def loginuser(request):
""" Renders the user login page(main page)."""
# ensure that the request is valid, otherwise raise
assert isinstance(request, HttpRequest)
# if we go to the main page, we need to ensure
# we log out the user for security reasons.
logout(request)
# override the form object with our custom one
authbackend = UserAuthBackend()
authForm = RegisterUserAuthenticationForm()
# the user has submitted the form.
if request.method == 'POST':
email = request.POST['email']
# verify if user is valid
user = authbackend.get_user(email)
userSalt = authbackend.get_user_salt(email)
if userSalt != '':
return render(
request,
'app/loginverify.html',
context_instance = RequestContext(request,
{
# pass all required variables to the login verify form
'title':'Enter your Password.',
'form': authForm,
# for the copyright note in the footer
'year': date.today().year,
'salt' : userSalt,
'email' : email
})
)
return render(
request,
'app/loginuser.html',
context_instance = RequestContext(request,
{
'title':'Welcome To CryptoStorage. Please Log In',
# override the value of form
'form': authForm,
# for the copyright note in the footer
'year': date.today().year
})
)
def authenticate(self,request):
""" check validation of user authentication """
# fetch data from the post
email = request.POST['email']
generated_hash = request.POST['hash']
data_returned = {'user': None, 'error':''}
# our custom authentication
authbackend = UserAuthBackend()
user = authbackend.get_user(email)
if user is not None:
if authbackend.confirm_login_allowed(user):
if authbackend.authenticate_hash(email=email,generatedHash=generated_hash):
# authenticated successfully.
data_returned['user'] = user
else:
data_returned['error'] = 'The user and password do not match'
else:
data_returned['error'] = 'The user is locked for security reasons. ' \
'Please contact customer service.'
else:
data_returned['error'] = 'The user and password do not match'
return data_returned
def loginverify(request):
"""
a client/server handshake page for verifying and
authenticating the user.
"""
# ensure that the request is valid, otherwise raise
assert isinstance(request, HttpRequest)
# create the authentication form object
authForm = RegisterUserAuthenticationForm(request.POST or None)
# initialize fields for form
userSalt = ''
email = ''
error = ''
file_security_properties = ''
if request.method == 'POST':
valid_form = authForm.is_valid()
auth_valid = authForm.authenticate(request)
# populate fields for form usage
email = request.POST['email']
authbackend = UserAuthBackend()
userSalt = authbackend.get_user_salt(email)
# check if all authentication is ok
# display form errors if necessary
error = auth_valid['error']
# authenticate if any error or user was not found
if auth_valid['error'] == '' or auth_valid['user'] is not None:
login(request,auth_valid['user'])
return render(
request,
"app/usermain.html",
context_instance = RequestContext(request,
{
'title':'Home CryptoStorage',
'user': request.user,
# for the copyright note in the footer
'year': date.today().year
})
)
else:
return render(
request,
'app/loginuser.html',
context_instance = RequestContext(request,
{
'title':'Welcome To CryptoStorage. Please Log In',
'error': error,
# override the value of form
'form': authForm,
# for the copyright note in the footer
'year': date.today().year
})
)
else:
return render(
request,
'app/loginuser.html',
context_instance = RequestContext(request,
{
'title':'Welcome To CryptoStorage. Please Log In',
'error': error,
# override the value of form
'form': authForm,
# for the copyright note in the footer
'year': date.today().year
})
)
return render(
request,
"app/loginverify.html",
context_instance = RequestContext(request,
{
'title':'Enter your Password.',
# for the copyright note in the footer
'year': date.today().year,
'salt' : userSalt,
'email' : email,
'form': authForm
})
)
