authentication_Form(request.POST) if form.is_valid(): logger.debug(form.cleaned_data['email']+'<>'+form.cleaned_data['password']) user = authenticate(email=form.cleaned_data['email'], password=form.cleaned_data['password']) if user is not None: if user.is_active: django_login(request, user) return redirect('/vital') else: form = User_Activation_Form(initial={'user_email': user.email}) return render(request, 'vital/user_registration_validate.html', {'message': 'User is not active. ' + 'Please check your mail(' + user.email+') for ' + 'activation code', 'form': form}) else: error_message = 'Login failed! Check your username and password.' else: error_message = 'Login failed! Check your username and password.' else: form = Authentication_Form() return render(request, 'vital/login.html', {'form': form, 'error_message': error_message})
def signup(request): """ Muestra un formulario para registrar a un nuevo usuario y lo crea si la petición es POST :param request: HttpRequest :return: HttpResponse """ success_message = [] if request.method == "GET": form = SignupForm() else: form = SignupForm(request.POST) if form.is_valid(): new_user = form.save() # Guarda el objeto User y lo devuelve new_user = authenticate(username=request.POST["username"], password=request.POST["password1"]) django_login(request, new_user) form = SignupForm() success_message = "<h4>¡El usuario se ha creado con éxito! --> " success_message += '<a href="{0}">'.format(reverse("posts_main")) success_message += "Entrar" success_message += "</a></h4>" success_message += "<hr>" else: form = SignupForm() context = {"form": form, "success_message": success_message} return render(request, "users/signup.html", context)
def auth(request): if request.method == 'POST': form = LoginForm(request.POST) if form.is_valid(): email = request.POST.get('email') password = request.POST.get('password') # Redirect if OTP is set #if User.objects.get(email=email).OTP: # messages.add_message(request, messages.ERROR, "OTP") # return redirect('/login/') userId = User.objects.get(email=email).userId user = authenticate(userId=userId, password=password) if user: if user.is_active: django_login(request, user) # Redirect based on user account type if user.is_staff or user.is_superuser: return redirect('userAdmin') else: return redirect('activeRounds') # Access Denied messages.add_message(request, messages.ERROR, "Incorrect username or password") return redirect('/login/') else: return redirect('/login/')
def login(request): """ Login View """ if(request.method == 'POST'): form = LoginForm(data=request.POST) if form.is_valid(): user = authenticate(email=request.POST['email'], password=request.POST['password']) if user is not None: if user.is_active: django_login(request, user) return redirect('/app/dashboard', request) else: form = LoginForm() return render_to_response('login.html', { 'form' : form, 'login_error_message' : 'Invalid Login Credentials', }, context_instance=RequestContext(request)) else: form = LoginForm() return render_to_response('login.html', { 'form' : form, }, context_instance=RequestContext(request))
def _let_user_login(request, user, email, password, next=''): user = django_authenticate(email=email, password=password) django_login(request, user) if next: return HttpResponseRedirect(redirect_to=next) return HttpResponseRedirect(redirect_to='/')
def register(request): """ DataHub account registration form. GET returns an HttpResponse containing the account registration form. POST creates a name/email/password account and logs the new user in. Other links from the page lead to Python Social Auth options (Google, Facebook, Twitter, etc). """ # Redirect succesful logins to `next` if set. # Failing that `redirect_url`. # Failing that, LOGIN_REDIRECT_URL from settings.py. redirect_uri = post_or_get( request, 'next', fallback=post_or_get( request, 'redirect_url', fallback=settings.LOGIN_REDIRECT_URL)) redirect_absolute_uri = add_query_params_to_url( request.build_absolute_uri(redirect_uri), {'auth_user': request.user.get_username()}) if request.method == 'POST': form = RegistrationForm(request.POST) if form.is_valid(): username = form.cleaned_data['username'].lower() email = form.cleaned_data['email'].lower() password = form.cleaned_data['password'] User.objects.create_user(username, email, password) # A signal handler in signals.py listens for the pre_save signal # and throws an IntegrityError if the user's email address is not # unique. Username uniqueness is handled by the model. # # In the future, another pre_save signal handler will check if a # DataHub database exists for the user and create one if it # doesn't exist. If the database cannot be created, that handler # will throw an exception. user = datahub_authenticate(username, password) if user is not None and user.is_active: django_login(request, user) # Append auth_user to redirect_uri so apps like Kibitz can # pull the username out of the redirect. This should be # removed when Thrift is removed from DataHub. redirect_uri = add_query_params_to_url( redirect_uri, {'auth_user': request.user.get_username()}) return HttpResponseRedirect(redirect_uri) else: # Form isn't valid. Fall through and return it to the user with # errors. pass else: form = RegistrationForm() providers = provider_details() context = RequestContext(request, { 'request': request, 'user': request.user, 'form': form, 'providers': providers, 'next': redirect_uri, 'absolute_next': redirect_absolute_uri, }) return render_to_response('register.html', context_instance=context)
def globus_callback_authorize(request): """ TODO: This logic 'lets the auth token escape' May need to refactor this... """ code = request.GET.get('code') try: user_token = globus_validate_code(request) except Unauthorized as bad_code: logger.exception("Globus login failed to validate code: %s" % bad_code) app_name = auth_settings.APP_NAME site_name = auth_settings.SITE_NAME return HttpResponse( "In order to use %s you must consent to " "releasing your identity details from Globus to %s." % (app_name, site_name), status=401) if not user_token: # Redirect out of the OAuth loop return HttpResponseRedirect(auth_settings.LOGOUT_REDIRECT_URL) user = authenticate(key=user_token.key) django_login(request, user) # Apply newly created AuthToken to session request.session['username'] = user_token.user.username request.session['access_token'] = user_token.key # Redirect to 'next' next_url = request.session.get('next', '/application') return HttpResponseRedirect(next_url)
def register(request): """ Display the registration form, and save the user. """ # redirect if user is loged in if request.user and not request.user.is_anonymous(): if is_async(request): return json_response(request) return HttpResponseRedirect(reverse('jobsite_main.views.main')) if is_async(request): if request.GET.get('submit', False): form = UserForm(data=request.GET) if form.is_valid(): user = form.save() session_id = request.session.session_key auto_authenticate(user) django_login(request, user) db.update_action_with_user_id(session_id, user) return json_response(request) else: form = UserForm() return json_response(request, code=INPUT, data= render_to_string('blocks/register.html', {'form': form})) # TODO: register without javascript return handle_response(request, { 'content_block': 'blocks/register.html', 'form': form }, 'base.html')
def login_oauth_token(request, backend): """ Authenticate the client using an OAuth access token by using the token to retrieve information from a third party and matching that information to an existing user. """ warnings.warn("Please use AccessTokenExchangeView instead.", DeprecationWarning) backend = request.backend if isinstance(backend, social_oauth.BaseOAuth1) or isinstance(backend, social_oauth.BaseOAuth2): if "access_token" in request.POST: # Tell third party auth pipeline that this is an API call request.session[pipeline.AUTH_ENTRY_KEY] = pipeline.AUTH_ENTRY_LOGIN_API user = None access_token = request.POST["access_token"] try: user = backend.do_auth(access_token) except (HTTPError, AuthException): pass # do_auth can return a non-User object if it fails if user and isinstance(user, User): django_login(request, user) return JsonResponse(status=204) else: # Ensure user does not re-enter the pipeline request.social_strategy.clean_partial_pipeline(access_token) return JsonResponse({"error": "invalid_token"}, status=401) else: return JsonResponse({"error": "invalid_request"}, status=400) raise Http404
def login(request): """ Login view """ if request.method == 'POST': # Get login data from POST password = request.POST.get('password', None) username = request.POST.get('access_level', None) # Validate credentials if username not in ['admin-user', 'readonly-user']: # Make sure that people cannot log in as an arbitrary user # using faked HTTP requests. user = None else: # If authentication fails, the function returns ``None``. user = authenticate(username=username, password=password) # Authenticate user if user is not None and user.is_active: django_login(request, user) next_url = request.POST.get('next_url', None) if next_url is not None: return redirect(next_url) else: return redirect('/') else: messages.error(request, _('Bad password!')) if request.user.is_authenticated(): return redirect('/') context = {'next_url': request.GET.get('next', '')} return render(request, 'auth/login.html', context)
def login(request): """ Login view """ if request.method == 'POST': form = FormAuthenticate(data=request.POST) if form.is_valid(): user = authenticate( email=request.POST['email'].lower().replace(" ", ""), password=request.POST['password'] ) if user is not None: if user.is_active: django_login(request, user) return HttpResponseRedirect(reverse_lazy('index')) else: return render_to_response('login.html', {'form': form, }, context_instance= RequestContext(request) ) else: form = FormAuthenticate() return render_to_response( 'login.html', {'form': form, }, context_instance=RequestContext(request))
def login(request): ''' This function handles the logging in of a user, and the submission of the login form from the main page. ''' # Set up the response data dict responseData = {} # First let's check if there is a username and password present in the request # Make sure username was included if u'username' not in request.POST: responseData[u'result'] = u'failed' responseData[u'reason'] = u'Username not specified.' return HttpResponse(json.dumps(responseData), content_type=u'application/json') # Make sure a password was included if u'password' not in request.POST: responseData[u'result'] = u'failed' responseData[u'reason'] = u'Password not specified.' return HttpResponse(json.dumps(responseData), content_type=u'application/json') # Now let's try to log them in u = authenticate(username=request.POST[u'username'], password=request.POST[u'password']) # If it is none, login returned a user which means they logged in successfully if u is not None: # TODO: Check here for is_active? django_login(request, u) responseData[u'result'] = u'succeeded' return HttpResponse(json.dumps(responseData), content_type=u'application/json') # If we get here, authentication failed. else: responseData[u'result'] = u'failed' responseData[u'reason'] = u'Invalid username or password.' return HttpResponse(json.dumps(responseData), content_type=u'application/json')
def old_login(request): """ Log in view """ navbarlinks = list_navbarlinks(request, ["Login", "Help page"]) navbarlinks.append({"url": "/help#helpsection_loginpage", "title": "Help page", "icon": "question-sign"}) shortcutlinks = [] login_failed_msg = False if request.method == 'POST': login_failed_msg = True form = AuthenticationForm(data=request.POST) if form.is_valid(): user = authenticate(email=request.POST['username'], password=request.POST['password']) if user is not None: if user.is_active: django_login(request, user) request.session["user"] = user.annotator_id.annotator_id login_failed_msg = False return redirect('/interface_main') else: if request.session.get("user"): return redirect('/interface_main', context=RequestContext(request)) else: form = AuthenticationForm() return render_to_response('accounts/old_login.html',{'form': form}, context_instance=RequestContext(request, { 'login_failed_msg': login_failed_msg, 'navbarlinks': navbarlinks, 'shortcutlinks': shortcutlinks, "pid_tofeed": request.session.get("pid_tofeed"), "subject_tofeed": request.session.get("subject_tofeed") }))
def login(request): if not request.user.is_authenticated(): if request.method =='POST': form = LoginForm(request.POST) if form.is_valid(): username = form.cleaned_data['username'] password = form.cleaned_data['password'] user = authenticate(username=username, password=password) if user != None: if user.is_active: django_login(request, user) if request.POST.get('next', 'None') == 'None': return redirect(reverse('home_index'), context_instance=RequestContext(request)) else: return redirect(request.POST.get('next'), context_instance=RequestContext(request)) else: messages.error(request, 'Your account has been disabled.') else: messages.error(request, 'Your username and password were incorrect.') else: form = LoginForm() else: return redirect(reverse('home_index'), context_instance=RequestContext(request)) return render_to_response( 'auth/login.html', {'form': form, 'next':request.GET.get('next', 'None')}, context_instance=RequestContext(request) )
def signup(request): if request.method == 'POST': signup_form = UserRegistrationForm(request.POST) if signup_form.is_valid(): user = User.objects.create_user(username=signup_form.cleaned_data['username'], password=signup_form.cleaned_data[ 'password'], email=signup_form.cleaned_data['email']) user = authenticate(username=signup_form.cleaned_data['username'], password=signup_form.cleaned_data['password']) if user is not None: if user.is_active: # Login User django_login(request, user) return HttpResponseRedirect('/') else: return HttpResponseRedirect('/invalid_data/') else: signup_form = UserRegistrationForm() return render_to_response('blogs/signup.html', { 'signup_form': signup_form }, context_instance=RequestContext(request))
def callback(request): token = oauth.Token(request.session['request_token']['oauth_token'], request.session['request_token']['oauth_token_secret']) token.set_verifier(request.GET['oauth_verifier']) client = oauth.Client(consumer, token) resp, content = client.request(ACCESS_TOKEN_URL, "GET") if resp['status'] != '200': raise Exception("Invalid response from Avans.") access_token = dict(cgi.parse_qsl(content)) token = oauth.Token(access_token['oauth_token'], access_token['oauth_token_secret']) client = oauth.Client(consumer, token) # Check if the user is an employee or not resp, content = client.request('https://publicapi.avans.nl/oauth/people/@me', 'GET') data = json.loads(content) is_student = data['employee'] <> 'true' name = data['name']['formatted'] email = data['emails'][0] # Get the username and student number resp, content = client.request('https://publicapi.avans.nl/oauth/studentnummer/', 'GET') data = json.loads(content)[0] username = data['inlognaam'].lower() student_number = int(data['studentnummer']) user = get_user(username, name, email, is_student, student_number) # Log the user in user = authenticate(username=username) django_login(request, user) # Redirect to the main site return HttpResponseRedirect('/')
def login(request): """ Page de connection """ form = LoginForm() if request.user.is_authenticated(): return HttpResponseRedirect(reverse('edit_text_static')) else: c = {} c.update(csrf(request)) state = "Se connecter" if request.method == 'POST': username = request.POST['username'] password = request.POST['password'] user = authenticate(username=username, password=password) if user is not None: if user.is_active: django_login(request, user) return HttpResponseRedirect(reverse('edit_text_static')) else: state = "Your Account is not active,\ please contact the site admin." else: state = u"Votre nom d'utilisateur et / ou \ votre mot de passe est incorrect. \ Veuillez réessayer." c.update({'form': form, 'state': state}) return render(request, 'login.html', c)
def login(request): """ Log in view """ if request.method == 'POST': login_form = AuthenticationForm(data=request.POST) if login_form.is_valid(): email = request.POST['email'] try: user = authenticate(email=email, password=request.POST['password']) if user is not None: if user.is_active: django_login(request, user) user = User.objects.get(email=email) try: student=user.student_set.get() return HttpResponseRedirect("/student") except: try: mentor = user.mentor_set.get() return HttpResponseRedirect("/mentor") except: raise Http404("User does not exist.") else: return HttpResponseRedirect('/invalid_login') except: raise HttpResponseRedirect('/invalid_login') else: login_form = AuthenticationForm() return render_to_response('projects_app/login.html', { 'form': login_form, }, context_instance=RequestContext(request))
def login(request): if request.method in ['GET', 'HEAD']: if request.user.is_authenticated(): try: player = Player.objects.get(user=request.user) return redirect(reverse('player', kwargs={'username': player.user.username})) except Exception: return HttpResponseServerError("<h1>Your user is not associated with a player!</h1>") else: return render(request, 'murpi_core/login.html') elif request.method == 'POST': if dict_has_keys(request.POST, ('username', 'password'), check_not_empty=True): user = authenticate(username=request.POST['username'], password=request.POST['password']) if user is not None: if user.is_active: if user.player: django_login(request, user) return redirect(reverse("player", kwargs={"username": user.username})) else: error(request, 'Your user account is broken! Please contact an admin.') return redirect(reverse("login")) else: error(request, 'Your account is disabled!') return redirect(reverse("login")) else: request.session['username'] = request.POST['username'] error(request, 'Incorrect username or password.') return redirect(reverse("login")) else: request.session['username'] = request.POST['username'] error(request, 'Username or password cannot be empty') return redirect(reverse("login")) else: raise Http404('Only GET, POST, and HEAD HTTP methods allowed.')
def activation(request, code=None): if not code: code = request.GET.get('code', None) if request.user.is_authenticated() or request.method == 'POST': return redirect('profile_view') if code: claim = get_object_or_None(Claim, activation_code=code) if not claim: return {'fail': _('Activation code invalid.')} elif claim.user.is_active: return {'fail': _('Claim has been already activated.')} elif claim.activate(): send_email(settings.NOTIFY_EMAIL, 'notice', {'claim': claim, 'action': 'activation'}) claim.user.backend = 'django.contrib.auth.backends.ModelBackend' django_login(request, claim.user) else: return {'fail': _('Activation failed.') } return {}
def login(request): """ Try to log in a user """ if request.method == 'POST': username = request.POST.get('username', '') password = request.POST.get('password', '') site = request.POST.get('next', '/manage') user = django_auth(username=username, password=password) if user is not None: if user.is_active: django_login(request, user) return redirect(site) form = AuthenticationForm(request) form.fields['username'].widget.attrs.update({ 'placeholder': 'username' }) form.fields['password'].widget.attrs.update({ 'placeholder': 'password' }) site = request.GET.get('next', '/manage') return render(request, 'blog/login.html', { 'form': form, 'next': site, 'request': request, })
def register(request): if request.method == 'GET': ''' Show the registration page ''' return render(request, "keyvalue/register.html") else: if 'username' in request.POST and 'email' in request.POST and \ 'password1' in request.POST and 'password2' in request.POST: username = request.POST['username'] email = request.POST['email'] password1 = request.POST['password1'] password2 = request.POST['password2'] else: return render(request, "keyvalue/register.html", {'error': "Please fill in all fields"}) if password1 != password2: return render(request, "keyvalue/register.html", {'error': "The passwords do not match"}) try: # Create the new account user = User.objects.create_user(username=username, email=email, password=password1) setup_new_user(user) # Log the new account in user = authenticate(username=username,password=password1) django_login(request, user) return render(request, "keyvalue/register.html", {'success': "Registration successful!"}) except IntegrityError: return render(request, "keyvalue/register.html", {'error': "This username was already taken or invalid"}) except Exception: return render(request, "keyvalue/register.html", {'error': "An error occurred: invalid data?"})
def internal_login(request): """ Internal login using Django authentication framework """ custom_log(request, "Internal login requested. back_url=%s" % request.GET.get("next"), level="debug") params = request.GET.dict() params["_sso"] = "internal" ret = {} browser = request.browser if browser is None: custom_log(request, "Browser is not set. Redirect to first step authentication") return redirect_with_get_params("login_frontend.authentication_views.firststepauth", params) if request.GET.get("next") is None: # No back url is defined. Go to front page. custom_log(request, "No back URL is defined. Redirect to the front page", level="debug") return HttpResponseRedirect(reverse("login_frontend.views.indexview")) # TODO: static auth level if browser.get_auth_level() >= Browser.L_STRONG: back_url = request.GET.get("next") custom_log(request, "User is authenticated with strong authentication. Redirecting back to %s" % back_url, level="info") (user, _) = DjangoUser.objects.get_or_create(username=browser.user.username, defaults={"email": browser.user.email, "is_staff": False, "is_active": True, "is_superuser": False, "last_login": datetime.datetime.now(), "date_joined": datetime.datetime.now()}) user.backend = 'django.contrib.auth.backends.ModelBackend' # Horrible hack. django_login(request, user) return HttpResponseRedirect(back_url) custom_log(request, "More authentication is required. Redirect to first step authentication", level="debug") return redirect_with_get_params("login_frontend.authentication_views.firststepauth", params)
def login(request): try: user = authenticate(shibd_meta=request.META) if not user: raise ShibbolethException( _("Failed to login the user. " "Shibboleth META headers missing. " "Check the Apache mod_shibd is active and /shibboleth is protected.") ) if not user.is_active: logger.warn("Shibboleth login attempt for inactive user: {}".format(user.username)) raise ShibbolethException( _("The user account has been disabled.") ) django_login(request, user) logger.debug("Shibboleth login: {}".format(user.username)) redirect_to = request.GET.get(REDIRECT_FIELD_NAME, '') if not is_safe_url(url=redirect_to, host=request.get_host()): redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL) return HttpResponseRedirect(redirect_to) except ShibbolethException as e: return HttpResponse(e.message, content_type='text/plain', status=403)
def login(request, user): partner_pk = request.session[settings.PARTNER_SESSION_KEY] \ if settings.PARTNER_SESSION_KEY in request.session \ else None django_login(request, user) if partner_pk: request.session[settings.PARTNER_SESSION_KEY] = partner_pk
def register(request): if (request.POST.get('password', '') == request.POST.get('password_confirmation', '')): email = request.POST.get('email', '') fname = request.POST.get('first', '') lname = request.POST.get('last', '') password = request.POST.get('password', '') # The user model is a preset django model try: user = User.objects.create_user(username=email, password=password, email=email, first_name=fname, last_name=lname) user.save() user = authenticate(username=email, password=password) if user is not None: if user.is_active: django_login(request, user) # return HttpResponse("You are now logged in") request.session['mid'] = user.id return HttpResponseRedirect ('/tasks/') except: return HttpResponse("Sorry please try again with different inputs") else: # print request.POST.get('password', '') # print request.POST.get('password_confirmation', '') return HttpResponse("your password and confirmation did not match")
def sms_login(request, *args, **kwargs): # Check session variables to find information carried forward. access_field = settings.USERNAME_FIELD # This is the key field name. Probably username or email if access_field in request.session: if request.session[access_field] != "": access_key = request.session[access_field] else: access_key = "" else: access_key = "" if settings.DEBUG: # print(request.GET) print("SMS_LOGIN.GET:", access_field, ":[%s]" % (access_key)) # print(request.POST) print(args) next = "" # Passing next parameter through to form if request.GET: if 'next' in request.GET: next = request.GET['next'] if settings.DEBUG: print("We got a next value of:", next) if request.method == 'POST': form = AuthenticationForm(request.POST) if request.POST['login'].lower() == 'resend code': if settings.DEBUG: print("Resending Code for %s" % request.POST[access_field]) # form = SMSCodeForm(request.POST) # form.username = request.POST['username'] request.session[access_field] = request.POST[access_field] return HttpResponseRedirect(reverse('accounts:sms_code')) if form.is_valid(): print("Authenticating...") access_key = form.cleaned_data[access_field].lower() password = form.cleaned_data['password'].lower() sms_code = form.cleaned_data['sms_code'] if not validate_sms(access_key=access_key, smscode=sms_code): messages.error(request, "Invalid Access Code.") return render_to_response('accounts/login.html', {'form': AuthenticationForm(), 'next': next}, RequestContext(request)) # DONE: Trying to handle LDAP Errors. eg. Not available try: user = authenticate(username=access_key, password=password) except (ldap3.LDAPBindError, ldap3.LDAPSASLPrepError, ldap3.LDAPSocketOpenError): print("We got an LDAP Error - Bind:",dir(ldap3.LDAPBindError), "\nSASL Prep:", ldap3.LDAPSASLPrepError, "\nSocketOpenError:",ldap3.LDAPSocketOpenError) messages.error(request, "We had a problem reaching the Directory Server") return render_to_response('accounts/login.html', {'next': next}, RequestContext(request)) ####### if user is not None: if user.is_active: django_login(request, user) # DONE: Set a session variable to identify as # master account and not a subacc session_device(request, "True", Session="auth_master") # DONE: Now Send a message on login if user.notify_activity in "ET": send_activity_message(request, user) # Otherwise don't send a message if next != "": return HttpResponseRedirect(next) else: return HttpResponseRedirect(reverse('home')) else: messages.error(request, "Your account is not active.") args = {'next': next} return HttpResponseRedirect(reverse('sms_code', args)) else: messages.error(request, "Invalid username or password.") return render_to_response('accounts/login.html', {'form': AuthenticationForm(), 'next': next}, RequestContext(request)) else: print("Error with the POST form", ) return render_to_response('accounts/login.html', {'form': form, 'next': next}, RequestContext(request)) else: if access_field in request.session: access_key = request.session[access_field] else: access_key = "" if settings.DEBUG: print("in sms_login. Setting up Form [", access_key, "]") form = AuthenticationForm(initial={access_field: access_key}) if settings.DEBUG: # print(form) print("Dropping to render_to_response in sms_login") return render_to_response('accounts/login.html', {'form': form, 'next': next}, RequestContext(request))
def process_login(self): django_login(self.request, self.user)
def login_get_access(request): print('*********** login_get_access ************') if 'state' not in request.session: request.session['state'] = 'blah123' # 'state' if request.GET['state'] != request.session['state']: print("login_get_access> get state: <%s> and session <%s>" % (request.GET['state'], request.session['state'])) #return HttpResponseRedirect('/') return render(request, 'msg.html', {'msg': 'session is expired. Try to login again.'}) data = { 'client_id': client_id_login, 'client_secret': client_secret_login, 'code': request.GET['code'], 'redirect_uri': host # host+'/add_hook' } res = requests.post('https://github.com/login/oauth/access_token', data=data) print("response: ") print(res.text) atts = res.text.split('&') d = {} try: for att in atts: keyv = att.split('=') d[keyv[0]] = keyv[1] access_token = d['access_token'] request.session['access_token'] = access_token print('access_token: ' + access_token) except Exception as e: print("exception: " + str(e)) print("no access token") print("response: %s" % res.text) return render( request, 'msg.html', {'msg': 'Missing token from Github API. Try to login again'}) g = Github(access_token) email = g.get_user().email username = g.get_user().login if email == '' or type(email) == type(None): return render( request, 'msg.html', {'msg': 'You have to make you email public and try again'}) request.session['avatar_url'] = g.get_user().avatar_url print('avatar_url: ' + request.session['avatar_url']) try: print("looking for email: <%s>" % (str(email))) user = OUser.objects.get(email=email) user.username = username user.save() except Exception as e: try: print("number of users: %d" % (len(OUser.objects.all()))) print("Exception: %s" % (str(e))) print("looking for username: <%s>" % (str(username))) user = OUser.objects.get(username=username) user.email = email user.save() except: print("Exception: %s" % (str(e))) print('<%s,%s>' % (email, username)) # The password is never important but we set it here because it is required by User class print("Now will create the user: "******"username: "******"password: "******"email: " + email) user = OUser.objects.create_user(username=username, password=request.session['state'], email=email) user.save() django_login(request, user) print('The used access_token: ' + access_token) sys.stdout.flush() sys.stderr.flush() return HttpResponseRedirect('/')
def registration(request): ''' A form to allow for registration of new users ''' template_data = {} template_data.update(csrf(request)) # Don't use captcha when registering through an app is_app = check_request_amazon(request) or check_request_android(request) FormClass = RegistrationFormNoCaptcha if is_app else RegistrationForm # Don't show captcha if the global parameter is false if not settings.WGER_SETTINGS['USE_RECAPTCHA']: FormClass = RegistrationFormNoCaptcha # Redirect regular users, in case they reached the registration page if request.user.is_authenticated( ) and not request.user.userprofile.is_temporary: return HttpResponseRedirect(reverse('core:dashboard')) if request.method == 'POST': form = FormClass(data=request.POST) # If the data is valid, log in and redirect if form.is_valid(): username = form.cleaned_data['username'] password = form.cleaned_data['password1'] email = form.cleaned_data['email'] user = Django_User.objects.create_user(username, email, password) user.save() # Pre-set some values of the user's profile language = Language.objects.get( short_name=translation.get_language()) user.userprofile.notification_language = language # Set default gym, if needed gym_config = GymConfig.objects.get(pk=1) if gym_config.default_gym: user.userprofile.gym = gym_config.default_gym # Create gym user configuration object config = GymUserConfig() config.gym = gym_config.default_gym config.user = user config.save() user.userprofile.save() user = authenticate(username=username, password=password) django_login(request, user) messages.success(request, _('You were successfully registered')) return HttpResponseRedirect(reverse('core:dashboard')) else: form = FormClass() template_data['form'] = form template_data['title'] = _('Register') template_data['form_fields'] = [i for i in form] template_data['form_action'] = reverse('core:user:registration') template_data['submit_text'] = _('Register') template_data['extend_template'] = 'base.html' return render(request, 'form.html', template_data)
def auth_receive(request): if 's' in request.GET and request.GET['s'] == "logout": # This was a logout request return HttpResponseRedirect('/') if 'i' not in request.GET: return HttpResponse("Missing IV in url!", status=400) if 'd' not in request.GET: return HttpResponse("Missing data in url!", status=400) # Set up an AES object and decrypt the data we received decryptor = AES.new(base64.b64decode(settings.PGAUTH_KEY), AES.MODE_CBC, base64.b64decode(str(request.GET['i']), "-_")) s = decryptor.decrypt(base64.b64decode(str(request.GET['d']), "-_")).rstrip(b' ').decode('utf8') # Now un-urlencode it try: data = parse_qs(s, strict_parsing=True) except ValueError: return HttpResponse("Invalid encrypted data received.", status=400) # Check the timestamp in the authentication if (int(data['t'][0]) < time.time() - 10): return HttpResponse("Authentication token too old.", status=400) # Update the user record (if any) try: user = User.objects.get(username=data['u'][0]) # User found, let's see if any important fields have changed changed = [] if user.first_name != data['f'][0]: user.first_name = data['f'][0] changed.append('first_name') if user.last_name != data['l'][0]: user.last_name = data['l'][0] changed.append('last_name') if user.email != data['e'][0]: user.email = data['e'][0] changed.append('email') if changed: user.save(update_fields=changed) except User.DoesNotExist: # User not found, create it! # NOTE! We have some legacy users where there is a user in # the database with a different userid. Instead of trying to # somehow fix that live, give a proper error message and # have somebody look at it manually. if User.objects.filter(email=data['e'][0]).exists(): return HttpResponse( """A user with email %s already exists, but with a different username than %s. This is almost certainly caused by some legacy data in our database. Please send an email to [email protected], indicating the username and email address from above, and we'll manually merge the two accounts for you. We apologize for the inconvenience. """ % (data['e'][0], data['u'][0]), content_type='text/plain') if getattr(settings, 'PGAUTH_CREATEUSER_CALLBACK', None): res = getattr(settings, 'PGAUTH_CREATEUSER_CALLBACK')( data['u'][0], data['e'][0], ['f'][0], data['l'][0], ) # If anything is returned, we'll return that as our result. # If None is returned, it means go ahead and create the user. if res: return res user = User( username=data['u'][0], first_name=data['f'][0], last_name=data['l'][0], email=data['e'][0], password='******', ) user.save() # Ok, we have a proper user record. Now tell django that # we're authenticated so it persists it in the session. Before # we do that, we have to annotate it with the backend information. user.backend = "%s.%s" % (AuthBackend.__module__, AuthBackend.__name__) django_login(request, user) # Signal that we have information about this user auth_user_data_received.send( sender=auth_receive, user=user, userdata={ 'secondaryemails': data['se'][0].split(',') if 'se' in data else [] }) # Finally, check of we have a data package that tells us where to # redirect the user. if 'd' in data: (ivs, datas) = data['d'][0].split('$') decryptor = AES.new( SHA.new(settings.SECRET_KEY.encode('ascii')).digest()[:16], AES.MODE_CBC, base64.b64decode(ivs, b"-_")) s = decryptor.decrypt(base64.b64decode( datas, "-_")).rstrip(b' ').decode('utf8') try: rdata = parse_qs(s, strict_parsing=True) except ValueError: return HttpResponse("Invalid encrypted data received.", status=400) if 'r' in rdata: # Redirect address return HttpResponseRedirect(rdata['r'][0]) # No redirect specified, see if we have it in our settings if hasattr(settings, 'PGAUTH_REDIRECT_SUCCESS'): return HttpResponseRedirect(settings.PGAUTH_REDIRECT_SUCCESS) return HttpResponse( "Authentication successful, but don't know where to redirect!", status=500)
@anonymous_only def register(request): if request.method == 'POST': form = RegisterForm(request.POST) if form.is_valid(): # Register form.save() # Authenticate user = authenticate( username=form.cleaned_data['email'], password=form.cleaned_data['password'], ) if not user: return HttpResponseRedirect(reverse('auth:login')) # Login django_login(request, user) return HttpResponseRedirect('/') else: form = RegisterForm() return render(request, 'auth/register.html', { 'form': form, }) @anonymous_only def login(request): if request.method == 'POST': form = LoginForm(request.POST) if form.is_valid(): user = form.get_user() django_login(request, user)
def create_account_with_params(request, params): """ Given a request and a dict of parameters (which may or may not have come from the request), create an account for the requesting user, including creating a comments service user object and sending an activation email. This also takes external/third-party auth into account, updates that as necessary, and authenticates the user for the request's session. Does not return anything. Raises AccountValidationError if an account with the username or email specified by params already exists, or ValidationError if any of the given parameters is invalid for any other reason. Issues with this code: * It is non-transactional except where explicitly wrapped in atomic to alleviate deadlocks and improve performance. This means failures at different places in registration can leave users in inconsistent states. * Third-party auth passwords are not verified. There is a comment that they are unused, but it would be helpful to have a sanity check that they are sane. * The user-facing text is rather unfriendly (e.g. "Username must be a minimum of two characters long" rather than "Please use a username of at least two characters"). * Duplicate email raises a ValidationError (rather than the expected AccountValidationError). Duplicate username returns an inconsistent user message (i.e. "An account with the Public Username '{username}' already exists." rather than "It looks like {username} belongs to an existing account. Try again with a different username.") The two checks occur at different places in the code; as a result, registering with both a duplicate username and email raises only a ValidationError for email only. """ # Copy params so we can modify it; we can't just do dict(params) because if # params is request.POST, that results in a dict containing lists of values params = dict(params.items()) # allow to define custom set of required/optional/hidden fields via configuration extra_fields = configuration_helpers.get_value( 'REGISTRATION_EXTRA_FIELDS', getattr(settings, 'REGISTRATION_EXTRA_FIELDS', {}) ) # registration via third party (Google, Facebook) using mobile application # doesn't use social auth pipeline (no redirect uri(s) etc involved). # In this case all related info (required for account linking) # is sent in params. # `third_party_auth_credentials_in_api` essentially means 'request # is made from mobile application' third_party_auth_credentials_in_api = 'provider' in params is_third_party_auth_enabled = third_party_auth.is_enabled() if is_third_party_auth_enabled and (pipeline.running(request) or third_party_auth_credentials_in_api): params["password"] = generate_password() # in case user is registering via third party (Google, Facebook) and pipeline has expired, show appropriate # error message if is_third_party_auth_enabled and ('social_auth_provider' in params and not pipeline.running(request)): raise ValidationError( {'session_expired': [ _(u"Registration using {provider} has timed out.").format( provider=params.get('social_auth_provider')) ]} ) extended_profile_fields = configuration_helpers.get_value('extended_profile_fields', []) # Can't have terms of service for certain SHIB users, like at Stanford registration_fields = getattr(settings, 'REGISTRATION_EXTRA_FIELDS', {}) tos_required = ( registration_fields.get('terms_of_service') != 'hidden' or registration_fields.get('honor_code') != 'hidden' ) form = AccountCreationForm( data=params, extra_fields=extra_fields, extended_profile_fields=extended_profile_fields, do_third_party_auth=False, tos_required=tos_required, ) custom_form = get_registration_extension_form(data=params) # Perform operations within a transaction that are critical to account creation with outer_atomic(read_committed=True): # first, create the account (user, profile, registration) = do_create_account(form, custom_form) third_party_provider, running_pipeline = _link_user_to_third_party_provider( is_third_party_auth_enabled, third_party_auth_credentials_in_api, user, request, params, ) new_user = authenticate_new_user(request, user.username, params['password']) django_login(request, new_user) request.session.set_expiry(0) # Check if system is configured to skip activation email for the current user. skip_email = _skip_activation_email( user, running_pipeline, third_party_provider, ) if skip_email: registration.activate() else: compose_and_send_activation_email(user, profile, registration) # Perform operations that are non-critical parts of account creation create_or_set_user_attribute_created_on_site(user, request.site) preferences_api.set_user_preference(user, LANGUAGE_KEY, get_language()) if settings.FEATURES.get('ENABLE_DISCUSSION_EMAIL_DIGEST'): try: enable_notifications(user) except Exception: # pylint: disable=broad-except log.exception(u"Enable discussion notifications failed for user {id}.".format(id=user.id)) _track_user_registration(user, profile, params, third_party_provider) # Announce registration REGISTER_USER.send(sender=None, user=user, registration=registration) create_comments_service_user(user) try: _record_registration_attributions(request, new_user) # Don't prevent a user from registering due to attribution errors. except Exception: # pylint: disable=broad-except log.exception('Error while attributing cookies to user registration.') # TODO: there is no error checking here to see that the user actually logged in successfully, # and is not yet an active user. if new_user is not None: AUDIT_LOG.info(u"Login success on new account creation - {0}".format(new_user.username)) return new_user
def facebook_login(request): code = request.GET.get('code') app_access_token = '{}|{}'.format( settings.FACEBOOK_APP_ID, settings.FACEBOOK_SECRET_CODE, ) class GetAccessTokenException(Exception): def __init__(self, *args, **kwargs): error_dict = args[0]['data']['error'] self.code = error_dict['code'] self.message = error_dict['message'] self.is_valid = error_dict['is_valid'] self.scopes = error_dict['scopes'] class DebugTokenException(Exception): def __init__(self, *args, **kwargs): error_dict = args[0]['data']['error'] self.code = error_dict['code'] self.message = error_dict['message'] def add_message_and_redirect_referer(): error_message_for_user = '******' messages.error(request, error_message_for_user) return redirect(request.META['HTTP_REFERER']) def get_access_token(code): url_access_token = 'https://graph.facebook.com/v2.9/oauth/access_token' redirect_uri = '{}://{}{}'.format( request.scheme, request.META['HTTP_HOST'], request.path, ) url_access_token_params = { 'client_id': settings.FACEBOOK_APP_ID, 'redirect_uri': redirect_uri, 'client_secret': settings.FACEBOOK_SECRET_CODE, 'code': code, } response = requests.get(url_access_token, params=url_access_token_params) result = response.json() if 'access_token' in result: return result['access_token'] elif 'error' in result: raise GetAccessTokenException(result) else: raise Exception('Unknown error') def debug_token(token): url_debug_token = 'https://graph.facebook.com/debug_token' url_debug_token_params = { 'input_token': token, 'access_token': app_access_token } response = requests.get(url_debug_token, url_debug_token_params) result = response.json() if 'error' in result['data']: raise DebugTokenException(result) else: return result def get_user_info(user_id, token): url_user_info = 'https://graph.facebook.com/v2.9/{user_id}'.format( user_id=user_id) url_user_info_params = { 'access_token': token, 'fields': ','.join([ 'id', 'name', 'email', 'first_name', 'last_name', 'picture.type(large)', 'gender', ]) } response = requests.get(url_user_info, params=url_user_info_params) result = response.json() return result if not code: return add_message_and_redirect_referer() try: access_token = get_access_token(code) debug_result = debug_token(access_token) user_info = get_user_info(user_id=debug_result['data']['user_id'], token=access_token) user = User.objects.get_or_create_facebook_user(user_info) django_login(request, user) return redirect(request.META['HTTP_REFERER']) except GetAccessTokenException as e: print(e.code) print(e.message) return add_message_and_redirect_referer() except DebugTokenException as e: print(e.code) print(e.message) return add_message_and_redirect_referer()
def register(request): """ DataHub account registration form. GET returns an HttpResponse containing the account registration form. POST creates a name/email/password account and logs the new user in. Other links from the page lead to Python Social Auth options (Google, Facebook, Twitter, etc). """ # Redirect succesful logins to `next` if set. # Failing that `redirect_url`. # Failing that, LOGIN_REDIRECT_URL from settings.py. redirect_uri = post_or_get(request, 'next', fallback=post_or_get( request, 'redirect_url', fallback=settings.LOGIN_REDIRECT_URL)) redirect_absolute_uri = add_query_params_to_url( request.build_absolute_uri(redirect_uri), {'auth_user': request.user.get_username()}) if request.method == 'POST': form = RegistrationForm(request.POST) if form.is_valid(): username = form.cleaned_data['username'].lower() email = form.cleaned_data['email'].lower() password = form.cleaned_data['password'] User.objects.create_user(username, email, password) # A signal handler in signals.py listens for the pre_save signal # and throws an IntegrityError if the user's email address is not # unique. Username uniqueness is handled by the model. # # In the future, another pre_save signal handler will check if a # DataHub database exists for the user and create one if it # doesn't exist. If the database cannot be created, that handler # will throw an exception. user = datahub_authenticate(username, password) if user is not None and user.is_active: django_login(request, user) # Append auth_user to redirect_uri so apps like Kibitz can # pull the username out of the redirect. This should be # removed when Thrift is removed from DataHub. redirect_uri = add_query_params_to_url( redirect_uri, {'auth_user': request.user.get_username()}) return HttpResponseRedirect(redirect_uri) else: # Form isn't valid. Fall through and return it to the user with # errors. pass else: form = RegistrationForm() providers = provider_details() context = RequestContext( request, { 'request': request, 'user': request.user, 'form': form, 'providers': providers, 'next': redirect_uri, 'absolute_next': redirect_absolute_uri }) return render_to_response('register.html', context_instance=context)
def auto_auth(request): """ Create or configure a user account, then log in as that user. Enabled only when settings.FEATURES['AUTOMATIC_AUTH_FOR_TESTING'] is true. Accepts the following querystring parameters: * `username`, `email`, and `password` for the user account * `full_name` for the user profile (the user's full name; defaults to the username) * `staff`: Set to "true" to make the user global staff. * `course_id`: Enroll the student in the course with `course_id` * `roles`: Comma-separated list of roles to grant the student in the course with `course_id` * `no_login`: Define this to create the user but not login * `redirect`: Set to "true" will redirect to the `redirect_to` value if set, or course home page if course_id is defined, otherwise it will redirect to dashboard * `redirect_to`: will redirect to to this url * `is_active` : make/update account with status provided as 'is_active' If username, email, or password are not provided, use randomly generated credentials. """ # Generate a unique name to use if none provided generated_username = uuid.uuid4().hex[0:30] generated_password = generate_password() # Use the params from the request, otherwise use these defaults username = request.GET.get('username', generated_username) password = request.GET.get('password', generated_password) email = request.GET.get('email', username + "@example.com") full_name = request.GET.get('full_name', username) is_staff = str2bool(request.GET.get('staff', False)) is_superuser = str2bool(request.GET.get('superuser', False)) course_id = request.GET.get('course_id') redirect_to = request.GET.get('redirect_to') is_active = str2bool(request.GET.get('is_active', True)) # Valid modes: audit, credit, honor, no-id-professional, professional, verified enrollment_mode = request.GET.get('enrollment_mode', 'honor') # Parse roles, stripping whitespace, and filtering out empty strings roles = _clean_roles(request.GET.get('roles', '').split(',')) course_access_roles = _clean_roles( request.GET.get('course_access_roles', '').split(',')) redirect_when_done = str2bool(request.GET.get('redirect', '')) or redirect_to login_when_done = 'no_login' not in request.GET restricted = settings.FEATURES.get('RESTRICT_AUTOMATIC_AUTH', True) if is_superuser and restricted: return HttpResponseForbidden(_('Superuser creation not allowed')) form = AccountCreationForm(data={ 'username': username, 'email': email, 'password': password, 'name': full_name, }, tos_required=False) # Attempt to create the account. # If successful, this will return a tuple containing # the new user object. try: user, profile, reg = do_create_account(form) except (AccountValidationError, ValidationError): if restricted: return HttpResponseForbidden( _('Account modification not allowed.')) # Attempt to retrieve the existing user. user = User.objects.get(username=username) user.email = email user.set_password(password) user.is_active = is_active user.save() profile = UserProfile.objects.get(user=user) reg = Registration.objects.get(user=user) except PermissionDenied: return HttpResponseForbidden(_('Account creation not allowed.')) user.is_staff = is_staff user.is_superuser = is_superuser user.save() if is_active: reg.activate() reg.save() # ensure parental consent threshold is met year = datetime.date.today().year age_limit = settings.PARENTAL_CONSENT_AGE_LIMIT profile.year_of_birth = (year - age_limit) - 1 profile.save() create_or_set_user_attribute_created_on_site(user, request.site) # Enroll the user in a course course_key = None if course_id: course_key = CourseLocator.from_string(course_id) CourseEnrollment.enroll(user, course_key, mode=enrollment_mode) # Apply the roles for role in roles: assign_role(course_key, user, role) for role in course_access_roles: CourseAccessRole.objects.update_or_create(user=user, course_id=course_key, org=course_key.org, role=role) # Log in as the user if login_when_done: user = authenticate_new_user(request, username, password) django_login(request, user) create_comments_service_user(user) if redirect_when_done: if redirect_to: # Redirect to page specified by the client redirect_url = redirect_to elif course_id: # Redirect to the course homepage (in LMS) or outline page (in Studio) try: redirect_url = reverse(course_home_url_name(course_key), kwargs={'course_id': course_id}) except NoReverseMatch: redirect_url = reverse('course_handler', kwargs={'course_key_string': course_id}) else: # Redirect to the learner dashboard (in LMS) or homepage (in Studio) try: redirect_url = reverse('dashboard') except NoReverseMatch: redirect_url = reverse('home') return redirect(redirect_url) else: response = JsonResponse({ 'created_status': 'Logged in' if login_when_done else 'Created', 'username': username, 'email': email, 'password': password, 'user_id': user.id, # pylint: disable=no-member 'anonymous_id': anonymous_id_for_user(user, None), }) response.set_cookie('csrftoken', csrf(request)['csrf_token']) return response
def post(self, request, **kwargs): #from user_authn.views.login import _check_excessive_login_attempts from student.models import LoginFailures #from openedx.core.djangoapps.user_authn.views.login import _check_excessive_login_attempts self.data = request.POST.dict() if not ('uservalue' and 'sendotptype' and 'password' in self.data): return JsonResponse({ "status": 400, "message": "Please enter Valid Mobile Number or Email Address or password", }) if self.data.get('sendotptype') == "mobile": mobile = self.data.get('uservalue') user = User.objects.get(extrafields__phone=mobile) email = user.email else: email = self.data.get('uservalue') password = self.data.get('password') if not password: return JsonResponse({ "status": 400, "message": "Password fiels can not be blank", }) try: user = User.objects.get(email=email) if not user.is_active: registration = Registration.objects.get(user=user) profile = UserProfile.objects.get(user=user) compose_and_send_activation_email(user, profile, registration) return JsonResponse({ "status": 400, "message": "Please check mail and active it.", }) try: if user and LoginFailures.is_feature_enabled(): if LoginFailures.is_user_locked_out(user): raise AuthFailedError(_('This account has been temporarily locked due ' 'to excessive login failures. Try again later.')) #_check_excessive_login_attempts(user) except Exception as e: logs.info(e.message) return JsonResponse(status=200, data={ "status": 400, "message": "Login attempt failed", }) new_user = authenticate_new_user(request, user.username, password) #compose_and_send_activation_email(user, profile) #compose_and_send_activation_email(user, profile, registration) django_login(request, new_user) request.session.set_expiry(604800 * 4) if not new_user.extrafields.rpincode: response = JsonResponse(status=200, data={ "status":200, "message": "profile", "userid":new_user.id, "number":new_user.extrafields.rcountry_code }) else: response = JsonResponse(status=200, data={ "status": 200, "message": "success", }) devlog = set_logged_in_cookies(request, response, new_user) return devlog except Exception as e: logs.info(e.message) return JsonResponse(status=200, data={ "status": 400, "message": "Enter Valid password", })
def facebook_login(request): # facebook 로그인 버튼을 누르면 code를 반환한다. code = request.GET.get('code') def get_access_token(code): # access_token을 받아올 url access_token_url = 'https://graph.facebook.com/v2.10/oauth/access_token' # access_token에 요청을 보내고 다시 돌아올 url 설정 request.path이 리퀘스트를 받은 url을 반환한다 ex)/member/facebook_login/ redirect_uri = '{}{}'.format(settings.SITE_URL, request.path) # access_token 요청하기 위해서는 페이스북 앱 id, 리다이렉트할 url, 페이스북 앱 secret key, code가 필요하다 access_token_params = { 'client_id': settings.FACEBOOK_APP_ID, 'redirect_uri': redirect_uri, 'client_secret': settings.FACEBOOK_SECRET_KEY, 'code': code, } # requests로 access_token_url에 params로 access_token_params으로 요청 response = requests.get(access_token_url, params=access_token_params) result = response.json() if 'access_token' in result: return result['access_token'] elif 'error' in result: return result['error']['message'] # 토큰을 디버그 하는 함수 def debug_access_token(access_token): app_access_token = '{}|{}'.format(settings.FACEBOOK_APP_ID, settings.FACEBOOK_SECRET_KEY) debug_token_url = 'https://graph.facebook.com/debug_token' debug_token_params = { 'input_token': access_token, 'access_token': app_access_token } response = requests.get(debug_token_url, params=debug_token_params) result = response.json() if 'error' in result: raise DebugTokenException(result) else: return result # 오류를 출력하고 이점 URL로 리다이렉트 def error_message_and_redirect_referer(): error_message = 'Facebook login error' messages.error(request, error_message) # 이전 URL 로 리다이렉트 return redirect(request.META['HTTP_REFERER']) # 유저 정보를 받아오는 함수 def get_user_info(user_id, token): # user_id 를 url로 넣으면 user의 기본 정보만 들고 올 수 있음 url_user_info = 'https://graph.facebook.com/v2.9/{user_id}'.format( user_id=user_id) url_user_info_params = { 'access_token': token, 'fields': ','.join([ 'id', 'name', 'email', ]) } response = requests.get(url_user_info, params=url_user_info_params) result = response.json() return result if not code: return error_message_and_redirect_referer() try: access_token = get_access_token(code) debug_result = debug_access_token(access_token) print(debug_result) user_info = get_user_info(user_id=debug_result['data']['user_id'], token=access_token) user = MyUser.objects.get_or_create_facebook_user(user_info) django_login(request, user) return redirect('main') except GetAccessTokenException as e: print(e.code) print(e.message) return error_message_and_redirect_referer() except DebugTokenException as e: print(e.code) print(e.message) return error_message_and_redirect_referer()
def facebook_login(request): # facebook_login view가 처음 호출될 때 # 유저가 Facebook login dialog에서 로그인 후, 페이스북에서 우리 서비스(Consumer)쪽으로 # GET 파라미터를 이용해 'code'값을 전달해줌 (전달받는 주소는 위의 uri_redirect) # code= 값이 있을 때만 로그인을 허용 code = request.GET.get('code') app_access_token = '{}|{}'.format(settings.FACEBOOK_APP_ID, settings.FACEBOOK_SECRET_CODE) # Exception을 상속받아 CustomException을 생성 class GetAccessTokenException(Exception): def __init__(self, *args, **kwargs): error_dict = args[0]['data']['error'] self.code = error_dict['code'] self.message = error_dict['message'] self.is_valid = error_dict['is_valid'] self.scopes = error_dict['scopes'] class DebugTokenException(Exception): def __init__(self, *args, **kwargs): error_dict = args[0]['data']['error'] self.code = error_dict['code'] self.message = error_dict['message'] def add_message_and_redirect_referer(): """ 페이스북 로그인 오류 메세지를 request에 추가하고 이전 페이지로 redirect :return: redirect """ error_message_for_user = '******' messages.error(request, error_message_for_user) return redirect(request.META['HTTP_REFERER']) def get_access_token(code): """ code를 받아 액세스토큰 교환 URL에 요청 이후 해당 액세스토큰을 반환 오류 발생시 오류 메세지 리턴 :param code: :return: """ # facebook_login view가 처음 호출될 때 'code' request GET parameter를 받음 # 액세스토큰의 코드교환할 url을 만들어준다. url_access_token = 'https://graph.facebook.com/v2.9/oauth/access_token' # 이전에 요청했던 redirect_uri와 같은 값을 만들어줌(access_token을 요청할 때 필요) redirect_uri = '{}://{}{}'.format( request.scheme, request.META['HTTP_HOST'], request.path, ) # 액세스토큰의 코드 교환 - uri 생성을 위한 params url_access_token_params = { 'client_id': settings.FACEBOOK_APP_ID, 'redirect_uri': redirect_uri, 'client_secret': settings.FACEBOOK_SECRET_CODE, 'code': code, } # 해당 url에 get요청 후 결과(json형식)를 파이썬 object로 변환(result 변수) response = requests.get(url_access_token, params=url_access_token_params) # 액세스 토큰 출력해보기 result = response.json() # 좀더 깨끗하게 갖고오는 pprint메서드 사용 # pprint(result) # {'access_token': 'EAAFGwwGAqT8BAND82fJLGNBAZAY9BMmiFL7zilPtTmZCZBBPFL5gEvHjkTGn4p9T3OGJ9A29oQrL6LW8EenN6GpirlWr7kYhZALVTFlQi0wkt8e8zzuiJyrCtH1u2UMdvh6ZB7jo1q2lDanZA9vdpFEZCRCOP1JviLjZAOUdEDpZCm67BbRRloOlB', # 'expires_in': 5179068, # 'token_type': 'bearer'} if 'access_token' in result: return result['access_token'] elif 'error' in result: raise GetAccessTokenException(result) else: raise Exception('Unknown Error') def debug_token(token): url_debug_token = "https://graph.facebook.com/debug_token" url_debug_token_params = { 'input_token': token, 'access_token': app_access_token, } response = requests.get(url_debug_token, url_debug_token_params) result = response.json() if 'error' in result['data']: raise DebugTokenException(result) else: return result def get_user_info(user_id, token): url_user_info = 'https://graph.facebook.com/v2.9/{user_id}'.format( user_id=user_id) url_user_info_params = { 'access_token': token, # 권한을 요청하지 않아도 오는 기본 정보 # 반드시 scope 내용을 적어줘야한다. 'fields': ','.join([ 'id', 'name', 'first_name', 'last_name', 'picture', 'gender', ]) } response = requests.get(url_user_info, params=url_user_info_params) result = response.json() return result # code 키값이 존재하지 않으면 로그인을 더이상 진행하지 않음. if not code: return add_message_and_redirect_referer() try: # 이 view에 GET parameter로 전달된 code를 사용해서 access_token을 받아옴 # 성공시 access_token값을 가져옴 # 실패시 GetAccessTokenException이 발생 access_token = get_access_token(code) # 위에서 받아온 access_token을 이용해 debug_token을 요청 # 성공시 토큰을 디버그한 결과 (user_id, scopes 등..)이 리턴 # 실패시 DebugTokenException이 발생 debug_result = debug_token(access_token) # debug_result에 있는 user_id값을 이용해서 GraphAPI에 유저정보를 요청 user_info = get_user_info(user_id=debug_result['data']['user_id'], token=access_token) # 모델에서 UserManager의 메서드를 사용하여 유저정보 가져온다. user = User.objects.get_or_create_facebook_user(user_info) # 유저를 로그인시킨다. django_login(request, user) return redirect(request.META['HTTP_REFERER']) except GetAccessTokenException as e1: print('AccessToken Error code : ', e1.code) print('AccessToken Error msg : ', e1.message) return add_message_and_redirect_referer() except DebugTokenException as e2: print('Debug Error code : ', e2.code) print('Debug Error msg : ', e2.message) return add_message_and_redirect_referer()
def login(request): user = authenticate(username=request.POST['username'], password=request.POST['password']) if user is not None: django_login(request, user) return render_to_response("templates/index.html", context_instance=RequestContext(request))
def facebook_login(request): class AccessTokenInfo(NamedTuple): access_token: str token_type: str expires_in: str class DebugTokenInfo(NamedTuple): app_id: str application: str expires_at: int is_valid: bool issued_at: int scopes: list type: str user_id: str class UserInfo(): def __init__(self, data): self.id = data['id'] self.email = data.get('email', '') self.url_picture = data['picture']['data']['url'] app_id = FACEBOOK_APP_ID app_secret_code = FACEBOOK_APP_SECRET_CODE app_access_token = f'{app_id}|{app_secret_code}' code = request.GET.get('code') def get_access_token_info(code): redirect_uri = '{scheme}://{host}{relative_url}'.format( scheme=request.scheme, host=request.META['HTTP_HOST'], relative_url=reverse('member:facebook_login'), ) print('redirect_uri:', redirect_uri) url_access_token = 'https://graph.facebook.com/v2.10/oauth/access_token' params_access_token = { 'client_id': app_id, 'redirect_uri': redirect_uri, 'client_secret': app_secret_code, 'code': code, } response = requests.get(url_access_token, params_access_token) return AccessTokenInfo(**response.json()) def get_debug_token_info(token): url_debug_token = 'https://graph.facebook.com/debug_token' params_debug_token = { 'input_token': access_token, 'access_token': app_access_token, } response = requests.get(url_debug_token, params_debug_token) return DebugTokenInfo(**response.json()['data']) access_token_info = get_access_token_info(code) access_token = access_token_info.access_token debug_token_info = get_debug_token_info(access_token) user_info_fields = { 'id', 'name', 'picture', 'email', } url_graph_user_info = 'https://graph.facebook.com/me' params_graph_user_info = { 'fields': ','.join(user_info_fields), 'access_token': access_token, } response = requests.get(url_graph_user_info, params_graph_user_info) result = response.json() user_info = UserInfo(data=result) username = f'fb_{user_info.id}' # 위 username에 해당하는 User가 있는지 검사 if User.objects.filter(username=username).exists(): # 있으면 user에 해당 유저를 할당 user = User.objects.get(username=username) else: # 없으면 user에 새로 만든 User를 할당 user = User.objects.create_user( user_type=User.USER_TYPE_FACEBOOK, username=username, age=0 ) # 유저를 로그인 시킴 django_login(request, user) return redirect('post:post_list')
def signup_oauth(request): if 'oauth_email' not in request.session \ or 'oauth_firstname' not in request.session \ or 'oauth_lastname' not in request.session: return HttpServerError(request, 'Invalid redirect received') if request.method == 'POST': # Second stage, so create the account. But verify that the # nonce matches. data = request.POST.copy() data['email'] = request.session['oauth_email'].lower() data['first_name'] = request.session['oauth_firstname'] data['last_name'] = request.session['oauth_lastname'] form = SignupOauthForm(data=data) if form.is_valid(): log.info( "Creating user for {0} from {1} from oauth signin of email {2}" .format(form.cleaned_data['username'], get_client_ip(request), request.session['oauth_email'])) user = User.objects.create_user( form.cleaned_data['username'].lower(), request.session['oauth_email'].lower(), last_login=datetime.now()) user.first_name = request.session['oauth_firstname'] user.last_name = request.session['oauth_lastname'] user.password = OAUTH_PASSWORD_STORE user.save() # Clean up our session del request.session['oauth_email'] del request.session['oauth_firstname'] del request.session['oauth_lastname'] request.session.modified = True # We can immediately log the user in because their email # is confirmed. user.backend = settings.AUTHENTICATION_BACKENDS[0] django_login(request, user) # Redirect to the sessions page, or to the account page # if none was given. return HttpResponseRedirect( request.session.pop('login_next', '/account/')) elif 'do_abort' in request.GET: del request.session['oauth_email'] del request.session['oauth_firstname'] del request.session['oauth_lastname'] request.session.modified = True return HttpResponseRedirect(request.session.pop('login_next', '/')) else: # Generate possible new username suggested_username = request.session['oauth_email'].replace('@', '.')[:30] # Auto generation requires firstname and lastname to be specified f = request.session['oauth_firstname'].lower() l = request.session['oauth_lastname'].lower() if f and l: for u in itertools.chain([ "{0}{1}".format(f, l[0]), "{0}{1}".format(f[0], l), ], ("{0}{1}{2}".format(f, l[0], n) for n in range(100))): if not User.objects.filter(username=u[:30]).exists(): suggested_username = u[:30] break form = SignupOauthForm( initial={ 'username': suggested_username, 'email': request.session['oauth_email'].lower(), 'first_name': request.session['oauth_firstname'][:30], 'last_name': request.session['oauth_lastname'][:30], }) return render_pgweb( request, 'account', 'account/signup_oauth.html', { 'form': form, 'operation': 'New account', 'savebutton': 'Sign up for new account', 'recaptcha': True, })
def login(self, request, user): token, _ = Token.objects.get_or_create(user=user) django_login(request, user) return {'user': user, 'token': token}
def auth_receive(request): if 's' in request.GET and request.GET['s'] == "logout": # This was a logout request return HttpResponseRedirect('/') if 'i' not in request.GET: return HttpResponse("Missing IV in url!", status=400) if 'd' not in request.GET: return HttpResponse("Missing data in url!", status=400) # Set up an AES object and decrypt the data we received decryptor = AES.new(base64.b64decode(settings.PGAUTH_KEY), AES.MODE_CBC, base64.b64decode(str(request.GET['i']), "-_")) s = decryptor.decrypt(base64.b64decode(str(request.GET['d']), "-_")).rstrip(' ') # Now un-urlencode it try: data = parse_qs(s, strict_parsing=True) except ValueError: return HttpResponse("Invalid encrypted data received.", status=400) # Check the timestamp in the authentication if int(data['t'][0]) < time.time() - 10: return HttpResponse("Authentication token too old.", status=400) # Update the user record (if any) try: user = User.objects.get(username=data['u'][0]) # User found, let's see if any important fields have changed changed = False if user.first_name != data['f'][0]: user.first_name = data['f'][0] changed = True if user.last_name != data['l'][0]: user.last_name = data['l'][0] changed = True if user.email != data['e'][0]: user.email = data['e'][0] changed = True if changed: user.save() except User.DoesNotExist: # User not found, create it! user = User( username=data['u'][0], first_name=data['f'][0], last_name=data['l'][0], email=data['e'][0], password='******', ) user.save() # Ok, we have a proper user record. Now tell django that # we're authenticated so it persists it in the session. Before # we do that, we have to annotate it with the backend information. user.backend = "%s.%s" % (AuthBackend.__module__, AuthBackend.__name__) django_login(request, user) # Finally, redirect the user if 'su' in data.has_key: return HttpResponseRedirect(data['su'][0]) # No redirect specified, see if we have it in our settings if hasattr(settings, 'PGAUTH_REDIRECT_SUCCESS'): return HttpResponseRedirect(settings.PGAUTH_REDIRECT_SUCCESS) return HttpResponse( "Authentication successful, but don't know where to redirect!", status=500)
def login(request): #add bot url #https://discordapp.com/api/oauth2/authorize?client_id=416470490475921418&permissions=142336&redirect_uri=http%3A%2F%2Fbabelfish099.pythonanywhere.com%2Flogin%2F&response_type=code&scope=bot%20guilds%20email context = { "page_view": "Login", } if request.method == "POST": #post returns JSON, not a page response = { 'errors': [], 'success': False, } if request.user.is_authenticated: response['success'] = True else: if request.POST.get("password2"): #Register email = request.POST.get('email') raw_password1 = request.POST.get('password') raw_password2 = request.POST.get('password2') if raw_password2 != raw_password1: response["errors"].append("Passwords do not match.") elif len(raw_password1) < 8: response["errors"].append("Password is too short.") else: user, created = User.objects.get_or_create(username=email, email=email) if not created: response["errors"].append( "That email already has an account associated with it." ) else: user.set_password(raw_password1) user.save() with UserContext(user): user_profile = UserProfile(user_id=user.id, ) user_profile.save() django_login(request, user) response['success'] = True else: #login username = request.POST.get('email') raw_password = request.POST.get('password') user = authenticate(username=username, password=raw_password) if user is not None: django_login(request, user) response['success'] = True else: response["errors"].append("Invalid username or password.") response = json.dumps(response) return HttpResponse(response) else: if request.user.is_authenticated: return redirect("/") #Handle discord login if request.GET.get("code"): user, error = discord.login_and_link(request) if not user: context[ 'error'] = error #"Problem logging in with Discord. If you already have an account login first to connect it with Discord." return render(request, "pages/base.html", context) else: django_login(request, user) return redirect("/") return render(request, "pages/base.html", context)
def login(request): # member/login.html 생성 # username, password, button이 있는 HTML생성 # POST요청이 올 경우 좌측 코드를 기반으로 로그인 완료 후 post_list로 이동 # 실패할경우 HttpResponse로 'Login invalid!'띄워주기 # member/urls.py생성 # /member/login/으로 접근시 이 view로 오도록 설정 # config/urls.py에 member/urls.py를 include # member/urls.py에 app_name설정으로 namespace지정 # POST요청이 왔을 경우 if request.method == 'POST': ### Form클래스 미사용시 # 요청받은 POST데이터에서 username, password키가 가진 값들을 # username, password변수에 할당 (문자열) # username = request.POST['username'] # password = request.POST['password'] # authenticate함수를 사용해서 User객체를 얻어 user에 할당 # 인증에 실패할 경우 user변수에는 None이 할당됨 # user = authenticate( # request, # username=username, # password=password # ) # user변수가 None이 아닐 경우 (정상적으로 인증되어 User객체를 얻은 경우) # if user is not None: # # Django의 session을 이용해 이번 request와 user객체를 사용해 로그인 처리 # # 이후의 request/response에서는 사용자가 인증된 상태로 통신이 이루어진다 # django_login(request, user) # # 로그인 완료후에는 post_list뷰로 리다이렉트 처리 # return redirect('post:post_list') ### Form클래스 사용시 # Bound form생성 form = LoginForm(data=request.POST) # Bound form의 유효성을 검증 # https://docs.djangoproject.com/en/1.11/topics/forms/#building-a-form-in-django if form.is_valid(): user = form.cleaned_data['user'] django_login(request, user) # 일반적인 경우에는 post_list로 이동하지만, # GET parameter의 next속성값이 있을 경우 해당 URL로 이동 next = request.GET.get('next') if next: return redirect(next) return redirect('post:post_list') # GET요청이 왔을 경우 (단순 로그인 Form보여주기) else: # 만약 이미 로그인 된 상태일 경우에는 # post_list로 redirect # 아닐경우 login.html을 render해서 리턴 if request.user.is_authenticated: return redirect('post:post_list') # LoginForm인스턴스를 생성해서 context에 넘김 form = LoginForm() context = { 'form': form, } # render시 context에는 LoginForm클래스형 form객체가 포함됨 return render(request, 'member/login.html', context)
def facebook_login(request): class AccessTokenInfo(NamedTuple): access_token: str token_type: str expires_in: str class DebugTokenInfo(NamedTuple): app_id: str application: str expires_at: int is_valid: bool issued_at: int scopes: list type: str user_id: str class UserInfo: def __init__(self, data): self.id = data['id'] self.email = data.get('email', '') self.url_picture = data['picture']['data']['url'] app_id = settings.FACEBOOK_APP_ID app_secret_code = settings.FACEBOOK_APP_SECRET_CODE app_access_token = f'{app_id}|{app_secret_code}' code = request.GET.get('code') def get_access_token_info(code_value): # 사용자가 페이스북에 로그인하기 위한 링크에 있던 'redirect_uri' GET파라미터의 값과 동일한 값 redirect_uri = '{scheme}://{host}{relative_url}'.format( scheme=request.scheme, host=request.META['HTTP_HOST'], relative_url=reverse('view:member:facebook_login'), ) print('redirect_uri:', redirect_uri) # 액세스 토큰을 요청하기 위한 엔드포인트 url_access_token = 'https://graph.facebook.com/v2.10/oauth/access_token' # 액세스 토큰 요청의 GET파라미터 목록 params_access_token = { 'client_id': app_id, 'redirect_uri': redirect_uri, 'client_secret': app_secret_code, 'code': code_value, } # 요청 후 결과를 받아옴 response = requests.get(url_access_token, params_access_token) # 결과는 JSON형식의 텍스트이므로 아래와 같이 사용 # json.loads(response.content) 와 같음 # AccessTokenInfo(access_token=response.json()['access_token'], # 'token_type'=response.json()['token_type..... return AccessTokenInfo(**response.json()) def get_debug_token_info(token): url_debug_token = 'https://graph.facebook.com/debug_token' params_debug_token = { 'input_token': token, 'access_token': app_access_token, } response = requests.get(url_debug_token, params_debug_token) return DebugTokenInfo(**response.json()['data']) # 전달받은 code값으로 AccessTokenInfo namedtuple을 반환 access_token_info = get_access_token_info(code) # namedtuple에서 'access_token'속성의 값을 가져옴 access_token = access_token_info.access_token # DebugTokenInfo 가져오기 debug_token_info = get_debug_token_info(access_token) # 유저정보 가져오기 user_info_fields = [ 'id', 'name', 'picture', 'email', ] url_graph_user_info = 'https://graph.facebook.com/me' params_graph_user_info = { 'fields': ','.join(user_info_fields), 'access_token': access_token, } response = requests.get(url_graph_user_info, params_graph_user_info) result = response.json() user_info = UserInfo(data=result) # 페이스북으로 가입한 유저의 username # fb_<facebook_user_id> username = f'fb_{user_info.id}' # 위 username에 해당하는 User가 있는지 검사 if not User.objects.filter(username=username).exists(): # 없으면 user에 새로 만든 User를 할당 User.objects.create_user(user_type=User.USER_TYPE_FACEBOOK, username=username, age=0) # user를 로그인시키고 post_list페이지로 이동 user = authenticate(facebook_user_id=user_info.id) django_login(request, user) return redirect('post:post_list')
def signup(request): if (request.method == 'POST'): username = request.POST['username'] firstname = request.POST['firstname'] lastname = request.POST['lastname'] email = request.POST['email'] password = request.POST['password'] cnfpassword = request.POST['cnfpassword'] users = User.objects.filter(username=username) f = 0 if (users): f = 1 emails = User.objects.filter(email=email) if (emails): f = 2 if cnfpassword == password: if (f == 0): user = User.objects.create_user(username, email, password) user.first_name = firstname user.last_name = lastname user.save() # send_mail(subject, message, from_email, to_list, fail_silently=True) subject = "Thank you for signing up with Resource Sharing Portal" message = "Hi "+user.first_name+" "+user.last_name + \ ",\nWelcome to Resources Sharing Portal!\nWe are Excited to serve you with the resources you are looking for." from_email = settings.EMAIL_HOST_USER to_list = [user.email, settings.EMAIL_HOST_USER] send_mail(subject, message, from_email, to_list, fail_silently=True) django_login(request, user) messages.success( request, "Successfully Logged In as " + user.username + "") return redirect("/") elif (f == 1): messages.error( request, 'Username already exists please enter a different username' ) return redirect("/") else: messages.error( request, 'Email already registered Please enter a different Email Address' ) return redirect("/") else: messages.error( request, 'Password and Confirm Password Fields should match') return redirect("/")
def password_reset(request, is_admin_site=False, template_name='registration/password_reset_form.html', email_template_name='registration/password_reset_email.html', subject_template_name='registration/password_reset_subject.txt', password_reset_form=PasswordResetForm, token_generator=default_token_generator, post_reset_redirect=None, from_email=None, extra_context=None, html_email_template_name=None, extra_email_context=None): formlogin=AuthenticationForm() form = password_reset_form() if post_reset_redirect is None: post_reset_redirect = reverse('password_reset_done') else: post_reset_redirect = resolve_url(post_reset_redirect) if request.method == 'POST' and 'loginbtn' in request.POST: formlogin = AuthenticationForm(data=request.POST) if formlogin.is_valid(): user = authenticate(email=request.POST['email'], password=request.POST['password']) if user is not None: if user.is_active: django_login(request, user) else: return redirect("/login") else: return redirect("/login") elif request.method == "POST": formlogin=AuthenticationForm() form = password_reset_form(request.POST) if form.is_valid(): opts = { 'use_https': request.is_secure(), 'token_generator': token_generator, 'from_email': from_email, 'email_template_name': email_template_name, 'subject_template_name': subject_template_name, 'request': request, 'html_email_template_name': html_email_template_name, 'extra_email_context': extra_email_context, } if is_admin_site: warnings.warn( "The is_admin_site argument to " "django.contrib.auth.views.password_reset() is deprecated " "and will be removed in Django 1.10.", RemovedInDjango110Warning, 3 ) opts = dict(opts, domain_override=request.get_host()) form.save(**opts) return HttpResponseRedirect(post_reset_redirect) else: form = password_reset_form() context = { 'form': form, 'title': _('Password reset'), 'formlogin': formlogin } if extra_context is not None: context.update(extra_context) return TemplateResponse(request, template_name, context)
def registration(request): """ A form to allow for registration of new users """ # If global user registration is deactivated, redirect if not settings.WGER_SETTINGS['ALLOW_REGISTRATION']: return HttpResponseRedirect(reverse('software:features')) template_data = {} template_data.update(csrf(request)) # Don't show captcha if the global parameter is false FormClass = RegistrationForm if settings.WGER_SETTINGS['USE_RECAPTCHA'] \ else RegistrationFormNoCaptcha # Redirect regular users, in case they reached the registration page if request.user.is_authenticated and not request.user.userprofile.is_temporary: return HttpResponseRedirect(reverse('core:dashboard')) if request.method == 'POST': form = FormClass(data=request.POST) # If the data is valid, log in and redirect if form.is_valid(): username = form.cleaned_data['username'] password = form.cleaned_data['password1'] email = form.cleaned_data['email'] user = User.objects.create_user(username, email, password) user.save() # Pre-set some values of the user's profile language = Language.objects.get( short_name=translation.get_language()) user.userprofile.notification_language = language # Set default gym, if needed gym_config = GymConfig.objects.get(pk=1) if gym_config.default_gym: user.userprofile.gym = gym_config.default_gym # Create gym user configuration object config = GymUserConfig() config.gym = gym_config.default_gym config.user = user config.save() user.userprofile.save() user = authenticate(username=username, password=password) django_login(request, user) messages.success(request, _('You were successfully registered')) return HttpResponseRedirect(reverse('core:dashboard')) else: form = FormClass() template_data['form'] = form template_data['title'] = _('Register') template_data['extend_template'] = 'base.html' return render(request, 'form.html', template_data)
def login_get_access(request): print '*********** login_get_access ************' if 'state' not in request.session: request.session['state'] = 'blah123' # 'state' if request.GET['state'] != request.session['state']: return HttpResponseRedirect('/') data = { 'client_id': client_id_login, 'client_secret': client_secret_login, 'code': request.GET['code'], 'redirect_uri': host # host+'/add_hook' } res = requests.post('https://github.com/login/oauth/access_token', data=data) atts = res.text.split('&') d = {} try: for att in atts: keyv = att.split('=') d[keyv[0]] = keyv[1] access_token = d['access_token'] request.session['access_token'] = access_token print 'access_token: ' + access_token except Exception as e: print "exception: " + str(e) print "no access token" print "response: %s" % res.text return HttpResponseRedirect('/') g = Github(access_token) email = g.get_user().email username = g.get_user().login if email == '' or type(email) == type(None): return render( request, 'msg.html', {'msg': 'You have to make you email public and try again'}) request.session['avatar_url'] = g.get_user().avatar_url print 'avatar_url: ' + request.session['avatar_url'] try: user = OUser.objects.get(email=email) user.username = username user.backend = 'mongoengine.django.auth.MongoEngineBackend' user.save() except: try: user = OUser.objects.get(username=username) user.email = email user.backend = 'mongoengine.django.auth.MongoEngineBackend' user.save() except: print '<%s,%s>' % (email, username) sys.stdout.flush() sys.stderr.flush() # The password is never important but we set it here because it is required by User class user = OUser.create_user(username=username, password=request.session['state'], email=email) user.backend = 'mongoengine.django.auth.MongoEngineBackend' user.save() django_login(request, user) print 'access_token: ' + access_token sys.stdout.flush() sys.stderr.flush() return HttpResponseRedirect('/')
def perform_login(request, user): token, created = Token.objects.get_or_create(user=user) django_login(request, user) return token
def form_valid(self, form): """Security check complete. Log the user in.""" django_login(self.request, form.get_user()) return _login_success_redirect(self.request, form.get_user(), self.get_redirect_url())
def register(request): if request.user.is_authenticated(): return redirect('/') registration_form = RegistrationForm() formlogin=AuthenticationForm() if request.method == 'POST' and 'loginbtn' in request.POST: formlogin = AuthenticationForm(data=request.POST) if formlogin.is_valid(): user = authenticate(email=request.POST['email'], password=request.POST['password']) if user is not None: if user.is_active: django_login(request, user) return redirect('/') else: return redirect("/login") else: return redirect("/login") if request.method == 'POST': form = RegistrationForm(data=request.POST) if form.is_valid(): datas={} datas['email']=form.cleaned_data['email'] datas['password1']=form.cleaned_data['password1'] datas['voornaam']=form.cleaned_data['voornaam'] datas['naam']=form.cleaned_data['naam'] #We will generate a random activation key salt = hashlib.sha1(str(random.random())).hexdigest()[:5] emailsalt = datas['email'] if isinstance(emailsalt, unicode): emailsalt = emailsalt.encode('utf8') datas['activation_key']=hashlib.sha1(salt+emailsalt).hexdigest() datas['activation_email']=request.build_absolute_uri('/').strip("/") + '/activate/' + datas['activation_key'] datas['email_path']="webapp/activation/ActivationEmail.html" datas['email_subject']="Welkom bij ViaSofie" ctx = { 'voornaam': datas['voornaam'], 'naam': datas['naam'], 'activation_link': datas['activation_email'] } message = get_template(datas['email_path']).render(Context(ctx)) try: msg = EmailMessage(datas['email_subject'], message, '*****@*****.**', [datas['email']]) msg.content_subtype = "html" msg.send() except BadHeaderError: return HttpResponse("invalid.") # form.sendEmail(datas) #Send validation email form.save(datas) #Save the user and his profile request.session['registered']=True #For display purposes return redirect('/') else: registration_form = form #Display form with error messages (incorrect fields, etc) else: form = RegistrationForm() return render(request, 'webapp/register.html', locals())
def login(self): self.user = self.serializer.validated_data['user'] self.token, created = Token.objects.get_or_create(user=self.user) django_login(self.request, self.user)
def admin_login(request): line_id = request.session['line_id'] user = get_user_model().objects.get(username=line_id) django_login(request, user) return redirect("/kami")