def dt_login(request): redirect_to = request.REQUEST.get('next', '/') is_first_login_ever = first_login_ever() backend_names = get_backend_names() is_active_directory = 'LdapBackend' in backend_names and ( bool(LDAP.NT_DOMAIN.get()) or bool(LDAP.LDAP_SERVERS.get()) ) if is_active_directory: UserCreationForm = auth_forms.LdapUserCreationForm AuthenticationForm = auth_forms.LdapAuthenticationForm else: UserCreationForm = auth_forms.UserCreationForm AuthenticationForm = auth_forms.AuthenticationForm if request.method == 'POST': request.audit = { 'operation': 'USER_LOGIN', 'username': request.POST.get('username') } # For first login, need to validate user info! first_user_form = is_first_login_ever and UserCreationForm(data=request.POST) or None first_user = first_user_form and first_user_form.is_valid() if first_user or not is_first_login_ever: auth_form = AuthenticationForm(data=request.POST) if auth_form.is_valid(): # Must login by using the AuthenticationForm. # It provides 'backends' on the User object. user = auth_form.get_user() userprofile = get_profile(user) login(request, user) if request.session.test_cookie_worked(): request.session.delete_test_cookie() if is_first_login_ever or 'AllowAllBackend' in backend_names or 'LdapBackend' in backend_names: # Create home directory for first user. try: ensure_home_directory(request.fs, user.username) except (IOError, WebHdfsException), e: LOG.error(_('Could not create home directory.'), exc_info=e) request.error(_('Could not create home directory.')) if require_change_password(userprofile): return HttpResponseRedirect(urlresolvers.reverse('useradmin.views.edit_user', kwargs={'username': user.username})) userprofile.first_login = False userprofile.save() msg = 'Successful login for user: %s' % user.username request.audit['operationText'] = msg access_warn(request, msg) return HttpResponseRedirect(redirect_to) else: request.audit['allowed'] = False msg = 'Failed login for user: %s' % request.POST.get('username') request.audit['operationText'] = msg access_warn(request, msg)
def dt_login(request): redirect_to = request.REQUEST.get('next', '/') is_first_login_ever = first_login_ever() backend_names = get_backend_names() is_active_directory = 'LdapBackend' in backend_names and (bool( LDAP.NT_DOMAIN.get()) or bool(LDAP.LDAP_SERVERS.get())) if is_active_directory: UserCreationForm = auth_forms.LdapUserCreationForm AuthenticationForm = auth_forms.LdapAuthenticationForm else: UserCreationForm = auth_forms.UserCreationForm AuthenticationForm = auth_forms.AuthenticationForm if request.method == 'POST': # For first login, need to validate user info! first_user_form = is_first_login_ever and UserCreationForm( data=request.POST) or None first_user = first_user_form and first_user_form.is_valid() if first_user or not is_first_login_ever: auth_form = AuthenticationForm(data=request.POST) if auth_form.is_valid(): # Must login by using the AuthenticationForm. # It provides 'backends' on the User object. user = auth_form.get_user() userprofile = get_profile(user) login(request, user) if request.session.test_cookie_worked(): request.session.delete_test_cookie() if is_first_login_ever or 'AllowAllBackend' in backend_names or 'LdapBackend' in backend_names: # Create home directory for first user. try: ensure_home_directory(request.fs, user.username) except (IOError, WebHdfsException), e: LOG.error(_('Could not create home directory.'), exc_info=e) request.error(_('Could not create home directory.')) if require_change_password(userprofile): return HttpResponseRedirect( urlresolvers.reverse( 'useradmin.views.edit_user', kwargs={'username': user.username})) userprofile.first_login = False userprofile.save() access_warn(request, '"%s" login ok' % (user.username, )) return HttpResponseRedirect(redirect_to) else: access_warn( request, 'Failed login for user "%s"' % (request.POST.get('username'), ))
def dt_login(request, from_modal=False): redirect_to = request.GET.get('next', '/') is_first_login_ever = first_login_ever() backend_names = auth_forms.get_backend_names() is_active_directory = auth_forms.is_active_directory() is_ldap_option_selected = 'server' not in request.POST or request.POST.get('server') == 'LDAP' \ or request.POST.get('server') in auth_forms.get_ldap_server_keys() if is_active_directory and is_ldap_option_selected: UserCreationForm = auth_forms.LdapUserCreationForm AuthenticationForm = auth_forms.LdapAuthenticationForm else: UserCreationForm = auth_forms.UserCreationForm if 'ImpersonationBackend' in backend_names: AuthenticationForm = ImpersonationAuthenticationForm else: AuthenticationForm = auth_forms.AuthenticationForm if request.method == 'POST': request.audit = { 'operation': 'USER_LOGIN', 'username': request.POST.get('username') } # For first login, need to validate user info! first_user_form = is_first_login_ever and UserCreationForm( data=request.POST) or None first_user = first_user_form and first_user_form.is_valid() if first_user or not is_first_login_ever: auth_form = AuthenticationForm(data=request.POST) if auth_form.is_valid(): # Must login by using the AuthenticationForm. It provides 'backends' on the User object. user = auth_form.get_user() userprofile = get_profile(user) login(request, user) if request.session.test_cookie_worked(): request.session.delete_test_cookie() try: ensure_home_directory(request.fs, user) except (IOError, WebHdfsException), e: LOG.error( 'Could not create home directory at login for %s.' % user, exc_info=e) if require_change_password(userprofile): return HttpResponseRedirect( urlresolvers.reverse( 'useradmin.views.edit_user', kwargs={'username': user.username})) userprofile.first_login = False userprofile.last_activity = datetime.now() userprofile.save() msg = 'Successful login for user: %s' % user.username request.audit['operationText'] = msg access_warn(request, msg) if from_modal or request.GET.get('fromModal', 'false') == 'true': return JsonResponse({'auth': True}) else: return HttpResponseRedirect(redirect_to) else: request.audit['allowed'] = False msg = 'Failed login for user: %s' % request.POST.get( 'username') request.audit['operationText'] = msg access_warn(request, msg) if from_modal or request.GET.get('fromModal', 'false') == 'true': return JsonResponse({'auth': False})
def dt_login(request, from_modal=False): redirect_to = request.REQUEST.get('next', '/') is_first_login_ever = first_login_ever() backend_names = get_backend_names() is_active_directory = 'LdapBackend' in backend_names and (bool( LDAP.NT_DOMAIN.get()) or bool(LDAP.LDAP_SERVERS.get())) if is_active_directory: UserCreationForm = auth_forms.LdapUserCreationForm AuthenticationForm = auth_forms.LdapAuthenticationForm else: UserCreationForm = auth_forms.UserCreationForm AuthenticationForm = auth_forms.AuthenticationForm if request.method == 'POST': request.audit = { 'operation': 'USER_LOGIN', 'username': request.POST.get('username') } # For first login, need to validate user info! first_user_form = is_first_login_ever and UserCreationForm( data=request.POST) or None first_user = first_user_form and first_user_form.is_valid() if first_user or not is_first_login_ever: auth_form = AuthenticationForm(data=request.POST) if auth_form.is_valid(): # Must login by using the AuthenticationForm. # It provides 'backends' on the User object. user = auth_form.get_user() userprofile = get_profile(user) login(request, user) if request.session.test_cookie_worked(): request.session.delete_test_cookie() auto_create_home_backends = [ 'AllowAllBackend', 'LdapBackend', 'SpnegoDjangoBackend' ] if is_first_login_ever or any( backend in backend_names for backend in auto_create_home_backends): # Create home directory for first user. try: ensure_home_directory(request.fs, user.username) except (IOError, WebHdfsException), e: LOG.error(_('Could not create home directory.'), exc_info=e) request.error(_('Could not create home directory.')) if require_change_password(userprofile): return HttpResponseRedirect( urlresolvers.reverse( 'useradmin.views.edit_user', kwargs={'username': user.username})) userprofile.first_login = False userprofile.last_activity = datetime.now() userprofile.save() msg = 'Successful login for user: %s' % user.username request.audit['operationText'] = msg access_warn(request, msg) if from_modal or request.REQUEST.get('fromModal', 'false') == 'true': return JsonResponse({'auth': True}) else: return HttpResponseRedirect(redirect_to) else: request.audit['allowed'] = False msg = 'Failed login for user: %s' % request.POST.get( 'username') request.audit['operationText'] = msg access_warn(request, msg) if from_modal or request.REQUEST.get('fromModal', 'false') == 'true': return JsonResponse({'auth': False})
def dt_login(request, from_modal=False): if request.method == 'GET': redirect_to = request.GET.get('next', '/') else: redirect_to = request.POST.get('next', '/') is_first_login_ever = first_login_ever() backend_names = auth_forms.get_backend_names() is_active_directory = auth_forms.is_active_directory() is_ldap_option_selected = 'server' not in request.POST or request.POST.get('server') == 'LDAP' or \ request.POST.get('server') in auth_forms.get_ldap_server_keys() if is_active_directory and is_ldap_option_selected: UserCreationForm = auth_forms.LdapUserCreationForm AuthenticationForm = auth_forms.LdapAuthenticationForm else: UserCreationForm = auth_forms.UserCreationForm if 'ImpersonationBackend' in backend_names: AuthenticationForm = ImpersonationAuthenticationForm else: AuthenticationForm = auth_forms.AuthenticationForm if ENABLE_ORGANIZATIONS.get(): UserCreationForm = OrganizationUserCreationForm AuthenticationForm = OrganizationAuthenticationForm if request.method == 'POST': request.audit = { 'operation': 'USER_LOGIN', 'username': request.POST.get('username', request.POST.get('email')) } # For first login, need to validate user info! first_user_form = is_first_login_ever and UserCreationForm(data=request.POST) or None first_user = first_user_form and first_user_form.is_valid() if first_user or not is_first_login_ever: auth_form = AuthenticationForm(data=request.POST) if auth_form.is_valid(): # Must login by using the AuthenticationForm. It provides 'backend' on the User object. user = auth_form.get_user() userprofile = get_profile(user) login(request, user) # If Test cookie exists , it should be deleted if request.session.test_cookie_worked(): request.session.delete_test_cookie() if request.fs is None: request.fs = fsmanager.get_filesystem(request.fs_ref) try: ensure_home_directory(request.fs, user) except (IOError, WebHdfsException) as e: LOG.error('Could not create home directory at login for %s.' % user, exc_info=e) if require_change_password(userprofile): return HttpResponseRedirect('/hue' + reverse('useradmin:useradmin.views.edit_user', kwargs={'username': user.username})) userprofile.first_login = False userprofile.last_activity = datetime.now() if userprofile.creation_method == UserProfile.CreationMethod.EXTERNAL: # This is to fix a bug in Hue 4.3 userprofile.creation_method = UserProfile.CreationMethod.EXTERNAL.name userprofile.update_data({'auth_backend': user.backend}) userprofile.save() msg = 'Successful login for user: %s' % user.username request.audit['operationText'] = msg access_warn(request, msg) if from_modal or request.GET.get('fromModal', 'false') == 'true': return JsonResponse({'auth': True}) else: return HttpResponseRedirect(redirect_to) else: request.audit['allowed'] = False msg = 'Failed login for user: %s' % request.POST.get('username', request.POST.get('email')) request.audit['operationText'] = msg access_warn(request, msg) if from_modal or request.GET.get('fromModal', 'false') == 'true': return JsonResponse({'auth': False}) else: first_user_form = None auth_form = AuthenticationForm() # SAML/OIDC user is already authenticated in djangosaml2.views.login if hasattr(request, 'fs') and ( 'KnoxSpnegoDjangoBackend' in backend_names or 'SpnegoDjangoBackend' in backend_names or 'OIDCBackend' in backend_names or 'SAML2Backend' in backend_names ) and request.user.is_authenticated: if request.fs is None: request.fs = fsmanager.get_filesystem(request.fs_ref) try: ensure_home_directory(request.fs, request.user) except (IOError, WebHdfsException) as e: LOG.error('Could not create home directory for %s user %s.' % ('OIDC' if 'OIDCBackend' in backend_names else 'SAML', request.user)) if request.user.is_authenticated and not from_modal: return HttpResponseRedirect(redirect_to) if is_active_directory and not is_ldap_option_selected and \ request.method == 'POST' and request.user.username != request.POST.get('username'): # local user login failed, give the right auth_form with 'server' field auth_form = auth_forms.LdapAuthenticationForm() if not from_modal and SESSION.ENABLE_TEST_COOKIE.get() : request.session.set_test_cookie() if 'SAML2Backend' in backend_names: request.session['samlgroup_permitted_flag'] = samlgroup_check(request) renderable_path = 'login.mako' if from_modal: renderable_path = 'login_modal.mako' response = render(renderable_path, request, { 'action': reverse('desktop_auth_views_dt_login'), 'form': first_user_form or auth_form, 'next': redirect_to, 'first_login_ever': is_first_login_ever, 'login_errors': request.method == 'POST', 'backend_names': backend_names, 'active_directory': is_active_directory, 'user': request.user }) if not request.user.is_authenticated: response.delete_cookie(LOAD_BALANCER_COOKIE) # Note: might be re-balanced to another Hue on login. return response
def dt_login(request, from_modal=False): redirect_to = request.REQUEST.get("next", "/") is_first_login_ever = first_login_ever() backend_names = get_backend_names() is_active_directory = "LdapBackend" in backend_names and ( bool(LDAP.NT_DOMAIN.get()) or bool(LDAP.LDAP_SERVERS.get()) ) if is_active_directory: UserCreationForm = auth_forms.LdapUserCreationForm AuthenticationForm = auth_forms.LdapAuthenticationForm else: UserCreationForm = auth_forms.UserCreationForm AuthenticationForm = auth_forms.AuthenticationForm if request.method == "POST": request.audit = {"operation": "USER_LOGIN", "username": request.POST.get("username")} # For first login, need to validate user info! first_user_form = is_first_login_ever and UserCreationForm(data=request.POST) or None first_user = first_user_form and first_user_form.is_valid() if first_user or not is_first_login_ever: auth_form = AuthenticationForm(data=request.POST) if auth_form.is_valid(): # Must login by using the AuthenticationForm. # It provides 'backends' on the User object. user = auth_form.get_user() userprofile = get_profile(user) login(request, user) if request.session.test_cookie_worked(): request.session.delete_test_cookie() if is_first_login_ever or "AllowAllBackend" in backend_names or "LdapBackend" in backend_names: # Create home directory for first user. try: ensure_home_directory(request.fs, user.username) except (IOError, WebHdfsException), e: LOG.error(_("Could not create home directory."), exc_info=e) request.error(_("Could not create home directory.")) if require_change_password(userprofile): return HttpResponseRedirect( urlresolvers.reverse("useradmin.views.edit_user", kwargs={"username": user.username}) ) userprofile.first_login = False userprofile.last_activity = datetime.now() userprofile.save() msg = "Successful login for user: %s" % user.username request.audit["operationText"] = msg access_warn(request, msg) if from_modal or request.REQUEST.get("fromModal", "false") == "true": return JsonResponse({"auth": True}) else: return HttpResponseRedirect(redirect_to) else: request.audit["allowed"] = False msg = "Failed login for user: %s" % request.POST.get("username") request.audit["operationText"] = msg access_warn(request, msg) if from_modal or request.REQUEST.get("fromModal", "false") == "true": return JsonResponse({"auth": False})
def dt_login(request, from_modal=False): if request.method == 'GET': redirect_to = request.GET.get('next', '/') else: redirect_to = request.POST.get('next', '/') is_first_login_ever = first_login_ever() backend_names = auth_forms.get_backend_names() is_active_directory = auth_forms.is_active_directory() is_ldap_option_selected = 'server' not in request.POST or request.POST.get('server') == 'LDAP' \ or request.POST.get('server') in auth_forms.get_ldap_server_keys() if is_active_directory and is_ldap_option_selected: UserCreationForm = auth_forms.LdapUserCreationForm AuthenticationForm = auth_forms.LdapAuthenticationForm else: UserCreationForm = auth_forms.UserCreationForm if 'ImpersonationBackend' in backend_names: AuthenticationForm = ImpersonationAuthenticationForm else: AuthenticationForm = auth_forms.AuthenticationForm if request.method == 'POST': request.audit = { 'operation': 'USER_LOGIN', 'username': request.POST.get('username') } # For first login, need to validate user info! first_user_form = is_first_login_ever and UserCreationForm(data=request.POST) or None first_user = first_user_form and first_user_form.is_valid() if first_user or not is_first_login_ever: auth_form = AuthenticationForm(data=request.POST) if auth_form.is_valid(): # Must login by using the AuthenticationForm. It provides 'backends' on the User object. user = auth_form.get_user() userprofile = get_profile(user) login(request, user) if request.session.test_cookie_worked(): request.session.delete_test_cookie() try: ensure_home_directory(request.fs, user) except (IOError, WebHdfsException), e: LOG.error('Could not create home directory at login for %s.' % user, exc_info=e) if require_change_password(userprofile): return HttpResponseRedirect(urlresolvers.reverse('useradmin.views.edit_user', kwargs={'username': user.username})) userprofile.first_login = False userprofile.last_activity = datetime.now() # This is to fix a bug in Hue 4.3 if userprofile.creation_method == UserProfile.CreationMethod.EXTERNAL: userprofile.creation_method = UserProfile.CreationMethod.EXTERNAL.name userprofile.save() msg = 'Successful login for user: %s' % user.username request.audit['operationText'] = msg access_warn(request, msg) if from_modal or request.GET.get('fromModal', 'false') == 'true': return JsonResponse({'auth': True}) else: return HttpResponseRedirect(redirect_to) else: request.audit['allowed'] = False msg = 'Failed login for user: %s' % request.POST.get('username') request.audit['operationText'] = msg access_warn(request, msg) if from_modal or request.GET.get('fromModal', 'false') == 'true': return JsonResponse({'auth': False})
def dt_login(request): redirect_to = request.REQUEST.get('next', '/') is_first_login_ever = first_login_ever() backend_name = get_backend_name() is_active_directory = backend_name == 'LdapBackend' and ( bool(LDAP.NT_DOMAIN.get()) or bool(LDAP.LDAP_SERVERS.get()) ) if is_active_directory: UserCreationForm = auth_forms.LdapUserCreationForm AuthenticationForm = auth_forms.LdapAuthenticationForm else: UserCreationForm = auth_forms.UserCreationForm AuthenticationForm = auth_forms.AuthenticationForm if request.method == 'POST': # For first login, need to validate user info! first_user_form = is_first_login_ever and UserCreationForm(data=request.POST) or None first_user = first_user_form and first_user_form.is_valid() if first_user or not is_first_login_ever: auth_form = AuthenticationForm(data=request.POST) if auth_form.is_valid(): # Must login by using the AuthenticationForm. # It provides 'backends' on the User object. user = auth_form.get_user() userprofile = get_profile(user) login(request, user) if request.session.test_cookie_worked(): request.session.delete_test_cookie() # For Bluemix - don't try to create HDFS home directory because we're ignoring the identity of the Hue user #if is_first_login_ever or backend_name in ('AllowAllBackend', 'LdapBackend'): # # Create home directory for first user. # try: # ensure_home_directory(request.fs, user.username) # except (IOError, WebHdfsException), e: # LOG.error(_('Could not create home directory.'), exc_info=e) # request.error(_('Could not create home directory.')) if require_change_password(userprofile): return HttpResponseRedirect(urlresolvers.reverse('useradmin.views.edit_user', kwargs={'username': user.username})) userprofile.first_login = False userprofile.save() access_warn(request, '"%s" login ok' % (user.username,)) return HttpResponseRedirect(redirect_to) else: access_warn(request, 'Failed login for user "%s"' % (request.POST.get('username'),)) else: first_user_form = None auth_form = AuthenticationForm() if DEMO_ENABLED.get() and not 'admin' in request.REQUEST: user = authenticate(username='', password='') login(request, user) ensure_home_directory(request.fs, user.username) return HttpResponseRedirect(redirect_to) request.session.set_test_cookie() return render('login.mako', request, { 'action': urlresolvers.reverse('desktop.auth.views.dt_login'), 'form': first_user_form or auth_form, 'next': redirect_to, 'first_login_ever': is_first_login_ever, 'login_errors': request.method == 'POST', 'backend_name': backend_name, 'active_directory': is_active_directory })