def create_admin_user(request):
if request.method == 'GET':
try:
User.create_admin('admin', 'admin')
return HttpResponse("User created correctly", mimetype="text/plain")
except Exception, e:
logging.warning(e)
return HttpResponseServerError(e)
def login(request, return_url='/'):
'''
When it's first called (using GET) it creates a new FormToken in cache and redirects to login page
Once it's called again (using POST with an AJAX request) it validates the token, user and pass of the request.
'''
if request.method == 'GET':
request.session.pop('user', None)
return direct_to_template(request, 'login.html', {'token': tokens.get_form_token(request)})
elif request.method == 'POST':
try:
if not request.is_ajax():
request.session.delete()
return HttpResponseForbidden()
token = request.POST.get('token')
tokens.validate(request, token)
user_id = request.POST.get('user_id')[:20]
user = User.by_user_id(user_id) if user_id else None
if user:
passhash = request.POST.get('passhash')
if passhash and (sha(token + user.passhash).hexdigest() == passhash):
request.session['user'] = user
if user.has_role(Role.ADMIN) and (not return_url or return_url=='/'):
return_url = '/admin'
else :
return_url = return_url or '/'
return JsonResponse({'return_url': return_url})
else:
return JsonResponse({'error': ('passphrase', 'Clave incorrecta'),
'token': tokens.get_form_token(request),
})
else:
message = 'Usuario o password incorrectos. Por favor inténtelo de nuevo.'
return JsonResponse({'error': ('uid', message.decode('utf-8')),
'token': tokens.get_form_token(request),
})
except tokens.InvalidToken, t:
logging.warning(t)
return JsonResponse({'return_url': '/login%s' % return_url or ''})
except Exception, e:
logging.exception(e)
return HttpResponseServerError()
