def login_with_lockout(request, template_name='wagtailadmin/login.html'):
"""
Displays the login form and handles the login action.
"""
redirect_to = request.POST.get(REDIRECT_FIELD_NAME,
request.GET.get(REDIRECT_FIELD_NAME, ''))
# redirects to http://example.com should not be allowed
if redirect_to:
if '//' in redirect_to:
redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
if request.method == "POST":
form = LoginForm(request, data=request.POST)
if form.is_valid():
# Ensure the user-originating redirection url is safe.
if not is_safe_url(url=redirect_to, host=request.get_host()):
redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
user = form.get_user()
try:
user.failedloginattempt.delete()
except ObjectDoesNotExist:
pass
login(request, form.get_user())
return HttpResponseRedirect('/login/check_permissions/?next=' +
redirect_to)
else:
if request.user.is_authenticated():
return HttpResponseRedirect('/login/check_permissions/?next=' +
redirect_to)
form = LoginForm(request)
current_site = get_current_site(request)
context = {
'form': form,
REDIRECT_FIELD_NAME: redirect_to,
'site': current_site,
'site_name': current_site.name,
}
context.update({
'show_password_reset': account.password_reset_enabled(),
'username_field': get_user_model().USERNAME_FIELD,
})
return TemplateResponse(request, template_name, context)
def login_with_lockout(request, template_name='wagtailadmin/login.html'):
"""
Displays the login form and handles the login action.
"""
redirect_to = request.POST.get(REDIRECT_FIELD_NAME,
request.GET.get(REDIRECT_FIELD_NAME, ''))
# redirects to http://example.com should not be allowed
if redirect_to:
if '//' in redirect_to:
redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
if request.method == "POST":
form = LoginForm(request, data=request.POST)
if form.is_valid():
# Ensure the user-originating redirection url is safe.
if not is_safe_url(url=redirect_to, host=request.get_host()):
redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
user = form.get_user()
try:
user.failedloginattempt.delete()
except ObjectDoesNotExist:
pass
login(request, form.get_user())
return HttpResponseRedirect(
'/login/check_permissions/?next=' + redirect_to)
else:
if request.user.is_authenticated():
return HttpResponseRedirect(
'/login/check_permissions/?next=' + redirect_to)
form = LoginForm(request)
current_site = get_current_site(request)
context = {
'form': form,
REDIRECT_FIELD_NAME: redirect_to,
'site': current_site,
'site_name': current_site.name,
}
context.update({'show_password_reset': account.password_reset_enabled(),
'username_field': get_user_model().USERNAME_FIELD, })
return TemplateResponse(request, template_name, context)
def login(request):
# Since we're not logged in yet, get_logger()'s logger will not be bound
# with the username, so we add that here.
if request.user.is_authenticated and request.user.has_perm(
'wagtailadmin.access_admin'):
# User is already logged in. Just redirect them to wagtail home.
return redirect('wagtailadmin_home')
else:
# This code is adapted from django.contrib.auth.login(), to allow us to log login successes and failures.
username = request.POST.get(get_user_model().USERNAME_FIELD)
redirect_to = request.POST.get(
REDIRECT_FIELD_NAME, request.GET.get(REDIRECT_FIELD_NAME, ''))
if request.method == 'POST':
form = MultitenantLoginForm(request, data=request.POST)
if form.is_valid():
# Ensure the user-originating redirection url is safe.
if not is_safe_url(url=redirect_to,
allowed_hosts=[request.get_host()]):
redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
# Okay, security check complete. Log the user in.
auth_login(request, form.get_user())
# Normally we wouldn't need to override the username here, because request.user is now a real User, but
# because a LocalUser's username is prefixed with their Site's hostname, we log the username string
# they actually logged in with.
logger.info('auth.login.success', username=username)
return HttpResponseRedirect(redirect_to)
else:
logger.warning('auth.login.failed', username=username)
else:
form = MultitenantLoginForm(request)
current_site = get_current_site(request)
context = {
'form': form,
REDIRECT_FIELD_NAME: redirect_to,
'site': current_site,
'site_name': current_site.name,
'show_password_reset': password_reset_enabled(),
'username_field': get_user_model().USERNAME_FIELD,
}
return TemplateResponse(request, 'wagtailadmin/login.html', context)