def login_view(request): detail = None user_is_blocked = False if request.method == "POST": username = request.POST['username'] password = request.POST['password'] login_unsuccessful = False if utils.is_already_locked(request, username=username): intentos_fallidos = config.FAILURE_LIMIT + 2 detail = _("Haz tratado de loguearte {intentos_fallidos} veces," " sin exito. Tu cuenta y dirección IP" " permanecerán bloqueadas por {cooloff_time_seconds} segundos." " Contacta al Administrador".format(intentos_fallidos=intentos_fallidos, cooloff_time_seconds=config.COOLOFF_TIME) ) user_is_blocked = True login_unsuccessful = True user = authenticate(username=username, password=password) form = AuthenticationForm(request, data=request.POST) if not form.is_valid(): login_unsuccessful = True utils.add_login_attempt_to_db(request, login_valid=not login_unsuccessful, username=username) user_not_blocked = utils.check_request(request, login_unsuccessful=login_unsuccessful, username=username) # TODO: Si es cliente webphone lo bloqueo if ClienteWebPhoneProfile.objects.filter(user__username=username).exists(): user_is_blocked = True detail = _("Este tipo de usuario no puede loguearse en este momento.") if user_not_blocked and not user_is_blocked and not login_unsuccessful: if form.is_valid(): login(request, user) user.set_session_key(request.session.session_key) if 'next' in request.GET: return redirect(request.GET.get('next')) if user.is_agente: return HttpResponseRedirect(reverse('consola_de_agente')) else: return HttpResponseRedirect(reverse('index')) else: if request.user.is_authenticated(): if 'next' in request.GET: return redirect(request.GET.get('next')) if request.user.is_agente: return HttpResponseRedirect(reverse('consola_de_agente')) else: return HttpResponseRedirect(reverse('index')) else: form = AuthenticationForm(request) context = { 'form': form, 'detail': detail, 'user_is_blocked': user_is_blocked, } template_name = 'registration/login.html' return TemplateResponse(request, template_name, context)
def authenticate(self, request, username=None, password=None, **kwargs): if username is None: username = kwargs.get(UserModel.USERNAME_FIELD) if utils.is_already_locked(request, username=username): detail = "You have attempted to login {failure_limit} times, with no success. Your account is locked " \ "for {cooloff_time_seconds} seconds".format(failure_limit=config.FAILURE_LIMIT + 1, cooloff_time_seconds=config.COOLOFF_TIME ) raise exceptions.AuthenticationFailed( {'non_field_errors': [_(detail)]}) user = None try: user = UserModel._default_manager.get_by_natural_key(username) except UserModel.DoesNotExist as e: # Run the default password hasher once to reduce the timing # difference between an existing and a nonexistent user (#20760). UserModel().set_password(password) can_login = user and user.check_password(password) if can_login: login_unsuccessful = False else: login_unsuccessful = True utils.add_login_attempt_to_db(request, login_valid=not login_unsuccessful, username=username) user_not_blocked = utils.check_request( request, login_unsuccessful=login_unsuccessful, username=username) if user_not_blocked and not login_unsuccessful and can_login: return user