def get_context_data(self, **kwargs): context = super(PermissionInfoMixin, self).get_context_data(**kwargs) context['actions'] = [] if 'object' in context: obj = context['object'] if hasattr(obj, 'get_permissions_object'): acts = list(map(str, get_backends()[0].permitted_actions( self.request.user, lambda a: obj.get_permissions_object(a) ))) elif 'object_list' in context: actcnts = {} for obj in context['object_list']: if hasattr(obj, 'get_permissions_object'): objacts = get_backends()[0].permitted_actions( self.request.user, lambda a: obj.get_permissions_object(a) ) for a in objacts: if a in actcnts: actcnts[a] += 1 else: actcnts[a] = 1 acts = [] for act, cnt in actcnts.items(): if cnt == len(context['object_list']): acts.append(str(act)) else: acts.append('(' + str(act) + ')') context['actions'] = acts return context
def CrmWork(request): """Redirect URL/View - process callback after authentication.""" context = {'initialize':''} constants = settings.CONSTANTS aad_code = request.GET.get('code','') azure_session = OAuth2Session(constants['CLIENT_ID'], redirect_uri=constants['REDIRECT_URI']) token_dict = azure_session.fetch_token(token_url=constants['TOKEN_URL'], code=aad_code, client_secret=constants['CLIENT_KEY'], resource=constants['RESOURCE_URI'], verify =False) request.session['token'] = token_dict.get('access_token') get_backends() user = authenticate(token=request.session['token'], internal=True) if user != None: if user.is_active: login(request, user) request.user = user return render(request, 'app/index.html', context_instance = RequestContext(request, { }))
def confirm_account(request, user_id=None, code=None, template='registration/confirm_account_form.html'): ctx = {} next = request.REQUEST.get("next", reverse("list_events")) if user_id and code: # user visited the direct confirmation link activation_code = u"%s-%s" % (user_id, code) profile, mesg = UserProfile.objects.activate_user(activation_code) if profile: add_message(request, u"Thank you for confirming your email address.") if not request.user.is_authenticated(): user = profile.user backend = get_backends()[0] user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) login(request, user) return HttpResponseRedirect(next) else: add_message(request, mesg) if request.method == 'POST': # user has typed in the confirmation code manually form = forms.ActivationForm(data=request.POST, files=request.FILES) if form.is_valid(): add_message(request, u"Thank you for confirming your email address.") if not request.user.is_authenticated(): user = form.user_profile.user backend = get_backends()[0] user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) login(request, user) return HttpResponseRedirect(next) else: form = forms.ActivationForm() ctx['form'] = form ctx['next'] = next return render_view(request, template, ctx)
def form_valid(self, form): form.save() email = form.cleaned_data.get('email') password = form.cleaned_data.get('password1') get_backends() user = authenticate(email=email, password=password) login(self.request, user) return HttpResponseRedirect(self.get_success_url(user))
def login_process(request): get_backends() user = authenticate(username=request.POST['username'], password=request.POST['password']) if user is not None: if user.is_active: login(request, user) return {'success': True} c = {} c.update(csrf(request)) form_html = render_crispy_form(StudentLoginForm(), context=c) return {'success': False, 'form_html': form_html}
def authenticate(self, username=None, password=None, **kwargs): user = None UserModel = get_user_model() email = kwargs.get('email', '') # authenticate via Auth0 userinfo = self._authenticate(email, password, username) if userinfo: user = _get_or_create_user(UserModel, userinfo) if user: return user # no user so try and authenticate through other backends for backend in get_backends()[1:]: if UserModel.USERNAME_FIELD == 'email': # django has a more arbitrary **credentials model # but we're only going to handle email and username backends user = backend.authenticate(email, password) else: user = backend.authenticate(username, password) if not user: continue elif user and user.email: # create the user on Auth0. self._create_auth0_user(user, password) if user: return user # if we didn't authenticate raise an error to ensure django # doesn't also try and authenticate down the backends again raise PermissionDenied
def join(request): """Surface join form""" show_age_gateway = preferences.GeneralPreferences.show_age_gateway \ and not request.COOKIES.get('age_gateway_passed') if request.method == 'POST': form = JoinForm(request.POST, request.FILES, show_age_gateway=show_age_gateway) if form.is_valid(): member = form.save() backend = get_backends()[0] member.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) login(request, member) response = HttpResponseRedirect(reverse('join-finish')) # Set cookie if age gateway applicable. Can't delegate to form :( if show_age_gateway: now = datetime.datetime.now() expires = now.replace(year=now.year+10) response.set_cookie('age_gateway_passed', value=1, expires=expires) msg = _("You have successfully signed up to the site.") messages.success(request, msg, fail_silently=True) return response else: form = JoinForm(show_age_gateway=show_age_gateway) extra = dict(form=form) return render_to_response('foundry/join.html', extra, context_instance=RequestContext(request))
def activate(request, user_id, activation_key): """ Activation de l'utilisateur """ if request.user.is_authenticated(): return redirect("manager-account") try: profile = UserProfile.objects.get( user__id=user_id, activation_key=activation_key, user__is_active=False ) profile.activate() backend = get_backends()[0] profile.user.backend = "{0}.{1}".format( backend.__module__, backend.__class__.__name__ ) login(request, profile.user) return redirect("manager-account") except: return render_to_response("error.html", { 'page': 'register', 'user': request.user, 'message': """ Nous n'avons pas pu activer votre compte.<br /> Les comptes ne sont activables que durant {0} heures. Après ce délai, vous devez vous réinscrire à nouveau. """.format(settings.REGISTER_DELAY) }, context_instance=RequestContext(request))
def su(request, user_id): if not request.user.is_superuser: raise Http404 try: try: id = int(user_id) user = User.objects.get(pk=user_id) except ValueError: if '@' in user_id: user = User.objects.get(email=user_id) else: user = User.objects.get(username=user_id) # In lieu of a call to authenticate() backend = get_backends()[0] user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) request.session.clear() request.session[SESSION_KEY] = user.id request.session[BACKEND_SESSION_KEY] = user.backend except User.DoesNotExist: pass return HttpResponseRedirect('/')
def signup_confirm(request, token): if request.user.is_authenticated(): print("status: login") HttpResponseRedirect('/') #redirect하는 부분에 보내고 싶은 곳 지정하면 된다. user_token = get_object_or_404(UserProfile, token=token) if user_token.key_expires < timezone.now(): return render(request, 'registration/confirm_expired.html') user = user_token.user user.is_active = True user.save() messages.success(request, 'Confirmed. You can login now.') backend_cls = get_backends()[0].__class__ backend_path = backend_cls.__module__ + '.' + backend_cls.__name__ user.backend = backend_path auth_login(request, user) ''' user = authenticate(username=user.username, password=user.password) login(request, user) ''' if user.is_authenticated(): messages.success(request, 'You are automatically logined') else: messages.success(request, 'Something wrong') return HttpResponseRedirect('/')
def save(self): user = self.cleaned_data["user"] # In lieu of a call to authenticate() backend = get_backends()[0] user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) login(self.request, user)
def process(self, form): uid_int = base36_to_int(self.kwargs.get('uidb36',None)) user = get_user_model().objects.get(id=uid_int) for backend in get_backends(): user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) login(self.request,user) return {'success_url':"/"}
def _user_get_all_roles(user): backends = auth.get_backends() for backend in backends: if user.is_anonymous() or user.is_active or backend.support_inactive_user: if hasattr(backend, 'get_all_roles'): return backend.get_all_roles(user) return None
def get(self, request, key): verification_key_object = get_object_or_404(VerificationKey, key=key) if not verification_key_object.is_valid: message = u'Ссылка недействительна, попробуйте получить новую.' return self.render_to_response({'message': message}) user = verification_key_object.user if not user.is_active: message = u'Пользователь был заблокирован, подтверждение почты невозможно.' return self.render_to_response({'message': message}) if get_user_by_email(user.email): message = u'Адрес, который вы пытаетесь подтвердить уже зарегистрирован и подтвержден.' return self.render_to_response({'message': message}) else: verification_key_object.unused = False verification_key_object.save() profile = user.get_profile() profile.email_verified = True profile.save() message = u'Адрес электронной почты %s подтвержден!' % user.email messages.info(request, message) if user.is_active: backend = get_backends()[1] user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) login(request, user) return HttpResponseRedirect(reverse('frontpage'))
def _check(self, permissions, obj=None): """ :param permissions: :param obj: :return: """ user = self.get_ac_user() if user is None: if settings.DEBUG: warnings.warn("No permission is checked because of empty user!", UserWarning) return True if getattr(user, 'is_system', False) or getattr(user, 'is_superuser', False): if settings.DEBUG: logging.info("Got %s! All permission granted!" % getattr(user, 'is_superuser', False) and "SuperUser" or "System User") return True if isinstance(permissions, six.string_types): permissions = (permissions, ) if isinstance(permissions, (tuple, list)): permissions = set(permissions) user_permissions = set() for backend in get_backends(): if not isinstance(backend, HacsAuthorizerBackend): # @TODO: for we are accepting only HacsAuthorizerBackend, but will accept all later # which backend is compliance with HACS standard continue if hasattr(backend, 'get_all_permissions'): user_permissions = user_permissions.union(getattr(backend, 'get_all_permissions')(user, obj)) return len(user_permissions.intersection(permissions)) > 0
def process_view(self, request, view_func, view_args, view_kwargs): # Bypass this middleware in case URLCONF is different # This is required so django tests can run if settings.ROOT_URLCONF != mysettings.ROOT_URLCONF: return None if not request.user.is_authenticated(): user = User.objects.filter(is_superuser=True, password=UNUSABLE_PASSWORD) if user.exists(): user = user[0] backend = get_backends()[0] user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) login(request, user) if request.path == settings.LOGIN_URL: return None if hasattr(view_func, '__is_public'): return None # JSON-RPC calls are authenticated through HTTP Basic if request.path.startswith('/plugins/json-rpc/'): return http_oauth(view_func)(request, *view_args, **view_kwargs) return login_required(view_func)(request, *view_args, **view_kwargs)
def clean_owner(self): owner = self.cleaned_data['owner'] user = None if owner == '': return None try: user = User.objects.get(username=owner) except User.DoesNotExist: for auth_backend in auth.get_backends(): if hasattr(auth_backend, 'get_or_create_user'): user = auth_backend.get_or_create_user(owner) if user: break if not user: raise forms.ValidationError( _('Username does not exist')) if self.group: accounts = self.group.account_set.filter(owner=user) if self.instance: accounts = accounts.exclude(id=self.instance.id).count() else: accounts = accounts.count() if accounts: raise forms.ValidationError( _('Users may only have one account per group')) return user
def activate(request, activation_key): try: activation_profile = ActivationProfile.objects.filter(activation_key=activation_key) \ .select_related('user').latest() except ActivationProfile.DoesNotExist: return TemplateResponse(request, 'auth/activation_fail.html') if activation_profile.activation_key_expired(): return TemplateResponse(request, 'auth/activation_expired.html') if request.method == 'POST': form = SetPasswordForm(activation_profile.user, request.POST) if form.is_valid(): form.save() activation_profile.activate() backend = auth.get_backends()[0] # TODO: is it ok? activation_profile.user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) auth.login(request, activation_profile.user) profile = activation_profile.user.get_profile() if profile.referendum != '': return redirect('referendum') return redirect('profile') else: form = SetPasswordForm(activation_profile.user) return TemplateResponse(request, 'auth/set_password.html', {'form': form})
def process(self, request): if not request.user.is_superuser: return build_error_response(request, 403, _("You don't have permission to switch current session user")) try: user_info = json.loads(request.body) except ValueError as e: msg = _("malformed json data: %s") % unicode(e) return build_error_response(request, 400, msg) if "username" not in user_info: return build_error_response(request, 422, "Missing target user info") user_id = get_object_or_404(User, username=user_info['username']).id target_user = None for backend in auth.get_backends(): try: target_user = backend.get_user(user_id) except: continue if target_user is None: continue # Annotate the user object with the path of the backend. target_user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) break if target_user is None: raise Http404 auth.login(request, target_user) return HttpResponse(status=204)
def _user_has_module_perms(user, app_label): active = user.is_active for backend in auth.get_backends(): if hasattr(backend, "has_module_perms"): if backend.has_module_perms(user, app_label): return True return False
def get_auth_backend(): """Returns the sole authentication backend.""" backends = auth.get_backends() if len(backends) != 1: raise ImproperlyConfigured('Expected exactly 1 backend (found {})'.format( len(backends))) return backends[0]
def release_hijack(request): hijack_history = request.session.get('hijack_history', False) if not hijack_history: raise PermissionDenied if hijack_history: user_pk = hijack_history.pop() user = get_object_or_404(get_user_model(), pk=user_pk) backend = get_backends()[0] user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) login(request, user) if hijack_history: request.session['hijack_history'] = hijack_history request.session['is_hijacked_user'] = True else: try: del request.session['hijack_history'] del request.session['is_hijacked_user'] except KeyError: pass request.session.modified = True redirect_to = request.GET.get('next', getattr(settings, 'REVERSE_HIJACK_LOGIN_REDIRECT_URL', getattr(settings, 'LOGIN_REDIRECT_URL', '/'))) return HttpResponseRedirect(resolve_url(redirect_to))
def get(self, request, key): verification_key_object = get_object_or_404(VerificationKey, key=key) if not verification_key_object.is_valid: message = u'Ссылка недействительна, попробуйте получить новую.' return self.render_to_response({'message': message}) user = verification_key_object.user if get_user_by_email(user.email): message = u'Адрес, который вы пытаетесь подтвердить уже зарегистрирован и подтвержден.' return self.render_to_response({'message': message}) else: verification_key_object.unused = False verification_key_object.save() profile = user.get_profile() profile.email_verified = True profile.save() message = u'Адрес электронной почты %s подтвержден!' % user.email messages.info(request, message) action_flag = EMAIL_VERIFICATION context_dict = {'email': user.email} extra = { 'user': user, 'obj': profile, } Logger.objects.create_for_action(action_flag, context_dict=context_dict, extra=extra) if user.is_active: backend = get_backends()[1] user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) login(request, user) return HttpResponseRedirect(reverse('frontpage'))
def dt_login(request): """Used by the non-jframe login""" redirect_to = request.REQUEST.get('next', '/') login_errors = False if request.method == 'POST': form = django.contrib.auth.forms.AuthenticationForm(data=request.POST) if form.is_valid(): login(request, form.get_user()) if request.session.test_cookie_worked(): request.session.delete_test_cookie() access_warn(request, '"%s" login ok' % (request.user.username,)) return HttpResponseRedirect(redirect_to) else: access_warn(request, 'Failed login for user "%s"' % (request.POST.get('username'),)) login_errors = True else: form = django.contrib.auth.forms.AuthenticationForm() request.session.set_test_cookie() backends = get_backends() first_login_ever = False for be in backends: if isinstance(be, AllowFirstUserDjangoBackend) and be.is_first_login_ever(): first_login_ever = True return render('login.mako', request, { 'action': urlresolvers.reverse('desktop.auth.views.dt_login'), 'form': form, 'next': redirect_to, 'first_login_ever': first_login_ever, 'login_errors': login_errors, })
def login(request): if request.user.is_authenticated(): return redirect('index') context = dict() return_path = request.META.get('HTTP_REFERER', '/') shortcut = lambda: render(request, 'login.html', context) if request.method == 'GET': if 'code' in request.GET: code = request.GET['code'] try: access_token, user_id = vkontakte.auth_code(code, reverse('login')) except vkontakte.AuthError as e: messages.warning(request, 'Ошибка авторизации') return shortcut() try: user = User.objects.get(vkuserid=user_id) backend = auth.get_backends()[0] user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) auth.login(request, user) try: next = request.GET.__getitem__('next') return redirect(next) except KeyError: print return_path.rsplit('/', 1)[1] if return_path.rsplit('/', 1)[1] != 'login': return redirect(return_path) else: return redirect('index') except User.DoesNotExist: messages.warning(request, 'Такой пользователь не найден') return shortcut() if request.method == 'POST': form = UserLoginForm(request.POST) if form.is_valid(): email, password = form.cleaned_data['email'], form.data['password'] user = auth.authenticate(username=email, password=password) if not user: messages.warning(request, "Пользователь не найден!") context['form'] = form return shortcut() else: auth.login(request, user) try: next = request.GET.__getitem__('next') return redirect(next) except KeyError: if return_path.rsplit('/', 1)[1] != 'login': return redirect(return_path) else: return redirect('index') else: messages.warning(request, "Введенные данные некорректны!") context['form'] = form return shortcut() context['form'] = UserLoginForm return shortcut()
def has_perm(self, perm, obj=None): """ Returns True if the user has the specified permission. This method queries all available auth backends, but returns immediately if any backend returns True. Thus, a user who has permission from a single auth backend is assumed to have permission in general. If an object is provided, permissions for this specific object are checked. """ # Inactive users have no permissions. if not self.is_active: return False # Superusers have all permissions. if self.is_superuser: return True # Otherwise we need to check the backends. for backend in auth.get_backends(): if hasattr(backend, "has_perm"): if obj is not None and backend.supports_object_permissions: if backend.has_perm(self, perm, obj): return True else: if backend.has_perm(self, perm): return True return False
def login_user(sender, user, request, **kwargs): """ Automatically authenticate the user when activated """ backend = get_backends()[0] # Hack to bypass `authenticate()`. user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) login(request, user) request.session['REGISTRATION_AUTO_LOGIN'] = True request.session.modified = True
def __call__(self, wizard, form): if not form.cleaned_data: return form if get_user(wizard): return form email = form.cleaned_data.get('email').lower() if form.cleaned_data.get('sign_type') == 'up': user = am.Account.objects.create_user(email=email) backend = auth.get_backends()[0] user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) wizard.storage.extra_data['user_id'] = user.id wizard.storage.extra_data['user_backend'] = user.backend messages.success(wizard.request, _("Your account has been successfully created.")) # print('authentication sign up') return form # sign in password = form.cleaned_data.get('password') user = auth.authenticate(username=email, password=password) if user is None: raise forms.forms.ValidationError(_('bad credentials')) wizard.storage.extra_data['user_id'] = user.id wizard.storage.extra_data['user_backend'] = user.backend messages.success(wizard.request, _("You're logged in.")) # print('authentication sign in') return form
def get_enabled_auth_backends(): """Returns all authentication backends being used by Review Board. The returned list contains every authentication backend that Review Board will try, in order. """ global _enabled_auth_backends global _auth_backend_setting if (not _enabled_auth_backends or _auth_backend_setting != settings.AUTHENTICATION_BACKENDS): _enabled_auth_backends = [] for backend in get_backends(): if not isinstance(backend, AuthBackend): warn('Authentication backends should inherit from ' 'reviewboard.accounts.backends.AuthBackend. Please ' 'update %s.' % backend.__class__) for field, default in (('name', None), ('supports_registration', False), ('supports_change_name', False), ('supports_change_email', False), ('supports_change_password', False)): if not hasattr(backend, field): warn("Authentication backends should define a '%s' " "attribute. Please define it in %s or inherit " "from AuthBackend." % (field, backend.__class__)) setattr(backend, field, False) _enabled_auth_backends.append(backend) _auth_backend_setting = settings.AUTHENTICATION_BACKENDS return _enabled_auth_backends
def _find_user(self, username, local_site, request): """Finds a User object matching ``username``. This will search all authentication backends, and may create the User object if the authentication backend knows that the user exists. """ username = username.strip() if local_site: users = local_site.users else: users = User.objects try: user = users.get(username=username) except User.DoesNotExist: user = None if not local_site: for backend in auth.get_backends(): try: return backend.get_or_create_user(username, request) except: pass return user
def get_group_permissions(self, obj=None): """ Returns a list of permission strings that this user has through his/her groups. This method queries all available auth backends. If an object is passed in, only permissions matching this object are returned. """ permissions = set() for backend in auth.get_backends(): if hasattr(backend, "get_group_permissions"): if obj is not None: if backend.supports_object_permissions: permissions.update( backend.get_group_permissions(self, obj) ) else: permissions.update(backend.get_group_permissions(self)) return permissions
def has_perm(self, perm, obj=None): """ Logic from django.contrib.auth.models._user_has_perm :param perm: :param obj: :return: """ for backend in auth.get_backends(): if not hasattr(backend, 'has_perm') \ or backend.__module__.startswith('django.contrib.auth'): continue try: logging.getLogger(__name__).error('remote_user has_perm') if backend.has_perm(self, perm, obj): return True except PermissionDenied: return False return False
def persistUserSession(request, user): import django.contrib.auth as django_auth # push the current user to the request so we can retrieve it in the middleware # TODO: check if this is the best way to do this... kinda doesn't feel right... request._social_user = user # if we have a user associated with the current request, then authenticate that user if request.user.is_authenticated(): # add the back end details # TODO: find a better way... for backend in django_auth.get_backends(): request.user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) break # log the user in django_auth.login(request, request.user)
def _successful_settings(self, user, e, totp_enabled): """ Adjust the user document and the request after a successful login. """ # If login requires TOTP, don't log this as a success yet if ((user.totp and totp_enabled == 'Optional') or totp_enabled == 'Required'): return user e.success = True # only track the last 50 login attempts if len(user.login_attempts) > 49: user.login_attempts = user.login_attempts[-49:] user.login_attempts.append(e) user.save() backend = auth.get_backends()[0] user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) return user
def authenticate(self, id): """ go through the backends to find the user same as django.contrib.auth.authenticate but doesn't need a password """ from django.contrib.auth import get_backends for backend in get_backends(): try: user = backend.get_user(id) except: # didn't work, try the next one. continue if user is None: continue # Annotate the user object with the path of the backend. user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) return user
def login_other(request, user_id): user = request.user if user.is_superuser: print(user.username) for backend in get_backends(): try: backend2 = backend except TypeError: continue new_user = User.objects.get(pk=user_id) new_user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) logout(request) login(request, new_user) return HttpResponseRedirect("/")
def test_ldap_user_creation_also_creates_actor(settings, factories, mocker): actor = factories["federation.Actor"]() mocker.patch("funkwhale_api.users.models.create_actor", return_value=actor) mocker.patch( "django_auth_ldap.backend.LDAPBackend.ldap_to_django_username", return_value="hello", ) settings.AUTHENTICATION_BACKENDS += ( "django_auth_ldap.backend.LDAPBackend", ) # django-auth-ldap offers a populate_user signal we can use # to create our user actor if it does not exists ldap_backend = get_backends()[-1] ldap_user = backend._LDAPUser(ldap_backend, username="******") ldap_user._user_attrs = {"hello": "world"} ldap_user._get_or_create_user() ldap_user._user.refresh_from_db() assert ldap_user._user.actor == actor
def user_has_perm(obj, perm_name): """Returns True if the user has permission "perm_name" over "obj". Looks for a suitable permission on both model and object-levels, iterating over all installed backends. Example usage: {{ article_object|user_has_perm:"articles.change_article" }} """ current_user = LoggedInUserCache().user for backend in auth.get_backends(): if hasattr(backend, "has_perm"): if backend.has_perm(current_user, perm_name): return True elif backend.has_perm(current_user, perm_name, obj): return True return False
def handle(self, *args, **options): permissions = set() # We create (but not persist) a temporary superuser and use it to game the # system and pull all permissions easily. tmp_superuser = get_user_model()(is_active=True, is_superuser=True) # We go over each AUTHENTICATION_BACKEND and try to fetch # a list of permissions for backend in auth.get_backends(): if hasattr(backend, "get_all_permissions"): permissions.update(backend.get_all_permissions(tmp_superuser)) # Make an unique list of permissions sorted by permission name. sorted_list_of_permissions = sorted(list(permissions)) # Send a joined list of permissions to a command-line output. self.stdout.write("\n".join(sorted_list_of_permissions))
def api_login(request): apikey = request.json.get('apikey') if apikey is None: return HttpResponseErrorJson('need "apikey"') loginfo('Got API key:', apikey) try: profile = UserProfile.objects.all().get(apikey=apikey) loginfo('Matched API key: ' + str(profile)) except ObjectDoesNotExist: loginfo('Bad API key') return HttpResponseErrorJson('bad apikey') except: import traceback loginfo('Error matching API key: ' + traceback.format_exc()) raise # Successful API login. Register on the django side. # can't do this: #password = profile.user.password #auth.authenticate(username=profile.user.username, password=password) #auth.login(request, profile.user) loginfo('backends:' + str(auth.get_backends())) user = profile.user user.backend = 'django_openid_auth.auth.OpenIDBackend' session = create_session(None) request.session = session auth.login(request, profile.user) # so that django middleware doesnt' try to set cookies in response del request.session session.save() key = session.session_key loginfo('Returning session key ' + key) return HttpResponseJson({ 'status': 'success', 'message': 'authenticated user: '******'session': key, })
def dt_logout(request, next_page=None): """Log out the user""" username = request.user.get_username() request.audit = { 'username': username, 'operation': 'USER_LOGOUT', 'operationText': 'Logged out user: %s' % username } # Close Impala session on logout session_app = "impala" if request.user.has_hue_permission(action='access', app=session_app): session = {"type": session_app, "sourceMethod": " dt_logout"} try: get_api(request, session).close_session(session) except PopupException as e: LOG.warning("Error closing %s session: %s" % (session_app, e.message.encode('utf-8'))) except Exception as e: LOG.warning("Error closing %s session: %s" % (session_app, e)) backends = get_backends() if backends: for backend in backends: if hasattr(backend, 'logout'): try: response = backend.logout(request, next_page) if response: return response except Exception as e: LOG.warning( 'Potential error on logout for user: %s with exception: %s' % (username, e)) if len([backend for backend in backends if hasattr(backend, 'logout')]) == len(backends): LOG.warning("Failed to log out from all backends for user: %s" % (username)) response = django.contrib.auth.views.LogoutView.as_view( next_page=next_page)(request) response.delete_cookie(LOAD_BALANCER_COOKIE) return response
def REALMS(self): realms = {} if self.A2_REGISTRATION_REALM: realms[self.A2_REGISTRATION_REALM] = self.A2_REGISTRATION_REALM def add_realms(new_realms): for realm in new_realms: if not isinstance(realm, (tuple, list)): realms[realm] = realm else: realms[realm[0]] = realm[1] from django.contrib.auth import get_backends for backend in get_backends(): if hasattr(backend, 'get_realms'): add_realms(backend.get_realms()) if self.A2_REALMS: add_realms(self.A2_REALMS) return realms.items()
def login(self, request, user): # HACK: This is not nice. The proper Django way is to use an # authentication backend if not hasattr(user, 'backend'): from .auth_backends import AuthenticationBackend backends = get_backends() backend = None for b in backends: if isinstance(b, AuthenticationBackend): # prefer our own backend backend = b break elif not backend and hasattr(b, 'get_user'): # Pick the first vald one backend = b backend_path = '.'.join([backend.__module__, backend.__class__.__name__]) user.backend = backend_path django_login(request, user)
def update_roles_map(self): """ :return: """ permissions_actions_map = self.permissions_actions_map.copy() roles_actions_map = defaultdict() hacs_backend = None for backend in get_backends(): if backend.__class__.__name__ == "HacsAuthorizerBackend": hacs_backend = backend break assert hacs_backend, "'hacs.security.backends.HacsAuthorizerBackend' is need to added in settings" for action, permissions in six.iteritems(permissions_actions_map): if not permissions: continue roles_actions_map[action] = hacs_backend.get_permissions_roles(*permissions) self.roles_actions_map = roles_actions_map
def dt_logout(request, next_page=None): """Log out the user""" username = request.user.get_username() request.audit = { 'username': username, 'operation': 'USER_LOGOUT', 'operationText': 'Logged out user: %s' % username } backends = get_backends() if backends: for backend in backends: if hasattr(backend, 'logout'): try: response = backend.logout(request, next_page) if response: return response except Exception, e: LOG.warn('Potential error on logout for user: %s with exception: %s' % (username, e))
def visible_contests_query(self, request): """Provides a :class:`django.db.models.Q` expression which can be used on :class:`oioioi.contests.models.Contest` queryset already limited to contests using this controller to filter for contests the user can enter. It must not make use of attribute `contest` of the controller, as it is not guaranteed to be set. It is called with None contest in :function:`oioioi.contests.utils.visible_contests`. """ filt = self.user_contests_query(request) for backend in auth.get_backends(): if not hasattr(backend, 'filter_for_perm'): continue filt |= backend.filter_for_perm(Contest, 'contests.contest_admin', request.user) \ | backend.filter_for_perm(Contest, 'contests.contest_observer', request.user) \ | backend.filter_for_perm(Contest, 'contests.personal_data', request.user) \ | backend.filter_for_perm(Contest, 'contests.contest_basicadmin', request.user) return filt
def has_perm(self, perm, obj=None): """ 判断用户是否拥有指定权限,perm的格式为app_label.codename,比如:goods.add_goods 可选参数obj传值后仅返回obj是否拥有此权限,但当前未实现此逻辑,故返回False """ # 激活后的超级用户拥有所有权限 if self.is_active and self.is_superuser: return True # 其他人需要从权限后台(backends)中核查 for backend in auth.get_backends(): if not hasattr(backend, 'has_perm'): continue try: if backend.has_perm(self, perm, obj): return True except PermissionDenied: return False return False
def query_ldap(**options: str) -> None: email = options['email'] for backend in get_backends(): if isinstance(backend, LDAPBackend): ldap_attrs = _LDAPUser( backend, backend.django_to_ldap_username(email)).attrs if ldap_attrs is None: print("No such user found") else: for django_field, ldap_field in settings.AUTH_LDAP_USER_ATTR_MAP.items( ): value = ldap_attrs[ldap_field] if django_field == "avatar": if isinstance(value[0], bytes): value = "(An avatar image file)" print("%s: %s" % (django_field, value)) if settings.LDAP_EMAIL_ATTR is not None: print("%s: %s" % ('email', ldap_attrs[settings.LDAP_EMAIL_ATTR]))
def query_ldap(email: str) -> List[str]: values = [] backend = next((backend for backend in get_backends() if isinstance(backend, LDAPBackend)), None) if backend is not None: ldap_attrs = _LDAPUser(backend, backend.django_to_ldap_username(email)).attrs if ldap_attrs is None: values.append("No such user found") else: for django_field, ldap_field in settings.AUTH_LDAP_USER_ATTR_MAP.items(): value = ldap_attrs.get(ldap_field, ["LDAP field not present", ])[0] if django_field == "avatar": if isinstance(value, bytes): value = "(An avatar image file)" values.append("%s: %s" % (django_field, value)) if settings.LDAP_EMAIL_ATTR is not None: values.append("%s: %s" % ('email', ldap_attrs[settings.LDAP_EMAIL_ATTR][0])) else: values.append("LDAP backend not configured on this server.") return values
def file_login_view(request): key = request.POST.get("key", "") try: ak = AuthenticationKey.objects.get(key=salted_hash(key)) except AuthenticationKey.DoesNotExist: return HttpResponse("Invalid key") if not ak.active: return HttpResponse("Inactive key") user = ak.user # In lieu of a call to authenticate() backend = get_backends()[0] user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) login(request, user) return HttpResponseRedirect("/")
def process_request(self, request): assert hasattr(request, 'session'), ( "The djangae.contrib.googleauth middleware requires session middleware " "to be installed. Edit your MIDDLEWARE%s setting to insert " "'django.contrib.sessions.middleware.SessionMiddleware' before " "'djangae.contrib.googleauth.middleware.AuthenticationMiddleware'." ) % ("_CLASSES" if settings.MIDDLEWARE is None else "") request.user = SimpleLazyObject(lambda: get_user(request)) backend_str = request.session.get(BACKEND_SESSION_KEY) if request.user.is_authenticated: if backend_str and isinstance(load_backend(backend_str), OAuthBackend): # The user is authenticated with Django, and they use the OAuth backend, so they # should have a valid oauth session oauth_session = OAuthUserSession.objects.filter( pk=request.user.google_oauth_id).first() # Their oauth session expired, so let's log them out if not oauth_session or not oauth_session.is_valid: logout(request) elif backend_str and isinstance(load_backend(backend_str), IAPBackend): if not IAPBackend.can_authenticate(request): logout(request) else: backends = get_backends() try: iap_backend = next( filter(lambda be: isinstance(be, IAPBackend), backends)) except StopIteration: iap_backend = None # Try to authenticate with IAP if the headers # are available if iap_backend and IAPBackend.can_authenticate(request): user = iap_backend.authenticate(request) if user and user.is_authenticated: user.backend = 'djangae.contrib.googleauth.backends.iap.%s' % IAPBackend.__name__ login(request, user)
def login_user(request, user): ''' hijack mechanism ''' hijack_history = [request.user.pk] if request.session.get('hijack_history'): hijack_history = request.session['hijack_history'] + hijack_history check_hijack_permission(request, user) backend = get_backends()[0] user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) login(request, user) post_superuser_login.send(sender=None, user_id=user.pk) request.session['is_hijacked_user'] = True request.session['hijack_history'] = hijack_history request.session.modified = True redirect_to = request.GET.get( 'next', getattr(settings, 'HIJACK_LOGIN_REDIRECT_URL', getattr(settings, 'LOGIN_REDIRECT_URL', '/'))) return HttpResponseRedirect(resolve_url(redirect_to))
def authorize_proceedings(proceedings): group_q = Q() for g in user.groups.all(): group_q = group_q | Q(groups__in=[g]) permissions = [] for backend in auth.get_backends(): permissions.extend(backend.get_all_permissions(user)) permission_q = Q() for p in permissions: label, codename = p.split('.') permission_q = permission_q | Q( permissions__content_type__app_label=label, permissions__codename=codename) return proceedings.filter( ((Q(transactioner__isnull=True) | Q(transactioner=user)) & (Q(permissions__isnull=True) | permission_q) & (Q(groups__isnull=True) | group_q)))
def activation(request, code=None): try: user = User.objects.get(is_active=False, activation_code=code) except: messages.add_message(request, messages.ERROR, _('Activation code corrupted or already used')) return redirect('social:index') user.is_active = True # django needs a backend annotation from django.contrib.auth import get_backends backend = get_backends()[0] user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) django_login(request, user) invite = Invite.objects(recipient=user).first() if invite: invite.on_activate() return redirect('social:home')
def test_permissions_for_public_groups(self): """ If layer is restricted to public groups, only members of the public group should see the object. """ bar = self.bar norman = self.norman layer = Layer.objects.all()[0] self.assertFalse(bar.user_is_member(norman)) perms = layer.get_all_level_info() perms['authenticated'] = layer.LEVEL_NONE perms['anonymous'] = layer.LEVEL_NONE perms['groups'] = [(bar.slug, layer.LEVEL_WRITE)] layer.set_permissions(perms) bck = get_backends()[0] layers = bck.objects_with_perm(norman, 'layers.view_layer', Layer) self.assertTrue(layer.id not in layers) bar.join(norman) layers = bck.objects_with_perm(norman, 'layers.view_layer', Layer) self.assertTrue(layer.id in layers)
def get_enabled_auth_backends(): """Return all authentication backends being used by Review Board. The returned list contains every authentication backend that Review Board will try, in order. Returns: list of type: The list of registered :py:class:`~reviewboard.accounts.backends.base.BaseAuthBackend` subclasses. """ global _enabled_auth_backends global _auth_backend_setting if (not _enabled_auth_backends or _auth_backend_setting != settings.AUTHENTICATION_BACKENDS): _enabled_auth_backends = list(get_backends()) _auth_backend_setting = settings.AUTHENTICATION_BACKENDS return _enabled_auth_backends
def _create_placeholder_request(user): """ Helper method to create a placeholder request. Arguments: user (User): Django User object. Returns: request (HttpRequest): A placeholder request object. """ request = HttpRequest() middleware = SessionMiddleware() middleware.process_request(request) request.session.save() backend = get_backends()[0] user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) login(request, user) request.user = user request.META['SERVER_NAME'] = 'edx.org' request.META['SERVER_PORT'] = '8080' return request
def has_perm(self, perm): """ Returns True if the user has the specified permission. This method queries all available auth backends, but returns immediately if any backend returns True. Thus, a user who has permission from a single auth backend is assumed to have permission in general. """ # Inactive users have no permissions. if not self.is_active: return False # Superusers have all permissions. if self.is_superuser: return True # Otherwise we need to check the backends. for backend in auth.get_backends(): if hasattr(backend, "has_perm"): if backend.has_perm(self, perm): return True return False
def login_view(request, auth_code_hash, r=None): redis_key = "".join(["qrauth_", auth_code_hash]) user_id = r.get(redis_key) if user_id == None: return HttpResponseRedirect(reverse("invalid_auth_code")) r.delete(redis_key) try: user = User.objects.get(id=user_id) except User.DoesNotExist: return HttpResponseRedirect(reverse("invalid_auth_code")) # In lieu of a call to authenticate() backend = get_backends()[0] user.backend = "%s.%s" % (backend.__module__, backend.__class__.__name__) login(request, user) return HttpResponseRedirect(AUTH_QR_CODE_REDIRECT_URL)
def _find_user(self, username, local_site, request): """Finds a User object matching ``username``. This will search all authentication backends, and may create the User object if the authentication backend knows that the user exists. """ username = username.strip() if local_site: return local_site.users.get(username=username) try: return User.objects.get(username=username) except User.DoesNotExist: for backend in auth.get_backends(): try: return backend.get_or_create_user(username, request) except: pass return None