예제 #1
0
def no_javascript(request):
    from django.contrib.auth.models import User
    from srp.models import SRPUser
    from django.contrib.auth import login, authenticate
    try:
        user = User.objects.get(username=request.POST["srp_username"])
        try:
            # Create a verifier for the user, and check that it matches the user's verifier
            # Since we're doing it all on one side, we can skip the rest of the protocol
            v = generate_verifier(user.srpuser.salt,
                                  request.POST["srp_username"],
                                  request.POST["srp_password"])
            user = authenticate(username=request.POST["srp_username"],
                                M=(user.srpuser.verifier, v))
            if user:
                login(request, user)
                if not request.POST["srp_forward"].startswith("#"):
                    return HttpResponseRedirect(request.POST["srp_forward"])
                else:
                    return HttpResponseRedirect("%s%s" %
                                                (request.META["HTTP_REFERER"],
                                                 request.POST["srp_forward"]))
        except SRPUser.DoesNotExist:
            # The user exists in the auth table, but not the SRP table
            # Create an SRP version of the user
            if user.check_password(request.POST["srp_password"]):
                srpuser = SRPUser()
                srpuser.__dict__.update(user.__dict__)
                srpuser.salt = generate_salt()
                srpuser.verifier = generate_verifier(
                    srpuser.salt, request.POST["srp_username"],
                    request.POST["srp_password"])
                srpuser.password = ""
                srpuser.save()
                if not request.POST["srp_forward"].startswith("#"):
                    return HttpResponseRedirect(request.POST["srp_forward"])
                else:
                    return HttpResponseRedirect("%s%s" %
                                                (request.META["HTTP_REFERER"],
                                                 request.POST["srp_forward"]))
    except User.DoesNotExist:
        # The user does not exist in the auth tables
        # Send the client back to the login page with an error
        pass
    if "?" in request.META["HTTP_REFERER"]:
        if "error=1" in request.META["HTTP_REFERER"]:
            return HttpResponseRedirect("%s" % request.META["HTTP_REFERER"])
        else:
            return HttpResponseRedirect("%s&error=1" %
                                        request.META["HTTP_REFERER"])
    else:
        return HttpResponseRedirect("%s?error=1" %
                                    request.META["HTTP_REFERER"])
예제 #2
0
파일: views.py 프로젝트: baskfx/srp-js
def upgrade_add_verifier(request):
    from srp.models import SRPUser
    from django.contrib.auth.models import User
    import hashlib
    salt = generate_salt()
    key = hashlib.sha256(request.session["srp_S"]).hexdigest()
    user = User.objects.get(username=request.session["srp_I"])
    srpuser = SRPUser()
    srpuser.__dict__.update(user.__dict__)
    srpuser.verifier = generate_verifier(salt, request.session["srp_I"], decrypt(request.POST["p"], key, int(request.POST["l"])))
    srpuser.salt = salt
    srpuser.password = ""
    srpuser.save()
    return HttpResponse("<ok/>", mimetype="text/xml")
예제 #3
0
def upgrade_add_verifier(request):
    from srp.models import SRPUser
    from django.contrib.auth.models import User
    import hashlib
    salt = generate_salt()
    key = hashlib.sha256(request.session["srp_S"]).hexdigest()
    user = User.objects.get(username=request.session["srp_I"])
    srpuser = SRPUser()
    srpuser.__dict__.update(user.__dict__)
    srpuser.verifier = generate_verifier(
        salt, request.session["srp_I"],
        decrypt(request.POST["p"], key, int(request.POST["l"])))
    srpuser.salt = salt
    srpuser.password = ""
    srpuser.save()
    return HttpResponse("<ok/>", mimetype="text/xml")
예제 #4
0
파일: views.py 프로젝트: baskfx/srp-js
def no_javascript(request):
    from django.contrib.auth.models import User
    from srp.models import SRPUser
    from django.contrib.auth import login, authenticate
    try:
        user = User.objects.get(username=request.POST["srp_username"])
        try:
            # Create a verifier for the user, and check that it matches the user's verifier
            # Since we're doing it all on one side, we can skip the rest of the protocol
            v = generate_verifier(user.srpuser.salt, request.POST["srp_username"], request.POST["srp_password"])
            user = authenticate(username=request.POST["srp_username"], M=(user.srpuser.verifier, v))
            if user:
                login(request, user)
                if not request.POST["srp_forward"].startswith("#"):
                    return HttpResponseRedirect(request.POST["srp_forward"])
                else:
                    return HttpResponseRedirect("%s%s" % (request.META["HTTP_REFERER"], request.POST["srp_forward"]))
        except SRPUser.DoesNotExist:
            # The user exists in the auth table, but not the SRP table
            # Create an SRP version of the user
            if user.check_password(request.POST["srp_password"]):
                srpuser = SRPUser()
                srpuser.__dict__.update(user.__dict__)
                srpuser.salt = generate_salt()
                srpuser.verifier = generate_verifier(srpuser.salt, request.POST["srp_username"], request.POST["srp_password"])
                srpuser.password = ""
                srpuser.save()
                if not request.POST["srp_forward"].startswith("#"):
                    return HttpResponseRedirect(request.POST["srp_forward"])
                else:
                    return HttpResponseRedirect("%s%s" % (request.META["HTTP_REFERER"], request.POST["srp_forward"]))
    except User.DoesNotExist:
        # The user does not exist in the auth tables
        # Send the client back to the login page with an error
        pass
    if "?" in request.META["HTTP_REFERER"]:
        if "error=1" in request.META["HTTP_REFERER"]:
            return HttpResponseRedirect("%s" % request.META["HTTP_REFERER"])
        else:
            return HttpResponseRedirect("%s&error=1" % request.META["HTTP_REFERER"])
    else:
        return HttpResponseRedirect("%s?error=1" % request.META["HTTP_REFERER"])