def login_user(request, user):
''' hijack mechanism '''
hijack_history = [request.user._meta.pk.value_to_string(request.user)]
if request.session.get('hijack_history'):
hijack_history = request.session['hijack_history'] + hijack_history
check_hijack_authorization(request, user)
hijacker = request.user
hijacked = user
backend = get_used_backend(request)
user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
last_login = user.last_login # Save last_login to reset it after hijack login
login(request, user)
user.last_login = last_login
user.save()
post_superuser_login.send(sender=None, user_id=user.pk)
hijack_started.send(sender=None,
hijacker_id=hijacker.pk,
hijacked_id=hijacked.pk)
request.session['hijack_history'] = hijack_history
request.session['is_hijacked_user'] = True
request.session['display_hijack_warning'] = True
request.session.modified = True
return redirect_to_next(
request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
def login_user(request, hijacked):
"""Hijack user login."""
hijacker = request.user
hijack_history = [request.user._meta.pk.value_to_string(hijacker)]
if request.session.get("hijack_history"):
hijack_history = request.session["hijack_history"] + hijack_history
check_hijack_authorization(request, hijacked)
backend = get_used_backend(request)
hijacked.backend = "%s.%s" % (backend.__module__,
backend.__class__.__name__)
with no_update_last_login():
# Actually log user in
login(request, hijacked)
hijack_started.send(
sender=None,
request=request,
hijacker=hijacker,
hijacked=hijacked,
# send IDs for backward compatibility
hijacker_id=hijacker.pk,
hijacked_id=hijacked.pk,
)
request.session["hijack_history"] = hijack_history
request.session["is_hijacked_user"] = True
request.session["display_hijack_warning"] = True
request.session.modified = True
return redirect_to_next(
request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
def login_user(request, hijacked):
''' hijack mechanism '''
hijacker = request.user
hijack_history = [request.user._meta.pk.value_to_string(hijacker)]
if request.session.get('hijack_history'):
hijack_history = request.session['hijack_history'] + hijack_history
check_hijack_authorization(request, hijacked)
backend = get_used_backend(request)
hijacked.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
with no_update_last_login():
# Actually log user in
login(request, hijacked)
hijack_started.send(
sender=None, request=request,
hijacker=hijacker, hijacked=hijacked,
# send IDs for backward compatibility
hijacker_id=hijacker.pk, hijacked_id=hijacked.pk)
request.session['hijack_history'] = hijack_history
request.session['is_hijacked_user'] = True
request.session['display_hijack_warning'] = True
request.session.modified = True
return redirect_to_next(request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
def login_user(request, hijacked):
''' hijack mechanism '''
hijacker = request.user
hijack_history = [request.user._meta.pk.value_to_string(hijacker)]
if request.session.get('hijack_history'):
hijack_history = request.session['hijack_history'] + hijack_history
check_hijack_authorization(request, hijacked)
backend = get_used_backend(request)
hijacked.backend = "%s.%s" % (backend.__module__,
backend.__class__.__name__)
# Prevent update of hijacked user last_login
signal_was_connected = user_logged_in.disconnect(update_last_login)
# Actually log user in
login(request, hijacked)
# Restore signal if needed
if signal_was_connected:
user_logged_in.connect(update_last_login)
post_superuser_login.send(sender=None,
user_id=hijacked.pk) # Send legacy signal
hijack_started.send(sender=None,
hijacker_id=hijacker.pk,
hijacked_id=hijacked.pk,
request=request) # Send official, documented signal
request.session['hijack_history'] = hijack_history
request.session['is_hijacked_user'] = True
request.session['display_hijack_warning'] = True
request.session.modified = True
return redirect_to_next(
request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
def login_user(request, hijacked):
''' hijack mechanism '''
hijacker = request.user
hijack_history = [request.user._meta.pk.value_to_string(hijacker)]
if request.session.get('hijack_history'):
hijack_history = request.session['hijack_history'] + hijack_history
check_hijack_authorization(request, hijacked)
backend = get_used_backend(request)
hijacked.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
# Prevent update of hijacked user last_login
signal_was_connected = user_logged_in.disconnect(update_last_login)
# Actually log user in
login(request, hijacked)
# Restore signal if needed
if signal_was_connected:
user_logged_in.connect(update_last_login)
post_superuser_login.send(sender=None, user_id=hijacked.pk) # Send legacy signal
hijack_started.send(sender=None, hijacker_id=hijacker.pk, hijacked_id=hijacked.pk, request=request) # Send official, documented signal
request.session['hijack_history'] = hijack_history
request.session['is_hijacked_user'] = True
request.session['display_hijack_warning'] = True
request.session.modified = True
return redirect_to_next(request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
def login_user(request, hijacked):
''' hijack mechanism '''
hijacker = request.user
hijack_history = [request.user._meta.pk.value_to_string(hijacker)]
if request.session.get('hijack_history'):
hijack_history = request.session['hijack_history'] + hijack_history
check_hijack_authorization(request, hijacked)
backend = get_used_backend(request)
hijacked.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
with no_update_last_login():
# Actually log user in
login(request, hijacked)
hijack_started.send(sender=None, hijacker_id=hijacker.pk, hijacked_id=hijacked.pk, request=request) # Send official, documented signal
request.session['hijack_history'] = hijack_history
request.session['is_hijacked_user'] = True
request.session['display_hijack_warning'] = True
request.session.modified = True
return redirect_to_next(request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)
def login_user(request, user):
''' hijack mechanism '''
hijack_history = [request.user._meta.pk.value_to_string(request.user)]
if request.session.get('hijack_history'):
hijack_history = request.session['hijack_history'] + hijack_history
check_hijack_authorization(request, user)
hijacker = request.user
hijacked = user
backend = get_used_backend(request)
user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__)
last_login = user.last_login # Save last_login to reset it after hijack login
login(request, user)
user.last_login = last_login
user.save()
post_superuser_login.send(sender=None, user_id=user.pk)
hijack_started.send(sender=None, hijacker_id=hijacker.id, hijacked_id=hijacked.id)
request.session['hijack_history'] = hijack_history
request.session['is_hijacked_user'] = True
request.session['display_hijack_warning'] = True
request.session.modified = True
return redirect_to_next(request, default_url=hijack_settings.HIJACK_LOGIN_REDIRECT_URL)