def login(request, template_name=None, extra_context=None, **kwargs): """Logs a user in using the :class:`~openstack_auth.forms.Login` form.""" # If the user enabled websso and the default redirect # redirect to the default websso url if (request.method == 'GET' and utils.is_websso_enabled and utils.is_websso_default_redirect()): protocol = utils.get_websso_default_redirect_protocol() region = utils.get_websso_default_redirect_region() origin = request.build_absolute_uri('/auth/websso/') url = ('%s/auth/OS-FEDERATION/websso/%s?origin=%s' % (region, protocol, origin)) return shortcuts.redirect(url) # If the user enabled websso and selects default protocol # from the dropdown, We need to redirect user to the websso url if request.method == 'POST': auth_type = request.POST.get('auth_type', 'credentials') if utils.is_websso_enabled() and auth_type != 'credentials': region_id = request.POST.get('region') auth_url = getattr(settings, 'WEBSSO_KEYSTONE_URL', forms.get_region_endpoint(region_id)) url = utils.get_websso_url(request, auth_url, auth_type) return shortcuts.redirect(url) if not request.is_ajax(): # If the user is already authenticated, redirect them to the # dashboard straight away, unless the 'next' parameter is set as it # usually indicates requesting access to a page that requires different # permissions. if (request.user.is_authenticated and auth.REDIRECT_FIELD_NAME not in request.GET and auth.REDIRECT_FIELD_NAME not in request.POST): return shortcuts.redirect(settings.LOGIN_REDIRECT_URL) # Get our initial region for the form. initial = {} current_region = request.session.get('region_endpoint', None) requested_region = request.GET.get('region', None) regions = dict(getattr(settings, "AVAILABLE_REGIONS", [])) if requested_region in regions and requested_region != current_region: initial.update({'region': requested_region}) if request.method == "POST": form = functional.curry(forms.Login) else: form = functional.curry(forms.Login, initial=initial) if extra_context is None: extra_context = {'redirect_field_name': auth.REDIRECT_FIELD_NAME} extra_context['csrf_failure'] = request.GET.get('csrf_failure') choices = getattr(settings, 'WEBSSO_CHOICES', ()) extra_context['show_sso_opts'] = (utils.is_websso_enabled() and len(choices) > 1) if not template_name: if request.is_ajax(): template_name = 'auth/_login.html' extra_context['hide'] = True else: template_name = 'auth/login.html' res = django_auth_views.login(request, template_name=template_name, authentication_form=form, extra_context=extra_context, **kwargs) # Save the region in the cookie, this is used as the default # selected region next time the Login form loads. if request.method == "POST": utils.set_response_cookie(res, 'login_region', request.POST.get('region', '')) utils.set_response_cookie(res, 'login_domain', request.POST.get('domain', '')) # Set the session data here because django's session key rotation # will erase it if we set it earlier. if request.user.is_authenticated: auth_user.set_session_from_user(request, request.user) regions = dict(forms.Login.get_region_choices()) region = request.user.endpoint login_region = request.POST.get('region') region_name = regions.get(login_region) request.session['region_endpoint'] = region request.session['region_name'] = region_name expiration_time = request.user.time_until_expiration() threshold_days = getattr( settings, 'PASSWORD_EXPIRES_WARNING_THRESHOLD_DAYS', -1) if expiration_time is not None and \ expiration_time.days <= threshold_days: expiration_time = str(expiration_time).rsplit(':', 1)[0] msg = (_('Please consider changing your password, it will expire' ' in %s minutes') % expiration_time).replace(':', ' Hours and ') messages.warning(request, msg) return res
def login(request): """Logs a user in using the :class:`~openstack_auth.forms.Login` form.""" # If the user enabled websso and the default redirect # redirect to the default websso url if (request.method == 'GET' and settings.WEBSSO_ENABLED and settings.WEBSSO_DEFAULT_REDIRECT): protocol = settings.WEBSSO_DEFAULT_REDIRECT_PROTOCOL region = settings.WEBSSO_DEFAULT_REDIRECT_REGION origin = utils.build_absolute_uri(request, '/auth/websso/') url = ('%s/auth/OS-FEDERATION/websso/%s?origin=%s' % (region, protocol, origin)) return shortcuts.redirect(url) # If the user enabled websso and selects default protocol # from the dropdown, We need to redirect user to the websso url if request.method == 'POST': auth_type = request.POST.get('auth_type', 'credentials') request.session['auth_type'] = auth_type if settings.WEBSSO_ENABLED and auth_type != 'credentials': region_id = request.POST.get('region') auth_url = getattr(settings, 'WEBSSO_KEYSTONE_URL', None) if auth_url is None: auth_url = forms.get_region_endpoint(region_id) url = utils.get_websso_url(request, auth_url, auth_type) return shortcuts.redirect(url) if not request.is_ajax(): # If the user is already authenticated, redirect them to the # dashboard straight away, unless the 'next' parameter is set as it # usually indicates requesting access to a page that requires different # permissions. if (request.user.is_authenticated and auth.REDIRECT_FIELD_NAME not in request.GET and auth.REDIRECT_FIELD_NAME not in request.POST): return shortcuts.redirect(settings.LOGIN_REDIRECT_URL) # Get our initial region for the form. initial = {} current_region = request.session.get('region_endpoint', None) requested_region = request.GET.get('region', None) regions = dict(settings.AVAILABLE_REGIONS) if requested_region in regions and requested_region != current_region: initial.update({'region': requested_region}) if request.method == "POST": form = functools.partial(forms.Login) else: form = functools.partial(forms.Login, initial=initial) choices = settings.WEBSSO_CHOICES reason = get_csrf_reason(request.GET.get('csrf_failure')) logout_reason = request.COOKIES.get( 'logout_reason', '').encode('ascii').decode('unicode_escape') logout_status = request.COOKIES.get('logout_status') extra_context = { 'redirect_field_name': auth.REDIRECT_FIELD_NAME, 'csrf_failure': reason, 'show_sso_opts': settings.WEBSSO_ENABLED and len(choices) > 1, 'classes': { 'value': '', 'single_value': '', 'label': '', }, 'logout_reason': logout_reason, 'logout_status': logout_status, } if request.is_ajax(): template_name = 'auth/_login.html' extra_context['hide'] = True else: template_name = 'auth/login.html' try: res = django_auth_views.LoginView.as_view( template_name=template_name, redirect_field_name=auth.REDIRECT_FIELD_NAME, form_class=form, extra_context=extra_context, redirect_authenticated_user=False)(request) except exceptions.KeystonePassExpiredException as exc: res = django_http.HttpResponseRedirect( reverse('password', args=[exc.user_id])) msg = _("Your password has expired. Please set a new password.") set_logout_reason(res, msg) # Save the region in the cookie, this is used as the default # selected region next time the Login form loads. if request.method == "POST": utils.set_response_cookie(res, 'login_region', request.POST.get('region', '')) utils.set_response_cookie(res, 'login_domain', request.POST.get('domain', '')) # Set the session data here because django's session key rotation # will erase it if we set it earlier. if request.user.is_authenticated: auth_user.set_session_from_user(request, request.user) regions = dict(forms.get_region_choices()) region = request.user.endpoint login_region = request.POST.get('region') region_name = regions.get(login_region) request.session['region_endpoint'] = region request.session['region_name'] = region_name expiration_time = request.user.time_until_expiration() threshold_days = settings.PASSWORD_EXPIRES_WARNING_THRESHOLD_DAYS if (expiration_time is not None and expiration_time.days <= threshold_days and expiration_time > datetime.timedelta(0)): expiration_time = str(expiration_time).rsplit(':', 1)[0] msg = (_('Please consider changing your password, it will expire' ' in %s minutes') % expiration_time).replace( ':', ' Hours and ') messages.warning(request, msg) return res
def login(request, template_name=None, extra_context=None, **kwargs): """Logs a user in using the :class:`~openstack_auth.forms.Login` form.""" # If the user enabled websso and the default redirect # redirect to the default websso url if (request.method == 'GET' and utils.is_websso_enabled and utils.is_websso_default_redirect()): protocol = utils.get_websso_default_redirect_protocol() region = utils.get_websso_default_redirect_region() origin = utils.build_absolute_uri(request, '/auth/websso/') url = ('%s/auth/OS-FEDERATION/websso/%s?origin=%s' % (region, protocol, origin)) return shortcuts.redirect(url) # If the user enabled websso and selects default protocol # from the dropdown, We need to redirect user to the websso url if request.method == 'POST': auth_type = request.POST.get('auth_type', 'credentials') if utils.is_websso_enabled() and auth_type != 'credentials': region_id = request.POST.get('region') auth_url = getattr(settings, 'WEBSSO_KEYSTONE_URL', forms.get_region_endpoint(region_id)) url = utils.get_websso_url(request, auth_url, auth_type) return shortcuts.redirect(url) if not request.is_ajax(): # If the user is already authenticated, redirect them to the # dashboard straight away, unless the 'next' parameter is set as it # usually indicates requesting access to a page that requires different # permissions. if (request.user.is_authenticated and auth.REDIRECT_FIELD_NAME not in request.GET and auth.REDIRECT_FIELD_NAME not in request.POST): return shortcuts.redirect(settings.LOGIN_REDIRECT_URL) # Get our initial region for the form. initial = {} current_region = request.session.get('region_endpoint', None) requested_region = request.GET.get('region', None) regions = dict(getattr(settings, "AVAILABLE_REGIONS", [])) if requested_region in regions and requested_region != current_region: initial.update({'region': requested_region}) if request.method == "POST": form = functional.curry(forms.Login) else: form = functional.curry(forms.Login, initial=initial) if extra_context is None: extra_context = {'redirect_field_name': auth.REDIRECT_FIELD_NAME} extra_context['csrf_failure'] = request.GET.get('csrf_failure') choices = getattr(settings, 'WEBSSO_CHOICES', ()) extra_context['show_sso_opts'] = (utils.is_websso_enabled() and len(choices) > 1) if not template_name: if request.is_ajax(): template_name = 'auth/_login.html' extra_context['hide'] = True else: template_name = 'auth/login.html' res = django_auth_views.login(request, template_name=template_name, authentication_form=form, extra_context=extra_context, **kwargs) # Save the region in the cookie, this is used as the default # selected region next time the Login form loads. if request.method == "POST": utils.set_response_cookie(res, 'login_region', request.POST.get('region', '')) utils.set_response_cookie(res, 'login_domain', request.POST.get('domain', '')) # Set the session data here because django's session key rotation # will erase it if we set it earlier. if request.user.is_authenticated: auth_user.set_session_from_user(request, request.user) regions = dict(forms.Login.get_region_choices()) region = request.user.endpoint login_region = request.POST.get('region') region_name = regions.get(login_region) request.session['region_endpoint'] = region request.session['region_name'] = region_name expiration_time = request.user.time_until_expiration() threshold_days = getattr( settings, 'PASSWORD_EXPIRES_WARNING_THRESHOLD_DAYS', -1) if expiration_time is not None and \ expiration_time.days <= threshold_days: expiration_time = str(expiration_time).rsplit(':', 1)[0] msg = (_('Please consider changing your password, it will expire' ' in %s minutes') % expiration_time).replace(':', ' Hours and ') messages.warning(request, msg) return res