def _login_view(request): if DEBUG: print("auth debug mode is on!") if not request.is_ajax(): # Do nothing, if it's not a ajax request. if settings.DEBUG: messages.error(request, "Ignore login request, because it's not AJAX.") return if request.method != 'GET': debug_msg = "request method %r wrong, only GET allowed" % request.method return bad_request(APP_LABEL, "_login_view() error", debug_msg) # Return HttpResponseBadRequest next_url = request.GET.get("next_url", request.path) if "//" in next_url: # FIXME: How to validate this better? # Don't redirect to other pages. debug_msg = "next url %r seems to be wrong!" % next_url return bad_request(APP_LABEL, "_login_view() error", debug_msg) # Return HttpResponseBadRequest form = ShaLoginForm() # create a new challenge and add it to session challenge = _get_challenge(request) context = { "challenge": challenge, "salt_len": crypt.SALT_LEN, "hash_len": crypt.HASH_LEN, "get_salt_url": request.path + "?auth=get_salt", "sha_auth_url": request.path + "?auth=sha_auth", "next_url": next_url, "form": form, "pass_reset_link": "#TODO", } # IMPORTANT: We must do the following, so that the # CsrfViewMiddleware.process_response() would set the CSRF_COOKIE # see also # https://github.com/jedie/PyLucid/issues/61 # XXX in Django => 1.4 we can use @ensure_csrf_cookie # https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#django.views.decorators.csrf.ensure_csrf_cookie request.META["CSRF_COOKIE_USED"] = True # return a string for replacing the normal cms page content return ajax_response(request, 'auth/sha_form.html', context, context_instance=RequestContext(request))
def _login_view(request): """ For better JavaScript debugging: Enable settings.DEBUG and request the page via GET with: "...?auth=login" """ if DEBUG: print("auth debug mode is on!") if request.method != 'GET': debug_msg = "request method %r wrong, only GET allowed" % request.method return bad_request(APP_LABEL, "_login_view() error", debug_msg) # Return HttpResponseBadRequest next_url = request.GET.get("next_url", request.path) if "//" in next_url: # FIXME: How to validate this better? # Don't redirect to other pages. debug_msg = "next url %r seems to be wrong!" % next_url return bad_request(APP_LABEL, "_login_view() error", debug_msg) # Return HttpResponseBadRequest form = ShaLoginForm() # create a new challenge and add it to session challenge = _get_challenge(request) try: # url from django-authopenid, only available if the urls.py are included reset_link = urlresolvers.reverse("auth_password_reset") except urlresolvers.NoReverseMatch: try: # DjangoBB glue plugin adds the urls from django-authopenid reset_link = PluginPage.objects.reverse("djangobb_plugin", "auth_password_reset") except KeyError: # plugin is not installed reset_link = None except urlresolvers.NoReverseMatch: # plugin is installed, but not in used (no PluginPage created) reset_link = None loop_count = _get_loop_count() # get "loop_count" from AuthPreferencesForm context = { "challenge": challenge, "old_salt_len": crypt.OLD_SALT_LEN, "salt_len": crypt.SALT_LEN, "hash_len": crypt.HASH_LEN, "loop_count": loop_count, "get_salt_url": request.path + "?auth=get_salt", "sha_auth_url": request.path + "?auth=sha_auth", "next_url": next_url, "form": form, "pass_reset_link": reset_link, } # IMPORTANT: We must do the following, so that the # CsrfViewMiddleware.process_response() would set the CSRF_COOKIE # see also # https://github.com/jedie/PyLucid/issues/61 # XXX in Django => 1.4 we can use @ensure_csrf_cookie # https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#django.views.decorators.csrf.ensure_csrf_cookie request.META["CSRF_COOKIE_USED"] = True # return a string for replacing the normal cms page content if not request.is_ajax(): response = render_to_response('auth/sha_form_debug.html', context, context_instance=RequestContext(request)) else: response = ajax_response(request, 'auth/sha_form.html', context, context_instance=RequestContext(request)) return response
def _login_view(request): """ For better JavaScript debugging: Enable settings.DEBUG and request the page via GET with: "...?auth=login" """ if DEBUG: print ("auth debug mode is on!") if request.method != "GET": debug_msg = "request method %r wrong, only GET allowed" % request.method return bad_request(APP_LABEL, "_login_view() error", debug_msg) # Return HttpResponseBadRequest next_url = request.GET.get("next_url", request.path) if "//" in next_url: # FIXME: How to validate this better? # Don't redirect to other pages. debug_msg = "next url %r seems to be wrong!" % next_url return bad_request(APP_LABEL, "_login_view() error", debug_msg) # Return HttpResponseBadRequest form = ShaLoginForm() # create a new challenge and add it to session challenge = _get_challenge(request) try: # url from django-authopenid, only available if the urls.py are included reset_link = urlresolvers.reverse("auth_password_reset") except urlresolvers.NoReverseMatch: try: # DjangoBB glue plugin adds the urls from django-authopenid reset_link = PluginPage.objects.reverse("djangobb_plugin", "auth_password_reset") except KeyError: # plugin is not installed reset_link = None except urlresolvers.NoReverseMatch: # plugin is installed, but not in used (no PluginPage created) reset_link = None loop_count = _get_loop_count() # get "loop_count" from AuthPreferencesForm context = { "challenge": challenge, "old_salt_len": crypt.OLD_SALT_LEN, "salt_len": crypt.SALT_LEN, "hash_len": crypt.HASH_LEN, "loop_count": loop_count, "get_salt_url": request.path + "?auth=get_salt", "sha_auth_url": request.path + "?auth=sha_auth", "next_url": next_url, "form": form, "pass_reset_link": reset_link, } # IMPORTANT: We must do the following, so that the # CsrfViewMiddleware.process_response() would set the CSRF_COOKIE # see also # https://github.com/jedie/PyLucid/issues/61 # XXX in Django => 1.4 we can use @ensure_csrf_cookie # https://docs.djangoproject.com/en/dev/ref/contrib/csrf/#django.views.decorators.csrf.ensure_csrf_cookie request.META["CSRF_COOKIE_USED"] = True # return a string for replacing the normal cms page content if not request.is_ajax(): response = render_to_response("auth/sha_form_debug.html", context, context_instance=RequestContext(request)) else: response = ajax_response(request, "auth/sha_form.html", context, context_instance=RequestContext(request)) return response