def logoutview(request):
if request.method == 'POST':
logout(request)
form = AuthenticationForm()
return redirect(settings.LOGIN_URL)
def accounts(request):
return render_template(request, "registration/accounts.html", None, {
"createForm": UserCreationForm(),
"loginForm": AuthenticationForm()
})
def tracker_response(request,
db=None,
template='tracker/index.html',
dict={},
status=200):
starttime = datetime.datetime.now()
database = checkdb(db)
usernames = request.user.has_perm(
'tracker.view_usernames') and 'nonames' not in request.GET
emails = request.user.has_perm(
'tracker.view_emails') and 'noemails' not in request.GET
showtime = request.user.has_perm('tracker.show_rendertime')
canfull = request.user.has_perm('tracker.view_full_list')
bidtracker = request.user.has_perms([
u'tracker.change_challenge', u'tracker.delete_challenge',
u'tracker.change_choiceoption', u'tracker.delete_choice',
u'tracker.delete_challengebid', u'tracker.add_choiceoption',
u'tracker.change_choicebid', u'tracker.add_challengebid',
u'tracker.add_choice', u'tracker.add_choicebid',
u'tracker.delete_choiceoption', u'tracker.delete_choicebid',
u'tracker.add_challenge', u'tracker.change_choice',
u'tracker.change_challengebid'
])
context = RequestContext(request)
language = translation.get_language_from_request(request)
translation.activate(language)
request.LANGUAGE_CODE = translation.get_language()
profile = None
if request.user.is_authenticated():
try:
profile = request.user.get_profile()
except ObjectDoesNotExist:
profile = UserProfile()
profile.user = request.user
profile.save()
if profile:
template = profile.prepend + template
authform = AuthenticationForm(request.POST)
dict.update({
'static_url': settings.STATIC_URL,
'db': db,
'dbtitle': settings.DATABASES[database]['COMMENT'],
'usernames': usernames,
'emails': emails,
'canfull': canfull,
'bidtracker': bidtracker,
'djangoversion': dv(),
'pythonversion': pv(),
'user': request.user,
'profile': profile,
'next': request.REQUEST.get('next', request.path),
'showtime': showtime,
'starttime': starttime,
'authform': authform
})
try:
if request.user.username[:10] == 'openiduser':
dict.setdefault('usernameform', UsernameForm())
return render(request, 'tracker/username.html', dictionary=dict)
return render(request, template, dictionary=dict, status=status)
except Exception, e:
if request.user.is_staff and not settings.DEBUG:
return HttpResponse(unicode(type(e)) + '\n\n' + unicode(e),
mimetype='text/plain',
status=500)
raise
def login_request(request):
form = AuthenticationForm()
return render(request=request,
template_name="main/login.html",
context={"form": form})
def get(self, request):
if not request.user.is_anonymous:
return redirect('blog:index')
form = AuthenticationForm()
return render(request, 'account/login.html', {'form': form})
def test_username_field_autocapitalize_none(self):
form = AuthenticationForm()
self.assertEqual(
form.fields['username'].widget.attrs.get('autocapitalize'), 'none')
def accounts(request):
return render_to_response("registration/accounts.html", {
"createForm": UserCreationForm(),
"loginForm": AuthenticationForm()
}, RequestContext(request))
def iniciar_sesion(request):
"""
Verifica las credenciales e inicia sesión el usuario
:param request:
:return:
"""
next = ""
SAC_URL = settings.SAC_URL
LDAP_ACTIVE = settings.LDAP_ACTIVE
if request.GET:
next = request.GET['next']
if request.method == 'POST':
formulario = AuthenticationForm(request.POST)
if formulario.is_valid:
nombre_usuario = request.POST['username']
if str(nombre_usuario).find('@unl.edu.ec') < 0:
nombre_usuario = nombre_usuario + '@unl.edu.ec'
usuario = Usuario.objects.filter(
correo_electronico_institucional=nombre_usuario).first()
clave = request.POST['password']
acceso = None
if usuario:
if usuario.activo:
if settings.LDAP_ACTIVE and usuario:
if conexion_ldap.autenticar_siaaf(
nombre_usuario, clave):
usuario.ldap = True
acceso = authenticate(
correo_electronico_institucional=nombre_usuario,
password=clave)
else:
messages.warning(
request,
"Las datos proporcionados no coinciden con el servidor de autenticación"
)
else:
acceso = authenticate(
correo_electronico_institucional=nombre_usuario,
password=clave)
if acceso:
login(request, acceso)
if acceso.force_password:
return HttpResponseRedirect(
reverse('autenticacion:cambiar_contrasena'))
elif next == "":
return HttpResponseRedirect(reverse('index'))
else:
return HttpResponseRedirect(next)
else:
messages.warning(
request,
"Datos de acceso incorrectos. Usuario o contraseña incorrecta... "
)
else:
messages.warning(
request,
"Datos de acceso incorrectos. Usuario no está activo..."
)
else:
messages.warning(
request,
"Datos de acceso incorrectos. Usuario no existe... ")
else:
formulario = AuthenticationForm()
return render(request, 'autenticacion/iniciar_sesion.html', locals())
def basic_login(url=''):
form = AuthenticationForm()
return {'form': form, 'url': url}
def user_login(request):
return render(request,'accounts/login.html',{'form':AuthenticationForm()})
def include_login_form(request):
form = AuthenticationForm()
return {'login_form': form}
def openid(request, op_name=None):
client = None
request.session[
"next"] = request.GET["next"] if "next" in request.GET.keys() else "/"
try:
dyn = settings.OIDC_ALLOW_DYNAMIC_OP or False
except:
dyn = True
try:
template_name = settings.OIDC_LOGIN_TEMPLATE
except AttributeError:
template_name = 'djangooidc/login.html'
# Internal login?
if request.method == 'POST' and "internal_login" in request.POST:
ilform = AuthenticationForm(request.POST)
return auth_login_view(request)
else:
ilform = AuthenticationForm()
# Try to find an OP client either from the form or from the op_name URL
# argument
if request.method == 'GET' and op_name is not None:
try:
client = CLIENTS[op_name]
except KeyError as e:
logger.info(str(e))
raise Http404("OIDC client not found")
request.session["op"] = op_name
if request.method == 'POST' and dyn:
form = DynamicProvider(request.POST)
if form.is_valid():
try:
client = CLIENTS.dynamic_client(form.cleaned_data["hint"])
request.session["op"] = client.provider_info["issuer"]
except Exception as e:
logger.exception("could not create OOID client")
return view_error_handler(request, {"error": e})
else:
form = DynamicProvider()
# If we were able to determine the OP client, just redirect to it with an
# authentication request
if client:
try:
acrvalue = None
if 'acr_value' in settings.OIDC_PROVIDERS[op_name][
'client_registration']:
acrvalue = settings.OIDC_PROVIDERS[op_name][
'client_registration']['acr_value']
return client.create_authn_request(request.session,
acr_value=acrvalue)
except Exception as e:
return view_error_handler(request, {"error": e})
# Otherwise just render the list+form.
return render_to_response(
template_name, {
"op_list": [i for i in settings.OIDC_PROVIDERS.keys() if i],
'dynamic': dyn,
'form': form,
'ilform': ilform,
"next": request.session["next"]
})
def get(self, request, *args, **kwargs):
if request.user.is_authenticated():
return redirect(settings.LOGIN_REDIRECT_URL)
form = AuthenticationForm()
ctx = {"form": form}
return render(request, "motor/login.html", ctx)
def get(self, request):
if request.user.is_authenticated:
return redirect('home_page')
form = AuthenticationForm()
return render(request, self.template, {'form': form})
def get(self, request):
form = AuthenticationForm()
return render(request, "login.html", {"form": form})
def login_form(request):
return {
"login_form": AuthenticationForm(request.POST),
}
def post(self, request):
# получив запрос на авторизацию
form = AuthenticationForm(request, data=request.POST)
# забираем IP адрес из запроса
ip = get_client_ip(request)
# получаем или создаём новую запись об IP, с которого вводится пароль, на предмет блокировки
obj, created = TemporaryBanIp.objects.get_or_create(
defaults={
'ip_address': ip,
'time_unblock': timezone.now()
},
ip_address=ip
)
# если IP заблокирован и время разблокировки не настало
if obj.status is True and obj.time_unblock > timezone.now():
context = create_context_username_csrf(request)
if obj.attempts == 3 or obj.attempts == 6:
# то открываем страницу с сообщением о блокировки на 15 минут при 3 и 6 неудачных попытках входа
return render_to_response('accounts/block_15_minutes.html', context=context)
elif obj.attempts == 9:
# или открываем страницу о блокировке на 24 часа, при 9 неудачных попытках входа
return render_to_response('accounts/block_24_hours.html', context=context)
elif obj.status is True and obj.time_unblock < timezone.now():
# если IP заблокирован, но время разблокировки настало, то разблокируем IP
obj.status = False
obj.save()
# проверяем правильность формы, что есть такой пользователь
# и он ввёл правильный пароль
# если пользователь ввёл верные данные, то авторизуем его и удаляем запись о блокировке IP
if form.is_valid():
# в случае успеха авторизуем пользователя
auth.login(request, form.get_user())
#obj.attempts=0
#obj.save()
obj.delete()
# получаем предыдущий url
next = urlparse(get_next_url(request)).path
# и если пользователь из числа персонала и заходил через url /admin/login/
# то перенаправляем пользователя в админ панель
if next == '/admin/login/' and request.user.is_staff:
return redirect('/admin/')
# иначе делаем редирект на предыдущую страницу,
# в случае с /accounts/login/ произойдёт ещё один редирект на главную страницу
# в случае любого другого url, пользователь вернётся на данный url
return redirect(next)
else:
# иначе считаем попытки и устанавливаем время разблокировки и статус блокировки
obj.attempts += 1
if obj.attempts == 3 or obj.attempts == 6:
obj.time_unblock = timezone.now() + timezone.timedelta(minutes=15)
obj.status = True
elif obj.attempts == 9:
obj.time_unblock = timezone.now() + timezone.timedelta(1)
obj.status = True
elif obj.attempts > 9:
obj.attempts = 1
obj.save()
# если данные не верны, то пользователь окажется на странице авторизации
# и увидит сообщение об ошибке
context = create_context_username_csrf(request)
context['login_form'] = form
return render_to_response('accounts/login.html', context=context)
def login_user(request):
if request.user.id is not None:
messages.error(request, str(request.user.id))
return redirect(
reverse('index:mod', kwargs={'user_id': request.user.id}))
else:
if request.method == "POST":
form = AuthenticationForm(request, data=request.POST)
username = request.POST['username']
password = request.POST['password']
user = authenticate(username=username, password=password)
if user is not None:
#user is valid content manager
try:
content_manager = Content_Manager.objects.get(
username=username)
if content_manager.is_confirmed:
pass
else:
content_manager.is_confirmed = True
content_manager.save()
messages.warning(request, "Status updated")
except Exception as e:
if user.is_superuser:
pass
else:
messages.warning(request, str(e))
login(request, user)
messages.success(request,
f"You are now logged in as {username}")
return redirect(
reverse('index:mod', kwargs={'user_id': request.user.id}))
else:
try:
content_manager = Content_Manager.objects.get(
username=username)
try:
valid_id = Identification_Number.objects.get(
employee_id=content_manager.employee_id)
try:
content_manager.is_confirmed = True
content_manager.save()
messages.warning(request, "Status updated")
new_user = User()
new_user.first_name = content_manager.first_name
new_user.last_name = content_manager.last_name
new_user.username = content_manager.username
new_user.email = content_manager.email
new_user.set_password(content_manager.password)
new_user.save()
login(request, new_user)
messages.success(
request,
f"You are now logged in as {new_user.username}"
)
return redirect(
reverse('index:mod',
kwargs={'user_id': request.user.id}))
# user is now a valid content manager
except Exception as e:
messages.error(request, str(e))
except:
if content_manager.is_confirmed:
#user is confirmed but not yet registered
#id wasnt added after user registration
#user not yet registered
try:
new_id = Identification_Number()
new_id.employee_id = content_manager.employee_id
new_id.save()
except Exception as e:
messages.error(request, str(e))
try:
new_user = User()
new_user.first_name = content_manager.first_name
new_user.last_name = content_manager.last_name
new_user.username = content_manager.username
new_user.email = content_manager.email
new_user.set_password(content_manager.password)
new_user.save()
login(request, new_user)
messages.success(
request,
f"You are now logged in as {new_user.username}"
)
return redirect(
reverse(
'index:mod',
kwargs={'user_id': request.user.id}))
#user is now a valid content manager
except Exception as e:
messages.error(request, str(e))
else:
messages.warning(
request,
"Im sorry, your request is still under validation process."
)
except Exception as e:
messages.error(request, "Invalid username or password")
messages.error(request, str(e))
form = AuthenticationForm()
return render(request, "index/login.html", {"form": form})
def get(self, request):
return render(request, "news/login.html",
{"form": AuthenticationForm()})
def test_authenticate_forms_no_data(self):
n_form = AuthenticationForm(data={})
self.assertFalse(n_form.is_valid())
self.assertEquals(len(n_form.errors), 2)
def get(self,request):
if request.user.is_authenticated == True:
return HttpResponseRedirect('/')
form = AuthenticationForm()
return render(request, 'login.html',locals())
def login(request):
form = AuthenticationForm()
return render(request, 'users/login.html', {'form': form})
def get(self, request):
form = AuthenticationForm()
return render(request, "login/page-login.html", {'form': form})
def get(self, request):
if request.user.is_authenticated:
return redirect('to_do_app:app')
form = AuthenticationForm()
return render(request, 'login.html', {"form": form})
def ingresar(request):
if request.method == 'POST':
formulario = AuthenticationForm(request.POST)
if request.session['cont'] > 3:
formulario2 = fcapcha(request.POST)
if formulario2.is_valid():
pass
else:
datos = {'formulario': formulario, 'formulario2': formulario2}
return render_to_response(
"usuario/ingresar.html",
datos,
context_instance=RequestContext(request))
if formulario.is_valid:
#usuario=request.POST['username']
#clave=request.POST['password']
Nick = request.POST["username"]
password = request.POST["password"]
#acceso=authenticate(username=usuario,password=clave)
acceso = authenticate(username=Nick, password=password)
if acceso is not None:
if acceso.is_active:
login(request, acceso)
p = SessionStore()
p["name"] = Nick
p["estado"] = "conectado"
p.save()
request.session["idkey"] = p.session_key
request.session["name"] = Nick
#del request.session['cont']
return HttpResponseRedirect('/perfil')
else:
login(request, acceso)
return HttpResponseRedirect('/active')
else:
request.session['cont'] = request.session['cont'] + 1
aux = request.session['cont']
estado = True
mensaje = "Error en los datos " + str(aux)
if aux > 3:
formulario2 = fcapcha()
datos = {
'formulario': formulario,
'formulario2': formulario2,
'estado': estado,
'mensaje': mensaje
}
else:
datos = {
'formulario': formulario,
'estado': estado,
'mensaje': mensaje
}
return render_to_response(
'usuario/ingresar.html',
datos,
context_instance=RequestContext(request))
else:
request.session['cont'] = 0
formulario = AuthenticationForm()
return render_to_response('usuario/ingresar.html',
{'formulario': formulario},
context_instance=RequestContext(request))
def home(request):
if request.method == 'POST': #If a form is submitted
if 'login' in request.POST: # What to do for the login form
form = AuthenticationForm(request=request, data=request.POST)
if form.is_valid(): #Log in user if credntials are valid.
username = form.cleaned_data.get('username')
password = form.cleaned_data.get('password')
user = authenticate(username=username, password=password)
if user is not None:
login(request, user)
messages.info(request, f"You are now logged in as {username}")
if user.is_superuser:
return redirect('manager/administrate/')
return redirect('manager/') #Not sure
else: #If credentials are invalid, send an error message
messages.error(request, "Invalid username or password")
elif 'pass' in request.POST: # What to do for the password reset form
if request.method == 'POST': #Redundant but i dont want to remove and reformat
changePassForm = ForgotPassForm(request.POST)
if changePassForm.is_valid(): #Send email to change pass if email entered is valid
email = changePassForm.cleaned_data['email']
for user in User.objects.all():
if user.email == email:
newPass = generatePassword()
u = User.objects.get(email=email)
u.set_password(newPass)
u.save()
send_mail(
'You requested a one time password',
'Your new password is: ' + newPass + ', log in to https://04lpsalesweb01.crowdstrike.sys/ and change your password immediately',
'Corporate Sales Feedback <*****@*****.**>',
[email],
fail_silently=False,
)
return redirect('homepage')
messages.error(request, "Email does not exist. OTP not sent")
return redirect('homepage')
elif 'user' in request.POST:
if request.method == 'POST':
forgotUserForm = ForgotPassForm(request.POST)
if forgotUserForm.is_valid():
email = forgotUserForm.cleaned_data['email']
for user in User.objects.all():
if user.email == email:
send_mail(
'You requested your username',
'Your username is: ' + user.username + ', log in to https://04lpsalesweb01.crowdstrike.sys/',
'Corporate Sales Feedback <*****@*****.**>',
[email],
fail_silently=False,
)
return redirect('homepage')
messages.error(request, "Email does not exist. Try again")
return redirect('homepage')
forgotUserForm = ForgotPassForm()
changePassForm = ForgotPassForm()
form = AuthenticationForm()
return render(request = request,
template_name = "index.html",
context={
"forgotUserForm":forgotUserForm,
"changePassForm":changePassForm,
"form":form
}
)
def preview(request, course_prefix, course_suffix):
"""
Much code borrowed from registration.views.register
"""
if request.common_page_data['is_course_admin']:
return redirect(
'http://' + request.get_host() +
reverse('courses.views.main', args=[course_prefix, course_suffix]))
if request.common_page_data['is_course_member'] and not request.common_page_data['course'].preview_only_mode and \
date.today() >= request.common_page_data['course'].calendar_start :
return redirect(
'http://' + request.get_host() +
reverse('courses.views.main', args=[course_prefix, course_suffix]))
if not backend.registration_allowed(request):
return redirect(disallowed_url)
form = form_class(initial={
'course_prefix': course_prefix,
'course_suffix': course_suffix
})
login_form = AuthenticationForm(request)
context = RequestContext(request)
template_name = 'previews/default.html'
class_template = 'previews/' + request.common_page_data[
'course'].handle + '.html'
if os.path.isfile(settings.TEMPLATE_DIRS + '/' + class_template):
template_name = class_template
return render_to_response(
template_name, {
'form': form,
'login_form': login_form,
'common_page_data': request.common_page_data,
'display_login': request.GET.__contains__('login')
},
context_instance=context)
else:
try:
common_page_data = get_common_page_data(request, course_prefix,
course_suffix)
page = AdditionalPage.objects.get(
course=common_page_data['course'], slug="overview")
return render_to_response(
"previews/overview.html", {
'common_page_data': common_page_data,
'page': page,
'form': form,
'login_form': login_form,
'common_page_data': request.common_page_data,
'display_login': request.GET.__contains__('login'),
},
context_instance=context)
except Exception, e:
print e
return render_to_response(
template_name, {
'form': form,
'login_form': login_form,
'common_page_data': request.common_page_data,
'display_login': request.GET.__contains__('login')
},
context_instance=context)
def get(self, request):
form = AuthenticationForm()
return render(request, self.template, {'form': form})
def home (request):
signup_form = UserCreationForm()
form = AuthenticationForm()
return render(request, 'home.html', {'signup_form' : signup_form, 'form':form})
def view_event(request, event_id, event_slug, location_slug=None):
# XXX should we double check the associated location here? currently the
# assumption is that if an event is being viewed under a specific location
# that that will be reflected in the URL path.
try:
event = Event.objects.get(id=event_id)
except:
logger.debug('event not found')
return HttpResponseRedirect('/404')
location = get_object_or_404(Location, slug=location_slug)
# if the slug has changed, redirect the viewer to the correct url (one
# where the url matches the current slug)
if event.slug != event_slug:
logger.debug('event slug has changed')
# there's some tomfoolery here since we don't know for sure if the app
# is being used in a project that specifies the location as part of the
# url. probably a better way to do this...
return HttpResponseRedirect(
reverse('gather_view_event',
args=(event.location.slug, event.id, event.slug)))
# is the event in the past?
today = timezone.now()
logger.debug(event.end)
if event.end < today:
past = True
else:
past = False
# set up for those without accounts to RSVP
if request.user.is_authenticated():
current_user = request.user
new_user_form = None
login_form = None
location_event_admin = EventAdminGroup.objects.get(location=location)
if request.user in location_event_admin.users.all(
) or request.user in location.house_admins.all():
user_is_event_admin = True
else:
user_is_event_admin = False
else:
current_user = None
new_user_form = UserProfileForm()
login_form = AuthenticationForm()
user_is_event_admin = False
# this is counter-intuitive - private events are viewable to those who have
# the link. so private events are indeed shown to anyone (once they are
# approved). and we dont have a way of knowing what the previous status of
# canceled events was (!), so we also let this go through but then suppress
# the event details and a cancelation notice on the event page.
if (event.status == 'live' and event.visibility == Event.PRIVATE
) or event.is_viewable(current_user) or event.status == 'canceled':
if current_user and current_user in event.organizers.get_queryset():
user_is_organizer = True
else:
user_is_organizer = False
num_attendees = len(event.attendees.all())
# only meaningful if event.limit > 0
spots_remaining = event.limit - num_attendees
event_email = 'event%d@%s.%s' % (event.id, event.location.slug,
settings.LIST_DOMAIN)
domain = Site.objects.get_current().domain
formatted_title = event.title.replace(" ", "+")
formatted_dates = event.start.strftime(
"%Y%m%dT%H%M00Z") + "/" + event.end.strftime(
"%Y%m%dT%H%M00Z") # "20140127T224000Z/20140320T221500Z"
detail_url = "https://" + domain + reverse(
'gather_view_event',
args=(event.location.slug, event.id, event.slug))
formatted_location = event.where.replace(" ", "+")
event_google_cal_link = '''https://www.google.com/calendar/render?action=TEMPLATE&text=%s&dates=%s&details=For+details%%3a+%s&location=%s&sf=true&output=xml''' % (
formatted_title, formatted_dates, detail_url, formatted_location)
if user_is_event_admin or user_is_organizer:
email_form = EventEmailTemplateForm(event, location)
else:
email_form = None
return render(
request, 'gather_event_view.html', {
'event': event,
'current_user': current_user,
'event_google_cal_link': event_google_cal_link,
'user_is_organizer': user_is_organizer,
'new_user_form': new_user_form,
"event_email": event_email,
"domain": domain,
'login_form': login_form,
"spots_remaining": spots_remaining,
'user_is_event_admin': user_is_event_admin,
'email_form': email_form,
"num_attendees": num_attendees,
'in_the_past': past,
'endorsements': event.endorsements.all(),
'location': location
})
elif not current_user:
# if the user is not logged in and this is not a public event, have them login and try again
messages.add_message(request, messages.INFO,
'Please log in to view this event.')
next_url = reverse('gather_view_event',
args=(event.location.slug, event.id, event.slug))
return HttpResponseRedirect('/people/login/?next=%s' % next_url)
else:
# the user is logged in but the event is not viewable to them based on their status
messages.add_message(
request, messages.INFO,
'Oops! You do not have permission to view this event.')
return HttpResponseRedirect('/locations/%s' % location.slug)
