def login_integrated(request, authentication_form=AuthenticationForm): """ Logs the user in with a CSRF exemption! This is used for integrated portal mode, when we allow subdomain-cross-site requests! """ if request.method == "POST": username = request.POST.get('username', None) password = request.POST.get('password', None) if not username or not password: return HttpResponseBadRequest('Missing POST parameters!') user = _get_integrated_user_validated(username, password) if user: # login auth_login(request, user) # apply language if sent lang = request.POST.get('lang', None) if lang: request.session['django_language'] = lang request.session.save() return redirect( safe_redirect(request.POST.get('next', '/'), request)) else: return HttpResponseNotAllowed( 'POST', content= 'Sorry, we could not connect your user account! Please contact an administrator!' ) else: raise Http404
def post(self, request, *args, **kwargs): next_url = _get_referer(request) or 'postman_inbox' """ This is all we wanted to do that we needed to override the postman views for """ pks = request.POST.get('pks', None) if pks is None: pks = [k.split('__')[1] for k,v in list(request.POST.items()) if 'delete_pk' in k and v=='true'] tpks = request.POST.get('tpks', None) if tpks is None: tpks = [k.split('__')[1] for k,v in list(request.POST.items()) if 'delete_tpk' in k and v=='true'] if pks or tpks: user = request.user filter = Q(pk__in=pks) | Q(thread__in=tpks) if self.recipient_only_field_bit: recipient_rows = Message.objects.as_recipient(user, filter).update(**{self.recipient_only_field_bit: self.field_value}) else: recipient_rows = Message.objects.as_recipient(user, filter).update(**{'recipient_{0}'.format(self.field_bit): self.field_value}) sender_rows = Message.objects.as_sender(user, filter).update(**{'sender_{0}'.format(self.field_bit): self.field_value}) if not (recipient_rows or sender_rows): raise Http404 # abnormal enough, like forged ids messages.success(request, self.success_msg, fail_silently=True) next_url = request.GET.get('next', None) next_url = safe_redirect(next_url, request) if next_url else None return redirect(next_url or self.success_url or request.META.get('HTTP_REFERER', reverse('postman:inbox'))) else: messages.warning(request, _("Select at least one object."), fail_silently=True) return redirect(next_url)
def get_redirect_url(self, **kwargs): return safe_redirect( self.request.GET.get('next', self.request.META.get('HTTP_REFERER', '/')), self.request)