def sign_up_confirmation(request, confirmation_key):
'''
Handles the sign up confirmation
'''
#Check ip has not been locked
if is_already_locked(request):
raise Http404
try:
sign_up = SignUp.objects.get(confirmation_key=confirmation_key)
except:
#Log access attempt
AccessLog.objects.create(
user_agent=request.META.get('HTTP_USER_AGENT', '<unknown>')[:255],
ip_address=get_ip(request),
username=confirmation_key,
http_accept=request.META.get('HTTP_ACCEPT', '<unknown>'),
path_info=request.META.get('PATH_INFO', '<unknown>'),
trusted=False,
)
check_request(request, True)
raise Http404
if request.method == 'POST':
return sign_up_confirmation_post(request, sign_up)
translation.activate(sign_up.language)
return render(request, 'sign_up/choose_password.html', {
'confirmation_key': confirmation_key,
})
def auth_view(request):
'''
Handles the authentication from the login screen
'''
if is_already_locked(request):
return account_locked(request)
username = request.POST.get('username', '').lower()
password = request.POST.get('password', '')
user = auth.authenticate(username=username, password=password)
login_unsuccessful = user is None
AccessLog.objects.create(
user_agent=request.META.get('HTTP_USER_AGENT', '<unknown>')[:255],
ip_address=get_ip(request),
username=username,
http_accept=request.META.get('HTTP_ACCEPT', '<unknown>'),
path_info=request.META.get('PATH_INFO', '<unknown>'),
trusted=not login_unsuccessful,
)
check_request(request, login_unsuccessful)
if not login_unsuccessful:
auth.login(request, user)
return HttpResponseRedirect('/')
else:
return HttpResponseRedirect('/accounts/invalid')
def auth_view(request):
'''
Handles the authentication from the login screen
'''
if is_already_locked(request):
return account_locked(request)
username = request.POST.get('username', '').lower()
password = request.POST.get('password', '')
user = auth.authenticate(username=username, password=password)
login_unsuccessful = user is None
AccessLog.objects.create(
user_agent=request.META.get('HTTP_USER_AGENT', '<unknown>')[:255],
ip_address=get_ip(request),
username=username,
http_accept=request.META.get('HTTP_ACCEPT', '<unknown>'),
path_info=request.META.get('PATH_INFO', '<unknown>'),
trusted=not login_unsuccessful,
)
check_request(request, login_unsuccessful)
if login_unsuccessful:
return HttpResponseRedirect('/accounts/invalid')
target_url = request.POST.get('next', '/')
auth.login(request, user)
return HttpResponseRedirect(target_url)
def watch_login(request, successful):
axes_dec.AccessLog.objects.create(
user_agent=request.META.get('HTTP_USER_AGENT', '<unknown>')[:255],
ip_address=axes_dec.get_ip(request),
username=request.data['username'],
http_accept=request.META.get('HTTP_ACCEPT', '<unknown>'),
path_info=request.META.get('PATH_INFO', '<unknown>'),
trusted=successful)
return axes_dec.check_request(request, not successful)
def test_custom_header_parsing(self):
self.ip = '2001:db8:cafe::17'
valid_headers = [
' 2001:db8:cafe::17 , 2001:db8:cafe::18',
]
for header in valid_headers:
self.request.META[settings.AXES_REVERSE_PROXY_HEADER] = header
self.assertEqual(self.ip, get_ip(self.request))
def test_custom_header_parsing(self):
self.ip = '2001:db8:cafe::17'
valid_headers = [
' 2001:db8:cafe::17 , 2001:db8:cafe::18',
]
for header in valid_headers:
self.request.META[settings.AXES_REVERSE_PROXY_HEADER] = header
self.assertEqual(self.ip, get_ip(self.request))
def watch_login(request, successful):
axes_dec.AccessLog.objects.create(
user_agent=request.META.get('HTTP_USER_AGENT', '<unknown>')[:255],
ip_address=axes_dec.get_ip(request),
username=request.data['username'],
http_accept=request.META.get('HTTP_ACCEPT', '<unknown>'),
path_info=request.META.get('PATH_INFO', '<unknown>'),
trusted=successful
)
return axes_dec.check_request(request, not successful)
def test_iis_ipv4_port_stripping(self):
self.ip = '192.168.1.1'
valid_headers = [
'192.168.1.1:6112',
'192.168.1.1:6033, 192.168.1.2:9001',
]
for header in valid_headers:
self.request.META['HTTP_X_FORWARDED_FOR'] = header
self.assertEqual(self.ip, get_ip(self.request))
def test_iis_ipv4_port_stripping(self):
self.ip = '192.168.1.1'
valid_headers = [
'192.168.1.1:6112',
'192.168.1.1:6033, 192.168.1.2:9001',
]
for header in valid_headers:
self.request.META['HTTP_X_FORWARDED_FOR'] = header
self.assertEqual(self.ip, get_ip(self.request))
def test_header_ordering(self):
self.ip = '2.2.2.2'
valid_headers = [
'4.4.4.4, 3.3.3.3, 2.2.2.2, 1.1.1.1',
' 3.3.3.3, 2.2.2.2, 1.1.1.1',
' 2.2.2.2, 1.1.1.1',
]
for header in valid_headers:
self.request.META[settings.AXES_REVERSE_PROXY_HEADER] = header
self.assertEqual(self.ip, get_ip(self.request))
def test_header_ordering(self):
self.ip = '2.2.2.2'
valid_headers = [
'4.4.4.4, 3.3.3.3, 2.2.2.2, 1.1.1.1',
' 3.3.3.3, 2.2.2.2, 1.1.1.1',
' 2.2.2.2, 1.1.1.1',
]
for header in valid_headers:
self.request.META[settings.AXES_REVERSE_PROXY_HEADER] = header
self.assertEqual(self.ip, get_ip(self.request))
def test_valid_ipv6_parsing(self):
self.ip = '2001:db8:cafe::17'
valid_headers = [
'2001:db8:cafe::17',
'2001:db8:cafe::17 , 2001:db8:cafe::18',
'2001:db8:cafe::17, 2001:db8:cafe::18, 192.168.1.1',
]
for header in valid_headers:
self.request.META['HTTP_X_FORWARDED_FOR'] = header
self.assertEqual(self.ip, get_ip(self.request))
def test_valid_ipv6_parsing(self):
self.ip = '2001:db8:cafe::17'
valid_headers = [
'2001:db8:cafe::17',
'2001:db8:cafe::17 , 2001:db8:cafe::18',
'2001:db8:cafe::17, 2001:db8:cafe::18, 192.168.1.1',
]
for header in valid_headers:
self.request.META['HTTP_X_FORWARDED_FOR'] = header
self.assertEqual(self.ip, get_ip(self.request))
def get_attemps(request):
remain_times = 0
att = 0
try:
attempts = AccessAttempt.objects.filter(ip_address=get_ip(request))
if len(attempts) > 0:
for attempt in attempts:
att = att + attempt.failures_since_start
else:
remain_times = FAILURE_LIMIT
except:
print 'something goes wrong!'
remain_times = FAILURE_LIMIT - att
return remain_times
def get_attemps(request):
remain_times = 0
att = 0
try:
attempts = AccessAttempt.objects.filter(ip_address=get_ip(request))
if len(attempts) > 0:
for attempt in attempts:
att = att + attempt.failures_since_start
else:
remain_times = FAILURE_LIMIT
except:
print 'something goes wrong!'
remain_times = FAILURE_LIMIT - att
return remain_times
def confirm_invite(request, confirmation_key):
'''
View that confirms an email invite and allows the user to choose a password
'''
#Check ip has not been locked
if is_already_locked(request):
raise Http404
try:
invite = EmailConfirmation.objects.get(
confirmation_key=confirmation_key)
except:
#Log access attempt
AccessLog.objects.create(
user_agent=request.META.get('HTTP_USER_AGENT', '<unknown>')[:255],
ip_address=get_ip(request),
username=confirmation_key,
http_accept=request.META.get('HTTP_ACCEPT', '<unknown>'),
path_info=request.META.get('PATH_INFO', '<unknown>'),
trusted=False,
)
check_request(request, True)
return invalid_expired(request)
if request.method != 'POST':
#Ensure user is logged out
auth.logout(request)
language = invite.person.language
translation.activate(language)
return render(
request, 'email_confirmation/confirm_invite.html', {
'invite': invite,
'person': invite.person,
'user_who_invited_person': invite.user_who_invited_person,
})
else:
return confirm_invite_post(request, invite)
def confirm_invite(request, confirmation_key):
'''
View that confirms an email invite and allows the user to choose a password
'''
#Check ip has not been locked
if is_already_locked(request):
raise Http404
try:
invite = EmailConfirmation.objects.get(confirmation_key=confirmation_key)
except:
#Log access attempt
AccessLog.objects.create(
user_agent=request.META.get('HTTP_USER_AGENT', '<unknown>')[:255],
ip_address=get_ip(request),
username=confirmation_key,
http_accept=request.META.get('HTTP_ACCEPT', '<unknown>'),
path_info=request.META.get('PATH_INFO', '<unknown>'),
trusted=False,
)
check_request(request, True)
return invalid_expired(request)
if request.method != 'POST':
#Ensure user is logged out
auth.logout(request)
template = loader.get_template('email_confirmation/confirm_invite.html')
context = RequestContext(request,{
'invite' : invite,
'person' : invite.person,
'user_who_invited_person' : invite.user_who_invited_person,
})
response = template.render(context)
return HttpResponse(response)
else:
return confirm_invite_post(request, invite)
def authenticate(self, username, password, request=None):
request_info = request and "%s %s" % (request.path, get_ip(request)) or ""
if not username or not password:
logger.info("Log In Failure [Empty] %s %s" % (username, request_info))
return None
try:
server = Server(settings.AD_SERVER_NAME, use_ssl=True)
conn = Connection(server, "%s\\%s" % (settings.AD_DOMAIN, username), password, auto_bind=True,
authentication=NTLM)
user = conn.bound and self.get_or_create_user(username, conn) or None
if user is not None:
pass
else:
logger.info("Log In Failure [NOTFOUND] %s %s" % (username, request_info))
return user
except LDAPBindError:
logger.info("Log In Failure [LDAP] %s %s" % (username, request_info))
return None
def decorated_login(request, *args, **kwargs):
# share some useful information
if func.__name__ != 'decorated_login' and VERBOSE: # pragma: no cover
log.info('AXES: Calling decorated function: %s' % func.__name__)
if args:
log.info('args: %s' % str(args))
if kwargs:
log.info('kwargs: %s' % kwargs)
# call the login function
response = func(request, *args, **kwargs)
if func.__name__ == 'decorated_login': # pragma: no cover
return response
if request.method == 'POST':
# see if the login was successful
login_unsuccessful = (response
and not response.has_header('location')
and response.status_code != 302)
user_agent = request.META.get('HTTP_USER_AGENT', '<unknown>')[:255]
http_accept = request.META.get('HTTP_ACCEPT', '<unknown>')[:1025]
path_info = request.META.get('PATH_INFO', '<unknown>')[:255]
AccessLog.objects.create(
user_agent=user_agent,
ip_address=get_ip(request),
username=request.POST.get(USERNAME_FORM_FIELD, None),
http_accept=http_accept,
path_info=path_info,
trusted=not login_unsuccessful,
)
if check_request(request, login_unsuccessful):
return response
else:
response.data = {"error_type": "LoginAttemptsExceededError"}
response.content = response.rendered_content
return response
return response
def test_invalid_headers_no_ip(self):
self.request.META[settings.AXES_REVERSE_PROXY_HEADER] = ''
with self.assertRaises(Warning):
get_ip(self.request)
def post_logged_out(sender, request, user, **kwargs):
request_info = "%s %s" % (request.path, get_ip(request))
logger.info("Log Out %s %s" % (user and user.username or "none", request_info))
def test_invalid_headers_no_ip(self):
self.request.META[settings.AXES_REVERSE_PROXY_HEADER] = ''
with self.assertRaises(Warning):
get_ip(self.request)
def post_login_failed(sender, request, credentials, **kwargs):
request_info = "%s %s" % (request.path, get_ip(request))
logger.info("Signal Log In Failure %s %s" % (credentials.get("username", "-"), request_info))
def post_logged_in(sender, request, user, **kwargs):
request_info = "%s %s" % (request.path, get_ip(request))
logger.info("Log In Success %s %s" % (user.username, request_info))
