def loginview(request, target):
if request.method == 'POST':
form = LoginForm(request.POST)
if not form.is_valid(): # All validation rules pass
form = LoginForm()
context = {'form': form, 'error': 'Invalid form'}
return scirius_render(request, 'accounts/login.html', context)
username = form.cleaned_data['username']
password = form.cleaned_data['password']
user = authenticate(username=username, password=password)
if user is not None:
if user.is_active:
login(request, user)
try:
sciriususer = SciriusUser.objects.get(user=user)
sciriususer.sciriususerapp
except (SciriusUser.DoesNotExist, AttributeError):
SciriusUser.objects.get_or_create(
user=user, defaults={'timezone': 'UTC'})
get_middleware_module('common').update_scirius_user_class(
user, form.cleaned_data)
if not form.cleaned_data['persistent']:
request.session.set_expiry(0)
logger = logging.getLogger('authentication')
logger.info("Successful login for '%s' from '%s'", username,
get_client_ip(request))
UserAction.create(action_type='login',
user=user,
force_insert=True)
return redirect("/" + target)
else:
form = LoginForm()
context = {'form': form, 'error': 'Disabled account'}
logger = logging.getLogger('authentication')
logger.error(
"Invalid login attempt for disabled account '%s' from '%s'",
username, get_client_ip(request))
return scirius_render(request, 'accounts/login.html', context)
else:
form = LoginForm()
context = {'form': form, 'error': 'Invalid login'}
logger = logging.getLogger('authentication')
logger.error("Invalid login attempt for '%s' from '%s'", username,
get_client_ip(request))
return scirius_render(request, 'accounts/login.html', context)
else:
form = LoginForm()
context = {'form': form}
return scirius_render(request, 'accounts/login.html', context)
def get_request_ip_address(self, request):
"""Gets the IP address of the request"""
ip_address = get_client_ip(request)[0]
if ip_address is not None:
return ip_address
else:
return ''
def get_embargo_response(request, course_id, user):
"""
Check whether any country access rules block the user from enrollment.
Args:
request (HttpRequest): The request object
course_id (str): The requested course ID
user (str): The current user object
Returns:
HttpResponse: Response of the embargo page if embargoed, None if not
"""
redirect_url = redirect_if_blocked(course_id,
user=user,
ip_address=get_client_ip(request)[0],
url=request.path)
if redirect_url:
return Response(
status=status.HTTP_403_FORBIDDEN,
data={
"message":
(u"Users from this location cannot access the course '{course_id}'."
).format(course_id=course_id),
"user_message_url":
request.build_absolute_uri(redirect_url)
})
def save_request(self, request, request_log):
request_log.method = request.method
request_log.endpoint = request.path
client_ip, is_routable = get_client_ip(request)
request_log.ip = client_ip
try:
body = json.loads(request.body.decode('utf-8'))
if 'password' in body:
body['password'] = '******'
request_body = body
except Exception as e:
request_body = {}
if request.GET:
request_log.query_params = dict(request.GET)
if request.body:
request_log.request_body = request_body
request_log.time = datetime.datetime.now()
try:
if request.user:
request_log.user = request.user
except:
pass
request_log.save()
return request_log
def get_client_ip_address(request):
""" Get ip address from request """
ip = get_client_ip(request)
if ip[0]:
return ip[0]
else:
return None
def construct_init_request(
request,
amount,
desc,
items: List[Item],
order_id: str,
client_email: Optional[str] = None,
client_phone: Optional[str] = None,
) -> InitRequest:
ip, _ = get_client_ip(request)
notification_url = reverse("django_pay2:tinkoff:notify")
success_url = reverse("django_pay2:success")
fail_url = reverse("django_pay2:fail")
return InitRequest(
amount_rub=amount,
order_id=order_id,
ip=ip,
description=desc,
notification_url=request.build_absolute_uri(notification_url),
success_url=request.build_absolute_uri(success_url),
fail_url=request.build_absolute_uri(fail_url),
receipt=Receipt(
email=client_email,
phone=client_phone,
email_company=payment_settings.TINKOFF.email_company,
taxation=payment_settings.TINKOFF.taxation,
items=items,
),
)
def process_request(self, request):
"""
Identify the country by IP address.
Store country code in session.
"""
new_ip_address = get_client_ip(request)[0]
old_ip_address = request.session.get('ip_address', None)
if not new_ip_address and old_ip_address:
del request.session['ip_address']
del request.session['country_code']
elif new_ip_address != old_ip_address and is_public_ip(new_ip_address):
reader = geoip2.database.Reader(settings.GEOIP_PATH)
try:
response = reader.country(new_ip_address)
country_code = response.country.iso_code
except geoip2.errors.AddressNotFoundError:
country_code = ""
request.session['country_code'] = country_code
request.session['ip_address'] = new_ip_address
log.debug('Country code for IP: %s is set to %s', new_ip_address,
country_code)
reader.close()
def save_to_db(self, form_data, request, referrer):
user = request.user if request.user.is_authenticated() else None
FormSubmission.objects.create(
plugin=self.form_definition.plugin_reference,
ip=get_client_ip(request),
referrer=referrer,
form_data=form_data,
created_by=user)
def set_meta(self, request):
"""update post ip_address & user_agent attributes"""
ip = get_client_ip(request)
if ip is not None:
self.ip_address = ip
ua = request.META.get('HTTP_USER_AGENT', '')
if ua:
self.user_agent = ua
def process_request(self, request):
"""Block requests based on embargo rules.
This will perform the following checks:
1) If the user's IP address is blacklisted, block.
2) If the user's IP address is whitelisted, allow.
3) If the user's country (inferred from their IP address) is blocked for
a courseware page, block.
4) If the user's country (retrieved from the user's profile) is blocked
for a courseware page, block.
5) Allow access.
"""
# Never block certain patterns by IP address
for pattern in self.ALLOW_URL_PATTERNS:
if pattern.match(request.path) is not None:
return None
ip_address = get_client_ip(request)[0]
ip_filter = IPFilter.current()
if ip_filter.enabled and ip_address in ip_filter.blacklist_ips:
log.info(
(
u"User %s was blocked from accessing %s "
u"because IP address %s is blacklisted."
), request.user.id, request.path, ip_address
)
# If the IP is blacklisted, reject.
# This applies to any request, not just courseware URLs.
ip_blacklist_url = reverse(
'embargo:blocked_message',
kwargs={
'access_point': 'courseware',
'message_key': 'embargo'
}
)
return redirect(ip_blacklist_url)
elif ip_filter.enabled and ip_address in ip_filter.whitelist_ips:
log.info(
(
u"User %s was allowed access to %s because "
u"IP address %s is whitelisted."
),
request.user.id, request.path, ip_address
)
# If the IP is whitelisted, then allow access,
# skipping later checks.
return None
else:
# Otherwise, perform the country access checks.
# This applies only to courseware URLs.
return self.country_access_rules(request.user, ip_address, request.path)
def perform_create(self, serializer):
fruit = get_object_or_404(Fruit, pk=self.kwargs.get("pk"))
client_ip, is_routable = get_client_ip(self.request)
serializer.save(
author=self.request.user,
ip=client_ip,
is_complaint=True,
fruit=fruit,
)
def _validate(self, request):
current_logger = getattr(request, 'input_request_logger', None)
return get_count_input_requests(
from_time=timezone.now() - timedelta(seconds=self.timeframe),
ip=get_client_ip(request)[0],
path=request.path,
slug=self.slug,
exclude_log_id=current_logger.id
if current_logger else None) < self.throttle_at
def profile(request):
"""
View method for path '/sso/profile'
Must called after authentication
Return the authenticated user profile as json
"""
#get the auth response
user = request.user
auth_key = cache.get_auth_key(user.email, request.session.session_key)
response = cache.get_auth(auth_key, user.modified)
if not response:
response = _populate_response(request, cache.set_auth, auth_key, user,
request.session.session_key)
#populte the profile from response headers
content = {}
for key, value in response.items():
if key.startswith("X-"):
key = key[2:].replace("-", "_")
content[key] = value
current_ip, routable = get_client_ip(request)
content['client_logon_ip'] = current_ip
#populate the user token property
try:
token = models.UserToken.objects.filter(user=user).first()
if not token or not token.enabled:
content[
"access_token_error"] = "Access token is not enabled, please ask administrator to enable."
elif not token.token:
content[
"access_token_error"] = "Access token is not created, please ask administrator to create"
elif token.is_expired:
content["access_token"] = token.token
content["access_token_created"] = timezone.localtime(
token.created).strftime("%Y-%m-%d %H:%M:%S")
content["access_token_expired"] = token.expired.strftime(
"%Y-%m-%d")
content[
"access_token_error"] = "Access token is expired, please ask administrator to recreate"
else:
content["access_token"] = token.token
content["access_token_created"] = timezone.localtime(
token.created).strftime("%Y-%m-%d %H:%M:%S")
if token.expired:
content["access_token_expired"] = token.expired.strftime(
"%Y-%m-%d 23:59:59")
except Exception as ex:
logger.error("Failed to get access token for the user({}).{}".format(
user.email, traceback.format_exc()))
content["access_token_error"] = str(ex)
content = json.dumps(content)
return HttpResponse(content=content, content_type="application/json")
def put(self, request, format=None):
data = request.data
try:
if User.objects.filter(user_id=data['user_id']).filter(
del_yn='N').exists():
account = User.objects.get(user_id=data['user_id'])
# print('-----check')
if bcrypt.checkpw(data['password'].encode('utf-8'),
account.password.encode('utf-8')):
token = jwt.encode({'user_id': account.id},
SECRET_KEY,
algorithm=ALGORITHM)
if not request.session.session_key:
# print('save')
request.session.save()
# request.session['test'] = 'Test'
# print('request.session', request.session.session_key)
# print('request.session[test]', request.session['test'])
# print(type(request.session.session_key))
session_id = str(request.session.session_key)
# 세션 만료 체크
if Session.objects.filter(
user_id=data['user_id']).order_by(
'created_date').last().session_key != str(
request.session.session_key):
print('세션 만료되어 새로 로그인합니다.')
ip, tmp = get_client_ip(request)
print('세션 갱신')
queryset = User.objects.all().filter(
user_id=data['user_id'], del_yn='N')
queryset.update(last_login=now, modify_date=now)
Session(user_id=data['user_id'],
session_key=session_id,
ip_address=ip,
login_yn='Y').save()
# session insert --------here
return Response('Login Success', status=200)
return Response('password 가 맞지 않습니다.', status=401)
elif User.objects.filter(user_id=data['user_id']).filter(
del_yn='Y').exists():
return Response('탈퇴 회원입니다.', status=400)
else:
return Response('없는 회원입니다.', status=400)
except KeyError as e:
return Response(e, status=500)
def post(self, request):
serializer = TrackerSerializer(data=request.data)
if serializer.is_valid():
raw_tracker = serializer.save()
if not raw_tracker.dnt:
raw_tracker.ip = get_client_ip(request) or ''
raw_tracker.user_agent = request.META['HTTP_USER_AGENT']
raw_tracker.save()
return Response({'id': raw_tracker.secret_id},
status=status.HTTP_200_OK)
return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
def stored_request(self, request):
"""
Extract useful information about the request to be used for emulating a Django request
during offline rendering.
"""
return {
'language': get_language_from_request(request),
'absolute_base_uri': request.build_absolute_uri('/'),
'remote_ip': get_client_ip(request)[0],
'user_agent': request.META.get('HTTP_USER_AGENT'),
}
def get_session_const(self, request: HttpRequest):
user = request.user
ip = get_client_ip(request)[0]
if ip is None and settings.DEBUG:
ip = "127.0.0.1"
user_agent = request.META["HTTP_USER_AGENT"]
phone = j2fa_phone_filter(self.get_user_phone(user)) # type: ignore
if not phone:
raise TwoFactorAuthError(
_("your.phone.number.missing.from.system"))
return user, ip, user_agent, phone
def createpackage(self, request, response):
ip, _ = get_client_ip(request)
return {
'path': request.path,
'status_code': response.status_code,
'ip': ip,
'method': request.method,
'timestamp':
int(datetime.utcnow().replace(tzinfo=utc).timestamp()),
'user_agent': request.META.get('HTTP_USER_AGENT'),
'referer': request.META.get('HTTP_REFERER')
}
def get_mfe_context(request, redirect_to, tpa_hint=None):
"""
Returns Authn MFE context.
"""
ip_address = get_client_ip(request)[0]
country_code = country_code_from_ip(ip_address)
context = third_party_auth_context(request, redirect_to, tpa_hint)
context.update({
'countryCode': country_code,
})
return context
def __call__(self, request):
view = get_view_from_request_or_none(request)
if (get_client_ip(request)[0] not in settings.LOG_REQUEST_IGNORE_IP
and request.path not in settings.LOG_REQUEST_IGNORE_URL_PATHS
and not getattr(view, 'log_exempt', False)):
with InputRequestLogger(hide_request_body=getattr(
view, 'hide_request_body', False)) as logger:
request.input_request_logger = logger
return self.get_response(request, logger)
else:
return self.get_response(request)
def update_last_login_and_ip(sender, user, **kwargs):
"""
A signal receiver which updates the last_ip IP Address and last_login for
the user logging in.
"""
user.last_login = timezone.now()
update_fields = ['last_login']
if 'request' in kwargs:
user.last_ip, _ = get_client_ip(kwargs['request'])
update_fields.append('last_ip')
user.save(update_fields=update_fields)
def form_valid(self, form):
# Setting the IP
current_IP, is_routable = get_client_ip(self.request)
form.instance.creator_IP = current_IP
# Hashing the url
hashids = Hashids()
form.instance.hashed_url = hashids.encode(id(form.instance))
form.save()
#created_url = self.request.build_absolute_uri() + "r/" + form.instance.hashed_url
return redirect("home")
def login(request,
user,
expiration=True,
auth_slug=None,
related_objs=None,
backend=None,
allowed_cookie=True,
allowed_header=True,
two_factor_login=False):
"""
Persist token into database. Token is stored inside cookie therefore is not necessary
reauthenticate user for every request.
"""
from auth_token.models import Token
related_objs = related_objs if related_objs is not None else ()
if user is None:
user = request.user
try:
backend = backend or user.backend
except AttributeError:
backends = _get_backends(return_tuples=True)
if len(backends) == 1:
_, backend = backends[0]
else:
raise ValueError(
'You have multiple authentication backends configured and '
'therefore must provide the `backend` argument or set the '
'`backend` attribute on the user.')
token = Token.objects.create(user=user,
user_agent=request.META.get(
'HTTP_USER_AGENT', '')[:256],
expiration=expiration,
auth_slug=auth_slug,
ip=get_client_ip(request)[0],
backend=backend,
allowed_cookie=allowed_cookie,
allowed_header=allowed_header,
is_authenticated=not two_factor_login)
for related_obj in related_objs:
token.related_objects.create(content_object=related_obj)
if hasattr(request, 'user') and token.is_authenticated:
request.user = user
request.token = token
rotate_token(request)
user_logged_in.send(sender=user.__class__, request=request, user=user)
def _validate(self, request):
try:
view_slug = resolve(request.path_info,
getattr(request, 'urlconf', None)).view_name
except Resolver404:
view_slug = None
current_logger = getattr(request, 'input_request_logger', None)
return get_count_input_requests(
from_time=timezone.now() - timedelta(seconds=self.timeframe),
ip=get_client_ip(request)[0],
path=request.path,
method=request.method.upper(),
view_slug=view_slug,
exclude_log_id=current_logger.id
if current_logger else None) < self.throttle_at
def process_request(self, request):
"""
Identify the country by IP address.
Store country code in session.
"""
new_ip_address = get_client_ip(request)[0]
old_ip_address = request.session.get('ip_address', None)
if not new_ip_address and old_ip_address:
del request.session['ip_address']
del request.session['country_code']
elif new_ip_address != old_ip_address and is_public_ip(new_ip_address):
country_code = country_code_from_ip(new_ip_address)
request.session['country_code'] = country_code
request.session['ip_address'] = new_ip_address
log.debug('Country code for IP: %s is set to %s', new_ip_address,
country_code)
def __prepare_data(self, request):
request_contents = request.data.dict()
# print(request_contents)
if 'input_data' in request_contents:
request_contents.pop('input_data')
# # data['input_data'] = request.data['input_data']
data = {}
try:
data['submission_name'] = request_contents.pop('submission_name')
data['email'] = request_contents.pop('email')
data['job'] = request_contents.pop('job')
data['ip'] = get_client_ip(request)[0]
# data['UUID'] = str(uuid.uuid1())
except MultiValueDictKeyError:
raise MultiValueDictKeyError
except KeyError:
raise KeyError
return (data, request_contents)
def __call__(self, request: HttpRequest):
user = request.user
if user.is_authenticated:
session = request.session
assert isinstance(session, SessionBase)
user_agent = request.META.get("HTTP_USER_AGENT") or ""
ip = get_client_ip(request)[0] or ""
path_info = request.path_info
logger.debug("2FA: IP=%s, path_info=%s, route_name=%s", ip, path_info, resolve(path_info).url_name)
if self.is_2fa_required(user) and self.is_2fa_route(path_info):
j2fa_session_id = session.get("j2fa_session") or 0
j2fa_session = TwoFactorSession.objects.filter(id=j2fa_session_id).first()
assert j2fa_session is None or isinstance(j2fa_session, TwoFactorSession)
if j2fa_session is None or not j2fa_session.is_valid(user, ip, user_agent) or not j2fa_session.active:
logger.info("2FA: route=%s, j2fa_session_id=%s", self.require_2fa_view, j2fa_session_id)
return redirect(reverse(self.require_2fa_view) + "?next=" + request.path)
return self.get_response(request)
def delete(self, request):
session_key = request.data['session_key']
# serializer_class = LogoutSerializer
try:
# user_id catch
if Session.objects.filter(
session_key=session_key).latest('user_id'):
user = Session.objects.filter(
session_key=session_key).latest('user_id')
ip, tmp = get_client_ip(request)
'''
이미 로그아웃 된경우를 catch 하려면 활성화
'''
# if user.login_yn == 'N':
# Session(
# user_id=user.user_id,
# session_key=session_key,
# ip_address=ip,
# login_yn='N',
# logout_date=now
# ).save()
# return Response('이미 로그아웃 상태입니다.', status=202)
# louout session insert
Session(user_id=user.user_id,
session_key=session_key,
ip_address=ip,
login_yn='N',
logout_date=now).save()
# user logout_date set
queryset = User.objects.all().filter(user_id=user.user_id,
del_yn='N')
queryset.update(last_logout=now, modify_date=now)
return Response('Logout Success', status=200)
else:
return Response('올바른 세션값이 아닙니다.', status=401)
except Exception as e:
print('delete_error', e)
return Response('올바른 세션값이 아닙니다.', status=500)
def get_redirect_url(self, *args, **kwargs):
url = get_object_or_404(Url, hashed_url=kwargs['hashed_url'])
# Check if it's outdated
if datetime.date.today() > url.expires_after:
url.delete()
return "../"
# Check if it's reached the max clicks threshold
elif url.clicks >= url.expires_after_x_clicks and url.expires_after_x_clicks != 0:
url.delete()
return "../"
else:
# Add a history entry
current_IP, is_routable = get_client_ip(self.request)
History.objects.create(url=url, ip_address=current_IP)
# Increment clicks
url.clicks = History.objects.filter(url=url).count()
url.save()
return convert_text_to_url(url.original_url)
def HandleLogin(request):
response = {}
try:
param = request.body
paramt = json.loads(param)
msg, code = UserLogin(paramt)
if code == 0: # 密码验证正确
ip_addr = get_client_ip(request)
u_st = UserStatus()
u_addr = UserIpAddr()
u_st.UserOnline(paramt['useraccount'])
u_addr.AddAddr(paramt['useraccount'], ip_addr[0])
# 请求通讯录
response['msg'] = 'ok'
response['error_num'] = 0
return JsonResponse(response)
else:
response = {'msg': msg, 'error_num': code}
return JsonResponse(response)
except Exception as e:
response = {'msg': 'failed ' + str(e), 'error_num': -300300}
return JsonResponse(response)
