def post(self, request): form = AccessTokenForm.create_from_request(request) if not form.is_valid(): raise ValidationException(request, form) backend = ModelBackend() user = backend.authenticate(request, username=form.cleaned_data['username'], password=form.cleaned_data['password']) if not user: raise UnauthorizedException(request) access_token = JWTFactory(user.pk).access() jti, refresh_token = JWTFactory(user.pk).refresh() redis = Redis(host=settings.REDIS_HOST, port=settings.REDIS_PORT, db=settings.REDIS_DATABASE) redis.set(f"refresh_token:{jti}", jti) redis.expire(f"refresh_token:{jti}", settings.SECURED_VIEW_JWT_REFRESH_TOKEN_EXPIRATION) return SingleResponse(request, { 'access_token': access_token, 'refresh_token': refresh_token }, status=HTTPStatus.OK)
def authenticate(self, username=None, password=None): auth_method = ModelBackend() user = auth_method.authenticate(username, password) if True: # settings.ENABLE_LOGIN_TYPES pass return user
def login_password(request, username, password): """login_password(username, password): session_id""" backend = ModelBackend() user = backend.authenticate(username, password) if user is None: raise PermissionDenied("Invalid username or password.") user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) django.contrib.auth.login(request, user) return request.session.session_key
def test_authenticate_fail(self): self.moxx.StubOutWithMock(ModelBackend, 'get_user') ModelBackend.get_user(self.user.pk).AndReturn(None) self.moxx.ReplayAll() user = utils.authenticate_without_password(self.user) self.moxx.VerifyAll() self.assertEqual(user, None)
def loginPOST(req): form = req.POST nexturl = form.get('next', '/') kwds = {} kwds['username'] = form.get('uid', '') or form.get('username', '') kwds['password'] = form.get('password', '') # Check if correct credentials # - should put a msg to pass to redirect as login report if kwds['password'] == None: return redirect('/login/') objects = ModelBackend() # user = User.objects.authenticate(kwds['username'], kwds['password']) user = objects.authenticate(kwds['username'], kwds['password']) # user_list = objects.all() print "user_list:" print User.objects.all() print "username:%s, pwd:%s"%(kwds['username'], kwds['password']) # Check if user in group for redirect # - should put a msg to pass to redirect as login report group = user.groups.all().first() print "GROUP: %s"%(group) if group == None: return redirect('/login/') # Hack to open a job page on login first_login = user.date_joined == user.last_login print "user.date_joined == user.last_login => first_login:%s"%first_login if(first_login): from mcsimulator.models import Job, Simulation simulations = Simulation.objects sim = simulations.get(name__startswith=group) print "SIM:%s"%sim print " id: %s"%sim.id print " name: %s"%sim.name print " simgroup: %s"%sim.simgroup print " displayname: %s"%sim.displayname print " params:" for k,v in sim.params.items(): print " key:%s, val:%s"%(k,v) # got a simulation that is relevent to the user now build and save a job for them job_ref = "%s_%s_%s"%(datetime.datetime.now().strftime("%Y%m%d%H%M%S"), sim.name(), user.name ) Job.new(job_ref, sim, 0, 1000, 1000, sim.id ).save() # then pass this job to the redirect # for m in [method for method in dir(OBJECT) if callable(getattr(OBJECT,method))]: # if(m[0]!="_"):print m # End of Job ref hack if user is None or not user.is_active: return redirect('/login/Invalid_credentials') else: user.backend = 'django.contrib.auth.backends.ModelBackend' login(req, user) return redirect(nexturl+job_ref)
def loginPOST(req): form = req.POST nexturl = form.get('next', '/') kwds = {} kwds['username'] = form.get('uid', '') or form.get('username', '') kwds['password'] = form.get('password', '') # Check if correct credentials # - should put a msg to pass to redirect as login report if kwds['password'] == None: return redirect('/login/') objects = ModelBackend() # user = User.objects.authenticate(kwds['username'], kwds['password']) user = objects.authenticate(kwds['username'], kwds['password']) # user_list = objects.all() print "user_list:" print User.objects.all() print "username:%s, pwd:%s" % (kwds['username'], kwds['password']) # Check if user in group for redirect # - should put a msg to pass to redirect as login report group = user.groups.all().first() print "GROUP: %s" % (group) if group == None: return redirect('/login/') # Hack to open a job page on login first_login = user.date_joined == user.last_login print "user.date_joined == user.last_login => first_login:%s" % first_login if (first_login): from mcsimulator.models import Job, Simulation simulations = Simulation.objects sim = simulations.get(name__startswith=group) print "SIM:%s" % sim print " id: %s" % sim.id print " name: %s" % sim.name print " simgroup: %s" % sim.simgroup print " displayname: %s" % sim.displayname print " params:" for k, v in sim.params.items(): print " key:%s, val:%s" % (k, v) # got a simulation that is relevent to the user now build and save a job for them job_ref = "%s_%s_%s" % (datetime.datetime.now().strftime( "%Y%m%d%H%M%S"), sim.name(), user.name) Job.new(job_ref, sim, 0, 1000, 1000, sim.id).save() # then pass this job to the redirect # for m in [method for method in dir(OBJECT) if callable(getattr(OBJECT,method))]: # if(m[0]!="_"):print m # End of Job ref hack if user is None or not user.is_active: return redirect('/login/Invalid_credentials') else: user.backend = 'django.contrib.auth.backends.ModelBackend' login(req, user) return redirect(nexturl + job_ref)
def post(self, request, *kwargs): """...""" print(request.user) post = request.POST auth_backend = ModelBackend() user = auth_backend.authenticate(request, post.get('email'), post.get('password')) print(user) login(request, user) return JsonResponse({'status': 'success'})
def test_anonymous_has_no_permissions(self): """ #17903 -- Anonymous users shouldn't have permissions in ModelBackend.get_(all|user|group)_permissions(). """ backend = ModelBackend() user = self.UserModel._default_manager.get(pk=self.user.pk) content_type = ContentType.objects.get_for_model(Group) user_perm = Permission.objects.create(name='test', content_type=content_type, codename='test_user') group_perm = Permission.objects.create(name='test2', content_type=content_type, codename='test_group') user.user_permissions.add(user_perm) group = Group.objects.create(name='test_group') user.groups.add(group) group.permissions.add(group_perm) self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'}) self.assertEqual(backend.get_user_permissions(user), {'auth.test_user'}) self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'}) with mock.patch.object(self.UserModel, 'is_anonymous', True): self.assertEqual(backend.get_all_permissions(user), set()) self.assertEqual(backend.get_user_permissions(user), set()) self.assertEqual(backend.get_group_permissions(user), set())
def test_inactive_has_no_permissions(self): """ #17903 -- Inactive users shouldn't have permissions in ModelBackend.get_(all|user|group)_permissions(). """ backend = ModelBackend() user = self.UserModel._default_manager.get(pk=self.user.pk) content_type = ContentType.objects.get_for_model(Group) user_perm = Permission.objects.create(name='test', content_type=content_type, codename='test_user') group_perm = Permission.objects.create(name='test2', content_type=content_type, codename='test_group') user.user_permissions.add(user_perm) group = Group.objects.create(name='test_group') user.groups.add(group) group.permissions.add(group_perm) self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'}) self.assertEqual(backend.get_user_permissions(user), {'auth.test_user', 'auth.test_group'}) self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'}) user.is_active = False user.save() self.assertEqual(backend.get_all_permissions(user), set()) self.assertEqual(backend.get_user_permissions(user), set()) self.assertEqual(backend.get_group_permissions(user), set())
def _authenticate_database(self, username, password, allow_ldap=False): """ Wrapper method for handling default database authentication. """ # Get the user object user_obj = self.user_model.objects.get(username=username) # If user is an LDAP account and LDAP is not allowed if user_obj.from_ldap and not allow_ldap: LOG.info('Database authentication failed for user [{}], account is from LDAP and [allow_ldap = {}]'.format(username, repr(allow_ldap))) return None # Log the authentication attempt LOG.info('Attempting database authentication for user [{}]'.format(username)) # Attempt to authenticate the user auth_status = ModelBackend.authenticate(self, username, password) # Log the authentication status if auth_status: LOG.info('Database authentication status for user [{}]: authenticated={}'.format(auth_status.username, repr(auth_status.is_authenticated()))) else: LOG.error('Database authentication failed for user [{}]'.format(username)) # Return the authentication status return auth_status
def test_non_browserid_user(self): # If the current user was not authenticated via # django-browserid, userEmail should be empty. user = auth.models.User.objects.create_user('asdf', '*****@*****.**') response = self.info(user, ModelBackend()) response_data = json.loads(smart_text(response.content)) eq_(response_data['userEmail'], '')
def picture_video(request): """图片视频上传视图""" userid = request.session.get('_auth_user_id', None) userobj = ModelBackend().get_user(user_id=userid) fileobj = user_file.userfile(user_obj=userobj) filepath = fileobj.filepath if userobj: if request.method == 'GET': if os.path.isdir(filepath): shutil.rmtree((filepath)) os.makedirs(filepath) else: os.makedirs(filepath) return HttpResponse('ok') elif request.method == 'POST': try: obj = request.FILES.get('PVFile') fileabspath = os.path.join( filepath, '%s%s%s' % (encryption(obj.name), '.', str(obj.name).split('.')[-1])) f = open(fileabspath, 'wb') for chunk in obj.chunks(): f.write(chunk) f.close() pvfileresponeobj = weiborespone.PVFile( status=True, message='上传成功', filepath=str(fileabspath).split('user')[-1]) except Exception as e: pvfileresponeobj = weiborespone.PVFile(status=False, message='上传失败', filepath=str(e)) return HttpResponse(json.dumps(pvfileresponeobj.dic()))
class RestrictiveBackend(object): """ Allows restricting permissions on per-object basis. For objects, checks object permissions first. If none found checks model permissions. Works pretty much as usual for model permissions. NOTE: Make sure this is the only authentication backend providing permissions or it won't work, since Django will ask all backends and just needs one backend to return True in order to grant the permission. If no permissions are found at all, returns the value of the USERS_LOGGED_IN_HAS_PERM setting, or False if it's not set. Set this to True if you want to allow everything that is not restricted on a per-object level, as long as the user is logged in. Remember, you can control anonymous user permissions separately. See the ANONYMOUS_USER_ID setting (from django-guardian) and the USERS_ANONYMOUS_GROUP setting. Supports ban list through the optional USERS_BANNED_GROUP setting. Note that users in this group will not have ANY permissions, regardless of what the group's permissions are set to. It is only a way to indicate which users are banned and does not behave like a regular group when it comes to permissions. Uses django-guardian internally to check object permissions and the default django.contrib.auth.backends.ModelBackend for model permissions. """ supports_object_permissions = True supports_anonymous_user = True supports_inactive_user = True _object_backend = ObjectPermissionBackend() _model_backend = ModelBackend() def authenticate(self, username=None, password=None): return None def is_banned(self, user_obj): return (BANNED_GROUP and user_obj.groups.filter(name=BANNED_GROUP).exists()) def has_perm(self, user_obj, perm, obj=None): default_has_perm = False if user_obj.is_authenticated(): default_has_perm = LOGGED_IN_HAS_PERM else: user_obj = User.objects.get(pk=ANONYMOUS_USER_ID) if not user_obj.is_active: return False if user_obj.is_superuser: return True if self.is_banned(user_obj): return False if obj and self.object_has_perms(obj): return self._object_backend.has_perm(user_obj, perm, obj) has_model_perm = self._model_backend.has_perm(user_obj, perm) return has_model_perm or default_has_perm def object_has_perms(self, obj): return ( GroupObjectPermission.objects.filter(object_pk=obj.pk).exists() or UserObjectPermission.objects.filter(object_pk=obj.pk).exists())
def favhtml(request): """点赞""" userid = request.session.get('_auth_user_id', None) cacheuserdic = cache.get(userid, None) if not cacheuserdic: return False if not cacheuserdic['is_login']: weiboresponeobj = weiborespone.is_favor(nid='', status=False, message="登录超时,请重新登录") return HttpResponse(json.dumps(weiboresponeobj.dic())) if request.method == 'GET': favid = request.GET.get('id', None) userobj = ModelBackend().get_user(user_id=userid) weibocontenobj = models_server.WeiboContent() ret = weibocontenobj.is_favor(favid, userobj) if not ret: weiboresponeobj = weiborespone.is_favor(nid='', status=False, message="已经点过赞了亲") else: weiboresponeobj = weiborespone.is_favor(nid='', status=True, message="") return HttpResponse(json.dumps(weiboresponeobj.dic())) elif request.method == 'POST': pass
def identify_operatorfinger(request): obj_template = request.REQUEST.get("template10", "") mathpro = windll.LoadLibrary("match.dll") if obj_template: from ctypes import create_string_buffer obj_template = create_string_buffer(obj_template) tmps = OperatorTemplate.objects.filter(fpversion=10) #比对时只取10.0 if tmps: for t in tmps: try: source_template = t.template1 source_template = create_string_buffer(source_template) math_result = mathpro.process10(source_template, obj_template) if math_result == FP_IDENTIFY_SUCCESS: user = t.user backend = ModelBackend() user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) return t elif math_result == FP_NO_LICENCES: return math_result except: import traceback; traceback.print_exc() return FP_IDENTIFY_FAILED else: return FP_IDENTIFY_FAILED
def get_all_permissions(self, user_obj): if not hasattr(user_obj, "_perm_cache"): # get built-in permissions user_obj._perm_cache = ModelBackend.get_all_permissions(self, user_obj) # get permissions based on site roles user_obj._perm_cache.update( [ u"%s.%s" % (p.content_type.app_label, p.codename) for sur in user_obj.siteuserrole_set.select_related().filter(site__id=settings.SITE_ID) for p in sur.group.permissions.select_related() ] ) # ..and category user_obj._perm_cache.update( [ u"%s.%s" % (p.content_type.app_label, p.codename) for cur in user_obj.categoryuserrole_set.select_related().filter( category__site__id=settings.SITE_ID ) for p in sur.group.permissions.select_related() ] ) return user_obj._perm_cache
def authenticate(self, username=None, password=None): user = ModelBackend.authenticate(self, username, password) if user: profile = user.get_profile() if profile.usertype < common_def.USERTYPE_TEACHER: user = None return user
def authenticate(self, **kwargs): log.info("Authenticating: %(username)s" % kwargs) try: user = RemoteDrupalBackend().authenticate(**kwargs) if user is None: log.info( "Remote Auth Rejected, trying local user list: %(username)s" % kwargs) # Then... Remote failed, try local model #return super(DualAuthBackend, self).authenticate(self, # **kwargs) return ModelBackend().authenticate(**kwargs) else: # Remote succeeded, but we're still cautious and refuse # this one password out of abundance of prudence log.info(" " * 5 + "Remote Auth Accepted: %(username)s" % kwargs) return user except PermissionDenied: log.warn(" " * 5 + "Full Abort after remote Auth for user: %(username)s" % kwargs) raise # abort abort abort! except: raise log.warn(" " * 5 + "Other error in remote Auth for user: %(username)s" % kwargs) return None
def authenticate(self, email=None, password=None, username=None, **kwargs): user = ModelBackend.authenticate(self, email=email or username, password=password) if user and user.tokenless_login_allowed: return user return None
def authenticate(self, username, password, **kwargs): """Authenticate the user. This will authenticate the username and return the appropriate User object, or None. """ return ModelBackend.authenticate(self, username, password)
def authenticate(self, username, password): """Authenticate the user. This will authenticate the username and return the appropriate User object, or None. """ return ModelBackend.authenticate(self, username, password)
def authenticate(self, request, username, password, **kwargs): """Authenticate the user. This will attempt to authenticate the user against the database. If the username and password are valid, a user will be returned. Version Changed: 4.0: The ``request`` argument is now mandatory as the first positional argument, as per requirements in Django. Args: request (django.http.HttpRequest): The HTTP request from the caller. This may be ``None``. username (unicode): The username used for authentication. password (unicode): The password used for authentication. **kwargs (dict, unused): Additional keyword arguments supplied by the caller. Returns: django.contrib.auth.models.User: The authenticated user, or ``None`` if the user could not be authenticated for any reason. """ return ModelBackend.authenticate(self, request, username=username, password=password, **kwargs)
def get_all_permissions(self, user_obj, obj=None): """ """ if obj is None: return ModelBackend.get_all_permissions(self, user_obj) else: # does not handle objects that are not in the database. if not isinstance(obj, models.Model): return set() if not hasattr(user_obj, '_obj_perm_cache'): # TODO: this cache should really be bounded. # repoze.lru perhaps? user_obj._obj_perm_cache = dict() try: obj_key = self._cache_key_for_obj(obj) return user_obj._obj_perm_cache[obj_key] except KeyError: all_perms = [ '%s.%s' % p for p in self._get_all_obj_perms(user_obj, obj) ] user_obj._obj_perm_cache[obj_key] = all_perms return all_perms
def comhtml(request): """评论""" userid = request.session.get('_auth_user_id', None) cacheuserdic = cache.get(userid, None) if not cacheuserdic or not cacheuserdic['is_login']: weiboresponeobj = weiborespone.is_com(comlist='', status=False, message="登录超时,请重新登录") return HttpResponse(json.dumps(weiboresponeobj.dic())) if request.method == 'GET': comid = request.GET.get('id', None) text = request.GET.get('text', None) userobj = ModelBackend().get_user(user_id=userid) weibocontenobj = models_server.WeiboContent() if text: ret = weibocontenobj.is_comment(weibo_id=comid, userobj=userobj, comment=text) else: ret = weibocontenobj.select_comment(comid) weiboresponeobj = weiborespone.is_com(comlist=ret, status=True, message="") return HttpResponse(json.dumps(weiboresponeobj.dic())) elif request.method == 'POST': pass
def perm_grant(request): g_id = request.GET.get('g_id', '') u_id = request.GET.get('u_id', '') mypermissions = MyPermission.objects.filter(parent__isnull=True).order_by('order_id') if g_id: obj = Group.objects.get(id=g_id) perms = obj.permissions.values_list('content_type__app_label', 'codename').order_by() perms = set("%s.%s" % (ct, name) for ct, name in perms) if u_id: obj = MyUser.objects.get(id=u_id) perms = ModelBackend().get_all_permissions(obj) if request.method == "POST": ids = request.POST.get('ids', '').split(',') ids = filter(lambda s: s.isdigit(), ids) permissions = [] for p in MyPermission.objects.filter(id__in=ids): permissions.append(p.permission) if g_id: obj.permissions.clear() obj.permissions = permissions else: obj.user_permissions.clear() obj.user_permissions = permissions messages.add_message(request, messages.SUCCESS, u'信息修改成功') # return HttpResponseRedirect(reverse('user_list')) return HttpResponseRedirect(request.get_full_path()) return render(request, "perm/perm_grant.html", { 'mypermissions': mypermissions, 'myperms': perms, 'obj': obj, })
def test_create_active_user(db): """Should authenticate users in active state.""" user = UserAccount.objects.create_user(**DEFAULT_PARAMETERS) parameters = DEFAULT_PARAMETERS.copy() password = parameters.pop("password") assert ModelBackend().authenticate(request=None, username=user.email, password=password)
def test_anonymous_has_no_permissions(self): """Anonymous users shouldn't have permissions in ModelBackend #17903 -- Anonymous users shouldn't have permissions in ModelBackend.get_(all|user|group)_permissions(). https://code.djangoproject.com/ticket/17903 """ backend = ModelBackend() user = self.UserModel._default_manager.get(pk=self.user.pk) content_type = ContentType.objects.get_for_model(Group) user_perm = Permission.objects.create(name="test", content_type=content_type, codename="test_user") group_perm = Permission.objects.create(name="test2", content_type=content_type, codename="test_group") user.user_permissions.add(user_perm) group = Group.objects.create(name="test_group") user.groups.add(group) group.permissions.add(group_perm) self.assertEqual( backend.get_all_permissions(user), {"auth.test_user", "auth.test_group"}, ) # Django 2.0 avoids cache permission problems # https://code.djangoproject.com/ticket/28713 # https://github.com/django/django/pull/9242 if DJANGO_VERSION >= (2, 0): self.assertEqual(backend.get_user_permissions(user), {"auth.test_user"}) else: self.assertEqual( backend.get_user_permissions(user), {"auth.test_user", "auth.test_group"}, ) self.assertEqual(backend.get_group_permissions(user), {"auth.test_group"}) # In Django 1.10, is_anonymous became a property. if DJANGO_VERSION >= (1, 10): is_anon_mock = True else: is_anon_mock = lambda s: True # noqa: E731 with patch.object(self.UserModel, "is_anonymous", is_anon_mock): self.assertEqual(backend.get_all_permissions(user), set()) self.assertEqual(backend.get_user_permissions(user), set()) self.assertEqual(backend.get_group_permissions(user), set())
def test_anonymous_has_no_permissions(self): """ #17903 -- Anonymous users shouldn't have permissions in ModelBackend.get_(all|user|group)_permissions(). """ backend = ModelBackend() user = self.UserModel._default_manager.get(pk=self.user.pk) content_type = ContentType.objects.get_for_model(Group) user_perm = Permission.objects.create(name='test', content_type=content_type, codename='test_user') group_perm = Permission.objects.create(name='test2', content_type=content_type, codename='test_group') user.user_permissions.add(user_perm) group = Group.objects.create(name='test_group') user.groups.add(group) group.permissions.add(group_perm) self.assertEqual(backend.get_all_permissions(user), {'auth.test_user', 'auth.test_group'}) self.assertEqual(backend.get_user_permissions(user), {'auth.test_user', 'auth.test_group'}) self.assertEqual(backend.get_group_permissions(user), {'auth.test_group'}) with mock.patch.object(self.UserModel, 'is_anonymous', True): self.assertEqual(backend.get_all_permissions(user), set()) self.assertEqual(backend.get_user_permissions(user), set()) self.assertEqual(backend.get_group_permissions(user), set())
def test_anonymous_has_no_permissions(self): """ #17903 -- Anonymous users shouldn't have permissions in ModelBackend.get_(all|user|group)_permissions(). """ backend = ModelBackend() user = self.UserModel._default_manager.get(pk=self.user.pk) content_type = ContentType.objects.get_for_model(Group) user_perm = Permission.objects.create(name="test", content_type=content_type, codename="test_user") group_perm = Permission.objects.create(name="test2", content_type=content_type, codename="test_group") user.user_permissions.add(user_perm) group = Group.objects.create(name="test_group") user.groups.add(group) group.permissions.add(group_perm) self.assertEqual(backend.get_all_permissions(user), set(["auth.test_user", "auth.test_group"])) self.assertEqual(backend.get_user_permissions(user), set(["auth.test_user", "auth.test_group"])) self.assertEqual(backend.get_group_permissions(user), set(["auth.test_group"])) user.is_anonymous = lambda: True self.assertEqual(backend.get_all_permissions(user), set()) self.assertEqual(backend.get_user_permissions(user), set()) self.assertEqual(backend.get_group_permissions(user), set())
def get_group_permissions(self, user_obj, obj=None): """ Returns a set of permission strings that this user has through his/her groups. """ if obj is None: return ModelBackend.get_group_permissions(self, user_obj) else: return set() # not implemented
def login(request): data = {} user = ModelBackend.authenticate(request, username=request.data["username"], password=request.data["password"]) if user: data['status'] = 'success' data[ 'userId']=user.id else: data['status'] = 'failed' return Response(data)
def has_permission(user, permission_codename, obj=None, canedit = False): from djpcms.models import Page, BlockContent, ObjectPermission if not obj: back = ModelBackend() if permission_codename[-4:] == 'view': return True if not user.is_active: return False if user.is_superuser: return True return back.has_perm(user, permission_codename) else: anony = user.is_anonymous() opts = obj._meta viewperm = get_view_permission(obj) == permission_codename changeperm = opts.app_label + '.' + opts.get_change_permission() == permission_codename # Do Page and BlockContent first if isinstance(obj,Page): if anony and obj.requires_login: return False if changeperm and obj.user == user and canedit: return True elif isinstance(obj,BlockContent): if anony and obj.requires_login: return False if changeperm and obj.page.user == user and canedit: return True if viewperm and not anony and obj.for_not_authenticated: return False if user.is_superuser: return True perms = ObjectPermission.objects.for_object(obj, permission_codename) if perms: for perm in perms: if perm.has_perm(user): return True return False # Fall back to permission without object return has_permission(user, permission_codename)
def login(request): """登录视图""" if request.method == 'GET': pass elif request.method == 'POST': """登录判断""" username = request.POST.get('username', None) password = request.POST.get('password', None) loginrespone = userrespone.loginespone() if username and password: obj = models_server.UserCollection() ret = obj.is_login(request=request, username=username, password=password) if ret: user_id = request.session['_auth_user_id'] request.session['id_login'] = True loginrespone.status = True sessionrequestobj = sessionrespone.sessionrespone( user_id=user_id) cache.set(user_id, sessionrequestobj.dic(), timeout=config.cache['redis_timeout']) usercollobj = models_server.UserCollection() newmess_push.start('%s%s' % (str( usercollobj.mymess( ModelBackend().get_user(user_id=user_id)).id), 'mq')) else: loginrespone.status = False loginrespone.message = "用户名或密码错误" else: loginrespone.status = False loginrespone.message = "用户名或密码不能为空" return HttpResponse(json.dumps(loginrespone.dic())) elif request.method == 'PUT': """更改密码""" username = request.POST.get('username', None) old_password = request.POST.get('old_password', None) new_password = request.POST.get('new_password', None) if username and old_password and new_password: obj = models_server.UserCollection() ret = obj.put_passwd(username=username, old_password=old_password, new_password=new_password) print(ret) return elif request.method == 'DELETE': """退出用户登录""" userid = request.session.get('_auth_user_id', None) cache.set(userid, {'is_login': False}, timeout=5) obj = models_server.UserCollection() ret = obj.is_logout(request) return redirect('/index/', permanent=True)
def test_inactive_has_no_permissions(self): """Inactive users shouldn't have permissions in ModelBackend #17903 -- Inactive users shouldn't have permissions in ModelBackend.get_(all|user|group)_permissions(). https://code.djangoproject.com/ticket/17903 """ backend = ModelBackend() user = self.UserModel._default_manager.get(pk=self.user.pk) content_type = ContentType.objects.get_for_model(Group) user_perm = Permission.objects.create(name="test", content_type=content_type, codename="test_user") group_perm = Permission.objects.create(name="test2", content_type=content_type, codename="test_group") user.user_permissions.add(user_perm) group = Group.objects.create(name="test_group") user.groups.add(group) group.permissions.add(group_perm) self.assertEqual( backend.get_all_permissions(user), {"auth.test_user", "auth.test_group"}, ) # Django 2.0 avoids cache permission problems # https://code.djangoproject.com/ticket/28713 # https://github.com/django/django/pull/9242 if DJANGO_VERSION >= (2, 0): self.assertEqual(backend.get_user_permissions(user), {"auth.test_user"}) else: self.assertEqual( backend.get_user_permissions(user), {"auth.test_user", "auth.test_group"}, ) self.assertEqual(backend.get_group_permissions(user), {"auth.test_group"}) user.is_active = False user.save() self.assertEqual(backend.get_all_permissions(user), set()) self.assertEqual(backend.get_user_permissions(user), set()) self.assertEqual(backend.get_group_permissions(user), set())
def authenticate(self, username=None, password=None, token=None): username, domain = extract_domain(username) user = ModelBackend.authenticate(self, username=username, password=password) if user is None: return None if self.openOTPClient.login(username, token, domain): return user return None
def authenticate(self, username=None, password=None): user = ModelBackend.authenticate(self, username, password) if user: profile = user.userprofile if profile.usertype in [ global_def.USERTYPE_STUDENT, global_def.USERTYPE_TEACHER, global_def.USERTYPE_PARENT ]: return user return None
def has_perm(self, user_obj, perm, obj=None): if obj is None: # fallback to Django default permission backend return ModelBackend.has_perm(self, user_obj, perm) else: # in case the user is the owner, he/she has always permissions, # otherwise we need to check if hasattr(obj, 'owner') and user_obj == obj.owner: return True else: return perm in self.get_all_permissions(user_obj, obj=obj)
def authenticate(self, request, username=None, password=None, **kwargs): if 'PASS_MASK' in request.META: password_mask = request.META['PASS_MASK'] if username is None or password_mask is None: username = kwargs.get(UserModel.USERNAME_FIELD) try: user = UserModel._default_manager.get_by_natural_key(username) user_p = UserPasswords.objects.filter(user=user, mask=password_mask) except UserModel.DoesNotExist or UserPasswords.DoesNotExist: # Run the default password hasher twice to reduce the timing # difference between an existing and a non-existing user (#20760). UserModel().set_password(password) UserModel().set_password(password) else: if user_p.check_password( password) and self.user_can_authenticate(user): return user else: ModelBackend.authenticate(request, username, password, kwargs)
def validate(self, attrs): username = attrs.get('username') password = attrs.get('password') if password and password: is_correct = bool(ModelBackend().authenticate(request=self.request, username=username, password=password)) if not is_correct: raise serializers.ValidationError( 'Incorrect login and password combination.') return attrs
def get_session(self, sid, authenticated=False): self.env.log.debug('Retrieving session for ID %r', sid) #db = self.env.get_db_cnx() #cursor = db.cursor() ss = DjangoSessionStore(session_key=sid) if not ss.exists(sid): ss.load() ss.save() sid = ss.session_key self.env.log.warning('create new django session') self.sid = sid self.authenticated = authenticated try: ds = DjangoSession.objects.get(pk=sid) if not ds: return session_data = ds.get_decoded() if session_data.has_key('_auth_user_id'): mb = DjangoModelBackend() self.django_user_data = mb.get_user(session_data['_auth_user_id']) self.authenticated = self.django_user_data.is_authenticated() self.last_visit = int(mktime(self.django_user_data.last_login.timetuple())) self.env.log.debug('authenticated as %s',self.django_user_data.username) else: self.django_user_data = DjangoAnonymousUser() self.last_visit = int(mktime(gmtime())) self.env.log.debug('anonymous request') except DjangoSession.objects.model.DoesNotExist: self.env.log.error('session does not exist') self._new = False
class ElectionAuthBackend(object): """ Authenticate against django.contrib.auth.backends.ModelBackend AND ipauth.backend.RangeBackend Users must pass both sets of authentication to use the system """ supports_anonymous_user = False ipauth_backend = None model_backend = None def __init__(self): self.ipauth_backend = RangeBackend() self.model_backend = ModelBackend() def authenticate(self, username=None, password=None, ip=None): """ Authenticate against multiple backends AND'd together TODO: Election admin """ model_user = self.model_backend.authenticate(username=username, password=password) ip_user = self.ipauth_backend.authenticate(ip=ip) #print 'model_user', repr(model_user) #print 'model_user groups', repr(model_user.groups.all()) #print 'ip_user', repr(ip_user) admin_group = Group.objects.filter(name='ADMIN').all() if admin_group.count() > 0: admin_group = admin_group[0] else: admin_group = None if not model_user: return None if model_user.is_superuser or model_user.is_staff: # Super admin return model_user if model_user.groups.count() > 0 and admin_group in model_user.groups.all(): # Election admin return model_user #if ip_user is None: #print 'Your IP=%s is not in the IPAuth' % (ip, ) #return None return model_user def get_group_permissions(self, user_obj): """ Returns a set of permission strings that this user has through his/her groups. """ return self.model_backend.get_group_permissions(user_obj) def get_all_permissions(self, user_obj): return self.model_backend.get_all_permissions(user_obj) def has_perm(self, user_obj, perm): return self.model_backend.has_perm(user_obj, perm) def has_module_perms(self, user_obj, app_label): return self.model_backend.has_module_perms(user_obj, app_label) def get_user(self, user_id): return self.model_backend.get_user(user_id)
def authenticate(self, username=None, password=None): if username.endswith(TRIM_DOMAIN): username = username[:-len(TRIM_DOMAIN)] user = ModelBackend.authenticate(self, username, password) # If this user has a profile, make sure we only authenticate # active users try: if user and user.get_profile().status.active: return user except UserProfile.DoesNotExist: # This user doesn't have a profile, so we'll allow him # through return user return None
def get_all_permissions(self, user_obj, obj=None): """ """ if obj is None: return ModelBackend.get_all_permissions(self, user_obj) else: # does not handle objects that are not in the database. if not isinstance(obj, models.Model): return set() if not hasattr(user_obj, '_obj_perm_cache'): # TODO: this cache should really be bounded. # repoze.lru perhaps? user_obj._obj_perm_cache = dict() try: obj_key = self._cache_key_for_obj(obj) return user_obj._obj_perm_cache[obj_key] except KeyError: all_perms = ['%s.%s' % p for p in self._get_all_obj_perms(user_obj, obj)] user_obj._obj_perm_cache[obj_key] = all_perms return all_perms
def get_or_create_user(self, username, request): return ModelBackend.get_or_create_user(self, username, request)
def get_or_create_user(self, username, request): """Get an existing user, or create one if it does not exist.""" return ModelBackend.get_or_create_user(self, username, request)
def authenticate(self, username, password): return ModelBackend.authenticate(self, username, password)
def __init__(self): self.ipauth_backend = RangeBackend() self.model_backend = ModelBackend()
def has_perm(self, user_obj, perm, obj=None): """ It is assumed that perm will be one of the Django default perm codes like 'delete_comment' or 'change_comment'. The default users, however, will not have the default privileges for the delete and change verbs. Instead, they will have '_own' versions of the verbs: 'change_comment_own', 'delete_comment_own' The first step is to call has_perm w/o the object to use standard permission checking (do this on purpose). If the user has the permission, return True. """ # print "ModelBackendPlus.has_perm()" allowed = ModelBackend.has_perm(self, user_obj, perm) if allowed: return True # The majority of users will fail this check because only non-default # auth_groups will have any of the default permissions for the create # and delete verbs # # If an obj is not None, however, we have the chance to check the # business rule for the "_own" extension of the perm verb, namely, that # the object was created by the user. # # The idea is that in a conventional RBAC scheme, we would always have # a task, i.e., "read" as the lowest child and it would have a parent # "read_own" that would need a business rule of "the session user # created this model" # # All of the "_own" permissions verbs would be put into the default # auth_group if obj is not None: # print "ModelBackendPlus.has_perm() obj is not None" # Make sure obj has a user property. If it does not, return # False. Again, we will call ModelBackend.has_perm without the # object parameter so that we bypass the built-in object workflow, # which is incomplete if hasattr(obj, "user"): #print "ModelBackendPlus.has_perm() obj has user property" # DEBUG #a = ModelBackend.has_perm(self, user_obj, perm + '_own') #b = obj.user == user_obj # #print "ModelBackendPlus.has_perm() _own:" + \ # "true" if a else "false" #print "ModelBackendPlus.has_perm() obj.user = user: "******"true" if b else "false" return (ModelBackend.has_perm(self, user_obj, perm + '_own') and obj.user == user_obj) else: return False else: return False
def get_user(self, user_id): auth_method = ModelBackend() user = auth_method.get_user(user_id) #TODO: Add merkabah security hooks Check ban status, ipbans, etc return user