def no_javascript(request): from django.contrib.auth.models import User from srp.models import SRPUser from django.contrib.auth import login, authenticate try: user = User.objects.get(username=request.POST["srp_username"]) try: # Create a verifier for the user, and check that it matches the user's verifier # Since we're doing it all on one side, we can skip the rest of the protocol v = generate_verifier(user.srpuser.salt, request.POST["srp_username"], request.POST["srp_password"]) user = authenticate(username=request.POST["srp_username"], M=(user.srpuser.verifier, v)) if user: login(request, user) if not request.POST["srp_forward"].startswith("#"): return HttpResponseRedirect(request.POST["srp_forward"]) else: return HttpResponseRedirect("%s%s" % (request.META["HTTP_REFERER"], request.POST["srp_forward"])) except SRPUser.DoesNotExist: # The user exists in the auth table, but not the SRP table # Create an SRP version of the user if user.check_password(request.POST["srp_password"]): srpuser = SRPUser() srpuser.__dict__.update(user.__dict__) srpuser.salt = generate_salt() srpuser.verifier = generate_verifier( srpuser.salt, request.POST["srp_username"], request.POST["srp_password"]) srpuser.password = "" srpuser.save() if not request.POST["srp_forward"].startswith("#"): return HttpResponseRedirect(request.POST["srp_forward"]) else: return HttpResponseRedirect("%s%s" % (request.META["HTTP_REFERER"], request.POST["srp_forward"])) except User.DoesNotExist: # The user does not exist in the auth tables # Send the client back to the login page with an error pass if "?" in request.META["HTTP_REFERER"]: if "error=1" in request.META["HTTP_REFERER"]: return HttpResponseRedirect("%s" % request.META["HTTP_REFERER"]) else: return HttpResponseRedirect("%s&error=1" % request.META["HTTP_REFERER"]) else: return HttpResponseRedirect("%s?error=1" % request.META["HTTP_REFERER"])
def upgrade_add_verifier(request): from srp.models import SRPUser from django.contrib.auth.models import User import hashlib salt = generate_salt() key = hashlib.sha256(request.session["srp_S"]).hexdigest() user = User.objects.get(username=request.session["srp_I"]) srpuser = SRPUser() srpuser.__dict__.update(user.__dict__) srpuser.verifier = generate_verifier(salt, request.session["srp_I"], decrypt(request.POST["p"], key, int(request.POST["l"]))) srpuser.salt = salt srpuser.password = "" srpuser.save() return HttpResponse("<ok/>", mimetype="text/xml")
def upgrade_add_verifier(request): from srp.models import SRPUser from django.contrib.auth.models import User import hashlib salt = generate_salt() key = hashlib.sha256(request.session["srp_S"]).hexdigest() user = User.objects.get(username=request.session["srp_I"]) srpuser = SRPUser() srpuser.__dict__.update(user.__dict__) srpuser.verifier = generate_verifier( salt, request.session["srp_I"], decrypt(request.POST["p"], key, int(request.POST["l"]))) srpuser.salt = salt srpuser.password = "" srpuser.save() return HttpResponse("<ok/>", mimetype="text/xml")
def no_javascript(request): from django.contrib.auth.models import User from srp.models import SRPUser from django.contrib.auth import login, authenticate try: user = User.objects.get(username=request.POST["srp_username"]) try: # Create a verifier for the user, and check that it matches the user's verifier # Since we're doing it all on one side, we can skip the rest of the protocol v = generate_verifier(user.srpuser.salt, request.POST["srp_username"], request.POST["srp_password"]) user = authenticate(username=request.POST["srp_username"], M=(user.srpuser.verifier, v)) if user: login(request, user) if not request.POST["srp_forward"].startswith("#"): return HttpResponseRedirect(request.POST["srp_forward"]) else: return HttpResponseRedirect("%s%s" % (request.META["HTTP_REFERER"], request.POST["srp_forward"])) except SRPUser.DoesNotExist: # The user exists in the auth table, but not the SRP table # Create an SRP version of the user if user.check_password(request.POST["srp_password"]): srpuser = SRPUser() srpuser.__dict__.update(user.__dict__) srpuser.salt = generate_salt() srpuser.verifier = generate_verifier(srpuser.salt, request.POST["srp_username"], request.POST["srp_password"]) srpuser.password = "" srpuser.save() if not request.POST["srp_forward"].startswith("#"): return HttpResponseRedirect(request.POST["srp_forward"]) else: return HttpResponseRedirect("%s%s" % (request.META["HTTP_REFERER"], request.POST["srp_forward"])) except User.DoesNotExist: # The user does not exist in the auth tables # Send the client back to the login page with an error pass if "?" in request.META["HTTP_REFERER"]: if "error=1" in request.META["HTTP_REFERER"]: return HttpResponseRedirect("%s" % request.META["HTTP_REFERER"]) else: return HttpResponseRedirect("%s&error=1" % request.META["HTTP_REFERER"]) else: return HttpResponseRedirect("%s?error=1" % request.META["HTTP_REFERER"])