Exemplo n.º 1
0
def login(request):
    form = request.POST

    ## If not using SSL, try redirecting.
    #if not request.is_secure():
        #url = 'https' + request.build_absolute_uri()[4:]
        #return HttpResponseRedirect(url)

    # First try SSL Authentication
    user = auth.authenticate(request=request)

    # Otherwise, treat this like a text login and show the login page if
    # necessary.
    if user is None:
        # If the user isn't trying to log in, then just display the login page.
        if not form.get('login', False):
            goto = request.GET.get('goto', None)
            if not goto:
                # The Django login_required decorator passes 'next' as the
                # redirect, so we look for that if 'goto' is missing.
                goto = request.GET.get('next', None)
            context = RequestContext(request)
            return render_html_template('login.html', request,
                                        {'redirect_to': goto},
                                        context_instance=context)
        # Check if the username and password are correct.
        user = auth.authenticate(username=form.get('username', ''),
                                 password=form.get('password', ''))

    # If the username/password are invalid or SSL authentication failed tell
    # the user to try again.
    error_message = ''
    if user is None:
        error_message = 'Invalid username/password.'

    # If the user account is disabled, then no dice.
    elif not user.is_active:
        error_message = ('The user account for <tt>%s</tt> has been disabled.' %
                         user.username)
    if error_message:
        return render_html_template('login.html', request,
                                    {'error_message': error_message,
                                     'redirect_to': form.get('goto', None)},
                                    context_instance=RequestContext(request))

    # Otherwise, we're good to go, so log the user in.
    auth.login(request, user)

    # hack to try to pass them back to http land
    default_route = get_default_route()
    goto = request.REQUEST.get('goto', default_route)

    # hack to prevent infinite loop.
    if goto == '':
        goto = default_route

    if goto.startswith('https'):
        goto = goto.replace('^https', 'http')

    return HttpResponseRedirect(goto)
Exemplo n.º 2
0
def logout(request):
    auth.logout(request)
    # TODO(rryan) remove aenclave specificity
    default_route = get_default_route()
    goto = request.REQUEST.get('goto', default_route)
    return HttpResponseRedirect(goto)