def handle(self, request):
     next = request.GET.get(REDIRECT_FIELD_NAME, '')
     if not is_safe_url(next, host=request.get_host()):
         next = auth.get_login_url()
     logout(request)
     request.user = AnonymousUser()
     return self.redirect(next)
Exemplo n.º 2
0
def auth(request, backend):
    """Authenticate using social backend"""
    data = request.POST if request.method == "POST" else request.GET

    # Save extra data into session.
    for field_name in setting("SOCIAL_AUTH_FIELDS_STORED_IN_SESSION", []):
        if field_name in data:
            request.session[field_name] = data[field_name]

    # Save any defined next value into session
    if REDIRECT_FIELD_NAME in data:
        # Check and sanitize a user-defined GET/POST next field value
        redirect = data[REDIRECT_FIELD_NAME]
        # NOTE: django-sudo's `is_safe_url` is much better at catching bad
        # redirections to different domains than social_auth's
        # `sanitize_redirect` call.
        if not is_safe_url(redirect, host=request.get_host()):
            redirect = DEFAULT_REDIRECT
        request.session[REDIRECT_FIELD_NAME] = redirect or DEFAULT_REDIRECT

    # Clean any partial pipeline info before starting the process
    clean_partial_pipeline(request)

    if backend.uses_redirect:
        return HttpResponseRedirect(backend.auth_url())
    else:
        return HttpResponse(backend.auth_html(), content_type="text/html;charset=UTF-8")
Exemplo n.º 3
0
def auth_process(request, backend):
    """Authenticate using social backend"""
    data = request.POST if request.method == 'POST' else request.GET

    # Save extra data into session.
    for field_name in setting('SOCIAL_AUTH_FIELDS_STORED_IN_SESSION', []):
        if field_name in data:
            request.session[field_name] = data[field_name]

    # Save any defined next value into session
    if REDIRECT_FIELD_NAME in data:
        # Check and sanitize a user-defined GET/POST next field value
        redirect = data[REDIRECT_FIELD_NAME]
        # NOTE: django-sudo's `is_safe_url` is much better at catching bad
        # redirections to different domains than social_auth's
        # `sanitize_redirect` call.
        if not is_safe_url(redirect, host=request.get_host()):
            redirect = DEFAULT_REDIRECT
        request.session[REDIRECT_FIELD_NAME] = redirect or DEFAULT_REDIRECT

    # Clean any partial pipeline info before starting the process
    clean_partial_pipeline(request)

    if backend.uses_redirect:
        return HttpResponseRedirect(backend.auth_url())
    else:
        return HttpResponse(backend.auth_html(),
                            content_type='text/html;charset=UTF-8')
Exemplo n.º 4
0
 def grant_sudo_privileges(self, request, redirect_to):
     grant_sudo_privileges(request)
     # Restore the redirect destination from the GET request
     redirect_to = request.session.pop(REDIRECT_TO_FIELD_NAME, redirect_to)
     # Double check we're not redirecting to other sites
     if not is_safe_url(url=redirect_to, host=request.get_host()):
         redirect_to = resolve_url(REDIRECT_URL)
     return HttpResponseRedirect(redirect_to)
Exemplo n.º 5
0
 def test_success(self):
     urls = (
         ('/', None),
         ('/foo/', None),
         ('/', 'example.com'),
         ('http://example.com/foo', 'example.com'),
     )
     for url in urls:
         self.assertTrue(is_safe_url(*url))
Exemplo n.º 6
0
 def grant_sudo_privileges(self, request, redirect_to):
     grant_sudo_privileges(request)
     # Restore the redirect destination from the GET request
     redirect_to = request.session.pop(REDIRECT_TO_FIELD_NAME,
                                       redirect_to)
     # Double check we're not redirecting to other sites
     if not is_safe_url(url=redirect_to, host=request.get_host()):
         redirect_to = resolve_url(REDIRECT_URL)
     return HttpResponseRedirect(redirect_to)
Exemplo n.º 7
0
 def test_failure(self):
     urls = (
         (None, None),
         ('', ''),
         ('http://mattrobenolt.com/', 'example.com'),
         ('///example.com/', None),
         ('ftp://example.com', 'example.com'),
         ('http://example.com\@mattrobenolt.com', 'example.com'),
         ('http:///example.com', 'example.com'),
         ('\x08//example.com', 'example.com'),
     )
     for url in urls:
         self.assertFalse(is_safe_url(*url))
Exemplo n.º 8
0
Arquivo: views.py Projeto: ob3/sentry
def disconnect(request, backend, association_id=None):
    """Disconnects given backend from current logged in user."""
    backend.disconnect(request.user, association_id)
    data = request.REQUEST
    if REDIRECT_FIELD_NAME in data:
        redirect = data[REDIRECT_FIELD_NAME]
        # NOTE: Django's `is_safe_url` is much better at catching bad
        # redirections to different domains than social_auth's
        # `sanitize_redirect` call.
        if not is_safe_url(redirect, host=request.get_host()):
            redirect = DEFAULT_REDIRECT
    else:
        redirect = backend_setting(backend, 'SOCIAL_AUTH_DISCONNECT_REDIRECT_URL')
        if not redirect:
            redirect = DEFAULT_REDIRECT
    return HttpResponseRedirect(redirect)
Exemplo n.º 9
0
    def handle(self, request, organization, project, group_id, slug):
        group = get_object_or_404(Group, pk=group_id, project=project)

        try:
            plugin = plugins.get(slug)
        except KeyError:
            raise Http404("Plugin not found")

        GroupMeta.objects.populate_cache([group])

        response = plugin.get_view_response(request, group)
        if response:
            return response

        redirect = request.META.get("HTTP_REFERER", "")
        if not is_safe_url(redirect, host=request.get_host()):
            redirect = u"/{}/{}/".format(organization.slug, group.project.slug)
        return HttpResponseRedirect(redirect)
Exemplo n.º 10
0
    def handle(self, request, organization, team, project, group_id, slug):
        group = get_object_or_404(Group, pk=group_id, project=project)

        try:
            plugin = plugins.get(slug)
        except KeyError:
            raise Http404('Plugin not found')

        GroupMeta.objects.populate_cache([group])

        response = plugin.get_view_response(request, group)
        if response:
            return response

        redirect = request.META.get('HTTP_REFERER', '')
        if not is_safe_url(redirect, host=request.get_host()):
            redirect = '/{}/{}/'.format(
                organization.slug,
                group.project.slug,
            )
        return HttpResponseRedirect(redirect)
Exemplo n.º 11
0
    def dispatch(self, request):
        redirect_to = request.GET.get(REDIRECT_FIELD_NAME, REDIRECT_URL)

        # Make sure we're not redirecting to other sites
        if not is_safe_url(url=redirect_to, host=request.get_host()):
            redirect_to = resolve_url(REDIRECT_URL)

        if request.is_sudo():
            return HttpResponseRedirect(redirect_to)

        if request.method == 'GET':
            request.session[REDIRECT_TO_FIELD_NAME] = redirect_to

        context = {
            'form': self.form_class(request.user, request.POST or None),
            'request': request,
            REDIRECT_FIELD_NAME: redirect_to,
        }
        if self.handle_sudo(request, redirect_to, context):
            return self.grant_sudo_privileges(request, redirect_to)
        if self.extra_context is not None:
            context.update(self.extra_context)
        return TemplateResponse(request, self.template_name, context)
Exemplo n.º 12
0
    def dispatch(self, request):
        redirect_to = request.GET.get(REDIRECT_FIELD_NAME, REDIRECT_URL)

        # Make sure we're not redirecting to other sites
        if not is_safe_url(url=redirect_to, host=request.get_host()):
            redirect_to = resolve_url(REDIRECT_URL)

        if request.is_sudo():
            return HttpResponseRedirect(redirect_to)

        if request.method == 'GET':
            request.session[REDIRECT_TO_FIELD_NAME] = redirect_to

        context = {
            'form': self.form_class(request.user, request.POST or None),
            'request': request,
            REDIRECT_FIELD_NAME: redirect_to,
        }
        if self.handle_sudo(request, redirect_to, context):
            return self.grant_sudo_privileges(request, redirect_to)
        if self.extra_context is not None:
            context.update(self.extra_context)
        return TemplateResponse(request, self.template_name, context)
Exemplo n.º 13
0
def is_valid_redirect(url, host=None):
    if not url:
        return False
    if url.startswith(get_login_url()):
        return False
    return is_safe_url(url, host=host)
Exemplo n.º 14
0
def is_valid_redirect(url, host=None):
    if not url:
        return False
    if url.startswith(get_login_url()):
        return False
    return is_safe_url(url, host=host)
Exemplo n.º 15
0
 def redirect(self, request):
     next = request.GET.get(REDIRECT_FIELD_NAME, '')
     if not is_safe_url(next, host=request.get_host()):
         next = auth.get_login_url()
     return super(AuthLogoutView, self).redirect(next)