def get_user(request): if not hasattr(request, "_cached_user"): user = auth_get_user(request) # If the user bound to this request matches a real user, # we need to validate the session's nonce. This nonce is # to make sure that the session is valid for effectively the # current "version" of the user. When security related # actions take place, this nonce will rotate causing a # mismatch here forcing the session to be logged out and # requiring re-validation. if user.is_authenticated() and not user.is_sentry_app: # We only need to check the nonce if there is a nonce # currently set on the User. By default, the value will # be None until the first action has been taken, at # which point, a nonce will always be required. if user.session_nonce and request.session.get( "_nonce", "") != user.session_nonce: # If the nonces don't match, this session is anonymous. logger.info( "user.auth.invalid-nonce", extra={ "ip_address": request.META["REMOTE_ADDR"], "user_id": user.id }, ) user = AnonymousUser() else: UserIP.log(user, request.META["REMOTE_ADDR"]) request._cached_user = user return request._cached_user
def clean(self): username = self.cleaned_data.get('username') password = self.cleaned_data.get('password') if not (username and password): raise forms.ValidationError( self.error_messages['invalid_login'] % {'username': self.username_field.verbose_name} ) if self.is_rate_limited(): logger.info( 'user.auth.rate-limited', extra={ 'ip_address': self.request.META['REMOTE_ADDR'], 'username': username, } ) raise forms.ValidationError(self.error_messages['rate_limited']) self.user_cache = authenticate(username=username, password=password) if self.user_cache is None: raise forms.ValidationError( self.error_messages['invalid_login'] % {'username': self.username_field.verbose_name} ) self.check_for_test_cookie() return self.cleaned_data
def clean(self): username = self.cleaned_data.get("username") password = self.cleaned_data.get("password") if not (username and password): raise forms.ValidationError( self.error_messages["invalid_login"] % {"username": self.username_field.verbose_name}) if self.is_rate_limited(): logger.info( "user.auth.rate-limited", extra={ "ip_address": self.request.META["REMOTE_ADDR"], "username": username }, ) raise forms.ValidationError(self.error_messages["rate_limited"]) self.user_cache = authenticate(username=username, password=password) if self.user_cache is None: raise forms.ValidationError( self.error_messages["invalid_login"] % {"username": self.username_field.verbose_name}) self.check_for_test_cookie() return self.cleaned_data
def get_user(request): if not hasattr(request, '_cached_user'): user = auth_get_user(request) # If the user bound to this request matches a real user, # we need to validate the session's nonce. This nonce is # to make sure that the session is valid for effectively the # current "version" of the user. When security related # actions take place, this nonce will rotate causing a # mismatch here forcing the session to be logged out and # requiring re-validation. if user.is_authenticated(): # We only need to check the nonce if there is a nonce # currently set on the User. By default, the value will # be None until the first action has been taken, at # which point, a nonce will always be required. if user.session_nonce and request.session.get('_nonce', '') != user.session_nonce: # If the nonces don't match, this session is anonymous. logger.info( 'user.auth.invalid-nonce', extra={ 'ip_address': request.META['REMOTE_ADDR'], 'user_id': user.id, } ) user = AnonymousUser() else: UserIP.log(user, request.META['REMOTE_ADDR']) request._cached_user = user return request._cached_user