Пример #1
0
def dt_login(request):
  redirect_to = request.REQUEST.get('next', '/')
  is_first_login_ever = first_login_ever()
  backend_names = get_backend_names()
  is_active_directory = 'LdapBackend' in backend_names and ( bool(LDAP.NT_DOMAIN.get()) or bool(LDAP.LDAP_SERVERS.get()) )

  if is_active_directory:
    UserCreationForm = auth_forms.LdapUserCreationForm
    AuthenticationForm = auth_forms.LdapAuthenticationForm
  else:
    UserCreationForm = auth_forms.UserCreationForm
    AuthenticationForm = auth_forms.AuthenticationForm

  if request.method == 'POST':
    request.audit = {
      'operation': 'USER_LOGIN',
      'username': request.POST.get('username')
    }

    # For first login, need to validate user info!
    first_user_form = is_first_login_ever and UserCreationForm(data=request.POST) or None
    first_user = first_user_form and first_user_form.is_valid()

    if first_user or not is_first_login_ever:
      auth_form = AuthenticationForm(data=request.POST)

      if auth_form.is_valid():
        # Must login by using the AuthenticationForm.
        # It provides 'backends' on the User object.
        user = auth_form.get_user()
        userprofile = get_profile(user)

        login(request, user)

        if request.session.test_cookie_worked():
          request.session.delete_test_cookie()

        if is_first_login_ever or 'AllowAllBackend' in backend_names or 'LdapBackend' in backend_names:
          # Create home directory for first user.
          try:
            ensure_home_directory(request.fs, user.username)
          except (IOError, WebHdfsException), e:
            LOG.error(_('Could not create home directory.'), exc_info=e)
            request.error(_('Could not create home directory.'))

        if require_change_password(userprofile):
          return HttpResponseRedirect(urlresolvers.reverse('useradmin.views.edit_user', kwargs={'username': user.username}))

        userprofile.first_login = False
        userprofile.save()

        msg = 'Successful login for user: %s' % user.username
        request.audit['operationText'] = msg
        access_warn(request, msg)
        return HttpResponseRedirect(redirect_to)
      else:
        request.audit['allowed'] = False
        msg = 'Failed login for user: %s' % request.POST.get('username')
        request.audit['operationText'] = msg
        access_warn(request, msg)
Пример #2
0
def dt_login(request):
    redirect_to = request.REQUEST.get('next', '/')
    is_first_login_ever = first_login_ever()
    backend_names = get_backend_names()
    is_active_directory = 'LdapBackend' in backend_names and (bool(
        LDAP.NT_DOMAIN.get()) or bool(LDAP.LDAP_SERVERS.get()))

    if is_active_directory:
        UserCreationForm = auth_forms.LdapUserCreationForm
        AuthenticationForm = auth_forms.LdapAuthenticationForm
    else:
        UserCreationForm = auth_forms.UserCreationForm
        AuthenticationForm = auth_forms.AuthenticationForm

    if request.method == 'POST':
        # For first login, need to validate user info!
        first_user_form = is_first_login_ever and UserCreationForm(
            data=request.POST) or None
        first_user = first_user_form and first_user_form.is_valid()

        if first_user or not is_first_login_ever:
            auth_form = AuthenticationForm(data=request.POST)

            if auth_form.is_valid():
                # Must login by using the AuthenticationForm.
                # It provides 'backends' on the User object.
                user = auth_form.get_user()
                userprofile = get_profile(user)

                login(request, user)

                if request.session.test_cookie_worked():
                    request.session.delete_test_cookie()

                if is_first_login_ever or 'AllowAllBackend' in backend_names or 'LdapBackend' in backend_names:
                    # Create home directory for first user.
                    try:
                        ensure_home_directory(request.fs, user.username)
                    except (IOError, WebHdfsException), e:
                        LOG.error(_('Could not create home directory.'),
                                  exc_info=e)
                        request.error(_('Could not create home directory.'))

                if require_change_password(userprofile):
                    return HttpResponseRedirect(
                        urlresolvers.reverse(
                            'useradmin.views.edit_user',
                            kwargs={'username': user.username}))

                userprofile.first_login = False
                userprofile.save()

                access_warn(request, '"%s" login ok' % (user.username, ))
                return HttpResponseRedirect(redirect_to)

            else:
                access_warn(
                    request, 'Failed login for user "%s"' %
                    (request.POST.get('username'), ))
Пример #3
0
def dt_login(request, from_modal=False):
    redirect_to = request.GET.get('next', '/')
    is_first_login_ever = first_login_ever()
    backend_names = auth_forms.get_backend_names()
    is_active_directory = auth_forms.is_active_directory()
    is_ldap_option_selected = 'server' not in request.POST or request.POST.get('server') == 'LDAP' \
                              or request.POST.get('server') in auth_forms.get_ldap_server_keys()

    if is_active_directory and is_ldap_option_selected:
        UserCreationForm = auth_forms.LdapUserCreationForm
        AuthenticationForm = auth_forms.LdapAuthenticationForm
    else:
        UserCreationForm = auth_forms.UserCreationForm
        if 'ImpersonationBackend' in backend_names:
            AuthenticationForm = ImpersonationAuthenticationForm
        else:
            AuthenticationForm = auth_forms.AuthenticationForm

    if request.method == 'POST':
        request.audit = {
            'operation': 'USER_LOGIN',
            'username': request.POST.get('username')
        }

        # For first login, need to validate user info!
        first_user_form = is_first_login_ever and UserCreationForm(
            data=request.POST) or None
        first_user = first_user_form and first_user_form.is_valid()

        if first_user or not is_first_login_ever:
            auth_form = AuthenticationForm(data=request.POST)

            if auth_form.is_valid():
                # Must login by using the AuthenticationForm. It provides 'backends' on the User object.
                user = auth_form.get_user()
                userprofile = get_profile(user)

                login(request, user)

                if request.session.test_cookie_worked():
                    request.session.delete_test_cookie()

                try:
                    ensure_home_directory(request.fs, user)
                except (IOError, WebHdfsException), e:
                    LOG.error(
                        'Could not create home directory at login for %s.' %
                        user,
                        exc_info=e)

                if require_change_password(userprofile):
                    return HttpResponseRedirect(
                        urlresolvers.reverse(
                            'useradmin.views.edit_user',
                            kwargs={'username': user.username}))

                userprofile.first_login = False
                userprofile.last_activity = datetime.now()
                userprofile.save()

                msg = 'Successful login for user: %s' % user.username
                request.audit['operationText'] = msg
                access_warn(request, msg)
                if from_modal or request.GET.get('fromModal',
                                                 'false') == 'true':
                    return JsonResponse({'auth': True})
                else:
                    return HttpResponseRedirect(redirect_to)
            else:
                request.audit['allowed'] = False
                msg = 'Failed login for user: %s' % request.POST.get(
                    'username')
                request.audit['operationText'] = msg
                access_warn(request, msg)
                if from_modal or request.GET.get('fromModal',
                                                 'false') == 'true':
                    return JsonResponse({'auth': False})
Пример #4
0
def dt_login(request, from_modal=False):
    redirect_to = request.REQUEST.get('next', '/')
    is_first_login_ever = first_login_ever()
    backend_names = get_backend_names()
    is_active_directory = 'LdapBackend' in backend_names and (bool(
        LDAP.NT_DOMAIN.get()) or bool(LDAP.LDAP_SERVERS.get()))

    if is_active_directory:
        UserCreationForm = auth_forms.LdapUserCreationForm
        AuthenticationForm = auth_forms.LdapAuthenticationForm
    else:
        UserCreationForm = auth_forms.UserCreationForm
        AuthenticationForm = auth_forms.AuthenticationForm

    if request.method == 'POST':
        request.audit = {
            'operation': 'USER_LOGIN',
            'username': request.POST.get('username')
        }

        # For first login, need to validate user info!
        first_user_form = is_first_login_ever and UserCreationForm(
            data=request.POST) or None
        first_user = first_user_form and first_user_form.is_valid()

        if first_user or not is_first_login_ever:
            auth_form = AuthenticationForm(data=request.POST)

            if auth_form.is_valid():
                # Must login by using the AuthenticationForm.
                # It provides 'backends' on the User object.
                user = auth_form.get_user()
                userprofile = get_profile(user)

                login(request, user)

                if request.session.test_cookie_worked():
                    request.session.delete_test_cookie()

                auto_create_home_backends = [
                    'AllowAllBackend', 'LdapBackend', 'SpnegoDjangoBackend'
                ]
                if is_first_login_ever or any(
                        backend in backend_names
                        for backend in auto_create_home_backends):
                    # Create home directory for first user.
                    try:
                        ensure_home_directory(request.fs, user.username)
                    except (IOError, WebHdfsException), e:
                        LOG.error(_('Could not create home directory.'),
                                  exc_info=e)
                        request.error(_('Could not create home directory.'))

                if require_change_password(userprofile):
                    return HttpResponseRedirect(
                        urlresolvers.reverse(
                            'useradmin.views.edit_user',
                            kwargs={'username': user.username}))

                userprofile.first_login = False
                userprofile.last_activity = datetime.now()
                userprofile.save()

                msg = 'Successful login for user: %s' % user.username
                request.audit['operationText'] = msg
                access_warn(request, msg)
                if from_modal or request.REQUEST.get('fromModal',
                                                     'false') == 'true':
                    return JsonResponse({'auth': True})
                else:
                    return HttpResponseRedirect(redirect_to)
            else:
                request.audit['allowed'] = False
                msg = 'Failed login for user: %s' % request.POST.get(
                    'username')
                request.audit['operationText'] = msg
                access_warn(request, msg)
                if from_modal or request.REQUEST.get('fromModal',
                                                     'false') == 'true':
                    return JsonResponse({'auth': False})
Пример #5
0
def dt_login(request, from_modal=False):
  if request.method == 'GET':
    redirect_to = request.GET.get('next', '/')
  else:
    redirect_to = request.POST.get('next', '/')
  is_first_login_ever = first_login_ever()
  backend_names = auth_forms.get_backend_names()
  is_active_directory = auth_forms.is_active_directory()
  is_ldap_option_selected = 'server' not in request.POST or request.POST.get('server') == 'LDAP' or \
      request.POST.get('server') in auth_forms.get_ldap_server_keys()

  if is_active_directory and is_ldap_option_selected:
    UserCreationForm = auth_forms.LdapUserCreationForm
    AuthenticationForm = auth_forms.LdapAuthenticationForm
  else:
    UserCreationForm = auth_forms.UserCreationForm
    if 'ImpersonationBackend' in backend_names:
      AuthenticationForm = ImpersonationAuthenticationForm
    else:
      AuthenticationForm = auth_forms.AuthenticationForm
    if ENABLE_ORGANIZATIONS.get():
      UserCreationForm = OrganizationUserCreationForm
      AuthenticationForm = OrganizationAuthenticationForm

  if request.method == 'POST':
    request.audit = {
      'operation': 'USER_LOGIN',
      'username': request.POST.get('username', request.POST.get('email'))
    }

    # For first login, need to validate user info!
    first_user_form = is_first_login_ever and UserCreationForm(data=request.POST) or None
    first_user = first_user_form and first_user_form.is_valid()

    if first_user or not is_first_login_ever:
      auth_form = AuthenticationForm(data=request.POST)

      if auth_form.is_valid():
        # Must login by using the AuthenticationForm. It provides 'backend' on the User object.
        user = auth_form.get_user()
        userprofile = get_profile(user)

        login(request, user)
        # If Test cookie exists , it should be deleted
        if request.session.test_cookie_worked():
          request.session.delete_test_cookie()
        if request.fs is None:
          request.fs = fsmanager.get_filesystem(request.fs_ref)
        try:
          ensure_home_directory(request.fs, user)
        except (IOError, WebHdfsException) as e:
          LOG.error('Could not create home directory at login for %s.' % user, exc_info=e)

        if require_change_password(userprofile):
          return HttpResponseRedirect('/hue' + reverse('useradmin:useradmin.views.edit_user', kwargs={'username': user.username}))

        userprofile.first_login = False
        userprofile.last_activity = datetime.now()
        if userprofile.creation_method == UserProfile.CreationMethod.EXTERNAL: # This is to fix a bug in Hue 4.3
          userprofile.creation_method = UserProfile.CreationMethod.EXTERNAL.name
        userprofile.update_data({'auth_backend': user.backend})
        userprofile.save()

        msg = 'Successful login for user: %s' % user.username
        request.audit['operationText'] = msg
        access_warn(request, msg)
        if from_modal or request.GET.get('fromModal', 'false') == 'true':
          return JsonResponse({'auth': True})
        else:
          return HttpResponseRedirect(redirect_to)
      else:
        request.audit['allowed'] = False
        msg = 'Failed login for user: %s' % request.POST.get('username', request.POST.get('email'))
        request.audit['operationText'] = msg
        access_warn(request, msg)
        if from_modal or request.GET.get('fromModal', 'false') == 'true':
          return JsonResponse({'auth': False})
  else:
    first_user_form = None
    auth_form = AuthenticationForm()
    # SAML/OIDC user is already authenticated in djangosaml2.views.login
    if hasattr(request, 'fs') and (
        'KnoxSpnegoDjangoBackend' in backend_names or 'SpnegoDjangoBackend' in backend_names or 'OIDCBackend' in backend_names or
        'SAML2Backend' in backend_names
      ) and request.user.is_authenticated:
      if request.fs is None:
        request.fs = fsmanager.get_filesystem(request.fs_ref)
      try:
        ensure_home_directory(request.fs, request.user)
      except (IOError, WebHdfsException) as e:
        LOG.error('Could not create home directory for %s user %s.' % ('OIDC' if 'OIDCBackend' in backend_names else 'SAML', request.user))
    if request.user.is_authenticated and not from_modal:
      return HttpResponseRedirect(redirect_to)

  if is_active_directory and not is_ldap_option_selected and \
      request.method == 'POST' and request.user.username != request.POST.get('username'):
    # local user login failed, give the right auth_form with 'server' field
    auth_form = auth_forms.LdapAuthenticationForm()
  
  if not from_modal and SESSION.ENABLE_TEST_COOKIE.get() :
    request.session.set_test_cookie()

  if 'SAML2Backend' in backend_names:
    request.session['samlgroup_permitted_flag'] = samlgroup_check(request)

  renderable_path = 'login.mako'
  if from_modal:
    renderable_path = 'login_modal.mako'

  response = render(renderable_path, request, {
    'action': reverse('desktop_auth_views_dt_login'),
    'form': first_user_form or auth_form,
    'next': redirect_to,
    'first_login_ever': is_first_login_ever,
    'login_errors': request.method == 'POST',
    'backend_names': backend_names,
    'active_directory': is_active_directory,
    'user': request.user
  })

  if not request.user.is_authenticated:
    response.delete_cookie(LOAD_BALANCER_COOKIE) # Note: might be re-balanced to another Hue on login.

  return response
Пример #6
0
def dt_login(request, from_modal=False):
    redirect_to = request.REQUEST.get("next", "/")
    is_first_login_ever = first_login_ever()
    backend_names = get_backend_names()
    is_active_directory = "LdapBackend" in backend_names and (
        bool(LDAP.NT_DOMAIN.get()) or bool(LDAP.LDAP_SERVERS.get())
    )

    if is_active_directory:
        UserCreationForm = auth_forms.LdapUserCreationForm
        AuthenticationForm = auth_forms.LdapAuthenticationForm
    else:
        UserCreationForm = auth_forms.UserCreationForm
        AuthenticationForm = auth_forms.AuthenticationForm

    if request.method == "POST":
        request.audit = {"operation": "USER_LOGIN", "username": request.POST.get("username")}

        # For first login, need to validate user info!
        first_user_form = is_first_login_ever and UserCreationForm(data=request.POST) or None
        first_user = first_user_form and first_user_form.is_valid()

        if first_user or not is_first_login_ever:
            auth_form = AuthenticationForm(data=request.POST)

            if auth_form.is_valid():
                # Must login by using the AuthenticationForm.
                # It provides 'backends' on the User object.
                user = auth_form.get_user()
                userprofile = get_profile(user)

                login(request, user)

                if request.session.test_cookie_worked():
                    request.session.delete_test_cookie()

                if is_first_login_ever or "AllowAllBackend" in backend_names or "LdapBackend" in backend_names:
                    # Create home directory for first user.
                    try:
                        ensure_home_directory(request.fs, user.username)
                    except (IOError, WebHdfsException), e:
                        LOG.error(_("Could not create home directory."), exc_info=e)
                        request.error(_("Could not create home directory."))

                if require_change_password(userprofile):
                    return HttpResponseRedirect(
                        urlresolvers.reverse("useradmin.views.edit_user", kwargs={"username": user.username})
                    )

                userprofile.first_login = False
                userprofile.last_activity = datetime.now()
                userprofile.save()

                msg = "Successful login for user: %s" % user.username
                request.audit["operationText"] = msg
                access_warn(request, msg)
                if from_modal or request.REQUEST.get("fromModal", "false") == "true":
                    return JsonResponse({"auth": True})
                else:
                    return HttpResponseRedirect(redirect_to)
            else:
                request.audit["allowed"] = False
                msg = "Failed login for user: %s" % request.POST.get("username")
                request.audit["operationText"] = msg
                access_warn(request, msg)
                if from_modal or request.REQUEST.get("fromModal", "false") == "true":
                    return JsonResponse({"auth": False})
Пример #7
0
def dt_login(request, from_modal=False):
  if request.method == 'GET':
    redirect_to = request.GET.get('next', '/')
  else:
    redirect_to = request.POST.get('next', '/')
  is_first_login_ever = first_login_ever()
  backend_names = auth_forms.get_backend_names()
  is_active_directory = auth_forms.is_active_directory()
  is_ldap_option_selected = 'server' not in request.POST or request.POST.get('server') == 'LDAP' \
                            or request.POST.get('server') in auth_forms.get_ldap_server_keys()

  if is_active_directory and is_ldap_option_selected:
    UserCreationForm = auth_forms.LdapUserCreationForm
    AuthenticationForm = auth_forms.LdapAuthenticationForm
  else:
    UserCreationForm = auth_forms.UserCreationForm
    if 'ImpersonationBackend' in backend_names:
      AuthenticationForm = ImpersonationAuthenticationForm
    else:
      AuthenticationForm = auth_forms.AuthenticationForm

  if request.method == 'POST':
    request.audit = {
      'operation': 'USER_LOGIN',
      'username': request.POST.get('username')
    }

    # For first login, need to validate user info!
    first_user_form = is_first_login_ever and UserCreationForm(data=request.POST) or None
    first_user = first_user_form and first_user_form.is_valid()

    if first_user or not is_first_login_ever:
      auth_form = AuthenticationForm(data=request.POST)

      if auth_form.is_valid():
        # Must login by using the AuthenticationForm. It provides 'backends' on the User object.
        user = auth_form.get_user()
        userprofile = get_profile(user)

        login(request, user)

        if request.session.test_cookie_worked():
          request.session.delete_test_cookie()

        try:
          ensure_home_directory(request.fs, user)
        except (IOError, WebHdfsException), e:
          LOG.error('Could not create home directory at login for %s.' % user, exc_info=e)

        if require_change_password(userprofile):
          return HttpResponseRedirect(urlresolvers.reverse('useradmin.views.edit_user', kwargs={'username': user.username}))

        userprofile.first_login = False
        userprofile.last_activity = datetime.now()
        # This is to fix a bug in Hue 4.3
        if userprofile.creation_method == UserProfile.CreationMethod.EXTERNAL:
          userprofile.creation_method = UserProfile.CreationMethod.EXTERNAL.name
        userprofile.save()

        msg = 'Successful login for user: %s' % user.username
        request.audit['operationText'] = msg
        access_warn(request, msg)
        if from_modal or request.GET.get('fromModal', 'false') == 'true':
          return JsonResponse({'auth': True})
        else:
          return HttpResponseRedirect(redirect_to)
      else:
        request.audit['allowed'] = False
        msg = 'Failed login for user: %s' % request.POST.get('username')
        request.audit['operationText'] = msg
        access_warn(request, msg)
        if from_modal or request.GET.get('fromModal', 'false') == 'true':
          return JsonResponse({'auth': False})
Пример #8
0
def dt_login(request):
  redirect_to = request.REQUEST.get('next', '/')
  is_first_login_ever = first_login_ever()
  backend_name = get_backend_name()
  is_active_directory = backend_name == 'LdapBackend' and ( bool(LDAP.NT_DOMAIN.get()) or bool(LDAP.LDAP_SERVERS.get()) )

  if is_active_directory:
    UserCreationForm = auth_forms.LdapUserCreationForm
    AuthenticationForm = auth_forms.LdapAuthenticationForm
  else:
    UserCreationForm = auth_forms.UserCreationForm
    AuthenticationForm = auth_forms.AuthenticationForm

  if request.method == 'POST':
    # For first login, need to validate user info!
    first_user_form = is_first_login_ever and UserCreationForm(data=request.POST) or None
    first_user = first_user_form and first_user_form.is_valid()

    if first_user or not is_first_login_ever:
      auth_form = AuthenticationForm(data=request.POST)

      if auth_form.is_valid():
        # Must login by using the AuthenticationForm.
        # It provides 'backends' on the User object.
        user = auth_form.get_user()
        userprofile = get_profile(user)

        login(request, user)

        if request.session.test_cookie_worked():
          request.session.delete_test_cookie()

        # For Bluemix - don't try to create HDFS home directory because we're ignoring the identity of the Hue user
        #if is_first_login_ever or backend_name in ('AllowAllBackend', 'LdapBackend'):
        #  # Create home directory for first user.
        #  try:
        #    ensure_home_directory(request.fs, user.username)
        #  except (IOError, WebHdfsException), e:
        #    LOG.error(_('Could not create home directory.'), exc_info=e)
        #    request.error(_('Could not create home directory.'))

        if require_change_password(userprofile):
          return HttpResponseRedirect(urlresolvers.reverse('useradmin.views.edit_user', kwargs={'username': user.username}))

        userprofile.first_login = False
        userprofile.save()

        access_warn(request, '"%s" login ok' % (user.username,))
        return HttpResponseRedirect(redirect_to)

      else:
        access_warn(request, 'Failed login for user "%s"' % (request.POST.get('username'),))

  else:
    first_user_form = None
    auth_form = AuthenticationForm()

  if DEMO_ENABLED.get() and not 'admin' in request.REQUEST:
    user = authenticate(username='', password='')
    login(request, user)
    ensure_home_directory(request.fs, user.username)
    return HttpResponseRedirect(redirect_to)

  request.session.set_test_cookie()
  return render('login.mako', request, {
    'action': urlresolvers.reverse('desktop.auth.views.dt_login'),
    'form': first_user_form or auth_form,
    'next': redirect_to,
    'first_login_ever': is_first_login_ever,
    'login_errors': request.method == 'POST',
    'backend_name': backend_name,
    'active_directory': is_active_directory
  })