def dev_direct_login( request: HttpRequest, next: str = REQ(default="/"), ) -> HttpResponse: # This function allows logging in without a password and should only be called # in development environments. It may be called if the DevAuthBackend is included # in settings.AUTHENTICATION_BACKENDS if (not dev_auth_enabled()) or settings.PRODUCTION: # This check is probably not required, since authenticate would fail without # an enabled DevAuthBackend. return config_error(request, "dev") subdomain = get_subdomain(request) realm = get_realm(subdomain) if request.POST.get("prefers_web_public_view") == "Anonymous login": redirect_to = get_safe_redirect_to(next, realm.uri) return HttpResponseRedirect(redirect_to) email = request.POST["direct_email"] user_profile = authenticate(dev_auth_username=email, realm=realm) if user_profile is None: return config_error(request, "dev") assert isinstance(user_profile, UserProfile) do_login(request, user_profile) redirect_to = get_safe_redirect_to(next, user_profile.realm.uri) return HttpResponseRedirect(redirect_to)
def realm_redirect(request: HttpRequest, next: str = REQ(default="")) -> HttpResponse: if request.method == "POST": form = RealmRedirectForm(request.POST) if form.is_valid(): subdomain = form.cleaned_data["subdomain"] realm = get_realm(subdomain) redirect_to = get_safe_redirect_to(next, realm.uri) return HttpResponseRedirect(redirect_to) else: form = RealmRedirectForm() return render(request, "zerver/realm_redirect.html", context={"form": form})
def realm_redirect(request: HttpRequest) -> HttpResponse: if request.method == 'POST': form = RealmRedirectForm(request.POST) if form.is_valid(): subdomain = form.cleaned_data['subdomain'] realm = get_realm(subdomain) redirect_to = get_safe_redirect_to(request.GET.get("next", ""), realm.uri) return HttpResponseRedirect(redirect_to) else: form = RealmRedirectForm() return render(request, 'zerver/realm_redirect.html', context={'form': form})
def realm_redirect(request: HttpRequest) -> HttpResponse: if request.method == 'POST': form = RealmRedirectForm(request.POST) if form.is_valid(): subdomain = form.cleaned_data['subdomain'] realm = get_realm(subdomain) redirect_to = get_safe_redirect_to(request.GET.get("next", ""), realm.uri) return HttpResponseRedirect(redirect_to) else: form = RealmRedirectForm() return render(request, 'zerver/realm_redirect.html', context={'form': form})
def home_real(request: HttpRequest) -> HttpResponse: # Before we do any real work, check if the app is banned. client_user_agent = request.META.get("HTTP_USER_AGENT", "") (insecure_desktop_app, banned_desktop_app, auto_update_broken) = is_outdated_desktop_app(client_user_agent) if banned_desktop_app: return render( request, "zerver/insecure_desktop_app.html", context={ "auto_update_broken": auto_update_broken, }, ) (unsupported_browser, browser_name) = is_unsupported_browser(client_user_agent) if unsupported_browser: return render( request, "zerver/unsupported_browser.html", context={ "browser_name": browser_name, }, ) # We need to modify the session object every two weeks or it will expire. # This line makes reloading the page a sufficient action to keep the # session alive. request.session.modified = True if request.user.is_authenticated: user_profile = request.user realm = user_profile.realm # User is logged in and hence no longer `prefers_web_public_view`. if "prefers_web_public_view" in request.session.keys(): del request.session["prefers_web_public_view"] else: realm = get_valid_realm_from_request(request) # TODO: Ideally, we'd open Zulip directly as a spectator if # the URL had clicked a link to content on a web-public # stream. We could maybe do this by parsing `next`, but it's # not super convenient with Zulip's hash-based URL scheme. # The "Access without an account" button on the login page # submits a POST to this page with this hidden field set. if request.POST.get("prefers_web_public_view") == "true": request.session["prefers_web_public_view"] = True # We serve a redirect here, rather than serving a page, to # avoid browser "Confirm form resubmission" prompts on reload. redirect_to = get_safe_redirect_to(request.POST.get("next"), realm.uri) return redirect(redirect_to) prefers_web_public_view = request.session.get( "prefers_web_public_view") if not prefers_web_public_view: # For users who haven't opted into the spectator # experience, we redirect to the login page. return zulip_redirect_to_login(request, settings.HOME_NOT_LOGGED_IN) # For users who have selected public access, we load the # spectator experience. We fall through to the shared code # for loading the application, with user_profile=None encoding # that we're a spectator, not a logged-in user. user_profile = None update_last_reminder(user_profile) statsd.incr("views.home") # If a user hasn't signed the current Terms of Service, send them there if need_accept_tos(user_profile): return accounts_accept_terms(request) narrow, narrow_stream, narrow_topic = detect_narrowed_window( request, user_profile) if user_profile is not None: first_in_realm = realm_user_count(user_profile.realm) == 1 # If you are the only person in the realm and you didn't invite # anyone, we'll continue to encourage you to do so on the frontend. prompt_for_invites = (first_in_realm and not PreregistrationUser.objects.filter( referred_by=user_profile).count()) needs_tutorial = user_profile.tutorial_status == UserProfile.TUTORIAL_WAITING else: first_in_realm = False prompt_for_invites = False # The current tutorial doesn't super make sense for logged-out users. needs_tutorial = False queue_id, page_params = build_page_params_for_home_page_load( request=request, user_profile=user_profile, realm=realm, insecure_desktop_app=insecure_desktop_app, narrow=narrow, narrow_stream=narrow_stream, narrow_topic=narrow_topic, first_in_realm=first_in_realm, prompt_for_invites=prompt_for_invites, needs_tutorial=needs_tutorial, ) log_data = RequestNotes.get_notes(request).log_data assert log_data is not None log_data["extra"] = f"[{queue_id}]" csp_nonce = secrets.token_hex(24) user_permission_info = get_user_permission_info(user_profile) response = render( request, "zerver/app/index.html", context={ "user_profile": user_profile, "page_params": page_params, "csp_nonce": csp_nonce, "color_scheme": user_permission_info.color_scheme, }, ) patch_cache_control(response, no_cache=True, no_store=True, must_revalidate=True) return response