def post(self, request, *args, **kwargs): # limit login authentication ip = get_request_ip(request) username = self.request.POST.get('username') if is_block_login(username, ip): return self.render_to_response(self.get_context_data(block_login=True)) return super().post(request, *args, **kwargs)
def post(self, request, *args, **kwargs): # limit login authentication ip = get_request_ip(request) username = self.request.POST.get('username') if is_block_login(username, ip): return self.render_to_response(self.get_context_data(block_login=True)) return super().post(request, *args, **kwargs)
def create_confirm_ticket(self, request=None): from tickets.models import Ticket title = _('Login confirm') + ' {}'.format(self.user) if request: remote_addr = get_request_ip(request) city = get_ip_city(remote_addr) datetime = timezone.now().strftime('%Y-%m-%d %H:%M:%S') body = __("{user_key}: {username}<br>" "IP: {ip}<br>" "{city_key}: {city}<br>" "{date_key}: {date}<br>").format(user_key=__("User"), username=self.user, ip=remote_addr, city_key=_("City"), city=city, date_key=__("Datetime"), date=datetime) else: body = '' reviewer = self.reviewers.all() ticket = Ticket.objects.create( user=self.user, title=title, body=body, type=Ticket.TYPE.LOGIN_CONFIRM, ) ticket.assignees.set(reviewer) return ticket
def create(self, request, *args, **kwargs): username = self.request.data.get('username') ip = self.request.data.get('remote_addr', None) ip = ip or get_request_ip(self.request) user = None try: self.check_is_block(username, ip) user = self.check_user_valid() if user.otp_enabled: raise MFARequiredError() self.send_auth_signal(success=True, user=user) clean_failed_count(username, ip) return super().create(request, *args, **kwargs) except AuthFailedError as e: increase_login_failed_count(username, ip) self.send_auth_signal(success=False, user=user, username=username, reason=str(e)) return Response({'msg': str(e)}, status=401) except MFARequiredError: msg = _("MFA required") seed = uuid.uuid4().hex cache.set(seed, user.username, 300) resp = {'msg': msg, "choices": ["otp"], "req": seed} return Response(resp, status=300)
def post(self, request): # limit login username = request.data.get('username') ip = request.data.get('remote_addr', None) ip = ip or get_request_ip(request) if is_block_login(username, ip): msg = _("Log in frequently and try again later") logger.warn(msg + ': ' + username + ':' + ip) return Response({'msg': msg}, status=401) user, msg = self.check_user_valid(request) if not user: username = request.data.get('username', '') exist = User.objects.filter(username=username).first() reason = LoginLog.REASON_PASSWORD if exist else LoginLog.REASON_NOT_EXIST data = { 'username': username, 'mfa': LoginLog.MFA_UNKNOWN, 'reason': reason, 'status': False } self.write_login_log(request, data) increase_login_failed_count(username, ip) return Response({'msg': msg}, status=401) if not user.otp_enabled: data = { 'username': user.username, 'mfa': int(user.otp_enabled), 'reason': LoginLog.REASON_NOTHING, 'status': True } self.write_login_log(request, data) # 登陆成功,清除原来的缓存计数 clean_failed_count(username, ip) token = generate_token(request, user) return Response({ 'token': token, 'user': self.serializer_class(user).data }) seed = uuid.uuid4().hex cache.set(seed, user, 300) return Response( { 'code': 101, 'msg': _('Please carry seed value and ' 'conduct MFA secondary certification'), 'otp_url': reverse('api-users:user-otp-auth'), 'seed': seed, 'user': self.serializer_class(user).data }, status=300)
def create(self, validated_data): request = self.context.get('request') instance = super().create(validated_data) instance.is_accepted = True if request: instance.remote_addr = get_request_ip(request) instance.save() return instance
def post(self, request): # limit login username = request.data.get('username') ip = request.data.get('remote_addr', None) ip = ip or get_request_ip(request) if is_block_login(username, ip): msg = _("Log in frequently and try again later") logger.warn(msg + ': ' + username + ':' + ip) return Response({'msg': msg}, status=401) user, msg = self.check_user_valid(request) if not user: username = request.data.get('username', '') exist = User.objects.filter(username=username).first() reason = LoginLog.REASON_PASSWORD if exist else LoginLog.REASON_NOT_EXIST self.send_auth_signal(success=False, username=username, reason=reason) increase_login_failed_count(username, ip) return Response({'msg': msg}, status=401) if user.password_has_expired: self.send_auth_signal(success=False, username=username, reason=LoginLog.REASON_PASSWORD_EXPIRED) msg = _("The user {} password has expired, please update.".format( user.username)) logger.info(msg) return Response({'msg': msg}, status=401) if not user.otp_enabled: self.send_auth_signal(success=True, user=user) # 登陆成功,清除原来的缓存计数 clean_failed_count(username, ip) token = user.create_bearer_token(request) return Response({ 'token': token, 'user': self.serializer_class(user).data }) seed = uuid.uuid4().hex cache.set(seed, user, 300) return Response( { 'code': 101, 'msg': _('Please carry seed value and ' 'conduct MFA secondary certification'), 'otp_url': reverse('api-auth:user-otp-auth'), 'seed': seed, 'user': self.serializer_class(user).data }, status=300)
def on_user_change_password(sender, instance=None, **kwargs): if hasattr(instance, '_set_password'): if not current_request or not current_request.user.is_authenticated: return with transaction.atomic(): PasswordChangeLog.objects.create( user=instance, change_by=current_request.user, remote_addr=get_request_ip(current_request), )
def create(self, validated_data): request = self.context.get('request') sa = self.service_account_serializer.save() instance = super().create(validated_data) instance.is_accepted = True instance.user = sa instance.remote_addr = get_request_ip(request) instance.save() return instance
def on_user_change_password(sender, instance=None, **kwargs): if hasattr(instance, '_set_password'): if not current_request or not current_request.user.is_authenticated: return with transaction.atomic(): PasswordChangeLog.objects.create( user=instance, change_by=current_request.user, remote_addr=get_request_ip(current_request), )
def post(self, request): # limit login username = request.data.get('username') ip = request.data.get('remote_addr', None) ip = ip or get_request_ip(request) if is_block_login(username, ip): msg = _("Log in frequently and try again later") logger.warn(msg + ': ' + username + ':' + ip) return Response({'msg': msg}, status=401) user, msg = self.check_user_valid(request) if not user: username = request.data.get('username', '') exist = User.objects.filter(username=username).first() reason = LoginLog.REASON_PASSWORD if exist else LoginLog.REASON_NOT_EXIST data = { 'username': username, 'mfa': LoginLog.MFA_UNKNOWN, 'reason': reason, 'status': False } self.write_login_log(request, data) increase_login_failed_count(username, ip) return Response({'msg': msg}, status=401) if not user.otp_enabled: data = { 'username': user.username, 'mfa': int(user.otp_enabled), 'reason': LoginLog.REASON_NOTHING, 'status': True } self.write_login_log(request, data) # 登陆成功,清除原来的缓存计数 clean_failed_count(username, ip) token = generate_token(request, user) return Response( { 'token': token, 'user': self.serializer_class(user).data } ) seed = uuid.uuid4().hex cache.set(seed, user, 300) return Response( { 'code': 101, 'msg': _('Please carry seed value and ' 'conduct MFA secondary certification'), 'otp_url': reverse('api-users:user-otp-auth'), 'seed': seed, 'user': self.serializer_class(user).data }, status=300 )
def form_valid(self, form): if not self.request.session.test_cookie_worked(): return HttpResponse(_("Please enable cookies and try again.")) set_tmp_user_to_cache(self.request, form.get_user()) username = form.cleaned_data.get('username') ip = get_request_ip(self.request) # 登陆成功,清除缓存计数 clean_failed_count(username, ip) return redirect(self.get_success_url())
def on_user_change_password(sender, instance=None, **kwargs): if hasattr(instance, '_set_password'): if not current_request or not current_request.user.is_authenticated: return with transaction.atomic(): data = { 'user': instance.username, 'change_by': current_request.user.username, 'remote_addr': get_request_ip(current_request) } write_password_change_log(**data)
def write_login_log(self, data): login_ip = get_request_ip(self.request) user_agent = self.request.META.get('HTTP_USER_AGENT', '') tmp_data = { 'ip': login_ip, 'type': 'W', 'user_agent': user_agent } data.update(tmp_data) write_login_log_async.delay(**data)
def form_valid(self, form): if not self.request.session.test_cookie_worked(): return HttpResponse(_("Please enable cookies and try again.")) set_tmp_user_to_cache(self.request, form.get_user()) username = form.cleaned_data.get('username') ip = get_request_ip(self.request) # 登陆成功,清除缓存计数 clean_failed_count(username, ip) return redirect(self.get_success_url())
def write_login_log(self, data): login_ip = get_request_ip(self.request) user_agent = self.request.META.get('HTTP_USER_AGENT', '') tmp_data = { 'ip': login_ip, 'type': 'W', 'user_agent': user_agent } data.update(tmp_data) write_login_log_async.delay(**data)
def save(self, **kwargs): instance = super().save(**kwargs) request = self.context.get('request') instance.is_accepted = True if request: instance.remote_addr = get_request_ip(request) sa = self.service_account.save() instance.user = sa instance.save() return instance
def construct_confirm_ticket_meta(request=None): login_ip = get_request_ip(request) if request else '' login_ip = login_ip or '0.0.0.0' login_city = get_ip_city(login_ip) login_datetime = local_now_display() ticket_meta = { 'apply_login_ip': login_ip, 'apply_login_city': login_city, 'apply_login_datetime': login_datetime, } return ticket_meta
def construct_confirm_ticket_meta(request=None): login_ip = get_request_ip(request) if request else '' login_ip = login_ip or '0.0.0.0' login_city = get_ip_city(login_ip) login_datetime = timezone.now().strftime('%Y-%m-%d %H:%M:%S') ticket_meta = { 'apply_login_ip': login_ip, 'apply_login_city': login_city, 'apply_login_datetime': login_datetime, } return ticket_meta
def check_different_city_login(user, request): ip = get_request_ip(request) or '0.0.0.0' if not (ip and validate_ip(ip)): city = DEFAULT_CITY else: city = get_ip_city(ip) or DEFAULT_CITY last_user_login = UserLoginLog.objects.filter(username=user.username, status=True).first() if last_user_login and last_user_login.city != city: DifferentCityLoginMessage(user, ip, city).publish_async()
def save(self, **kwargs): instance = super().save(**kwargs) request = self.context.get('request') instance.is_accepted = True if request: instance.remote_addr = get_request_ip(request) sa = self.service_account.save() instance.user = sa instance.command_storage = CommandStorage.default().name instance.replay_storage = ReplayStorage.default().name instance.save() return instance
def create(self, validated_data): instance = super().create(validated_data) request = self.context.get('request') instance.is_accepted = True if request: instance.remote_addr = get_request_ip(request) sa = self.service_account.create(validated_data) sa.set_component_role() instance.user = sa instance.command_storage = CommandStorage.default().name instance.replay_storage = ReplayStorage.default().name instance.save() return instance
def post(self, request): # limit login username = request.data.get('username') ip = request.data.get('remote_addr', None) ip = ip or get_request_ip(request) if is_block_login(username, ip): msg = _("Log in frequently and try again later") logger.warn(msg + ': ' + username + ':' + ip) return Response({'msg': msg}, status=401) user, msg = self.check_user_valid(request) if not user: username = request.data.get('username', '') exist = User.objects.filter(username=username).first() reason = LoginLog.REASON_PASSWORD if exist else LoginLog.REASON_NOT_EXIST self.send_auth_signal(success=False, username=username, reason=reason) increase_login_failed_count(username, ip) return Response({'msg': msg}, status=401) if user.password_has_expired: self.send_auth_signal( success=False, username=username, reason=LoginLog.REASON_PASSWORD_EXPIRED ) msg = _("The user {} password has expired, please update.".format( user.username)) logger.info(msg) return Response({'msg': msg}, status=401) if not user.otp_enabled: self.send_auth_signal(success=True, user=user) # 登陆成功,清除原来的缓存计数 clean_failed_count(username, ip) token = user.create_bearer_token(request) return Response( {'token': token, 'user': self.serializer_class(user).data} ) seed = uuid.uuid4().hex cache.set(seed, user, 300) return Response( { 'code': 101, 'msg': _('Please carry seed value and ' 'conduct MFA secondary certification'), 'otp_url': reverse('api-auth:user-otp-auth'), 'seed': seed, 'user': self.serializer_class(user).data }, status=300 )
def write_login_log(request, data): login_ip = request.data.get('remote_addr', None) login_type = request.data.get('login_type', '') user_agent = request.data.get('HTTP_USER_AGENT', '') if not login_ip: login_ip = get_request_ip(request) tmp_data = { 'ip': login_ip, 'type': login_type, 'user_agent': user_agent } data.update(tmp_data) write_login_log_async.delay(**data)
def per_request_callbacks(response): status_as_string = response.status status_as_integer = response.status_code api = ApiTracker(URL=request.url, method=request.method, status=response.status, status_code=response.status_code, execution_time=datetime.datetime.now(), request_ip=utils.get_request_ip(), platform=request.user_agent.platform, browser=request.user_agent.browser) db.session.add(api) db.session.commit() return response
def on_user_change_password(sender, user=None, **kwargs): if not current_request: remote_addr = '127.0.0.1' change_by = 'System' else: remote_addr = get_request_ip(current_request) if not current_request.user.is_authenticated: change_by = str(user) else: change_by = str(current_request.user) with transaction.atomic(): models.PasswordChangeLog.objects.create( user=str(user), change_by=change_by, remote_addr=remote_addr, )
def create_operate_log(action, sender, resource): user = current_request.user if current_request else None if not user or not user.is_authenticated: return model_name = sender._meta.object_name if model_name not in MODELS_NEED_RECORD: return resource_type = sender._meta.verbose_name remote_addr = get_request_ip(current_request) with transaction.atomic(): OperateLog.objects.create(user=user, action=action, resource_type=resource_type, resource=resource, remote_addr=remote_addr)
def write_login_log(request, data): login_ip = request.data.get('remote_addr', None) login_type = request.data.get('login_type', '') user_agent = request.data.get('HTTP_USER_AGENT', '') if not login_ip: login_ip = get_request_ip(request) tmp_data = { 'ip': login_ip, 'type': login_type, 'user_agent': user_agent } data.update(tmp_data) write_login_log_async.delay(**data)
def form_invalid(self, form): # write login failed log username = form.cleaned_data.get('username') exist = User.objects.filter(username=username).first() reason = LoginLog.REASON_PASSWORD if exist else LoginLog.REASON_NOT_EXIST # limit user login failed count ip = get_request_ip(self.request) increase_login_failed_count(username, ip) # show captcha cache.set(self.key_prefix_captcha.format(ip), 1, 3600) self.send_auth_signal(success=False, username=username, reason=reason) old_form = form form = self.form_class_captcha(data=form.data) form._errors = old_form.errors return super().form_invalid(form)
def form_valid(self, form): if not self.request.session.test_cookie_worked(): return HttpResponse(_("Please enable cookies and try again.")) user = form.get_user() # user password expired if user.password_has_expired: reason = LoginLog.REASON_PASSWORD_EXPIRED self.send_auth_signal(success=False, username=user.username, reason=reason) return self.render_to_response(self.get_context_data(password_expired=True)) set_tmp_user_to_cache(self.request, user) username = form.cleaned_data.get('username') ip = get_request_ip(self.request) # 登陆成功,清除缓存计数 clean_failed_count(username, ip) return redirect(self.get_success_url())
def form_valid(self, form): if not self.request.session.test_cookie_worked(): return HttpResponse(_("Please enable cookies and try again.")) user = form.get_user() # user password expired if user.password_has_expired: reason = LoginLog.REASON_PASSWORD_EXPIRED self.send_auth_signal(success=False, username=user.username, reason=reason) return self.render_to_response(self.get_context_data(password_expired=True)) set_tmp_user_to_cache(self.request, user) username = form.cleaned_data.get('username') ip = get_request_ip(self.request) # 登陆成功,清除缓存计数 clean_failed_count(username, ip) return redirect(self.get_success_url())
def generate_data(username, request): user_agent = request.META.get('HTTP_USER_AGENT', '') login_ip = get_request_ip(request) or '0.0.0.0' if isinstance(request, Request): login_type = request.META.get('HTTP_X_JMS_LOGIN_TYPE', '') else: login_type = 'W' data = { 'username': username, 'ip': login_ip, 'type': login_type, 'user_agent': user_agent, 'datetime': timezone.now() } return data
def form_invalid(self, form): # write login failed log username = form.cleaned_data.get('username') exist = User.objects.filter(username=username).first() reason = LoginLog.REASON_PASSWORD if exist else LoginLog.REASON_NOT_EXIST # limit user login failed count ip = get_request_ip(self.request) increase_login_failed_count(username, ip) # show captcha cache.set(self.key_prefix_captcha.format(ip), 1, 3600) self.send_auth_signal(success=False, username=username, reason=reason) old_form = form form = self.form_class_captcha(data=form.data) form._errors = old_form.errors return super().form_invalid(form)
def generate_data(username, request): if not request.user.is_anonymous and request.user.is_app: login_ip = request.data.get('remote_addr', None) login_type = request.data.get('login_type', '') user_agent = request.data.get('HTTP_USER_AGENT', '') else: login_ip = get_request_ip(request) user_agent = request.META.get('HTTP_USER_AGENT', '') login_type = 'W' data = { 'username': username, 'ip': login_ip, 'type': login_type, 'user_agent': user_agent, 'datetime': timezone.now() } return data
def generate_data(username, request): if not request.user.is_anonymous and request.user.is_app: login_ip = request.data.get('remote_addr', None) login_type = request.data.get('login_type', '') user_agent = request.data.get('HTTP_USER_AGENT', '') else: login_ip = get_request_ip(request) user_agent = request.META.get('HTTP_USER_AGENT', '') login_type = 'W' data = { 'username': username, 'ip': login_ip, 'type': login_type, 'user_agent': user_agent, 'datetime': timezone.now() } return data
def post(self, request): # limit login username = request.data.get('username') ip = request.data.get('remote_addr', None) ip = ip or get_request_ip(request) if is_block_login(username, ip): msg = _("Log in frequently and try again later") logger.warn(msg + ': ' + username + ':' + ip) return Response({'msg': msg}, status=401) user, msg = self.check_user_valid(request) if not user: username = request.data.get('username', '') self.send_auth_signal(success=False, username=username, reason=msg) increase_login_failed_count(username, ip) return Response({'msg': msg}, status=401) if not user.otp_enabled: self.send_auth_signal(success=True, user=user) # 登陆成功,清除原来的缓存计数 clean_failed_count(username, ip) token, expired_at = user.create_bearer_token(request) return Response({ 'token': token, 'user': self.get_serializer(user).data }) seed = uuid.uuid4().hex cache.set(seed, user, 300) return Response( { 'code': 101, 'msg': _('Please carry seed value and ' 'conduct MFA secondary certification'), 'otp_url': reverse('api-auth:user-otp-auth'), 'seed': seed, 'user': self.get_serializer(user).data }, status=300)
def generate_data(username, request): user_agent = request.META.get('HTTP_USER_AGENT', '') if isinstance(request, Request): login_ip = request.data.get('remote_addr', None) login_type = request.data.get('login_type', '') else: login_ip = get_request_ip(request) login_type = 'W' data = { 'username': username, 'ip': login_ip, 'type': login_type, 'user_agent': user_agent, 'datetime': timezone.now() } return data
def generate_data(username, request, login_type=None): user_agent = request.META.get('HTTP_USER_AGENT', '') login_ip = get_request_ip(request) or '0.0.0.0' if login_type is None and isinstance(request, Request): login_type = request.META.get('HTTP_X_JMS_LOGIN_TYPE', 'U') if login_type is None: login_type = 'W' data = { 'username': username, 'ip': login_ip, 'type': login_type, 'user_agent': user_agent[0:254], 'datetime': timezone.now(), 'backend': get_login_backend(request) } return data
def on_m2m_changed(sender, action, instance, reverse, model, pk_set, **kwargs): if action not in M2M_ACTION: return user = current_request.user if current_request else None if not user or not user.is_authenticated: return sender_name = sender._meta.object_name if sender_name in M2M_NEED_RECORD: org_id = current_org.id remote_addr = get_request_ip(current_request) user = str(user) resource_type, resource_tmpl_add, resource_tmpl_remove = M2M_NEED_RECORD[ sender_name] action = M2M_ACTION[action] if action == OperateLog.ACTION_CREATE: resource_tmpl = resource_tmpl_add elif action == OperateLog.ACTION_DELETE: resource_tmpl = resource_tmpl_remove to_create = [] objs = model.objects.filter(pk__in=pk_set) instance_name = instance._meta.object_name instance_value = str(instance) model_name = model._meta.object_name for obj in objs: resource = resource_tmpl.format(**{ instance_name: instance_value, model_name: str(obj) })[:128] # `resource` 字段只有 128 个字符长 😔 to_create.append( OperateLog(user=user, action=action, resource_type=resource_type, resource=resource, remote_addr=remote_addr, org_id=org_id)) OperateLog.objects.bulk_create(to_create)
def create_operate_log(action, sender, resource): user = current_request.user if current_request else None if not user or not user.is_authenticated: return model_name = sender._meta.object_name if model_name not in MODELS_NEED_RECORD: return resource_type = sender._meta.verbose_name remote_addr = get_request_ip(current_request) data = { "user": str(user), 'action': action, 'resource_type': resource_type, 'resource': str(resource), 'remote_addr': remote_addr, } with transaction.atomic(): try: models.OperateLog.objects.create(**data) except Exception as e: logger.error("Create operate log error: {}".format(e))
def create_operate_log(action, sender, resource): user = current_request.user if current_request else None if not user or not user.is_authenticated: return model_name = sender._meta.object_name if model_name not in MODELS_NEED_RECORD: return resource_type = sender._meta.verbose_name remote_addr = get_request_ip(current_request) data = { "user": str(user), 'action': action, 'resource_type': resource_type, 'resource': str(resource), 'remote_addr': remote_addr, } with transaction.atomic(): try: OperateLog.objects.create(**data) except Exception as e: logger.error("Create operate log error: {}".format(e))
def form_invalid(self, form): # write login failed log username = form.cleaned_data.get('username') exist = User.objects.filter(username=username).first() reason = LoginLog.REASON_PASSWORD if exist else LoginLog.REASON_NOT_EXIST data = { 'username': username, 'mfa': LoginLog.MFA_UNKNOWN, 'reason': reason, 'status': False } self.write_login_log(data) # limit user login failed count ip = get_request_ip(self.request) increase_login_failed_count(username, ip) # show captcha cache.set(self.key_prefix_captcha.format(ip), 1, 3600) old_form = form form = self.form_class_captcha(data=form.data) form._errors = old_form.errors return super().form_invalid(form)
def get_form_class(self): ip = get_request_ip(self.request) if cache.get(self.key_prefix_captcha.format(ip)): return self.form_class_captcha else: return self.form_class