def attempt_login(request): matches = authenticate_users(request.POST['email'], request.POST['password']) if len(matches) == 1: # Exactly one match, cool, just authenticate the user user = authenticate(user=matches[0]) log_user_in(request, user) return matches, None elif len(matches) > 1: # Multiple matches, let the caller handle this return matches, None elif len(matches) == 0: # Incorrect credentials. Check if this is a user from the old userpage system old_member = authenticate_sherpa2_user(request.POST['email'], request.POST['password']) if old_member is not None: # Actually, it is! Let's try to import them. if User.get_users().filter(memberid=old_member.memberid, is_inactive=False).exists(): return matches, 'old_memberid_but_memberid_exists' # Check if a pending user exists. This shouldn't ever happen (a pending user is recently # enrolled, and an existing user will have been member for a long time). if User.objects.filter(memberid=old_member.memberid, is_pending=True).exists(): # Give the same error ("user exists, you need to use your new password") return matches, 'old_memberid_but_memberid_exists' # Verify that they exist in the membersystem (this turned out to be an incorrect assumption) if not Actor.get_personal_members().filter(memberid=old_member.memberid).exists(): # We're not quite sure why this can happen, so we'll just give them the invalid # credentials message - but this might be confusing for those who were able to log # in previously. return matches, 'invalid_credentials' # Create the new user try: # Check if the user's already created as inactive user = User.get_users().get(memberid=old_member.memberid, is_inactive=True) user.is_inactive = False user.set_password(request.POST['password']) user.save() except User.DoesNotExist: # New user user = User(identifier=old_member.memberid, memberid=old_member.memberid) user.set_password(request.POST['password']) user.save() # Update the email on this actor, in case it were to differ from the sherpa2 email user.update_personal_data({'email': request.POST['email']}) # Import any fjelltreffen-annonser from the old system import_fjelltreffen_annonser(user) authenticate(user=user) log_user_in(request, user) return [user], None else: # No luck, just provide the error message return matches, 'invalid_credentials'
def custom_on_success(request, identity_url, openid_response): # Reuse django_openidconsumer.views.default_on_success to set the # relevant session variables: consumer_views.default_on_success(request, identity_url, openid_response) # Now look up the user's identity_url to see if they exist in # the system try: user_openid = UserOpenID.objects.get(openid=identity_url) except UserOpenID.DoesNotExist: user_openid = None if user_openid: user = user_openid.user # Unfortunately we have to annotate the user with the # 'django.contrib.auth.backends.ModelBackend' backend, # or stuff breaks backend = load_backend('django.contrib.auth.backends.ModelBackend') user.backend = '%s.%s' % ( backend.__module__, backend.__class__.__name__ ) log_user_in(request, user) return on_login_ok(request, identity_url) else: return on_login_failed(request, identity_url)
def single_signon_login(request): """ This view applies only on the central site. After successful login on a local site, the user should be sent here in order to create a session on the central site as well, which will be used for future logins on other local sites (and any logins on the central site). """ if not request.site.is_central(): raise PermissionDenied if any([key not in request.GET for key in ['next', 'user_id', 'hmac']]): raise PermissionDenied user_id = request.GET['user_id'] user_id_bytes = user_id.encode('ascii') calculated_hmac_b64 = calc_hmac_b64(user_id_bytes) if calculated_hmac_b64 != request.GET['hmac']: logger.warning( "Single signon: Oppgitt hmac matcher ikke egenkalkulert hmac", extra={ 'provided_hmac': request.GET['hmac'], 'calculated_hmac': calculated_hmac_b64, 'user_id_bytes': user_id_bytes, } ) raise PermissionDenied # HMAC was verified, now authenticate the user and send them back user = User.objects.get(id=user_id) user = authenticate(user=user) log_user_in(request, user) return redirect(request.GET['next'])
def login(request): if request.method == 'POST': login_form = LoginForm(request.POST) if login_form.is_valid(): data = login_form.cleaned_data user = authenticate(username=data['username'], password=data['password']) if user is not None: log_user_in(request, user) id = user.userclipboard.clipboard_id response = HttpResponseRedirect(reverse('main')) response.set_cookie('clipboard-id', id) return response else: login_form = LoginForm() return render( request, 'clipper/login.html', { 'form': login_form, 'errors': ['The username and password do not match any user!'] }) else: loginform = LoginForm() return render(request, 'clipper/login.html', {'form': loginform})
def login_chosen_user(request): if 'authenticated_users' not in request.session: return redirect('user:login.login') if 'user' not in request.POST: del request.session['authenticated_users'] return redirect('user:login.login') # Verify that the user authenticated for this user if not int(request.POST['user']) in request.session['authenticated_users']: del request.session['authenticated_users'] return redirect('user:login.login') # All is swell, log the user in user = User.get_users(include_pending=True).get(id=request.POST['user'], is_inactive=False) user = authenticate(user=user) log_user_in(request, user) del request.session['authenticated_users'] if request.site.is_central(): return redirect(request.GET.get('next', reverse('user:home'))) else: if 'sso_checked' in request.session: del request.session['sso_checked'] return redirect(sso_login_url( request.site, request.user, request.GET.get('next', reverse('user:home')), ))
def custom_on_success(request, identity_url, openid_response): # Reuse django_openidconsumer.views.default_on_success to set the # relevant session variables: consumer_views.default_on_success(request, identity_url, openid_response) # Now look up the user's identity_url to see if they exist in # the system try: user_openid = UserOpenID.objects.get(openid=identity_url) except UserOpenID.DoesNotExist: user_openid = None if user_openid: user = user_openid.user # Unfortunately we have to annotate the user with the # 'django.contrib.auth.backends.ModelBackend' backend, # or stuff breaks backend = load_backend('django.contrib.auth.backends.ModelBackend') user.backend = '%s.%s' % (backend.__module__, backend.__class__.__name__) log_user_in(request, user) return on_login_ok(request, identity_url) else: return on_login_failed(request, identity_url)
def signup(request): if request.method == 'POST': form = UserSignupForm(request.POST) if form.is_valid(): user = form.save() user.backend = settings.AUTHENTICATION_BACKENDS[0] log_user_in(request, user) return HttpResponseRedirect(reverse('welcome')) else: form = UserSignupForm() return render(request, 'signup.html', {'form': form})
def sign_up(request): if request.method == 'POST': form = UserCreationForm(request.POST) if form.is_valid(): form.save() user = authenticate(username=form.cleaned_data.get('username'), password=form.cleaned_data.get('password1')) log_user_in(request, user) return redirect('/movies') form = UserCreationForm() return render(request, 'registration/sign_up.html', {'form': form})
def login(request): if request.user.is_authenticated(): return HttpResponseRedirect(reverse('welcome')) if request.method == 'POST': form = UserAuthenticationForm(data=request.POST) if form.is_valid(): log_user_in(request, form.get_user()) return HttpResponseRedirect(reverse('welcome')) else: form = UserAuthenticationForm return render(request, 'login.html', {'form': form})
def attempt_registration_nonmember(request): error_messages = [] # Check that name is provided if not validator.name(request.POST['name']): error_messages.append('invalid_name') # Check that the email address is valid if not validator.email(request.POST['email']): error_messages.append('invalid_email') # Check that the email address isn't in use if User.objects.filter(identifier=request.POST['email']).exists(): error_messages.append('email_exists') # Check that the password is long enough if len(request.POST['password']) < settings.USER_PASSWORD_LENGTH: error_messages.append('too_short_password') if len(error_messages) > 0: request.session['user.registration_nonmember_attempt'] = { 'name': request.POST['name'], 'email': request.POST['email'] } return None, error_messages user = User(identifier=request.POST['email'], email=request.POST['email']) user.first_name, user.last_name = request.POST['name'].rsplit(maxsplit=1) user.set_consent_accepted_privacy_policy_date(None, False) user.set_password(request.POST['password']) user.save() user.set_consent_dnt( Forening.DNT_CENTRAL_ID, 'email', True if request.POST.get('consent-dnt-communication-email') else False, save=True, ) authenticate(user=user) log_user_in(request, user) try: message = render_to_string('common/user/login/registered_nonmember_email.txt', request=request) send_mail(EMAIL_REGISTERED_SUBJECT, message, settings.DEFAULT_FROM_EMAIL, [user.get_email()]) except (SMTPException, SSLError, UnicodeEncodeError): # Silently log and ignore this error. Consider warning the user that the email wasn't sent? logger.warning( "Klarte ikke å sende registreringskvitteringepost", exc_info=sys.exc_info(), extra={'request': request} ) return user, None
def login_chosen_user(request): if 'authenticated_users' not in request.session: return redirect('user:login.login') if 'user' not in request.POST: del request.session['authenticated_users'] return redirect('user:login.login') # Verify that the user authenticated for this user if not int(request.POST['user']) in request.session['authenticated_users']: del request.session['authenticated_users'] return redirect('user:login.login') # All is swell, log the user in user = User.get_users(include_pending=True).get(id=request.POST['user'], is_inactive=False) user = authenticate(user=user) log_user_in(request, user) del request.session['authenticated_users'] if request.session.get('OAuth-authorization'): try: o = urlparse(request.GET.get('next', None)) client_id = [a[1] for a in parse_qsl(o.query) if a[0] == 'client_id'][0] user.last_login_oauth_date = datetime.now() user.save() log, created = UserOauthActiveLog.objects.get_or_create( user=user, oauth_client_id=client_id, defaults={ 'first_date': user.last_login_oauth_date, 'last_date': user.last_login_oauth_date }) if not created: log.last_date = user.last_login_oauth_date log.save() except: pass else: user.last_login_site_date = datetime.now() user.save() if request.site.is_central(): return redirect(request.GET.get('next', reverse('user:home'))) else: if 'sso_checked' in request.session: del request.session['sso_checked'] return redirect(sso_login_url( request.site, request.user, request.GET.get('next', reverse('user:home')), ))
def attempt_registration(request): # Check that the password is long enough if len(request.POST['password']) < settings.USER_PASSWORD_LENGTH: return None, 'too_short_password' # Check that the email address is valid if not validator.email(request.POST['email']): return None, 'invalid_email' try: user = verify_memberid( ip_address=request.META['REMOTE_ADDR'], memberid=request.POST['memberid'], country_code=request.POST['country'], zipcode=request.POST['zipcode'], ) if not user.is_inactive: return None, 'user_exists' user.set_contact_info({'email': request.POST['email'].strip()}) user.is_inactive = False user.activated = datetime.now() user.set_consent_accepted_privacy_policy_date(None, False) user.set_password(request.POST['password']) user.save() authenticate(user=user) log_user_in(request, user) try: message = render_to_string('common/user/login/registered_email.txt', request=request) send_mail(EMAIL_REGISTERED_SUBJECT, message, settings.DEFAULT_FROM_EMAIL, [user.get_email()]) except (SMTPException, SSLError, UnicodeEncodeError): # Silently log and ignore this error. Consider warning the user that the email wasn't sent? logger.warning( "Klarte ikke å sende registreringskvitteringepost", exc_info=sys.exc_info(), extra={'request': request} ) return user, None except MemberidLookupsExceeded: return None, 'memberid_lookups_exceeded' except CountryDoesNotExist: raise PermissionDenied except (NoMatchingMemberid, ActorIsNotPersonalMember, ValueError): return None, 'invalid_memberid'
def restore_password(request, key): users = User.get_users(include_pending=True).filter(password_restore_key=key, is_inactive=False) if len(users) == 0: context = { 'no_such_key': True, 'user_password_length': settings.USER_PASSWORD_LENGTH } return render(request, 'common/user/login/restore-password.html', context) date_limit = datetime.now() - timedelta(hours=settings.RESTORE_PASSWORD_VALIDITY) if any([u.password_restore_date < date_limit for u in users]): # We've passed the deadline for key validity context = { 'key_expired': True, 'validity_period': settings.RESTORE_PASSWORD_VALIDITY, 'user_password_length': settings.USER_PASSWORD_LENGTH } return render(request, 'common/user/login/restore-password.html', context) # Passed all tests, looks like we're ready to reset the password if request.method == 'GET': context = { 'ready': True, 'key': key, 'user_password_length': settings.USER_PASSWORD_LENGTH } return render(request, 'common/user/login/restore-password.html', context) elif request.method == 'POST': if request.POST['password'] != request.POST['password-repeat'] or \ len(request.POST['password']) < settings.USER_PASSWORD_LENGTH: context = { 'ready': True, 'key': key, 'user_password_length': settings.USER_PASSWORD_LENGTH, 'unacceptable_password': True } return render(request, 'common/user/login/restore-password.html', context) # Everything is in order. Reset the password. for user in users: user.set_password(request.POST['password']) user.password_restore_key = None user.password_restore_date = None user.save() # Log the user in automatically user = authenticate(user=user) log_user_in(request, user) messages.info(request, 'password_reset_success') return redirect('user:home')
def attempt_login(request): matches = authenticate_users(request.POST['email'], request.POST['password']) if len(matches) == 1: # Exactly one match, cool, just authenticate the user user = authenticate(user=matches[0]) log_user_in(request, user) return matches, None elif len(matches) > 1: # Multiple matches, let the caller handle this return matches, None elif len(matches) == 0: # Invalid credentials return matches, 'invalid_credentials'
def attempt_registration_nonmember(request): error_messages = [] # Check that name is provided if not validator.name(request.POST['name']): error_messages.append('invalid_name') # Check that the email address is valid if not validator.email(request.POST['email']): error_messages.append('invalid_email') # Check that the email address isn't in use if User.objects.filter(identifier=request.POST['email']).exists(): error_messages.append('email_exists') # Check that the password is long enough if len(request.POST['password']) < settings.USER_PASSWORD_LENGTH: error_messages.append('too_short_password') if len(error_messages) > 0: request.session['user.registration_nonmember_attempt'] = { 'name': request.POST['name'], 'email': request.POST['email'] } return None, error_messages user = User(identifier=request.POST['email'], email=request.POST['email']) user.first_name, user.last_name = request.POST['name'].rsplit(' ', 1) user.set_password(request.POST['password']) user.save() authenticate(user=user) log_user_in(request, user) try: t = loader.get_template('common/user/login/registered_nonmember_email.txt') c = RequestContext(request) send_mail(EMAIL_REGISTERED_SUBJECT, t.render(c), settings.DEFAULT_FROM_EMAIL, [user.get_email()]) except (SMTPException, SSLError): # Silently log and ignore this error. Consider warning the user that the email wasn't sent? logger.warning(u"Klarte ikke å sende registreringskvitteringepost", exc_info=sys.exc_info(), extra={'request': request} ) return user, None
def login(request): form = LoginForm() user = None if request.method == 'POST': form = LoginForm(request.POST) if form.is_valid(): username = form.cleaned_data['username'] password = form.cleaned_data['password'] user = authenticate(username=username, password=password) if user is not None: log_user_in(request, user) return redirect('dashboard:home') return render(request, "authentication/login.html", { 'form': form, 'user': user })
def single_signon_return(request): """ This view applies only on local sites. This is where the user is returned after a `single_signon_check` on the central site. If the user returned with auth data, it is verified and the user is automatically signed on. If not, the user is sent back to the login view with 'sso_checked' set in session to avoid repeating the auth check. """ if request.site.is_central(): raise PermissionDenied if 'next' not in request.GET: raise PermissionDenied if not all([key in request.GET for key in ['user_id', 'hmac']]): # User was not authenticated, save the value and let them authenticate # locally request.session['sso_checked'] = True return redirect('%s?next=%s' % ( reverse('user:login.login'), request.GET['next'], )) else: # User is authenticated - verify the message and authenticate them here user_id = request.GET['user_id'] user_id_bytes = user_id.encode('ascii') calculated_hmac_b64 = calc_hmac_b64(user_id_bytes) if calculated_hmac_b64 != request.GET['hmac']: logger.warning( "Single signon: Oppgitt hmac matcher ikke egenkalkulert hmac", extra={ 'provided_hmac': request.GET['hmac'], 'calculated_hmac': calculated_hmac_b64, 'user_id_bytes': user_id_bytes, } ) raise PermissionDenied # HMAC was verified, now authenticate the user user = User.objects.get(id=user_id) user = authenticate(user=user) log_user_in(request, user) return redirect(request.GET['next'])
def login_chosen_user(request): if not 'authenticated_users' in request.session: return redirect('user.login.views.login') if not 'user' in request.POST: del request.session['authenticated_users'] return redirect('user.login.views.login') # Verify that the user authenticated for this user if not int(request.POST['user']) in request.session['authenticated_users']: del request.session['authenticated_users'] return redirect('user.login.views.login') # All is swell, log the user in user = User.get_users(include_pending=True).get(id=request.POST['user'], is_inactive=False) user = authenticate(user=user) log_user_in(request, user) del request.session['authenticated_users'] return redirect(request.GET.get('next', reverse('user.views.home')))
def signon_login_chosen_user(request): if not 'authenticated_users' in request.session or not 'dntconnect' in request.session: raise PermissionDenied if not 'user' in request.POST: del request.session['authenticated_users'] return redirect('connect.views.signon_login') # Verify that the user authenticated for this user if not int(request.POST['user']) in request.session['authenticated_users']: del request.session['authenticated_users'] return redirect('connect.views.signon_login') # All is swell, log the user in user = User.get_users(include_pending=True).get(id=request.POST['user'], is_inactive=False) user = authenticate(user=user) log_user_in(request, user) add_signon_session_value(request, 'logget_inn') del request.session['authenticated_users'] return redirect('connect.views.signon_complete')
def register(request, success_url='/accounts/register/complete/', template_name='openid_register.html', already_registered_url='/'): """ Allows a new user to register an account. A customised variation of the view of the same name from django-registration. Context:: form The registration form Template:: registration/registration_form.html (or template_name argument) """ if request.method == 'POST': form = SSORegistrationForm(request.POST) if form.is_valid(): new_user = form.save() associate_openid( new_user, request.openid ) next = form.cleaned_data['next'] print 'next',next # Unfortunately we have to annotate the user with the # 'django.contrib.auth.backends.ModelBackend' backend, or stuff breaks backend = load_backend('django.contrib.auth.backends.ModelBackend') new_user.backend = '%s.%s' % ( backend.__module__, backend.__class__.__name__ ) log_user_in(request, new_user) return HttpResponseRedirect(next or success_url) else: if request.user.is_authenticated(): return HttpResponseRedirect( already_registered_url ) form = SSORegistrationForm(initial={'next':request.GET.get('next','')}) return render_to_response(template_name, { 'form': form }, context_instance=RequestContext(request))
def login_as(request, login_as_user_id): if request.session.get('login_as_original_user', False): messages.info(request, 'login_as_user_is_already_active') return redirect('admin:users.show', login_as_user_id) if not request.user.has_perm('sherpa/admin') or request.method != 'POST': raise PermissionDenied original_user_id = request.user.id original_aktiv_forening = request.session.get('active_forening') try: login_user = User.objects.get(pk=login_as_user_id) auth_user = authenticate(user=login_user) log_user_in(request, auth_user) except User.DoesNotExist: messages.info(request, 'unable_to_login_as_user') return redirect('admin:users.show', login_as_user_id) request.session['login_as_original_user'] = original_user_id request.session['login_as_original_active_forening'] = ( original_aktiv_forening) return redirect('user:home')
def register(request): form = RegistrationForm() if request.method == 'POST': form = RegistrationForm(request.POST) if form.is_valid(): user = User.objects.create_user( username=form.cleaned_data['username'], email=form.cleaned_data['email'], password=form.cleaned_data['password1'] ) log_user_in(request, user) # Check for any GameMemberships they might have and convert to User references memberships = GameMembership.objects.filter(email=user.email) if memberships: for membership in memberships: membership.user = user membership.email = None membership.save() return redirect('dashboard:home') return render(request, "authentication/register.html", { 'form': form, })
def restore_login_as(request): if not request.session.get('login_as_original_user', False): raise Http404 # Attempt to restore original user login current_user_id = request.user.id restore_user_id = request.session['login_as_original_user'] restore_aktiv_forening = ( request.session.get('login_as_original_active_forening')) try: login_user = User.objects.get(pk=restore_user_id) auth_user = authenticate(user=login_user) log_user_in(request, auth_user) except User.DoesNotExist: # If restoring original user fails, logout! log_user_out(request) return redirect('cms:page') # Restore aktiv forening request.session['active_forening'] = restore_aktiv_forening # Redirect user to referer (now as the original user) return redirect('admin:users.show', current_user_id)
def processlogin(request): form = forms.LoginForm() if request.method == 'POST': form = forms.LoginForm(request.POST) if form.is_valid(): print("FORM VALIDATION SUCCESS!") print("User name is: " + form.cleaned_data['username']) print("Now we validate user...") user = authenticate(username=form.cleaned_data['username'], password=form.cleaned_data['password']) if user is not None: print("This is a valid user!") print("logging user in...") log_user_in( request, user) #this is login function renamed to log_user_in print("Done logging user in") return HttpResponseRedirect( 'http://localhost:8000/') # Static reference!!! else: print("INVALID USER!") else: print("FORM DATA INVALID!") return render(request, 'user/login.html', {'form': form})