def login_with_lockout(request, template_name='wagtailadmin/login.html'): """ Displays the login form and handles the login action. """ redirect_to = request.POST.get(REDIRECT_FIELD_NAME, request.GET.get(REDIRECT_FIELD_NAME, '')) # redirects to http://example.com should not be allowed if redirect_to: if '//' in redirect_to: redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL) if request.method == "POST": form = LoginForm(request, data=request.POST) if form.is_valid(): # Ensure the user-originating redirection url is safe. if not is_safe_url(url=redirect_to, host=request.get_host()): redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL) user = form.get_user() try: user.failedloginattempt.delete() except ObjectDoesNotExist: pass login(request, form.get_user()) return HttpResponseRedirect('/login/check_permissions/?next=' + redirect_to) else: if request.user.is_authenticated(): return HttpResponseRedirect('/login/check_permissions/?next=' + redirect_to) form = LoginForm(request) current_site = get_current_site(request) context = { 'form': form, REDIRECT_FIELD_NAME: redirect_to, 'site': current_site, 'site_name': current_site.name, } context.update({ 'show_password_reset': account.password_reset_enabled(), 'username_field': get_user_model().USERNAME_FIELD, }) return TemplateResponse(request, template_name, context)
def login_with_lockout(request, template_name='wagtailadmin/login.html'): """ Displays the login form and handles the login action. """ redirect_to = request.POST.get(REDIRECT_FIELD_NAME, request.GET.get(REDIRECT_FIELD_NAME, '')) # redirects to http://example.com should not be allowed if redirect_to: if '//' in redirect_to: redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL) if request.method == "POST": form = LoginForm(request, data=request.POST) if form.is_valid(): # Ensure the user-originating redirection url is safe. if not is_safe_url(url=redirect_to, host=request.get_host()): redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL) user = form.get_user() try: user.failedloginattempt.delete() except ObjectDoesNotExist: pass login(request, form.get_user()) return HttpResponseRedirect( '/login/check_permissions/?next=' + redirect_to) else: if request.user.is_authenticated(): return HttpResponseRedirect( '/login/check_permissions/?next=' + redirect_to) form = LoginForm(request) current_site = get_current_site(request) context = { 'form': form, REDIRECT_FIELD_NAME: redirect_to, 'site': current_site, 'site_name': current_site.name, } context.update({'show_password_reset': account.password_reset_enabled(), 'username_field': get_user_model().USERNAME_FIELD, }) return TemplateResponse(request, template_name, context)
def login(request): # Since we're not logged in yet, get_logger()'s logger will not be bound # with the username, so we add that here. if request.user.is_authenticated and request.user.has_perm( 'wagtailadmin.access_admin'): # User is already logged in. Just redirect them to wagtail home. return redirect('wagtailadmin_home') else: # This code is adapted from django.contrib.auth.login(), to allow us to log login successes and failures. username = request.POST.get(get_user_model().USERNAME_FIELD) redirect_to = request.POST.get( REDIRECT_FIELD_NAME, request.GET.get(REDIRECT_FIELD_NAME, '')) if request.method == 'POST': form = MultitenantLoginForm(request, data=request.POST) if form.is_valid(): # Ensure the user-originating redirection url is safe. if not is_safe_url(url=redirect_to, allowed_hosts=[request.get_host()]): redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL) # Okay, security check complete. Log the user in. auth_login(request, form.get_user()) # Normally we wouldn't need to override the username here, because request.user is now a real User, but # because a LocalUser's username is prefixed with their Site's hostname, we log the username string # they actually logged in with. logger.info('auth.login.success', username=username) return HttpResponseRedirect(redirect_to) else: logger.warning('auth.login.failed', username=username) else: form = MultitenantLoginForm(request) current_site = get_current_site(request) context = { 'form': form, REDIRECT_FIELD_NAME: redirect_to, 'site': current_site, 'site_name': current_site.name, 'show_password_reset': password_reset_enabled(), 'username_field': get_user_model().USERNAME_FIELD, } return TemplateResponse(request, 'wagtailadmin/login.html', context)