def logout(request): """ log out the user and return to the home page """ _logout(request) messages.add_message(request, messages.INFO, _('Vous êtes désormais déconnecté.')) return redirect('home')
def logout(request): if not request.user.is_authenticated: messages.error(request, 'Not logged in!') return redirect('xasdb1:index') _logout(request) messages.success(request, 'Logged out!') return redirect('xasdb1:index')
def logout(request): """ This view logs the user out and redirects to index page. """ _logout(request) messages.success(request, "You have logged out succesfully!") return redirect('task_manager:index')
def logout(request): from django.contrib.auth import logout as _logout # for login I've added wrapper below - called login if "search_state" in request.session: request.session["search_state"].set_logged_out() request.session.modified = True _logout(request)
def activation(request, action_key): """ Activates user based on activation key Activate user - set is_active to true """ try: # активация или восстановление пароля action = ActionRecord.objects.get(action_key=action_key) if action.action_type == 'R': action_type = 'reset_password' else: action_type = 'activate' user = authenticate(activation_key=action_key, action=action_type) if not user: # action key does not exist or expired return HttpResponseForbidden(u'Запись о регистрации не найдена или просрочена. \ Чтобы получить код активации регистрации заново, пройдите по <a href="%s">ссылке</a>.' % reverse('resend_activation_code')) except ActionRecord.DoesNotExist: return HttpResponseForbidden(u'Запись о регистрации не найдена или просрочена. \ Чтобы получить код активации регистрации заново, пройдите по <a href="%s">ссылке</a>.' % reverse('resend_activation_code')) _login(request, user) # перелинковка в зависимости от активации или восстановления пароля if action.action_type == 'R': messages.success(request, u'Новый пароль был выслан на Вашу почту') _logout(request) return HttpResponseRedirect('/') else: return HttpResponseRedirect('/')
def logout(request): """ Log user out and return the homepage :param request: :return: """ _logout(request) return redirect("home_page")
def logout(request): if request.user.is_authenticated: _logout(request) return HttpResponseRedirect("/") else: pass return HttpResponseRedirect("/")
def logout(request): from django.contrib.auth import logout as _logout#for login I've added wrapper below - called login if 'search_state' in request.session: request.session['search_state'].set_logged_out() request.session.modified = True _logout(request) if settings.USE_EXTERNAL_LEGACY_LOGIN == True: EXTERNAL_LOGIN_APP.api.logout(request)
def logout(request): """ :param request: :return: """ _logout(request) return api_response(1, "用户已注销", '')
def logout(self, request): """ログアウト API """ _logout(request) serializer = self.get_serializer(data=request.data, context={'request': request}) serializer.is_valid(raise_exception=True) return Response(serializer.data, status=status.HTTP_200_OK)
def view_user(request, name_user): profile = request.user.get_profile() if not profile.user.is_superuser: raise Http404 _logout(request) user_obj_temp = User.objects.get(username=name_user) user_obj = authenticate(username=user_obj_temp.username, password=user_obj_temp.password) _login(request, user_obj) return HttpResponseRedirect(reverse('service_choice'))
def logout(request): """ The logout page """ try: remove_secondary_password(request) except Exception as error: logger.critical(error, extra=log_extra_data(request)) logger_mail.exception(error) finally: _logout(request) return redirect(login)
def logout(request): if request.user.__class__.__name__ is 'AnonymousUser': messages.error(request, msg.users_logout_error) messages.info(request, msg.users_logout_error_info) else: _logout(request) messages.success(request, msg.users_logout_success) messages.info(request, msg.users_logout_success_info) return HttpResponseRedirect(reverse("home"))
def logout(request): """ Destroys a user's session, logging them off :return: Redirect to index page """ _logout(request) return redirect('index')
def logout(request, db=None, ctx={}): """You have been logged out. Login to proceed. """ session_id = request.session.session_key _logout(request) request.session.logged_out = True ctx['app_messages'] = ['You have been logged out'] return _home(request, db, ctx)
def logout(request): """ Log user out and clear all sessions :param request: :return: """ _logout(request) next_url = request.GET.get("next") if next_url: return redirect(next_url) else: return redirect("home")
def delete_account(request): if request.method == 'POST': form = XASDBUserDeletionForm(request.user, request.POST) if form.is_valid(): user = request.user _logout(request) user.delete() messages.success(request, 'Your account has been removed') return redirect('xasdb1:index') else: messages.error(request, 'Please correct the errors below.') else: form = XASDBUserDeletionForm(request.user) return render(request, 'xasdb1/delete_account.html', {'form': form})
def logout(request, template='registration/logout.html'): """ user logout use `next` GET param to override REGISTRATION['LOGOUT_REDIRECT'] """ next = request.GET.get('next', '') LOGOUT_REDIRECT = settings.REGISTRATION['LOGOUT_REDIRECT'] context = { 'section': 'registration_logout', } _logout(request) # redirect the user # ignore if registration_logout was requested if LOGOUT_REDIRECT != 'registration_logout': if next: return HttpResponseRedirect(next) else: return HttpResponseRedirect(reverse(settings.REGISTRATION['LOGOUT_REDIRECT'])) return render(request, template, context)
def editpassword(request): if request.method == 'POST': # password password = request.POST['pwd'] # check present password if not request.user.check_password(password): messages.error(request, msg.users_change_pwd_error) messages.info(request, msg.users_pwd_not_correct) return HttpResponseRedirect(reverse("users:editpwd")) # check if new password is equal to new password confirmation new_password = request.POST['confirm_new_pwd'] new_password_confirmation = request.POST['confirm_new_pwd'] if new_password != new_password_confirmation: messages.error(request, msg.users_change_pwd_error) messages.info(request, msg.users_confirm_pwd_error) return HttpResponseRedirect(reverse("users:editpwd")) else: # check if new password is valid try: User.objects.validate_password(new_password) except ValidationError: messages.error(request, msg.users_change_pwd_error) messages.info(request, msg.users_invalid_pwd) return HttpResponseRedirect(reverse("users:editpwd")) # set new password request.user.set_password(new_password) request.user.save() _logout(request) messages.success(request, msg.users_change_pwd_success) messages.info(request, msg.users_change_pwd_success_info) return HttpResponseRedirect(reverse("users:login")) boardlist = Board.objects.all() return render(request, "users/editpwd.html", {'boardlist' : boardlist})
def editpassword(request): if request.method == 'POST': # password password = request.POST['pwd'] # check present password if not request.user.check_password(password): messages.error(request, msg.users_change_pwd_error) messages.info(request, msg.users_pwd_not_correct) return HttpResponseRedirect(reverse("users:editpwd")) # check if new password is equal to new password confirmation new_password = request.POST['confirm_new_pwd'] new_password_confirmation = request.POST['confirm_new_pwd'] if new_password != new_password_confirmation: messages.error(request, msg.users_change_pwd_error) messages.info(request, msg.users_confirm_pwd_error) return HttpResponseRedirect(reverse("users:editpwd")) else: # check if new password is valid try: User.objects.validate_password(new_password) except ValidationError: messages.error(request, msg.users_change_pwd_error) messages.info(request, msg.users_invalid_pwd) return HttpResponseRedirect(reverse("users:editpwd")) # set new password request.user.set_password(new_password) request.user.save() _logout(request) messages.success(request, msg.users_change_pwd_success) messages.info(request, msg.users_change_pwd_success_info) return HttpResponseRedirect(reverse("users:signin")) return render(request, "users/editpwd.html")
def logout(request): _logout(request) return redirect('index')
def logout(request): _logout(request) return redirect('home')
def logout(request): if request.method == 'POST': _logout(request) return redirect('home')
def logout(request): _logout(request) return redirect(Login)
def logout(request): if logged_in(request): _logout(request) return index(request, logoutFlag=True) else: return index(request)
def logout(request): #destroy session _logout(request) return JsonResponse({"tip":'ok'})
def logout(request) : _logout(request) return redirect(reverse('summary:login'))
def login(request): """ The login page """ user = None oreq = request.session.get('openid_request', None) # this can be POST or GET, and can be null or empty next = request.REQUEST.get('next') or reverse(index) is_otp = False login_form = None login_form_class = OpenIDLoginForm if oreq else LoginForm strong_auth_req = 'strong_auth_requested' in request.session try: if request.method != 'POST': pass elif 'cancel' in request.POST: # note: this wipes request.session _logout(request) if oreq is not None: oresp = oreq.answer(False) return render_openid_response(request, oresp) elif 'otp_token' in request.POST: # if user's not authenticated, go back to square one if not request.user.is_authenticated(): raise OkupyError('OTP verification timed out') is_otp = True otp_form = OTPForm(request.POST) if otp_form.is_valid(): token = otp_form.cleaned_data['otp_token'] else: raise OkupyError('OTP verification failed') dev = django_otp.match_token(request.user, token) if not dev: raise OkupyError('OTP verification failed') django_otp.login(request, dev) else: login_form = login_form_class(request.POST) if login_form.is_valid(): username = login_form.cleaned_data['username'] password = login_form.cleaned_data['password'] else: raise OkupyError('Login failed') """ Perform authentication, if it retrieves a user object then it was successful. If it retrieves None then it failed to login """ try: user = authenticate(username=username, password=password) except Exception as error: logger.critical(error, extra=log_extra_data(request)) logger_mail.exception(error) raise OkupyError( "Can't contact the LDAP server or the database") if not user: raise OkupyError('Login failed') if oreq: request.session['auto_logout'] = ( login_form.cleaned_data['auto_logout']) except OkupyError as error: messages.error(request, str(error)) if user and user.is_active: _login(request, user) # prepare devices, and see if OTP is enabled init_otp(request) try: set_secondary_password(request=request, password=password) except Exception as error: logger.critical(error, extra=log_extra_data(request)) logger_mail.exception(error) raise OkupyError("Can't contact LDAP server") if (request.user.is_authenticated() and (not strong_auth_req or 'secondary_password' in request.session)): if request.user.is_verified(): return redirect(next) login_form = OTPForm() is_otp = True if login_form is None: login_form = login_form_class() if is_otp or strong_auth_req: ssl_auth_form = None ssl_auth_uri = None else: if 'encrypted_id' not in request.session: # .cache_key is a very good property since it ensures # that the cache is actually created, and works from first # request session_id = request.session.cache_key # since it always starts with the backend module name # and __init__() expects pure id, we can strip that assert(session_id.startswith('django.contrib.sessions.cache')) session_id = session_id[29:] request.session['encrypted_id'] = base64.b64encode( cipher.encrypt(session_id)) # TODO: it fails when: # 1. site is accessed via IP (auth.127.0.0.1), # 2. HTTP used on non-standard port (https://...:8000). ssl_auth_form = SSLCertLoginForm({ 'session_id': request.session['encrypted_id'], 'next': request.build_absolute_uri(next), 'login_uri': request.build_absolute_uri(request.get_full_path()), }) ssl_auth_host = 'auth.' + request.get_host() ssl_auth_path = reverse(ssl_auth) ssl_auth_uri = urljoin('https://' + ssl_auth_host, ssl_auth_path) return render(request, 'login.html', { 'login_form': login_form, 'openid_request': oreq, 'next': next, 'ssl_auth_uri': ssl_auth_uri, 'ssl_auth_form': ssl_auth_form, 'is_otp': is_otp, })
def login(request): """ The login page """ user = None oreq = request.session.get('openid_request', None) # this can be POST or GET, and can be null or empty next = request.REQUEST.get('next') or reverse(index) is_otp = False login_form = None strong_auth_req = 'strong_auth_requested' in request.session if oreq: login_form_class = OpenIDLoginForm elif ('strong_auth_requested' in request.session and request.user.is_authenticated()): login_form_class = StrongAuthForm else: login_form_class = LoginForm try: if request.method != 'POST': pass elif 'cancel' in request.POST: # note: this wipes request.session _logout(request) if oreq is not None: oresp = oreq.answer(False) return render_openid_response(request, oresp) elif 'otp_token' in request.POST: # if user's not authenticated, go back to square one if not request.user.is_authenticated(): raise OkupyError('OTP verification timed out') is_otp = True otp_form = OTPForm(request.POST) if otp_form.is_valid(): token = otp_form.cleaned_data['otp_token'] else: raise OkupyError('OTP verification failed') # prevent replay attacks and race conditions if not RevokedToken.add(token, request.user): raise OkupyError('OTP verification failed') dev = django_otp.match_token(request.user, token) if not dev: raise OkupyError('OTP verification failed') django_otp.login(request, dev) else: login_form = login_form_class(request.POST) if login_form.is_valid(): if login_form_class != StrongAuthForm: username = login_form.cleaned_data['username'] else: username = request.user.username password = login_form.cleaned_data['password'] else: raise OkupyError('Login failed') """ Perform authentication, if it retrieves a user object then it was successful. If it retrieves None then it failed to login """ try: user = authenticate( request=request, username=username, password=password) except Exception as error: logger.critical(error, extra=log_extra_data(request)) logger_mail.exception(error) raise OkupyError( "Can't contact the LDAP server or the database") if not user: raise OkupyError('Login failed') if oreq: request.session['auto_logout'] = ( login_form.cleaned_data['auto_logout']) except OkupyError as error: messages.error(request, str(error)) if user and user.is_active: _login(request, user) # prepare devices, and see if OTP is enabled init_otp(request) set_secondary_password(request=request, password=password) if request.user.is_authenticated(): if (strong_auth_req and not 'secondary_password' in request.session): if request.method != 'POST': messages.info(request, 'You need to type in your password' + ' again to perform this action') else: if request.user.is_verified(): return redirect(next) login_form = OTPForm() is_otp = True if login_form is None: login_form = login_form_class() if is_otp or strong_auth_req: ssl_auth_form = None ssl_auth_uri = None ssh_auth_command = None else: encrypted_id = sessionrefcipher.encrypt(request.session) # TODO: it fails when: # 1. site is accessed via IP (auth.127.0.0.1), # 2. HTTP used on non-standard port (https://...:8000). ssl_auth_form = SSLCertLoginForm({ 'session': encrypted_id, 'next': request.build_absolute_uri(next), 'login_uri': request.build_absolute_uri(request.get_full_path()), }) ssl_auth_host = 'auth.' + request.get_host() ssl_auth_path = reverse(ssl_auth) ssl_auth_uri = urljoin('https://' + ssl_auth_host, ssl_auth_path) if settings.SSH_BIND[1] == 22: ssh_port_opt = '' else: ssh_port_opt = '-p %d ' % settings.SSH_BIND[1] ssh_auth_command = 'ssh %sauth+%s@%s' % ( ssh_port_opt, encrypted_id, request.get_host().split(':')[0]) return render(request, 'login.html', { 'login_form': login_form, 'openid_request': oreq, 'next': next, 'ssl_auth_uri': ssl_auth_uri, 'ssl_auth_form': ssl_auth_form, 'ssh_auth_command': ssh_auth_command, 'is_otp': is_otp, })
def logout(request): _logout(request) return redirect('/app')
def logout(request): if request.user.is_authenticated: invalidate_session(request) _logout(request) return redirect_next(request)
def openid_auth_site(request): try: oreq = request.session['openid_request'] except KeyError: return render(request, 'openid-auth-site.html', { 'error': 'No OpenID request associated. The request may have \ expired.', }, status=400) sreg = SRegRequest.fromOpenIDRequest(oreq) ax = FetchRequest.fromOpenIDRequest(oreq) sreg_fields = set(sreg.allRequestedFields()) if ax: for uri in ax.requested_attributes: k = openid_ax_attribute_mapping.get(uri) if k: sreg_fields.add(k) ldap_user = LDAPUser.objects.get(username=request.user.username) if sreg_fields: sreg_data = { 'nickname': ldap_user.username, 'email': ldap_user.email, 'fullname': ldap_user.full_name, 'dob': ldap_user.birthday, } for k in list(sreg_data): if not sreg_data[k]: del sreg_data[k] else: sreg_data = {} sreg_fields = sreg_data.keys() # Read preferences from the db. try: saved_pref = OpenID_Attributes.objects.get( uid=ldap_user.uid, trust_root=oreq.trust_root, ) except OpenID_Attributes.DoesNotExist: saved_pref = None auto_auth = False else: auto_auth = saved_pref.always_auth if auto_auth or request.POST: if auto_auth: # TODO: can we do this nicer? form_inp = model_to_dict(saved_pref) else: form_inp = request.POST form = SiteAuthForm(form_inp, instance=saved_pref) # can it be invalid somehow? assert (form.is_valid()) attrs = form.save(commit=False) # nullify fields that were not requested for fn in form.cleaned_data: if fn in ('always_auth', ): pass elif hasattr(attrs, fn) and fn not in sreg_fields: setattr(attrs, fn, None) if auto_auth or 'accept' in request.POST: # prepare sreg response for fn, send in form.cleaned_data.items(): if fn not in sreg_data: pass elif not send: del sreg_data[fn] elif isinstance(sreg_data[fn], list): form_key = 'which_%s' % fn val = form.cleaned_data[form_key] if val not in sreg_data[fn]: raise NotImplementedError( 'Changing choices not implemented yet') sreg_data[fn] = val if not auto_auth: setattr(attrs, form_key, val) if not auto_auth: # save prefs in the db # (if auto_auth, then nothing changed) attrs.uid = ldap_user.uid attrs.trust_root = oreq.trust_root attrs.save() oresp = oreq.answer(True, identity=request.build_absolute_uri( reverse(user_page, args=(request.user.username, )))) sreg_resp = SRegResponse.extractResponse(sreg, sreg_data) oresp.addExtension(sreg_resp) if ax: ax_resp = FetchResponse(ax) for uri in ax.requested_attributes: k = openid_ax_attribute_mapping.get(uri) if k and k in sreg_data: ax_resp.addValue(uri, sreg_data[k]) oresp.addExtension(ax_resp) elif 'reject' in request.POST: oresp = oreq.answer(False) else: return render(request, 'openid-auth-site.html', { 'error': 'Invalid request submitted.', }, status=400) if request.session.get('auto_logout', False): # _logout clears request.session _logout(request) else: del request.session['openid_request'] return render_openid_response(request, oresp) form = SiteAuthForm(instance=saved_pref) sreg_form = {} # Fill in lists for choices for f in sreg_fields: if f not in sreg_data: pass elif isinstance(sreg_data[f], list): form.fields['which_%s' % f].widget.choices = [ (x, x) for x in sreg_data[f] ] sreg_form[f] = form['which_%s' % f] else: sreg_form[f] = format_html( "<input type='text'" + " readonly='readonly'" + " value='{0}' />", sreg_data[f]) try: # TODO: cache it if oreq.returnToVerified(): tr_valid = 'Return-To valid and trusted' else: tr_valid = 'Return-To untrusted' except openid.yadis.discover.DiscoveryFailure: tr_valid = 'Unable to verify trust (Yadis unsupported)' except openid.fetchers.HTTPFetchingError: tr_valid = 'Unable to verify trust (HTTP error)' return render( request, 'openid-auth-site.html', { 'openid_request': oreq, 'return_to_valid': tr_valid, 'form': form, 'sreg': sreg_fields, 'sreg_form': sreg_form, 'policy_url': sreg.policy_url, })
def login(request): """ The login page """ user = None oreq = request.session.get('openid_request', None) # this can be POST or GET, and can be null or empty next = request.REQUEST.get('next') or reverse(index) is_otp = False login_form = None strong_auth_req = 'strong_auth_requested' in request.session if oreq: login_form_class = OpenIDLoginForm elif ('strong_auth_requested' in request.session and request.user.is_authenticated()): login_form_class = StrongAuthForm else: login_form_class = LoginForm try: if request.method != 'POST': pass elif 'cancel' in request.POST: # note: this wipes request.session _logout(request) if oreq is not None: oresp = oreq.answer(False) return render_openid_response(request, oresp) elif 'otp_token' in request.POST: # if user's not authenticated, go back to square one if not request.user.is_authenticated(): raise OkupyError('OTP verification timed out') is_otp = True otp_form = OTPForm(request.POST) if otp_form.is_valid(): token = otp_form.cleaned_data['otp_token'] else: raise OkupyError('OTP verification failed') # prevent replay attacks and race conditions if not RevokedToken.add(token, request.user): raise OkupyError('OTP verification failed') dev = django_otp.match_token(request.user, token) if not dev: raise OkupyError('OTP verification failed') django_otp.login(request, dev) else: login_form = login_form_class(request.POST) if login_form.is_valid(): if login_form_class != StrongAuthForm: username = login_form.cleaned_data['username'] else: username = request.user.username password = login_form.cleaned_data['password'] else: raise OkupyError('Login failed') """ Perform authentication, if it retrieves a user object then it was successful. If it retrieves None then it failed to login """ try: user = authenticate(request=request, username=username, password=password) except Exception as error: logger.critical(error, extra=log_extra_data(request)) logger_mail.exception(error) raise OkupyError( "Can't contact the LDAP server or the database") if not user: raise OkupyError('Login failed') if oreq: request.session['auto_logout'] = ( login_form.cleaned_data['auto_logout']) except OkupyError as error: messages.error(request, str(error)) if user and user.is_active: _login(request, user) # prepare devices, and see if OTP is enabled init_otp(request) set_secondary_password(request=request, password=password) if request.user.is_authenticated(): if (strong_auth_req and not 'secondary_password' in request.session): if request.method != 'POST': messages.info( request, 'You need to type in your password' + ' again to perform this action') else: if request.user.is_verified(): return redirect(next) login_form = OTPForm() is_otp = True if login_form is None: login_form = login_form_class() if is_otp or strong_auth_req: ssl_auth_form = None ssl_auth_uri = None ssh_auth_command = None else: encrypted_id = sessionrefcipher.encrypt(request.session) # TODO: it fails when: # 1. site is accessed via IP (auth.127.0.0.1), # 2. HTTP used on non-standard port (https://...:8000). ssl_auth_form = SSLCertLoginForm({ 'session': encrypted_id, 'next': request.build_absolute_uri(next), 'login_uri': request.build_absolute_uri(request.get_full_path()), }) ssl_auth_host = 'auth.' + request.get_host() ssl_auth_path = reverse(ssl_auth) ssl_auth_uri = urljoin('https://' + ssl_auth_host, ssl_auth_path) if settings.SSH_BIND[1] == 22: ssh_port_opt = '' else: ssh_port_opt = '-p %d ' % settings.SSH_BIND[1] ssh_auth_command = 'ssh %sauth+%s@%s' % ( ssh_port_opt, encrypted_id, request.get_host().split(':')[0]) return render( request, 'login.html', { 'login_form': login_form, 'openid_request': oreq, 'next': next, 'ssl_auth_uri': ssl_auth_uri, 'ssl_auth_form': ssl_auth_form, 'ssh_auth_command': ssh_auth_command, 'is_otp': is_otp, })
def logout(request): _logout(request)
def logout(req): _logout(req) return index_redirect(req)
def logout(request): _logout(request) return render(request, 'defaults/index.html')
def logout(request, user_id = None): from django.contrib.auth import logout as _logout _logout(request) return HttpResponseRedirect('/')
def logout(request): _logout(request) messages.success(request, 'logout success') return redirect('accounts:login')
def logout(request): _logout(request) return HttpResponseRedirect('/')
def logout(request): _logout(request) return redirect("index")
def logout(request): from django.contrib.auth import logout as _logout #for login I've added wrapper below - called login if 'search_state' in request.session: request.session['search_state'].set_logged_out() request.session.modified = True _logout(request)
def logout(request): from django.contrib.auth import logout as _logout#for login I've added wrapper below - called login _logout(request) if settings.USE_EXTERNAL_LEGACY_LOGIN == True: EXTERNAL_LOGIN_APP.api.logout(request)
def logout(request): _logout(request) return HttpResponseRedirect(reverse('home'))
def logout(request): from django.contrib.auth import logout as _logout#for login I've added wrapper below - called login _logout(request)
def logout(request): #if I link to this, then the user will be logged out _logout(request) return HttpResponseRedirect(reverse('users:rl_page'))
def logout(request): _logout(request) return redirect(request.META.get("HTTP_REFERER"))
def logout(request): _logout(request) return redirect('/')
def logout(request): user = request.user if user.is_authenticated(): _logout(request) return redirect("login")
def logout(request): _logout(request) return HttpResponseRedirect(reverse('users:rl_page'))
def logout(request): ''' sign user out''' _logout(request) return HttpResponseRedirect(reverse('login'))
def logout(request): from django.contrib.auth import logout as _logout #for login I've added wrapper below - called login _logout(request)
def logout(request): _logout(request) return render(request, 'index.html')
def openid_auth_site(request): try: oreq = request.session['openid_request'] except KeyError: return render(request, 'openid-auth-site.html', { 'error': 'No OpenID request associated. The request may have \ expired.', }, status=400) sreg = SRegRequest.fromOpenIDRequest(oreq) ax = FetchRequest.fromOpenIDRequest(oreq) sreg_fields = set(sreg.allRequestedFields()) if ax: for uri in ax.requested_attributes: k = openid_ax_attribute_mapping.get(uri) if k: sreg_fields.add(k) ldap_user = LDAPUser.objects.get(username=request.user.username) if sreg_fields: sreg_data = { 'nickname': ldap_user.username, 'email': ldap_user.email, 'fullname': ldap_user.full_name, 'dob': ldap_user.birthday, } for k in list(sreg_data): if not sreg_data[k]: del sreg_data[k] else: sreg_data = {} sreg_fields = sreg_data.keys() # Read preferences from the db. try: saved_pref = OpenID_Attributes.objects.get( uid=ldap_user.uid, trust_root=oreq.trust_root, ) except OpenID_Attributes.DoesNotExist: saved_pref = None auto_auth = False else: auto_auth = saved_pref.always_auth if auto_auth or request.POST: if auto_auth: # TODO: can we do this nicer? form_inp = model_to_dict(saved_pref) else: form_inp = request.POST form = SiteAuthForm(form_inp, instance=saved_pref) # can it be invalid somehow? assert(form.is_valid()) attrs = form.save(commit=False) # nullify fields that were not requested for fn in form.cleaned_data: if fn in ('always_auth',): pass elif hasattr(attrs, fn) and fn not in sreg_fields: setattr(attrs, fn, None) if auto_auth or 'accept' in request.POST: # prepare sreg response for fn, send in form.cleaned_data.items(): if fn not in sreg_data: pass elif not send: del sreg_data[fn] elif isinstance(sreg_data[fn], list): form_key = 'which_%s' % fn val = form.cleaned_data[form_key] if val not in sreg_data[fn]: raise NotImplementedError( 'Changing choices not implemented yet') sreg_data[fn] = val if not auto_auth: setattr(attrs, form_key, val) if not auto_auth: # save prefs in the db # (if auto_auth, then nothing changed) attrs.uid = ldap_user.uid attrs.trust_root = oreq.trust_root attrs.save() oresp = oreq.answer(True, identity=request.build_absolute_uri( reverse(user_page, args=(request.user.username,)))) sreg_resp = SRegResponse.extractResponse(sreg, sreg_data) oresp.addExtension(sreg_resp) if ax: ax_resp = FetchResponse(ax) for uri in ax.requested_attributes: k = openid_ax_attribute_mapping.get(uri) if k and k in sreg_data: ax_resp.addValue(uri, sreg_data[k]) oresp.addExtension(ax_resp) elif 'reject' in request.POST: oresp = oreq.answer(False) else: return render(request, 'openid-auth-site.html', { 'error': 'Invalid request submitted.', }, status=400) if request.session.get('auto_logout', False): # _logout clears request.session _logout(request) else: del request.session['openid_request'] return render_openid_response(request, oresp) form = SiteAuthForm(instance=saved_pref) sreg_form = {} # Fill in lists for choices for f in sreg_fields: if f not in sreg_data: pass elif isinstance(sreg_data[f], list): form.fields['which_%s' % f].widget.choices = [ (x, x) for x in sreg_data[f] ] sreg_form[f] = form['which_%s' % f] else: sreg_form[f] = format_html("<input type='text'" + " readonly='readonly'" + " value='{0}' />", sreg_data[f]) try: # TODO: cache it if oreq.returnToVerified(): tr_valid = 'Return-To valid and trusted' else: tr_valid = 'Return-To untrusted' except openid.yadis.discover.DiscoveryFailure: tr_valid = 'Unable to verify trust (Yadis unsupported)' except openid.fetchers.HTTPFetchingError: tr_valid = 'Unable to verify trust (HTTP error)' return render(request, 'openid-auth-site.html', { 'openid_request': oreq, 'return_to_valid': tr_valid, 'form': form, 'sreg': sreg_fields, 'sreg_form': sreg_form, 'policy_url': sreg.policy_url, })