Esempio n. 1
0
    def test_authentication_username_whitelist(self):
        policy = AuthenticationUsernameWhitelist(
            whitelist=['@example.com$', '^rudolph'])

        # This should be accepted:
        loginattempt = LoginAttempt(username='******')
        policy.pre_auth_check(loginattempt, 'secret')

        # Matches second regex:
        loginattempt = LoginAttempt(username='******')
        policy.pre_auth_check(loginattempt, 'secret')

        # And this fails:
        loginattempt.username = '******'
        self.assertRaises(ValidationError, policy.pre_auth_check, loginattempt,
                          'secret')
Esempio n. 2
0
    def test_authentication_username_whitelist(self):
        policy = AuthenticationUsernameWhitelist(
            whitelist = ['@example.com$', '^rudolph']
        )

        # This should be accepted:
        loginattempt = LoginAttempt(username='******')
        policy.pre_auth_check(loginattempt, 'secret')

        # Matches second regex:
        loginattempt = LoginAttempt(username='******')
        policy.pre_auth_check(loginattempt, 'secret')

        # And this fails:
        loginattempt.username = '******'
        self.assertRaises(
            ValidationError,
            policy.pre_auth_check,
            loginattempt,
            'secret'
        )
Esempio n. 3
0
    def clean(self):
        username = self.cleaned_data.get('username')
        password = self.cleaned_data.get('password')
        remote_addr = self.request.META['REMOTE_ADDR']

        logger.info('Authentication attempt, username=%s, address=%s',
                    username, remote_addr)

        if not username and not password:
            return self.cleaned_data

        attempt = LoginAttempt(
            username=username,
            source_address=remote_addr,
            hostname=self.request.get_host()[:100],
            successful=False,
            lockout=True)

        if not username:
            logger.warning(u'Authentication failure, address=%s, '
                           'no username supplied.',
                           remote_addr)
            attempt.save()
            return self.cleaned_data

        if not password:
            logger.warning(u'Authentication failure, username=%s, '
                           'address=%s, no password supplied.',
                           username, remote_addr)
            attempt.save()
            return self.cleaned_data

        if locked_username(username):
            logger.warning(u'Authentication failure, username=%s, address=%s, '
                           'username locked', username, remote_addr)
            attempt.save()
            raise forms.ValidationError(
                self.error_messages['username_locked_out'],
                'username_locked_out')

        if locked_remote_addr(remote_addr):
            logger.warning(u'Authentication failure, username=%s, address=%s, '
                           'address locked', username, remote_addr)
            attempt.save()
            raise forms.ValidationError(
                self.error_messages['address_locked_out'],
                'address_locked_out')

        disable_expired_users()
        self.user_cache = authenticate(username=username,
                                       password=password)
        if self.user_cache is None:
            logger.warning(u'Authentication failure, username=%s, '
                           'address=%s, invalid authentication.',
                           username, remote_addr)
            attempt.save()
            raise forms.ValidationError(
                self.error_messages['invalid_login'] % {
                    'username': self.username_field.verbose_name},
                code='invalid_login')

        if not self.user_cache.is_active:
            logger.warning(u'Authentication failure, username=%s, '
                            'address=%s, user inactive.',
                            username, remote_addr)
            attempt.save()
            raise forms.ValidationError(
                self.error_messages['inactive'],
                code='inactive')

        # Authentication was successful
        logger.info(u'Authentication success, username=%s, address=%s',
                    username, remote_addr)
        attempt.successful = True
        attempt.lockout = False
        attempt.user = self.user_cache
        attempt.save()

        # Reset lockout counts for IP address and username
        LoginAttempt.objects.filter(username=username,
                                    lockout=True).update(lockout=False)
        LoginAttempt.objects.filter(source_address=remote_addr,
                                    lockout=True).update(lockout=False)

        return self.cleaned_data
Esempio n. 4
0
    def clean(self):
        username = self.cleaned_data.get('username')
        password = self.cleaned_data.get('password')
        remote_addr = self.request.META['REMOTE_ADDR']

        logger.info('Authentication attempt, username=%s, address=%s',
                    username, remote_addr)

        if not username and not password:
            return self.cleaned_data

        attempt = LoginAttempt(username=username,
                               source_address=remote_addr,
                               hostname=self.request.get_host()[:100],
                               successful=False,
                               lockout=True)

        if not username:
            logger.warning(
                u'Authentication failure, address=%s, '
                'no username supplied.', remote_addr)
            attempt.save()
            return self.cleaned_data

        if not password:
            logger.warning(
                u'Authentication failure, username=%s, '
                'address=%s, no password supplied.', username, remote_addr)
            attempt.save()
            return self.cleaned_data

        if locked_username(username):
            logger.warning(
                u'Authentication failure, username=%s, address=%s, '
                'username locked', username, remote_addr)
            attempt.save()
            raise forms.ValidationError(
                self.error_messages['username_locked_out'],
                'username_locked_out')

        if locked_remote_addr(remote_addr):
            logger.warning(
                u'Authentication failure, username=%s, address=%s, '
                'address locked', username, remote_addr)
            attempt.save()
            raise forms.ValidationError(
                self.error_messages['address_locked_out'],
                'address_locked_out')

        disable_expired_users()
        self.user_cache = authenticate(username=username, password=password)
        if self.user_cache is None:
            logger.warning(
                u'Authentication failure, username=%s, '
                'address=%s, invalid authentication.', username, remote_addr)
            attempt.save()
            raise forms.ValidationError(
                self.error_messages['invalid_login'] %
                {'username': self.username_field.verbose_name},
                code='invalid_login')

        if not self.user_cache.is_active:
            logger.warning(
                u'Authentication failure, username=%s, '
                'address=%s, user inactive.', username, remote_addr)
            attempt.save()
            raise forms.ValidationError(self.error_messages['inactive'],
                                        code='inactive')

        # Authentication was successful
        logger.info(u'Authentication success, username=%s, address=%s',
                    username, remote_addr)
        attempt.successful = True
        attempt.lockout = False
        attempt.user = self.user_cache
        attempt.save()

        # Reset lockout counts for IP address and username
        LoginAttempt.objects.filter(username=username,
                                    lockout=True).update(lockout=False)
        LoginAttempt.objects.filter(source_address=remote_addr,
                                    lockout=True).update(lockout=False)

        return self.cleaned_data