def process_request(self, request): # AuthenticationMiddleware is required so that request.user exists. if not hasattr(request, "user"): raise ImproperlyConfigured( "The Django remote user auth middleware requires the" " authentication middleware to be installed. Edit your" " MIDDLEWARE_CLASSES setting to insert" " 'django.contrib.auth.middleware.AuthenticationMiddleware'" " before the RemoteUserMiddleware class." ) # To support logout. If this variable is True, do not # authenticate user and return now. if request.session.get(LOGOUT_SESSION_KEY) == True: return else: # Delete the shib reauth session key if present. request.session.pop(LOGOUT_SESSION_KEY, None) # Locate the remote user header. # import pprint; pprint.pprint(request.META) try: username = request.META[SHIB_USER_HEADER] except KeyError: # If specified header doesn't exist then return (leaving # request.user set to AnonymousUser by the # AuthenticationMiddleware). return # If the user is already authenticated and that user is the user we are # getting passed in the headers, then the correct user is already # persisted in the session and we don't need to continue. if request.user.is_authenticated(): if request.user.username == username: if request.user.is_staff: update_sudo_mode_ts(request) return # Make sure we have all required Shiboleth elements before proceeding. shib_meta, error = self.parse_attributes(request) # Add parsed attributes to the session. request.session["shib"] = shib_meta if error: raise ShibbolethValidationError("All required Shibboleth elements" " not found. %s" % shib_meta) # We are seeing this user for the first time in this session, attempt # to authenticate the user. user = auth.authenticate(remote_user=username, shib_meta=shib_meta) if user: # User is valid. Set request.user and persist user in the session # by logging the user in. request.user = user auth.login(request, user) user.set_unusable_password() user.save() # call make profile. self.make_profile(user, shib_meta) # setup session. self.setup_session(request) request.shib_login = True
def process_request(self, request): protected_paths = [item.strip().strip('/') for item in self.protected_paths] if request.path.strip('/') not in protected_paths: return # AuthenticationMiddleware is required so that request.user exists. if not hasattr(request, 'user'): raise ImproperlyConfigured( "The Django remote user auth middleware requires the" " authentication middleware to be installed. Edit your" " MIDDLEWARE setting to insert" " 'django.contrib.auth.middleware.AuthenticationMiddleware'" " before the RemoteUserMiddleware class.") try: username = request.META[self.header] except KeyError: if settings.DEBUG: assert False # If specified header doesn't exist then remove any existing # authenticated remote-user, or return (leaving request.user set to # AnonymousUser by the AuthenticationMiddleware). if self.force_logout_if_no_header and request.user.is_authenticated( ): self._remove_invalid_user(request) return if self.remote_user_domain: username = username.split('@')[0] + '@' + self.remote_user_domain # If the user is already authenticated and that user is the user we are # getting passed in the headers, then the correct user is already # persisted in the session and we don't need to continue. if request.user.is_authenticated(): if request.user.get_username() == self.clean_username( username, request): if request.user.is_staff: update_sudo_mode_ts(request) # add a mark to generate api token and set cookie request.remote_user_authentication = True return else: # An authenticated user is associated with the request, but # it does not match the authorized user in the header. self._remove_invalid_user(request) # We are seeing this user for the first time in this session, attempt # to authenticate the user. user = auth.authenticate(request=request, remote_user=username) if user: # User is valid. Set request.user and persist user in the session # by logging the user in. request.user = user auth.login(request, user) # add a mark to generate api token and set cookie request.remote_user_authentication = True
def register(self, request, **kwargs): """ Given a username, email address and password, register a new user account, which will initially be inactive. Along with the new ``User`` object, a new ``registration.models.RegistrationProfile`` will be created, tied to that ``User``, containing the activation key which will be used for this account. An email will be sent to the supplied email address; this email should contain an activation link. The email will be rendered using two templates. See the documentation for ``RegistrationProfile.send_activation_email()`` for information about these templates and the contexts provided to them. After the ``User`` and ``RegistrationProfile`` are created and the activation email is sent, the signal ``registration.signals.user_registered`` will be sent, with the new ``User`` as the keyword argument ``user`` and the class of this backend as the sender. """ email, password = kwargs['email'], kwargs['password1'] username = email if Site._meta.installed: site = Site.objects.get_current() else: site = RequestSite(request) from registration.models import RegistrationProfile if settings.ACTIVATE_AFTER_REGISTRATION == True: # since user will be activated after registration, # so we will not use email sending, just create acitvated user new_user = RegistrationProfile.objects.create_active_user(username, email, password, site, send_email=False) # login the user new_user.backend=settings.AUTHENTICATION_BACKENDS[0] login(request, new_user) else: # create inactive user, user can be activated by admin, or through activated email new_user = RegistrationProfile.objects.create_inactive_user(username, email, password, site, send_email=settings.REGISTRATION_SEND_MAIL) userid = kwargs['userid'] if userid: ccnet_threaded_rpc.add_binding(new_user.username, userid) signals.user_registered.send(sender=self.__class__, user=new_user, request=request) return new_user
def done(self, form_list, **kwargs): """ Login the user and redirect to the desired page. """ login(self.request, self.get_user()) redirect_to = self.request.GET.get(self.redirect_field_name, '') if not is_safe_url(url=redirect_to, host=self.request.get_host()): redirect_to = str(settings.LOGIN_REDIRECT_URL) device = getattr(self.get_user(), 'otp_device', None) if device: signals.user_verified.send(sender=__name__, request=self.request, user=self.get_user(), device=device) return redirect(redirect_to)
def activate(self, request, activation_key): """ Given an an activation key, look up and activate the user account corresponding to that key (if possible). After successful activation, the signal ``registration.signals.user_activated`` will be sent, with the newly activated ``User`` as the keyword argument ``user`` and the class of this backend as the sender. """ from registration.models import RegistrationProfile activated = RegistrationProfile.objects.activate_user(activation_key) if activated: signals.user_activated.send(sender=self.__class__, user=activated, request=request) # login the user activated.backend = settings.AUTHENTICATION_BACKENDS[0] login(request, activated) return activated
def oauth_callback(request): """ Step 3: Retrieving an access token. The user has been redirected back from the provider to your registered callback URL. With this redirection comes an authorization code included in the redirect URL. We will use that to obtain an access token. """ session = OAuth2Session(client_id=CLIENT_ID, scope=SCOPE, state=request.session.get('oauth_state', None), redirect_uri=REDIRECT_URL) try: token = session.fetch_token( TOKEN_URL, client_secret=CLIENT_SECRET, authorization_response=request.get_full_path()) if session._client.__dict__['token'].has_key('user_id'): # used for sjtu.edu.cn # https://xjq12311.gitbooks.io/sjtu-engtc/content/ user_id = session._client.__dict__['token']['user_id'] user_info_resp = session.get(USER_INFO_URL + '?user_id=%s' % user_id) else: user_info_url = USER_INFO_URL if ACCESS_TOKEN_IN_URI: code = request.GET.get('code') user_info_url = USER_INFO_URL + '?access_token=%s&code=%s' % ( token['access_token'], code) user_info_resp = session.get(user_info_url) except Exception as e: logger.error(e) return render_error(request, _('Error, please contact administrator.')) def format_user_info(user_info_resp): logger.info('user info resp: %s' % user_info_resp.text) error = False user_info = {} user_info_json = user_info_resp.json() for item, attr in ATTRIBUTE_MAP.items(): required, user_attr = attr value = user_info_json.get(item, '') if value: # ccnet email if user_attr == 'email': user_info[user_attr] = value if is_valid_email(str(value)) else \ '%s@%s' % (str(value), PROVIDER_DOMAIN) else: user_info[user_attr] = value elif required: error = True return user_info, error user_info, error = format_user_info(user_info_resp) if error: logger.error('Required user info not found.') logger.error(user_info) return render_error(request, _('Error, please contact administrator.')) # seahub authenticate user email = user_info['email'] try: user = auth.authenticate(remote_user=email) except User.DoesNotExist: user = None if not user or not user.is_active: logger.error('User %s not found or inactive.' % email) # a page for authenticate user failed return render_error(request, _(u'User %s not found.') % email) # User is valid. Set request.user and persist user in the session # by logging the user in. request.user = user auth.login(request, user) # update user's profile name = user_info['name'] if user_info.has_key('name') else '' contact_email = user_info['contact_email'] if \ user_info.has_key('contact_email') else '' profile = Profile.objects.get_profile_by_user(email) if not profile: profile = Profile(user=email) if name: profile.nickname = name.strip() profile.save() if contact_email: profile.contact_email = contact_email.strip() profile.save() # generate auth token for Seafile client api_token = get_api_token(request) # redirect user to home page response = HttpResponseRedirect(request.session['oauth_redirect']) response.set_cookie('seahub_auth', email + '@' + api_token.key) return response
def register(self, request, **kwargs): """ Given a username, email address and password, register a new user account, which will initially be inactive. Along with the new ``User`` object, a new ``registration.models.RegistrationProfile`` will be created, tied to that ``User``, containing the activation key which will be used for this account. An email will be sent to the supplied email address; this email should contain an activation link. The email will be rendered using two templates. See the documentation for ``RegistrationProfile.send_activation_email()`` for information about these templates and the contexts provided to them. After the ``User`` and ``RegistrationProfile`` are created and the activation email is sent, the signal ``registration.signals.user_registered`` will be sent, with the new ``User`` as the keyword argument ``user`` and the class of this backend as the sender. """ email, password = kwargs['email'], kwargs['password1'] username = email if Site._meta.installed: site = Site.objects.get_current() else: site = RequestSite(request) from registration.models import RegistrationProfile if settings.ACTIVATE_AFTER_REGISTRATION == True: # since user will be activated after registration, # so we will not use email sending, just create acitvated user new_user = RegistrationProfile.objects.create_active_user(username, email, password, site, send_email=False) # login the user new_user.backend=settings.AUTHENTICATION_BACKENDS[0] login(request, new_user) else: # create inactive user, user can be activated by admin, or through activated email new_user = RegistrationProfile.objects.create_inactive_user(username, email, password, site, send_email=settings.REGISTRATION_SEND_MAIL) # userid = kwargs['userid'] # if userid: # ccnet_threaded_rpc.add_binding(new_user.username, userid) if settings.REQUIRE_DETAIL_ON_REGISTRATION: name = kwargs['name'] department = kwargs['department'] telephone = kwargs['telephone'] note = kwargs['note'] Profile.objects.add_or_update(new_user.username, name, note) DetailedProfile.objects.add_detailed_profile(new_user.username, department, telephone) signals.user_registered.send(sender=self.__class__, user=new_user, request=request) return new_user
def dingtalk_callback(request): if not ENABLE_DINGTALK: return render_error(request, _('Error, please contact administrator.')) state = request.GET.get('state', '') if not state or state != request.session.get('dingtalk_login_state', ''): logger.error('invalid state') return render_error(request, _('Error, please contact administrator.')) timestamp = str(int(time.time()*1000)).encode('utf-8') appsecret = DINGTALK_QR_CONNECT_APP_SECRET.encode('utf-8') signature = base64.b64encode(hmac.new(appsecret, timestamp, digestmod=sha256).digest()) parameters = { 'accessKey': DINGTALK_QR_CONNECT_APP_ID, 'timestamp': timestamp, 'signature': signature, } code = request.GET.get('code') data = {"tmp_auth_code": code} full_user_info_url = DINGTALK_QR_CONNECT_USER_INFO_URL + '?' + urllib.parse.urlencode(parameters) user_info_resp = requests.post(full_user_info_url, data=json.dumps(data)) user_info = user_info_resp.json()['user_info'] # seahub authenticate user if 'unionid' not in user_info: logger.error('Required user info not found.') logger.error(user_info) return render_error(request, _('Error, please contact administrator.')) auth_user = SocialAuthUser.objects.get_by_provider_and_uid('dingtalk', user_info['unionid']) if auth_user: email = auth_user.username else: email = gen_user_virtual_id() SocialAuthUser.objects.add(email, 'dingtalk', user_info['unionid']) try: user = auth.authenticate(remote_user=email) except User.DoesNotExist: user = None except Exception as e: logger.error(e) return render_error(request, _('Error, please contact administrator.')) if not user or not user.is_active: return render_error(request, _('User %s not found or inactive.') % email) # User is valid. Set request.user and persist user in the session # by logging the user in. request.user = user request.session['remember_me'] = DINGTALK_QR_CONNECT_LOGIN_REMEMBER_ME auth.login(request, user) # update user's profile name = user_info['nick'] if 'nick' in user_info else '' if name: profile = Profile.objects.get_profile_by_user(email) if not profile: profile = Profile(user=email) profile.nickname = name.strip() profile.save() # generate auth token for Seafile client api_token = get_api_token(request) # redirect user to home page response = HttpResponseRedirect(request.session['dingtalk_login_redirect']) response.set_cookie('seahub_auth', email + '@' + api_token.key) return response
def work_weixin_oauth_callback(request): if not work_weixin_oauth_check(): return render_error(request, _('Feature is not enabled.')) code = request.GET.get('code', None) state = request.GET.get('state', None) if state != request.session.get('work_weixin_oauth_state', None) or not code: logger.error( 'can not get right code or state from work weixin request') return render_error(request, _('Error, please contact administrator.')) access_token = get_work_weixin_access_token() if not access_token: logger.error('can not get work weixin access_token') return render_error(request, _('Error, please contact administrator.')) data = { 'access_token': access_token, 'code': code, } api_response = requests.get(WORK_WEIXIN_GET_USER_INFO_URL, params=data) api_response_dic = handler_work_weixin_api_response(api_response) if not api_response_dic: logger.error('can not get work weixin user info') return render_error(request, _('Error, please contact administrator.')) if not api_response_dic.get('UserId', None): logger.error('can not get UserId in work weixin user info response') return render_error(request, _('Error, please contact administrator.')) user_id = api_response_dic.get('UserId') uid = WORK_WEIXIN_UID_PREFIX + user_id work_weixin_user = SocialAuthUser.objects.get_by_provider_and_uid( WORK_WEIXIN_PROVIDER, uid) if work_weixin_user: email = work_weixin_user.username is_new_user = False else: email = gen_user_virtual_id() is_new_user = True try: user = auth.authenticate(remote_user=email) except User.DoesNotExist: user = None except Exception as e: logger.error(e) return render_error(request, _('Error, please contact administrator.')) if not user: return render_error( request, _('Error, new user registration is not allowed, please contact administrator.' )) if is_new_user: SocialAuthUser.objects.add(email, WORK_WEIXIN_PROVIDER, uid) # update user info if is_new_user or WORK_WEIXIN_USER_INFO_AUTO_UPDATE: user_info_data = { 'access_token': access_token, 'userid': user_id, } user_info_api_response = requests.get(WORK_WEIXIN_GET_USER_PROFILE_URL, params=user_info_data) user_info_api_response_dic = handler_work_weixin_api_response( user_info_api_response) if user_info_api_response_dic: api_user = user_info_api_response_dic api_user['username'] = email api_user['contact_email'] = api_user['email'] update_work_weixin_user_info(api_user) if not user.is_active: return render_error( request, _('Your account is created successfully, please wait for administrator to activate your account.' )) # User is valid. Set request.user and persist user in the session # by logging the user in. request.user = user request.session['remember_me'] = REMEMBER_ME auth.login(request, user) # generate auth token for Seafile client api_token = get_api_token(request) # redirect user to page response = HttpResponseRedirect( request.session.get('work_weixin_oauth_redirect', '/')) response.set_cookie('seahub_auth', user.username + '@' + api_token.key) return response
def process_request(self, request): # AuthenticationMiddleware is required so that request.user exists. if not hasattr(request, 'user'): raise ImproperlyConfigured( "The Django remote user auth middleware requires the" " authentication middleware to be installed. Edit your" " MIDDLEWARE_CLASSES setting to insert" " 'django.contrib.auth.middleware.AuthenticationMiddleware'" " before the RemoteUserMiddleware class.") #To support logout. If this variable is True, do not #authenticate user and return now. if request.session.get(LOGOUT_SESSION_KEY) is True: return else: #Delete the shib reauth session key if present. request.session.pop(LOGOUT_SESSION_KEY, None) #Locate the remote user header. # import pprint; pprint.pprint(request.META) try: username = request.META[SHIB_USER_HEADER] except KeyError: # If specified header doesn't exist then return (leaving # request.user set to AnonymousUser by the # AuthenticationMiddleware). return # If the user is already authenticated and that user is the user we are # getting passed in the headers, then the correct user is already # persisted in the session and we don't need to continue. if request.user.is_authenticated(): if request.user.username == username: if request.user.is_staff: update_sudo_mode_ts(request) return # Make sure we have all required Shiboleth elements before proceeding. shib_meta, error = self.parse_attributes(request) # Add parsed attributes to the session. request.session['shib'] = shib_meta if error: raise ShibbolethValidationError("All required Shibboleth elements" " not found. %s" % shib_meta) # We are seeing this user for the first time in this session, attempt # to authenticate the user. user = auth.authenticate(remote_user=username, shib_meta=shib_meta) if user: if not user.is_active: return HttpResponseRedirect(reverse('shib_complete')) # User is valid. Set request.user and persist user in the session # by logging the user in. request.user = user auth.login(request, user) user.set_unusable_password() user.save() # call make profile. self.make_profile(user, shib_meta) user_role = self.update_user_role(user, shib_meta) if user_role: self.update_user_quota(user, user_role) #setup session. self.setup_session(request) request.shib_login = True