def no_javascript(request):
from django.contrib.auth.models import User
from srp.models import SRPUser
from django.contrib.auth import login, authenticate
try:
user = User.objects.get(username=request.POST["srp_username"])
try:
# Create a verifier for the user, and check that it matches the user's verifier
# Since we're doing it all on one side, we can skip the rest of the protocol
v = generate_verifier(user.srpuser.salt,
request.POST["srp_username"],
request.POST["srp_password"])
user = authenticate(username=request.POST["srp_username"],
M=(user.srpuser.verifier, v))
if user:
login(request, user)
if not request.POST["srp_forward"].startswith("#"):
return HttpResponseRedirect(request.POST["srp_forward"])
else:
return HttpResponseRedirect("%s%s" %
(request.META["HTTP_REFERER"],
request.POST["srp_forward"]))
except SRPUser.DoesNotExist:
# The user exists in the auth table, but not the SRP table
# Create an SRP version of the user
if user.check_password(request.POST["srp_password"]):
srpuser = SRPUser()
srpuser.__dict__.update(user.__dict__)
srpuser.salt = generate_salt()
srpuser.verifier = generate_verifier(
srpuser.salt, request.POST["srp_username"],
request.POST["srp_password"])
srpuser.password = ""
srpuser.save()
if not request.POST["srp_forward"].startswith("#"):
return HttpResponseRedirect(request.POST["srp_forward"])
else:
return HttpResponseRedirect("%s%s" %
(request.META["HTTP_REFERER"],
request.POST["srp_forward"]))
except User.DoesNotExist:
# The user does not exist in the auth tables
# Send the client back to the login page with an error
pass
if "?" in request.META["HTTP_REFERER"]:
if "error=1" in request.META["HTTP_REFERER"]:
return HttpResponseRedirect("%s" % request.META["HTTP_REFERER"])
else:
return HttpResponseRedirect("%s&error=1" %
request.META["HTTP_REFERER"])
else:
return HttpResponseRedirect("%s?error=1" %
request.META["HTTP_REFERER"])
def upgrade_add_verifier(request):
from srp.models import SRPUser
from django.contrib.auth.models import User
import hashlib
salt = generate_salt()
key = hashlib.sha256(request.session["srp_S"]).hexdigest()
user = User.objects.get(username=request.session["srp_I"])
srpuser = SRPUser()
srpuser.__dict__.update(user.__dict__)
srpuser.verifier = generate_verifier(salt, request.session["srp_I"], decrypt(request.POST["p"], key, int(request.POST["l"])))
srpuser.salt = salt
srpuser.password = ""
srpuser.save()
return HttpResponse("<ok/>", mimetype="text/xml")
def upgrade_add_verifier(request):
from srp.models import SRPUser
from django.contrib.auth.models import User
import hashlib
salt = generate_salt()
key = hashlib.sha256(request.session["srp_S"]).hexdigest()
user = User.objects.get(username=request.session["srp_I"])
srpuser = SRPUser()
srpuser.__dict__.update(user.__dict__)
srpuser.verifier = generate_verifier(
salt, request.session["srp_I"],
decrypt(request.POST["p"], key, int(request.POST["l"])))
srpuser.salt = salt
srpuser.password = ""
srpuser.save()
return HttpResponse("<ok/>", mimetype="text/xml")
def register_user(request):
if hasattr(settings, "ALLOW_SELF_REGISTERING") and not settings.ALLOW_SELF_REGISTERING:
raise Http404
try:
srp_phase2 = request.session["srp_phase2"] == True
except:
srp_phase2 = False
if not srp_phase2:
raise Http404
u = SRPUser(salt=request.session["srp_salt"], username=request.session["srp_name"], verifier=request.POST["v"])
u.save()
utils.auth.register_sp_user(request, u)
del request.session["srp_salt"]
del request.session["srp_name"]
del request.session["srp_phase2"]
return HttpResponse("<ok/>", mimetype="text/xml")
def no_javascript(request):
from django.contrib.auth.models import User
from srp.models import SRPUser
from django.contrib.auth import login, authenticate
try:
user = User.objects.get(username=request.POST["srp_username"])
try:
# Create a verifier for the user, and check that it matches the user's verifier
# Since we're doing it all on one side, we can skip the rest of the protocol
v = generate_verifier(user.srpuser.salt, request.POST["srp_username"], request.POST["srp_password"])
user = authenticate(username=request.POST["srp_username"], M=(user.srpuser.verifier, v))
if user:
login(request, user)
if not request.POST["srp_forward"].startswith("#"):
return HttpResponseRedirect(request.POST["srp_forward"])
else:
return HttpResponseRedirect("%s%s" % (request.META["HTTP_REFERER"], request.POST["srp_forward"]))
except SRPUser.DoesNotExist:
# The user exists in the auth table, but not the SRP table
# Create an SRP version of the user
if user.check_password(request.POST["srp_password"]):
srpuser = SRPUser()
srpuser.__dict__.update(user.__dict__)
srpuser.salt = generate_salt()
srpuser.verifier = generate_verifier(srpuser.salt, request.POST["srp_username"], request.POST["srp_password"])
srpuser.password = ""
srpuser.save()
if not request.POST["srp_forward"].startswith("#"):
return HttpResponseRedirect(request.POST["srp_forward"])
else:
return HttpResponseRedirect("%s%s" % (request.META["HTTP_REFERER"], request.POST["srp_forward"]))
except User.DoesNotExist:
# The user does not exist in the auth tables
# Send the client back to the login page with an error
pass
if "?" in request.META["HTTP_REFERER"]:
if "error=1" in request.META["HTTP_REFERER"]:
return HttpResponseRedirect("%s" % request.META["HTTP_REFERER"])
else:
return HttpResponseRedirect("%s&error=1" % request.META["HTTP_REFERER"])
else:
return HttpResponseRedirect("%s?error=1" % request.META["HTTP_REFERER"])
def register_user(request):
if hasattr(
settings,
'ALLOW_SELF_REGISTERING') and not settings.ALLOW_SELF_REGISTERING:
raise Http404
try:
srp_phase2 = request.session["srp_phase2"] == True
except:
srp_phase2 = False
if not srp_phase2:
raise Http404
u = SRPUser(salt=request.session["srp_salt"],
username=request.session["srp_name"],
verifier=request.POST["v"])
u.save()
utils.auth.register_sp_user(request, u)
del request.session["srp_salt"]
del request.session["srp_name"]
del request.session["srp_phase2"]
return HttpResponse("<ok/>", mimetype="text/xml")