def signin(request): """ signin page. It manages the legacy authentification (user/password) and openid authentification url: /signin/ template : authopenid/signin.htm """ logging.debug('in signin view') on_failure = signin_failure email_feeds_form = askbot_forms.SimpleEmailSubscribeForm() next_url = get_next_url(request) logging.debug('next url is %s' % next_url) if askbot_settings.ALLOW_ADD_REMOVE_LOGIN_METHODS == False \ and request.user.is_authenticated(): return HttpResponseRedirect(next_url) if next_url == reverse('user_signin'): next_url = '%(next)s?next=%(next)s' % {'next': next_url} login_form = forms.LoginForm(initial = {'next': next_url}) #todo: get next url make it sticky if next is 'user_signin' if request.method == 'POST': login_form = forms.LoginForm(request.POST) if login_form.is_valid(): provider_name = login_form.cleaned_data['login_provider_name'] if login_form.cleaned_data['login_type'] == 'password': password_action = login_form.cleaned_data['password_action'] if askbot_settings.USE_LDAP_FOR_PASSWORD_LOGIN: assert(password_action == 'login') ldap_provider_name = askbot_settings.LDAP_PROVIDER_NAME username = login_form.cleaned_data['username'] if util.ldap_check_password( username, login_form.cleaned_data['password'] ): user = authenticate( ldap_user_id = username, provider_name = ldap_provider_name, method = 'ldap' ) if user is not None: login(request, user) return HttpResponseRedirect(next_url) else: return finalize_generic_signin( request = request, user = user, user_identifier = username, login_provider_name = ldap_provider_name, redirect_url = next_url ) else: login_form.set_password_login_error() else: if password_action == 'login': user = authenticate( username = login_form.cleaned_data['username'], password = login_form.cleaned_data['password'], provider_name = provider_name, method = 'password' ) if user is None: login_form.set_password_login_error() else: login(request, user) #todo: here we might need to set cookies #for external login sites return HttpResponseRedirect(next_url) elif password_action == 'change_password': if request.user.is_authenticated(): new_password = \ login_form.cleaned_data['new_password'] AuthBackend.set_password( user=request.user, password=new_password, provider_name=provider_name ) request.user.message_set.create( message = _('Your new password saved') ) return HttpResponseRedirect(next_url) else: logging.critical( 'unknown password action %s' % password_action ) raise Http404 elif login_form.cleaned_data['login_type'] == 'openid': #initiate communication process logging.debug('processing signin with openid submission') #todo: make a simple-use wrapper for openid protocol sreg_req = sreg.SRegRequest(optional=['nickname', 'email']) redirect_to = "%s%s?%s" % ( get_url_host(request), reverse('user_complete_signin'), urllib.urlencode({'next':next_url}) ) return ask_openid( request, login_form.cleaned_data['openid_url'], redirect_to, on_failure=signin_failure, sreg_request=sreg_req ) elif login_form.cleaned_data['login_type'] == 'oauth': try: #this url may need to have "next" piggibacked onto callback_url = reverse('user_complete_oauth_signin') connection = util.OAuthConnection( provider_name, callback_url = callback_url ) connection.start() request.session['oauth_token'] = connection.get_token() request.session['oauth_provider_name'] = provider_name request.session['next_url'] = next_url#special case for oauth oauth_url = connection.get_auth_url(login_only = False) return HttpResponseRedirect(oauth_url) except util.OAuthError, e: logging.critical(unicode(e)) msg = _('Unfortunately, there was some problem when ' 'connecting to %(provider)s, please try again ' 'or use another provider' ) % {'provider': provider_name} request.user.message_set.create(message = msg) elif login_form.cleaned_data['login_type'] == 'facebook': #have to redirect for consistency #there is a requirement that 'complete_signin' try: #this call may raise FacebookError user_id = util.get_facebook_user_id(request) user = authenticate( method = 'facebook', facebook_user_id = user_id ) return finalize_generic_signin( request = request, user = user, user_identifier = user_id, login_provider_name = provider_name, redirect_url = next_url ) except util.FacebookError, e: logging.critical(unicode(e)) msg = _('Unfortunately, there was some problem when ' 'connecting to %(provider)s, please try again ' 'or use another provider' ) % {'provider': 'Facebook'} request.user.message_set.create(message = msg) else: #raise 500 error - unknown login type pass
def signin( request, newquestion=False, #todo: not needed newanswer=False, #todo: not needed ): """ signin page. It manages the legacy authentification (user/password) and openid authentification url: /signin/ template : authopenid/signin.htm """ logging.debug('in signin view') on_failure = signin_failure email_feeds_form = askbot_forms.SimpleEmailSubscribeForm() next_url = get_next_url(request) logging.debug('next url is %s' % next_url) if next_url == reverse('user_signin'): next_url = '%(next)s?next=%(next)s' % {'next': next_url} login_form = forms.LoginForm(initial={'next': next_url}) #todo: get next url make it sticky if next is 'user_signin' if request.method == 'POST': login_form = forms.LoginForm(request.POST) if login_form.is_valid(): provider_name = login_form.cleaned_data['login_provider_name'] if login_form.cleaned_data['login_type'] == 'password': password_action = login_form.cleaned_data['password_action'] if askbot_settings.USE_LDAP_FOR_PASSWORD_LOGIN: assert (password_action == 'login') ldap_provider_name = askbot_settings.LDAP_PROVIDER_NAME username = login_form.cleaned_data['username'] if util.ldap_check_password( username, login_form.cleaned_data['password']): user = authenticate(ldap_user_id=username, provider_name=ldap_provider_name, method='ldap') if user is not None: login(request, user) return HttpResponseRedirect(next_url) else: return finalize_generic_signin( request=request, user=user, user_identifier=username, login_provider_name=ldap_provider_name, redirect_url=next_url) else: if password_action == 'login': user = authenticate( username=login_form.cleaned_data['username'], password=login_form.cleaned_data['password'], provider_name=provider_name, method='password') if user is None: login_form.set_password_login_error() else: login(request, user) #todo: here we might need to set cookies #for external login sites return HttpResponseRedirect(next_url) elif password_action == 'change_password': if request.user.is_authenticated(): new_password = \ login_form.cleaned_data['new_password'] AuthBackend.set_password( user=request.user, password=new_password, provider_name=provider_name) request.user.message_set.create( message=_('Your new password saved')) return HttpResponseRedirect(next_url) else: logging.critical('unknown password action %s' % password_action) raise Http404 elif login_form.cleaned_data['login_type'] == 'openid': #initiate communication process logging.debug('processing signin with openid submission') #todo: make a simple-use wrapper for openid protocol sreg_req = sreg.SRegRequest(optional=['nickname', 'email']) redirect_to = "%s%s?%s" % ( get_url_host(request), reverse('user_complete_signin'), urllib.urlencode({'next': next_url})) return ask_openid(request, login_form.cleaned_data['openid_url'], redirect_to, on_failure=signin_failure, sreg_request=sreg_req) elif login_form.cleaned_data['login_type'] == 'oauth': try: #this url may need to have "next" piggibacked onto callback_url = reverse('user_complete_oauth_signin') connection = util.OAuthConnection( provider_name, callback_url=callback_url) connection.start() request.session['oauth_token'] = connection.get_token() request.session['oauth_provider_name'] = provider_name request.session[ 'next_url'] = next_url #special case for oauth oauth_url = connection.get_auth_url(login_only=False) return HttpResponseRedirect(oauth_url) except util.OAuthError, e: logging.critical(unicode(e)) msg = _('Unfortunately, there was some problem when ' 'connecting to %(provider)s, please try again ' 'or use another provider') % { 'provider': provider_name } request.user.message_set.create(message=msg) elif login_form.cleaned_data['login_type'] == 'facebook': #have to redirect for consistency #there is a requirement that 'complete_signin' try: #this call may raise FacebookError user_id = util.get_facebook_user_id(request) user = authenticate(method='facebook', facebook_user_id=user_id) return finalize_generic_signin( request=request, user=user, user_identifier=user_id, login_provider_name=provider_name, redirect_url=next_url) except util.FacebookError, e: logging.critical(unicode(e)) msg = _('Unfortunately, there was some problem when ' 'connecting to %(provider)s, please try again ' 'or use another provider') % { 'provider': 'Facebook' } request.user.message_set.create(message=msg) else: #raise 500 error - unknown login type pass
def signin(request): """ signin page. It manages the legacy authentification (user/password) and openid authentification url: /signin/ template : authopenid/signin.htm """ logging.debug('in signin view') on_failure = signin_failure email_feeds_form = askbot_forms.SimpleEmailSubscribeForm() #we need a special priority on where to redirect on successful login #here: #1) url parameter "next" - if explicitly set #2) url from django setting LOGIN_REDIRECT_URL #3) home page of the forum login_redirect_url = getattr(settings, 'LOGIN_REDIRECT_URL', None) next_url = get_next_url(request, default = login_redirect_url) logging.debug('next url is %s' % next_url) if askbot_settings.ALLOW_ADD_REMOVE_LOGIN_METHODS == False \ and request.user.is_authenticated(): return HttpResponseRedirect(next_url) if next_url == reverse('user_signin'): next_url = '%(next)s?next=%(next)s' % {'next': next_url} login_form = forms.LoginForm(initial = {'next': next_url}) #todo: get next url make it sticky if next is 'user_signin' if request.method == 'POST': login_form = forms.LoginForm(request.POST) if login_form.is_valid(): provider_name = login_form.cleaned_data['login_provider_name'] if login_form.cleaned_data['login_type'] == 'password': password_action = login_form.cleaned_data['password_action'] if askbot_settings.USE_LDAP_FOR_PASSWORD_LOGIN: assert(password_action == 'login') ldap_provider_name = askbot_settings.LDAP_PROVIDER_NAME username = login_form.cleaned_data['username'] if util.ldap_check_password( username, login_form.cleaned_data['password'] ): user = authenticate( ldap_user_id = username, provider_name = ldap_provider_name, method = 'ldap' ) if user is not None: login(request, user) return HttpResponseRedirect(next_url) else: return finalize_generic_signin( request = request, user = user, user_identifier = username, login_provider_name = ldap_provider_name, redirect_url = next_url ) else: login_form.set_password_login_error() else: if password_action == 'login': user = authenticate( username = login_form.cleaned_data['username'], password = login_form.cleaned_data['password'], provider_name = provider_name, method = 'password' ) if user is None: login_form.set_password_login_error() else: login(request, user) #todo: here we might need to set cookies #for external login sites return HttpResponseRedirect(next_url) elif password_action == 'change_password': if request.user.is_authenticated(): new_password = \ login_form.cleaned_data['new_password'] AuthBackend.set_password( user=request.user, password=new_password, provider_name=provider_name ) request.user.message_set.create( message = _('Your new password saved') ) return HttpResponseRedirect(next_url) else: logging.critical( 'unknown password action %s' % password_action ) raise Http404 elif login_form.cleaned_data['login_type'] == 'openid': #initiate communication process logging.debug('processing signin with openid submission') #todo: make a simple-use wrapper for openid protocol sreg_req = sreg.SRegRequest(optional=['nickname', 'email']) redirect_to = "%s%s?%s" % ( get_url_host(request), reverse('user_complete_signin'), urllib.urlencode({'next':next_url}) ) return ask_openid( request, login_form.cleaned_data['openid_url'], redirect_to, on_failure=signin_failure, sreg_request=sreg_req ) elif login_form.cleaned_data['login_type'] == 'oauth': try: #this url may need to have "next" piggibacked onto callback_url = reverse('user_complete_oauth_signin') connection = util.OAuthConnection( provider_name, callback_url = callback_url ) connection.start() request.session['oauth_token'] = connection.get_token() request.session['oauth_provider_name'] = provider_name request.session['next_url'] = next_url#special case for oauth oauth_url = connection.get_auth_url(login_only = False) return HttpResponseRedirect(oauth_url) except util.OAuthError, e: logging.critical(unicode(e)) msg = _('Unfortunately, there was some problem when ' 'connecting to %(provider)s, please try again ' 'or use another provider' ) % {'provider': provider_name} request.user.message_set.create(message = msg) elif login_form.cleaned_data['login_type'] == 'facebook': #have to redirect for consistency #there is a requirement that 'complete_signin' try: #this call may raise FacebookError user_id = util.get_facebook_user_id(request) user = authenticate( method = 'facebook', facebook_user_id = user_id ) return finalize_generic_signin( request = request, user = user, user_identifier = user_id, login_provider_name = provider_name, redirect_url = next_url ) except util.FacebookError, e: logging.critical(unicode(e)) msg = _('Unfortunately, there was some problem when ' 'connecting to %(provider)s, please try again ' 'or use another provider' ) % {'provider': 'Facebook'} request.user.message_set.create(message = msg) elif login_form.cleaned_data['login_type'] == 'wordpress_site': #here wordpress_site means for a self hosted wordpress blog not a wordpress.com blog wp = Client(askbot_settings.WORDPRESS_SITE_URL, login_form.cleaned_data['username'], login_form.cleaned_data['password']) try: wp_user = wp.call(GetUserInfo()) custom_wp_openid_url = '%s?user_id=%s' % (wp.url, wp_user.user_id) user = authenticate( method = 'wordpress_site', wordpress_url = wp.url, wp_user_id = wp_user.user_id ) return finalize_generic_signin( request = request, user = user, user_identifier = custom_wp_openid_url, login_provider_name = provider_name, redirect_url = next_url ) except WpFault, e: logging.critical(unicode(e)) msg = _('The login password combination was not correct') request.user.message_set.create(message = msg)
def signin(request, newquestion=False, newanswer=False): # todo: not needed # todo: not needed """ signin page. It manages the legacy authentification (user/password) and openid authentification url: /signin/ template : authopenid/signin.htm """ logging.debug("in signin view") on_failure = signin_failure email_feeds_form = askbot_forms.SimpleEmailSubscribeForm() next_url = get_next_url(request) logging.debug("next url is %s" % next_url) if next_url == reverse("user_signin"): next_url = "%(next)s?next=%(next)s" % {"next": next_url} login_form = forms.LoginForm(initial={"next": next_url}) # todo: get next url make it sticky if next is 'user_signin' if request.method == "POST": login_form = forms.LoginForm(request.POST) if login_form.is_valid(): provider_name = login_form.cleaned_data["login_provider_name"] if login_form.cleaned_data["login_type"] == "password": password_action = login_form.cleaned_data["password_action"] if askbot_settings.USE_LDAP_FOR_PASSWORD_LOGIN: assert password_action == "login" ldap_provider_name = askbot_settings.LDAP_PROVIDER_NAME username = login_form.cleaned_data["username"] if util.ldap_check_password(username, login_form.cleaned_data["password"]): user = authenticate(ldap_user_id=username, provider_name=ldap_provider_name, method="ldap") if user is not None: login(request, user) return HttpResponseRedirect(next_url) else: return finalize_generic_signin( request=request, user=user, user_identifier=username, login_provider_name=ldap_provider_name, redirect_url=next_url, ) else: if password_action == "login": user = authenticate( username=login_form.cleaned_data["username"], password=login_form.cleaned_data["password"], provider_name=provider_name, method="password", ) if user is None: login_form.set_password_login_error() else: login(request, user) # todo: here we might need to set cookies # for external login sites return HttpResponseRedirect(next_url) elif password_action == "change_password": if request.user.is_authenticated(): new_password = login_form.cleaned_data["new_password"] AuthBackend.set_password( user=request.user, password=new_password, provider_name=provider_name ) request.user.message_set.create(message=_("Your new password saved")) return HttpResponseRedirect(next_url) else: logging.critical("unknown password action %s" % password_action) raise Http404 elif login_form.cleaned_data["login_type"] == "openid": # initiate communication process logging.debug("processing signin with openid submission") # todo: make a simple-use wrapper for openid protocol sreg_req = sreg.SRegRequest(optional=["nickname", "email"]) redirect_to = "%s%s?%s" % ( get_url_host(request), reverse("user_complete_signin"), urllib.urlencode({"next": next_url}), ) return ask_openid( request, login_form.cleaned_data["openid_url"], redirect_to, on_failure=signin_failure, sreg_request=sreg_req, ) elif login_form.cleaned_data["login_type"] == "oauth": try: # this url may need to have "next" piggibacked onto callback_url = reverse("user_complete_oauth_signin") connection = util.OAuthConnection(provider_name, callback_url=callback_url) connection.start() request.session["oauth_token"] = connection.get_token() request.session["oauth_provider_name"] = provider_name request.session["next_url"] = next_url # special case for oauth oauth_url = connection.get_auth_url(login_only=False) return HttpResponseRedirect(oauth_url) except util.OAuthError, e: logging.critical(unicode(e)) msg = _( "Unfortunately, there was some problem when " "connecting to %(provider)s, please try again " "or use another provider" ) % {"provider": provider_name} request.user.message_set.create(message=msg) elif login_form.cleaned_data["login_type"] == "facebook": # have to redirect for consistency # there is a requirement that 'complete_signin' try: # this call may raise FacebookError user_id = util.get_facebook_user_id(request) user = authenticate(method="facebook", facebook_user_id=user_id) return finalize_generic_signin( request=request, user=user, user_identifier=user_id, login_provider_name=provider_name, redirect_url=next_url, ) except util.FacebookError, e: logging.critical(unicode(e)) msg = _( "Unfortunately, there was some problem when " "connecting to %(provider)s, please try again " "or use another provider" ) % {"provider": "Facebook"} request.user.message_set.create(message=msg) else: # raise 500 error - unknown login type pass
def signin(request): """ signin page. It manages the legacy authentification (user/password) and openid authentification url: /signin/ template : authopenid/signin.htm """ logging.debug("in signin view") on_failure = signin_failure email_feeds_form = askbot_forms.SimpleEmailSubscribeForm() # we need a special priority on where to redirect on successful login # here: # 1) url parameter "next" - if explicitly set # 2) url from django setting LOGIN_REDIRECT_URL # 3) home page of the forum login_redirect_url = getattr(settings, "LOGIN_REDIRECT_URL", None) next_url = get_next_url(request, default=login_redirect_url) logging.debug("next url is %s" % next_url) if askbot_settings.ALLOW_ADD_REMOVE_LOGIN_METHODS == False and request.user.is_authenticated(): return HttpResponseRedirect(next_url) if next_url == reverse("user_signin"): next_url = "%(next)s?next=%(next)s" % {"next": next_url} login_form = forms.LoginForm(initial={"next": next_url}) # todo: get next url make it sticky if next is 'user_signin' if request.method == "POST": login_form = forms.LoginForm(request.POST) if login_form.is_valid(): provider_name = login_form.cleaned_data["login_provider_name"] if login_form.cleaned_data["login_type"] == "password": password_action = login_form.cleaned_data["password_action"] if askbot_settings.USE_LDAP_FOR_PASSWORD_LOGIN: assert password_action == "login" ldap_provider_name = askbot_settings.LDAP_PROVIDER_NAME username = login_form.cleaned_data["username"] if util.ldap_check_password(username, login_form.cleaned_data["password"]): user = authenticate(ldap_user_id=username, provider_name=ldap_provider_name, method="ldap") if user is not None: login(request, user) return HttpResponseRedirect(next_url) else: return finalize_generic_signin( request=request, user=user, user_identifier=username, login_provider_name=ldap_provider_name, redirect_url=next_url, ) else: login_form.set_password_login_error() else: if password_action == "login": user = authenticate( username=login_form.cleaned_data["username"], password=login_form.cleaned_data["password"], provider_name=provider_name, method="password", ) if user is None: login_form.set_password_login_error() else: login(request, user) # todo: here we might need to set cookies # for external login sites return HttpResponseRedirect(next_url) elif password_action == "change_password": if request.user.is_authenticated(): new_password = login_form.cleaned_data["new_password"] AuthBackend.set_password( user=request.user, password=new_password, provider_name=provider_name ) request.user.message_set.create(message=_("Your new password saved")) return HttpResponseRedirect(next_url) else: logging.critical("unknown password action %s" % password_action) raise Http404 elif login_form.cleaned_data["login_type"] == "openid": # initiate communication process logging.debug("processing signin with openid submission") # todo: make a simple-use wrapper for openid protocol sreg_req = sreg.SRegRequest(optional=["nickname", "email"]) redirect_to = "%s%s?%s" % ( get_url_host(request), reverse("user_complete_signin"), urllib.urlencode({"next": next_url}), ) return ask_openid( request, login_form.cleaned_data["openid_url"], redirect_to, on_failure=signin_failure, sreg_request=sreg_req, ) elif login_form.cleaned_data["login_type"] == "oauth": try: # this url may need to have "next" piggibacked onto callback_url = reverse("user_complete_oauth_signin") connection = util.OAuthConnection(provider_name, callback_url=callback_url) connection.start() request.session["oauth_token"] = connection.get_token() request.session["oauth_provider_name"] = provider_name request.session["next_url"] = next_url # special case for oauth oauth_url = connection.get_auth_url(login_only=False) return HttpResponseRedirect(oauth_url) except util.OAuthError, e: logging.critical(unicode(e)) msg = _( "Unfortunately, there was some problem when " "connecting to %(provider)s, please try again " "or use another provider" ) % {"provider": provider_name} request.user.message_set.create(message=msg) elif login_form.cleaned_data["login_type"] == "facebook": # have to redirect for consistency # there is a requirement that 'complete_signin' try: # this call may raise FacebookError user_id = util.get_facebook_user_id(request) user = authenticate(method="facebook", facebook_user_id=user_id) return finalize_generic_signin( request=request, user=user, user_identifier=user_id, login_provider_name=provider_name, redirect_url=next_url, ) except util.FacebookError, e: logging.critical(unicode(e)) msg = _( "Unfortunately, there was some problem when " "connecting to %(provider)s, please try again " "or use another provider" ) % {"provider": "Facebook"} request.user.message_set.create(message=msg) elif login_form.cleaned_data["login_type"] == "wordpress_site": # here wordpress_site means for a self hosted wordpress blog not a wordpress.com blog wp = Client( askbot_settings.WORDPRESS_SITE_URL, login_form.cleaned_data["username"], login_form.cleaned_data["password"], ) try: wp_user = wp.call(GetUserInfo()) custom_wp_openid_url = "%s?user_id=%s" % (wp.url, wp_user.user_id) user = authenticate(method="wordpress_site", wordpress_url=wp.url, wp_user_id=wp_user.user_id) return finalize_generic_signin( request=request, user=user, user_identifier=custom_wp_openid_url, login_provider_name=provider_name, redirect_url=next_url, ) except WpFault, e: logging.critical(unicode(e)) msg = _("The login password combination was not correct") request.user.message_set.create(message=msg)
def authenticate( self, username=None, # for 'password' and 'ldap' password=None, # for 'password' and 'ldap' user_id=None, # for 'force' provider_name=None, # required with all except email_key openid_url=None, email_key=None, oauth_user_id=None, # used with oauth facebook_user_id=None, # user with facebook wordpress_url=None, # required for self hosted wordpress wp_user_id=None, # required for self hosted wordpress method=None, # requried parameter ): """this authentication function supports many login methods just which method it is going to use it determined from the signature of the function call """ login_providers = util.get_enabled_login_providers() assoc = None # UserAssociation not needed for ldap if method == "password": if login_providers[provider_name]["type"] != "password": raise ImproperlyConfigured("login provider must use password") if provider_name == "local": try: user = User.objects.get(username=username) if not user.check_password(password): return None except User.DoesNotExist: try: email_address = username user = User.objects.get(email=email_address) if not user.check_password(password): return None except User.DoesNotExist: return None except User.MultipleObjectsReturned: LOG.critical( ( "have more than one user with email %s " + "he/she will not be able to authenticate with " + "the email address in the place of user name" ) % email_address ) return None else: if login_providers[provider_name]["check_password"](username, password): try: # if have user associated with this username and provider, # return the user assoc = UserAssociation.objects.get( openid_url=username + "@" + provider_name, # a hack - par name is bad provider_name=provider_name, ) return assoc.user except UserAssociation.DoesNotExist: # race condition here a user with this name may exist user, created = User.objects.get_or_create(username=username) if created: user.set_password(password) user.save() user_registered.send(None, user=user) else: # have username collision - so make up a more unique user name # bug: - if user already exists with the new username - we are in trouble new_username = "******" % (username, provider_name) user = User.objects.create_user(new_username, "", password) user_registered.send(None, user=user) message = _( "Welcome! Please set email address (important!) in your " "profile and adjust screen name, if necessary." ) user.message_set.create(message=message) else: return None # this is a catch - make login token a little more unique # for the cases when passwords are the same for two users # from the same provider try: assoc = UserAssociation.objects.get(user=user, provider_name=provider_name) except UserAssociation.DoesNotExist: assoc = UserAssociation(user=user, provider_name=provider_name) assoc.openid_url = username + "@" + provider_name # has to be this way for external pw logins elif method == "openid": try: assoc = UserAssociation.objects.get(openid_url=openid_url) user = assoc.user except UserAssociation.DoesNotExist: return None except UserAssociation.MultipleObjectsReturned: logging.critical("duplicate openid url in the database!!! %s" % openid_url) return None elif method == "email": # with this method we do no use user association try: # todo: add email_key_timestamp field # and check key age user = User.objects.get(email_key=email_key) user.email_key = None # one time key so delete it user.email_isvalid = True user.save() return user except User.DoesNotExist: return None elif method == "oauth": if login_providers[provider_name]["type"] in ("oauth", "oauth2"): try: assoc = UserAssociation.objects.get(openid_url=oauth_user_id, provider_name=provider_name) user = assoc.user except UserAssociation.DoesNotExist: return None else: return None elif method == "facebook": try: # assert(provider_name == 'facebook') assoc = UserAssociation.objects.get(openid_url=facebook_user_id, provider_name="facebook") user = assoc.user except UserAssociation.DoesNotExist: return None elif method == "ldap": # user_info = ldap_authenticate(username, password) user_info = util.ldap_check_password(username, password) if user_info["success"] == False: # Maybe a user created internally (django admin user) try: user = User.objects.get(username__exact=username) if user.check_password(password): return user else: return None except User.DoesNotExist: return None else: # load user by association or maybe auto-create one ldap_username = user_info["ldap_username"] try: # todo: provider_name is hardcoded - possible conflict assoc = UserAssociation.objects.get(openid_url=ldap_username, provider_name="Wind River LDAP") user = assoc.user except UserAssociation.DoesNotExist: # email address is required if "email" in user_info and askbot_settings.LDAP_AUTOCREATE_USERS: assoc = ldap_create_user(user_info) user = assoc.user else: return None elif method == "wordpress_site": try: custom_wp_openid_url = "%s?user_id=%s" % (wordpress_url, wp_user_id) assoc = UserAssociation.objects.get(openid_url=custom_wp_openid_url, provider_name="wordpress_site") user = assoc.user except UserAssociation.DoesNotExist: return None elif method == "force": return self.get_user(user_id) else: raise TypeError("only openid and password supported") if assoc: # update last used time assoc.last_used_timestamp = datetime.datetime.now() assoc.save() return user
def authenticate( self, username=None, #for 'password' and 'ldap' password=None, #for 'password' and 'ldap' user_id=None, #for 'force' provider_name=None, #required with all except email_key openid_url=None, email_key=None, oauth_user_id=None, #used with oauth facebook_user_id=None, #user with facebook wordpress_url=None, # required for self hosted wordpress wp_user_id=None, # required for self hosted wordpress method=None, #requried parameter ): """this authentication function supports many login methods just which method it is going to use it determined from the signature of the function call """ login_providers = util.get_enabled_login_providers() assoc = None # UserAssociation not needed for ldap if method == 'password': if login_providers[provider_name]['type'] != 'password': raise ImproperlyConfigured('login provider must use password') if provider_name == 'local': try: user = User.objects.get(username=username) if not user.check_password(password): return None except User.DoesNotExist: try: email_address = username user = User.objects.get(email=email_address) if not user.check_password(password): return None except User.DoesNotExist: return None except User.MultipleObjectsReturned: LOG.critical( ('have more than one user with email %s ' + 'he/she will not be able to authenticate with ' + 'the email address in the place of user name') % email_address) return None else: if login_providers[provider_name]['check_password'](username, password): try: #if have user associated with this username and provider, #return the user assoc = UserAssociation.objects.get( openid_url=username + '@' + provider_name, #a hack - par name is bad provider_name=provider_name) return assoc.user except UserAssociation.DoesNotExist: #race condition here a user with this name may exist user, created = User.objects.get_or_create( username=username) if created: user.set_password(password) user.save() user_registered.send(None, user=user) else: #have username collision - so make up a more unique user name #bug: - if user already exists with the new username - we are in trouble new_username = '******' % (username, provider_name) user = User.objects.create_user( new_username, '', password) user_registered.send(None, user=user) message = _( 'Welcome! Please set email address (important!) in your ' 'profile and adjust screen name, if necessary.' ) user.message_set.create(message=message) else: return None #this is a catch - make login token a little more unique #for the cases when passwords are the same for two users #from the same provider try: assoc = UserAssociation.objects.get( user=user, provider_name=provider_name) except UserAssociation.DoesNotExist: assoc = UserAssociation(user=user, provider_name=provider_name) assoc.openid_url = username + '@' + provider_name #has to be this way for external pw logins elif method == 'openid': try: assoc = UserAssociation.objects.get(openid_url=openid_url) user = assoc.user except UserAssociation.DoesNotExist: return None except UserAssociation.MultipleObjectsReturned: logging.critical('duplicate openid url in the database!!! %s' % openid_url) return None elif method == 'email': #with this method we do no use user association try: #todo: add email_key_timestamp field #and check key age user = User.objects.get(email_key=email_key) user.email_key = None #one time key so delete it user.email_isvalid = True user.save() return user except User.DoesNotExist: return None elif method == 'oauth': if login_providers[provider_name]['type'] in ('oauth', 'oauth2'): try: assoc = UserAssociation.objects.get( openid_url=oauth_user_id, provider_name=provider_name) user = assoc.user except UserAssociation.DoesNotExist: return None else: return None elif method == 'facebook': try: #assert(provider_name == 'facebook') assoc = UserAssociation.objects.get( openid_url=facebook_user_id, provider_name='facebook') user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'ldap': #user_info = ldap_authenticate(username, password) user_info = util.ldap_check_password(username, password) if user_info['success'] == False: # Maybe a user created internally (django admin user) try: user = User.objects.get(username__exact=username) if user.check_password(password): return user else: return None except User.DoesNotExist: return None else: #load user by association or maybe auto-create one ldap_username = user_info['ldap_username'] try: #todo: provider_name is hardcoded - possible conflict assoc = UserAssociation.objects.get( openid_url=ldap_username, provider_name='Wind River LDAP') user = assoc.user except UserAssociation.DoesNotExist: #email address is required if 'email' in user_info and askbot_settings.LDAP_AUTOCREATE_USERS: assoc = ldap_create_user(user_info) user = assoc.user else: return None elif method == 'wordpress_site': try: custom_wp_openid_url = '%s?user_id=%s' % (wordpress_url, wp_user_id) assoc = UserAssociation.objects.get( openid_url=custom_wp_openid_url, provider_name='wordpress_site') user = assoc.user except UserAssociation.DoesNotExist: return None elif method == 'force': return self.get_user(user_id) else: raise TypeError('only openid and password supported') if assoc: #update last used time assoc.last_used_timestamp = datetime.datetime.now() assoc.save() return user