Exemplo n.º 1
0
    def validate(self, attrs):
        authenticate_kwargs = {
            self.username_field: attrs[self.username_field],
            "password": attrs["password"],
        }
        try:
            authenticate_kwargs["request"] = self.context["request"]
        except KeyError:
            pass
        if ratelimit(self.context["request"], "login", [authenticate_kwargs[self.username_field]]):
            raise CaptchaRequiredException(
                detail={"status": 429, "detail": "Too Many Requests Provide Captcha"},
                code=status.HTTP_429_TOO_MANY_REQUESTS,
            )
        self.user = authenticate(**authenticate_kwargs)

        # Prior to Django 1.10, inactive users could be authenticated with the
        # default `ModelBackend`.  As of Django 1.10, the `ModelBackend`
        # prevents inactive users from authenticating.  App designers can still
        # allow inactive users to authenticate by opting for the new
        # `AllowAllUsersModelBackend`.  However, we explicitly prevent inactive
        # users from authenticating to enforce a reasonable policy and provide
        # sensible backwards compatibility with older Django versions.
        if self.user is None or not self.user.is_active:
            raise AuthenticationFailed(
                self.error_messages["no_active_account"], "no_active_account",
            )

        return {}
Exemplo n.º 2
0
 def get(self, request, **kwargs):
     try:
         rate = False
         if ratelimit(request, "login", ["ip"]):
             rate = True
         form = self.form_class()
         return render(request, self.template, {"form": form, "rate": rate})
     except Exception as e:
         logging.error(e)
         return HttpResponseRedirect("/500")
Exemplo n.º 3
0
 def post(self, request):
     form = AuthenticationForm(request=request, data=request.POST)
     if ratelimit(request, "login", [request.POST["username"]]):
         return render(request, self.template, {"form": form, "rate": True})
     form = AuthenticationForm(request=request, data=request.POST)
     next_url = request.GET.get("next", False)
     if form.is_valid():
         username = form.cleaned_data.get("username")
         password = form.cleaned_data.get("password")
         # return HttpResponse(status=404)
         user = authenticate(username=username, password=password)
         if user:
             if user.is_active:
                 login(request, user)
                 if next_url:
                     return HttpResponseRedirect(next_url)
                 return redirect("home")
     return render(request, self.template, {"form": form, "error": True})