def dt_login(request):
redirect_to = request.REQUEST.get('next', '/')
is_first_login_ever = first_login_ever()
backend_names = get_backend_names()
is_active_directory = 'LdapBackend' in backend_names and ( bool(LDAP.NT_DOMAIN.get()) or bool(LDAP.LDAP_SERVERS.get()) )
if is_active_directory:
UserCreationForm = auth_forms.LdapUserCreationForm
AuthenticationForm = auth_forms.LdapAuthenticationForm
else:
UserCreationForm = auth_forms.UserCreationForm
AuthenticationForm = auth_forms.AuthenticationForm
if request.method == 'POST':
request.audit = {
'operation': 'USER_LOGIN',
'username': request.POST.get('username')
}
# For first login, need to validate user info!
first_user_form = is_first_login_ever and UserCreationForm(data=request.POST) or None
first_user = first_user_form and first_user_form.is_valid()
if first_user or not is_first_login_ever:
auth_form = AuthenticationForm(data=request.POST)
if auth_form.is_valid():
# Must login by using the AuthenticationForm.
# It provides 'backends' on the User object.
user = auth_form.get_user()
userprofile = get_profile(user)
login(request, user)
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
if is_first_login_ever or 'AllowAllBackend' in backend_names or 'LdapBackend' in backend_names:
# Create home directory for first user.
try:
ensure_home_directory(request.fs, user.username)
except (IOError, WebHdfsException), e:
LOG.error(_('Could not create home directory.'), exc_info=e)
request.error(_('Could not create home directory.'))
if require_change_password(userprofile):
return HttpResponseRedirect(urlresolvers.reverse('useradmin.views.edit_user', kwargs={'username': user.username}))
userprofile.first_login = False
userprofile.save()
msg = 'Successful login for user: %s' % user.username
request.audit['operationText'] = msg
access_warn(request, msg)
return HttpResponseRedirect(redirect_to)
else:
request.audit['allowed'] = False
msg = 'Failed login for user: %s' % request.POST.get('username')
request.audit['operationText'] = msg
access_warn(request, msg)
def dt_login(request):
redirect_to = request.REQUEST.get('next', '/')
is_first_login_ever = first_login_ever()
backend_names = get_backend_names()
is_active_directory = 'LdapBackend' in backend_names and (bool(
LDAP.NT_DOMAIN.get()) or bool(LDAP.LDAP_SERVERS.get()))
if is_active_directory:
UserCreationForm = auth_forms.LdapUserCreationForm
AuthenticationForm = auth_forms.LdapAuthenticationForm
else:
UserCreationForm = auth_forms.UserCreationForm
AuthenticationForm = auth_forms.AuthenticationForm
if request.method == 'POST':
# For first login, need to validate user info!
first_user_form = is_first_login_ever and UserCreationForm(
data=request.POST) or None
first_user = first_user_form and first_user_form.is_valid()
if first_user or not is_first_login_ever:
auth_form = AuthenticationForm(data=request.POST)
if auth_form.is_valid():
# Must login by using the AuthenticationForm.
# It provides 'backends' on the User object.
user = auth_form.get_user()
userprofile = get_profile(user)
login(request, user)
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
if is_first_login_ever or 'AllowAllBackend' in backend_names or 'LdapBackend' in backend_names:
# Create home directory for first user.
try:
ensure_home_directory(request.fs, user.username)
except (IOError, WebHdfsException), e:
LOG.error(_('Could not create home directory.'),
exc_info=e)
request.error(_('Could not create home directory.'))
if require_change_password(userprofile):
return HttpResponseRedirect(
urlresolvers.reverse(
'useradmin.views.edit_user',
kwargs={'username': user.username}))
userprofile.first_login = False
userprofile.save()
access_warn(request, '"%s" login ok' % (user.username, ))
return HttpResponseRedirect(redirect_to)
else:
access_warn(
request, 'Failed login for user "%s"' %
(request.POST.get('username'), ))
def dt_login(request, from_modal=False):
redirect_to = request.GET.get('next', '/')
is_first_login_ever = first_login_ever()
backend_names = auth_forms.get_backend_names()
is_active_directory = auth_forms.is_active_directory()
is_ldap_option_selected = 'server' not in request.POST or request.POST.get('server') == 'LDAP' \
or request.POST.get('server') in auth_forms.get_ldap_server_keys()
if is_active_directory and is_ldap_option_selected:
UserCreationForm = auth_forms.LdapUserCreationForm
AuthenticationForm = auth_forms.LdapAuthenticationForm
else:
UserCreationForm = auth_forms.UserCreationForm
if 'ImpersonationBackend' in backend_names:
AuthenticationForm = ImpersonationAuthenticationForm
else:
AuthenticationForm = auth_forms.AuthenticationForm
if request.method == 'POST':
request.audit = {
'operation': 'USER_LOGIN',
'username': request.POST.get('username')
}
# For first login, need to validate user info!
first_user_form = is_first_login_ever and UserCreationForm(
data=request.POST) or None
first_user = first_user_form and first_user_form.is_valid()
if first_user or not is_first_login_ever:
auth_form = AuthenticationForm(data=request.POST)
if auth_form.is_valid():
# Must login by using the AuthenticationForm. It provides 'backends' on the User object.
user = auth_form.get_user()
userprofile = get_profile(user)
login(request, user)
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
try:
ensure_home_directory(request.fs, user)
except (IOError, WebHdfsException), e:
LOG.error(
'Could not create home directory at login for %s.' %
user,
exc_info=e)
if require_change_password(userprofile):
return HttpResponseRedirect(
urlresolvers.reverse(
'useradmin.views.edit_user',
kwargs={'username': user.username}))
userprofile.first_login = False
userprofile.last_activity = datetime.now()
userprofile.save()
msg = 'Successful login for user: %s' % user.username
request.audit['operationText'] = msg
access_warn(request, msg)
if from_modal or request.GET.get('fromModal',
'false') == 'true':
return JsonResponse({'auth': True})
else:
return HttpResponseRedirect(redirect_to)
else:
request.audit['allowed'] = False
msg = 'Failed login for user: %s' % request.POST.get(
'username')
request.audit['operationText'] = msg
access_warn(request, msg)
if from_modal or request.GET.get('fromModal',
'false') == 'true':
return JsonResponse({'auth': False})
def dt_login(request, from_modal=False):
redirect_to = request.REQUEST.get('next', '/')
is_first_login_ever = first_login_ever()
backend_names = get_backend_names()
is_active_directory = 'LdapBackend' in backend_names and (bool(
LDAP.NT_DOMAIN.get()) or bool(LDAP.LDAP_SERVERS.get()))
if is_active_directory:
UserCreationForm = auth_forms.LdapUserCreationForm
AuthenticationForm = auth_forms.LdapAuthenticationForm
else:
UserCreationForm = auth_forms.UserCreationForm
AuthenticationForm = auth_forms.AuthenticationForm
if request.method == 'POST':
request.audit = {
'operation': 'USER_LOGIN',
'username': request.POST.get('username')
}
# For first login, need to validate user info!
first_user_form = is_first_login_ever and UserCreationForm(
data=request.POST) or None
first_user = first_user_form and first_user_form.is_valid()
if first_user or not is_first_login_ever:
auth_form = AuthenticationForm(data=request.POST)
if auth_form.is_valid():
# Must login by using the AuthenticationForm.
# It provides 'backends' on the User object.
user = auth_form.get_user()
userprofile = get_profile(user)
login(request, user)
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
auto_create_home_backends = [
'AllowAllBackend', 'LdapBackend', 'SpnegoDjangoBackend'
]
if is_first_login_ever or any(
backend in backend_names
for backend in auto_create_home_backends):
# Create home directory for first user.
try:
ensure_home_directory(request.fs, user.username)
except (IOError, WebHdfsException), e:
LOG.error(_('Could not create home directory.'),
exc_info=e)
request.error(_('Could not create home directory.'))
if require_change_password(userprofile):
return HttpResponseRedirect(
urlresolvers.reverse(
'useradmin.views.edit_user',
kwargs={'username': user.username}))
userprofile.first_login = False
userprofile.last_activity = datetime.now()
userprofile.save()
msg = 'Successful login for user: %s' % user.username
request.audit['operationText'] = msg
access_warn(request, msg)
if from_modal or request.REQUEST.get('fromModal',
'false') == 'true':
return JsonResponse({'auth': True})
else:
return HttpResponseRedirect(redirect_to)
else:
request.audit['allowed'] = False
msg = 'Failed login for user: %s' % request.POST.get(
'username')
request.audit['operationText'] = msg
access_warn(request, msg)
if from_modal or request.REQUEST.get('fromModal',
'false') == 'true':
return JsonResponse({'auth': False})
def dt_login(request, from_modal=False):
if request.method == 'GET':
redirect_to = request.GET.get('next', '/')
else:
redirect_to = request.POST.get('next', '/')
is_first_login_ever = first_login_ever()
backend_names = auth_forms.get_backend_names()
is_active_directory = auth_forms.is_active_directory()
is_ldap_option_selected = 'server' not in request.POST or request.POST.get('server') == 'LDAP' or \
request.POST.get('server') in auth_forms.get_ldap_server_keys()
if is_active_directory and is_ldap_option_selected:
UserCreationForm = auth_forms.LdapUserCreationForm
AuthenticationForm = auth_forms.LdapAuthenticationForm
else:
UserCreationForm = auth_forms.UserCreationForm
if 'ImpersonationBackend' in backend_names:
AuthenticationForm = ImpersonationAuthenticationForm
else:
AuthenticationForm = auth_forms.AuthenticationForm
if ENABLE_ORGANIZATIONS.get():
UserCreationForm = OrganizationUserCreationForm
AuthenticationForm = OrganizationAuthenticationForm
if request.method == 'POST':
request.audit = {
'operation': 'USER_LOGIN',
'username': request.POST.get('username', request.POST.get('email'))
}
# For first login, need to validate user info!
first_user_form = is_first_login_ever and UserCreationForm(data=request.POST) or None
first_user = first_user_form and first_user_form.is_valid()
if first_user or not is_first_login_ever:
auth_form = AuthenticationForm(data=request.POST)
if auth_form.is_valid():
# Must login by using the AuthenticationForm. It provides 'backend' on the User object.
user = auth_form.get_user()
userprofile = get_profile(user)
login(request, user)
# If Test cookie exists , it should be deleted
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
if request.fs is None:
request.fs = fsmanager.get_filesystem(request.fs_ref)
try:
ensure_home_directory(request.fs, user)
except (IOError, WebHdfsException) as e:
LOG.error('Could not create home directory at login for %s.' % user, exc_info=e)
if require_change_password(userprofile):
return HttpResponseRedirect('/hue' + reverse('useradmin:useradmin.views.edit_user', kwargs={'username': user.username}))
userprofile.first_login = False
userprofile.last_activity = datetime.now()
if userprofile.creation_method == UserProfile.CreationMethod.EXTERNAL: # This is to fix a bug in Hue 4.3
userprofile.creation_method = UserProfile.CreationMethod.EXTERNAL.name
userprofile.update_data({'auth_backend': user.backend})
userprofile.save()
msg = 'Successful login for user: %s' % user.username
request.audit['operationText'] = msg
access_warn(request, msg)
if from_modal or request.GET.get('fromModal', 'false') == 'true':
return JsonResponse({'auth': True})
else:
return HttpResponseRedirect(redirect_to)
else:
request.audit['allowed'] = False
msg = 'Failed login for user: %s' % request.POST.get('username', request.POST.get('email'))
request.audit['operationText'] = msg
access_warn(request, msg)
if from_modal or request.GET.get('fromModal', 'false') == 'true':
return JsonResponse({'auth': False})
else:
first_user_form = None
auth_form = AuthenticationForm()
# SAML/OIDC user is already authenticated in djangosaml2.views.login
if hasattr(request, 'fs') and (
'KnoxSpnegoDjangoBackend' in backend_names or 'SpnegoDjangoBackend' in backend_names or 'OIDCBackend' in backend_names or
'SAML2Backend' in backend_names
) and request.user.is_authenticated:
if request.fs is None:
request.fs = fsmanager.get_filesystem(request.fs_ref)
try:
ensure_home_directory(request.fs, request.user)
except (IOError, WebHdfsException) as e:
LOG.error('Could not create home directory for %s user %s.' % ('OIDC' if 'OIDCBackend' in backend_names else 'SAML', request.user))
if request.user.is_authenticated and not from_modal:
return HttpResponseRedirect(redirect_to)
if is_active_directory and not is_ldap_option_selected and \
request.method == 'POST' and request.user.username != request.POST.get('username'):
# local user login failed, give the right auth_form with 'server' field
auth_form = auth_forms.LdapAuthenticationForm()
if not from_modal and SESSION.ENABLE_TEST_COOKIE.get() :
request.session.set_test_cookie()
if 'SAML2Backend' in backend_names:
request.session['samlgroup_permitted_flag'] = samlgroup_check(request)
renderable_path = 'login.mako'
if from_modal:
renderable_path = 'login_modal.mako'
response = render(renderable_path, request, {
'action': reverse('desktop_auth_views_dt_login'),
'form': first_user_form or auth_form,
'next': redirect_to,
'first_login_ever': is_first_login_ever,
'login_errors': request.method == 'POST',
'backend_names': backend_names,
'active_directory': is_active_directory,
'user': request.user
})
if not request.user.is_authenticated:
response.delete_cookie(LOAD_BALANCER_COOKIE) # Note: might be re-balanced to another Hue on login.
return response
def dt_login(request, from_modal=False):
redirect_to = request.REQUEST.get("next", "/")
is_first_login_ever = first_login_ever()
backend_names = get_backend_names()
is_active_directory = "LdapBackend" in backend_names and (
bool(LDAP.NT_DOMAIN.get()) or bool(LDAP.LDAP_SERVERS.get())
)
if is_active_directory:
UserCreationForm = auth_forms.LdapUserCreationForm
AuthenticationForm = auth_forms.LdapAuthenticationForm
else:
UserCreationForm = auth_forms.UserCreationForm
AuthenticationForm = auth_forms.AuthenticationForm
if request.method == "POST":
request.audit = {"operation": "USER_LOGIN", "username": request.POST.get("username")}
# For first login, need to validate user info!
first_user_form = is_first_login_ever and UserCreationForm(data=request.POST) or None
first_user = first_user_form and first_user_form.is_valid()
if first_user or not is_first_login_ever:
auth_form = AuthenticationForm(data=request.POST)
if auth_form.is_valid():
# Must login by using the AuthenticationForm.
# It provides 'backends' on the User object.
user = auth_form.get_user()
userprofile = get_profile(user)
login(request, user)
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
if is_first_login_ever or "AllowAllBackend" in backend_names or "LdapBackend" in backend_names:
# Create home directory for first user.
try:
ensure_home_directory(request.fs, user.username)
except (IOError, WebHdfsException), e:
LOG.error(_("Could not create home directory."), exc_info=e)
request.error(_("Could not create home directory."))
if require_change_password(userprofile):
return HttpResponseRedirect(
urlresolvers.reverse("useradmin.views.edit_user", kwargs={"username": user.username})
)
userprofile.first_login = False
userprofile.last_activity = datetime.now()
userprofile.save()
msg = "Successful login for user: %s" % user.username
request.audit["operationText"] = msg
access_warn(request, msg)
if from_modal or request.REQUEST.get("fromModal", "false") == "true":
return JsonResponse({"auth": True})
else:
return HttpResponseRedirect(redirect_to)
else:
request.audit["allowed"] = False
msg = "Failed login for user: %s" % request.POST.get("username")
request.audit["operationText"] = msg
access_warn(request, msg)
if from_modal or request.REQUEST.get("fromModal", "false") == "true":
return JsonResponse({"auth": False})
def dt_login(request, from_modal=False):
if request.method == 'GET':
redirect_to = request.GET.get('next', '/')
else:
redirect_to = request.POST.get('next', '/')
is_first_login_ever = first_login_ever()
backend_names = auth_forms.get_backend_names()
is_active_directory = auth_forms.is_active_directory()
is_ldap_option_selected = 'server' not in request.POST or request.POST.get('server') == 'LDAP' \
or request.POST.get('server') in auth_forms.get_ldap_server_keys()
if is_active_directory and is_ldap_option_selected:
UserCreationForm = auth_forms.LdapUserCreationForm
AuthenticationForm = auth_forms.LdapAuthenticationForm
else:
UserCreationForm = auth_forms.UserCreationForm
if 'ImpersonationBackend' in backend_names:
AuthenticationForm = ImpersonationAuthenticationForm
else:
AuthenticationForm = auth_forms.AuthenticationForm
if request.method == 'POST':
request.audit = {
'operation': 'USER_LOGIN',
'username': request.POST.get('username')
}
# For first login, need to validate user info!
first_user_form = is_first_login_ever and UserCreationForm(data=request.POST) or None
first_user = first_user_form and first_user_form.is_valid()
if first_user or not is_first_login_ever:
auth_form = AuthenticationForm(data=request.POST)
if auth_form.is_valid():
# Must login by using the AuthenticationForm. It provides 'backends' on the User object.
user = auth_form.get_user()
userprofile = get_profile(user)
login(request, user)
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
try:
ensure_home_directory(request.fs, user)
except (IOError, WebHdfsException), e:
LOG.error('Could not create home directory at login for %s.' % user, exc_info=e)
if require_change_password(userprofile):
return HttpResponseRedirect(urlresolvers.reverse('useradmin.views.edit_user', kwargs={'username': user.username}))
userprofile.first_login = False
userprofile.last_activity = datetime.now()
# This is to fix a bug in Hue 4.3
if userprofile.creation_method == UserProfile.CreationMethod.EXTERNAL:
userprofile.creation_method = UserProfile.CreationMethod.EXTERNAL.name
userprofile.save()
msg = 'Successful login for user: %s' % user.username
request.audit['operationText'] = msg
access_warn(request, msg)
if from_modal or request.GET.get('fromModal', 'false') == 'true':
return JsonResponse({'auth': True})
else:
return HttpResponseRedirect(redirect_to)
else:
request.audit['allowed'] = False
msg = 'Failed login for user: %s' % request.POST.get('username')
request.audit['operationText'] = msg
access_warn(request, msg)
if from_modal or request.GET.get('fromModal', 'false') == 'true':
return JsonResponse({'auth': False})
def dt_login(request):
redirect_to = request.REQUEST.get('next', '/')
is_first_login_ever = first_login_ever()
backend_name = get_backend_name()
is_active_directory = backend_name == 'LdapBackend' and ( bool(LDAP.NT_DOMAIN.get()) or bool(LDAP.LDAP_SERVERS.get()) )
if is_active_directory:
UserCreationForm = auth_forms.LdapUserCreationForm
AuthenticationForm = auth_forms.LdapAuthenticationForm
else:
UserCreationForm = auth_forms.UserCreationForm
AuthenticationForm = auth_forms.AuthenticationForm
if request.method == 'POST':
# For first login, need to validate user info!
first_user_form = is_first_login_ever and UserCreationForm(data=request.POST) or None
first_user = first_user_form and first_user_form.is_valid()
if first_user or not is_first_login_ever:
auth_form = AuthenticationForm(data=request.POST)
if auth_form.is_valid():
# Must login by using the AuthenticationForm.
# It provides 'backends' on the User object.
user = auth_form.get_user()
userprofile = get_profile(user)
login(request, user)
if request.session.test_cookie_worked():
request.session.delete_test_cookie()
# For Bluemix - don't try to create HDFS home directory because we're ignoring the identity of the Hue user
#if is_first_login_ever or backend_name in ('AllowAllBackend', 'LdapBackend'):
# # Create home directory for first user.
# try:
# ensure_home_directory(request.fs, user.username)
# except (IOError, WebHdfsException), e:
# LOG.error(_('Could not create home directory.'), exc_info=e)
# request.error(_('Could not create home directory.'))
if require_change_password(userprofile):
return HttpResponseRedirect(urlresolvers.reverse('useradmin.views.edit_user', kwargs={'username': user.username}))
userprofile.first_login = False
userprofile.save()
access_warn(request, '"%s" login ok' % (user.username,))
return HttpResponseRedirect(redirect_to)
else:
access_warn(request, 'Failed login for user "%s"' % (request.POST.get('username'),))
else:
first_user_form = None
auth_form = AuthenticationForm()
if DEMO_ENABLED.get() and not 'admin' in request.REQUEST:
user = authenticate(username='', password='')
login(request, user)
ensure_home_directory(request.fs, user.username)
return HttpResponseRedirect(redirect_to)
request.session.set_test_cookie()
return render('login.mako', request, {
'action': urlresolvers.reverse('desktop.auth.views.dt_login'),
'form': first_user_form or auth_form,
'next': redirect_to,
'first_login_ever': is_first_login_ever,
'login_errors': request.method == 'POST',
'backend_name': backend_name,
'active_directory': is_active_directory
})