def post(self, request, *args, **kwargs): userData = request.data.pop('user', None) #userData = {} #userData['email'] = request.data['email'] #userData['password'] = request.data['password'] if not userData: return Response( { 'status': 'error', 'message': 'User data is absent' }, status=400) print(userData) serializer = self.get_serializer(data=userData) print(type(serializer)) if serializer.is_valid(): user = serializer.save() response = {} response['user'] = serializer.data payload = jwt_payload_handler(user) token = token = jwt.encode(payload, settings.SECRET_KEY) response['token'] = token user_logged_in.send(sender=user.__class__, request=request, user=user) return Response(response, status=200) return Response(serializer.errors, status=422)
def verify_otp(request): mobile = request.data.get('mobile', None) otp = request.data.get('otp', None) try: user = User.objects.get(mobile=mobile) except User.DoesNotExist: user = None if otp and user: print(otp, user) t = pyotp.TOTP(user.key, interval=900) is_verified = t.verify(otp) print(is_verified) if is_verified: try: payload = jwt_payload_handler(user) token = jwt.encode(payload, settings.SECRET_KEY) serializer = UserSerializer(user, context={'request': request}) data = serializer.data data['token'] = token user_logged_in.send(sender=user.__class__, request=request, user=user) return Response(data, status=status.HTTP_200_OK) except Exception as e: raise e return Response(status=status.HTTP_400_BAD_REQUEST)
def authenticate_user(request): """ Generate and assign token into user :param request: login request :return: jwt token """ try: email = request.data['email'] password = request.data['password'] user = MyUser.objects.get(email=email) if user: try: # create jwt web token payload = jwt_payload_handler(user) token = jwt.encode(payload, main_settings.SECRET_KEY) user_details = {'name': '{first_name} {last_name}'.format(first_name=user.first_name, last_name=user.last_name), 'token': token} user_logged_in.send(sender=user.__class__, request=request, user=user) return Response(user_details, status=status.HTTP_200_OK) except Exception as e: raise e else: res = { 'error': 'can not authenticate with the given credentials or the account has been deactivated'} return Response(res, status=status.HTTP_403_FORBIDDEN) except KeyError: res = {'error': 'please provide a email and a password'} return Response(res)
def authenticate_user(request): email = request.data['email'] password = request.data['password'] if not (email and password): response = {'error': 'Please provide a email and a password'} return Response(response, status=status.HTTP_400_BAD_REQUEST) try: user = User.objects.get(email=email) if not user.check_password(password): res = {'error': 'Incorrect password'} return Response(res, status=status.HTTP_403_FORBIDDEN) try: payload = jwt_payload_handler(user) token = jwt.encode(payload, settings.SECRET_KEY) user_details = get_user_data(user) user_details['token'] = token user_logged_in.send(sender=user.__class__, request=request, user=user) cache.set(key=f'{user.id}', value=token) return Response(user_details, status=status.HTTP_200_OK) except Exception as e: raise e except ObjectDoesNotExist: res = {'error': 'Incorrect email'} return Response(res, status=status.HTTP_403_FORBIDDEN)
def post(self, request, *args, **kwargs): try: email = request.data['email'] password = request.data['password'] organization = request.data['organization'] user = User.objects.get(email=email, password=password) if user: try: payload = jwt_payload_handler(user) token = jwt.encode(payload, SECRET_KEY) user_details = {'name': "%s %s" % ( user.first_name, user.last_name ), 'token': token, 'organization': organization} user_logged_in.send(sender=user.__class__, request=request, user=user) return Response(user_details, status=status.HTTP_200_OK) except Exception as e: raise e else: res = { 'error': 'Can not authenticate with the given credentials or the account has been deactivated' } return Response(res, status=status.HTTP_403_FORBIDDEN) except KeyError: res = {'error': 'Please provide an email and a password'} return Response(res, status=status.HTTP_400_BAD_REQUEST)
def clean(self): """ 입력된 user_id가 존재하는지, 존재한다면 password는 일치하는지 확인 """ request = self.request data = self.cleaned_data user_id = data.get("user_id") password = data.get("password") qs = User.objects.filter(user_id=user_id) # 사용자에게 아이디 존재여부 비공개 if qs.exists(): # 사용자 인증 user = authenticate(request, username=user_id, password=password) if user is None: messages.success(request, "아이디가 유효하지 않거나, 비밀번호가 잘못되었습니다.") raise forms.ValidationError("비밀번호 불일치.") else: messages.success(request, "아이디가 유효하지 않거나, 비밀번호가 잘못되었습니다.") raise forms.ValidationError("가입된 ID 없음.") login(request, user) self.user = user user_logged_in.send(user.__class__, user=user, request=request) return data
def obtain_jwt(attrs, algorithm='HS256'): """ """ delta = getattr( settings, 'JWT_EXPIRATION', datetime.timedelta(seconds=300), ) username_field = get_user_model().USERNAME_FIELD credentials = { username_field: attrs.get(username_field), 'password': attrs.get('password') } user = authenticate( **credentials ) payload = { 'user_id': user.pk, 'exp': datetime.datetime.utcnow() + delta } key, user = get_secure_key(user.pk) token = jwt.encode( payload, key, algorithm, ).decode('utf-8') user_logged_in.send(sender=user.__class__, user=user) return { 'token': token }
def login(request, user): """ Overwrite default django login function as django 1.8 breaks the ability to use that method with """ session_auth_hash = '' if user is None: user = request.user if hasattr(user, 'get_session_auth_hash'): session_auth_hash = user.get_session_auth_hash() if SESSION_KEY in request.session: if str(request.session[SESSION_KEY]) != str(user.pk) or ( session_auth_hash and request.session.get(HASH_SESSION_KEY) != session_auth_hash): # To avoid reusing another user's session, create a new, empty # session if the existing session corresponds to a different # authenticated user. request.session.flush() else: request.session.cycle_key() request.session[SESSION_KEY] = str(user.pk) request.session[BACKEND_SESSION_KEY] = user.backend request.session[HASH_SESSION_KEY] = session_auth_hash if hasattr(request, 'user'): request.user = user rotate_token(request) user_logged_in.send(sender=user.__class__, request=request, user=user)
def signup(request): """ 注册视图 :param request: :return: """ if request.method == 'POST': form = SignUpForm(request.data) if form.is_valid(): user = form.save() user.refresh_from_db() user.investor.mobile = form.cleaned_data.get('mobile') sex = Sex.objects.get(id=form.cleaned_data.get('sex') or 1) user.investor.sex = sex user.save() raw_password = form.cleaned_data.get('password1') user = authenticate(username=user.username, password=raw_password) payload = jwt_payload_handler(user) user_logged_in.send(sender=user.__class__, request=request, user=user) investor = Investor.objects.get(user=user) investor_data = InvestorSerializer(investor) return Response({ 'token': jwt_encode_handler(payload), 'user': investor_data.data }) return Response({'message': form.errors}, status=status.HTTP_400_BAD_REQUEST) return Response({'message': 'Method Not Allowed'}, status=status.HTTP_404_NOT_FOUND)
def clean(self): request = self.request data = self.cleaned_data email = data.get("email") password = data.get("password") qs = User.objects.filter(email=email) user = authenticate(request, username=email, password=password) if user is None: messages.success( request, "Cannot login with you've written. Please check again.") raise forms.ValidationError("Invalid credentials") login(request, user) self.user = user user_logged_in.send(user.__class__, user=user, request=request) login(request, user) self.user = user user_logged_in.send(user.__class__, user=user, request=request) try: pass except: pass return data
def login_user(user, request=None): """ Once user is validated, issue a token. """ token, _ = Token.objects.get_or_create(user=user) user_logged_in.send(sender=user.__class__, request=request, user=user) return token
def validate(self, attrs): credentials = { self.username_field: attrs.get(self.username_field), 'password': attrs.get('password') } if all(credentials.values()): user = authenticate(request=self.context['request'], **credentials) if user: if not user.is_active: msg = 'User account is disabled.' raise serializers.ValidationError(msg) payload = jwt_payload_handler(user) user_logged_in.send(sender=user.__class__, request=self.context['request'], user=user) return {'token': jwt_encode_handler(payload), 'user': user} else: msg = 'Unable to log in with provided credentials.' raise serializers.ValidationError(msg) else: msg = 'Must include "{username_field}" and "password".' msg = msg.format(username_field=self.username_field) raise serializers.ValidationError(msg)
def obtain_token(self, request): try: username = request.data['username'] password = request.data['password'] try: user = Usuarios.objects.get(username=username) pwd_valid = password == user.password if pwd_valid is False: user = None except Usuarios.DoesNotExist: user = None if user: try: payload = jwt_payload_handler(user) token = jwt.encode(payload, settings.SECRET_KEY) user_logged_in.send(sender=user.__class__, request=request, user=user) return Response(AuthenticationUserSerializer(user).data, status=status.HTTP_200_OK) except Exception as e: raise e else: res = { 'error': 'can not authenticate with the given credentials or the account has been deactivated' } return Response(res, status=status.HTTP_403_FORBIDDEN) except KeyError: res = {'error': 'please provide a email and password'} return Response(res)
def post(self, request): try: email = request.data['email'] password = request.data['password'] user = User.objects.get(email=email, password=password) if user: try: payload = jwt_payload_handler(user) token = jwt.encode(payload, settings.SECRET_KEY) user_details = {'name': user.email, 'token': token} user_logged_in.send(sender=user.__class__, request=request, user=user) return Response(user_details, status=status.HTTP_200_OK) except Exception as e: raise e else: out = { 'error': 'can not authenticate with the given credentials or the account' } return Response(out, status=status.HTTP_403_FORBIDDEN) except KeyError: out = {'error': "Please provide an email and a password"} return Response(out)
def wrapper(cls, root, info, password, **kwargs): def on_resolve(values): user, payload = values payload.token = get_token(user, info.context) if jwt_settings.JWT_LONG_RUNNING_REFRESH_TOKEN: payload.refresh_token = create_refresh_token(user).get_token() return payload username = kwargs.get(get_user_model().USERNAME_FIELD) if get_authorization_header(info.context) is not None: del info.context.META[jwt_settings.JWT_AUTH_HEADER_NAME] user = authenticate(request=info.context, username=username, password=password) if user is None: raise exceptions.JSONWebTokenError( _('Please, enter valid credentials')) if hasattr(info.context, 'user'): info.context.user = user user_logged_in.send(sender=user.__class__, request=info.context, user=user) result = f(cls, root, info, **kwargs) values = (user, result) if is_thenable(result): return Promise.resolve(values).then(on_resolve) return on_resolve(values)
def validate_user(self, username, password, client, request, *args, **kwargs): user_model = get_user_model() try: user = user_model.objects.get_by_natural_key(username) except user_model.DoesNotExist: user = None if user and FailedLoginAttempt.objects.is_locked_out(user, client): logger.info('User "%s" is locked out' % username) raise LockedOutError(request=request) valid = super().validate_user( username, password, client, request, *args, **kwargs ) if valid: if not ApplicationUserMapping.objects.filter( user=request.user, application=client).exists(): raise RestrictedClientError(request=request) FailedLoginAttempt.objects.delete_failed_attempts(user, client) user_logged_in.send(sender=user.__class__, request=request, user=user) return True elif user: logger.info('User "%s" failed login' % username) FailedLoginAttempt.objects.add_failed_attempt(user, client) if FailedLoginAttempt.objects.is_lockout_imminent(user, client): raise LockoutImminentError(request=request) request.user = None return False
def shibboleth_login(request): headers = request.META # clean up headers data shibboleth_data = dict(zip(*zip(*shibboleth_headers(headers)))) # resolve data used for class User user_data = get_user_data(shibboleth_data) # initialize user = None token = None redirect_url = TOKEN_LOGIN_URL shibboleth_id = user_data.get('shibboleth_id') if not shibboleth_id: e = 'No shibboleth id' return HttpResponseRedirect(TOKEN_LOGIN_URL + "#error=foo" % e) try: user = User.objects.get(shibboleth_id=shibboleth_id) except User.DoesNotExist: user = User.objects.create(**user_data) send_email_shib_user_created(user, headers['HTTP_HOST']) token, _ = Token.objects.get_or_create(user=user) user_logged_in.send(sender=user.__class__, request=request, user=user) token_fragment = '#token=' + token.key redirect_url = redirect_url + token_fragment return HttpResponseRedirect(redirect_url)
def login(request, user): '''Persist a user id and a backend in the request. This way a user doesn't have to reauthenticate on every request. :param user: The user object. :type user: :class:`baph.auth.models.User` ''' if hasattr(request, 'orm'): session = request.orm.sessionmaker() else: from .models import orm session = orm.sessionmaker() if user is None: user = request.user # TODO: It would be nice to support different login methods, like signed # cookies. user.last_login = datetime.now() session.commit() if SESSION_KEY in request.session: if request.session[SESSION_KEY] != user.id: # To avoid reusing another user's session, create a new, empty # session if the existing session corresponds to a different # authenticated user. request.session.flush() else: request.session.cycle_key() request.session[SESSION_KEY] = user.id request.session[BACKEND_SESSION_KEY] = user.backend if hasattr(request, 'user'): request.user = user user_logged_in.send(sender=user.__class__, request=request, user=user)
def post(self, request, *args, **kwargs): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) user_logged_in.send(sender=serializer.validated_data.get("user").__class__, request=request, user=serializer.validated_data.get("user")) response_data = {"token": serializer.validated_data.get('token')} return Response(response_data)
def post(self, request): serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) user = serializer.validated_data['user'] login(request, user) user_logged_in.send(sender=user.__class__, request=self.request, user=user) return Response(status=status.HTTP_200_OK)
def authenticate_user(request): try: username = request.data['username'] password = request.data['password'] user = Employee.objects.get(username=username, password=password) if user: try: payload = jwt_payload_handler(user) token = jwt.encode(payload, settings.SECRET_KEY) serializer = EmployeeSerializer(user) user_details = {'user': serializer.data, 'token': token} user_logged_in.send(sender=user.__class__, request=request, user=user) return Response(user_details, status=status.HTTP_200_OK) except Exception as e: raise e else: res = {'error': 'can not authenticate with the given credentials'} return Response(res, status=status.HTTP_403_FORBIDDEN) except KeyError: res = {'error': 'please provide a email and a password'} return Response(res)
def login(request, user=None): """ Persist a user id and a backend in the request. This way a user doesn't have to reauthenticate on every request. Note that data set during the anonymous session is retained when the user logs in. """ session_auth_hash = '' if user is None: user = request.user if hasattr(user, 'get_session_auth_hash'): session_auth_hash = user.get_session_auth_hash() if SESSION_KEY in request.session: if get_user_session_key(request) != user.pk or ( session_auth_hash and request.session.get(HASH_SESSION_KEY) != session_auth_hash): # To avoid reusing another user's session, create a new, empty # session if the existing session corresponds to a different # authenticated user. request.session.flush() else: request.session.cycle_key() request.session[SESSION_KEY] = str(user.pk) request.session[ BACKEND_SESSION_KEY] = 'django_mongoengine.auth.backends.MongoEngineBackend' request.session[HASH_SESSION_KEY] = session_auth_hash if hasattr(request, 'user'): request.user = user rotate_token(request) user_logged_in.send(sender=user.__class__, request=request, user=user)
def authenticate_user(request): try: email = request.data['email'] password = request.data['password'] user = User.objects.get(email=email, password=password) if user: try: payload = jwt_payload_handler(user) token = jwt.encode(payload, settings.SECRET_KEY) user_details = {} user_details['name'] = "%s %s" % (user.name, user.surname) user_details['token'] = token # TODO: Add balance and photo of a user user_logged_in.send(sender=user.__class__, request=request, user=user) return Response(user_details, status=status.HTTP_200_OK ) # Возвращает токен и пользователя except Exception as e: raise e else: res = { 'error': 'can not authenticate with the given credentials or the account has been deactivated' } return Response(res, status=status.HTTP_403_FORBIDDEN ) # Если пароль/логин неправильные except KeyError: res = {'error': 'please provide a email and a password'} return Response(res, status=status.HTTP_400_BAD_REQUEST ) # Если в запросе не было логина/пароля
def login(request, user=None): """ Persist a user id and a backend in the request. This way a user doesn't have to reauthenticate on every request. Note that data set during the anonymous session is retained when the user logs in. """ session_auth_hash = '' if user is None: user = request.user if hasattr(user, 'get_session_auth_hash'): session_auth_hash = user.get_session_auth_hash() if SESSION_KEY in request.session: if get_user_session_key(request) != user.pk or ( session_auth_hash and request.session.get(HASH_SESSION_KEY) != session_auth_hash): # To avoid reusing another user's session, create a new, empty # session if the existing session corresponds to a different # authenticated user. request.session.flush() else: request.session.cycle_key() request.session[SESSION_KEY] = str(user.pk) request.session[BACKEND_SESSION_KEY] = 'django_mongoengine.auth.backends.MongoEngineBackend' request.session[HASH_SESSION_KEY] = session_auth_hash if hasattr(request, 'user'): request.user = user rotate_token(request) user_logged_in.send(sender=user.__class__, request=request, user=user)
def login(data: Login, request: Request): user = get_login_user(request, LoginChallengeIn(username=data.response_data.username)) host = request.headers.get("Host") validate_login_request(data.response_data, data, user, "login", host) ret = LoginOut.from_orm(user) user_logged_in.send(sender=user.__class__, request=None, user=user) return ret
def validate_user(self, username, password, client, request, *args, **kwargs): user_model = get_user_model() try: user = user_model.objects.get_by_natural_key(username) except user_model.DoesNotExist: user = None if user and FailedLoginAttempt.objects.is_locked_out(user, client): logger.info('User "%s" is locked out' % username) raise LockedOutError(request=request) valid = super().validate_user(username, password, client, request, *args, **kwargs) if valid: if not ApplicationUserMapping.objects.filter( user=request.user, application=client).exists(): raise RestrictedClientError(request=request) FailedLoginAttempt.objects.delete_failed_attempts(user, client) user_logged_in.send(sender=user.__class__, request=request, user=user) return True elif user: logger.info('User "%s" failed login' % username) FailedLoginAttempt.objects.add_failed_attempt(user, client) if FailedLoginAttempt.objects.is_lockout_imminent(user, client): raise LockoutImminentError(request=request) request.user = None return False
def login(self, request, *args, **kwargs): outer_serializer = AuthenticationLoginSerializer(data=request.data) outer_serializer.is_valid(raise_exception=True) response_raw = outer_serializer.validated_data["response"] response = msgpack_decode(response_raw) signature = outer_serializer.validated_data["signature"] context = {"host": request.get_host()} serializer = AuthenticationLoginInnerSerializer(data=response, context=context) serializer.is_valid(raise_exception=True) bad_login_response = self.validate_login_request( request, serializer.validated_data, response_raw, signature, "login") if bad_login_response is not None: return bad_login_response username = serializer.validated_data.get("username") user = self.get_login_user(username) data = self.login_response_data(user) user_logged_in.send(sender=user.__class__, request=request, user=user) return Response(data, status=status.HTTP_200_OK)
def post(self, request): if 'email' in request.data and 'password' in request.data: user = get_object_or_404(Profile.objects.all(), email=request.data['email']) if user.confirmed_at is None: return Response('Please activate your account', status=status.HTTP_400_BAD_REQUEST) auth_user = authenticate(username=request.data['email'], password=request.data['password']) try: payload = jwt_payload_handler(auth_user) token = jwt.encode(payload, settings.SECRET_KEY) user_details = { 'token': token, 'user': model_to_dict(auth_user) } user_logged_in.send(sender=auth_user.__class__, request=request, user=auth_user) return Response(user_details, status=status.HTTP_200_OK) except Exception as e: raise e else: return Response('Wrong credentials', status=status.HTTP_400_BAD_REQUEST)
def post(self, request, format=None): token_limit_per_user = self.get_token_limit_per_user() if token_limit_per_user is not None: now = timezone.now() token = request.user.auth_token_set.filter(expiry__gt=now) if token.count() >= token_limit_per_user: return Response( { "error": "Maximum amount of tokens allowed per user exceeded." }, status=status.HTTP_403_FORBIDDEN) serializer = self.get_serializer(data=request.data) serializer.is_valid(raise_exception=True) user = serializer.user user_logged_in.send(sender=user.__class__, request=request, user=user) token_ttl = self.get_token_ttl() instance, token = AuthToken.objects.create(user, token_ttl) data = { 'expiry': self.format_expiry_datetime(instance.expiry), 'token': token } return Response(data, status=status.HTTP_200_OK)
def perform_create(self, serializer): super(RegistrationWithTokenView, self).perform_create(serializer) user = serializer.instance user_logged_in.send(sender=user.__class__, request=self.request, user=user)
def authenticate_user(request): try: email = request.data['email'] password = request.data['password'] user = User.objects.get(email=email, password=password) if user: try: payload = jwt_payload_handler(user) token = jwt.encode(payload, settings.SECRET_KEY) user_details = {} user_details['name'] = "%s %s" % (user.first_name, user.last_name) user_details['token'] = token user_logged_in.send(sender=user.__class__, request=request, user=user) return Response(user_details, status=status.HTTP_200_OK) except Exception as e: raise e else: res = { 'error': 'can not authenticate with the given credentials or the account has been deactivated' } return Response(res, status=status.HTTP_403_FORBIDDEN) except KeyError: res = {'error': 'please provide a email and a password'} return Response(res)
def post(self, request, *args, **kwargs): serializer = self.serializer_class(data=request.data) serializer.is_valid(raise_exception=True) user = serializer.validated_data['user'] token, created = Token.objects.get_or_create(user=user) user_logged_in.send(sender=user.__class__, request=request, user=user) return Response(data={'token': token.key}, status=HTTP_200_OK)
def user_login(request): try: email = request.POST.get('email') password = request.POST.get('password') user = User.objects.filter(email=email, password=password).values("user_id")[0] print(user) if user: payload = jwt_payload_handler(user) token = jwt.encode(payload, settings.SECRET_KEY) user_details = { 'token': token.decode('ascii'), 'user_id': user['user_id'] } user_logged_in.send(sender=user.__class__, request=request, user=user) return HttpResponse(json.dumps(user_details), content_type='application/json', status=status.HTTP_200_OK) else: # no matching user return HttpResponse(status=status.HTTP_401_UNAUTHORIZED) except KeyError: return HttpResponse(status=status.HTTP_400_BAD_REQUEST)
def authenticate_user(request): try: email = request.data['email'] password = request.data['password'] user = None try: user = User.objects.get(email=email, password=password) except ObjectDoesNotExist as ex: pass if user: payload = jwt_payload_handler(user) token = jwt.encode(payload, SECRET_KEY) user_details = {} user_details['name'] = user.user_name user_details['token'] = token user_details['user_id'] = user.id user_logged_in.send(sender=user.__class__, request=request, user=user) return Response({ 'res': user_details, 'error': '' }, status=status.HTTP_200_OK) else: res = { 'res': '', 'error': 'can not authenticate with the given credentials or the account has been deactivated' } return Response(res, status=status.HTTP_403_FORBIDDEN) except KeyError: res = {'res': '', 'error': 'please provide a email and a password'} return Response(res, status=status.HTTP_400_BAD_REQUEST)
def action(self, serializer): user = serializer.user token, _ = Token.objects.get_or_create(user=user) user_logged_in.send(sender=user.__class__, request=self.request, user=user) return Response( data=serializers.TokenSerializer(token).data, status=status.HTTP_200_OK, )
def generate_response(self, request, user): user_logged_in.send(sender=user.__class__, request=request, user=user) bundle = self.build_bundle(obj=user, request=request) bundle = self.full_dehydrate(bundle) apikey = ApiKey.objects.get_or_create(user=user)[0].key bundle.data['apikey'] = apikey social_access_token = SocialToken.get_user_tokens(user) if social_access_token: bundle.data['social_access_token'] = social_access_token return self.create_response(request, bundle)
def login(scope, user, backend=None): """ Persist a user id and a backend in the request. This way a user doesn't have to re-authenticate on every request. Note that data set during the anonymous session is retained when the user logs in. """ if "session" not in scope: raise ValueError( "Cannot find session in scope. You should wrap your consumer in SessionMiddleware." ) session = scope["session"] session_auth_hash = "" if user is None: user = scope.get("user", None) if user is None: raise ValueError( "User must be passed as an argument or must be present in the scope." ) if hasattr(user, "get_session_auth_hash"): session_auth_hash = user.get_session_auth_hash() if SESSION_KEY in session: if _get_user_session_key(session) != user.pk or ( session_auth_hash and not constant_time_compare( session.get(HASH_SESSION_KEY, ""), session_auth_hash ) ): # To avoid reusing another user's session, create a new, empty # session if the existing session corresponds to a different # authenticated user. session.flush() else: session.cycle_key() try: backend = backend or user.backend except AttributeError: backends = _get_backends(return_tuples=True) if len(backends) == 1: _, backend = backends[0] else: raise ValueError( "You have multiple authentication backends configured and therefore must provide the `backend` " "argument or set the `backend` attribute on the user." ) session[SESSION_KEY] = user._meta.pk.value_to_string(user) session[BACKEND_SESSION_KEY] = backend session[HASH_SESSION_KEY] = session_auth_hash scope["user"] = user # note this does not reset the CSRF_COOKIE/Token user_logged_in.send(sender=user.__class__, request=None, user=user)
def test_check_pioneer_badge(self): """ Check pionner badge is awarded to user after some time """ assert not self.user1.has_badge(PIONEER_BADGE) # first login won't affect the badge user_logged_in.send(User, user=self.user1) assert not self.user1.has_badge(PIONEER_BADGE) time.sleep(1) # after settings.PIONEER_BADGE_LIMIT, new logins does award the badge user_logged_in.send(User, user=self.user1) assert self.user1.has_badge(PIONEER_BADGE)
def login(request, user): session_auth_hash = '' if user is None: user = request.user if hasattr(user, 'get_session_auth_hash'): session_auth_hash = user.get_session_auth_hash() if SESSION_KEY in request.session: if _get_user_session_key(request) != user.pk or ( session_auth_hash and request.session.get(HASH_SESSION_KEY) != session_auth_hash): request.session.flush() else: request.session.cycle_key() request.session[SESSION_KEY] = user.pk request.session[BACKEND_SESSION_KEY] = user.backend request.session[HASH_SESSION_KEY] = session_auth_hash if hasattr(request, 'user'): request.user = user rotate_token(request) user_logged_in.send(sender=user.__class__, request=request, user=user)
def login_user(request, user): token, _ = settings.TOKEN_MODEL.objects.get_or_create(user=user) if settings.CREATE_SESSION_ON_LOGIN: login(request, user) user_logged_in.send(sender=user.__class__, request=request, user=user) return token
def login_user(request, user): token, _ = authtoken.models.Token.objects.get_or_create(user=user) user_logged_in.send(sender=user.__class__, request=request, user=user) return token