def perm_grant(request): g_id = request.GET.get('g_id', '') u_id = request.GET.get('u_id', '') mypermissions = MyPermission.objects.filter(parent__isnull=True).order_by('order_id') if g_id: obj = Group.objects.get(id=g_id) perms = obj.permissions.values_list('content_type__app_label', 'codename').order_by() perms = set("%s.%s" % (ct, name) for ct, name in perms) if u_id: obj = MyUser.objects.get(id=u_id) perms = ModelBackend().get_all_permissions(obj) if request.method == "POST": ids = request.POST.get('ids', '').split(',') ids = filter(lambda s: s.isdigit(), ids) permissions = [] for p in MyPermission.objects.filter(id__in=ids): permissions.append(p.permission) if g_id: obj.permissions.clear() obj.permissions = permissions else: obj.user_permissions.clear() obj.user_permissions = permissions messages.add_message(request, messages.SUCCESS, u'信息修改成功') # return HttpResponseRedirect(reverse('user_list')) return HttpResponseRedirect(request.get_full_path()) return render(request, "perm/perm_grant.html", { 'mypermissions': mypermissions, 'myperms': perms, 'obj': obj, })
def authenticate(self, **kwargs): log.info("Authenticating: %(username)s" % kwargs) try: user = RemoteDrupalBackend().authenticate(**kwargs) if user is None: log.info( "Remote Auth Rejected, trying local user list: %(username)s" % kwargs) # Then... Remote failed, try local model #return super(DualAuthBackend, self).authenticate(self, # **kwargs) return ModelBackend().authenticate(**kwargs) else: # Remote succeeded, but we're still cautious and refuse # this one password out of abundance of prudence log.info(" " * 5 + "Remote Auth Accepted: %(username)s" % kwargs) return user except PermissionDenied: log.warn(" " * 5 + "Full Abort after remote Auth for user: %(username)s" % kwargs) raise # abort abort abort! except: raise log.warn(" " * 5 + "Other error in remote Auth for user: %(username)s" % kwargs) return None
def test_anonymous_has_no_permissions(self): """ #17903 -- Anonymous users shouldn't have permissions in ModelBackend.get_(all|user|group)_permissions(). """ backend = ModelBackend() user = self.UserModel._default_manager.get(pk=self.user.pk) content_type = ContentType.objects.get_for_model(Group) user_perm = Permission.objects.create(name='test', content_type=content_type, codename='test_user') group_perm = Permission.objects.create(name='test2', content_type=content_type, codename='test_group') user.user_permissions.add(user_perm) group = Group.objects.create(name='test_group') user.groups.add(group) group.permissions.add(group_perm) self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'}) self.assertEqual(backend.get_user_permissions(user), {'auth.test_user'}) self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'}) with mock.patch.object(self.UserModel, 'is_anonymous', True): self.assertEqual(backend.get_all_permissions(user), set()) self.assertEqual(backend.get_user_permissions(user), set()) self.assertEqual(backend.get_group_permissions(user), set())
def favhtml(request): """点赞""" userid = request.session.get('_auth_user_id', None) cacheuserdic = cache.get(userid, None) if not cacheuserdic: return False if not cacheuserdic['is_login']: weiboresponeobj = weiborespone.is_favor(nid='', status=False, message="登录超时,请重新登录") return HttpResponse(json.dumps(weiboresponeobj.dic())) if request.method == 'GET': favid = request.GET.get('id', None) userobj = ModelBackend().get_user(user_id=userid) weibocontenobj = models_server.WeiboContent() ret = weibocontenobj.is_favor(favid, userobj) if not ret: weiboresponeobj = weiborespone.is_favor(nid='', status=False, message="已经点过赞了亲") else: weiboresponeobj = weiborespone.is_favor(nid='', status=True, message="") return HttpResponse(json.dumps(weiboresponeobj.dic())) elif request.method == 'POST': pass
def picture_video(request): """图片视频上传视图""" userid = request.session.get('_auth_user_id', None) userobj = ModelBackend().get_user(user_id=userid) fileobj = user_file.userfile(user_obj=userobj) filepath = fileobj.filepath if userobj: if request.method == 'GET': if os.path.isdir(filepath): shutil.rmtree((filepath)) os.makedirs(filepath) else: os.makedirs(filepath) return HttpResponse('ok') elif request.method == 'POST': try: obj = request.FILES.get('PVFile') fileabspath = os.path.join( filepath, '%s%s%s' % (encryption(obj.name), '.', str(obj.name).split('.')[-1])) f = open(fileabspath, 'wb') for chunk in obj.chunks(): f.write(chunk) f.close() pvfileresponeobj = weiborespone.PVFile( status=True, message='上传成功', filepath=str(fileabspath).split('user')[-1]) except Exception as e: pvfileresponeobj = weiborespone.PVFile(status=False, message='上传失败', filepath=str(e)) return HttpResponse(json.dumps(pvfileresponeobj.dic()))
class RestrictiveBackend(object): """ Allows restricting permissions on per-object basis. For objects, checks object permissions first. If none found checks model permissions. Works pretty much as usual for model permissions. NOTE: Make sure this is the only authentication backend providing permissions or it won't work, since Django will ask all backends and just needs one backend to return True in order to grant the permission. If no permissions are found at all, returns the value of the USERS_LOGGED_IN_HAS_PERM setting, or False if it's not set. Set this to True if you want to allow everything that is not restricted on a per-object level, as long as the user is logged in. Remember, you can control anonymous user permissions separately. See the ANONYMOUS_USER_ID setting (from django-guardian) and the USERS_ANONYMOUS_GROUP setting. Supports ban list through the optional USERS_BANNED_GROUP setting. Note that users in this group will not have ANY permissions, regardless of what the group's permissions are set to. It is only a way to indicate which users are banned and does not behave like a regular group when it comes to permissions. Uses django-guardian internally to check object permissions and the default django.contrib.auth.backends.ModelBackend for model permissions. """ supports_object_permissions = True supports_anonymous_user = True supports_inactive_user = True _object_backend = ObjectPermissionBackend() _model_backend = ModelBackend() def authenticate(self, username=None, password=None): return None def is_banned(self, user_obj): return (BANNED_GROUP and user_obj.groups.filter(name=BANNED_GROUP).exists()) def has_perm(self, user_obj, perm, obj=None): default_has_perm = False if user_obj.is_authenticated(): default_has_perm = LOGGED_IN_HAS_PERM else: user_obj = User.objects.get(pk=ANONYMOUS_USER_ID) if not user_obj.is_active: return False if user_obj.is_superuser: return True if self.is_banned(user_obj): return False if obj and self.object_has_perms(obj): return self._object_backend.has_perm(user_obj, perm, obj) has_model_perm = self._model_backend.has_perm(user_obj, perm) return has_model_perm or default_has_perm def object_has_perms(self, obj): return ( GroupObjectPermission.objects.filter(object_pk=obj.pk).exists() or UserObjectPermission.objects.filter(object_pk=obj.pk).exists())
def test_non_browserid_user(self): # If the current user was not authenticated via # django-browserid, userEmail should be empty. user = auth.models.User.objects.create_user('asdf', '*****@*****.**') response = self.info(user, ModelBackend()) response_data = json.loads(smart_text(response.content)) eq_(response_data['userEmail'], '')
def test_inactive_has_no_permissions(self): """ #17903 -- Inactive users shouldn't have permissions in ModelBackend.get_(all|user|group)_permissions(). """ backend = ModelBackend() user = self.UserModel._default_manager.get(pk=self.user.pk) content_type = ContentType.objects.get_for_model(Group) user_perm = Permission.objects.create(name='test', content_type=content_type, codename='test_user') group_perm = Permission.objects.create(name='test2', content_type=content_type, codename='test_group') user.user_permissions.add(user_perm) group = Group.objects.create(name='test_group') user.groups.add(group) group.permissions.add(group_perm) self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'}) self.assertEqual(backend.get_user_permissions(user), {'auth.test_user', 'auth.test_group'}) self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'}) user.is_active = False user.save() self.assertEqual(backend.get_all_permissions(user), set()) self.assertEqual(backend.get_user_permissions(user), set()) self.assertEqual(backend.get_group_permissions(user), set())
def identify_operatorfinger(request): obj_template = request.REQUEST.get("template10", "") mathpro = windll.LoadLibrary("match.dll") if obj_template: from ctypes import create_string_buffer obj_template = create_string_buffer(obj_template) tmps = OperatorTemplate.objects.filter(fpversion=10) #比对时只取10.0 if tmps: for t in tmps: try: source_template = t.template1 source_template = create_string_buffer(source_template) math_result = mathpro.process10(source_template, obj_template) if math_result == FP_IDENTIFY_SUCCESS: user = t.user backend = ModelBackend() user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) return t elif math_result == FP_NO_LICENCES: return math_result except: import traceback; traceback.print_exc() return FP_IDENTIFY_FAILED else: return FP_IDENTIFY_FAILED
def post(self, request): form = AccessTokenForm.create_from_request(request) if not form.is_valid(): raise ValidationException(request, form) backend = ModelBackend() user = backend.authenticate(request, username=form.cleaned_data['username'], password=form.cleaned_data['password']) if not user: raise UnauthorizedException(request) access_token = JWTFactory(user.pk).access() jti, refresh_token = JWTFactory(user.pk).refresh() redis = Redis(host=settings.REDIS_HOST, port=settings.REDIS_PORT, db=settings.REDIS_DATABASE) redis.set(f"refresh_token:{jti}", jti) redis.expire(f"refresh_token:{jti}", settings.SECURED_VIEW_JWT_REFRESH_TOKEN_EXPIRATION) return SingleResponse(request, { 'access_token': access_token, 'refresh_token': refresh_token }, status=HTTPStatus.OK)
def comhtml(request): """评论""" userid = request.session.get('_auth_user_id', None) cacheuserdic = cache.get(userid, None) if not cacheuserdic or not cacheuserdic['is_login']: weiboresponeobj = weiborespone.is_com(comlist='', status=False, message="登录超时,请重新登录") return HttpResponse(json.dumps(weiboresponeobj.dic())) if request.method == 'GET': comid = request.GET.get('id', None) text = request.GET.get('text', None) userobj = ModelBackend().get_user(user_id=userid) weibocontenobj = models_server.WeiboContent() if text: ret = weibocontenobj.is_comment(weibo_id=comid, userobj=userobj, comment=text) else: ret = weibocontenobj.select_comment(comid) weiboresponeobj = weiborespone.is_com(comlist=ret, status=True, message="") return HttpResponse(json.dumps(weiboresponeobj.dic())) elif request.method == 'POST': pass
def test_create_active_user(db): """Should authenticate users in active state.""" user = UserAccount.objects.create_user(**DEFAULT_PARAMETERS) parameters = DEFAULT_PARAMETERS.copy() password = parameters.pop("password") assert ModelBackend().authenticate(request=None, username=user.email, password=password)
def login_password(request, username, password): """login_password(username, password): session_id""" backend = ModelBackend() user = backend.authenticate(username, password) if user is None: raise PermissionDenied("Invalid username or password.") user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) django.contrib.auth.login(request, user) return request.session.session_key
def login(request): """登录视图""" if request.method == 'GET': pass elif request.method == 'POST': """登录判断""" username = request.POST.get('username', None) password = request.POST.get('password', None) loginrespone = userrespone.loginespone() if username and password: obj = models_server.UserCollection() ret = obj.is_login(request=request, username=username, password=password) if ret: user_id = request.session['_auth_user_id'] request.session['id_login'] = True loginrespone.status = True sessionrequestobj = sessionrespone.sessionrespone( user_id=user_id) cache.set(user_id, sessionrequestobj.dic(), timeout=config.cache['redis_timeout']) usercollobj = models_server.UserCollection() newmess_push.start('%s%s' % (str( usercollobj.mymess( ModelBackend().get_user(user_id=user_id)).id), 'mq')) else: loginrespone.status = False loginrespone.message = "用户名或密码错误" else: loginrespone.status = False loginrespone.message = "用户名或密码不能为空" return HttpResponse(json.dumps(loginrespone.dic())) elif request.method == 'PUT': """更改密码""" username = request.POST.get('username', None) old_password = request.POST.get('old_password', None) new_password = request.POST.get('new_password', None) if username and old_password and new_password: obj = models_server.UserCollection() ret = obj.put_passwd(username=username, old_password=old_password, new_password=new_password) print(ret) return elif request.method == 'DELETE': """退出用户登录""" userid = request.session.get('_auth_user_id', None) cache.set(userid, {'is_login': False}, timeout=5) obj = models_server.UserCollection() ret = obj.is_logout(request) return redirect('/index/', permanent=True)
def loginPOST(req): form = req.POST nexturl = form.get('next', '/') kwds = {} kwds['username'] = form.get('uid', '') or form.get('username', '') kwds['password'] = form.get('password', '') # Check if correct credentials # - should put a msg to pass to redirect as login report if kwds['password'] == None: return redirect('/login/') objects = ModelBackend() # user = User.objects.authenticate(kwds['username'], kwds['password']) user = objects.authenticate(kwds['username'], kwds['password']) # user_list = objects.all() print "user_list:" print User.objects.all() print "username:%s, pwd:%s" % (kwds['username'], kwds['password']) # Check if user in group for redirect # - should put a msg to pass to redirect as login report group = user.groups.all().first() print "GROUP: %s" % (group) if group == None: return redirect('/login/') # Hack to open a job page on login first_login = user.date_joined == user.last_login print "user.date_joined == user.last_login => first_login:%s" % first_login if (first_login): from mcsimulator.models import Job, Simulation simulations = Simulation.objects sim = simulations.get(name__startswith=group) print "SIM:%s" % sim print " id: %s" % sim.id print " name: %s" % sim.name print " simgroup: %s" % sim.simgroup print " displayname: %s" % sim.displayname print " params:" for k, v in sim.params.items(): print " key:%s, val:%s" % (k, v) # got a simulation that is relevent to the user now build and save a job for them job_ref = "%s_%s_%s" % (datetime.datetime.now().strftime( "%Y%m%d%H%M%S"), sim.name(), user.name) Job.new(job_ref, sim, 0, 1000, 1000, sim.id).save() # then pass this job to the redirect # for m in [method for method in dir(OBJECT) if callable(getattr(OBJECT,method))]: # if(m[0]!="_"):print m # End of Job ref hack if user is None or not user.is_active: return redirect('/login/Invalid_credentials') else: user.backend = 'django.contrib.auth.backends.ModelBackend' login(req, user) return redirect(nexturl + job_ref)
def get_user(request): """ Returns the user model instance associated with the given request token. If no user is retrieved an instance of `AnonymousUser` is returned. """ if hasattr(request, 'token'): user_id = request.token.user.pk user = ModelBackend().get_user(user_id) or AnonymousUser() else: user = AnonymousUser() return user
def validate(self, attrs): username = attrs.get('username') password = attrs.get('password') if password and password: is_correct = bool(ModelBackend().authenticate(request=self.request, username=username, password=password)) if not is_correct: raise serializers.ValidationError( 'Incorrect login and password combination.') return attrs
def test_anonymous_has_no_permissions(self): """Anonymous users shouldn't have permissions in ModelBackend #17903 -- Anonymous users shouldn't have permissions in ModelBackend.get_(all|user|group)_permissions(). https://code.djangoproject.com/ticket/17903 """ backend = ModelBackend() user = self.UserModel._default_manager.get(pk=self.user.pk) content_type = ContentType.objects.get_for_model(Group) user_perm = Permission.objects.create(name="test", content_type=content_type, codename="test_user") group_perm = Permission.objects.create(name="test2", content_type=content_type, codename="test_group") user.user_permissions.add(user_perm) group = Group.objects.create(name="test_group") user.groups.add(group) group.permissions.add(group_perm) self.assertEqual( backend.get_all_permissions(user), {"auth.test_user", "auth.test_group"}, ) # Django 2.0 avoids cache permission problems # https://code.djangoproject.com/ticket/28713 # https://github.com/django/django/pull/9242 if DJANGO_VERSION >= (2, 0): self.assertEqual(backend.get_user_permissions(user), {"auth.test_user"}) else: self.assertEqual( backend.get_user_permissions(user), {"auth.test_user", "auth.test_group"}, ) self.assertEqual(backend.get_group_permissions(user), {"auth.test_group"}) # In Django 1.10, is_anonymous became a property. if DJANGO_VERSION >= (1, 10): is_anon_mock = True else: is_anon_mock = lambda s: True # noqa: E731 with patch.object(self.UserModel, "is_anonymous", is_anon_mock): self.assertEqual(backend.get_all_permissions(user), set()) self.assertEqual(backend.get_user_permissions(user), set()) self.assertEqual(backend.get_group_permissions(user), set())
def authenticate(self, request): incoming = extract_incoming(request) if not isinstance(incoming, dict): raise AuthenticationFailed() username, password = incoming.get(USERNAME), incoming.get(PASSWORD) if not username or not password: return None user = ModelBackend().authenticate(request, username, password) if user is None: raise AuthenticationFailed('%s or %s is incorrect.' % (USERNAME, PASSWORD)) if not user.is_active: raise AuthenticationFailed("Invalid Login.") return user, None
def authenticate(self, username, password, backend_cls=None): if not backend_cls: class EveryoneCanActAs(ActAsBackend): def can_act_as(self, auth_user, user): return True backend_cls = EveryoneCanActAs backend = backend_cls() with patched_get_backends([backend, ModelBackend()]): return auth_through_backend(backend, username=username, password=password)
class Meta: queryset = Product.objects.all() list_allowed_methods = ['get', 'post'] detail_allowed_methods = ['get', 'put', 'delete'] serializer = Serializer(formats=['json']) authentication = CustomAuthentication(backend=ModelBackend()) authorization = DjangoAuthorization() excludes = [ 'is_active', 'is_staff', 'is_superuser', 'date_joined', 'last_login' ]
def post(self, request, *kwargs): """...""" print(request.user) post = request.POST auth_backend = ModelBackend() user = auth_backend.authenticate(request, post.get('email'), post.get('password')) print(user) login(request, user) return JsonResponse({'status': 'success'})
def test_inactive_has_no_permissions(self): """Inactive users shouldn't have permissions in ModelBackend #17903 -- Inactive users shouldn't have permissions in ModelBackend.get_(all|user|group)_permissions(). https://code.djangoproject.com/ticket/17903 """ backend = ModelBackend() user = self.UserModel._default_manager.get(pk=self.user.pk) content_type = ContentType.objects.get_for_model(Group) user_perm = Permission.objects.create(name="test", content_type=content_type, codename="test_user") group_perm = Permission.objects.create(name="test2", content_type=content_type, codename="test_group") user.user_permissions.add(user_perm) group = Group.objects.create(name="test_group") user.groups.add(group) group.permissions.add(group_perm) self.assertEqual( backend.get_all_permissions(user), {"auth.test_user", "auth.test_group"}, ) # Django 2.0 avoids cache permission problems # https://code.djangoproject.com/ticket/28713 # https://github.com/django/django/pull/9242 if DJANGO_VERSION >= (2, 0): self.assertEqual(backend.get_user_permissions(user), {"auth.test_user"}) else: self.assertEqual( backend.get_user_permissions(user), {"auth.test_user", "auth.test_group"}, ) self.assertEqual(backend.get_group_permissions(user), {"auth.test_group"}) user.is_active = False user.save() self.assertEqual(backend.get_all_permissions(user), set()) self.assertEqual(backend.get_user_permissions(user), set()) self.assertEqual(backend.get_group_permissions(user), set())
def validate(self, data): # The `validate` method is where we make sure that the current # instance of `LoginSerializer` has "valid". In the case of logging a # user in, this means validating that they've provided an email # and password and that this combination matches one of the users in # our database. email = data.get('email', None) password = data.get('password', None) if email is None: raise serializers.ValidationError( 'An email address is required to log in.') if password is None: raise serializers.ValidationError( 'A password is required to log in.') # The `authenticate` method is provided by Django and handles checking # for a user that matches this email/password combination. # we pass `email` as the `username` value since in our User # model we set `USERNAME_FIELD` as `email`. # we use the authenticate method of the ModelBackend class in order to # mock it in tests and avoid hitting the database when unit testing this # serializer. The None value represents the request argument of the method user = ModelBackend().authenticate(None, username=email, password=password) if user is None: raise NotFound('A user with this email and password was not found') # purpose of this flag is to tell us whether the user has been banned # or deactivated. if not user.is_active: raise serializers.ValidationError('This user has been deactivated') return { 'email': user.email, 'username': user.username, 'token': user.token, 'profile': user.profile, }
def menu_filter(request): user = request.user menus = ModelBackend().get_all_permissions(user_obj=user) can_menus = { 'menus': [], } for menu in menus: if str(menu).split('.')[0] == 'plug_ins': menu = Permission.objects.get(codename=str(menu).split('.')[-1]) if menu.codename.split('_')[0] == 'view': can_menus['menus'].append({ 'id': menu.codename.split('view_')[-1], 'url': '/xadmin/ta/%s/' % menu.codename.split('view_')[-1].replace('menu', '') }) return can_menus
def test_anonymous_has_no_permissions(self): """ #17903 -- Anonymous users shouldn't have permissions in ModelBackend.get_(all|user|group)_permissions(). """ backend = ModelBackend() user = self.UserModel._default_manager.get(pk=self.user.pk) content_type = ContentType.objects.get_for_model(Group) user_perm = Permission.objects.create(name='test', content_type=content_type, codename='test_user') group_perm = Permission.objects.create(name='test2', content_type=content_type, codename='test_group') user.user_permissions.add(user_perm) group = Group.objects.create(name='test_group') user.groups.add(group) group.permissions.add(group_perm) self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'}) self.assertEqual(backend.get_user_permissions(user), {'auth.test_user', 'auth.test_group'}) self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'}) # In Django 1.10, is_anonymous became a property. is_anon = self.UserModel.is_anonymous if django.VERSION >= (1, 10): self.UserModel.is_anonymous = True else: user.is_anonymous = lambda: True self.assertEqual(backend.get_all_permissions(user), set()) self.assertEqual(backend.get_user_permissions(user), set()) self.assertEqual(backend.get_group_permissions(user), set()) self.UserModel.is_anonymous = is_anon
def user_login(request): if request.method == 'POST': username = request.POST.get('username') password = request.POST.get('password') UserModel = get_user_model() user = UserModel._default_manager.get_by_natural_key(username) mb = ModelBackend() user = authenticate(username=username, password=password, request=request) if user: if user.is_active: login(request, user) return HttpResponseRedirect(reverse('home')) else: return HttpResponse("ACCOUNT NOT ACTIVE") else: print("Someone tried to login and failed") return HttpResponse("Invalid login details") else: return render(request, 'accounts/login.html', {})
.. moduleauthor:: Gerson Galang <*****@*****.**> ''' import logging from django.contrib.auth.models import User, Group from django.contrib.auth.backends import ModelBackend from tardis.tardis_portal.auth.interfaces import AuthProvider, GroupProvider, UserProvider logger = logging.getLogger(__name__) auth_key = u'localdb' auth_display_name = u'Local DB' _modelBackend = ModelBackend() class DjangoAuthBackend(AuthProvider): """Authenticate against Django's Model Backend. """ def authenticate(self, request): """authenticate a user, this expect the user will be using form based auth and the *username* and *password* will be passed in as **POST** variables. :param request: a HTTP Request instance :type request: :class:`django.http.HttpRequest` """ username = request.POST['username']
def check_global_permission(user: User, perm: str) -> bool: """Check whether a user has a global permission.""" return ModelBackend().has_perm(user, perm)
def authenticate(self, *args, **kwargs): if django.VERSION[0] >= 2 or (django.VERSION[0] == 1 and django.VERSION[1] >= 11): assert len(args) > 0 and args[0] return ModelBackend().authenticate(*args, **kwargs)