def attempt_login(request):
matches = authenticate_users(request.POST['email'], request.POST['password'])
if len(matches) == 1:
# Exactly one match, cool, just authenticate the user
user = authenticate(user=matches[0])
log_user_in(request, user)
return matches, None
elif len(matches) > 1:
# Multiple matches, let the caller handle this
return matches, None
elif len(matches) == 0:
# Incorrect credentials. Check if this is a user from the old userpage system
old_member = authenticate_sherpa2_user(request.POST['email'], request.POST['password'])
if old_member is not None:
# Actually, it is! Let's try to import them.
if User.get_users().filter(memberid=old_member.memberid, is_inactive=False).exists():
return matches, 'old_memberid_but_memberid_exists'
# Check if a pending user exists. This shouldn't ever happen (a pending user is recently
# enrolled, and an existing user will have been member for a long time).
if User.objects.filter(memberid=old_member.memberid, is_pending=True).exists():
# Give the same error ("user exists, you need to use your new password")
return matches, 'old_memberid_but_memberid_exists'
# Verify that they exist in the membersystem (this turned out to be an incorrect assumption)
if not Actor.get_personal_members().filter(memberid=old_member.memberid).exists():
# We're not quite sure why this can happen, so we'll just give them the invalid
# credentials message - but this might be confusing for those who were able to log
# in previously.
return matches, 'invalid_credentials'
# Create the new user
try:
# Check if the user's already created as inactive
user = User.get_users().get(memberid=old_member.memberid, is_inactive=True)
user.is_inactive = False
user.set_password(request.POST['password'])
user.save()
except User.DoesNotExist:
# New user
user = User(identifier=old_member.memberid, memberid=old_member.memberid)
user.set_password(request.POST['password'])
user.save()
# Update the email on this actor, in case it were to differ from the sherpa2 email
user.update_personal_data({'email': request.POST['email']})
# Import any fjelltreffen-annonser from the old system
import_fjelltreffen_annonser(user)
authenticate(user=user)
log_user_in(request, user)
return [user], None
else:
# No luck, just provide the error message
return matches, 'invalid_credentials'
def custom_on_success(request, identity_url, openid_response):
# Reuse django_openidconsumer.views.default_on_success to set the
# relevant session variables:
consumer_views.default_on_success(request, identity_url,
openid_response)
# Now look up the user's identity_url to see if they exist in
# the system
try:
user_openid = UserOpenID.objects.get(openid=identity_url)
except UserOpenID.DoesNotExist:
user_openid = None
if user_openid:
user = user_openid.user
# Unfortunately we have to annotate the user with the
# 'django.contrib.auth.backends.ModelBackend' backend,
# or stuff breaks
backend = load_backend('django.contrib.auth.backends.ModelBackend')
user.backend = '%s.%s' % (
backend.__module__, backend.__class__.__name__
)
log_user_in(request, user)
return on_login_ok(request, identity_url)
else:
return on_login_failed(request, identity_url)
def single_signon_login(request):
"""
This view applies only on the central site.
After successful login on a local site, the user should be sent here in
order to create a session on the central site as well, which will be used
for future logins on other local sites (and any logins on the central site).
"""
if not request.site.is_central():
raise PermissionDenied
if any([key not in request.GET for key in ['next', 'user_id', 'hmac']]):
raise PermissionDenied
user_id = request.GET['user_id']
user_id_bytes = user_id.encode('ascii')
calculated_hmac_b64 = calc_hmac_b64(user_id_bytes)
if calculated_hmac_b64 != request.GET['hmac']:
logger.warning(
"Single signon: Oppgitt hmac matcher ikke egenkalkulert hmac",
extra={
'provided_hmac': request.GET['hmac'],
'calculated_hmac': calculated_hmac_b64,
'user_id_bytes': user_id_bytes,
}
)
raise PermissionDenied
# HMAC was verified, now authenticate the user and send them back
user = User.objects.get(id=user_id)
user = authenticate(user=user)
log_user_in(request, user)
return redirect(request.GET['next'])
def login(request):
if request.method == 'POST':
login_form = LoginForm(request.POST)
if login_form.is_valid():
data = login_form.cleaned_data
user = authenticate(username=data['username'],
password=data['password'])
if user is not None:
log_user_in(request, user)
id = user.userclipboard.clipboard_id
response = HttpResponseRedirect(reverse('main'))
response.set_cookie('clipboard-id', id)
return response
else:
login_form = LoginForm()
return render(
request, 'clipper/login.html', {
'form':
login_form,
'errors':
['The username and password do not match any user!']
})
else:
loginform = LoginForm()
return render(request, 'clipper/login.html', {'form': loginform})
def login_chosen_user(request):
if 'authenticated_users' not in request.session:
return redirect('user:login.login')
if 'user' not in request.POST:
del request.session['authenticated_users']
return redirect('user:login.login')
# Verify that the user authenticated for this user
if not int(request.POST['user']) in request.session['authenticated_users']:
del request.session['authenticated_users']
return redirect('user:login.login')
# All is swell, log the user in
user = User.get_users(include_pending=True).get(id=request.POST['user'], is_inactive=False)
user = authenticate(user=user)
log_user_in(request, user)
del request.session['authenticated_users']
if request.site.is_central():
return redirect(request.GET.get('next', reverse('user:home')))
else:
if 'sso_checked' in request.session:
del request.session['sso_checked']
return redirect(sso_login_url(
request.site,
request.user,
request.GET.get('next', reverse('user:home')),
))
def custom_on_success(request, identity_url, openid_response):
# Reuse django_openidconsumer.views.default_on_success to set the
# relevant session variables:
consumer_views.default_on_success(request, identity_url,
openid_response)
# Now look up the user's identity_url to see if they exist in
# the system
try:
user_openid = UserOpenID.objects.get(openid=identity_url)
except UserOpenID.DoesNotExist:
user_openid = None
if user_openid:
user = user_openid.user
# Unfortunately we have to annotate the user with the
# 'django.contrib.auth.backends.ModelBackend' backend,
# or stuff breaks
backend = load_backend('django.contrib.auth.backends.ModelBackend')
user.backend = '%s.%s' % (backend.__module__,
backend.__class__.__name__)
log_user_in(request, user)
return on_login_ok(request, identity_url)
else:
return on_login_failed(request, identity_url)
def signup(request):
if request.method == 'POST':
form = UserSignupForm(request.POST)
if form.is_valid():
user = form.save()
user.backend = settings.AUTHENTICATION_BACKENDS[0]
log_user_in(request, user)
return HttpResponseRedirect(reverse('welcome'))
else:
form = UserSignupForm()
return render(request, 'signup.html', {'form': form})
def sign_up(request):
if request.method == 'POST':
form = UserCreationForm(request.POST)
if form.is_valid():
form.save()
user = authenticate(username=form.cleaned_data.get('username'),
password=form.cleaned_data.get('password1'))
log_user_in(request, user)
return redirect('/movies')
form = UserCreationForm()
return render(request, 'registration/sign_up.html', {'form': form})
def login(request):
if request.user.is_authenticated():
return HttpResponseRedirect(reverse('welcome'))
if request.method == 'POST':
form = UserAuthenticationForm(data=request.POST)
if form.is_valid():
log_user_in(request, form.get_user())
return HttpResponseRedirect(reverse('welcome'))
else:
form = UserAuthenticationForm
return render(request, 'login.html', {'form': form})
def attempt_registration_nonmember(request):
error_messages = []
# Check that name is provided
if not validator.name(request.POST['name']):
error_messages.append('invalid_name')
# Check that the email address is valid
if not validator.email(request.POST['email']):
error_messages.append('invalid_email')
# Check that the email address isn't in use
if User.objects.filter(identifier=request.POST['email']).exists():
error_messages.append('email_exists')
# Check that the password is long enough
if len(request.POST['password']) < settings.USER_PASSWORD_LENGTH:
error_messages.append('too_short_password')
if len(error_messages) > 0:
request.session['user.registration_nonmember_attempt'] = {
'name': request.POST['name'],
'email': request.POST['email']
}
return None, error_messages
user = User(identifier=request.POST['email'], email=request.POST['email'])
user.first_name, user.last_name = request.POST['name'].rsplit(maxsplit=1)
user.set_consent_accepted_privacy_policy_date(None, False)
user.set_password(request.POST['password'])
user.save()
user.set_consent_dnt(
Forening.DNT_CENTRAL_ID,
'email',
True if request.POST.get('consent-dnt-communication-email') else False,
save=True,
)
authenticate(user=user)
log_user_in(request, user)
try:
message = render_to_string('common/user/login/registered_nonmember_email.txt', request=request)
send_mail(EMAIL_REGISTERED_SUBJECT, message, settings.DEFAULT_FROM_EMAIL, [user.get_email()])
except (SMTPException, SSLError, UnicodeEncodeError):
# Silently log and ignore this error. Consider warning the user that the email wasn't sent?
logger.warning(
"Klarte ikke å sende registreringskvitteringepost",
exc_info=sys.exc_info(),
extra={'request': request}
)
return user, None
def login_chosen_user(request):
if 'authenticated_users' not in request.session:
return redirect('user:login.login')
if 'user' not in request.POST:
del request.session['authenticated_users']
return redirect('user:login.login')
# Verify that the user authenticated for this user
if not int(request.POST['user']) in request.session['authenticated_users']:
del request.session['authenticated_users']
return redirect('user:login.login')
# All is swell, log the user in
user = User.get_users(include_pending=True).get(id=request.POST['user'], is_inactive=False)
user = authenticate(user=user)
log_user_in(request, user)
del request.session['authenticated_users']
if request.session.get('OAuth-authorization'):
try:
o = urlparse(request.GET.get('next', None))
client_id = [a[1] for a in parse_qsl(o.query) if a[0] == 'client_id'][0]
user.last_login_oauth_date = datetime.now()
user.save()
log, created = UserOauthActiveLog.objects.get_or_create(
user=user,
oauth_client_id=client_id,
defaults={
'first_date': user.last_login_oauth_date,
'last_date': user.last_login_oauth_date
})
if not created:
log.last_date = user.last_login_oauth_date
log.save()
except:
pass
else:
user.last_login_site_date = datetime.now()
user.save()
if request.site.is_central():
return redirect(request.GET.get('next', reverse('user:home')))
else:
if 'sso_checked' in request.session:
del request.session['sso_checked']
return redirect(sso_login_url(
request.site,
request.user,
request.GET.get('next', reverse('user:home')),
))
def attempt_registration(request):
# Check that the password is long enough
if len(request.POST['password']) < settings.USER_PASSWORD_LENGTH:
return None, 'too_short_password'
# Check that the email address is valid
if not validator.email(request.POST['email']):
return None, 'invalid_email'
try:
user = verify_memberid(
ip_address=request.META['REMOTE_ADDR'],
memberid=request.POST['memberid'],
country_code=request.POST['country'],
zipcode=request.POST['zipcode'],
)
if not user.is_inactive:
return None, 'user_exists'
user.set_contact_info({'email': request.POST['email'].strip()})
user.is_inactive = False
user.activated = datetime.now()
user.set_consent_accepted_privacy_policy_date(None, False)
user.set_password(request.POST['password'])
user.save()
authenticate(user=user)
log_user_in(request, user)
try:
message = render_to_string('common/user/login/registered_email.txt', request=request)
send_mail(EMAIL_REGISTERED_SUBJECT, message, settings.DEFAULT_FROM_EMAIL, [user.get_email()])
except (SMTPException, SSLError, UnicodeEncodeError):
# Silently log and ignore this error. Consider warning the user that the email wasn't sent?
logger.warning(
"Klarte ikke å sende registreringskvitteringepost",
exc_info=sys.exc_info(),
extra={'request': request}
)
return user, None
except MemberidLookupsExceeded:
return None, 'memberid_lookups_exceeded'
except CountryDoesNotExist:
raise PermissionDenied
except (NoMatchingMemberid, ActorIsNotPersonalMember, ValueError):
return None, 'invalid_memberid'
def restore_password(request, key):
users = User.get_users(include_pending=True).filter(password_restore_key=key, is_inactive=False)
if len(users) == 0:
context = {
'no_such_key': True,
'user_password_length': settings.USER_PASSWORD_LENGTH
}
return render(request, 'common/user/login/restore-password.html', context)
date_limit = datetime.now() - timedelta(hours=settings.RESTORE_PASSWORD_VALIDITY)
if any([u.password_restore_date < date_limit for u in users]):
# We've passed the deadline for key validity
context = {
'key_expired': True,
'validity_period': settings.RESTORE_PASSWORD_VALIDITY,
'user_password_length': settings.USER_PASSWORD_LENGTH
}
return render(request, 'common/user/login/restore-password.html', context)
# Passed all tests, looks like we're ready to reset the password
if request.method == 'GET':
context = {
'ready': True,
'key': key,
'user_password_length': settings.USER_PASSWORD_LENGTH
}
return render(request, 'common/user/login/restore-password.html', context)
elif request.method == 'POST':
if request.POST['password'] != request.POST['password-repeat'] or \
len(request.POST['password']) < settings.USER_PASSWORD_LENGTH:
context = {
'ready': True,
'key': key,
'user_password_length': settings.USER_PASSWORD_LENGTH,
'unacceptable_password': True
}
return render(request, 'common/user/login/restore-password.html', context)
# Everything is in order. Reset the password.
for user in users:
user.set_password(request.POST['password'])
user.password_restore_key = None
user.password_restore_date = None
user.save()
# Log the user in automatically
user = authenticate(user=user)
log_user_in(request, user)
messages.info(request, 'password_reset_success')
return redirect('user:home')
def attempt_login(request):
matches = authenticate_users(request.POST['email'], request.POST['password'])
if len(matches) == 1:
# Exactly one match, cool, just authenticate the user
user = authenticate(user=matches[0])
log_user_in(request, user)
return matches, None
elif len(matches) > 1:
# Multiple matches, let the caller handle this
return matches, None
elif len(matches) == 0:
# Invalid credentials
return matches, 'invalid_credentials'
def attempt_registration_nonmember(request):
error_messages = []
# Check that name is provided
if not validator.name(request.POST['name']):
error_messages.append('invalid_name')
# Check that the email address is valid
if not validator.email(request.POST['email']):
error_messages.append('invalid_email')
# Check that the email address isn't in use
if User.objects.filter(identifier=request.POST['email']).exists():
error_messages.append('email_exists')
# Check that the password is long enough
if len(request.POST['password']) < settings.USER_PASSWORD_LENGTH:
error_messages.append('too_short_password')
if len(error_messages) > 0:
request.session['user.registration_nonmember_attempt'] = {
'name': request.POST['name'],
'email': request.POST['email']
}
return None, error_messages
user = User(identifier=request.POST['email'], email=request.POST['email'])
user.first_name, user.last_name = request.POST['name'].rsplit(' ', 1)
user.set_password(request.POST['password'])
user.save()
authenticate(user=user)
log_user_in(request, user)
try:
t = loader.get_template('common/user/login/registered_nonmember_email.txt')
c = RequestContext(request)
send_mail(EMAIL_REGISTERED_SUBJECT, t.render(c), settings.DEFAULT_FROM_EMAIL, [user.get_email()])
except (SMTPException, SSLError):
# Silently log and ignore this error. Consider warning the user that the email wasn't sent?
logger.warning(u"Klarte ikke å sende registreringskvitteringepost",
exc_info=sys.exc_info(),
extra={'request': request}
)
return user, None
def login(request):
form = LoginForm()
user = None
if request.method == 'POST':
form = LoginForm(request.POST)
if form.is_valid():
username = form.cleaned_data['username']
password = form.cleaned_data['password']
user = authenticate(username=username, password=password)
if user is not None:
log_user_in(request, user)
return redirect('dashboard:home')
return render(request, "authentication/login.html", {
'form': form,
'user': user
})
def single_signon_return(request):
"""
This view applies only on local sites.
This is where the user is returned after a `single_signon_check` on the
central site. If the user returned with auth data, it is verified and the
user is automatically signed on. If not, the user is sent back to the login
view with 'sso_checked' set in session to avoid repeating the auth check.
"""
if request.site.is_central():
raise PermissionDenied
if 'next' not in request.GET:
raise PermissionDenied
if not all([key in request.GET for key in ['user_id', 'hmac']]):
# User was not authenticated, save the value and let them authenticate
# locally
request.session['sso_checked'] = True
return redirect('%s?next=%s' % (
reverse('user:login.login'),
request.GET['next'],
))
else:
# User is authenticated - verify the message and authenticate them here
user_id = request.GET['user_id']
user_id_bytes = user_id.encode('ascii')
calculated_hmac_b64 = calc_hmac_b64(user_id_bytes)
if calculated_hmac_b64 != request.GET['hmac']:
logger.warning(
"Single signon: Oppgitt hmac matcher ikke egenkalkulert hmac",
extra={
'provided_hmac': request.GET['hmac'],
'calculated_hmac': calculated_hmac_b64,
'user_id_bytes': user_id_bytes,
}
)
raise PermissionDenied
# HMAC was verified, now authenticate the user
user = User.objects.get(id=user_id)
user = authenticate(user=user)
log_user_in(request, user)
return redirect(request.GET['next'])
def login_chosen_user(request):
if not 'authenticated_users' in request.session:
return redirect('user.login.views.login')
if not 'user' in request.POST:
del request.session['authenticated_users']
return redirect('user.login.views.login')
# Verify that the user authenticated for this user
if not int(request.POST['user']) in request.session['authenticated_users']:
del request.session['authenticated_users']
return redirect('user.login.views.login')
# All is swell, log the user in
user = User.get_users(include_pending=True).get(id=request.POST['user'], is_inactive=False)
user = authenticate(user=user)
log_user_in(request, user)
del request.session['authenticated_users']
return redirect(request.GET.get('next', reverse('user.views.home')))
def signon_login_chosen_user(request):
if not 'authenticated_users' in request.session or not 'dntconnect' in request.session:
raise PermissionDenied
if not 'user' in request.POST:
del request.session['authenticated_users']
return redirect('connect.views.signon_login')
# Verify that the user authenticated for this user
if not int(request.POST['user']) in request.session['authenticated_users']:
del request.session['authenticated_users']
return redirect('connect.views.signon_login')
# All is swell, log the user in
user = User.get_users(include_pending=True).get(id=request.POST['user'], is_inactive=False)
user = authenticate(user=user)
log_user_in(request, user)
add_signon_session_value(request, 'logget_inn')
del request.session['authenticated_users']
return redirect('connect.views.signon_complete')
def register(request, success_url='/accounts/register/complete/',
template_name='openid_register.html', already_registered_url='/'):
"""
Allows a new user to register an account. A customised variation of the
view of the same name from django-registration.
Context::
form
The registration form
Template::
registration/registration_form.html (or template_name argument)
"""
if request.method == 'POST':
form = SSORegistrationForm(request.POST)
if form.is_valid():
new_user = form.save()
associate_openid( new_user, request.openid )
next = form.cleaned_data['next']
print 'next',next
# Unfortunately we have to annotate the user with the
# 'django.contrib.auth.backends.ModelBackend' backend, or stuff breaks
backend = load_backend('django.contrib.auth.backends.ModelBackend')
new_user.backend = '%s.%s' % (
backend.__module__, backend.__class__.__name__
)
log_user_in(request, new_user)
return HttpResponseRedirect(next or success_url)
else:
if request.user.is_authenticated():
return HttpResponseRedirect( already_registered_url )
form = SSORegistrationForm(initial={'next':request.GET.get('next','')})
return render_to_response(template_name, { 'form': form },
context_instance=RequestContext(request))
def login_as(request, login_as_user_id):
if request.session.get('login_as_original_user', False):
messages.info(request, 'login_as_user_is_already_active')
return redirect('admin:users.show', login_as_user_id)
if not request.user.has_perm('sherpa/admin') or request.method != 'POST':
raise PermissionDenied
original_user_id = request.user.id
original_aktiv_forening = request.session.get('active_forening')
try:
login_user = User.objects.get(pk=login_as_user_id)
auth_user = authenticate(user=login_user)
log_user_in(request, auth_user)
except User.DoesNotExist:
messages.info(request, 'unable_to_login_as_user')
return redirect('admin:users.show', login_as_user_id)
request.session['login_as_original_user'] = original_user_id
request.session['login_as_original_active_forening'] = (
original_aktiv_forening)
return redirect('user:home')
def register(request):
form = RegistrationForm()
if request.method == 'POST':
form = RegistrationForm(request.POST)
if form.is_valid():
user = User.objects.create_user(
username=form.cleaned_data['username'],
email=form.cleaned_data['email'],
password=form.cleaned_data['password1']
)
log_user_in(request, user)
# Check for any GameMemberships they might have and convert to User references
memberships = GameMembership.objects.filter(email=user.email)
if memberships:
for membership in memberships:
membership.user = user
membership.email = None
membership.save()
return redirect('dashboard:home')
return render(request, "authentication/register.html", {
'form': form,
})
def restore_login_as(request):
if not request.session.get('login_as_original_user', False):
raise Http404
# Attempt to restore original user login
current_user_id = request.user.id
restore_user_id = request.session['login_as_original_user']
restore_aktiv_forening = (
request.session.get('login_as_original_active_forening'))
try:
login_user = User.objects.get(pk=restore_user_id)
auth_user = authenticate(user=login_user)
log_user_in(request, auth_user)
except User.DoesNotExist:
# If restoring original user fails, logout!
log_user_out(request)
return redirect('cms:page')
# Restore aktiv forening
request.session['active_forening'] = restore_aktiv_forening
# Redirect user to referer (now as the original user)
return redirect('admin:users.show', current_user_id)
def processlogin(request):
form = forms.LoginForm()
if request.method == 'POST':
form = forms.LoginForm(request.POST)
if form.is_valid():
print("FORM VALIDATION SUCCESS!")
print("User name is: " + form.cleaned_data['username'])
print("Now we validate user...")
user = authenticate(username=form.cleaned_data['username'],
password=form.cleaned_data['password'])
if user is not None:
print("This is a valid user!")
print("logging user in...")
log_user_in(
request,
user) #this is login function renamed to log_user_in
print("Done logging user in")
return HttpResponseRedirect(
'http://localhost:8000/') # Static reference!!!
else:
print("INVALID USER!")
else:
print("FORM DATA INVALID!")
return render(request, 'user/login.html', {'form': form})
