def allow_request(self, request, view): """ Implement the check to see if the request should be throttled. On success calls `throttle_success`. On failure calls `throttle_failure`. """ if self.rate is None: return True if get_remote_ip(request) in settings.REST_FRAMEWORK_THROTTING_WHITELIST: return True self.key = self.get_cache_key(request, view) if self.key is None: return True self.history = self.cache.get(self.key, []) self.now = self.timer() # Drop any requests from the history which have now passed the # throttle duration while self.history and self.history[-1] <= self.now - self.duration: self.history.pop() if len(self.history) >= self.num_requests: return self.throttle_failure() return self.throttle_success()
def allow_request(self, request, view): """ Implement the check to see if the request should be throttled. On success calls `throttle_success`. On failure calls `throttle_failure`. """ if self.rate is None: return True if get_remote_ip( request) in settings.REST_FRAMEWORK_THROTTING_WHITELIST: return True self.key = self.get_cache_key(request, view) if self.key is None: return True self.history = self.cache.get(self.key, []) self.now = self.timer() # Drop any requests from the history which have now passed the # throttle duration while self.history and self.history[-1] <= self.now - self.duration: self.history.pop() if len(self.history) >= self.num_requests: return self.throttle_failure() return self.throttle_success()
def _clear_login_failed_attempts(request): """Clear login failed attempts records. Arguments: - `request`: """ username = request.user.username ip = get_remote_ip(request) cache.delete(LOGIN_ATTEMPT_PREFIX + username) cache.delete(LOGIN_ATTEMPT_PREFIX + ip)
def clear_login_failed_attempts(request, username): """Clear login failed attempts records. Arguments: - `request`: """ ip = get_remote_ip(request) cache.delete(normalize_cache_key(username, prefix=LOGIN_ATTEMPT_PREFIX)) cache.delete(normalize_cache_key(ip, prefix=LOGIN_ATTEMPT_PREFIX)) p = Profile.objects.get_profile_by_user(username) if p and p.login_id: cache.delete(normalize_cache_key(p.login_id, prefix=LOGIN_ATTEMPT_PREFIX))
def _clear_login_failed_attempts(request): """Clear login failed attempts records. Arguments: - `request`: """ username = request.user.username ip = get_remote_ip(request) cache.delete(LOGIN_ATTEMPT_PREFIX + urlquote(username)) cache.delete(LOGIN_ATTEMPT_PREFIX + ip) p = Profile.objects.get_profile_by_user(username) if p and p.login_id: cache.delete(LOGIN_ATTEMPT_PREFIX + urlquote(p.login_id))
def _clear_login_failed_attempts(request, user): """Clear login failed attempts records. Arguments: - `request`: """ username = user.username ip = get_remote_ip(request) cache.delete(LOGIN_ATTEMPT_PREFIX + urlquote(username)) cache.delete(LOGIN_ATTEMPT_PREFIX + ip) p = Profile.objects.get_profile_by_user(username) if p and p.login_id: cache.delete(LOGIN_ATTEMPT_PREFIX + urlquote(p.login_id))
def clear_login_failed_attempts(request, username): """Clear login failed attempts records. Arguments: - `request`: """ ip = get_remote_ip(request) cache.delete(normalize_cache_key(username, prefix=LOGIN_ATTEMPT_PREFIX)) cache.delete(normalize_cache_key(ip, prefix=LOGIN_ATTEMPT_PREFIX)) p = Profile.objects.get_profile_by_user(username) if p and p.login_id: cache.delete( normalize_cache_key(p.login_id, prefix=LOGIN_ATTEMPT_PREFIX))
def process_request(self, request): if not ENABLE_LIMIT_IPADDRESS: return None ip = get_remote_ip(request) if not TrustedIP.objects.match_ip(ip) and ip not in TRUSTED_IP_LIST: if "api2/" in request.path or "api/v2.1/" in request.path: return HttpResponse( json.dumps({"err_msg": "you can't login, because IP \ address was not in range"}), status=403, content_type='application/json; charset=utf-8' ) else: return render_to_response('trusted_ip/403_trusted_ip.html', status=403)
def _get_cache_key(request, prefix): """Return cache key of certain ``prefix``. If user is logged in, use username, otherwise use combination of request ip and user agent. Arguments: - `prefix`: """ if request.user.is_authenticated(): key = normalize_cache_key(request.user.username, 'SharedLink_') else: ip = get_remote_ip(request) # Memcached key length limit is 250 chars, and user agent somethings may # be long which will cause error. agent = request.META.get('HTTP_USER_AGENT', '')[:150] key = normalize_cache_key(ip + agent, 'SharedLink_') return key
def sys_sudo_mode(request): if request.method not in ('GET', 'POST'): return HttpResponseNotAllowed # here we can't use @sys_staff_required if not request.user.is_staff: raise Http404 next_page = request.GET.get('next', reverse('sys_info')) password_error = False if request.method == 'POST': password = request.POST.get('password') username = request.user.username ip = get_remote_ip(request) if password: user = authenticate(username=username, password=password) if user: update_sudo_mode_ts(request) from seahub.auth.utils import clear_login_failed_attempts clear_login_failed_attempts(request, username) return HttpResponseRedirect(next_page) password_error = True from seahub.auth.utils import get_login_failed_attempts, incr_login_failed_attempts failed_attempt = get_login_failed_attempts(username=username, ip=ip) if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: # logout user from seahub.auth import logout logout(request) return HttpResponseRedirect(reverse('auth_login')) else: incr_login_failed_attempts(username=username, ip=ip) enable_shib_login = getattr(settings, 'ENABLE_SHIB_LOGIN', False) enable_adfs_login = getattr(settings, 'ENABLE_ADFS_LOGIN', False) return render( request, 'sysadmin/sudo_mode.html', { 'password_error': password_error, 'enable_sso': enable_shib_login or enable_adfs_login, 'next': next_page, })
def send_file_download_msg(request, repo, path, dl_type): """Send file downlaod msg. Arguments: - `request`: - `repo`: - `obj_id`: - `dl_type`: web or api """ username = request.user.username ip = get_remote_ip(request) user_agent = request.META.get("HTTP_USER_AGENT") msg = "file-download-%s\t%s\t%s\t%s\t%s\t%s\t%s" % (dl_type, username, ip, user_agent, repo.id, repo.name, path) msg_utf8 = msg.encode("utf-8") try: send_message("seahub.stats", msg_utf8) except Exception as e: logger.error("Error when sending file-download-%s message: %s" % (dl_type, str(e)))
def send_file_download_msg(request, repo, path, dl_type): """Send file downlaod msg. Arguments: - `request`: - `repo`: - `obj_id`: - `dl_type`: web or api """ username = request.user.username ip = get_remote_ip(request) user_agent = request.META.get("HTTP_USER_AGENT") msg = 'file-download-%s\t%s\t%s\t%s\t%s\t%s\t%s' % \ (dl_type, username, ip, user_agent, repo.id, repo.name, path) msg_utf8 = msg.encode('utf-8') try: send_message('seahub.stats', msg_utf8) except Exception as e: logger.error("Error when sending file-download-%s message: %s" % (dl_type, str(e)))
def login(request, template_name='registration/login.html', redirect_if_logged_in=None, redirect_field_name=REDIRECT_FIELD_NAME, authentication_form=AuthenticationForm): """Displays the login form and handles the login action.""" if request.user.is_authenticated() and redirect_if_logged_in: return HttpResponseRedirect(reverse(redirect_if_logged_in)) redirect_to = request.REQUEST.get(redirect_field_name, '') ip = get_remote_ip(request) failed_attempt = _get_login_failed_attempts(ip=ip) if request.method == "POST": username = urlquote(request.REQUEST.get('username', '').strip()) remember_me = True if request.REQUEST.get('remember_me', '') == 'on' else False if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: if bool(config.FREEZE_USER_ON_LOGIN_FAILED) is True: # log user in if password is valid otherwise freeze account form = authentication_form(data=request.POST) if form.is_valid(): return _handle_login_form_valid(request, form.get_user(), redirect_to, remember_me) else: # freeze user account anyway login = request.REQUEST.get('login', '') email = Profile.objects.get_username_by_login_id(login) if email is None: email = login try: user = User.objects.get(email) if user.is_active: user.freeze_user(notify_admins=True) except User.DoesNotExist: pass form.errors['freeze_account'] = _('This account has been frozen due to too many failed login attempts.') else: # log user in if password is valid otherwise show captcha form = CaptchaAuthenticationForm(data=request.POST) if form.is_valid(): return _handle_login_form_valid(request, form.get_user(), redirect_to, remember_me) else: # show page with captcha and increase failed login attempts _incr_login_faied_attempts(username=username, ip=ip) else: # login failed attempts < limit form = authentication_form(data=request.POST) if form.is_valid(): return _handle_login_form_valid(request, form.get_user(), redirect_to, remember_me) else: # increase failed attempts login = urlquote(request.REQUEST.get('login', '').strip()) failed_attempt = _incr_login_faied_attempts(username=login, ip=ip) if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: logger.warn('Login attempt limit reached, email/username: %s, ip: %s, attemps: %d' % (login, ip, failed_attempt)) if bool(config.FREEZE_USER_ON_LOGIN_FAILED) is True: form = authentication_form(data=request.POST) else: form = CaptchaAuthenticationForm() else: form = authentication_form(data=request.POST) else: ### GET if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: logger.warn('Login attempt limit reached, ip: %s, attempts: %d' % (ip, failed_attempt)) if bool(config.FREEZE_USER_ON_LOGIN_FAILED) is True: form = authentication_form(data=request.POST) else: form = CaptchaAuthenticationForm() else: form = authentication_form(request) request.session.set_test_cookie() if Site._meta.installed: current_site = Site.objects.get_current() else: current_site = RequestSite(request) multi_tenancy = getattr(settings, 'MULTI_TENANCY', False) if config.ENABLE_SIGNUP: if multi_tenancy: org_account_only = getattr(settings, 'FORCE_ORG_REGISTER', False) if org_account_only: signup_url = reverse('org_register') else: signup_url = reverse('choose_register') else: signup_url = reverse('registration_register') else: signup_url = '' enable_shib_login = getattr(settings, 'ENABLE_SHIB_LOGIN', False) enable_krb5_login = getattr(settings, 'ENABLE_KRB5_LOGIN', False) return render_to_response(template_name, { 'form': form, redirect_field_name: redirect_to, 'site': current_site, 'site_name': current_site.name, 'remember_days': config.LOGIN_REMEMBER_DAYS, 'signup_url': signup_url, 'enable_shib_login': enable_shib_login, 'enable_krb5_login': enable_krb5_login, }, context_instance=RequestContext(request))
def login( request, template_name="registration/login.html", redirect_if_logged_in=None, redirect_field_name=REDIRECT_FIELD_NAME, authentication_form=AuthenticationForm, ): """Displays the login form and handles the login action.""" if request.user.is_authenticated() and redirect_if_logged_in: return HttpResponseRedirect(reverse(redirect_if_logged_in)) redirect_to = request.REQUEST.get(redirect_field_name, "") ip = get_remote_ip(request) if request.method == "POST": login = urlquote(request.REQUEST.get("login", "").strip()) failed_attempt = _get_login_failed_attempts(username=login, ip=ip) remember_me = True if request.REQUEST.get("remember_me", "") == "on" else False # check the form used_captcha_already = False if bool(config.FREEZE_USER_ON_LOGIN_FAILED) is True: form = authentication_form(data=request.POST) else: if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: form = CaptchaAuthenticationForm(data=request.POST) used_captcha_already = True else: form = authentication_form(data=request.POST) if form.is_valid(): return _handle_login_form_valid(request, form.get_user(), redirect_to, remember_me) # form is invalid failed_attempt = _incr_login_failed_attempts(username=login, ip=ip) if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: if bool(config.FREEZE_USER_ON_LOGIN_FAILED) is True: # log user in if password is valid otherwise freeze account logger.warn( "Login attempt limit reached, try freeze the user, email/username: %s, ip: %s, attemps: %d" % (login, ip, failed_attempt) ) login = request.REQUEST.get("login", "") email = Profile.objects.get_username_by_login_id(login) if email is None: email = login try: user = User.objects.get(email) if user.is_active: user.freeze_user(notify_admins=True) logger.warn( "Login attempt limit reached, freeze the user email/username: %s, ip: %s, attemps: %d" % (login, ip, failed_attempt) ) except User.DoesNotExist: logger.warn( "Login attempt limit reached with invalid email/username: %s, ip: %s, attemps: %d" % (login, ip, failed_attempt) ) pass form.errors["freeze_account"] = _("This account has been frozen due to too many failed login attempts.") else: # use a new form with Captcha logger.warn( "Login attempt limit reached, show Captcha, email/username: %s, ip: %s, attemps: %d" % (login, ip, failed_attempt) ) if not used_captcha_already: form = CaptchaAuthenticationForm() else: ### GET failed_attempt = _get_login_failed_attempts(ip=ip) if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: if bool(config.FREEZE_USER_ON_LOGIN_FAILED) is True: form = authentication_form() else: logger.warn("Login attempt limit reached, show Captcha, ip: %s, attempts: %d" % (ip, failed_attempt)) form = CaptchaAuthenticationForm() else: form = authentication_form() request.session.set_test_cookie() if Site._meta.installed: current_site = Site.objects.get_current() else: current_site = RequestSite(request) multi_tenancy = getattr(settings, "MULTI_TENANCY", False) if config.ENABLE_SIGNUP: if multi_tenancy: org_account_only = getattr(settings, "FORCE_ORG_REGISTER", False) if org_account_only: signup_url = reverse("org_register") else: signup_url = reverse("choose_register") else: signup_url = reverse("registration_register") else: signup_url = "" enable_shib_login = getattr(settings, "ENABLE_SHIB_LOGIN", False) enable_krb5_login = getattr(settings, "ENABLE_KRB5_LOGIN", False) return render_to_response( template_name, { "form": form, redirect_field_name: redirect_to, "site": current_site, "site_name": current_site.name, "remember_days": config.LOGIN_REMEMBER_DAYS, "signup_url": signup_url, "enable_shib_login": enable_shib_login, "enable_krb5_login": enable_krb5_login, }, context_instance=RequestContext(request), )
def create_login_log(sender, request, user, **kwargs): username = user.username login_ip = get_remote_ip(request) UserLoginLog.objects.create_login_log(username, login_ip)
def login(request, template_name='registration/login.html', redirect_if_logged_in=None, redirect_field_name=REDIRECT_FIELD_NAME, authentication_form=AuthenticationForm): """Displays the login form and handles the login action.""" if request.user.is_authenticated() and redirect_if_logged_in: return HttpResponseRedirect(reverse(redirect_if_logged_in)) redirect_to = request.REQUEST.get(redirect_field_name, '') ip = get_remote_ip(request) failed_attempt = _get_login_failed_attempts(ip=ip) if request.method == "POST": username = urlquote(request.REQUEST.get('username', '').strip()) remember_me = True if request.REQUEST.get('remember_me', '') == 'on' else False if failed_attempt >= settings.LOGIN_ATTEMPT_LIMIT: # have captcha form = CaptchaAuthenticationForm(data=request.POST) if form.is_valid(): if UserOptions.objects.passwd_change_required( form.get_user().username): redirect_to = reverse('auth_password_change') request.session['force_passwd_change'] = True # captcha & passwod is valid, log user in request.session['remember_me'] = remember_me return log_user_in(request, form.get_user(), redirect_to) else: # show page with captcha and increase failed login attempts _incr_login_faied_attempts(username=username, ip=ip) else: form = authentication_form(data=request.POST) if form.is_valid(): if UserOptions.objects.passwd_change_required( form.get_user().username): redirect_to = reverse('auth_password_change') request.session['force_passwd_change'] = True # password is valid, log user in request.session['remember_me'] = remember_me return log_user_in(request, form.get_user(), redirect_to) else: login = urlquote(request.REQUEST.get('login', '').strip()) failed_attempt = _incr_login_faied_attempts(username=login, ip=ip) if failed_attempt >= settings.LOGIN_ATTEMPT_LIMIT: logger.warn( 'Login attempt limit reached, email/username: %s, ip: %s, attemps: %d' % (login, ip, failed_attempt)) form = CaptchaAuthenticationForm() else: form = authentication_form(data=request.POST) else: ### GET if failed_attempt >= settings.LOGIN_ATTEMPT_LIMIT: logger.warn('Login attempt limit reached, ip: %s, attempts: %d' % (ip, failed_attempt)) form = CaptchaAuthenticationForm(request) else: form = authentication_form(request) request.session.set_test_cookie() if Site._meta.installed: current_site = Site.objects.get_current() else: current_site = RequestSite(request) multi_tenancy = getattr(settings, 'MULTI_TENANCY', False) if config.ENABLE_SIGNUP: if multi_tenancy: org_account_only = getattr(settings, 'FORCE_ORG_REGISTER', False) if org_account_only: signup_url = reverse('org_register') else: signup_url = reverse('choose_register') else: signup_url = reverse('registration_register') else: signup_url = '' enable_shib_login = getattr(settings, 'ENABLE_SHIB_LOGIN', False) enable_krb5_login = getattr(settings, 'ENABLE_KRB5_LOGIN', False) return render_to_response(template_name, { 'form': form, redirect_field_name: redirect_to, 'site': current_site, 'site_name': current_site.name, 'remember_days': config.LOGIN_REMEMBER_DAYS, 'signup_url': signup_url, 'enable_shib_login': enable_shib_login, 'enable_krb5_login': enable_krb5_login, }, context_instance=RequestContext(request))
def create_login_failed_log(sender, request, **kwargs): username = request.POST.get('login', '') login_ip = get_remote_ip(request) UserLoginLog.objects.create_login_log(username, login_ip, login_success=False)
def login(request, template_name='registration/login.html', redirect_if_logged_in=None, redirect_field_name=REDIRECT_FIELD_NAME, authentication_form=AuthenticationForm): """Displays the login form and handles the login action.""" if request.user.is_authenticated() and redirect_if_logged_in: return HttpResponseRedirect(reverse(redirect_if_logged_in)) redirect_to = request.REQUEST.get(redirect_field_name, '') ip = get_remote_ip(request) failed_attempt = _get_login_failed_attempts(ip=ip) if request.method == "POST": username = urlquote(request.REQUEST.get('username', '').strip()) remember_me = True if request.REQUEST.get('remember_me', '') == 'on' else False if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: if bool(config.FREEZE_USER_ON_LOGIN_FAILED) is True: # log user in if password is valid otherwise freeze account form = authentication_form(data=request.POST) if form.is_valid(): return _handle_login_form_valid(request, form.get_user(), redirect_to, remember_me) else: # freeze user account anyway login = request.REQUEST.get('login', '') email = Profile.objects.get_username_by_login_id(login) if email is None: email = login try: user = User.objects.get(email) if user.is_active: user.freeze_user(notify_admins=True) except User.DoesNotExist: pass form.errors['freeze_account'] = _( 'This account has been frozen due to too many failed login attempts.' ) else: # log user in if password is valid otherwise show captcha form = CaptchaAuthenticationForm(data=request.POST) if form.is_valid(): return _handle_login_form_valid(request, form.get_user(), redirect_to, remember_me) else: # show page with captcha and increase failed login attempts _incr_login_faied_attempts(username=username, ip=ip) else: # login failed attempts < limit form = authentication_form(data=request.POST) if form.is_valid(): return _handle_login_form_valid(request, form.get_user(), redirect_to, remember_me) else: # increase failed attempts login = urlquote(request.REQUEST.get('login', '').strip()) failed_attempt = _incr_login_faied_attempts(username=login, ip=ip) if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: logger.warn( 'Login attempt limit reached, email/username: %s, ip: %s, attemps: %d' % (login, ip, failed_attempt)) if bool(config.FREEZE_USER_ON_LOGIN_FAILED) is True: form = authentication_form(data=request.POST) else: form = CaptchaAuthenticationForm() else: form = authentication_form(data=request.POST) else: ### GET if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: logger.warn('Login attempt limit reached, ip: %s, attempts: %d' % (ip, failed_attempt)) if bool(config.FREEZE_USER_ON_LOGIN_FAILED) is True: form = authentication_form(data=request.POST) else: form = CaptchaAuthenticationForm() else: form = authentication_form(request) request.session.set_test_cookie() if Site._meta.installed: current_site = Site.objects.get_current() else: current_site = RequestSite(request) multi_tenancy = getattr(settings, 'MULTI_TENANCY', False) if config.ENABLE_SIGNUP: if multi_tenancy: org_account_only = getattr(settings, 'FORCE_ORG_REGISTER', False) if org_account_only: signup_url = reverse('org_register') else: signup_url = reverse('choose_register') else: signup_url = reverse('registration_register') else: signup_url = '' enable_shib_login = getattr(settings, 'ENABLE_SHIB_LOGIN', False) enable_krb5_login = getattr(settings, 'ENABLE_KRB5_LOGIN', False) return render_to_response(template_name, { 'form': form, redirect_field_name: redirect_to, 'site': current_site, 'site_name': current_site.name, 'remember_days': config.LOGIN_REMEMBER_DAYS, 'signup_url': signup_url, 'enable_shib_login': enable_shib_login, 'enable_krb5_login': enable_krb5_login, }, context_instance=RequestContext(request))
def login(request, template_name='registration/login.html', redirect_if_logged_in=None, redirect_field_name=REDIRECT_FIELD_NAME, authentication_form=AuthenticationForm): """Displays the login form and handles the login action.""" if request.user.is_authenticated() and redirect_if_logged_in: return HttpResponseRedirect(reverse(redirect_if_logged_in)) redirect_to = request.REQUEST.get(redirect_field_name, '') ip = get_remote_ip(request) if request.method == "POST": if request.REQUEST.get('captcha_0', '') != '': # have captcha form = CaptchaAuthenticationForm(data=request.POST) if form.is_valid(): # captcha & passwod is valid, log user in remember_me = True if request.REQUEST.get( 'remember_me', '') == 'on' else False request.session['remember_me'] = remember_me return log_user_in(request, form.get_user(), redirect_to) else: # show page with captcha and increase failed login attempts _incr_login_faied_attempts(ip=ip) else: form = authentication_form(data=request.POST) if form.is_valid(): # password is valid, log user in remember_me = True if request.REQUEST.get( 'remember_me', '') == 'on' else False request.session['remember_me'] = remember_me return log_user_in(request, form.get_user(), redirect_to) else: username = urlquote(request.REQUEST.get('username', '').strip()) failed_attempt = _incr_login_faied_attempts(username=username, ip=ip) if failed_attempt >= settings.LOGIN_ATTEMPT_LIMIT: logger.warn('Login attempt limit reached, username: %s, ip: %s, attemps: %d' % (username, ip, failed_attempt)) form = CaptchaAuthenticationForm() else: form = authentication_form(data=request.POST) else: ### GET failed_attempt = _get_login_failed_attempts(ip=ip) if failed_attempt >= settings.LOGIN_ATTEMPT_LIMIT: logger.warn('Login attempt limit reached, ip: %s, attempts: %d' % (ip, failed_attempt)) form = CaptchaAuthenticationForm(request) else: form = authentication_form(request) request.session.set_test_cookie() if Site._meta.installed: current_site = Site.objects.get_current() else: current_site = RequestSite(request) enable_signup = getattr(settings, 'ENABLE_SIGNUP', False) multi_tenancy = getattr(settings, 'MULTI_TENANCY', False) if enable_signup: if multi_tenancy: signup_url = reverse('choose_register') else: signup_url = reverse('registration_register') else: signup_url = '' return render_to_response(template_name, { 'form': form, redirect_field_name: redirect_to, 'site': current_site, 'site_name': current_site.name, 'remember_days': settings.LOGIN_REMEMBER_DAYS, 'signup_url': signup_url, }, context_instance=RequestContext(request))
def login(request, template_name='registration/login.html', redirect_if_logged_in=None, redirect_field_name=REDIRECT_FIELD_NAME, authentication_form=AuthenticationForm): """Displays the login form and handles the login action.""" if request.user.is_authenticated() and redirect_if_logged_in: return HttpResponseRedirect(reverse(redirect_if_logged_in)) redirect_to = request.REQUEST.get(redirect_field_name, '') ip = get_remote_ip(request) if request.method == "POST": login = urlquote(request.REQUEST.get('login', '').strip()) failed_attempt = _get_login_failed_attempts(username=login, ip=ip) remember_me = True if request.REQUEST.get('remember_me', '') == 'on' else False # check the form used_captcha_already = False if bool(config.FREEZE_USER_ON_LOGIN_FAILED) is True: form = authentication_form(data=request.POST) else: if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: form = CaptchaAuthenticationForm(data=request.POST) used_captcha_already = True else: form = authentication_form(data=request.POST) if form.is_valid(): return _handle_login_form_valid(request, form.get_user(), redirect_to, remember_me) # form is invalid user_logged_in_failed.send(sender=None, request=request) failed_attempt = _incr_login_failed_attempts(username=login, ip=ip) if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: if bool(config.FREEZE_USER_ON_LOGIN_FAILED) is True: # log user in if password is valid otherwise freeze account logger.warn( 'Login attempt limit reached, try freeze the user, email/username: %s, ip: %s, attemps: %d' % (login, ip, failed_attempt)) login = request.REQUEST.get('login', '') email = Profile.objects.get_username_by_login_id(login) if email is None: email = login try: user = User.objects.get(email) if user.is_active: user.freeze_user(notify_admins=True) logger.warn( 'Login attempt limit reached, freeze the user email/username: %s, ip: %s, attemps: %d' % (login, ip, failed_attempt)) except User.DoesNotExist: logger.warn( 'Login attempt limit reached with invalid email/username: %s, ip: %s, attemps: %d' % (login, ip, failed_attempt)) pass form.errors['freeze_account'] = _( 'This account has been frozen due to too many failed login attempts.' ) else: # use a new form with Captcha logger.warn( 'Login attempt limit reached, show Captcha, email/username: %s, ip: %s, attemps: %d' % (login, ip, failed_attempt)) if not used_captcha_already: form = CaptchaAuthenticationForm() else: ### GET failed_attempt = _get_login_failed_attempts(ip=ip) if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: if bool(config.FREEZE_USER_ON_LOGIN_FAILED) is True: form = authentication_form() else: logger.warn( 'Login attempt limit reached, show Captcha, ip: %s, attempts: %d' % (ip, failed_attempt)) form = CaptchaAuthenticationForm() else: form = authentication_form() request.session.set_test_cookie() if Site._meta.installed: current_site = Site.objects.get_current() else: current_site = RequestSite(request) multi_tenancy = getattr(settings, 'MULTI_TENANCY', False) if config.ENABLE_SIGNUP: if multi_tenancy: org_account_only = getattr(settings, 'FORCE_ORG_REGISTER', False) if org_account_only: signup_url = reverse('org_register') else: signup_url = reverse('choose_register') else: signup_url = reverse('registration_register') else: signup_url = '' enable_shib_login = getattr(settings, 'ENABLE_SHIB_LOGIN', False) enable_krb5_login = getattr(settings, 'ENABLE_KRB5_LOGIN', False) enable_adfs_login = getattr(settings, 'ENABLE_ADFS_LOGIN', False) login_bg_image_path = LOGIN_BG_IMAGE_PATH # get path that background image of login page custom_login_bg_image_file = os.path.join(MEDIA_ROOT, CUSTOM_LOGIN_BG_IMAGE_PATH) if os.path.exists(custom_login_bg_image_file): login_bg_image_path = CUSTOM_LOGIN_BG_IMAGE_PATH return render_to_response(template_name, { 'form': form, redirect_field_name: redirect_to, 'site': current_site, 'site_name': current_site.name, 'remember_days': config.LOGIN_REMEMBER_DAYS, 'signup_url': signup_url, 'enable_shib_login': enable_shib_login, 'enable_krb5_login': enable_krb5_login, 'enable_adfs_login': enable_adfs_login, 'login_bg_image_path': login_bg_image_path, }, context_instance=RequestContext(request))
def login(request, template_name='registration/login.html', redirect_if_logged_in='libraries', redirect_field_name=REDIRECT_FIELD_NAME, authentication_form=AuthenticationForm): """Displays the login form and handles the login action.""" redirect_to = request.GET.get(redirect_field_name, '') if request.user.is_authenticated(): if redirect_to: return HttpResponseRedirect(redirect_to) else: return HttpResponseRedirect(reverse(redirect_if_logged_in)) ip = get_remote_ip(request) if request.method == "POST": login = request.POST.get('login', '').strip() failed_attempt = get_login_failed_attempts(username=login, ip=ip) remember_me = True if request.POST.get('remember_me', '') == 'on' else False redirect_to = request.POST.get(redirect_field_name, '') or redirect_to # check the form used_captcha_already = False if bool(config.FREEZE_USER_ON_LOGIN_FAILED) is True: form = authentication_form(data=request.POST) else: if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: form = CaptchaAuthenticationForm(data=request.POST) used_captcha_already = True else: form = authentication_form(data=request.POST) if form.is_valid(): return _handle_login_form_valid(request, form.get_user(), redirect_to, remember_me) # form is invalid user_logged_in_failed.send(sender=None, request=request) failed_attempt = incr_login_failed_attempts(username=login, ip=ip) if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: if bool(config.FREEZE_USER_ON_LOGIN_FAILED) is True: # log user in if password is valid otherwise freeze account logger.warn( 'Login attempt limit reached, try freeze the user, email/username: %s, ip: %s, attemps: %d' % (login, ip, failed_attempt)) email = Profile.objects.get_username_by_login_id(login) if email is None: email = login try: user = User.objects.get(email) if user.is_active: user.freeze_user(notify_admins=True) logger.warn( 'Login attempt limit reached, freeze the user email/username: %s, ip: %s, attemps: %d' % (login, ip, failed_attempt)) except User.DoesNotExist: logger.warn( 'Login attempt limit reached with invalid email/username: %s, ip: %s, attemps: %d' % (login, ip, failed_attempt)) pass form.errors['freeze_account'] = _( 'This account has been frozen due to too many failed login attempts.' ) else: # use a new form with Captcha logger.warn( 'Login attempt limit reached, show Captcha, email/username: %s, ip: %s, attemps: %d' % (login, ip, failed_attempt)) if not used_captcha_already: form = CaptchaAuthenticationForm() else: ### GET failed_attempt = get_login_failed_attempts(ip=ip) if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: if bool(config.FREEZE_USER_ON_LOGIN_FAILED) is True: form = authentication_form() else: logger.warn( 'Login attempt limit reached, show Captcha, ip: %s, attempts: %d' % (ip, failed_attempt)) form = CaptchaAuthenticationForm() else: form = authentication_form() request.session.set_test_cookie() current_site = get_current_site(request) multi_tenancy = getattr(settings, 'MULTI_TENANCY', False) if config.ENABLE_SIGNUP: if multi_tenancy: org_account_only = getattr(settings, 'FORCE_ORG_REGISTER', False) if org_account_only: signup_url = reverse('org_register') else: signup_url = reverse('choose_register') else: signup_url = reverse('registration_register') else: signup_url = '' enable_sso = getattr(settings, 'ENABLE_SHIB_LOGIN', False) or \ getattr(settings, 'ENABLE_KRB5_LOGIN', False) or \ getattr(settings, 'ENABLE_ADFS_LOGIN', False) or \ getattr(settings, 'ENABLE_OAUTH', False) or \ getattr(settings, 'ENABLE_CAS', False) or \ getattr(settings, 'ENABLE_REMOTE_USER_AUTHENTICATION', False) or \ getattr(settings, 'ENABLE_WORK_WEIXIN', False) login_bg_image_path = get_login_bg_image_path() return render( request, template_name, { 'form': form, redirect_field_name: redirect_to, 'site': current_site, 'site_name': get_site_name(), 'remember_days': config.LOGIN_REMEMBER_DAYS, 'signup_url': signup_url, 'enable_sso': enable_sso, 'login_bg_image_path': login_bg_image_path, })