def password_forgotten_view(request):
"""
forgotten password view and submit.
includes return_url
"""
from helios_auth.view_utils import render_template
from helios_auth.models import User
if request.method == "GET":
return render_template(request, 'password/forgot', {'return_url': request.GET.get('return_url', '')})
else:
username = request.POST['username']
return_url = request.POST['return_url']
try:
user = User.get_by_type_and_id('password', username)
except User.DoesNotExist:
return render_template(request, 'password/forgot', {'return_url': request.GET.get('return_url', ''), 'error': 'no such username'})
body = """
This is a password reminder:
Your username: %s
Your password: %s
--
%s
""" % (user.user_id, user.info['password'], settings.SITE_TITLE)
# FIXME: make this a task
send_mail('password reminder', body, settings.SERVER_EMAIL, ["%s <%s>" % (user.info['name'], user.info['email'])], fail_silently=False)
return HttpResponseRedirect(return_url)
def password_forgotten_view(request):
"""
forgotten password view and submit.
includes return_url
"""
from helios_auth.view_utils import render_template
from helios_auth.models import User
if request.method == "GET":
return render_template(request, 'password/forgot', {'return_url': request.GET.get('return_url', '')})
else:
username = request.POST['username']
return_url = request.POST['return_url']
try:
user = User.get_by_type_and_id('password', username)
except User.DoesNotExist:
return render_template(request, 'password/forgot', {'return_url': request.GET.get('return_url', ''), 'error': 'no such username'})
body = """
This is a password reminder:
Your username: %s
Your password: %s
--
%s
""" % (user.user_id, user.info['password'], settings.SITE_TITLE)
# FIXME: make this a task
send_mail('password reminder', body, settings.SERVER_EMAIL, ["%s <%s>" % (user.info['name'], user.info['email'])], fail_silently=False)
return HttpResponseRedirect(return_url)
def password_forgotten_view(request):
"""
forgotten password view and submit.
includes return_url
"""
from helios_auth.view_utils import render_template
from helios_auth.models import User
if request.method == "GET":
return render_template(
request,
"password/forgot",
{"return_url": request.GET.get("return_url", "")},
)
else:
username = request.POST["username"]
return_url = request.POST["return_url"]
try:
user = User.get_by_type_and_id("password", username)
except User.DoesNotExist:
return render_template(
request,
"password/forgot",
{
"return_url": request.GET.get("return_url", ""),
"error": "no such username",
},
)
body = """
This is a password reminder:
Your username: %s
Your password: %s
--
%s
""" % (
user.user_id,
user.info["password"],
settings.SITE_TITLE,
)
# FIXME: make this a task
send_mail(
"password reminder",
body,
settings.SERVER_EMAIL,
["%s <%s>" % (user.info["name"], user.info["email"])],
fail_silently=False,
)
return HttpResponseRedirect(return_url)
def password_forgotten_view(request):
"""
forgotten password view and submit.
includes return_url
"""
from helios_auth.view_utils import render_template
from helios_auth.models import User
if request.method == "GET":
return render_template(request, "password/forgot", {"return_url": request.GET.get("return_url", "")})
else:
username = request.POST["username"]
return_url = request.POST["return_url"]
try:
user = User.get_by_type_and_id("password", username)
except User.DoesNotExist:
return render_template(
request,
"password/forgot",
{"return_url": request.GET.get("return_url", ""), "error": "no such username"},
)
body = """
This is a password reminder:
Your username: %s
Your password: %s
--
%s
""" % (
user.user_id,
user.info["password"],
settings.SITE_TITLE,
)
# FIXME: make this a task
send_mail(
"password reminder",
body,
settings.SERVER_EMAIL,
["%s <%s>" % (user.info["name"], user.info["email"])],
fail_silently=False,
)
return HttpResponseRedirect(return_url)
def password_login_view(request):
from helios_auth.view_utils import render_template
from helios_auth.views import after
from helios_auth.models import User
error = None
if request.method == "GET":
form = LoginForm()
else:
form = LoginForm(request.POST)
# set this in case we came here straight from the multi-login chooser
# and thus did not have a chance to hit the "start/password" URL
request.session["auth_system_name"] = "password"
if "return_url" in request.POST:
request.session["auth_return_url"] = request.POST.get("return_url")
if form.is_valid():
username = form.cleaned_data["username"].strip()
password = form.cleaned_data["password"].strip()
try:
user = User.get_by_type_and_id("password", username)
if password_check(user, password):
request.session["password_user_id"] = user.user_id
return HttpResponseRedirect(reverse(url_names.AUTH_AFTER))
except User.DoesNotExist:
pass
error = "Bad Username or Password"
return render_template(request, "password/login", {
"form": form,
"error": error
})
def password_login_view(request):
from helios_auth.view_utils import render_template
from helios_auth.views import after
from helios_auth.models import User
error = None
if request.method == "GET":
form = LoginForm()
else:
form = LoginForm(request.POST)
# set this in case we came here straight from the multi-login chooser
# and thus did not have a chance to hit the "start/password" URL
request.session['auth_system_name'] = 'password'
if request.POST.has_key('return_url'):
request.session['auth_return_url'] = request.POST.get('return_url')
if form.is_valid():
username = form.cleaned_data['username'].strip()
password = form.cleaned_data['password'].strip()
try:
user = User.get_by_type_and_id('password', username)
if password_check(user, password):
request.session['password_user'] = user
return HttpResponseRedirect(reverse(after))
except User.DoesNotExist:
pass
error = 'Bad Username or Password'
return render_template(request, 'password/login', {
'form': form,
'error': error
})
def elections(request):
user = require_admin(request)
page = int(request.GET.get("page", 1))
limit = int(request.GET.get("limit", 25))
q = request.GET.get("q", "")
elections = Election.objects.filter(name__icontains=q)
elections.all().order_by("-created_at")
elections_paginator = Paginator(elections, limit)
elections_page = elections_paginator.page(page)
total_elections = elections_paginator.count
return render_template(
request,
"stats_elections",
{
"elections": elections_page.object_list,
"elections_page": elections_page,
"limit": limit,
"total_elections": total_elections,
"q": q,
},
)
def password_login_view(request):
from helios_auth.view_utils import render_template
from helios_auth.views import after
from helios_auth.models import User
error = None
if request.method == "GET":
form = LoginForm()
else:
form = LoginForm(request.POST)
# set this in case we came here straight from the multi-login chooser
# and thus did not have a chance to hit the "start/password" URL
request.session['auth_system_name'] = 'password'
if request.POST.has_key('return_url'):
request.session['auth_return_url'] = request.POST.get('return_url')
if form.is_valid():
username = form.cleaned_data['username'].strip()
password = form.cleaned_data['password'].strip()
try:
user = User.get_by_type_and_id('password', username)
if password_check(user, password):
request.session['password_user_id'] = user.user_id
return HttpResponseRedirect(reverse(after))
except User.DoesNotExist:
pass
error = 'Bad Username or Password'
return render_template(request, 'password/login', {'form': form, 'error': error})
def follow_view(request):
if request.method == "GET":
from helios_auth.view_utils import render_template
from helios_auth.views import after
return render_template(request, 'twitter/follow', {
'user_to_follow': USER_TO_FOLLOW,
'reason_to_follow': REASON_TO_FOLLOW
})
if request.method == "POST":
follow_p = bool(request.POST.get('follow_p', False))
if follow_p:
from helios_auth.security import get_user
user = get_user(request)
twitter_client = _get_client_by_token(user.token)
result = twitter_client.oauth_request(
'http://api.twitter.com/1/friendships/create.json',
args={'screen_name': USER_TO_FOLLOW},
method='POST')
from helios_auth.views import after_intervention
return HttpResponseRedirect(reverse(after_intervention))
def follow_view(request):
if request.method == "GET":
from helios_auth.view_utils import render_template
from helios_auth.views import after
return render_template(
request,
"twitter/follow",
{"user_to_follow": USER_TO_FOLLOW, "reason_to_follow": REASON_TO_FOLLOW},
)
if request.method == "POST":
follow_p = bool(request.POST.get("follow_p", False))
if follow_p:
from helios_auth.security import get_user
user = get_user(request)
twitter_client = _get_client_by_token(user.token)
result = twitter_client.oauth_request(
"http://api.twitter.com/1/friendships/create.json",
args={"screen_name": USER_TO_FOLLOW},
method="POST",
)
from helios_auth.url_names import AUTH_AFTER_INTERVENTION
return HttpResponseRedirect(reverse(AUTH_AFTER_INTERVENTION))
def ldap_login_view(request):
from helios_auth.view_utils import render_template
from helios_auth.views import after
error = None
if request.method == "GET":
form = LoginForm()
else:
form = LoginForm(request.POST)
request.session["auth_system_name"] = "ldap"
if request.POST.has_key("return_url"):
request.session["auth_return_url"] = request.POST.get("return_url")
if form.is_valid():
username = form.cleaned_data["username"].strip()
password = form.cleaned_data["password"].strip()
auth = backend.CustomLDAPBackend()
user = auth.authenticate(username, password)
if user:
request.session["ldap_user"] = {"user_id": user.email, "name": user.first_name + " " + user.last_name}
return HttpResponseRedirect(reverse(after))
else:
error = "Bad Username or Password"
return render_template(
request,
"ldapauth/login",
{"form": form, "error": error, "enabled_auth_systems": settings.AUTH_ENABLED_AUTH_SYSTEMS},
)
def login_view(request):
# imports are here because putting them in the header prevents
# initialization of the database
from helios_auth.view_utils import render_template
from helios_auth.views import after
from helios_auth.models import User
if request.method == "GET":
form = LoginForm()
else:
form = LoginForm(request.POST)
request.session['auth_system_name'] = 'dummy'
if request.POST.has_key('return_url'):
request.session['auth_return_url'] = request.POST.get('return_url')
if form.is_valid():
name = form.cleaned_data['username'].strip()
admin_p = form.cleaned_data['admin_p']
user_obj = User.update_or_create(user_type='dummy', user_id=name, name=name, info={})
if user_obj.admin_p != admin_p:
user_obj.admin_p = admin_p
user_obj.save()
request.session['dummy_user'] = name
return HttpResponseRedirect(reverse(after))
return render_template(request, 'dummy/login', {'form': form})
def shibboleth_register(request):
from helios_auth.view_utils import render_template
from helios_auth.views import after
shib_attrs, errors = parse_attributes(request.META)
if errors:
return render_template(request, "shibboleth/missing_attributes", {"errors": errors})
if shib_attrs:
request.session["shib_attrs"] = shib_attrs
return HttpResponseRedirect(reverse(after))
else:
error = _("Bad Username or Password")
return render_template(request, "shibboleth/login_box", {"error": error})
def shibboleth_login_view(request):
from helios_auth.view_utils import render_template
error = None
return render_template(
request, "shibboleth/login_box", {"error": error, "enabled_auth_systems": settings.AUTH_ENABLED_AUTH_SYSTEMS}
)
def shibboleth_login_view(request):
from helios_auth.view_utils import render_template
error = None
return render_template(request, 'shibboleth/login_box', {
'error': error,
'enabled_auth_systems': settings.AUTH_ENABLED_AUTH_SYSTEMS,
})
def shibboleth_login_view(request):
from helios_auth.view_utils import render_template
error = None
return render_template(
request, 'shibboleth/login_box', {
'error': error,
'enabled_auth_systems': settings.AUTH_ENABLED_AUTH_SYSTEMS,
})
def shibboleth_register(request):
from helios_auth.view_utils import render_template
from helios_auth.views import after
shib_attrs, errors = parse_attributes(request.META)
if errors:
return render_template(request, 'shibboleth/missing_attributes', {
'errors': errors,
})
if shib_attrs:
request.session['shib_attrs'] = shib_attrs
return HttpResponseRedirect(reverse(after))
else:
error = _('Bad Username or Password')
return render_template(request, 'shibboleth/login_box', {
'error': error,
})
def shibboleth_register(request):
from helios_auth.view_utils import render_template
from helios_auth.views import after
shib_attrs, errors = parse_attributes(request.META)
if errors:
return render_template(request, 'shibboleth/missing_attributes', {
'errors': errors,
})
if shib_attrs:
request.session['shib_attrs'] = shib_attrs
return HttpResponseRedirect(reverse(after))
else:
error = _('Bad Username or Password')
return render_template(request, 'shibboleth/login_box', {
'error': error,
})
def recent_problem_elections(request):
user = require_admin(request)
# elections left unfrozen older than 1 day old (and younger than 10 days old, so we don't go back too far)
elections_with_problems = Election.objects.filter(
frozen_at=None,
created_at__gt=datetime.datetime.utcnow() -
datetime.timedelta(days=10),
created_at__lt=datetime.datetime.utcnow() - datetime.timedelta(days=1),
)
return render_template(request, "stats_problem_elections",
{"elections": elections_with_problems})
def recent_votes(request):
user = require_admin(request)
# elections with a vote in the last 24 hours, ordered by most recent cast vote time
# also annotated with number of votes cast in last 24 hours
elections_with_votes_in_24hours = (Election.objects.filter(
voter__castvote__cast_at__gt=datetime.datetime.utcnow() -
datetime.timedelta(days=1)).annotate(
last_cast_vote=Max("voter__castvote__cast_at"),
num_recent_cast_votes=Count("voter__castvote"),
).order_by("-last_cast_vote"))
return render_template(request, "stats_recent_votes",
{"elections": elections_with_votes_in_24hours})
def follow_view(request):
if request.method == "GET":
from helios_auth.view_utils import render_template
from helios_auth.views import after
return render_template(request, 'twitter/follow', {'user_to_follow': USER_TO_FOLLOW, 'reason_to_follow' : REASON_TO_FOLLOW})
if request.method == "POST":
follow_p = bool(request.POST.get('follow_p',False))
if follow_p:
from helios_auth.security import get_user
user = get_user(request)
twitter_client = _get_client_by_token(user.token)
result = twitter_client.oauth_request('http://api.twitter.com/1/friendships/create.json', args={'screen_name': USER_TO_FOLLOW}, method='POST')
from helios_auth.views import after_intervention
return HttpResponseRedirect(reverse(after_intervention))
def ldap_login_view(request):
from helios_auth.view_utils import render_template
from helios_auth.views import after
from helios_auth.auth_systems.ldapbackend import backend
error = None
if request.method == "GET":
form = LoginForm()
else:
form = LoginForm(request.POST)
request.session['auth_system_name'] = 'ldap'
if request.POST.has_key('return_url'):
request.session['auth_return_url'] = request.POST.get('return_url')
if form.is_valid():
username = form.cleaned_data['username'].strip()
password = form.cleaned_data['password'].strip()
auth = backend.CustomLDAPBackend()
user = auth.authenticate(None,
username=username,
password=password)
if user:
request.session['ldap_user'] = {
'username': user.username,
'email': user.email,
'name': user.first_name + ' ' + user.last_name,
}
return HttpResponseRedirect(reverse(after))
else:
error = 'Bad Username or Password'
return render_template(
request, 'ldapauth/login', {
'form': form,
'error': error,
'enabled_auth_systems': settings.AUTH_ENABLED_AUTH_SYSTEMS,
})
def ldap_login_view(request):
from helios_auth.view_utils import render_template
from helios_auth.views import after
error = None
if request.method == "GET":
form = LoginForm()
else:
form = LoginForm(request.POST)
request.session['auth_system_name'] = 'ldap'
if request.POST.has_key('return_url'):
request.session['auth_return_url'] = request.POST.get('return_url')
if form.is_valid():
username = form.cleaned_data['username'].strip()
password = form.cleaned_data['password'].strip()
auth = backend.CustomLDAPBackend()
user = auth.authenticate(username, password)
if user:
request.session['ldap_user'] = {
'username': user.username,
'email': user.email,
'name': user.first_name + ' ' + user.last_name,
}
return HttpResponseRedirect(reverse(after))
else:
error = 'Bad Username or Password'
return render_template(request, 'ldapauth/login', {
'form': form,
'error': error,
'enabled_auth_systems': settings.AUTH_ENABLED_AUTH_SYSTEMS,
})
def home(request):
user = require_admin(request)
num_votes_in_queue = CastVote.objects.filter(invalidated_at=None,
verified_at=None).count()
return render_template(request, "stats",
{"num_votes_in_queue": num_votes_in_queue})
