Пример #1
0
	def __init__(self, *args, **kwargs):
		super(PermissionDenied, self).__init__(*args, **kwargs)
		from django.core.handlers.wsgi import WSGIRequest
		final_text = ''
		request = kwargs.get('request', None) or args[0] if len(args) >= 1 else None
		message = kwargs.get('message', '') or kwargs.get('msg', '') or args[0] if len(args) >= 1 else ''
		if isinstance(request, WSGIRequest):
			final_text = 'Access denied to %s for %s' % (request.user.username, this_function_caller_name())
		if message and isinstance(message, basestring):
			if final_text:
				message = ' (%s)' % message
			final_text += message
		logger.warning(final_text)
Пример #2
0
def process_login(request):
	""" Default handler to login user
	
	
	:param request: HttpRequest
	"""
	
	code = request.GET.get('code', '')
	if code:
		json_header = { 'content-type': 'application/json' }
		token_url = 'https://%s/oauth/token' % settings.AUTH0_DOMAIN
		
		token_payload = {
			'client_id'    : settings.AUTH0_CLIENT_ID,
			'client_secret': settings.AUTH0_SECRET,
			'redirect_uri' : settings.AUTH0_CALLBACK_URL,
			'code'         : code,
			'grant_type'   : 'authorization_code'
		}
		
		token_info = requests.post(token_url,
			data=json.dumps(token_payload),
			headers=json_header).json()
		
		if 'error' not in token_info:
			url = 'https://%s/userinfo?access_token=%s'
			user_url = url % (settings.AUTH0_DOMAIN, token_info['access_token'])
			user_info = requests.get(user_url).json()
			
			user = auth.authenticate(**user_info)
			assert isinstance(user, User)
			# We're saving all user information into the session
			request.session['profile'] = user_info
			
			if user and user.is_active:
				auth.login(request, user)
				logger.info('AUTH success for %s (%s)' % (user.username, user.email))
			else: # error from django auth (i.e. inactive user, or id mismatch)
				request.session['profile'] = None
				logger.warning('AUTH denied for %s (%s)' % (user.username, user.email))
				return HttpResponse(status=403)
		else: # error from AUTH0
			print(token_info)
			if token_info['error'] == 'access_denied':
				logger.warning('AUTH failure [%s]' % str(token_info))
				return HttpResponse(status=503)
	else:
		logger.warning('AUTH invalid GET[%s] POST[%s] content: %s' % (request.GET.__dict__,
		request.POST.__dict__, str(request.body)))
		print ('unsupported auth type :\n', request.GET.__dict__, request.POST.__dict__)
	
	return index(request)