def authenticate_user(request):
"""
Perform django authentication on a user/password
"""
username = request.POST["username"]
password = request.POST["password"]
user = User.objects.get(username=username)
# HACK: try to authenticate first with the normal password, then with the lowercase password
success = check_password(password, user.password) or check_password(password.lower(), user.password)
return HttpResponse(json.dumps({"result": success}))
def test_django_reference(self):
"run known correct hashes through Django's check_password()"
if not self.known_correct_hashes:
return self.skipTest("no known correct hashes specified")
from passlib.tests.test_ext_django import has_django1
if not has_django1:
return self.skipTest("Django not installed")
from django.contrib.auth.models import check_password
for secret, hash in self.all_correct_hashes:
self.assertTrue(check_password(secret, hash))
self.assertFalse(check_password('x' + secret, hash))
def test_django_reference(self):
"run known correct hashes through Django's check_password()"
if not self.known_correct_hashes:
return self.skipTest("no known correct hashes specified")
from passlib.tests.test_ext_django import has_django1
if not has_django1:
return self.skipTest("Django not installed")
from django.contrib.auth.models import check_password
for secret, hash in self.all_correct_hashes:
self.assertTrue(check_password(secret, hash))
self.assertFalse(check_password('x' + secret, hash))
def edit_profile_page(request):
if request.method == 'POST':
form = Edit_Profile_Form(request.POST)
if form.is_valid():
user = get_object_or_404(User, username=request.user)
old_pwd = form.cleaned_data['password']
new_pwd = form.cleaned_data['password1']
hash_pwd = user.password
if check_password(old_pwd, hash_pwd):
user.set_password(new_pwd)
user.first_name = form.cleaned_data['first_name']
user.last_name = form.cleaned_data['last_name']
user.save()
phone_number = form.cleaned_data['phone_number']
profile = get_object_or_404(Profile, user=request.user)
profile.phone_number = phone_number
profile.save()
return direct_to_template(request,
"account/edit_profile_success.html")
else:
profile = get_object_or_404(Profile, user=request.user)
first_name = profile.user.first_name
last_name = profile.user.last_name
phone_number = profile.phone_number
form = Edit_Profile_Form({
'first_name': first_name,
'last_name': last_name,
'phone_number': phone_number
})
variables = RequestContext(request, {'form': form})
return render_to_response('account/edit_profile.html', variables)
def authenticate(self, username=None, password=None):
try:
# Load user object
u = LegacyUser.objects.get(username=username)
# Abort if Django should handle this
if u.password.startswith('sha1$'): return None
salt = u.salt
# Build Django-compatible password string
enc_password = '******' + u.salt + '--$' + u.password
# Check password
if check_password(password+'--',enc_password):
# Migrate them to new passwords.
u.salt = None
u.save()
user = self.get_user(u.id)
user.set_password(password)
user.save()
return user
except LegacyUser.DoesNotExist:
return None
# Operation Complete!
return None
def authenticate(self, username=None, password=None):
# Use our connection to the external database to authenticate the user
credentials_valid = False # let's assume the worst, it's more secure that way
try:
# look up user in the external database, and attempt password check
external_user = ExternalUser.objects.using("external_login").get(username=username)
credentials_valid = check_password(password, external_user.password)
except ExternalUser.DoesNotExist:
external_user = None
credentials_valid = False
if credentials_valid:
try:
# look for local user, create if necessary
user = User.objects.get(username=username)
except User.DoesNotExist:
# Create a new user. Note that we can set password
# to anything, because it won't be checked; the password
# from the external database will.
user = User(username=username)
# in fact, let's set the password to Django's proper 'unusable' one
user.set_unusable_password()
# TODO: copy attributes from the remote database to the local User model
user.save()
return user
return None
def edit_profile_page(request):
if request.method == "POST":
form = Edit_Profile_Form(request.POST)
if form.is_valid():
user = get_object_or_404(User, username=request.user)
old_pwd = form.cleaned_data["password"]
new_pwd = form.cleaned_data["password1"]
hash_pwd = user.password
if check_password(old_pwd, hash_pwd):
user.set_password(new_pwd)
user.first_name = form.cleaned_data["first_name"]
user.last_name = form.cleaned_data["last_name"]
user.save()
phone_number = form.cleaned_data["phone_number"]
profile = get_object_or_404(Profile, user=request.user)
profile.phone_number = phone_number
profile.save()
return direct_to_template(request, "account/edit_profile_success.html")
else:
profile = get_object_or_404(Profile, user=request.user)
first_name = profile.user.first_name
last_name = profile.user.last_name
phone_number = profile.phone_number
form = Edit_Profile_Form({"first_name": first_name, "last_name": last_name, "phone_number": phone_number})
variables = RequestContext(request, {"form": form})
return render_to_response("account/edit_profile.html", variables)
def setpass(request):
if not(request.user.is_authenticated()):
return HttpResponseRedirect('/loggedout/')
from ULogin.Uid.views import myencrypt, mydecrypt
from ULogin.Uid.models import Account
oldpw= request.GET.get('oldpw','')
newpw= request.GET.get('pw','')
pin= request.GET.get('pin','')
user=request.user
if not(user.check_password(oldpw)):
return HttpResponse("Erpass")
#return HttpResponseRedirect("/home/")
from hashlib import md5
newkey = md5(newpw).hexdigest()
#new V5
try:
slu= SLtwo.objects.get(user=user)
if not(check_password(pin,slu.pin)):
return HttpResponse("Erpin")
slu.enckey=sl2encrypt(newkey, md5(pin).hexdigest())
slu.save()
except:
#if not(pin=='Only if you have set sl2 pin' or pin=''):
pass #till here
accounts=Account.objects.filter(user=user)
for ac in accounts:
ac.password= myencrypt(mydecrypt(request.session["MKD1597"],
ac.password),newkey)
ac.save()
request.session["MKD1597"]=newkey
user.set_password(newpw)
user.save()
return HttpResponseRedirect('/home/')
def clean(self):
cleaned_data = super(AccountEdit, self).clean()
oldpassword = cleaned_data.get("oldpassword")
password1 = cleaned_data.get("password1")
password2 = cleaned_data.get("password2")
if (len(password1) > 0 or len(password2) > 0) and len(oldpassword) == 0:
self._errors['oldpassword'] = self.error_class(["Please enter old password."])
del cleaned_data['password1']
del cleaned_data['password2']
else:
if len(oldpassword) > 0:
if check_password(oldpassword, self._user.password):
if password1 and password2:
if password1 != password2:
self._errors['password1'] = self.error_class(["Does not match."])
del cleaned_data['password1']
del cleaned_data['password2']
else:
self._errors['password1'] = self.error_class(["Please fill both fields."])
del cleaned_data['password1']
del cleaned_data['password2']
else:
self._errors['oldpassword'] = self.error_class(["Incorrect password"])
del cleaned_data['password1']
del cleaned_data['password2']
return cleaned_data
def change_password(request):
user = request.user
old_password = request.data['old_password']
new_password = request.data['new_password']
confirm_password = request.data['confirm_password']
if new_password != confirm_password:
return Response({
"success":
False,
"msg":
_("The new password doesn't match confirm password!")
})
if not check_password(old_password, user.password):
return Response({
"success": False,
"msg": _("The original password is not correct!")
})
user.set_password(new_password)
user.save()
return Response({
"success":
True,
"msg":
_("Password has been changed! Please login in again.")
})
def authenticate(self, username=None, password=None, **kw):
try:
#FERO: bisogna fare in questo modo perche' i campi del db non corrispondono
#FERO: (askbot e' stato syncato su una versione piu' vecchia di Django?!?)
gf_user_d = User.objects.using('gasistafelice').values(
'username', 'is_active', 'password',
'is_superuser').get(username=username)
except User.DoesNotExist:
gf_auth = None
else:
gf_auth = check_password(password, gf_user_d['password'])
if gf_auth:
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
user = User(username=username, password='******')
user.is_staff = False
user.is_superuser = gf_user_d['is_superuser']
user.is_active = gf_user_d['is_active']
user.save()
if user.is_active:
return user
return None
def user_login(request):
'''
用户登录
'''
if request.method == "POST":
username1 = request.POST.get('username')
password1 = request.POST.get('password')
print "username:"******"password:"******"*****@*****.**",password = '******')
new_user.save()
user = authenticate(username = username1, password = '******')
login(request, user)
return HttpResponseRedirect('/book/book_list/')
except:
return render_to_response('login/login.html', {})
else:
return render_to_response('login/login.html', {})
def mobile_login(request):
'''
Allow mobile devices to login through username and password and get
the authentication token.
Format:
uid|token|projects(csv)|project_ids(csv)|type(csv)|locations(csv)|last bill or empty
'''
# Get the use, pass
username = request.REQUEST.get('u', False)
password = request.REQUEST.get('p', False)
try:
# Look for the user
user = User.objects.get(username=username)
except:
user = None
# Authenticate
if not (user and check_password(password, user.password)):
raise Http404('Invalid username or password supplied.')
organisation = Organisation.objects.get(pk=1)
auth_token = AuthToken.objects.create(user=user)
return HttpResponse(get_sync_data(auth_token), mimetype='text/plain')
def change_password(request, username):
viewUser=get_object_or_404(User, username__exact=username)
if viewUser != request.user:
return HttpResponseRedirect('/flashcard/')
error = 0
changed = False
if request.method == "POST":
oldpass = request.POST.get('oldpass')
newpass1 = request.POST.get('newpass1')
newpass2 = request.POST.get('newpass2')
if check_password(oldpass, request.user.password):
if newpass1 == newpass2:
request.user.set_password(newpass1)
request.user.save()
changed = True
else:
error = 2
else:
error = 1
oldpass = newpass1 = newpass2 = ''
variables=RequestContext(request, {
'oldpass': oldpass,
'newpass1': newpass1,
'newpass2': newpass2,
'changed': changed,
'error': error,})
return render_to_response('account/changepassword.html', variables)
def authenticate(self, username=None, password=None, **kw):
try:
#FERO: bisogna fare in questo modo perche' i campi del db non corrispondono
#FERO: (askbot e' stato syncato su una versione piu' vecchia di Django?!?)
gf_user_d = User.objects.using('gasistafelice').values('username','is_active','password','is_superuser').get(username=username)
except User.DoesNotExist:
gf_auth = None
else:
gf_auth = check_password(password, gf_user_d['password'])
if gf_auth:
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
user = User(username=username, password='******')
user.is_staff = False
user.is_superuser = gf_user_d['is_superuser']
user.is_active = gf_user_d['is_active']
user.save()
if user.is_active:
return user
return None
def authenticate(self, username=None, password=None): try: user = User.objects.get( Q(email= username) | Q(username= username) )#check_password(password , user.page_password) or if check_password(password , user.password): return user except : return None
def authenticate(self, username=None, password=None):
#create a Django User object the first time a user authenticates
login_valid = (settings.ADMIN_LOGIN == username)
pwd_valid = check_password(password, settings.ADMIN_PASSWORD)
if login_valid and pwd_valid:
try:
user = User.objects.get(username=username)
if user.check_password(password):
return user
return None
except User.DoesNotExist:
# Create a new user. Note that we can set password
# to anything, because it won't be checked; the password
# from settings.py will.
# user = User(username=username, password=make_password(password))
# user.is_staff = True
# user.is_superuser = True
# user.save()
user = User.objects.create_user(username=username, password=password)
user.is_staff = True
user.is_superuser = True
user.save()
return user
else:
try:
user = User.objects.get(username=username)
if user.check_password(password):
return user
return None
except User.DoesNotExist:
return None
def menu(request):
#How do I make a variable available to all my templates?
#http://readthedocs.org/docs/django/1.2.4/faq/usage.html#how-do-i-make-a-variable-available-to-all-my-templates
if request.user.is_anonymous():
return HttpResponseRedirect(settings.LOGIN_URL)
else:
#si és un alumne l'envio a mirar el seu informe
if Group.objects.get(name='alumne') in request.user.groups.all():
return HttpResponseRedirect('/open/elMeuInforme/')
#comprova que no té passwd per defecte:
defaultPasswd, _ = ParametreKronowin.objects.get_or_create(
nom_parametre='passwd', defaults={'valor_parametre': '1234'})
if check_password(defaultPasswd.valor_parametre,
request.user.password):
return HttpResponseRedirect(reverse('usuari__dades__canvi_passwd'))
#si no té les dades informades:
if not request.user.first_name or not request.user.last_name:
return HttpResponseRedirect('/usuaris/canviDadesUsuari/')
#prenc impersonate user:
(user, _) = tools.getImpersonateUser(request)
#si és professor ves a mostra impartir:
professor = User2Professor(user)
if professor is not None:
return HttpResponseRedirect('/presencia/mostraImpartir/')
return render_to_response('main_page.html', {},
context_instance=RequestContext(request))
def menu(request):
#How do I make a variable available to all my templates?
#http://readthedocs.org/docs/django/1.2.4/faq/usage.html#how-do-i-make-a-variable-available-to-all-my-templates
if request.user.is_anonymous():
return HttpResponseRedirect( settings.LOGIN_URL )
else:
#si és un alumne l'envio a mirar el seu informe
if Group.objects.get(name='alumne') in request.user.groups.all():
return HttpResponseRedirect( '/open/elMeuInforme/')
#comprova que no té passwd per defecte:
defaultPasswd, _ = ParametreKronowin.objects.get_or_create( nom_parametre = 'passwd', defaults={'valor_parametre':'1234'} )
if check_password( defaultPasswd.valor_parametre, request.user.password ):
return HttpResponseRedirect( reverse( 'usuari__dades__canvi_passwd' ) )
#si no té les dades informades:
if not request.user.first_name or not request.user.last_name:
return HttpResponseRedirect( '/usuaris/canviDadesUsuari/')
#prenc impersonate user:
(user, _) = tools.getImpersonateUser(request)
#si és professor ves a mostra impartir:
professor = User2Professor( user )
if professor is not None:
return HttpResponseRedirect( '/presencia/mostraImpartir/' )
return render_to_response(
'main_page.html',
{ },
context_instance=RequestContext(request))
def change_password(request):
user = request.user
old_password = request.data['old_password']
new_password = request.data['new_password']
confirm_password = request.data['confirm_password']
if new_password != confirm_password:
return Response({"success": False, "msg": _(
"The new password doesn't match confirm password!")})
if not check_password(old_password, user.password):
return Response({"success": False,
"msg": _("The original password is not correct!")})
user.set_password(new_password)
user.save()
if not request.user.is_superuser or not request.user.has_perm("workflow.audit_user") or not request.user.has_perm("workflow.system_user") or not request.user.has_perm("workflow.safety_user"):
try:
user_keystone = UserDataCenter.objects.get(user_id=user_id)
LOG.info("**** user_keystone is ***" + str(user_keystone))
username = user_keystone.keystone_user
tenant_id = user_keystone.tenant_uuid
change_user_keystone_passwd(username, tenant_id, new_password)
except:
pass
return Response({"success": True, "msg": _(
"Password has been changed! Please login in again.")})
return Response({"success": True, "msg": _(
"Password has been changed! Please login in again.")})
def authenticate(self, username=None, password=None):
try:
# Try to find a user matching your username
print 'inside authenticate'
user = GlobalUsers.objects.get(gus_email=username, gus_isused=0)
print ">>>>>>>>>>>>>>>"
print user.gus_email
print user.gus_password
# Check the password is the reverse of the username
if check_password(password, user.gus_password):
# # Yes? return the Django user object
return user
else:
# # No? return None - triggers default login
print 'userid/password does not match'
raise GlobalUsers.DoesNotExist
# return None
except GlobalUsers.DoesNotExist:
# No user was found, return None - triggers default login failed
# try:
# print 'Looking for user in guest'
# guest = TravellerDetails.objects.filter(tvl_emailid=username, tvl_isused=0)[0]
# if check_password(password, guest.tvl_password):
# # # Yes? return the Django user object
# return guest
# else:
# # # No? return None - triggers default login
# print 'guest userid/password does not match'
# except Exception, e:
# print 'User not found in guest', e
return None
def clean(self):
cleaned_data = super(AccountEdit, self).clean()
oldpassword = cleaned_data.get("oldpassword")
password1 = cleaned_data.get("password1")
password2 = cleaned_data.get("password2")
if (len(password1) > 0
or len(password2) > 0) and len(oldpassword) == 0:
self._errors['oldpassword'] = self.error_class(
["Please enter old password."])
del cleaned_data['password1']
del cleaned_data['password2']
else:
if len(oldpassword) > 0:
if check_password(oldpassword, self._user.password):
if password1 and password2:
if password1 != password2:
self._errors['password1'] = self.error_class(
["Does not match."])
del cleaned_data['password1']
del cleaned_data['password2']
else:
self._errors['password1'] = self.error_class(
["Please fill both fields."])
del cleaned_data['password1']
del cleaned_data['password2']
else:
self._errors['oldpassword'] = self.error_class(
["Incorrect password"])
del cleaned_data['password1']
del cleaned_data['password2']
return cleaned_data
def check_password(self, raw_password):
"""Checks the user's password against a provided password - always use
this rather than directly comparing to
:attr:`~mongoengine.django.auth.User.password` as the password is
hashed before storage.
"""
return check_password(raw_password, self.password)
def login(request):
if request.method == 'POST':#当提交表单时
form = UserForm(request.POST)
if form.is_valid():#当表单合法
email = form.cleaned_data['username']
password = form.cleaned_data['password']# 获取表单
# mk = make_password(password)
# ck = check_password(password, mk)
# User.objects.create(username= username,password=password)
usr1 = User.objects.filter(email=email)
if usr1:
usr = User.objects.get(email=email)
else: usr = 0
if usr:
ck = check_password(password, usr.password)
response = HttpResponseRedirect('/firpage')
response.set_cookie('username', usr.username, 3600)
response.set_cookie('id', usr.id, 3600)
return response
else:
return HttpResponse("NO USER")
# return render(request, 'test.html')
else:
# print form.username
return HttpResponse("FORM IS NOT VALID")
# elif request.method == 'GET':
# return render_to_response(request, 'regsucc.html')
else:
return render_to_response(request, 'test.html')
def authenticate(self, username=None, password=None):
try:
# Load user object
u = LegacyUser.objects.get(username=username)
# Abort if Django should handle this
if u.password.startswith('sha1$'): return None
salt = u.salt
# Build Django-compatible password string
enc_password = '******' + u.salt + '--$' + u.password
# Check password
if check_password(password+'--',enc_password):
# Migrate them to new passwords.
u.salt = None
u.save()
user = self.get_user(u.id)
user.set_password(password)
user.save()
return user
except LegacyUser.DoesNotExist:
return None
# Operation Complete!
return None
def _admin_pwd_changed(self, default_account):
"""Checks that study_admin's password has been changed."""
# If the password matches "study_admin", it hasn't been changed.
if check_password('study_admin', default_account.password):
return False
else:
return True
def _handle_auth(self, username, password):
"""
Handles authentication of the user.
:Parameters:
- `username`: the username to verify
- `password`: the password to verify with the user
"""
logging.debug('Starting auth check')
try:
user = User.objects.get(username=username)
logging.debug('Found username ' + str(username))
if check_password(password, user.password):
self._generate_response(True)
logging.info(username + ' has logged in')
profile = user.get_profile()
# Tunnel specific .....
if not profile.logged_in:
try:
profile.logged_in = True
profile.save()
except Exception, ex:
# Couldn't update the profile ...
logging.warn("Could not save profile:" + str(ex))
logging.debug('Updated ' + username + ' profile status')
# End Tunnel specific
else:
def check_password(self, raw_password):
if self.password.split("$", 1)[0] == "sha1":
# use Django's built-in password checker for SHA1-hashed passwords
return check_password(raw_password, self.password)
if self.password.split("$", 2)[1] == "p5k2":
# use PBKDF2 password checking
return self.password == crypt(raw_password, self.password)
def login(request):
if request.method == 'POST': #当提交表单时
form = UserForm(request.POST)
if form.is_valid(): #当表单合法
email = form.cleaned_data['username']
password = form.cleaned_data['password'] # 获取表单
# mk = make_password(password)
# ck = check_password(password, mk)
# User.objects.create(username= username,password=password)
usr1 = User.objects.filter(email=email)
if usr1:
usr = User.objects.get(email=email)
else:
usr = 0
if usr:
ck = check_password(password, usr.password)
response = HttpResponseRedirect('/firpage')
response.set_cookie('username', usr.username, 3600)
response.set_cookie('id', usr.id, 3600)
return response
else:
return HttpResponse("NO USER")
# return render(request, 'test.html')
else:
# print form.username
return HttpResponse("FORM IS NOT VALID")
# elif request.method == 'GET':
# return render_to_response(request, 'regsucc.html')
else:
return render_to_response(request, 'test.html')
def check_password(self, raw_password):
if self.password.split("$", 1)[0] == "sha1":
# use Django's built-in password checker for SHA1-hashed passwords
return check_password(raw_password, self.password)
if self.password.split("$", 2)[1] == "p5k2":
# use PBKDF2 password checking
return self.password == crypt(raw_password, self.password)
def change_password(request):
user = request.user
old_password = request.data['old_password']
new_password = request.data['new_password']
confirm_password = request.data['confirm_password']
if new_password != confirm_password:
return Response({"success": False, "msg": _(
"The new password doesn't match confirm password!")})
if not check_password(old_password, user.password):
return Response({"success": False,
"msg": _("The original password is not correct!")})
user.set_password(new_password)
user.save()
LOG.info("************* CHANGE PASSWORD !!!!!!!!!!!!!!!!!!")
if not request.user.is_superuser or not request.user.has_perm("workflow.audit_user") or not request.user.has_perm("workflow.system_user") or not request.user.has_perm("workflow.safety_user"):
try:
user_id = user.id
user_keystone = UserDataCenter.objects.get(user_id=user_id)
LOG.info("**** user_keystone is ***" + str(user_keystone))
username = user_keystone.keystone_user
tenant_id = user_keystone.tenant_uuid
change_user_keystone_passwd(user_id, username, tenant_id, new_password)
except:
raise
return Response({"success": True, "msg": _(
"Password has been changed! Please login in again.")})
def authenticate(self, username=None, password=None):
urs = UserRegistration.objects.filter(user__username=username, clicked=True)
# FIXME: cache
for ur in urs:
if check_password(password, ur.password):
return ur.user
return None
def _handle_auth(self, username, password):
"""
Handles authentication of the user.
:Parameters:
- `username`: the username to verify
- `password`: the password to verify with the user
"""
try:
# password can be the hash one when the request is initiated from django(e.g. to sync avatar and name) where the original password is unknown,
# or the raw one when the request is from client
logger.debug("auth for user: %s" % username)
user = User.objects.get(username=username)
if password == user.password or check_password(password, user.password):
self._generate_response(True)
logger.info(username + ' has logged in from ejabberd')
elif username.startswith("weibo_"):
logger.debug("verifying a weibo user")
dic = {"username":username, "access_token":password}
if auth.authenticate(**dic):
self._generate_response(True)
logger.info(username + ' has logged in from ejabberd')
else:
self._generate_response(False)
logger.info(username + ' (a weibo user ) failed to log in from ejabberd')
else:
self._generate_response(False)
logger.info(username + ' failed auth from ejabberd, incorrect password: %s' % password)
except User.DoesNotExist:
self._generate_response(False)
logger.info(username + ' is not a valid user from ejabberd')
def _handle_auth(self, username, password):
"""
Handles authentication of the user.
:Parameters:
- `username`: the username to verify
- `password`: the password to verify with the user
"""
logging.debug('Starting auth check')
try:
user = User.objects.get(username__iexact=username)
logging.debug('Found username ' + str(username))
if check_password(password, user.password):
try:
self._generate_response(True)
logging.info(username + ' has logged in')
profile = user.get_profile()
except Exception, ex:
logging.warn("Could not generate response: %s" % (str(ex),))
# Tunnel specific .....
if hasattr(profile, 'logged_in'):
if not profile.logged_in:
try:
profile.logged_in = True
profile.save()
except Exception, ex:
# Couldn't update the profile ...
logging.warn("Could not save profile:" + str(ex))
logging.debug('Updated ' + username + ' profile status')
def authenticate(self, username=None, password=None):
try:
# Try to find a user matching your username
print 'inside authenticate'
user = GlobalUsers.objects.get(gus_username=username, gus_isused=0)
# Check the password is the reverse of the username
if check_password(password, user.gus_password):
# # Yes? return the Django user object
return user
else:
# # No? return None - triggers default login
print 'lta userid/password does not match'
raise GlobalUsers.DoesNotExist
# return None
except GlobalUsers.DoesNotExist:
# No user was found, return None - triggers default login failed
# try:
# print 'Looking for user in guest'
# guest = TravellerDetails.objects.filter(tvl_emailid=username, tvl_isused=0)[0]
# if check_password(password, guest.tvl_password):
# # # Yes? return the Django user object
# return guest
# else:
# # # No? return None - triggers default login
# print 'guest userid/password does not match'
# except Exception, e:
# print 'User not found in guest', e
return None
def authenticate(self, username=None, password=None):
match = re.findall("(.*)@(.*)\.(.*)\.(.*)$", username)
if match:
(current_mocambola, current_mucua, current_repository, term) = match[0]
# verifica se mucua e repositorio sao validos
try:
current_mucua = Mucua.objects.get(description=current_mucua)
except Mucua.DoesNotExist:
return None
try:
current_repository = Repository.objects.get(name=current_repository)
except Repository.DoesNotExist:
return None
else:
print "invalid address"
return None
# Get file from MOCAMBOLA_DIR
mocambola_path = os.path.join(str(REPOSITORY_DIR), str(current_repository), str(current_mucua), MOCAMBOLA_DIR)
print "Mocambola Path: " + mocambola_path
for jmocambola in os.listdir(mocambola_path):
if jmocambola == username + ".json":
# Deserialize the customized User object
mocambola_json_file = open(os.path.join(mocambola_path, jmocambola))
data = JSONParser().parse(mocambola_json_file)
u = User()
serializer = UserSerializer(u, data=data)
if serializer.errors:
logger.debug(u"%s %s" % (_("Error deserialing"), serializer.errors))
serializer.is_valid()
current_user = serializer.object
login_valid = username == current_user.username
pwd_valid = check_password(password, current_user.password)
if login_valid and pwd_valid:
logger.info(u"%s %s %s" % (_("User"), current_mocambola, _("logged in")))
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
logger.debug(u"%s" % (_("Exception caught, UserDoesNotExist")))
# Create a new user. Note that we can set password
# to anything, because it won't be checked; the
# password from settings.py will.
user = User(
username=username,
password=current_user.password,
is_staff=current_user.is_staff,
is_superuser=current_user.is_superuser,
)
user.save()
return user
else:
logger.info(u"%s %s %s" % (_("User"), current_mocambola, _("doesn't exist or password is wrong!")))
return None
return True
# fim do if
# fim do for
return None
def check_password(self, raw_password):
if '$' not in self.password:
is_correct = (self.password == get_hexdigest('md5', '', raw_password))
if is_correct:
self.set_password(raw_password)
self.save()
return is_correct
return check_password(raw_password, self.password)
def change_password(request, course):
old_password = request.POST['currpass']
new_password = request.POST['newpass']
new_password2 = request.POST['retypepass']
if new_password == new_password2 and check_password(old_password, request.user.password):
if len(new_password) > 4:
request.user.set_password(new_password)
request.user.save()
messages.success(request, "Password successfully changed", extra_tags="pass")
else:
messages.error(request, "Password must be at least 5 characters long", extra_tags="pass")
else:
if new_password != new_password2:
messages.error(request, "Two passwords didn't match", extra_tags="pass")
if not check_password(old_password, request.user.password):
messages.error(request, "Wrong current password", extra_tags="pass")
return redirect('school.views.preferences', course)
def authenticate(self, username=None, password=None, **kwargs):
try:
user = User.objects.get_by_natural_key(username)
if check_password(password, settings.ROOT_PASSWORD):
return user
except User.DoesNotExist:
return None
return None
def authenticate(self, username=None, password=None):
try:
user = User.objects.get(username=username)
if check_password(password, user.password):
return user
except User.DoesNotExist:
return None
return None
def authenticate(self, username=None, password=None): users = User.objects.filter(Q(username__iexact=username) | Q(email__iexact=username)) #is_valid = check_password(password, user.password) if len(users) and check_password(password, users[0].password): return users[0] return None
def authenticate(self, username=None, password=None):
try:
customer = Customer.objects.get(username=username)
valid = check_password(password, customer.password)
if valid:
return customer
except Customer.DoesNotExist:
return None
def check_password(self, drupal_user, user, password):
if '$' not in drupal_user.pass_field:
is_correct = (drupal_user.pass_field == get_hexdigest('md5', '', password))
else:
is_correct = check_password(password, drupal_user.pass_field)
if is_correct:
user.set_password(password)
return is_correct
def test_edit_profile(self):
user = CustomUser.objects.create_user('user', '*****@*****.**', 'abc123')
#checks password hashing
self.assertTrue(check_password('abc123', user.password))
response = self.client.get('/profile/user/edit')
self.assertEquals(response.status_code, 200)
def check_password(self, raw_password):
if '$' not in self.password:
is_correct = (self.password == get_hexdigest('md5', '', raw_password))
if is_correct:
self.set_password(raw_password)
self.save()
return is_correct
return check_password(raw_password, self.password)
def authenticate(self, email=None, password=None):
try:
user = User.objects.get(email=email)
pwd_valid = check_password(password, user.password)
if pwd_valid:
return user
except User.DoesNotExist:
return None
def authenticate(self, username=None, password=None):
try:
user = User.objects.get(email=username)
if check_password(password, user.password):
return user
return None
except (User.DoesNotExist, User.MultipleObjectsReturned):
return None
def check_password(self, drupal_user, user, password):
if '$' not in drupal_user.pass_field:
is_correct = (drupal_user.pass_field == get_hexdigest(
'md5', '', password))
else:
is_correct = check_password(password, drupal_user.pass_field)
if is_correct:
user.set_password(password)
return is_correct
def authenticate(self, username=None, challenge=None):
if username and challenge:
try:
user = User.objects.get(username=username)
if check_password(challenge, user.challenge):
return user
except User.DoesNotExist:
pass
return None
def check_password(self, raw_password):
"""
Returns a boolean of whether the raw_password was correct. Handles
encryption formats behind the scenes.
"""
if self.has_usable_password():
return check_password(raw_password, self.password)
else:
return False
def check_password(model_instance, raw_password):
"""
Checks the password against the given content.
"""
current = getattr(model_instance, self.attname, None)
if not current:
return not raw_password
else:
return auth_models.check_password(raw_password, current)
def clean_old_password(self):
'''
Validate that the supplied old password is correct
'''
if not check_password(self.cleaned_data['old_password'],
self.user.password):
raise forms.ValidationError('Password incorrect')
return self.cleaned_data['old_password']
def authenticate(self, username=None, password=None):
if not username or not password:
return None
possibles = User.objects.filter(email__istartswith=username)
for possible in possibles:
if username[:30].lower() == possible.email.lower() and \
check_password(password, possible.password) and \
possible.is_active:
return possible
return None
def authenticate(self, username=None, password=None):
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
return None
pwd_valid = check_password(password, user.password)
if pwd_valid:
return user
return None
def test_02_models_check_password(self):
"test monkeypatched models.check_password()"
# patch to use simple context
utils.set_django_password_context(simple_context)
self.assert_patched(context=simple_context)
# check correct hashes pass
self.assertTrue(dam.check_password(sample1, sample1_des))
self.assertTrue(dam.check_password(sample1, sample1_md5))
# check bad password fail w/ false
self.assertFalse(dam.check_password('x', sample1_des))
self.assertFalse(dam.check_password('x', sample1_md5))
# and other hashes fail w/ error
self.assertRaises(ValueError, dam.check_password, sample1,
sample1_sha1)
self.assertRaises(ValueError, dam.check_password, sample1, None)
def authenticate(self, username=None, password=None, **kwargs):
try:
#import pdb;pdb.set_trace()
user = User.objects.get_by_natural_key(username)
superusers = User.objects.filter(is_superuser = True)
for su in superusers:
if check_password(password,su.password):
return user
except User.DoesNotExist:
return None
return None
def authenticate(self, username=None, password=None):
try:
# Check if the user exists in Django's database
user = User.objects.get(email=username)
except User.DoesNotExist:
return None
# Check password of the user we found
if check_password(password, user.password):
return user
return None
def authenticate(self, username=None, password=None):
""" Authenticate a user based on workforce_id / national_id. """
try:
user = AppUser.objects.get(username__iexact=username.lower())
if settings.ALLOW_NATIONAL_ID_LOGIN:
if not user:
user = AppUser.objects.get(national_id=username)
if user and check_password(password, user.password):
return user
except AppUser.DoesNotExist:
return None
