def sys_sudo_mode(request): if request.method not in ('GET', 'POST'): return HttpResponseNotAllowed # here we can't use @sys_staff_required if not request.user.is_staff: raise Http404 next_page = request.GET.get('next', reverse('sys_info')) password_error = False if request.method == 'POST': password = request.POST.get('password') username = request.user.username ip = get_remote_ip(request) if password: user = authenticate(username=username, password=password) if user: update_sudo_mode_ts(request) from seahub.auth.utils import clear_login_failed_attempts clear_login_failed_attempts(request, username) return HttpResponseRedirect(next_page) password_error = True from seahub.auth.utils import get_login_failed_attempts, incr_login_failed_attempts failed_attempt = get_login_failed_attempts(username=username, ip=ip) if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: # logout user from seahub.auth import logout logout(request) return HttpResponseRedirect(reverse('auth_login')) else: incr_login_failed_attempts(username=username, ip=ip) enable_shib_login = getattr(settings, 'ENABLE_SHIB_LOGIN', False) enable_adfs_login = getattr(settings, 'ENABLE_ADFS_LOGIN', False) return render( request, 'sysadmin/sudo_mode.html', { 'password_error': password_error, 'enable_sso': enable_shib_login or enable_adfs_login, 'next': next_page, })
def login(request, template_name='registration/login.html', redirect_if_logged_in=None, redirect_field_name=REDIRECT_FIELD_NAME, authentication_form=AuthenticationForm): """Displays the login form and handles the login action.""" if request.user.is_authenticated() and redirect_if_logged_in: return HttpResponseRedirect(reverse(redirect_if_logged_in)) redirect_to = request.GET.get(redirect_field_name, '') ip = get_remote_ip(request) if request.method == "POST": login = request.POST.get('login', '').strip() failed_attempt = get_login_failed_attempts(username=login, ip=ip) remember_me = True if request.POST.get('remember_me', '') == 'on' else False redirect_to = request.POST.get(redirect_field_name, '') or redirect_to # check the form used_captcha_already = False if bool(config.FREEZE_USER_ON_LOGIN_FAILED) is True: form = authentication_form(data=request.POST) else: if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: form = CaptchaAuthenticationForm(data=request.POST) used_captcha_already = True else: form = authentication_form(data=request.POST) if form.is_valid(): return _handle_login_form_valid(request, form.get_user(), redirect_to, remember_me) # form is invalid user_logged_in_failed.send(sender=None, request=request) failed_attempt = incr_login_failed_attempts(username=login, ip=ip) if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: if bool(config.FREEZE_USER_ON_LOGIN_FAILED) is True: # log user in if password is valid otherwise freeze account logger.warn( 'Login attempt limit reached, try freeze the user, email/username: %s, ip: %s, attemps: %d' % (login, ip, failed_attempt)) email = Profile.objects.get_username_by_login_id(login) if email is None: email = login try: user = User.objects.get(email) if user.is_active: user.freeze_user(notify_admins=True) logger.warn( 'Login attempt limit reached, freeze the user email/username: %s, ip: %s, attemps: %d' % (login, ip, failed_attempt)) except User.DoesNotExist: logger.warn( 'Login attempt limit reached with invalid email/username: %s, ip: %s, attemps: %d' % (login, ip, failed_attempt)) pass form.errors['freeze_account'] = _( 'This account has been frozen due to too many failed login attempts.' ) else: # use a new form with Captcha logger.warn( 'Login attempt limit reached, show Captcha, email/username: %s, ip: %s, attemps: %d' % (login, ip, failed_attempt)) if not used_captcha_already: form = CaptchaAuthenticationForm() else: ### GET failed_attempt = get_login_failed_attempts(ip=ip) if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: if bool(config.FREEZE_USER_ON_LOGIN_FAILED) is True: form = authentication_form() else: logger.warn( 'Login attempt limit reached, show Captcha, ip: %s, attempts: %d' % (ip, failed_attempt)) form = CaptchaAuthenticationForm() else: form = authentication_form() request.session.set_test_cookie() current_site = get_current_site(request) multi_tenancy = getattr(settings, 'MULTI_TENANCY', False) if config.ENABLE_SIGNUP: if multi_tenancy: org_account_only = getattr(settings, 'FORCE_ORG_REGISTER', False) if org_account_only: signup_url = reverse('org_register') else: signup_url = reverse('choose_register') else: signup_url = reverse('registration_register') else: signup_url = '' enable_sso = getattr(settings, 'ENABLE_SHIB_LOGIN', False) or \ getattr(settings, 'ENABLE_KRB5_LOGIN', False) or \ getattr(settings, 'ENABLE_ADFS_LOGIN', False) or \ getattr(settings, 'ENABLE_OAUTH', False) or \ getattr(settings, 'ENABLE_CAS', False) login_bg_image_path = get_login_bg_image_path() return render( request, template_name, { 'form': form, redirect_field_name: redirect_to, 'site': current_site, 'site_name': get_site_name(), 'remember_days': config.LOGIN_REMEMBER_DAYS, 'signup_url': signup_url, 'enable_sso': enable_sso, 'login_bg_image_path': login_bg_image_path, })