def _sha_auth(request): """ login the user with username and sha values. """ form = ShaLoginForm(request.POST) if not form.is_valid(): debug_msg = "ShaLoginForm is not valid: %r" % form.errors return bad_request(APP_LABEL, "_sha_auth() error", debug_msg) try: challenge = request.session.pop("challenge") except KeyError, err: debug_msg = "Can't get 'challenge' from session: %s" % err return bad_request(APP_LABEL, "_sha_auth() error", debug_msg)
def _sha_auth(request): """ login the user with username and sha values. """ _NORMAL_ERROR_MSG = "_sha_auth() error" form = ShaLoginForm(request.POST) if not form.is_valid(): debug_msg = "ShaLoginForm is not valid: %s" % repr(form.errors) return bad_request(APP_LABEL, _NORMAL_ERROR_MSG, debug_msg) try: challenge = request.session.pop("challenge") except KeyError, err: debug_msg = "Can't get 'challenge' from session: %s" % err return bad_request(APP_LABEL, _NORMAL_ERROR_MSG, debug_msg)
def _sha_auth(request): """ login the user with username and sha values. """ response = _is_post_ajax_request(request) if response is not None: # It's not a Ajax POST request return response # Return HttpResponseBadRequest form = ShaLoginForm(request.POST) if not form.is_valid(): debug_msg = "ShaLoginForm is not valid: %r" % form.errors return bad_request(debug_msg) try: challenge = request.session.pop("challenge") except KeyError, err: debug_msg = "Can't get 'challenge' from session: %s" % err return bad_request(debug_msg)
def _login_view(request): """ For better JavaScript debugging: Enable settings.DEBUG and request the page via GET with: "...?auth=login" """ if DEBUG: print("auth debug mode is on!") if request.method != 'GET': debug_msg = "request method %r wrong, only GET allowed" % request.method return bad_request(APP_LABEL, "_login_view() error", debug_msg) # Return HttpResponseBadRequest next_url = request.GET.get("next_url", request.path) if "//" in next_url: # FIXME: How to validate this better? # Don't redirect to other pages. debug_msg = "next url %r seems to be wrong!" % next_url return bad_request(APP_LABEL, "_login_view() error", debug_msg) # Return HttpResponseBadRequest form = ShaLoginForm() # create a new challenge and add it to session challenge = _get_challenge(request) try: # url from django-authopenid, only available if the urls.py are included reset_link = urlresolvers.reverse("auth_password_reset") except urlresolvers.NoReverseMatch: try: # DjangoBB glue plugin adds the urls from django-authopenid reset_link = PluginPage.objects.reverse("djangobb_plugin", "auth_password_reset") except KeyError: # plugin is not installed reset_link = None except urlresolvers.NoReverseMatch: # plugin is installed, but not in used (no PluginPage created) reset_link = None loop_count = _get_loop_count() # get "loop_count" from AuthPreferencesForm context = { "challenge": challenge, "old_salt_len": crypt.OLD_SALT_LEN, "salt_len": crypt.SALT_LEN, "hash_len": crypt.HASH_LEN, "loop_count": loop_count, "get_salt_url": request.path + "?auth=get_salt", "sha_auth_url": request.path + "?auth=sha_auth", "next_url": next_url, "form": form, "pass_reset_link": reset_link, } # IMPORTANT: We must do the following, so that the # CsrfViewMiddleware.process_response() would set the CSRF_COOKIE # see also # https://github.com/jedie/PyLucid/issues/61 # XXX in Django => 1.4 we can use @ensure_csrf_cookie # https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#django.views.decorators.csrf.ensure_csrf_cookie request.META["CSRF_COOKIE_USED"] = True # return a string for replacing the normal cms page content if not request.is_ajax(): response = render_to_response('auth/sha_form_debug.html', context, context_instance=RequestContext(request)) else: response = ajax_response(request, 'auth/sha_form.html', context, context_instance=RequestContext(request)) return response