def logout(
request, next_page=None, template_name="registration/logged_out.html", redirect_field_name=REDIRECT_FIELD_NAME
):
"Logs out the user and displays 'You are logged out' message."
from seahub.auth import logout
logout(request)
if redirect_field_name in request.REQUEST:
next_page = request.REQUEST[redirect_field_name]
# Security check -- don't allow redirection to a different host.
if not is_safe_url(url=next_page, host=request.get_host()):
next_page = request.path
if next_page is None:
redirect_to = request.REQUEST.get(redirect_field_name, "")
if redirect_to:
return HttpResponseRedirect(redirect_to)
else:
return render_to_response(
template_name, {"title": _("Logged out")}, context_instance=RequestContext(request)
)
else:
# Redirect to this page until the session has been cleared.
return HttpResponseRedirect(next_page or request.path)
def logout(request,
next_page=None,
template_name='registration/logged_out.html',
redirect_field_name=REDIRECT_FIELD_NAME):
"Logs out the user and displays 'You are logged out' message."
from seahub.auth import logout
logout(request)
if redirect_field_name in request.REQUEST:
next_page = request.REQUEST[redirect_field_name]
# Security check -- don't allow redirection to a different host.
if not is_safe_url(url=next_page, host=request.get_host()):
next_page = request.path
if next_page is None:
redirect_to = request.REQUEST.get(redirect_field_name, '')
if redirect_to:
return HttpResponseRedirect(redirect_to)
else:
return render_to_response(template_name,
{'title': _('Logged out')},
context_instance=RequestContext(request))
else:
# Redirect to this page until the session has been cleared.
return HttpResponseRedirect(next_page or request.path)
def logout(request,
next_page=None,
template_name='registration/logged_out.html',
redirect_field_name=REDIRECT_FIELD_NAME):
"Logs out the user and displays 'You are logged out' message."
from seahub.auth import logout
logout(request)
# Local logout for shibboleth user.
shib_logout_url = getattr(settings, 'SHIBBOLETH_LOGOUT_URL', '')
if getattr(settings, 'ENABLE_SHIB_LOGIN', False) and shib_logout_url:
shib_logout_return = getattr(settings, 'SHIBBOLETH_LOGOUT_RETURN', '')
if shib_logout_return:
shib_logout_url += shib_logout_return
return HttpResponseRedirect(shib_logout_url)
# Local logout for cas user.
if getattr(settings, 'ENABLE_CAS', False):
return HttpResponseRedirect(reverse('cas_ng_logout'))
if redirect_field_name in request.GET:
next_page = request.GET[redirect_field_name]
# Security check -- don't allow redirection to a different host.
if not is_safe_url(url=next_page, host=request.get_host()):
next_page = request.path
if next_page is None:
redirect_to = request.GET.get(redirect_field_name, '')
if redirect_to:
return HttpResponseRedirect(redirect_to)
else:
return render(request, template_name, {'title': _('Logged out')})
else:
# Redirect to this page until the session has been cleared.
return HttpResponseRedirect(next_page or request.path)
def logout(request,
next_page=None,
template_name='registration/logged_out.html',
redirect_field_name=REDIRECT_FIELD_NAME):
"Logs out the user and displays 'You are logged out' message."
from seahub.auth import logout
logout(request)
# Local logout for shibboleth user.
shib_logout_url = getattr(settings, 'SHIBBOLETH_LOGOUT_URL', '')
if getattr(settings, 'ENABLE_SHIB_LOGIN', False) and shib_logout_url:
shib_logout_return = getattr(settings, 'SHIBBOLETH_LOGOUT_RETURN', '')
if shib_logout_return:
shib_logout_url += shib_logout_return
response = HttpResponseRedirect(shib_logout_url)
response.delete_cookie('seahub_auth')
return response
# Local logout for cas user.
if getattr(settings, 'ENABLE_CAS', False):
response = HttpResponseRedirect(reverse('cas_ng_logout'))
response.delete_cookie('seahub_auth')
return response
from seahub.settings import LOGOUT_REDIRECT_URL
if LOGOUT_REDIRECT_URL:
response = HttpResponseRedirect(LOGOUT_REDIRECT_URL)
response.delete_cookie('seahub_auth')
return response
if redirect_field_name in request.GET:
next_page = request.GET[redirect_field_name]
# Security check -- don't allow redirection to a different host.
if not is_safe_url(url=next_page, allowed_hosts=request.get_host()):
next_page = request.path
if next_page is None:
redirect_to = request.GET.get(redirect_field_name, '')
if redirect_to:
response = HttpResponseRedirect(redirect_to)
else:
response = render(
request, template_name, {
'title':
_('Logged out'),
'request_from_onlyoffice_desktop_editor':
ONLYOFFICE_DESKTOP_EDITOR_HTTP_USER_AGENT
in request.META.get('HTTP_USER_AGENT', ''),
})
else:
# Redirect to this page until the session has been cleared.
response = HttpResponseRedirect(next_page or request.path)
response.delete_cookie('seahub_auth')
return response
def _remove_invalid_user(self, request):
"""
Removes the current authenticated user in the request which is invalid
but only if the user is authenticated via the SeafileRemoteUserBackend.
"""
try:
backend_str = request.session[auth.BACKEND_SESSION_KEY]
backend = auth.load_backend(backend_str)
except ImportError:
# backend failed to load
auth.logout(request)
else:
if isinstance(backend, SeafileRemoteUserBackend):
auth.logout(request)
def _remove_invalid_user(self, request):
"""
Removes the current authenticated user in the request which is invalid
but only if the user is authenticated via the SeafileRemoteUserBackend.
"""
try:
backend_str = request.session[auth.BACKEND_SESSION_KEY]
backend = auth.load_backend(backend_str)
except ImportError:
# backend failed to load
auth.logout(request)
else:
if isinstance(backend, SeafileRemoteUserBackend):
auth.logout(request)
def logout(request, next_page=None, template_name='registration/logged_out.html', redirect_field_name=REDIRECT_FIELD_NAME):
"Logs out the user and displays 'You are logged out' message."
from seahub.auth import logout
logout(request)
if next_page is None:
redirect_to = request.REQUEST.get(redirect_field_name, '')
if redirect_to:
return HttpResponseRedirect(redirect_to)
else:
return render_to_response(template_name, {
'title': _('Logged out')
}, context_instance=RequestContext(request))
else:
# Redirect to this page until the session has been cleared.
return HttpResponseRedirect(next_page or request.path)
def logout(request, next_page=None, template_name='registration/logged_out.html', redirect_field_name=REDIRECT_FIELD_NAME):
"Logs out the user and displays 'You are logged out' message."
from seahub.auth import logout
logout(request)
if next_page is None:
redirect_to = request.REQUEST.get(redirect_field_name, '')
if redirect_to:
return HttpResponseRedirect(redirect_to)
else:
return render_to_response(template_name, {
'title': _('Logged out')
}, context_instance=RequestContext(request))
else:
# Redirect to this page until the session has been cleared.
return HttpResponseRedirect(next_page or request.path)
def sys_sudo_mode(request):
if request.method not in ('GET', 'POST'):
return HttpResponseNotAllowed
# here we can't use @sys_staff_required
if not request.user.is_staff:
raise Http404
next_page = request.GET.get('next', reverse('sys_info'))
password_error = False
if request.method == 'POST':
password = request.POST.get('password')
username = request.user.username
ip = get_remote_ip(request)
if password:
user = authenticate(username=username, password=password)
if user:
update_sudo_mode_ts(request)
from seahub.auth.utils import clear_login_failed_attempts
clear_login_failed_attempts(request, username)
return HttpResponseRedirect(next_page)
password_error = True
from seahub.auth.utils import get_login_failed_attempts, incr_login_failed_attempts
failed_attempt = get_login_failed_attempts(username=username, ip=ip)
if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT:
# logout user
from seahub.auth import logout
logout(request)
return HttpResponseRedirect(reverse('auth_login'))
else:
incr_login_failed_attempts(username=username, ip=ip)
enable_shib_login = getattr(settings, 'ENABLE_SHIB_LOGIN', False)
enable_adfs_login = getattr(settings, 'ENABLE_ADFS_LOGIN', False)
return render(
request, 'sysadmin/sudo_mode.html', {
'password_error': password_error,
'enable_sso': enable_shib_login or enable_adfs_login,
'next': next_page,
})
def process_request(self, request):
# AuthenticationMiddleware is required so that request.user exists.
if not hasattr(request, 'user'):
raise ImproperlyConfigured(
"The Django remote user auth middleware requires the"
" authentication middleware to be installed. Edit your"
" MIDDLEWARE_CLASSES setting to insert"
" 'django.contrib.auth.middleware.AuthenticationMiddleware'"
" before the RemoteUserMiddleware class.")
try:
username = request.META[self.header]
except KeyError:
# If specified header doesn't exist then return
# directly(request.user could be AnonymousUser or authed user set
# by AuthenticationMiddleware)
return
if settings.KRB5_USERNAME_SUFFIX:
username = username.split('@')[0] + settings.KRB5_USERNAME_SUFFIX
# If the user is already authenticated and that user is the user we are
# getting passed in the headers, then the correct user is already
# persisted in the session and we don't need to continue.
# If the authenticated user is not the user getting from header, then
# logout the user.
if request.user.is_authenticated:
if request.user.username == self.clean_username(username, request):
request.krb5_login = True
return
else:
auth.logout(request)
# We are seeing this user for the first time in this session, attempt
# to authenticate the user.
user = auth.authenticate(remote_user=username)
if user and user.is_active:
# User is valid. Set request.user and persist user in the session
# by logging the user in.
request.user = user
auth.login(request, user)
request.krb5_login = True
else:
# explicit redirect to login url to avoid redirect loop in some case
return HttpResponseRedirect(settings.LOGIN_URL)
def logout_then_login(request, login_url=None):
"Logs out the user if he is logged in. Then redirects to the log-in page."
if not login_url:
login_url = settings.LOGIN_URL
return logout(request, login_url)
def logout_then_login(request, login_url=None):
"Logs out the user if he is logged in. Then redirects to the log-in page."
if not login_url:
login_url = settings.LOGIN_URL
return logout(request, login_url)
