def test_zinnia_entry_detail_login_password(self):
user_logged_in.disconnect(update_last_login)
setup_test_template_loader(
{'zinnia/entry_detail.html': '',
'zinnia/login.html': '',
'zinnia/password.html': ''})
entry = self.create_published_entry()
entry.password = '******'
entry.login_required = True
entry.save()
with self.assertNumQueries(4):
response = self.client.get('/2010/01/01/my-test-entry/')
self.assertTemplateUsed(response, 'zinnia/login.html')
with self.assertNumQueries(9):
response = self.client.post('/2010/01/01/my-test-entry/',
{'username': '******',
'password': '******'})
self.assertEquals(response.status_code, 200)
self.assertTemplateUsed(response, 'zinnia/password.html')
self.assertEquals(response.context['error'], False)
with self.assertNumQueries(6):
response = self.client.post('/2010/01/01/my-test-entry/',
{'entry_password': '******'})
self.assertEquals(response.status_code, 200)
self.assertTemplateUsed(response, 'zinnia/entry_detail.html')
restore_template_loaders()
user_logged_in.connect(update_last_login)
def ready(self):
# Import all required stuff.
from . import serializers # noqa
from ..core.signals import post_permission_creation, permission_change
from ..utils.rest_api import router
from .projector import register_projector_slides
from .signals import create_builtin_groups_and_admin, get_permission_change_data
from .views import GroupViewSet, PersonalNoteViewSet, UserViewSet
# Define projector elements.
register_projector_slides()
# Connect signals.
post_permission_creation.connect(
create_builtin_groups_and_admin,
dispatch_uid="create_builtin_groups_and_admin",
)
permission_change.connect(
get_permission_change_data, dispatch_uid="users_get_permission_change_data"
)
# Disconnect the last_login signal
if not settings.ENABLE_LAST_LOGIN_FIELD:
user_logged_in.disconnect(dispatch_uid="update_last_login")
# Register viewsets.
router.register(self.get_model("User").get_collection_string(), UserViewSet)
router.register(self.get_model("Group").get_collection_string(), GroupViewSet)
router.register(
self.get_model("PersonalNote").get_collection_string(), PersonalNoteViewSet
)
def ready(self):
# Import all required stuff.
from . import serializers # noqa
from ..core.signals import post_permission_creation, permission_change
from ..utils.rest_api import router
from .projector import register_projector_slides
from .signals import create_builtin_groups_and_admin, get_permission_change_data
from .views import GroupViewSet, PersonalNoteViewSet, UserViewSet
# Define projector elements.
register_projector_slides()
# Connect signals.
post_permission_creation.connect(
create_builtin_groups_and_admin,
dispatch_uid="create_builtin_groups_and_admin",
)
permission_change.connect(
get_permission_change_data,
dispatch_uid="users_get_permission_change_data")
# Disconnect the last_login signal
if not settings.ENABLE_LAST_LOGIN_FIELD:
user_logged_in.disconnect(dispatch_uid="update_last_login")
# Register viewsets.
router.register(
self.get_model("User").get_collection_string(), UserViewSet)
router.register(
self.get_model("Group").get_collection_string(), GroupViewSet)
router.register(
self.get_model("PersonalNote").get_collection_string(),
PersonalNoteViewSet)
def disconnect(self):
if self.started:
user_logged_in.disconnect(self.logged_in)
user_logged_out.disconnect(self.logged_out)
user_login_failed.disconnect(self.login_failed)
self.started = False
return self
def test_zinnia_entry_detail_login_password(self):
user_logged_in.disconnect(update_last_login)
setup_test_template_loader({
'zinnia/entry_detail.html': '',
'zinnia/login.html': '',
'zinnia/password.html': ''
})
entry = self.create_published_entry()
entry.password = '******'
entry.login_required = True
entry.save()
with self.assertNumQueries(4):
response = self.client.get('/2010/01/01/my-test-entry/')
self.assertTemplateUsed(response, 'zinnia/login.html')
with self.assertNumQueries(9):
response = self.client.post('/2010/01/01/my-test-entry/', {
'username': '******',
'password': '******'
})
self.assertEquals(response.status_code, 200)
self.assertTemplateUsed(response, 'zinnia/password.html')
self.assertEquals(response.context['error'], False)
with self.assertNumQueries(6):
response = self.client.post('/2010/01/01/my-test-entry/',
{'entry_password': '******'})
self.assertEquals(response.status_code, 200)
self.assertTemplateUsed(response, 'zinnia/entry_detail.html')
restore_template_loaders()
user_logged_in.connect(update_last_login)
def disconnect(self):
if self.started:
user_logged_in.disconnect(self.logged_in, weak=False, dispatch_uid="dsl-logged-in")
user_logged_out.disconnect(self.logged_out, weak=False, dispatch_uid="dsl-logged-out")
user_login_failed.disconnect(self.login_failed, weak=False, dispatch_uid="dsl-logged-failed")
self.started = False
return self
def test_zinnia_entry_detail_login_password(self):
user_logged_in.disconnect(update_last_login)
entry = self.create_published_entry()
entry.password = '******'
entry.login_required = True
entry.save()
with self.assertNumQueries(1):
response = self.client.get(entry.get_absolute_url())
self.assertTemplateUsed(response, 'zinnia/login.html')
with self.assertNumQueries(3):
response = self.client.post(entry.get_absolute_url(), {
'username': '******',
'password': '******'
})
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, 'zinnia/password.html')
self.assertEqual(response.context['error'], False)
with self.assertNumQueries(2):
response = self.client.post(entry.get_absolute_url(),
{'entry_password': '******'})
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(
response,
'zinnia/archives/2010/01/01/my-test-entry_entry_detail.html')
user_logged_in.connect(update_last_login)
def login(request):
if request.user.is_authenticated():
# TODO - logout
return redirect('index')
code = request.GET.get('code')
token = request.GET.get('token')
if not code and not token:
return _fb_redirect(request)
if code:
resp = requests.get(
FB_TOKEN_URL,
params={
'client_id': settings.FB_APP_ID,
'redirect_uri': request.build_absolute_uri(),
'client_secret': settings.FB_APP_SECRET,
'code': code,
}
)
if resp.status_code != 200:
return _fb_redirect(request)
token = resp.json()['access_token']
user = authenticate(token=token)
if user is not None:
user_logged_in.disconnect(update_last_login)
auth_login(request, user)
return redirect('index')
def ready(self):
# Import all required stuff.
from ..core.config import config
from ..core.signals import post_permission_creation, permission_change
from ..utils.rest_api import router
from .config_variables import get_config_variables
from .projector import get_projector_elements
from .signals import create_builtin_groups_and_admin, get_permission_change_data
from .views import GroupViewSet, PersonalNoteViewSet, UserViewSet
# Define config variables and projector elements.
config.update_config_variables(get_config_variables())
register_projector_elements(get_projector_elements())
# Connect signals.
post_permission_creation.connect(
create_builtin_groups_and_admin,
dispatch_uid='create_builtin_groups_and_admin')
permission_change.connect(
get_permission_change_data,
dispatch_uid='users_get_permission_change_data')
# Disconnect the last_login signal
if not settings.ENABLE_LAST_LOGIN_FIELD:
user_logged_in.disconnect(dispatch_uid='update_last_login')
# Register viewsets.
router.register(self.get_model('User').get_collection_string(), UserViewSet)
router.register(self.get_model('Group').get_collection_string(), GroupViewSet)
router.register(self.get_model('PersonalNote').get_collection_string(), PersonalNoteViewSet)
def ready(self):
# Import all required stuff.
from ..core.config import config
from ..core.signals import post_permission_creation, permission_change
from ..utils.rest_api import router
from .config_variables import get_config_variables
from .projector import get_projector_elements
from .signals import create_builtin_groups_and_admin, get_permission_change_data
from .views import GroupViewSet, PersonalNoteViewSet, UserViewSet
# Define config variables and projector elements.
config.update_config_variables(get_config_variables())
register_projector_elements(get_projector_elements())
# Connect signals.
post_permission_creation.connect(
create_builtin_groups_and_admin,
dispatch_uid='create_builtin_groups_and_admin')
permission_change.connect(
get_permission_change_data,
dispatch_uid='users_get_permission_change_data')
# Disconnect the last_login signal
if not settings.ENABLE_LAST_LOGIN_FIELD:
user_logged_in.disconnect(dispatch_uid='update_last_login')
# Register viewsets.
router.register(
self.get_model('User').get_collection_string(), UserViewSet)
router.register(
self.get_model('Group').get_collection_string(), GroupViewSet)
router.register(
self.get_model('PersonalNote').get_collection_string(),
PersonalNoteViewSet)
def post(self, request):
logger = logging.getLogger('netbox.auth.login')
form = LoginForm(request, data=request.POST)
if form.is_valid():
logger.debug("Login form validation was successful")
# Determine where to direct user after successful login
redirect_to = request.POST.get('next')
if redirect_to and not is_safe_url(url=redirect_to, allowed_hosts=request.get_host()):
logger.warning(f"Ignoring unsafe 'next' URL passed to login form: {redirect_to}")
redirect_to = reverse('home')
# If maintenance mode is enabled, assume the database is read-only, and disable updating the user's
# last_login time upon authentication.
if settings.MAINTENANCE_MODE:
logger.warning("Maintenance mode enabled: disabling update of most recent login time")
user_logged_in.disconnect(update_last_login, dispatch_uid='update_last_login')
# Authenticate user
auth_login(request, form.get_user())
logger.info(f"User {request.user} successfully authenticated")
messages.info(request, "Logged in as {}.".format(request.user))
logger.debug(f"Redirecting user to {redirect_to}")
return HttpResponseRedirect(redirect_to)
else:
logger.debug("Login form validation failed")
return render(request, self.template_name, {
'form': form,
})
def test_zinnia_entry_detail_login_password(self):
user_logged_in.disconnect(update_last_login)
self.inhibit_templates('zinnia/entry_detail.html',
'zinnia/login.html',
'zinnia/password.html')
entry = self.create_published_entry()
entry.password = '******'
entry.login_required = True
entry.save()
with self.assertNumQueries(1):
response = self.client.get(entry.get_absolute_url())
self.assertTemplateUsed(response, 'zinnia/login.html')
with self.assertNumQueries(12):
response = self.client.post(entry.get_absolute_url(),
{'username': '******',
'password': '******'})
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, 'zinnia/password.html')
self.assertEqual(response.context['error'], False)
with self.assertNumQueries(7):
response = self.client.post(entry.get_absolute_url(),
{'entry_password': '******'})
self.assertEqual(response.status_code, 200)
self.assertTemplateUsed(response, 'zinnia/entry_detail.html')
user_logged_in.connect(update_last_login)
def post(self, request):
logger = logging.getLogger('netbox.auth.login')
form = LoginForm(request, data=request.POST)
if form.is_valid():
logger.debug("Login form validation was successful")
# If maintenance mode is enabled, assume the database is read-only, and disable updating the user's
# last_login time upon authentication.
if settings.MAINTENANCE_MODE:
logger.warning(
"Maintenance mode enabled: disabling update of most recent login time"
)
user_logged_in.disconnect(update_last_login,
dispatch_uid='update_last_login')
# Authenticate user
auth_login(request, form.get_user())
logger.info(f"User {request.user} successfully authenticated")
messages.info(request, "Logged in as {}.".format(request.user))
return self.redirect_to_next(request, logger)
else:
logger.debug("Login form validation failed")
return render(request, self.template_name, {
'form': form,
})
def post(self, request):
form = LoginForm(request, data=request.POST)
if form.is_valid():
# Determine where to direct user after successful login
redirect_to = request.POST.get('next', '')
if not is_safe_url(url=redirect_to,
allowed_hosts=request.get_host()):
redirect_to = reverse('home')
# If maintenance mode is enabled, assume the database is read-only, and disable updating the user's
# last_login time upon authentication.
if settings.MAINTENANCE_MODE:
user_logged_in.disconnect(update_last_login,
dispatch_uid='update_last_login')
# Authenticate user
auth_login(request, form.get_user())
messages.info(request, "Logged in as {}.".format(request.user))
return HttpResponseRedirect(redirect_to)
return render(request, self.template_name, {
'form': form,
})
def authenticate(self, username=None, password=None):
user_logged_in.disconnect(update_last_login)
try:
user = User.objects.get(username=username, is_active=True)
if user.check_password(password):
return user
return None
except User.DoesNotExist:
return None
def ready(self):
from django.contrib.auth.models import update_last_login as django_update_last_login
user_logged_in.disconnect(django_update_last_login)
from .signals.receivers import update_last_login
user_logged_in.connect(update_last_login)
from django.contrib.auth.models import User
from .signals.receivers import on_user_updated
pre_save.connect(on_user_updated, sender=User)
def ready(self):
from django.contrib.auth.models import update_last_login
# disconnect the buildin function "update_last_login", because we have our own and don't
# want to send a post save message, which causes a
user_logged_in.disconnect(update_last_login,
dispatch_uid='update_last_login')
# connect the receivers
# https://docs.djangoproject.com/en/1.8/topics/signals/
# noinspection PyUnresolvedReferences
from . import signals
def test_login_without_signal(self):
"""Login shouldn't send signal if user wasn't logged in"""
def listener(*args, **kwargs):
listener.executed = True
listener.executed = False
user_logged_in.connect(listener)
self.client.login(username='******', password='******')
user_logged_in.disconnect(listener)
self.assertFalse(listener.executed)
def test_last_seen(self):
self.editor.last_seen = None
self.editor.save()
self.client.cookies.clear()
# login sends dud request without REQUEST dict
user_logged_in.disconnect(views.set_session_expiry)
self.client.login(username="******", password="******")
user_logged_in.connect(views.set_session_expiry)
self.client.get("/")
last_seen = Member.objects.get(pk=self.editor.pk).last_seen
self.assertTrue(last_seen)
self.client.get("/")
self.assertEqual(Member.objects.get(pk=self.editor.pk).last_seen, last_seen)
def setup_user_model(UserModel):
for attr, val in dict(
USERNAME_FIELD = 'name',
REQUIRED_FIELDS = [],
is_active = True,
get_full_name = lambda self: self.name,
get_short_name = lambda self: self.name,
is_authenticated = lambda self: True,
).items():
setattr(UserModel, attr, val)
from django.contrib.auth.signals import user_logged_in
from django.contrib.auth.models import update_last_login
user_logged_in.disconnect(update_last_login)
def authenticate(self, username=None, password=None):
if not all([username, password]):
return None
result = rpc.staff.auth_staff_member(
identifier=username,
password=password
)
if result['success']:
user_logged_in.disconnect(update_last_login)
return Staff(result['data'])
return None
def login_user(request, hijacked):
''' hijack mechanism '''
hijacker = request.user
hijack_history = [request.user._meta.pk.value_to_string(hijacker)]
if request.session.get('hijack_history'):
hijack_history = request.session['hijack_history'] + hijack_history
check_hijack_authorization(request, hijacked)
backend = get_used_backend(request)
hijacked.backend = "%s.%s" % (backend.__module__,
backend.__class__.__name__)
# Prevent update of hijacked user last_login
signal_was_connected = user_logged_in.disconnect(update_last_login)
# Actually log user in
login(request, hijacked)
# Restore signal if needed
if signal_was_connected:
user_logged_in.connect(update_last_login)
post_superuser_login.send(sender=None,
user_id=hijacked.pk) # Send legacy signal
hijack_started.send(sender=None,
hijacker_id=hijacker.pk,
hijacked_id=hijacked.pk,
request=request) # Send official, documented signal
request.session['hijack_history'] = hijack_history
request.session['is_hijacked_user'] = True
request.session['display_hijack_warning'] = True
request.session.modified = True
return redirect_to_next(
request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
def no_update_last_login():
"""
Disconnect any signals to update_last_login() for the scope of the context
manager, then restore.
"""
kw = {'receiver': update_last_login}
kw_id = {'receiver': update_last_login, 'dispatch_uid': 'update_last_login'}
was_connected = user_logged_in.disconnect(**kw)
was_connected_id = not was_connected and user_logged_in.disconnect(**kw_id)
yield
# Restore signal if needed
if was_connected:
user_logged_in.connect(**kw)
elif was_connected_id:
user_logged_in.connect(**kw_id)
def login_user(request, hijacked):
''' hijack mechanism '''
hijacker = request.user
hijack_history = [request.user._meta.pk.value_to_string(hijacker)]
if request.session.get('hijack_history'):
hijack_history = request.session['hijack_history'] + hijack_history
check_hijack_authorization(request, hijacked)
backend = get_used_backend(request)
hijacked.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
# Prevent update of hijacked user last_login
signal_was_connected = user_logged_in.disconnect(update_last_login)
# Actually log user in
login(request, hijacked)
# Restore signal if needed
if signal_was_connected:
user_logged_in.connect(update_last_login)
post_superuser_login.send(sender=None, user_id=hijacked.pk) # Send legacy signal
hijack_started.send(sender=None, hijacker_id=hijacker.pk, hijacked_id=hijacked.pk, request=request) # Send official, documented signal
request.session['hijack_history'] = hijack_history
request.session['is_hijacked_user'] = True
request.session['display_hijack_warning'] = True
request.session.modified = True
return redirect_to_next(request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
def no_update_last_login():
"""Disconnect any signals to ``update_last_login`` and reconnect them on exit."""
kw = {"receiver": update_last_login}
kw_id = {
"receiver": update_last_login,
"dispatch_uid": "update_last_login"
}
was_connected = user_logged_in.disconnect(**kw)
was_connected_id = not was_connected and user_logged_in.disconnect(**kw_id)
yield
# Restore signal if needed
if was_connected:
user_logged_in.connect(**kw)
elif was_connected_id:
user_logged_in.connect(**kw_id)
def Login(request):
"""
Description: Производит аутентификацию пользователя с помощью полученных в запросе данных(email,пароль), после аутентификации регистрирует новую сессию пользователя.
Args: request - запрос от клиента с методом POST содержащий в себе Email и Password.
"""
try:
data = json.loads(request.body)
user = authenticate(username=data['Email'], password=data['Password'])
except:
return HttpResponse('Bad request', status=400)
if not user == None:
user_logged_in.disconnect(update_last_login,
dispatch_uid='update_last_login')
login(request, user)
return HttpResponse("Login")
else:
return HttpResponse("Login failed", status=401)
def super_login(request, form_class=SuperLoginForm, extra_context=None):
if request.method == "POST":
form = form_class(data=request.POST)
if form.is_valid():
if form.cleaned_data["recruiter"]:
user = User.objects.get(username=form.cleaned_data["recruiter"])
else:
user = CampusOrg.objects.get(name=form.cleaned_data["campus_org"]).user
user.backend = s.AUTHENTICATION_BACKENDS[0]
user_logged_in.disconnect(update_last_login)
auth_login(request, user)
return redirect(reverse("home"))
else:
form = form_class()
context = {"form": form}
context.update(extra_context or {})
return context
def ready(self):
from django.contrib.auth.models import update_last_login as django_update_last_login
user_logged_in.disconnect(django_update_last_login)
from .signals.receivers import update_last_login
user_logged_in.connect(update_last_login)
from django.contrib.auth.models import User
from .signals.receivers import on_user_updated
pre_save.connect(on_user_updated, sender=User)
# The django-simple-history model on CourseEnrollment creates performance
# problems in testing, we mock it here so that the mock impacts all tests.
if os.environ.get('DISABLE_COURSEENROLLMENT_HISTORY', False):
import student.models as student_models
from mock import MagicMock
student_models.CourseEnrollment.history = MagicMock()
def ready(self):
from django.contrib.auth.models import update_last_login as django_update_last_login
user_logged_in.disconnect(django_update_last_login)
from .signals.receivers import update_last_login
user_logged_in.connect(update_last_login)
from django.contrib.auth.models import User
from .signals.receivers import on_user_updated
pre_save.connect(on_user_updated, sender=User)
rate_limit_override = settings.EDRAAK_STUDENTCONFIG_OVERRIDE_RATE_LIMIT_VALUE
if rate_limit_override:
if settings.FEATURES.get('EDRAAK_RATELIMIT_APP'):
raise ValueError('Cannot activate (EDRAAK_RATELIMIT_APP) and override default limit at the same time!')
from ratelimitbackend.backends import RateLimitMixin
RateLimitMixin.requests = rate_limit_override
RateLimitMixin.ratelimit_rate = '{rate_limit_override}/m'.format(rate_limit_override=rate_limit_override)
def ready(self):
from django.contrib.auth.models import update_last_login
from django.contrib.auth.signals import user_logged_in, user_logged_out
from watson import search as watson_search
from inboxen import checks, search, signals
Inbox = self.get_model("Inbox")
Email = self.get_model("Email")
Request = self.get_model("Request")
# Unregister update_last_login handler
user_logged_in.disconnect(update_last_login)
# Search
watson_search.register(Email, search.EmailSearchAdapter)
watson_search.register(Inbox, search.InboxSearchAdapter)
user_logged_out.connect(signals.logout_message)
def super_login(request, form_class=SuperLoginForm, extra_context=None):
if request.method == "POST":
form = form_class(data=request.POST)
if form.is_valid():
if form.cleaned_data["recruiter"]:
user = User.objects.get(
username=form.cleaned_data['recruiter'])
else:
user = CampusOrg.objects.get(
name=form.cleaned_data['campus_org']).user
user.backend = s.AUTHENTICATION_BACKENDS[0]
user_logged_in.disconnect(update_last_login)
auth_login(request, user)
return redirect(reverse("home"))
else:
form = form_class()
context = {'form': form}
context.update(extra_context or {})
return context
def ready(self):
from django.contrib.auth.models import update_last_login
from django.contrib.auth.signals import user_logged_in, user_logged_out
from watson import search as watson_search
from inboxen import checks # noqa
from inboxen import signals
from inboxen.search import watson as search
Inbox = self.get_model("Inbox")
Email = self.get_model("Email")
# Unregister update_last_login handler
user_logged_in.disconnect(update_last_login)
# Search
watson_search.register(Email, search.EmailSearchAdapter)
watson_search.register(Inbox, search.InboxSearchAdapter)
user_logged_out.connect(signals.logout_message)
def ready(self):
from django.contrib.auth.models import update_last_login
from django.contrib.auth.signals import user_logged_in, user_logged_out
from watson import search as watson_search
from inboxen import checks, search, signals
Inbox = self.get_model("Inbox")
Email = self.get_model("Email")
Request = self.get_model("Request")
# Unregister update_last_login handler
user_logged_in.disconnect(update_last_login)
# Search
watson_search.register(Email, search.EmailSearchAdapter)
watson_search.register(Inbox, search.InboxSearchAdapter)
pre_save.connect(signals.decided_checker, sender=Request, dispatch_uid="request_decided_checker")
user_logged_out.connect(signals.logout_message)
def login_as(user, request, store_original_user=True):
"""
Utility function for forcing a login as specific user -- be careful about
calling this carelessly :)
"""
# Save the original user pk before it is replaced in the login method
original_user_pk = request.user.pk
# Find a suitable backend.
if not hasattr(user, 'backend'):
for backend in django_settings.AUTHENTICATION_BACKENDS:
if not hasattr(load_backend(backend), 'get_user'):
continue
if user == load_backend(backend).get_user(user.pk):
user.backend = backend
break
else:
raise ImproperlyConfigured('Could not found an appropriate authentication backend')
# Add admin audit log entry
change_message = 'User {0} logged in as {1}.'.format(request.user, user)
LogEntry.objects.log_action(
user_id=original_user_pk,
content_type_id=ContentType.objects.get_for_model(user).pk,
object_id=user.pk,
object_repr=str(user),
change_message=change_message,
action_flag=CHANGE
)
# Log the user in.
if hasattr(user, 'backend'):
signal_was_connected = False
if not la_settings.UPDATE_LAST_LOGIN:
# Prevent update of user last_login
signal_was_connected = user_logged_in.disconnect(update_last_login)
try:
# Actually log user in
login(request, user)
finally:
# Restore signal if needed
if signal_was_connected:
user_logged_in.connect(update_last_login)
else:
return
# Set a flag on the session
if store_original_user:
messages.warning(request, la_settings.MESSAGE_LOGIN_SWITCH.format(username=user.__dict__[username_field]),
extra_tags=la_settings.MESSAGE_EXTRA_TAGS)
request.session[la_settings.USER_SESSION_FLAG] = signer.sign(original_user_pk)
def php_login(request):
from django.contrib.auth.views import logout
auth = request.POST.get('auth', '')
customer_id = request.POST.get('customer_id', '')
admin_id = request.POST.get('admin_id', '')
if auth == hashlib.md5(
'%s-%s' %
(settings.WEB_API_AUTH_KEY, datetime.datetime.now().strftime("%Y%m%d"))
).hexdigest() and admin_id and customer_id:
logout(request)
obj = Customer.objects.get(id=customer_id)
user = authenticate(username=obj.username,
password='',
t_password=obj.password)
request.session['is_admin'] = True
request.session['admin_id'] = admin_id
user_logged_in.disconnect(update_last_login)
auth_login(request, user)
return HttpResponseRedirect(reverse('home'))
raise Http404
def login_user(request, emulated_user):
logged_in_user = request.user
emulated_user.backend = settings.AUTHENTICATION_BACKENDS[0]
# we don't want login to trigger update of last login date
user_logged_in.disconnect(update_last_login)
# Actually log user in
login(request, emulated_user)
# turn back on login signal to update last login
user_logged_in.connect(update_last_login)
emulation_started.send(sender=None,
logged_in_user_id=logged_in_user.pk,
emulated_user_id=emulated_user.pk,
request=request) # Send official, documented signal
request.session['logged_in_user'] = logged_in_user.pk
request.session['is_emulating'] = True
request.session.modified = True
return redirect_to_next(request)
def sub_account_login(request):
from django.contrib.auth.models import update_last_login
from django.contrib.auth.views import logout, auth_login
from django.contrib.auth import authenticate
from django.contrib.auth.signals import user_logged_in
parent_user_id = request.user.id
client_ip = get_client_ip(request)
agent = request.META.get('HTTP_USER_AGENT', None)
ip_search = IpSearch()
ip_info = ip_search.Find(client_ip)
area, title = split_ip_to_area_title(ip_info)
customer_id = request.POST.get('subloging_customer_id', '')
auth = request.POST.get('subloging_auth', '')
obj = get_customer_child_obj(request, customer_id)
if auth == hashlib.md5(
'%s-%s' %
(settings.WEB_API_AUTH_KEY,
datetime.datetime.now().strftime("%Y%m%d"))).hexdigest():
logout(request)
CoreLog.objects.create(
user_id=parent_user_id,
user_type='users',
target_id=customer_id,
target_name=u'{0} - {0}'.format(obj.username),
action='user_login',
ip=client_ip,
desc=u'登录IP:{}<br>登录地区:{}<br>浏览器信息:{}'.format(
client_ip, title, agent),
)
user = authenticate(username=obj.username,
password='',
t_password=obj.password)
user_logged_in.disconnect(update_last_login)
auth_login(request, user)
user_logged_in.connect(update_last_login)
return HttpResponseRedirect(reverse('home'))
raise Http404
def test_zinnia_entry_detail_login_password(self):
user_logged_in.disconnect(update_last_login)
setup_test_template_loader(
{"zinnia/entry_detail.html": "", "zinnia/login.html": "", "zinnia/password.html": ""}
)
entry = self.create_published_entry()
entry.password = "******"
entry.login_required = True
entry.save()
with self.assertNumQueries(4):
response = self.client.get("/2010/01/01/my-test-entry/")
self.assertTemplateUsed(response, "zinnia/login.html")
with self.assertNumQueries(9):
response = self.client.post("/2010/01/01/my-test-entry/", {"username": "******", "password": "******"})
self.assertEquals(response.status_code, 200)
self.assertTemplateUsed(response, "zinnia/password.html")
self.assertEquals(response.context["error"], False)
with self.assertNumQueries(6):
response = self.client.post("/2010/01/01/my-test-entry/", {"entry_password": "******"})
self.assertEquals(response.status_code, 200)
self.assertTemplateUsed(response, "zinnia/entry_detail.html")
restore_template_loaders()
user_logged_in.connect(update_last_login)
def post(self, request):
form = LoginForm(request, data=request.POST)
if form.is_valid():
# Determine where to direct user after successful login
redirect_to = request.POST.get('next', '')
if not is_safe_url(url=redirect_to, allowed_hosts=request.get_host()):
redirect_to = reverse('home')
# If maintenance mode is enabled, assume the database is read-only, and disable updating the user's
# last_login time upon authentication.
if settings.MAINTENANCE_MODE:
user_logged_in.disconnect(update_last_login, dispatch_uid='update_last_login')
# Authenticate user
auth_login(request, form.get_user())
messages.info(request, "Logged in as {}.".format(request.user))
return HttpResponseRedirect(redirect_to)
return render(request, self.template_name, {
'form': form,
})
def login_as(user, request, store_original_user=True):
"""
Utility function for forcing a login as specific user -- be careful about
calling this carelessly :)
"""
# Logout from other las modules. Reason: if we don't, and the user has already opened a module
# once the new user is logged in, the module won't switch to the new user since the previous session
# is still open and valid (so it won't even go to the lasauthserver to check if the current user is logged in)
#home.views.logoutFromLASModules(request)
# Save the original user pk before it is replaced in the login method
original_user_pk = request.user.pk
if store_original_user == False:
logout(request)
# Find a suitable backend.
if not hasattr(user, 'backend'):
for backend in django_settings.AUTHENTICATION_BACKENDS:
if user == load_backend(backend).get_user(user.pk):
user.backend = backend
break
# Log the user in.
if hasattr(user, 'backend'):
signal_was_connected = False
if not la_settings.UPDATE_LAST_LOGIN:
# Prevent update of user last_login
signal_was_connected = user_logged_in.disconnect(update_last_login)
try:
# Actually log user in
login(request, user)
finally:
# Restore signal if needed
if signal_was_connected:
user_logged_in.connect(update_last_login)
else:
return
# Set a flag on the session
if store_original_user:
messages.warning(request, la_settings.MESSAGE_LOGIN_SWITCH.format(username=user.__dict__[username_field]),
extra_tags=la_settings.MESSAGE_EXTRA_TAGS)
request.session[la_settings.USER_SESSION_FLAG] = signer.sign(original_user_pk)
def login_as(user, request, store_original_user=True):
"""
Utility function for forcing a login as specific user -- be careful about
calling this carelessly :)
"""
# Save the original user pk before it is replaced in the login method
original_user_pk = request.user.pk
# Find a suitable backend.
if not hasattr(user, 'backend'):
for backend in django_settings.AUTHENTICATION_BACKENDS:
if user == load_backend(backend).get_user(user.pk):
user.backend = backend
break
# Log the user in.
if hasattr(user, 'backend'):
signal_was_connected = False
if not la_settings.UPDATE_LAST_LOGIN:
# Prevent update of user last_login
signal_was_connected = user_logged_in.disconnect(update_last_login)
try:
# Actually log user in
login(request, user)
finally:
# Restore signal if needed
if signal_was_connected:
user_logged_in.connect(update_last_login)
else:
return
# Set a flag on the session
if store_original_user:
messages.warning(request,
la_settings.MESSAGE_LOGIN_SWITCH.format(
username=user.__dict__[username_field]),
extra_tags=la_settings.MESSAGE_EXTRA_TAGS)
request.session[la_settings.USER_SESSION_FLAG] = signer.sign(
original_user_pk)
def ready(self):
from django.contrib.auth.signals import user_logged_in, user_logged_out
from watson import search as watson_search
from inboxen import checks # noqa
from inboxen import signals
from inboxen.search import watson as search
Inbox = self.get_model("Inbox")
Email = self.get_model("Email")
# Unregister update_last_login handler
assert user_logged_in.disconnect(
dispatch_uid='update_last_login'), "Last login not disconnected"
# Search
watson_search.register(Email, search.EmailSearchAdapter)
watson_search.register(Inbox, search.InboxSearchAdapter)
user_logged_out.connect(signals.logout_message,
dispatch_uid='inboxen_logout_message')
def login_as(user, request, store_original_user=True):
"""
Utility function for forcing a login as specific user -- be careful about
calling this carelessly :)
"""
# Save the original user pk before it is replaced in the login method
original_user_pk = request.user.pk
# Find a suitable backend.
if not hasattr(user, 'backend'):
for backend in django_settings.AUTHENTICATION_BACKENDS:
if user == load_backend(backend).get_user(user.pk):
user.backend = backend
break
# Log the user in.
if hasattr(user, 'backend'):
signal_was_connected = False
if not la_settings.UPDATE_LAST_LOGIN:
# Prevent update of user last_login
signal_was_connected = user_logged_in.disconnect(update_last_login)
try:
# Actually log user in
login(request, user)
finally:
# Restore signal if needed
if signal_was_connected:
user_logged_in.connect(update_last_login)
else:
return
# Set a flag on the session
if store_original_user:
messages.warning(request, la_settings.MESSAGE_LOGIN_SWITCH.format(username=user.__dict__[username_field]),
extra_tags=la_settings.MESSAGE_EXTRA_TAGS)
request.session[la_settings.USER_SESSION_FLAG] = signer.sign(original_user_pk)
def tearDown(self):
"""Disconnect the listeners"""
user_logged_in.disconnect(update_last_login)
)
if language and hasattr(request, 'session'):
request.session['django_language'] = language
def safe_update_last_login(sender, user, **kwargs):
"""
Identical to Django's built-in handler except that we gracefully
handle database failures.
tl;dr logging in should not fail when a db is read-only
"""
try:
update_last_login(sender, user, **kwargs)
except DatabaseError as exc:
logging.warn(six.text_type(exc), exc_info=True)
user_logged_in.disconnect(update_last_login)
user_logged_in.connect(
safe_update_last_login,
dispatch_uid="safe_update_last_login",
weak=False,
)
user_logged_in.connect(
set_language_on_logon,
dispatch_uid="set_language_on_logon",
weak=False
)
Copyright (c) 2018 InnoGames GmbH
"""
from importlib import import_module
from django.conf import settings
from django.conf.urls import include, url
from django.conf.urls.static import static
from django.contrib import admin
from django.contrib.auth.models import update_last_login
from django.contrib.auth.signals import user_logged_in
from django.contrib.auth.views import logout_then_login
from django.shortcuts import redirect
user_logged_in.disconnect(update_last_login)
admin.autodiscover()
urlpatterns = [
url(r'^$', lambda req: redirect('servershell_index'), name='home'),
url(r'^logout', logout_then_login, name='logout'),
url(r'^admin/', include(admin.site.urls)),
]
for app in settings.INSTALLED_APPS:
try:
module = import_module(app + '.urls')
except ImportError:
continue
from django.contrib import admin from django.contrib.auth import models as auth_models from django.contrib.auth.signals import user_logged_in import models import udf user_logged_in.disconnect(auth_models.update_last_login) admin.site.register(models.Instance) admin.site.register(models.FieldPermission) admin.site.register(models.Role) admin.site.register(models.BenefitCurrencyConversion) admin.site.register(models.Species) admin.site.register(models.Tree) admin.site.register(models.User) admin.site.register(models.StaticPage) admin.site.register(udf.UserDefinedFieldDefinition)
def ready(self):
user_logged_in.disconnect(dispatch_uid='update_last_login')
from django.contrib import admin from django.contrib.auth import models as auth_models from django.contrib.auth.signals import user_logged_in import models user_logged_in.disconnect(auth_models.update_last_login) admin.site.register(models.Instance) admin.site.register(models.Species) admin.site.register(models.Tree)
user.current_login_ip = request.META.get('REMOTE_ADDR', '0.0.0.0')
user.login_times += 1
user.scores += LOGIN_SCR
user.experience += LOGIN_EXP
user.wealth += LOGIN_WLT
user.save(update_fields=['current_login', 'current_login_ip', 'login_times', 'scores', 'experience', 'wealth'])
def update_pilot_last_login(sender, user, **kwargs):
"""
用户注销后将本次登录的时间和IP存入上次登录的时间和IP
"""
user.last_login = user.current_login
user.last_login_ip = user.current_login_ip
user.save(update_fields=['last_login', 'last_login_ip'])
user_logged_in.disconnect(update_last_login) # 去掉django.contrib.auth的默认登录更新操作
user_logged_in.connect(update_pilot_current_login)
user_logged_out.connect(update_pilot_last_login)
class Pilot(AbstractUser):
"""
在Django自带的用户类基础上略做扩展的克隆飞行员类,增加了上次、本次登录时间和IP的记录
"""
current_login = models.DateTimeField(u'本次登录时间', default=timezone.now)
current_login_ip = models.GenericIPAddressField(u'本次登录IP', default='0.0.0.0')
last_login_ip = models.GenericIPAddressField(u'上次登录IP', default='0.0.0.0')
login_times = models.PositiveIntegerField(u'登录次数', default=0)
topic_num = models.PositiveIntegerField(u'发布主题数', default=0)
post_num = models.PositiveIntegerField(u'发布帖子数', default=0)
scores = models.PositiveIntegerField(u'积分', default=0)
experience = models.PositiveIntegerField(u'经验', default=0)
def login(self, user):
user.backend = 'todo.backends.FacebookBackend'
user_logged_in.disconnect(update_last_login)
super(TestClient, self)._login(user)
return True
def tearDown(self):
"""Disconnect the listeners"""
user_logged_in.disconnect(update_last_login)
