def login(request):
form = request.POST
## If not using SSL, try redirecting.
#if not request.is_secure():
#url = 'https' + request.build_absolute_uri()[4:]
#return HttpResponseRedirect(url)
# First try SSL Authentication
user = auth.authenticate(request=request)
# Otherwise, treat this like a text login and show the login page if
# necessary.
if user is None:
# If the user isn't trying to log in, then just display the login page.
if not form.get('login', False):
goto = request.GET.get('goto', None)
if not goto:
# The Django login_required decorator passes 'next' as the
# redirect, so we look for that if 'goto' is missing.
goto = request.GET.get('next', None)
context = RequestContext(request)
return render_html_template('login.html', request,
{'redirect_to': goto},
context_instance=context)
# Check if the username and password are correct.
user = auth.authenticate(username=form.get('username', ''),
password=form.get('password', ''))
# If the username/password are invalid or SSL authentication failed tell
# the user to try again.
error_message = ''
if user is None:
error_message = 'Invalid username/password.'
# If the user account is disabled, then no dice.
elif not user.is_active:
error_message = ('The user account for <tt>%s</tt> has been disabled.' %
user.username)
if error_message:
return render_html_template('login.html', request,
{'error_message': error_message,
'redirect_to': form.get('goto', None)},
context_instance=RequestContext(request))
# Otherwise, we're good to go, so log the user in.
auth.login(request, user)
# hack to try to pass them back to http land
default_route = get_default_route()
goto = request.REQUEST.get('goto', default_route)
# hack to prevent infinite loop.
if goto == '':
goto = default_route
if goto.startswith('https'):
goto = goto.replace('^https', 'http')
return HttpResponseRedirect(goto)
def logout(request):
auth.logout(request)
# TODO(rryan) remove aenclave specificity
default_route = get_default_route()
goto = request.REQUEST.get('goto', default_route)
return HttpResponseRedirect(goto)