def login(request, template_name='registration/login.html', redirect_field_name=REDIRECT_FIELD_NAME, authentication_form=StrictAuthenticationForm, current_app=None, extra_context=None): """ Displays the login form and handles the login action. Uses the StrictAuthenticationForm and triggers a password change after login when required. """ redirect_to = request.REQUEST.get(redirect_field_name, '') if request.method == "POST": form = authentication_form(request, data=request.POST) if form.is_valid(): # Ensure the user-originating redirection url is safe. if not is_safe_url(url=redirect_to, host=request.get_host()): redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL) # Okay, security check complete. Log the user in. auth_login(request, form.get_user()) # Check for temporary or expired passwords and store in session # The middleware should enforce a password change in next request enforce, is_exp, is_temp = enforce_password_change(form.get_user()) request.session['password_change_enforce'] = enforce request.session['password_is_expired'] = is_exp request.session['password_is_temporary'] = is_temp # Log password enforcement if enforce: if is_temp: logger.info(u'User %s must change temporary password', request.user) if is_exp: logger.info(u'User %s must change expired password', request.user) if not is_temp and not is_exp: logger.info(u'User %s must change password', request.user) return HttpResponseRedirect(redirect_to) else: form = authentication_form(request) current_site = get_current_site(request) context = { 'form': form, redirect_field_name: redirect_to, 'site': current_site, 'site_name': current_site.name, } if extra_context is not None: context.update(extra_context) return TemplateResponse(request, template_name, context, current_app=current_app)
def process_response(self, request, response): if not hasattr(request, 'user') or not request.user.is_authenticated(): return response # When password change is enforced, check if this is still required # for next request if not request.session.get('password_change_enforce', False): return response enforce, is_exp, is_temp = enforce_password_change(request.user) request.session['password_change_enforce'] = enforce request.session['password_is_expired'] = is_exp request.session['password_is_temporary'] = is_temp return response