def login_confirmation(request, template_name='secureauth/confirmation.html', authentication_form=ConfirmAuthenticationForm, extra_context=None, current_app=None ): # pylint: disable=R0913 if CHECK_ATTEMPT and UserAuthAttempt.is_banned(request): return HttpResponseBadRequest() data = get_data(request) if extra_context is None and data.get('extra_context'): extra_context = data.get('extra_context') if hasattr(request, 'user') and request.user.is_authenticated(): return HttpResponseRedirect(data.get('redirect_to', '/')) elif request.method == "POST": form = authentication_form(data, request.POST) if form.is_valid(): user = form.get_user() if user and data.get('user_pk') == user.pk: auth_login(request, user) if request.session.test_cookie_worked(): request.session.delete_test_cookie() if UserAuthLogging.is_enabled(request): UserAuthActivity.check_location(request) UserAuthActivity.log_auth( request, form.cleaned_data.get('auth_type')) UserAuthNotification.notify(request) UserAuthAttempt.remove(request) request.session['ip'] = get_ip(request) return HttpResponseRedirect(data.get('redirect_to')) else: return HttpResponseBadRequest() elif CHECK_ATTEMPT is True: UserAuthAttempt.clean() UserAuthAttempt.store(request) else: form = authentication_form(data) request.session.set_test_cookie() current_site = get_current_site(request) context = { 'form': form, 'site': current_site, 'site_name': current_site.name, 'data': request.GET.get('data'), } if extra_context is not None: context.update(extra_context) if django.VERSION < (1, 8): return TemplateResponse( request, template_name, context, current_app=current_app) else: return TemplateResponse( request, template_name, context)
def login_confirmation(request, template_name='secureauth/confirmation.html', authentication_form=ConfirmAuthenticationForm, extra_context=None, current_app=None): # pylint: disable=R0913 if CHECK_ATTEMPT and UserAuthAttempt.is_banned(request): return HttpResponseBadRequest() data = get_data(request) if extra_context is None and data.get('extra_context'): extra_context = data.get('extra_context') if hasattr(request, 'user') and request.user.is_authenticated(): return HttpResponseRedirect(data.get('redirect_to', '/')) elif request.method == "POST": form = authentication_form(data, request.POST) if form.is_valid(): user = form.get_user() if user and data.get('user_pk') == user.pk: auth_login(request, user) if request.session.test_cookie_worked(): request.session.delete_test_cookie() if UserAuthLogging.is_enabled(request): UserAuthActivity.check_location(request) UserAuthActivity.log_auth( request, form.cleaned_data.get('auth_type')) UserAuthNotification.notify(request) UserAuthAttempt.remove(request) request.session['ip'] = get_ip(request) return HttpResponseRedirect(data.get('redirect_to')) else: return HttpResponseBadRequest() elif CHECK_ATTEMPT is True: UserAuthAttempt.clean() UserAuthAttempt.store(request) else: form = authentication_form(data) request.session.set_test_cookie() current_site = get_current_site(request) context = { 'form': form, 'site': current_site, 'site_name': current_site.name, 'data': request.GET.get('data'), } if extra_context is not None: context.update(extra_context) return TemplateResponse(request, template_name, context, current_app=current_app)
def login_confirmation( request, template_name="secureauth/confirmation.html", authentication_form=ConfirmAuthenticationForm, extra_context=None, current_app=None, ): if CHECK_ATTEMPT and UserAuthAttempt.is_banned(request): return HttpResponseBadRequest() data = _get_data(request) if extra_context is None and data.get("extra_context"): extra_context = data.get("extra_context") if hasattr(request, "user") and request.user.is_authenticated(): return HttpResponseRedirect(data.get("redirect_to", "/")) elif request.method == "POST": form = authentication_form(data, request.POST) if form.is_valid(): user = form.get_user() if user and data.get("user_pk") == user.pk: auth_login(request, user) if request.session.test_cookie_worked(): request.session.delete_test_cookie() if UserAuthLogging.is_enabled(request): UserAuthActivity.check_location(request) UserAuthActivity.log_auth(request, form.cleaned_data.get("auth_type")) UserAuthNotification.notify(request) UserAuthAttempt.remove(request) request.session["ip"] = get_ip(request) return HttpResponseRedirect(data.get("redirect_to")) else: return HttpResponseBadRequest() elif CHECK_ATTEMPT is True: UserAuthAttempt.clean() UserAuthAttempt.store(request) else: form = authentication_form(data) request.session.set_test_cookie() current_site = get_current_site(request) context = {"form": form, "site": current_site, "site_name": current_site.name, "data": request.GET.get("data")} if extra_context is not None: context.update(extra_context) return TemplateResponse(request, template_name, context, current_app=current_app)
def login(request, template_name='secureauth/login.html', redirect_field_name=REDIRECT_FIELD_NAME, authentication_form=BaseAuthForm, current_app=None, extra_context=None, redirect_to='' ): # pylint: disable=R0913 args = [redirect_field_name, redirect_to] redirect_to = request.GET.get(*args) or request.POST.get(*args) if CHECK_ATTEMPT and UserAuthAttempt.is_banned(request): return HttpResponseBadRequest() if request.method == "POST": form = authentication_form( request, data=request.POST, test_cookie_enabled=False) if form.is_valid(): if not is_safe_url(url=redirect_to, host=request.get_host()): redirect_to = settings.LOGIN_REDIRECT_URL if '/' not in redirect_to and '.' not in redirect_to: redirect_to = reverse(settings.LOGIN_REDIRECT_URL) user = form.get_user() if UserAuthIPRange.is_blocked(request, user): return render(request, 'secureauth/blocked_ip.html') if SMS_FORCE or len(get_available_auth_methods(user)) > 1: data = { 'credentials': form.cleaned_data, 'user_pk': user.pk, 'ip': get_ip(request), 'redirect_to': redirect_to, 'extra_context': extra_context, } data = Sign().sign(data) return HttpResponseRedirect( '%s?data=%s' % (reverse('auth_confirmation'), data)) else: auth_login(request, user) if request.session.test_cookie_worked(): request.session.delete_test_cookie() if UserAuthLogging.is_enabled(request): UserAuthActivity.check_location(request) UserAuthActivity.log_auth(request) UserAuthAttempt.remove(request) request.session['ip'] = get_ip(request) return HttpResponseRedirect(redirect_to) elif CHECK_ATTEMPT is True: UserAuthAttempt.clean() UserAuthAttempt.store(request) else: form = authentication_form(request) request.session.set_test_cookie() current_site = get_current_site(request) context = { 'form': form, redirect_field_name: redirect_to, 'site': current_site, 'site_name': current_site.name, } if extra_context is not None: context.update(extra_context) if django.VERSION < (1, 8): return TemplateResponse( request, template_name, context, current_app=current_app) else: return TemplateResponse( request, template_name, context)
def get(self, request, *args, **kwargs): if UserAuthLogging.is_enabled(request): UserAuthActivity.check_location(request) return render(request, 'secureauth/settings.html')
def login( request, template_name="secureauth/login.html", redirect_field_name=REDIRECT_FIELD_NAME, authentication_form=BaseAuthForm, current_app=None, extra_context=None, redirect_to="", ): redirect_to = request.REQUEST.get(redirect_field_name, redirect_to) if CHECK_ATTEMPT and UserAuthAttempt.is_banned(request): return HttpResponseBadRequest() if request.method == "POST": form = authentication_form(request, data=request.POST, test_cookie_enabled=False) if form.is_valid(): if not is_safe_url(url=redirect_to, host=request.get_host()): redirect_to = settings.LOGIN_REDIRECT_URL if "/" not in redirect_to and "." not in redirect_to: redirect_to = reverse(settings.LOGIN_REDIRECT_URL) user = form.get_user() if UserAuthIPRange.is_blocked(request, user): return render(request, "secureauth/blocked_ip.html") if SMS_FORCE or len(get_available_auth_methods(user)) > 1: data = { "credentials": form.cleaned_data, "user_pk": user.pk, "ip": get_ip(request), "redirect_to": redirect_to, "extra_context": extra_context, } data = Sign().sign(data) return HttpResponseRedirect("%s?data=%s" % (reverse("auth_confirmation"), data)) else: auth_login(request, user) if request.session.test_cookie_worked(): request.session.delete_test_cookie() if UserAuthLogging.is_enabled(request): UserAuthActivity.check_location(request) UserAuthActivity.log_auth(request) UserAuthAttempt.remove(request) request.session["ip"] = get_ip(request) return HttpResponseRedirect(redirect_to) elif CHECK_ATTEMPT is True: UserAuthAttempt.clean() UserAuthAttempt.store(request) else: form = authentication_form(request) request.session.set_test_cookie() current_site = get_current_site(request) context = {"form": form, redirect_field_name: redirect_to, "site": current_site, "site_name": current_site.name} if extra_context is not None: context.update(extra_context) return TemplateResponse(request, template_name, context, current_app=current_app)
def auth_settings(request): if UserAuthLogging.is_enabled(request): UserAuthActivity.check_location(request) return render(request, "secureauth/settings.html")
def login(request, template_name='secureauth/login.html', redirect_field_name=REDIRECT_FIELD_NAME, authentication_form=BaseAuthForm, current_app=None, extra_context=None, redirect_to=''): # pylint: disable=R0913 args = [redirect_field_name, redirect_to] redirect_to = request.GET.get(*args) or request.POST.get(*args) if CHECK_ATTEMPT and UserAuthAttempt.is_banned(request): return HttpResponseBadRequest() if request.method == "POST": form = authentication_form(request, data=request.POST, test_cookie_enabled=False) if form.is_valid(): if not is_safe_url(url=redirect_to, host=request.get_host()): redirect_to = settings.LOGIN_REDIRECT_URL if '/' not in redirect_to and '.' not in redirect_to: redirect_to = reverse(settings.LOGIN_REDIRECT_URL) user = form.get_user() if UserAuthIPRange.is_blocked(request, user): return render(request, 'secureauth/blocked_ip.html') if SMS_FORCE or len(get_available_auth_methods(user)) > 1: data = { 'credentials': form.cleaned_data, 'user_pk': user.pk, 'ip': get_ip(request), 'redirect_to': redirect_to, 'extra_context': extra_context, } data = Sign().sign(data) return HttpResponseRedirect( '%s?data=%s' % (reverse('auth_confirmation'), data)) else: auth_login(request, user) if request.session.test_cookie_worked(): request.session.delete_test_cookie() if UserAuthLogging.is_enabled(request): UserAuthActivity.check_location(request) UserAuthActivity.log_auth(request) UserAuthAttempt.remove(request) request.session['ip'] = get_ip(request) return HttpResponseRedirect(redirect_to) elif CHECK_ATTEMPT is True: UserAuthAttempt.clean() UserAuthAttempt.store(request) else: form = authentication_form(request) request.session.set_test_cookie() current_site = get_current_site(request) context = { 'form': form, redirect_field_name: redirect_to, 'site': current_site, 'site_name': current_site.name, } if extra_context is not None: context.update(extra_context) if django.VERSION < (1, 8): return TemplateResponse(request, template_name, context, current_app=current_app) else: return TemplateResponse(request, template_name, context)