def change_password(request, user, tmpl='change_password.html'):
if request.method == 'POST':
form = forms.ChangePasswordForm(request.POST)
if form.is_valid():
password_salt = db.get_password_salt(user['username'])
request._cmbarter_trx_cost += 2.0
if db.update_password(
user['trader_id'],
utils.calc_crypt_hash(password_salt +
form.cleaned_data['old_password']),
utils.calc_crypt_hash(password_salt +
form.cleaned_data['password'])):
return HttpResponseRedirect(
reverse(report_change_password_success,
args=[user['trader_id']]))
else:
form.wrong_password = True
else:
form = forms.ChangePasswordForm()
# Render everything adding CSRF protection.
c = {'settings': settings, 'user': user, 'form': form}
c.update(csrf(request))
return render_to_response(tmpl, c)
def change_username(request, user, tmpl='change_username.html'):
if request.method == 'POST':
form = forms.ChangeUsernameForm(request.POST)
if form.is_valid():
password_salt = db.get_password_salt(user['username'])
request._cmbarter_trx_cost += 4.0
error = db.update_username(
user['trader_id'],
utils.calc_crypt_hash(password_salt, form.cleaned_data['password']),
form.cleaned_data['username'])
if 2==error:
form.wrong_password = True
elif 1==error:
form.username_taken = True
else:
return HttpResponseRedirect(reverse(
report_change_username_success,
args=[user['trader_id']]))
else:
form = forms.ChangeUsernameForm()
# Render everything adding CSRF protection.
c = {'settings': settings, 'user' : user, 'form': form }
c.update(csrf(request))
return render_to_response(tmpl, c)
def login(request, tmpl='login.html'):
if request.method == 'POST':
form = forms.LoginForm(request.POST)
if form.is_valid():
username = form.cleaned_data['username']
password_salt = db.get_password_salt(username)
password_hash = utils.calc_crypt_hash(
password_salt, form.cleaned_data['password'])
authentication = db.login_trader(username, password_hash)
if (settings.CMBARTER_SHOW_CAPTCHA_ON_REPETITIVE_LOGIN_FAILURE
and authentication['needs_captcha']):
# Generate a cryptographic nonce and if authentication
# was not valid -- invert its bits. The calculation
# should take the same amount of time in both cases.
nonce1 = os.urandom(16)
a = bytearray(nonce1)
modifier = {True: 0, False: 0xff}[authentication['is_valid']]
for i in xrange(16):
a[i] ^= modifier
nonce2 = bytes(a)
# Challenge the user with a captcha.
request.session['auth'] = (b64encode(nonce1),
b64encode(cipher.encrypt(nonce2)),
authentication['trader_id'],
time.time(), username)
return HttpResponseRedirect(reverse(login_captcha))
elif authentication['is_valid']:
# Log the user in and redirect him to his start-page.
trader_id = request.session['trader_id'] = authentication[
'trader_id']
request.session['ts'] = time.time()
if settings.CMBARTER_MAINTAIN_IP_WHITELIST:
client_ip = get_client_ip(request)
if client_ip:
db.insert_whitelist_entry(trader_id, client_ip)
show = TRADER_ID_STRING.match(request.GET.get('show', u''))
if show:
return HttpResponseRedirect(
reverse('products-partner-pricelist',
args=[trader_id, int(show.group())]))
else:
return HttpResponseRedirect(
reverse('profiles-check-email', args=[trader_id]))
else:
form.incorrect_login = True
else:
prefill_username = request.GET.get('username', u'')
form = forms.LoginForm(initial={'username': prefill_username})
form.incorrect_login = bool(prefill_username)
# Render everything adding CSRF protection.
c = {'settings': settings, 'form': form}
c.update(csrf(request))
return render_to_response(tmpl, c)
def login(request, tmpl='xhtml-mp/login.html', method=None):
method = method or request.GET.get('method') or request.method
if method == 'POST':
form = cmbarter.users.forms.LoginForm(request.POST)
if form.is_valid():
username = form.cleaned_data['username']
password_salt = db.get_password_salt(username)
password_hash = utils.calc_crypt_hash(
password_salt + form.cleaned_data['password'])
authentication = db.login_trader(username, password_hash)
if (settings.CMBARTER_SHOW_CAPTCHA_ON_REPETITIVE_LOGIN_FAILURE
and authentication['needs_captcha']):
form.needs_captcha = True
elif authentication['is_valid']:
# Log the user in and redirect him to his start-page.
while 1:
secret = base64.urlsafe_b64encode(
os.urandom(15)).decode('ascii')
if db.replace_loginkey(
authentication['trader_id'],
hashlib.md5(secret.encode('ascii')).hexdigest()):
break
if settings.CMBARTER_MAINTAIN_IP_WHITELIST:
client_ip = get_client_ip(request)
if client_ip:
db.insert_whitelist_entry(authentication['trader_id'],
client_ip)
r = HttpResponseRedirect(
reverse(show_shopping_list, args=[secret]))
r.set_cookie(key='username',
value=base64.b16encode(
username.encode('utf-8')).decode('ascii'),
max_age=60 * 60 * 24 * 365 * 10)
return r
else:
form.incorrect_login = True
else:
try:
username = base64.b16decode(
request.COOKIES.get('username',
'').encode('ascii')).decode('utf-8')
except:
username = u''
form = cmbarter.users.forms.LoginForm(initial={'username': username})
# Render everything.
c = {'settings': settings, 'form': form}
return render(request, tmpl, c)
def login(request, tmpl='xhtml-mp/login.html', method=None):
method = method or request.GET.get('method') or request.method
if method == 'POST':
form = cmbarter.users.forms.LoginForm(request.POST)
if form.is_valid():
username = form.cleaned_data['username']
password_salt = db.get_password_salt(username)
password_hash = utils.calc_crypt_hash(password_salt + form.cleaned_data['password'])
authentication = db.login_trader(username, password_hash)
if (settings.CMBARTER_SHOW_CAPTCHA_ON_REPETITIVE_LOGIN_FAILURE and
authentication['needs_captcha']):
form.needs_captcha = True
elif authentication['is_valid']:
# Log the user in and redirect him to his start-page.
while 1:
secret = base64.urlsafe_b64encode(os.urandom(15)).decode('ascii')
if db.replace_loginkey(authentication['trader_id'],
hashlib.md5(secret.encode('ascii')).hexdigest()):
break
if settings.CMBARTER_MAINTAIN_IP_WHITELIST:
client_ip = get_client_ip(request)
if client_ip:
db.insert_whitelist_entry(authentication['trader_id'], client_ip)
r = HttpResponseRedirect(reverse(show_shopping_list, args=[secret]))
r.set_cookie(
key='username',
value=base64.b16encode(username.encode('utf-8')).decode('ascii'),
max_age=60*60*24*365*10)
return r
else:
form.incorrect_login = True
else:
try:
username = base64.b16decode(
request.COOKIES.get('username', '').encode('ascii') ).decode('utf-8')
except:
username = u''
form = cmbarter.users.forms.LoginForm(
initial={'username': username })
# Render everything.
c = {'settings': settings, 'form': form }
return render(request, tmpl, c)
def login(request, tmpl='login.html'):
if request.method == 'POST':
form = forms.LoginForm(request.POST)
if form.is_valid():
username = form.cleaned_data['username']
password_salt = db.get_password_salt(username)
password_hash = utils.calc_crypt_hash(
password_salt + form.cleaned_data['password'])
authentication = db.login_trader(username, password_hash)
if (settings.CMBARTER_SHOW_CAPTCHA_ON_REPETITIVE_LOGIN_FAILURE
and authentication['needs_captcha']):
# Challenge the user with a captcha.
request.session['auth_username'] = username
request.session['auth_is_valid'] = authentication['is_valid']
request.session['auth_trader_id'] = authentication['trader_id']
return HttpResponseRedirect(reverse(login_captcha))
elif authentication['is_valid']:
# Log the user in and redirect him to his start-page.
trader_id = request.session['trader_id'] = authentication[
'trader_id']
request.session[
'garbage'] = GARBAGE # we tell "real" sessions by the size
if settings.CMBARTER_MAINTAIN_IP_WHITELIST:
client_ip = get_client_ip(request)
if client_ip:
db.insert_whitelist_entry(trader_id, client_ip)
show = TRADER_ID_STRING.match(request.GET.get('show', u''))
if show:
return HttpResponseRedirect(
reverse('products-partner-pricelist',
args=[trader_id, int(show.group())]))
else:
return HttpResponseRedirect(
reverse('profiles-check-email', args=[trader_id]))
else:
form.incorrect_login = True
else:
prefill_username = request.GET.get('username', u'')
form = forms.LoginForm(initial={'username': prefill_username})
form.incorrect_login = bool(prefill_username)
# Render everything adding CSRF protection.
c = {'settings': settings, 'form': form}
c.update(csrf(request))
return render_to_response(tmpl, c)
def login(request, tmpl='login.html'):
if request.method == 'POST':
form = forms.LoginForm(request.POST)
if form.is_valid():
username = form.cleaned_data['username']
password_salt = db.get_password_salt(username)
password_hash = utils.calc_crypt_hash(password_salt + form.cleaned_data['password'])
authentication = db.login_trader(username, password_hash)
if (settings.CMBARTER_SHOW_CAPTCHA_ON_REPETITIVE_LOGIN_FAILURE and
authentication['needs_captcha']):
# Challenge the user with a captcha.
request.session['auth_username'] = username
request.session['auth_is_valid'] = authentication['is_valid']
request.session['auth_trader_id'] = authentication['trader_id']
return HttpResponseRedirect(reverse(login_captcha))
elif authentication['is_valid']:
# Log the user in and redirect him to his start-page.
trader_id = request.session['trader_id'] = authentication['trader_id']
request.session['garbage'] = GARBAGE # we tell "real" sessions by the size
if settings.CMBARTER_MAINTAIN_IP_WHITELIST:
client_ip = get_client_ip(request)
if client_ip:
db.insert_whitelist_entry(trader_id, client_ip)
show = TRADER_ID_STRING.match(request.GET.get('show', u''))
if show:
return HttpResponseRedirect(reverse(
'products-partner-pricelist', args=[trader_id, int(show.group())]))
else:
return HttpResponseRedirect(reverse(
'profiles-check-email', args=[trader_id]))
else:
form.incorrect_login = True
else:
prefill_username = request.GET.get('username', u'')
form = forms.LoginForm(initial={'username': prefill_username })
form.incorrect_login = bool(prefill_username)
# Render everything adding CSRF protection.
c = {'settings': settings, 'form': form }
c.update(csrf(request))
return render_to_response(tmpl, c)
def signup(request, tmpl='signup.html'):
captcha_error = None
if request.method == 'POST':
if settings.CMBARTER_SHOW_CAPTCHA_ON_SIGNUP:
captcha_response = captcha.submit(
request.POST.get('recaptcha_challenge_field'),
request.POST.get('recaptcha_response_field'),
settings.CMBARTER_RECAPTCHA_PIVATE_KEY,
request.META['REMOTE_ADDR'])
captcha_error = captcha_response.error_code
captcha_passed = captcha_response.is_valid
else:
captcha_passed = True
form = forms.SignupForm(request.POST)
if captcha_passed and form.is_valid():
username = form.cleaned_data['username']
password_salt = utils.generate_password_salt(
settings.CMBARTER_PASSWORD_HASHING_METHOD)
password_hash = utils.calc_crypt_hash(
password_salt, form.cleaned_data['password'])
if settings.CMBARTER_REGISTRATION_SECRET:
registration_key = keygen.Keygen(
settings.CMBARTER_REGISTRATION_SECRET).validate(
form.cleaned_data['registration_key'])
else:
registration_key = None
while 1:
# Generate a new trader ID and try to register it.
trader_id = utils.vh_compute(random.randrange(1, 100000000))
error = db.insert_trader(trader_id, username, get_language(),
password_hash, password_salt,
registration_key)
if 3 == error:
# The registration key is invalid.
form.invalid_regkey = True
break
elif 2 == error:
# The username is taken.
form.username_taken = True
break
elif 1 == error:
# Probably the ID is taken -- keep trying.
continue
else:
# Successfunl registration -- log the user in, add
# the IP to the whitelist, and redirect the user
# to copmlete his profile.
request.session['trader_id'] = trader_id
request.session['ts'] = time.time()
if settings.CMBARTER_MAINTAIN_IP_WHITELIST:
client_ip = get_client_ip(request)
if client_ip:
db.insert_whitelist_entry(trader_id, client_ip)
return HttpResponseRedirect(
reverse(create_profile, args=[trader_id]))
else:
form = forms.SignupForm()
# Render everything adding CSRF protection.
c = {'settings': settings, 'form': form, 'captcha_error': captcha_error}
c.update(csrf(request))
return render_to_response(tmpl, c)
def signup(request, tmpl='signup.html'):
captcha_error = None
if request.method == 'POST':
if settings.CMBARTER_SHOW_CAPTCHA_ON_SIGNUP:
captcha_response = captcha.submit(
request.POST.get('recaptcha_challenge_field'),
request.POST.get('recaptcha_response_field'),
settings.RECAPTCHA_PIVATE_KEY,
request.META['REMOTE_ADDR'])
captcha_error = captcha_response.error_code
captcha_passed = captcha_response.is_valid
else:
captcha_passed = True
form = forms.SignupForm(request.POST)
if captcha_passed and form.is_valid():
username = form.cleaned_data['username']
password_salt = utils.generate_password_salt()
password_hash = utils.calc_crypt_hash(password_salt + form.cleaned_data['password'])
if settings.CMBARTER_REGISTRATION_KEY_IS_REQUIRED:
registration_key = keygen.Keygen(
settings.SECRET_KEY, settings.CMBARTER_REGISTRATION_KEY_PREFIX
).validate(form.cleaned_data['registration_key'])
else:
registration_key = None
while 1:
# Generate a new trader ID and try to register it.
trader_id = utils.vh_compute(random.randrange(1, 100000000))
error = db.insert_trader(trader_id, username, get_language(), password_hash,
password_salt, registration_key)
if 3==error:
# The registration key is invalid.
form.invalid_regkey = True
break
elif 2==error:
# The username is taken.
form.username_taken = True
break
elif 1==error:
# Probably the ID is taken -- keep trying.
continue
else:
# Successfunl registration -- log the user in, add
# the IP to the whitelist, and redirect the user
# to copmlete his profile.
request.session['trader_id'] = trader_id
if settings.CMBARTER_MAINTAIN_IP_WHITELIST:
client_ip = get_client_ip(request)
if client_ip:
db.insert_whitelist_entry(trader_id, client_ip)
return HttpResponseRedirect(reverse(
create_profile, args=[trader_id]))
else:
form = forms.SignupForm()
# Render everything adding CSRF protection.
c = {'settings': settings, 'form': form, 'captcha_error': captcha_error }
c.update(csrf(request))
return render_to_response(tmpl, c)
