def clean_email(self):
# type: () -> str
"""Returns the email if and only if the user's email address is
allowed to join the realm they are trying to join."""
data = self.cleaned_data['email']
# If the server has a unique open realm, pass
if get_unique_open_realm():
return data
# If a realm is specified and that realm is open, pass
if completely_open(self.domain):
return data
# If no realm is specified, fail
realm = get_valid_realm(data)
if realm is None:
raise ValidationError(mark_safe(SIGNUP_STRING))
# If it's a clear realm not used for Zephyr mirroring, pass
if not realm.is_zephyr_mirror_realm:
return data
# At this point, the user is trying to join a Zephyr mirroring
# realm. We confirm that they are a real account (not a
# mailing list), and if so, let them in.
if not_mit_mailing_list(data):
return data
# Otherwise, the user is an MIT mailing list, and we return failure
raise ValidationError(mark_safe(SIGNUP_STRING))
def clean_email(self):
# type: () -> str
"""Returns the email if and only if the user's email address is
allowed to join the realm they are trying to join."""
email = self.cleaned_data['email']
if get_unique_open_realm():
return email
# Otherwise, the user is trying to join a specific realm.
realm = self.realm
if realm is None and not settings.REALMS_HAVE_SUBDOMAINS:
realm = get_realm_by_email_domain(email)
if realm is None:
if settings.REALMS_HAVE_SUBDOMAINS:
raise ValidationError(_("The organization you are trying to join does not exist."))
else:
raise ValidationError(_("Your email address does not correspond to any existing organization."))
if realm.invite_required:
raise ValidationError(_("Please request an invite from the organization administrator."))
if not email_allowed_for_realm(email, realm):
raise ValidationError(
_("The organization you are trying to join, %(string_id)s, only allows users with e-mail "
"addresses within the organization. Please try a different e-mail address."
% {'string_id': realm.string_id}))
if realm.is_zephyr_mirror_realm:
email_is_not_mit_mailing_list(email)
return email
def clean_email(self):
data = self.cleaned_data['email']
if (get_unique_open_realm() or
completely_open(self.domain) or
(has_valid_realm(data) and not_mit_mailing_list(data))):
return data
raise ValidationError(mark_safe(SIGNUP_STRING))
def clean_email(self):
# type: () -> str
"""Returns the email if and only if the user's email address is
allowed to join the realm they are trying to join."""
email = self.cleaned_data['email']
if get_unique_open_realm():
return email
# Otherwise, the user is trying to join a specific realm.
realm = None
if self.string_id:
realm = get_realm_by_string_id(self.string_id)
elif not settings.REALMS_HAVE_SUBDOMAINS:
realm = get_realm_by_email_domain(email)
if realm is None:
if settings.REALMS_HAVE_SUBDOMAINS:
raise ValidationError(_("The organization you are trying to join does not exist."))
else:
raise ValidationError(_("Your email address does not correspond to any existing organization."))
if realm.invite_required:
raise ValidationError(_("Please request an invite from the organization administrator."))
if not email_allowed_for_realm(email, realm):
raise ValidationError(
_("The organization you are trying to join, %(string_id)s, only allows users with e-mail "
"addresses within the organization. Please try a different e-mail address."
% {'string_id': realm.string_id}))
if realm.is_zephyr_mirror_realm:
email_is_not_mit_mailing_list(email)
return email
def clean_email(self):
# type: () -> str
"""Returns the email if and only if the user's email address is
allowed to join the realm they are trying to join."""
data = self.cleaned_data['email']
# If the server has a unique open realm, pass
if get_unique_open_realm():
return data
# If a realm is specified and that realm is open, pass
if completely_open(self.domain):
return data
# If no realm is specified, fail
realm = get_valid_realm(data)
if realm is None:
raise ValidationError(mark_safe(SIGNUP_STRING))
# If it's a clear realm not used for Zephyr mirroring, pass
if not realm.is_zephyr_mirror_realm:
return data
# At this point, the user is trying to join a Zephyr mirroring
# realm. We confirm that they are a real account (not a
# mailing list), and if so, let them in.
if not_mit_mailing_list(data):
return data
# Otherwise, the user is an MIT mailing list, and we return failure
raise ValidationError(mark_safe(SIGNUP_STRING))
def clean_email(self):
# type: () -> str
data = self.cleaned_data['email']
if (get_unique_open_realm() or completely_open(self.domain)
or (has_valid_realm(data) and not_mit_mailing_list(data))):
return data
raise ValidationError(mark_safe(SIGNUP_STRING))
def clean_email(self):
# type: () -> str
"""Returns the email if and only if the user's email address is
allowed to join the realm they are trying to join."""
email = self.cleaned_data['email']
# If the server has a unique open realm, pass
if get_unique_open_realm():
return email
# If a realm is specified and that realm is open, pass
if completely_open(self.domain):
return email
# If the subdomain encodes a complete open realm, pass
subdomain_realm = get_realm_by_string_id(self.subdomain)
if (subdomain_realm is not None
and completely_open(subdomain_realm.domain)):
return email
# If no realm is specified, fail
realm = get_valid_realm(email)
if realm is None:
raise ValidationError(mark_safe(SIGNUP_STRING))
if realm.is_zephyr_mirror_realm:
email_is_not_mit_mailing_list(email)
return email
def add_settings(request):
# type: (HttpRequest) -> Dict[str, Any]
if hasattr(request, "user") and hasattr(request.user, "realm"):
realm = request.user.realm
elif settings.REALMS_HAVE_SUBDOMAINS:
subdomain = get_subdomain(request)
realm = get_realm(subdomain)
else:
# This will return None if there is no unique, open realm.
realm = get_unique_open_realm()
if realm is not None:
realm_uri = realm.uri
realm_name = realm.name
realm_icon = get_realm_icon_url(realm)
realm_description = realm.description or "The coolest place in the universe."
else:
realm_uri = settings.SERVER_URI
realm_name = None
realm_icon = None
realm_description = None
return {
'realms_have_subdomains': settings.REALMS_HAVE_SUBDOMAINS,
'custom_logo_url': settings.CUSTOM_LOGO_URL,
'register_link_disabled': settings.REGISTER_LINK_DISABLED,
'login_link_disabled': settings.LOGIN_LINK_DISABLED,
'about_link_disabled': settings.ABOUT_LINK_DISABLED,
'show_oss_announcement': settings.SHOW_OSS_ANNOUNCEMENT,
'zulip_admin': settings.ZULIP_ADMINISTRATOR,
'terms_of_service': settings.TERMS_OF_SERVICE,
'privacy_policy': settings.PRIVACY_POLICY,
'login_url': settings.HOME_NOT_LOGGED_IN,
'only_sso': settings.ONLY_SSO,
'external_api_path': settings.EXTERNAL_API_PATH,
'external_api_uri': settings.EXTERNAL_API_URI,
'external_host': settings.EXTERNAL_HOST,
'external_uri_scheme': settings.EXTERNAL_URI_SCHEME,
'realm_uri': realm_uri,
'realm_name': realm_name,
'realm_icon': realm_icon,
'realm_description': realm_description,
'server_uri': settings.SERVER_URI,
'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com",
'email_integration_enabled': settings.EMAIL_GATEWAY_BOT != "",
'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE,
'open_realm_creation': settings.OPEN_REALM_CREATION,
'password_auth_enabled': password_auth_enabled(realm),
'dev_auth_enabled': dev_auth_enabled(realm),
'google_auth_enabled': google_auth_enabled(realm),
'github_auth_enabled': github_auth_enabled(realm),
'any_oauth_backend_enabled': any_oauth_backend_enabled(realm),
'development_environment': settings.DEVELOPMENT,
'support_email': settings.ZULIP_ADMINISTRATOR,
'find_team_link_disabled': settings.FIND_TEAM_LINK_DISABLED,
'password_min_length': settings.PASSWORD_MIN_LENGTH,
'password_min_quality': settings.PASSWORD_MIN_ZXCVBN_QUALITY,
'zulip_version': ZULIP_VERSION,
}
def get_realm_from_request(request):
# type: (HttpRequest) -> Optional[Realm]
if hasattr(request, "user") and hasattr(request.user, "realm"):
return request.user.realm
elif settings.REALMS_HAVE_SUBDOMAINS:
subdomain = get_subdomain(request)
return get_realm(subdomain)
# This will return None if there is no unique, open realm.
return get_unique_open_realm()
def get_realm_from_request(request):
# type: (HttpRequest) -> Optional[Realm]
if hasattr(request, "user") and hasattr(request.user, "realm"):
return request.user.realm
elif settings.REALMS_HAVE_SUBDOMAINS:
subdomain = get_subdomain(request)
return get_realm(subdomain)
# This will return None if there is no unique, open realm.
return get_unique_open_realm()
def clean_email(self):
# type: () -> str
"""Returns the email if and only if the user's email address is
allowed to join the realm they are trying to join."""
email = self.cleaned_data['email']
if get_unique_open_realm():
return email
# Otherwise, the user is trying to join a specific realm.
realm = self.realm
from_multiuse_invite = self.from_multiuse_invite
if realm is None and not settings.REALMS_HAVE_SUBDOMAINS:
realm = get_realm_by_email_domain(email)
if realm is None:
if settings.REALMS_HAVE_SUBDOMAINS:
raise ValidationError(
_("The organization you are trying to "
"join using {email} does not "
"exist.").format(email=email))
else:
raise ValidationError(
_("Your email address, {email}, does not "
"correspond to any existing "
"organization.").format(email=email))
if not from_multiuse_invite and realm.invite_required:
raise ValidationError(
_("Please request an invite for {email} "
"from the organization "
"administrator.").format(email=email))
if not email_allowed_for_realm(email, realm):
raise ValidationError(
_("Your email address, {email}, is not in one of the domains "
"that are allowed to register for accounts in this organization."
).format(string_id=realm.string_id, email=email))
validate_email_for_realm(realm, email)
if realm.is_zephyr_mirror_realm:
email_is_not_mit_mailing_list(email)
return email
def clean_email(self):
# type: () -> str
"""Returns the email if and only if the user's email address is
allowed to join the realm they are trying to join."""
email = self.cleaned_data['email']
if get_unique_open_realm():
return email
# Otherwise, the user is trying to join a specific realm.
realm = self.realm
if realm is None and not settings.REALMS_HAVE_SUBDOMAINS:
realm = get_realm_by_email_domain(email)
if realm is None:
if settings.REALMS_HAVE_SUBDOMAINS:
raise ValidationError(_("The organization you are trying to "
"join using {email} does not "
"exist.").format(email=email))
else:
raise ValidationError(_("Your email address, {email}, does not "
"correspond to any existing "
"organization.").format(email=email))
if realm.invite_required:
raise ValidationError(_("Please request an invite for {email} "
"from the organization "
"administrator.").format(email=email))
if not email_allowed_for_realm(email, realm):
raise ValidationError(
_("Your email address, {email}, is not in one of the domains "
"that are allowed to register for accounts in this organization.").format(
string_id=realm.string_id, email=email))
if realm.is_zephyr_mirror_realm:
email_is_not_mit_mailing_list(email)
return email
def accounts_register(request):
# type: (HttpRequest) -> HttpResponse
key = request.POST['key']
confirmation = Confirmation.objects.get(confirmation_key=key)
prereg_user = confirmation.content_object
email = prereg_user.email
realm_creation = prereg_user.realm_creation
try:
existing_user_profile = get_user_profile_by_email(email)
except UserProfile.DoesNotExist:
existing_user_profile = None
validators.validate_email(email)
# If OPEN_REALM_CREATION is enabled all user sign ups should go through the
# special URL with domain name so that REALM can be identified if multiple realms exist
unique_open_realm = get_unique_open_realm()
if unique_open_realm is not None:
realm = unique_open_realm
domain = realm.domain
elif prereg_user.referred_by:
# If someone invited you, you are joining their realm regardless
# of your e-mail address.
realm = prereg_user.referred_by.realm
domain = realm.domain
if not email_allowed_for_realm(email, realm):
return render_to_response("zerver/closed_realm.html", {"closed_domain_name": realm.name})
elif prereg_user.realm:
# You have a realm set, even though nobody referred you. This
# happens if you sign up through a special URL for an open
# realm.
domain = prereg_user.realm.domain
realm = get_realm(domain)
else:
domain = resolve_email_to_domain(email)
realm = get_realm(domain)
if realm and realm.deactivated:
# The user is trying to register for a deactivated realm. Advise them to
# contact support.
return render_to_response("zerver/deactivated.html",
{"deactivated_domain_name": realm.name,
"zulip_administrator": settings.ZULIP_ADMINISTRATOR})
try:
if existing_user_profile is not None and existing_user_profile.is_mirror_dummy:
# Mirror dummy users to be activated must be inactive
is_inactive(email)
else:
# Other users should not already exist at all.
user_email_is_unique(email)
except ValidationError:
return HttpResponseRedirect(reverse('django.contrib.auth.views.login') + '?email=' +
urllib.parse.quote_plus(email))
name_validated = False
full_name = None
if request.POST.get('from_confirmation'):
try:
del request.session['authenticated_full_name']
except KeyError:
pass
if realm is not None and realm.is_zephyr_mirror_realm and domain == "mit.edu":
# for MIT users, we can get an authoritative name from Hesiod
hesiod_name = compute_mit_user_fullname(email)
form = RegistrationForm(
initial={'full_name': hesiod_name if "@" not in hesiod_name else ""})
name_validated = True
elif settings.POPULATE_PROFILE_VIA_LDAP:
for backend in get_backends():
if isinstance(backend, LDAPBackend):
ldap_attrs = _LDAPUser(backend, backend.django_to_ldap_username(email)).attrs
try:
ldap_full_name = ldap_attrs[settings.AUTH_LDAP_USER_ATTR_MAP['full_name']][0]
request.session['authenticated_full_name'] = ldap_full_name
name_validated = True
# We don't use initial= here, because if the form is
# complete (that is, no additional fields need to be
# filled out by the user) we want the form to validate,
# so they can be directly registered without having to
# go through this interstitial.
form = RegistrationForm({'full_name': ldap_full_name})
# FIXME: This will result in the user getting
# validation errors if they have to enter a password.
# Not relevant for ONLY_SSO, though.
break
except TypeError:
# Let the user fill out a name and/or try another backend
form = RegistrationForm()
elif 'full_name' in request.POST:
form = RegistrationForm(
initial={'full_name': request.POST.get('full_name')}
)
else:
form = RegistrationForm()
else:
postdata = request.POST.copy()
if name_changes_disabled(realm):
# If we populate profile information via LDAP and we have a
# verified name from you on file, use that. Otherwise, fall
# back to the full name in the request.
try:
postdata.update({'full_name': request.session['authenticated_full_name']})
name_validated = True
except KeyError:
pass
form = RegistrationForm(postdata)
if not password_auth_enabled(realm):
form['password'].field.required = False
if form.is_valid():
if password_auth_enabled(realm):
password = form.cleaned_data['password']
else:
# SSO users don't need no passwords
password = None
if realm_creation:
string_id = form.cleaned_data['realm_subdomain']
realm_name = form.cleaned_data['realm_name']
org_type = int(form.cleaned_data['realm_org_type'])
domain = split_email_to_domain(email)
realm = do_create_realm(string_id, realm_name, org_type=org_type,
domain=domain)[0]
set_default_streams(realm, settings.DEFAULT_NEW_REALM_STREAMS)
full_name = form.cleaned_data['full_name']
short_name = email_to_username(email)
first_in_realm = len(UserProfile.objects.filter(realm=realm, is_bot=False)) == 0
# FIXME: sanitize email addresses and fullname
if existing_user_profile is not None and existing_user_profile.is_mirror_dummy:
try:
user_profile = existing_user_profile
do_activate_user(user_profile)
do_change_password(user_profile, password)
do_change_full_name(user_profile, full_name)
except UserProfile.DoesNotExist:
user_profile = do_create_user(email, password, realm, full_name, short_name,
prereg_user=prereg_user,
tos_version=settings.TOS_VERSION,
newsletter_data={"IP": request.META['REMOTE_ADDR']})
else:
user_profile = do_create_user(email, password, realm, full_name, short_name,
prereg_user=prereg_user,
tos_version=settings.TOS_VERSION,
newsletter_data={"IP": request.META['REMOTE_ADDR']})
if first_in_realm:
do_change_is_admin(user_profile, True)
if realm_creation and settings.REALMS_HAVE_SUBDOMAINS:
# Because for realm creation, registration happens on the
# root domain, we need to log them into the subdomain for
# their new realm.
return redirect_and_log_into_subdomain(realm, full_name, email)
# This dummy_backend check below confirms the user is
# authenticating to the correct subdomain.
return_data = {} # type: Dict[str, bool]
auth_result = authenticate(username=user_profile.email,
realm_subdomain=realm.subdomain,
return_data=return_data,
use_dummy_backend=True)
if return_data.get('invalid_subdomain'):
# By construction, this should never happen.
logging.error("Subdomain mismatch in registration %s: %s" % (
realm.subdomain, user_profile.email,))
return redirect('/')
login(request, auth_result)
return HttpResponseRedirect(realm.uri + reverse('zerver.views.home'))
return render_to_response('zerver/register.html',
{'form': form,
'company_name': domain,
'email': email,
'key': key,
'full_name': request.session.get('authenticated_full_name', None),
'lock_name': name_validated and name_changes_disabled(realm),
# password_auth_enabled is normally set via our context processor,
# but for the registration form, there is no logged in user yet, so
# we have to set it here.
'creating_new_team': realm_creation,
'realms_have_subdomains': settings.REALMS_HAVE_SUBDOMAINS,
'password_auth_enabled': password_auth_enabled(realm),
},
request=request)
def accounts_register(request):
# type: (HttpRequest) -> HttpResponse
key = request.POST['key']
confirmation = Confirmation.objects.get(confirmation_key=key)
prereg_user = confirmation.content_object
email = prereg_user.email
realm_creation = prereg_user.realm_creation
try:
existing_user_profile = get_user_profile_by_email(email)
except UserProfile.DoesNotExist:
existing_user_profile = None
validators.validate_email(email)
# If OPEN_REALM_CREATION is enabled all user sign ups should go through the
# special URL with domain name so that REALM can be identified if multiple realms exist
unique_open_realm = get_unique_open_realm()
if unique_open_realm is not None:
realm = unique_open_realm
elif prereg_user.referred_by:
# If someone invited you, you are joining their realm regardless
# of your e-mail address.
realm = prereg_user.referred_by.realm
elif prereg_user.realm:
# You have a realm set, even though nobody referred you. This
# happens if you sign up through a special URL for an open realm.
realm = prereg_user.realm
elif realm_creation:
# For creating a new realm, there is no existing realm or domain
realm = None
elif settings.REALMS_HAVE_SUBDOMAINS:
realm = get_realm(get_subdomain(request))
else:
realm = get_realm_by_email_domain(email)
if realm and not email_allowed_for_realm(email, realm):
return render(request,
"zerver/closed_realm.html",
context={"closed_domain_name": realm.name})
if realm and realm.deactivated:
# The user is trying to register for a deactivated realm. Advise them to
# contact support.
return render(request,
"zerver/deactivated.html",
context={
"deactivated_domain_name": realm.name,
"zulip_administrator": settings.ZULIP_ADMINISTRATOR
})
try:
if existing_user_profile is not None and existing_user_profile.is_mirror_dummy:
# Mirror dummy users to be activated must be inactive
is_inactive(email)
else:
# Other users should not already exist at all.
user_email_is_unique(email)
except ValidationError:
return HttpResponseRedirect(
reverse('django.contrib.auth.views.login') + '?email=' +
urllib.parse.quote_plus(email))
name_validated = False
full_name = None
if request.POST.get('from_confirmation'):
try:
del request.session['authenticated_full_name']
except KeyError:
pass
if realm is not None and realm.is_zephyr_mirror_realm:
# For MIT users, we can get an authoritative name from Hesiod.
# Technically we should check that this is actually an MIT
# realm, but we can cross that bridge if we ever get a non-MIT
# zephyr mirroring realm.
hesiod_name = compute_mit_user_fullname(email)
form = RegistrationForm(
initial={
'full_name': hesiod_name if "@" not in hesiod_name else ""
})
name_validated = True
elif settings.POPULATE_PROFILE_VIA_LDAP:
for backend in get_backends():
if isinstance(backend, LDAPBackend):
ldap_attrs = _LDAPUser(
backend, backend.django_to_ldap_username(email)).attrs
try:
ldap_full_name = ldap_attrs[
settings.AUTH_LDAP_USER_ATTR_MAP['full_name']][0]
request.session[
'authenticated_full_name'] = ldap_full_name
name_validated = True
# We don't use initial= here, because if the form is
# complete (that is, no additional fields need to be
# filled out by the user) we want the form to validate,
# so they can be directly registered without having to
# go through this interstitial.
form = RegistrationForm({'full_name': ldap_full_name})
# FIXME: This will result in the user getting
# validation errors if they have to enter a password.
# Not relevant for ONLY_SSO, though.
break
except TypeError:
# Let the user fill out a name and/or try another backend
form = RegistrationForm()
elif 'full_name' in request.POST:
form = RegistrationForm(
initial={'full_name': request.POST.get('full_name')})
else:
form = RegistrationForm()
else:
postdata = request.POST.copy()
if name_changes_disabled(realm):
# If we populate profile information via LDAP and we have a
# verified name from you on file, use that. Otherwise, fall
# back to the full name in the request.
try:
postdata.update(
{'full_name': request.session['authenticated_full_name']})
name_validated = True
except KeyError:
pass
form = RegistrationForm(postdata)
if not password_auth_enabled(realm):
form['password'].field.required = False
if form.is_valid():
if password_auth_enabled(realm):
password = form.cleaned_data['password']
else:
# SSO users don't need no passwords
password = None
if realm_creation:
string_id = form.cleaned_data['realm_subdomain']
realm_name = form.cleaned_data['realm_name']
org_type = int(form.cleaned_data['realm_org_type'])
realm = do_create_realm(string_id, realm_name,
org_type=org_type)[0]
set_default_streams(realm, settings.DEFAULT_NEW_REALM_STREAMS)
full_name = form.cleaned_data['full_name']
short_name = email_to_username(email)
first_in_realm = len(
UserProfile.objects.filter(realm=realm, is_bot=False)) == 0
# FIXME: sanitize email addresses and fullname
if existing_user_profile is not None and existing_user_profile.is_mirror_dummy:
user_profile = existing_user_profile
do_activate_user(user_profile)
do_change_password(user_profile, password)
do_change_full_name(user_profile, full_name)
else:
user_profile = do_create_user(
email,
password,
realm,
full_name,
short_name,
prereg_user=prereg_user,
tos_version=settings.TOS_VERSION,
newsletter_data={"IP": request.META['REMOTE_ADDR']})
if first_in_realm:
do_change_is_admin(user_profile, True)
if realm_creation and settings.REALMS_HAVE_SUBDOMAINS:
# Because for realm creation, registration happens on the
# root domain, we need to log them into the subdomain for
# their new realm.
return redirect_and_log_into_subdomain(realm, full_name, email)
# This dummy_backend check below confirms the user is
# authenticating to the correct subdomain.
return_data = {} # type: Dict[str, bool]
auth_result = authenticate(username=user_profile.email,
realm_subdomain=realm.subdomain,
return_data=return_data,
use_dummy_backend=True)
if return_data.get('invalid_subdomain'):
# By construction, this should never happen.
logging.error("Subdomain mismatch in registration %s: %s" % (
realm.subdomain,
user_profile.email,
))
return redirect('/')
login(request, auth_result)
return HttpResponseRedirect(realm.uri +
reverse('zerver.views.home.home'))
return render(
request,
'zerver/register.html',
context={
'form': form,
'email': email,
'key': key,
'full_name': request.session.get('authenticated_full_name', None),
'lock_name': name_validated and name_changes_disabled(realm),
# password_auth_enabled is normally set via our context processor,
# but for the registration form, there is no logged in user yet, so
# we have to set it here.
'creating_new_team': realm_creation,
'realms_have_subdomains': settings.REALMS_HAVE_SUBDOMAINS,
'password_auth_enabled': password_auth_enabled(realm),
'MAX_REALM_NAME_LENGTH': str(Realm.MAX_REALM_NAME_LENGTH),
'MAX_NAME_LENGTH': str(UserProfile.MAX_NAME_LENGTH),
'MAX_PASSWORD_LENGTH': str(form.MAX_PASSWORD_LENGTH),
'MAX_REALM_SUBDOMAIN_LENGTH': str(Realm.MAX_REALM_SUBDOMAIN_LENGTH)
})
def get_unique_open_realm_test(request):
return json_success({'realm':get_unique_open_realm().name})
def finish_baidu_oauth2(request):
error = request.GET.get('error')
if error == 'access_denied':
return redirect('/')
elif error is not None:
logging.warning('Error from baidu oauth2 login %r', request.GET)
return HttpResponse(status=400)
# value, hmac_value = request.GET.get('state').split(':')
# if hmac_value != google_oauth2_csrf(request, value):
# logging.warning('baidu oauth2 CSRF error')
# return HttpResponse(status=400)
code = request.GET.get('code')
ask_token_uri = 'https://openapi.baidu.com/oauth/2.0/token?grant_type=authorization_code&code='+code+'&client_id='+\
settings.BAIDU_OAUTH_CLIENT_ID+'&client_secret='+settings.BAIDU_OAUTH_SECRET+\
'&redirect_uri=http://localhost:9991/login/baidu/complete/'
resp = requests.get(
ask_token_uri
)
#check whether get right access token
#if resp.status_code == 400:
# logging.warning('User error converting baidu oauth2 login to token')
# return HttpResponse(status=400)
#elif resp.status_code != 200:
# raise Exception('Could not convert baidu oauth2 code to access_token')
try:
body = extract_json_response(resp)
access_token = body['access_token']
except:
raise Exception('Could not get baidu acess_token.')
ask_info_uri = 'https://openapi.baidu.com/rest/2.0/passport/users/getLoggedInUser?access_token='+access_token
resp_info = requests.post(
ask_info_uri
)
try:
body = extract_json_response(resp_info)
uid = body['uid']
uname= body['uname']
except:
raise Exception('Could not get baidu uid.')
email = Association.get_email_by_account('baidu', uid)
if email == None :
#reigister
full_name = uname
short_name = '----'
password = None
fake_email = uid + '@baidu.com'
Association.create_association(fake_email,'baidu',uid)
realm = get_unique_open_realm()
user_profile = do_create_user(fake_email, password, realm, full_name, short_name)
user_profile = authenticate(username=fake_email, use_dummy_backend=True) # may be non-meaningful
login(request, user_profile)
else:
user_profile = authenticate(username=email, use_dummy_backend=True)
login(request, user_profile)
#if request.user.is_authenticated():
#return json_success({'email':request.user.email, 'baiduid':uid})
# else :
# return json_error("user is not authenticated!")
return HttpResponseRedirect("%s%s" % (settings.EXTERNAL_URI_SCHEME,
request.get_host()))
def zulip_default_context(request):
# type: (HttpRequest) -> Dict[str, Any]
"""Context available to all Zulip Jinja2 templates that have a request
passed in. Designed to provide the long list of variables at the
bottom of this function in a wide range of situations: logged-in
or logged-out, subdomains or not, etc.
The main variable in the below is whether we know the realm, which
is the case if there is only one realm, or we're on a
REALMS_HAVE_SUBDOMAINS subdomain, or the user is logged in.
"""
if hasattr(request, "user") and hasattr(request.user, "realm"):
realm = request.user.realm
elif settings.REALMS_HAVE_SUBDOMAINS:
subdomain = get_subdomain(request)
realm = get_realm(subdomain)
else:
# This will return None if there is no unique, open realm.
realm = get_unique_open_realm()
if realm is not None:
realm_uri = realm.uri
realm_name = realm.name
realm_icon = get_realm_icon_url(realm)
realm_description = realm.description or "The coolest place in the universe."
else:
realm_uri = settings.SERVER_URI
realm_name = None
realm_icon = None
realm_description = None
return {
'realms_have_subdomains': settings.REALMS_HAVE_SUBDOMAINS,
'custom_logo_url': settings.CUSTOM_LOGO_URL,
'register_link_disabled': settings.REGISTER_LINK_DISABLED,
'login_link_disabled': settings.LOGIN_LINK_DISABLED,
'about_link_disabled': settings.ABOUT_LINK_DISABLED,
'show_oss_announcement': settings.SHOW_OSS_ANNOUNCEMENT,
'zulip_admin': settings.ZULIP_ADMINISTRATOR,
'terms_of_service': settings.TERMS_OF_SERVICE,
'privacy_policy': settings.PRIVACY_POLICY,
'login_url': settings.HOME_NOT_LOGGED_IN,
'only_sso': settings.ONLY_SSO,
'external_api_path': settings.EXTERNAL_API_PATH,
'external_api_uri': settings.EXTERNAL_API_URI,
'external_host': settings.EXTERNAL_HOST,
'external_uri_scheme': settings.EXTERNAL_URI_SCHEME,
'realm_uri': realm_uri,
'realm_name': realm_name,
'realm_icon': realm_icon,
'realm_description': realm_description,
'server_uri': settings.SERVER_URI,
'api_site_required': settings.EXTERNAL_API_PATH != "api.zulip.com",
'email_integration_enabled': settings.EMAIL_GATEWAY_BOT != "",
'email_gateway_example': settings.EMAIL_GATEWAY_EXAMPLE,
'open_realm_creation': settings.OPEN_REALM_CREATION,
'password_auth_enabled': password_auth_enabled(realm),
'dev_auth_enabled': dev_auth_enabled(realm),
'google_auth_enabled': google_auth_enabled(realm),
'github_auth_enabled': github_auth_enabled(realm),
'any_oauth_backend_enabled': any_oauth_backend_enabled(realm),
'no_auth_enabled': not auth_enabled_helper(list(AUTH_BACKEND_NAME_MAP.keys()), realm),
'development_environment': settings.DEVELOPMENT,
'support_email': settings.ZULIP_ADMINISTRATOR,
'find_team_link_disabled': settings.FIND_TEAM_LINK_DISABLED,
'password_min_length': settings.PASSWORD_MIN_LENGTH,
'password_min_quality': settings.PASSWORD_MIN_ZXCVBN_QUALITY,
'zulip_version': ZULIP_VERSION,
}
