def signin(request):
"""
signin page. It manages the legacy authentification (user/password)
and openid authentification
url: /signin/
template : authopenid/signin.htm
"""
logging.debug('in signin view')
on_failure = signin_failure
email_feeds_form = askbot_forms.SimpleEmailSubscribeForm()
next_url = get_next_url(request)
logging.debug('next url is %s' % next_url)
if askbot_settings.ALLOW_ADD_REMOVE_LOGIN_METHODS == False \
and request.user.is_authenticated():
return HttpResponseRedirect(next_url)
if next_url == reverse('user_signin'):
next_url = '%(next)s?next=%(next)s' % {'next': next_url}
login_form = forms.LoginForm(initial = {'next': next_url})
#todo: get next url make it sticky if next is 'user_signin'
if request.method == 'POST':
login_form = forms.LoginForm(request.POST)
if login_form.is_valid():
provider_name = login_form.cleaned_data['login_provider_name']
if login_form.cleaned_data['login_type'] == 'password':
password_action = login_form.cleaned_data['password_action']
if askbot_settings.USE_LDAP_FOR_PASSWORD_LOGIN:
assert(password_action == 'login')
ldap_provider_name = askbot_settings.LDAP_PROVIDER_NAME
username = login_form.cleaned_data['username']
if util.ldap_check_password(
username,
login_form.cleaned_data['password']
):
user = authenticate(
ldap_user_id = username,
provider_name = ldap_provider_name,
method = 'ldap'
)
if user is not None:
login(request, user)
return HttpResponseRedirect(next_url)
else:
return finalize_generic_signin(
request = request,
user = user,
user_identifier = username,
login_provider_name = ldap_provider_name,
redirect_url = next_url
)
else:
login_form.set_password_login_error()
else:
if password_action == 'login':
user = authenticate(
username = login_form.cleaned_data['username'],
password = login_form.cleaned_data['password'],
provider_name = provider_name,
method = 'password'
)
if user is None:
login_form.set_password_login_error()
else:
login(request, user)
#todo: here we might need to set cookies
#for external login sites
return HttpResponseRedirect(next_url)
elif password_action == 'change_password':
if request.user.is_authenticated():
new_password = \
login_form.cleaned_data['new_password']
AuthBackend.set_password(
user=request.user,
password=new_password,
provider_name=provider_name
)
request.user.message_set.create(
message = _('Your new password saved')
)
return HttpResponseRedirect(next_url)
else:
logging.critical(
'unknown password action %s' % password_action
)
raise Http404
elif login_form.cleaned_data['login_type'] == 'openid':
#initiate communication process
logging.debug('processing signin with openid submission')
#todo: make a simple-use wrapper for openid protocol
sreg_req = sreg.SRegRequest(optional=['nickname', 'email'])
redirect_to = "%s%s?%s" % (
get_url_host(request),
reverse('user_complete_signin'),
urllib.urlencode({'next':next_url})
)
return ask_openid(
request,
login_form.cleaned_data['openid_url'],
redirect_to,
on_failure=signin_failure,
sreg_request=sreg_req
)
elif login_form.cleaned_data['login_type'] == 'oauth':
try:
#this url may need to have "next" piggibacked onto
callback_url = reverse('user_complete_oauth_signin')
connection = util.OAuthConnection(
provider_name,
callback_url = callback_url
)
connection.start()
request.session['oauth_token'] = connection.get_token()
request.session['oauth_provider_name'] = provider_name
request.session['next_url'] = next_url#special case for oauth
oauth_url = connection.get_auth_url(login_only = False)
return HttpResponseRedirect(oauth_url)
except util.OAuthError, e:
logging.critical(unicode(e))
msg = _('Unfortunately, there was some problem when '
'connecting to %(provider)s, please try again '
'or use another provider'
) % {'provider': provider_name}
request.user.message_set.create(message = msg)
elif login_form.cleaned_data['login_type'] == 'facebook':
#have to redirect for consistency
#there is a requirement that 'complete_signin'
try:
#this call may raise FacebookError
user_id = util.get_facebook_user_id(request)
user = authenticate(
method = 'facebook',
facebook_user_id = user_id
)
return finalize_generic_signin(
request = request,
user = user,
user_identifier = user_id,
login_provider_name = provider_name,
redirect_url = next_url
)
except util.FacebookError, e:
logging.critical(unicode(e))
msg = _('Unfortunately, there was some problem when '
'connecting to %(provider)s, please try again '
'or use another provider'
) % {'provider': 'Facebook'}
request.user.message_set.create(message = msg)
else:
#raise 500 error - unknown login type
pass
def signin(
request,
newquestion=False, #todo: not needed
newanswer=False, #todo: not needed
):
"""
signin page. It manages the legacy authentification (user/password)
and openid authentification
url: /signin/
template : authopenid/signin.htm
"""
logging.debug('in signin view')
on_failure = signin_failure
email_feeds_form = askbot_forms.SimpleEmailSubscribeForm()
next_url = get_next_url(request)
logging.debug('next url is %s' % next_url)
if next_url == reverse('user_signin'):
next_url = '%(next)s?next=%(next)s' % {'next': next_url}
login_form = forms.LoginForm(initial={'next': next_url})
#todo: get next url make it sticky if next is 'user_signin'
if request.method == 'POST':
login_form = forms.LoginForm(request.POST)
if login_form.is_valid():
provider_name = login_form.cleaned_data['login_provider_name']
if login_form.cleaned_data['login_type'] == 'password':
password_action = login_form.cleaned_data['password_action']
if askbot_settings.USE_LDAP_FOR_PASSWORD_LOGIN:
assert (password_action == 'login')
ldap_provider_name = askbot_settings.LDAP_PROVIDER_NAME
username = login_form.cleaned_data['username']
if util.ldap_check_password(
username, login_form.cleaned_data['password']):
user = authenticate(ldap_user_id=username,
provider_name=ldap_provider_name,
method='ldap')
if user is not None:
login(request, user)
return HttpResponseRedirect(next_url)
else:
return finalize_generic_signin(
request=request,
user=user,
user_identifier=username,
login_provider_name=ldap_provider_name,
redirect_url=next_url)
else:
if password_action == 'login':
user = authenticate(
username=login_form.cleaned_data['username'],
password=login_form.cleaned_data['password'],
provider_name=provider_name,
method='password')
if user is None:
login_form.set_password_login_error()
else:
login(request, user)
#todo: here we might need to set cookies
#for external login sites
return HttpResponseRedirect(next_url)
elif password_action == 'change_password':
if request.user.is_authenticated():
new_password = \
login_form.cleaned_data['new_password']
AuthBackend.set_password(
user=request.user,
password=new_password,
provider_name=provider_name)
request.user.message_set.create(
message=_('Your new password saved'))
return HttpResponseRedirect(next_url)
else:
logging.critical('unknown password action %s' %
password_action)
raise Http404
elif login_form.cleaned_data['login_type'] == 'openid':
#initiate communication process
logging.debug('processing signin with openid submission')
#todo: make a simple-use wrapper for openid protocol
sreg_req = sreg.SRegRequest(optional=['nickname', 'email'])
redirect_to = "%s%s?%s" % (
get_url_host(request), reverse('user_complete_signin'),
urllib.urlencode({'next': next_url}))
return ask_openid(request,
login_form.cleaned_data['openid_url'],
redirect_to,
on_failure=signin_failure,
sreg_request=sreg_req)
elif login_form.cleaned_data['login_type'] == 'oauth':
try:
#this url may need to have "next" piggibacked onto
callback_url = reverse('user_complete_oauth_signin')
connection = util.OAuthConnection(
provider_name, callback_url=callback_url)
connection.start()
request.session['oauth_token'] = connection.get_token()
request.session['oauth_provider_name'] = provider_name
request.session[
'next_url'] = next_url #special case for oauth
oauth_url = connection.get_auth_url(login_only=False)
return HttpResponseRedirect(oauth_url)
except util.OAuthError, e:
logging.critical(unicode(e))
msg = _('Unfortunately, there was some problem when '
'connecting to %(provider)s, please try again '
'or use another provider') % {
'provider': provider_name
}
request.user.message_set.create(message=msg)
elif login_form.cleaned_data['login_type'] == 'facebook':
#have to redirect for consistency
#there is a requirement that 'complete_signin'
try:
#this call may raise FacebookError
user_id = util.get_facebook_user_id(request)
user = authenticate(method='facebook',
facebook_user_id=user_id)
return finalize_generic_signin(
request=request,
user=user,
user_identifier=user_id,
login_provider_name=provider_name,
redirect_url=next_url)
except util.FacebookError, e:
logging.critical(unicode(e))
msg = _('Unfortunately, there was some problem when '
'connecting to %(provider)s, please try again '
'or use another provider') % {
'provider': 'Facebook'
}
request.user.message_set.create(message=msg)
else:
#raise 500 error - unknown login type
pass
def signin(request):
"""
signin page. It manages the legacy authentification (user/password)
and openid authentification
url: /signin/
template : authopenid/signin.htm
"""
logging.debug('in signin view')
on_failure = signin_failure
email_feeds_form = askbot_forms.SimpleEmailSubscribeForm()
#we need a special priority on where to redirect on successful login
#here:
#1) url parameter "next" - if explicitly set
#2) url from django setting LOGIN_REDIRECT_URL
#3) home page of the forum
login_redirect_url = getattr(settings, 'LOGIN_REDIRECT_URL', None)
next_url = get_next_url(request, default = login_redirect_url)
logging.debug('next url is %s' % next_url)
if askbot_settings.ALLOW_ADD_REMOVE_LOGIN_METHODS == False \
and request.user.is_authenticated():
return HttpResponseRedirect(next_url)
if next_url == reverse('user_signin'):
next_url = '%(next)s?next=%(next)s' % {'next': next_url}
login_form = forms.LoginForm(initial = {'next': next_url})
#todo: get next url make it sticky if next is 'user_signin'
if request.method == 'POST':
login_form = forms.LoginForm(request.POST)
if login_form.is_valid():
provider_name = login_form.cleaned_data['login_provider_name']
if login_form.cleaned_data['login_type'] == 'password':
password_action = login_form.cleaned_data['password_action']
if askbot_settings.USE_LDAP_FOR_PASSWORD_LOGIN:
assert(password_action == 'login')
ldap_provider_name = askbot_settings.LDAP_PROVIDER_NAME
username = login_form.cleaned_data['username']
if util.ldap_check_password(
username,
login_form.cleaned_data['password']
):
user = authenticate(
ldap_user_id = username,
provider_name = ldap_provider_name,
method = 'ldap'
)
if user is not None:
login(request, user)
return HttpResponseRedirect(next_url)
else:
return finalize_generic_signin(
request = request,
user = user,
user_identifier = username,
login_provider_name = ldap_provider_name,
redirect_url = next_url
)
else:
login_form.set_password_login_error()
else:
if password_action == 'login':
user = authenticate(
username = login_form.cleaned_data['username'],
password = login_form.cleaned_data['password'],
provider_name = provider_name,
method = 'password'
)
if user is None:
login_form.set_password_login_error()
else:
login(request, user)
#todo: here we might need to set cookies
#for external login sites
return HttpResponseRedirect(next_url)
elif password_action == 'change_password':
if request.user.is_authenticated():
new_password = \
login_form.cleaned_data['new_password']
AuthBackend.set_password(
user=request.user,
password=new_password,
provider_name=provider_name
)
request.user.message_set.create(
message = _('Your new password saved')
)
return HttpResponseRedirect(next_url)
else:
logging.critical(
'unknown password action %s' % password_action
)
raise Http404
elif login_form.cleaned_data['login_type'] == 'openid':
#initiate communication process
logging.debug('processing signin with openid submission')
#todo: make a simple-use wrapper for openid protocol
sreg_req = sreg.SRegRequest(optional=['nickname', 'email'])
redirect_to = "%s%s?%s" % (
get_url_host(request),
reverse('user_complete_signin'),
urllib.urlencode({'next':next_url})
)
return ask_openid(
request,
login_form.cleaned_data['openid_url'],
redirect_to,
on_failure=signin_failure,
sreg_request=sreg_req
)
elif login_form.cleaned_data['login_type'] == 'oauth':
try:
#this url may need to have "next" piggibacked onto
callback_url = reverse('user_complete_oauth_signin')
connection = util.OAuthConnection(
provider_name,
callback_url = callback_url
)
connection.start()
request.session['oauth_token'] = connection.get_token()
request.session['oauth_provider_name'] = provider_name
request.session['next_url'] = next_url#special case for oauth
oauth_url = connection.get_auth_url(login_only = False)
return HttpResponseRedirect(oauth_url)
except util.OAuthError, e:
logging.critical(unicode(e))
msg = _('Unfortunately, there was some problem when '
'connecting to %(provider)s, please try again '
'or use another provider'
) % {'provider': provider_name}
request.user.message_set.create(message = msg)
elif login_form.cleaned_data['login_type'] == 'facebook':
#have to redirect for consistency
#there is a requirement that 'complete_signin'
try:
#this call may raise FacebookError
user_id = util.get_facebook_user_id(request)
user = authenticate(
method = 'facebook',
facebook_user_id = user_id
)
return finalize_generic_signin(
request = request,
user = user,
user_identifier = user_id,
login_provider_name = provider_name,
redirect_url = next_url
)
except util.FacebookError, e:
logging.critical(unicode(e))
msg = _('Unfortunately, there was some problem when '
'connecting to %(provider)s, please try again '
'or use another provider'
) % {'provider': 'Facebook'}
request.user.message_set.create(message = msg)
elif login_form.cleaned_data['login_type'] == 'wordpress_site':
#here wordpress_site means for a self hosted wordpress blog not a wordpress.com blog
wp = Client(askbot_settings.WORDPRESS_SITE_URL, login_form.cleaned_data['username'], login_form.cleaned_data['password'])
try:
wp_user = wp.call(GetUserInfo())
custom_wp_openid_url = '%s?user_id=%s' % (wp.url, wp_user.user_id)
user = authenticate(
method = 'wordpress_site',
wordpress_url = wp.url,
wp_user_id = wp_user.user_id
)
return finalize_generic_signin(
request = request,
user = user,
user_identifier = custom_wp_openid_url,
login_provider_name = provider_name,
redirect_url = next_url
)
except WpFault, e:
logging.critical(unicode(e))
msg = _('The login password combination was not correct')
request.user.message_set.create(message = msg)
def signin(request, newquestion=False, newanswer=False): # todo: not needed # todo: not needed
"""
signin page. It manages the legacy authentification (user/password)
and openid authentification
url: /signin/
template : authopenid/signin.htm
"""
logging.debug("in signin view")
on_failure = signin_failure
email_feeds_form = askbot_forms.SimpleEmailSubscribeForm()
next_url = get_next_url(request)
logging.debug("next url is %s" % next_url)
if next_url == reverse("user_signin"):
next_url = "%(next)s?next=%(next)s" % {"next": next_url}
login_form = forms.LoginForm(initial={"next": next_url})
# todo: get next url make it sticky if next is 'user_signin'
if request.method == "POST":
login_form = forms.LoginForm(request.POST)
if login_form.is_valid():
provider_name = login_form.cleaned_data["login_provider_name"]
if login_form.cleaned_data["login_type"] == "password":
password_action = login_form.cleaned_data["password_action"]
if askbot_settings.USE_LDAP_FOR_PASSWORD_LOGIN:
assert password_action == "login"
ldap_provider_name = askbot_settings.LDAP_PROVIDER_NAME
username = login_form.cleaned_data["username"]
if util.ldap_check_password(username, login_form.cleaned_data["password"]):
user = authenticate(ldap_user_id=username, provider_name=ldap_provider_name, method="ldap")
if user is not None:
login(request, user)
return HttpResponseRedirect(next_url)
else:
return finalize_generic_signin(
request=request,
user=user,
user_identifier=username,
login_provider_name=ldap_provider_name,
redirect_url=next_url,
)
else:
if password_action == "login":
user = authenticate(
username=login_form.cleaned_data["username"],
password=login_form.cleaned_data["password"],
provider_name=provider_name,
method="password",
)
if user is None:
login_form.set_password_login_error()
else:
login(request, user)
# todo: here we might need to set cookies
# for external login sites
return HttpResponseRedirect(next_url)
elif password_action == "change_password":
if request.user.is_authenticated():
new_password = login_form.cleaned_data["new_password"]
AuthBackend.set_password(
user=request.user, password=new_password, provider_name=provider_name
)
request.user.message_set.create(message=_("Your new password saved"))
return HttpResponseRedirect(next_url)
else:
logging.critical("unknown password action %s" % password_action)
raise Http404
elif login_form.cleaned_data["login_type"] == "openid":
# initiate communication process
logging.debug("processing signin with openid submission")
# todo: make a simple-use wrapper for openid protocol
sreg_req = sreg.SRegRequest(optional=["nickname", "email"])
redirect_to = "%s%s?%s" % (
get_url_host(request),
reverse("user_complete_signin"),
urllib.urlencode({"next": next_url}),
)
return ask_openid(
request,
login_form.cleaned_data["openid_url"],
redirect_to,
on_failure=signin_failure,
sreg_request=sreg_req,
)
elif login_form.cleaned_data["login_type"] == "oauth":
try:
# this url may need to have "next" piggibacked onto
callback_url = reverse("user_complete_oauth_signin")
connection = util.OAuthConnection(provider_name, callback_url=callback_url)
connection.start()
request.session["oauth_token"] = connection.get_token()
request.session["oauth_provider_name"] = provider_name
request.session["next_url"] = next_url # special case for oauth
oauth_url = connection.get_auth_url(login_only=False)
return HttpResponseRedirect(oauth_url)
except util.OAuthError, e:
logging.critical(unicode(e))
msg = _(
"Unfortunately, there was some problem when "
"connecting to %(provider)s, please try again "
"or use another provider"
) % {"provider": provider_name}
request.user.message_set.create(message=msg)
elif login_form.cleaned_data["login_type"] == "facebook":
# have to redirect for consistency
# there is a requirement that 'complete_signin'
try:
# this call may raise FacebookError
user_id = util.get_facebook_user_id(request)
user = authenticate(method="facebook", facebook_user_id=user_id)
return finalize_generic_signin(
request=request,
user=user,
user_identifier=user_id,
login_provider_name=provider_name,
redirect_url=next_url,
)
except util.FacebookError, e:
logging.critical(unicode(e))
msg = _(
"Unfortunately, there was some problem when "
"connecting to %(provider)s, please try again "
"or use another provider"
) % {"provider": "Facebook"}
request.user.message_set.create(message=msg)
else:
# raise 500 error - unknown login type
pass
def signin(request):
"""
signin page. It manages the legacy authentification (user/password)
and openid authentification
url: /signin/
template : authopenid/signin.htm
"""
logging.debug("in signin view")
on_failure = signin_failure
email_feeds_form = askbot_forms.SimpleEmailSubscribeForm()
# we need a special priority on where to redirect on successful login
# here:
# 1) url parameter "next" - if explicitly set
# 2) url from django setting LOGIN_REDIRECT_URL
# 3) home page of the forum
login_redirect_url = getattr(settings, "LOGIN_REDIRECT_URL", None)
next_url = get_next_url(request, default=login_redirect_url)
logging.debug("next url is %s" % next_url)
if askbot_settings.ALLOW_ADD_REMOVE_LOGIN_METHODS == False and request.user.is_authenticated():
return HttpResponseRedirect(next_url)
if next_url == reverse("user_signin"):
next_url = "%(next)s?next=%(next)s" % {"next": next_url}
login_form = forms.LoginForm(initial={"next": next_url})
# todo: get next url make it sticky if next is 'user_signin'
if request.method == "POST":
login_form = forms.LoginForm(request.POST)
if login_form.is_valid():
provider_name = login_form.cleaned_data["login_provider_name"]
if login_form.cleaned_data["login_type"] == "password":
password_action = login_form.cleaned_data["password_action"]
if askbot_settings.USE_LDAP_FOR_PASSWORD_LOGIN:
assert password_action == "login"
ldap_provider_name = askbot_settings.LDAP_PROVIDER_NAME
username = login_form.cleaned_data["username"]
if util.ldap_check_password(username, login_form.cleaned_data["password"]):
user = authenticate(ldap_user_id=username, provider_name=ldap_provider_name, method="ldap")
if user is not None:
login(request, user)
return HttpResponseRedirect(next_url)
else:
return finalize_generic_signin(
request=request,
user=user,
user_identifier=username,
login_provider_name=ldap_provider_name,
redirect_url=next_url,
)
else:
login_form.set_password_login_error()
else:
if password_action == "login":
user = authenticate(
username=login_form.cleaned_data["username"],
password=login_form.cleaned_data["password"],
provider_name=provider_name,
method="password",
)
if user is None:
login_form.set_password_login_error()
else:
login(request, user)
# todo: here we might need to set cookies
# for external login sites
return HttpResponseRedirect(next_url)
elif password_action == "change_password":
if request.user.is_authenticated():
new_password = login_form.cleaned_data["new_password"]
AuthBackend.set_password(
user=request.user, password=new_password, provider_name=provider_name
)
request.user.message_set.create(message=_("Your new password saved"))
return HttpResponseRedirect(next_url)
else:
logging.critical("unknown password action %s" % password_action)
raise Http404
elif login_form.cleaned_data["login_type"] == "openid":
# initiate communication process
logging.debug("processing signin with openid submission")
# todo: make a simple-use wrapper for openid protocol
sreg_req = sreg.SRegRequest(optional=["nickname", "email"])
redirect_to = "%s%s?%s" % (
get_url_host(request),
reverse("user_complete_signin"),
urllib.urlencode({"next": next_url}),
)
return ask_openid(
request,
login_form.cleaned_data["openid_url"],
redirect_to,
on_failure=signin_failure,
sreg_request=sreg_req,
)
elif login_form.cleaned_data["login_type"] == "oauth":
try:
# this url may need to have "next" piggibacked onto
callback_url = reverse("user_complete_oauth_signin")
connection = util.OAuthConnection(provider_name, callback_url=callback_url)
connection.start()
request.session["oauth_token"] = connection.get_token()
request.session["oauth_provider_name"] = provider_name
request.session["next_url"] = next_url # special case for oauth
oauth_url = connection.get_auth_url(login_only=False)
return HttpResponseRedirect(oauth_url)
except util.OAuthError, e:
logging.critical(unicode(e))
msg = _(
"Unfortunately, there was some problem when "
"connecting to %(provider)s, please try again "
"or use another provider"
) % {"provider": provider_name}
request.user.message_set.create(message=msg)
elif login_form.cleaned_data["login_type"] == "facebook":
# have to redirect for consistency
# there is a requirement that 'complete_signin'
try:
# this call may raise FacebookError
user_id = util.get_facebook_user_id(request)
user = authenticate(method="facebook", facebook_user_id=user_id)
return finalize_generic_signin(
request=request,
user=user,
user_identifier=user_id,
login_provider_name=provider_name,
redirect_url=next_url,
)
except util.FacebookError, e:
logging.critical(unicode(e))
msg = _(
"Unfortunately, there was some problem when "
"connecting to %(provider)s, please try again "
"or use another provider"
) % {"provider": "Facebook"}
request.user.message_set.create(message=msg)
elif login_form.cleaned_data["login_type"] == "wordpress_site":
# here wordpress_site means for a self hosted wordpress blog not a wordpress.com blog
wp = Client(
askbot_settings.WORDPRESS_SITE_URL,
login_form.cleaned_data["username"],
login_form.cleaned_data["password"],
)
try:
wp_user = wp.call(GetUserInfo())
custom_wp_openid_url = "%s?user_id=%s" % (wp.url, wp_user.user_id)
user = authenticate(method="wordpress_site", wordpress_url=wp.url, wp_user_id=wp_user.user_id)
return finalize_generic_signin(
request=request,
user=user,
user_identifier=custom_wp_openid_url,
login_provider_name=provider_name,
redirect_url=next_url,
)
except WpFault, e:
logging.critical(unicode(e))
msg = _("The login password combination was not correct")
request.user.message_set.create(message=msg)
def authenticate(
self,
username=None, # for 'password' and 'ldap'
password=None, # for 'password' and 'ldap'
user_id=None, # for 'force'
provider_name=None, # required with all except email_key
openid_url=None,
email_key=None,
oauth_user_id=None, # used with oauth
facebook_user_id=None, # user with facebook
wordpress_url=None, # required for self hosted wordpress
wp_user_id=None, # required for self hosted wordpress
method=None, # requried parameter
):
"""this authentication function supports many login methods
just which method it is going to use it determined
from the signature of the function call
"""
login_providers = util.get_enabled_login_providers()
assoc = None # UserAssociation not needed for ldap
if method == "password":
if login_providers[provider_name]["type"] != "password":
raise ImproperlyConfigured("login provider must use password")
if provider_name == "local":
try:
user = User.objects.get(username=username)
if not user.check_password(password):
return None
except User.DoesNotExist:
try:
email_address = username
user = User.objects.get(email=email_address)
if not user.check_password(password):
return None
except User.DoesNotExist:
return None
except User.MultipleObjectsReturned:
LOG.critical(
(
"have more than one user with email %s "
+ "he/she will not be able to authenticate with "
+ "the email address in the place of user name"
)
% email_address
)
return None
else:
if login_providers[provider_name]["check_password"](username, password):
try:
# if have user associated with this username and provider,
# return the user
assoc = UserAssociation.objects.get(
openid_url=username + "@" + provider_name, # a hack - par name is bad
provider_name=provider_name,
)
return assoc.user
except UserAssociation.DoesNotExist:
# race condition here a user with this name may exist
user, created = User.objects.get_or_create(username=username)
if created:
user.set_password(password)
user.save()
user_registered.send(None, user=user)
else:
# have username collision - so make up a more unique user name
# bug: - if user already exists with the new username - we are in trouble
new_username = "******" % (username, provider_name)
user = User.objects.create_user(new_username, "", password)
user_registered.send(None, user=user)
message = _(
"Welcome! Please set email address (important!) in your "
"profile and adjust screen name, if necessary."
)
user.message_set.create(message=message)
else:
return None
# this is a catch - make login token a little more unique
# for the cases when passwords are the same for two users
# from the same provider
try:
assoc = UserAssociation.objects.get(user=user, provider_name=provider_name)
except UserAssociation.DoesNotExist:
assoc = UserAssociation(user=user, provider_name=provider_name)
assoc.openid_url = username + "@" + provider_name # has to be this way for external pw logins
elif method == "openid":
try:
assoc = UserAssociation.objects.get(openid_url=openid_url)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
except UserAssociation.MultipleObjectsReturned:
logging.critical("duplicate openid url in the database!!! %s" % openid_url)
return None
elif method == "email":
# with this method we do no use user association
try:
# todo: add email_key_timestamp field
# and check key age
user = User.objects.get(email_key=email_key)
user.email_key = None # one time key so delete it
user.email_isvalid = True
user.save()
return user
except User.DoesNotExist:
return None
elif method == "oauth":
if login_providers[provider_name]["type"] in ("oauth", "oauth2"):
try:
assoc = UserAssociation.objects.get(openid_url=oauth_user_id, provider_name=provider_name)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
else:
return None
elif method == "facebook":
try:
# assert(provider_name == 'facebook')
assoc = UserAssociation.objects.get(openid_url=facebook_user_id, provider_name="facebook")
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == "ldap":
# user_info = ldap_authenticate(username, password)
user_info = util.ldap_check_password(username, password)
if user_info["success"] == False:
# Maybe a user created internally (django admin user)
try:
user = User.objects.get(username__exact=username)
if user.check_password(password):
return user
else:
return None
except User.DoesNotExist:
return None
else:
# load user by association or maybe auto-create one
ldap_username = user_info["ldap_username"]
try:
# todo: provider_name is hardcoded - possible conflict
assoc = UserAssociation.objects.get(openid_url=ldap_username, provider_name="Wind River LDAP")
user = assoc.user
except UserAssociation.DoesNotExist:
# email address is required
if "email" in user_info and askbot_settings.LDAP_AUTOCREATE_USERS:
assoc = ldap_create_user(user_info)
user = assoc.user
else:
return None
elif method == "wordpress_site":
try:
custom_wp_openid_url = "%s?user_id=%s" % (wordpress_url, wp_user_id)
assoc = UserAssociation.objects.get(openid_url=custom_wp_openid_url, provider_name="wordpress_site")
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == "force":
return self.get_user(user_id)
else:
raise TypeError("only openid and password supported")
if assoc:
# update last used time
assoc.last_used_timestamp = datetime.datetime.now()
assoc.save()
return user
def authenticate(
self,
username=None, #for 'password' and 'ldap'
password=None, #for 'password' and 'ldap'
user_id=None, #for 'force'
provider_name=None, #required with all except email_key
openid_url=None,
email_key=None,
oauth_user_id=None, #used with oauth
facebook_user_id=None, #user with facebook
wordpress_url=None, # required for self hosted wordpress
wp_user_id=None, # required for self hosted wordpress
method=None, #requried parameter
):
"""this authentication function supports many login methods
just which method it is going to use it determined
from the signature of the function call
"""
login_providers = util.get_enabled_login_providers()
assoc = None # UserAssociation not needed for ldap
if method == 'password':
if login_providers[provider_name]['type'] != 'password':
raise ImproperlyConfigured('login provider must use password')
if provider_name == 'local':
try:
user = User.objects.get(username=username)
if not user.check_password(password):
return None
except User.DoesNotExist:
try:
email_address = username
user = User.objects.get(email=email_address)
if not user.check_password(password):
return None
except User.DoesNotExist:
return None
except User.MultipleObjectsReturned:
LOG.critical(
('have more than one user with email %s ' +
'he/she will not be able to authenticate with ' +
'the email address in the place of user name') %
email_address)
return None
else:
if login_providers[provider_name]['check_password'](username,
password):
try:
#if have user associated with this username and provider,
#return the user
assoc = UserAssociation.objects.get(
openid_url=username + '@' +
provider_name, #a hack - par name is bad
provider_name=provider_name)
return assoc.user
except UserAssociation.DoesNotExist:
#race condition here a user with this name may exist
user, created = User.objects.get_or_create(
username=username)
if created:
user.set_password(password)
user.save()
user_registered.send(None, user=user)
else:
#have username collision - so make up a more unique user name
#bug: - if user already exists with the new username - we are in trouble
new_username = '******' % (username, provider_name)
user = User.objects.create_user(
new_username, '', password)
user_registered.send(None, user=user)
message = _(
'Welcome! Please set email address (important!) in your '
'profile and adjust screen name, if necessary.'
)
user.message_set.create(message=message)
else:
return None
#this is a catch - make login token a little more unique
#for the cases when passwords are the same for two users
#from the same provider
try:
assoc = UserAssociation.objects.get(
user=user, provider_name=provider_name)
except UserAssociation.DoesNotExist:
assoc = UserAssociation(user=user, provider_name=provider_name)
assoc.openid_url = username + '@' + provider_name #has to be this way for external pw logins
elif method == 'openid':
try:
assoc = UserAssociation.objects.get(openid_url=openid_url)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
except UserAssociation.MultipleObjectsReturned:
logging.critical('duplicate openid url in the database!!! %s' %
openid_url)
return None
elif method == 'email':
#with this method we do no use user association
try:
#todo: add email_key_timestamp field
#and check key age
user = User.objects.get(email_key=email_key)
user.email_key = None #one time key so delete it
user.email_isvalid = True
user.save()
return user
except User.DoesNotExist:
return None
elif method == 'oauth':
if login_providers[provider_name]['type'] in ('oauth', 'oauth2'):
try:
assoc = UserAssociation.objects.get(
openid_url=oauth_user_id, provider_name=provider_name)
user = assoc.user
except UserAssociation.DoesNotExist:
return None
else:
return None
elif method == 'facebook':
try:
#assert(provider_name == 'facebook')
assoc = UserAssociation.objects.get(
openid_url=facebook_user_id, provider_name='facebook')
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'ldap':
#user_info = ldap_authenticate(username, password)
user_info = util.ldap_check_password(username, password)
if user_info['success'] == False:
# Maybe a user created internally (django admin user)
try:
user = User.objects.get(username__exact=username)
if user.check_password(password):
return user
else:
return None
except User.DoesNotExist:
return None
else:
#load user by association or maybe auto-create one
ldap_username = user_info['ldap_username']
try:
#todo: provider_name is hardcoded - possible conflict
assoc = UserAssociation.objects.get(
openid_url=ldap_username,
provider_name='Wind River LDAP')
user = assoc.user
except UserAssociation.DoesNotExist:
#email address is required
if 'email' in user_info and askbot_settings.LDAP_AUTOCREATE_USERS:
assoc = ldap_create_user(user_info)
user = assoc.user
else:
return None
elif method == 'wordpress_site':
try:
custom_wp_openid_url = '%s?user_id=%s' % (wordpress_url,
wp_user_id)
assoc = UserAssociation.objects.get(
openid_url=custom_wp_openid_url,
provider_name='wordpress_site')
user = assoc.user
except UserAssociation.DoesNotExist:
return None
elif method == 'force':
return self.get_user(user_id)
else:
raise TypeError('only openid and password supported')
if assoc:
#update last used time
assoc.last_used_timestamp = datetime.datetime.now()
assoc.save()
return user
