def logout( request, next_page=None, template_name="registration/logged_out.html", redirect_field_name=REDIRECT_FIELD_NAME ): "Logs out the user and displays 'You are logged out' message." from seahub.auth import logout logout(request) if redirect_field_name in request.REQUEST: next_page = request.REQUEST[redirect_field_name] # Security check -- don't allow redirection to a different host. if not is_safe_url(url=next_page, host=request.get_host()): next_page = request.path if next_page is None: redirect_to = request.REQUEST.get(redirect_field_name, "") if redirect_to: return HttpResponseRedirect(redirect_to) else: return render_to_response( template_name, {"title": _("Logged out")}, context_instance=RequestContext(request) ) else: # Redirect to this page until the session has been cleared. return HttpResponseRedirect(next_page or request.path)
def logout(request, next_page=None, template_name='registration/logged_out.html', redirect_field_name=REDIRECT_FIELD_NAME): "Logs out the user and displays 'You are logged out' message." from seahub.auth import logout logout(request) if redirect_field_name in request.REQUEST: next_page = request.REQUEST[redirect_field_name] # Security check -- don't allow redirection to a different host. if not is_safe_url(url=next_page, host=request.get_host()): next_page = request.path if next_page is None: redirect_to = request.REQUEST.get(redirect_field_name, '') if redirect_to: return HttpResponseRedirect(redirect_to) else: return render_to_response(template_name, {'title': _('Logged out')}, context_instance=RequestContext(request)) else: # Redirect to this page until the session has been cleared. return HttpResponseRedirect(next_page or request.path)
def logout(request, next_page=None, template_name='registration/logged_out.html', redirect_field_name=REDIRECT_FIELD_NAME): "Logs out the user and displays 'You are logged out' message." from seahub.auth import logout logout(request) # Local logout for shibboleth user. shib_logout_url = getattr(settings, 'SHIBBOLETH_LOGOUT_URL', '') if getattr(settings, 'ENABLE_SHIB_LOGIN', False) and shib_logout_url: shib_logout_return = getattr(settings, 'SHIBBOLETH_LOGOUT_RETURN', '') if shib_logout_return: shib_logout_url += shib_logout_return return HttpResponseRedirect(shib_logout_url) # Local logout for cas user. if getattr(settings, 'ENABLE_CAS', False): return HttpResponseRedirect(reverse('cas_ng_logout')) if redirect_field_name in request.GET: next_page = request.GET[redirect_field_name] # Security check -- don't allow redirection to a different host. if not is_safe_url(url=next_page, host=request.get_host()): next_page = request.path if next_page is None: redirect_to = request.GET.get(redirect_field_name, '') if redirect_to: return HttpResponseRedirect(redirect_to) else: return render(request, template_name, {'title': _('Logged out')}) else: # Redirect to this page until the session has been cleared. return HttpResponseRedirect(next_page or request.path)
def logout(request, next_page=None, template_name='registration/logged_out.html', redirect_field_name=REDIRECT_FIELD_NAME): "Logs out the user and displays 'You are logged out' message." from seahub.auth import logout logout(request) # Local logout for shibboleth user. shib_logout_url = getattr(settings, 'SHIBBOLETH_LOGOUT_URL', '') if getattr(settings, 'ENABLE_SHIB_LOGIN', False) and shib_logout_url: shib_logout_return = getattr(settings, 'SHIBBOLETH_LOGOUT_RETURN', '') if shib_logout_return: shib_logout_url += shib_logout_return response = HttpResponseRedirect(shib_logout_url) response.delete_cookie('seahub_auth') return response # Local logout for cas user. if getattr(settings, 'ENABLE_CAS', False): response = HttpResponseRedirect(reverse('cas_ng_logout')) response.delete_cookie('seahub_auth') return response from seahub.settings import LOGOUT_REDIRECT_URL if LOGOUT_REDIRECT_URL: response = HttpResponseRedirect(LOGOUT_REDIRECT_URL) response.delete_cookie('seahub_auth') return response if redirect_field_name in request.GET: next_page = request.GET[redirect_field_name] # Security check -- don't allow redirection to a different host. if not is_safe_url(url=next_page, allowed_hosts=request.get_host()): next_page = request.path if next_page is None: redirect_to = request.GET.get(redirect_field_name, '') if redirect_to: response = HttpResponseRedirect(redirect_to) else: response = render( request, template_name, { 'title': _('Logged out'), 'request_from_onlyoffice_desktop_editor': ONLYOFFICE_DESKTOP_EDITOR_HTTP_USER_AGENT in request.META.get('HTTP_USER_AGENT', ''), }) else: # Redirect to this page until the session has been cleared. response = HttpResponseRedirect(next_page or request.path) response.delete_cookie('seahub_auth') return response
def _remove_invalid_user(self, request): """ Removes the current authenticated user in the request which is invalid but only if the user is authenticated via the SeafileRemoteUserBackend. """ try: backend_str = request.session[auth.BACKEND_SESSION_KEY] backend = auth.load_backend(backend_str) except ImportError: # backend failed to load auth.logout(request) else: if isinstance(backend, SeafileRemoteUserBackend): auth.logout(request)
def logout(request, next_page=None, template_name='registration/logged_out.html', redirect_field_name=REDIRECT_FIELD_NAME): "Logs out the user and displays 'You are logged out' message." from seahub.auth import logout logout(request) if next_page is None: redirect_to = request.REQUEST.get(redirect_field_name, '') if redirect_to: return HttpResponseRedirect(redirect_to) else: return render_to_response(template_name, { 'title': _('Logged out') }, context_instance=RequestContext(request)) else: # Redirect to this page until the session has been cleared. return HttpResponseRedirect(next_page or request.path)
def sys_sudo_mode(request): if request.method not in ('GET', 'POST'): return HttpResponseNotAllowed # here we can't use @sys_staff_required if not request.user.is_staff: raise Http404 next_page = request.GET.get('next', reverse('sys_info')) password_error = False if request.method == 'POST': password = request.POST.get('password') username = request.user.username ip = get_remote_ip(request) if password: user = authenticate(username=username, password=password) if user: update_sudo_mode_ts(request) from seahub.auth.utils import clear_login_failed_attempts clear_login_failed_attempts(request, username) return HttpResponseRedirect(next_page) password_error = True from seahub.auth.utils import get_login_failed_attempts, incr_login_failed_attempts failed_attempt = get_login_failed_attempts(username=username, ip=ip) if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: # logout user from seahub.auth import logout logout(request) return HttpResponseRedirect(reverse('auth_login')) else: incr_login_failed_attempts(username=username, ip=ip) enable_shib_login = getattr(settings, 'ENABLE_SHIB_LOGIN', False) enable_adfs_login = getattr(settings, 'ENABLE_ADFS_LOGIN', False) return render( request, 'sysadmin/sudo_mode.html', { 'password_error': password_error, 'enable_sso': enable_shib_login or enable_adfs_login, 'next': next_page, })
def process_request(self, request): # AuthenticationMiddleware is required so that request.user exists. if not hasattr(request, 'user'): raise ImproperlyConfigured( "The Django remote user auth middleware requires the" " authentication middleware to be installed. Edit your" " MIDDLEWARE_CLASSES setting to insert" " 'django.contrib.auth.middleware.AuthenticationMiddleware'" " before the RemoteUserMiddleware class.") try: username = request.META[self.header] except KeyError: # If specified header doesn't exist then return # directly(request.user could be AnonymousUser or authed user set # by AuthenticationMiddleware) return if settings.KRB5_USERNAME_SUFFIX: username = username.split('@')[0] + settings.KRB5_USERNAME_SUFFIX # If the user is already authenticated and that user is the user we are # getting passed in the headers, then the correct user is already # persisted in the session and we don't need to continue. # If the authenticated user is not the user getting from header, then # logout the user. if request.user.is_authenticated: if request.user.username == self.clean_username(username, request): request.krb5_login = True return else: auth.logout(request) # We are seeing this user for the first time in this session, attempt # to authenticate the user. user = auth.authenticate(remote_user=username) if user and user.is_active: # User is valid. Set request.user and persist user in the session # by logging the user in. request.user = user auth.login(request, user) request.krb5_login = True else: # explicit redirect to login url to avoid redirect loop in some case return HttpResponseRedirect(settings.LOGIN_URL)
def logout_then_login(request, login_url=None): "Logs out the user if he is logged in. Then redirects to the log-in page." if not login_url: login_url = settings.LOGIN_URL return logout(request, login_url)