def login_with_lockout(request, template_name='wagtailadmin/login.html'):
"""
Displays the login form and handles the login action.
"""
redirect_to = request.POST.get(REDIRECT_FIELD_NAME,
request.GET.get(REDIRECT_FIELD_NAME, ''))
# Redirects to https://example.com should not be allowed.
if redirect_to:
if '//' in redirect_to:
redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
if request.method == "POST":
form = LoginForm(request, data=request.POST)
if form.is_valid():
# Ensure the user-originating redirection url is safe.
if django.VERSION > (2, 0):
if not is_safe_url(url=redirect_to,
allowed_hosts=request.get_host()):
redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
else:
if not is_safe_url(url=redirect_to, host=request.get_host()):
redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
user = form.get_user()
try:
user.failedloginattempt.delete()
except ObjectDoesNotExist:
pass
login(request, form.get_user())
return HttpResponseRedirect('/login/check_permissions/?next=' +
redirect_to)
else:
if request.user.is_authenticated:
return HttpResponseRedirect('/login/check_permissions/?next=' +
redirect_to)
form = LoginForm(request)
current_site = get_current_site(request)
context = {
'form': form,
REDIRECT_FIELD_NAME: redirect_to,
'site': current_site,
'site_name': current_site.name,
}
context.update({
'show_password_reset': account.password_reset_enabled(),
'username_field': get_user_model().USERNAME_FIELD,
})
return TemplateResponse(request, template_name, context)
def wrapper(*args, **kwargs):
if not account.password_reset_enabled():
raise Http404
return view_func(*args, **kwargs)
