示例#1
0
def login_optional(request):
    """
    One screen Login with SMS
    :param request:
    :return:

    Prompt for: email, password.
    Offer "Send Pin Code" and "Login" Submit buttons

    Test email and password. Check for MFA setting.
    If MFA is enabled and Login button used with no Pin Code then fail validation
    If User and Password are correct and no MFA then allow login

    If User and Password and MFA and Pin Code then allow Login

    Else fail validation


    """
    args = {}
    if settings.DEBUG:
        print("in accounts.views.sms.login_optional")

    if request.POST:
        form = AuthenticationSMSForm(request.POST)
        if settings.DEBUG:
            print("test login before is_valid()")
            print(request.POST['login'])

            print("pin needed? [%s]" % request.POST['send_pin'])
        if form.is_valid():
            if settings.DEBUG:
                print("in the post section with form instance")
                print(form)
                print("Email:", form.cleaned_data['email'])
            # Do the evaluation logic here
            if request.POST['login'].lower() == 'send pin code':
                if settings.DEBUG:
                    print("Sending PIN")
                try:
                    u = User.objects.get(email=request.POST['email'])
                except User.DoesNotExist:
                    messages.error(request, "Something went wrong.")
                    form = AuthenticationSMSForm(request.POST)
                    form.email = request.POST['email']
                    return render_to_response(
                        'accounts/login_sms.html',
                        RequestContext(
                            request,
                            {'form': form},
                        ))
            else:
                email = form.cleaned_data['email']
                password = form.cleaned_data['password']
                sms_code = form.cleaned_data['sms_code']
                if not validate_sms(username=email, smscode=sms_code):
                    messages.error(request, "Invalid Access Code.")
                    return render_to_response('accounts/login_sms.html',
                                              {'form': AuthenticationForm()},
                                              RequestContext(request))

                user = authenticate(username=email, password=password)

                if user is not None:

                    if user.is_active:
                        django_login(request, user)
                        return HttpResponseRedirect(reverse('home'))
                    else:

                        messages.error(request, "Your account is not active.")
                        return HttpResponseRedirect(reverse('login_sms'))
                else:
                    messages.error(request, "Invalid username or password.")
                    return render_to_response('accounts/login_sms.html',
                                              {'form': AuthenticationForm()},
                                              RequestContext(request))
        else:  # FORM IS NOT VALID
            if settings.DEBUG:
                print("Form is invalid")
            args['form'] = form
            return render(request, 'accounts/login_sms.html', args)

    else:  # Not a POST
        form = AuthenticationSMSForm()
        return render_to_response('accounts/login_sms.html',
                                  context_instance=RequestContext(
                                      request, {'form': form}))
示例#2
0
def login_optional(request):
    """
    One screen Login with SMS
    :param request:
    :return:

    Prompt for: email, password.
    Offer "Send Pin Code" and "Login" Submit buttons

    Test email and password. Check for MFA setting.
    If MFA is enabled and Login button used with no Pin Code then fail validation
    If User and Password are correct and no MFA then allow login

    If User and Password and MFA and Pin Code then allow Login

    Else fail validation


    """
    args = {}
    if settings.DEBUG:
        print("in accounts.views.sms.login_optional")

    if request.POST:
        form = AuthenticationSMSForm(request.POST)
        if settings.DEBUG:
            print("test login before is_valid()")
            print(request.POST['login'])

            print("pin needed? [%s]" % request.POST['send_pin'])
        if form.is_valid():
            if settings.DEBUG:
                print("in the post section with form instance")
                print(form)
                print("Email:", form.cleaned_data['email'])
            # Do the evaluation logic here
            if request.POST['login'].lower() == 'send pin code':
                if settings.DEBUG:
                    print("Sending PIN")
                try:
                    u = User.objects.get(email = request.POST['email'])
                except User.DoesNotExist:
                    messages.error(request, "Something went wrong.")
                    form = AuthenticationSMSForm(request.POST)
                    form.email = request.POST['email']
                    return render_to_response('accounts/login_sms.html',
                                            RequestContext(request,{'form': form},))
            else:
                email = form.cleaned_data['email']
                password = form.cleaned_data['password']
                sms_code = form.cleaned_data['sms_code']
                if not validate_sms(username=email, smscode=sms_code):
                    messages.error(request, "Invalid Access Code.")
                    return render_to_response('accounts/login_sms.html',
                                              {'form': AuthenticationForm()},
                                              RequestContext(request))

                user=authenticate(username=email, password=password)

                if user is not None:

                    if user.is_active:
                        django_login(request, user)
                        return HttpResponseRedirect(reverse('home'))
                    else:

                        messages.error(request, "Your account is not active.")
                        return HttpResponseRedirect(reverse('login_sms'))
                else:
                    messages.error(request, "Invalid username or password.")
                    return render_to_response('accounts/login_sms.html',
                                          {'form': AuthenticationForm()},
                                          RequestContext(request))
        else:            # FORM IS NOT VALID
            if settings.DEBUG:
                print("Form is invalid")
            args['form'] = form
            return render(request, 'accounts/login_sms.html', args )

    else: # Not a POST
        form = AuthenticationSMSForm()
        return render_to_response('accounts/login_sms.html',
                                  context_instance=RequestContext(request,
                                                                  {'form': form}))
示例#3
0
def login_optional_sms(request):
    """
    One screen Login with SMS
    :param request:
    :return:

    Prompt for: email, password.
    Offer "Send Pin Code" and "Login" Submit buttons

    Test email and password. Check for MFA setting.
    If MFA is enabled and Login button used with no Pin Code then fail validation
    If User and Password are correct and no MFA then allow login

    If User and Password and MFA and Pin Code then allow Login

    Else fail validation


    """

    if settings.DEBUG:
        print("in accounts.views.sms.login_optional_sms")

    if request.method == 'POST':
        # handle the form input
        if settings.DEBUG:
            print("in the POST")
        form = AuthenticationSMSForm(request.POST)

        # check for Login Method:
        # 1. = Login
        # 2. = Send Pin Code
        if request.POST['login'].lower() == 'send pin code':
            if settings.DEBUG:
                print("Sending Code to %s" % (request.POST['email']))

            try:
                u = User.objects.get(email=request.POST['email'])
            except User.DoesNotExist:
                messages.error(request, "Something went wrong.")
                form = AuthenticationSMSForm(request.POST)
                form.email = request.POST['email']
                return render_to_response('accounts/login_sms.html',
                                          {'form': form},
                                          RequestContext(request))
            mfa_required = u.mfa
            email_address = u.email

            if u.is_active:
                form = AuthenticationSMSForm()
                form.email = email_address

                if mfa_required:
                    ValidSMSCode.objects.create(user=u)
                    messages.success(
                        request,
                        "A text message was sent to your mobile phone.")
                else:
                    messages.success(
                        request, "Your account is active. Continue Login.")
            return render_to_response('accounts/login_sms.html',
                                      RequestContext(request, {'form': form}))

        elif request.POST['login'].lower() == 'login':
            if settings.DEBUG:
                print("in login step")

        if form.is_valid:
            if settings.DEBUG:
                print("Valid form received")
            # print "Authenticate"
            email = form.cleaned_data.get['email']
            password = form.cleaned_data.get['password']
            sms_code = form.cleaned_data.get['sms_code']
            if not validate_sms(username=email, smscode=sms_code):
                messages.error(request, "Invalid Access Code.")
                return render_to_response('accounts/login_sms.html',
                                          {'form': AuthenticationSMSForm()},
                                          RequestContext(request))

            user = authenticate(username=email, password=password)

            if user is not None:

                if user.is_active:
                    django_login(request, user)
                    return HttpResponseRedirect(reverse('home'))
                else:

                    messages.error(request, "Your account is not active.")
                    return HttpResponseRedirect(reverse('sms_code'))
            else:
                messages.error(request, "Invalid username or password.")
                return render_to_response('accounts/login.html',
                                          {'form': AuthenticationForm()},
                                          RequestContext(request))

        else:
            # form is not valid
            form.email = form.cleaned_data['email']
            form.password = form.cleaned_data['password']
            render_to_response('accounts/login_sms.html',
                               context_instance=RequestContext(
                                   request,
                                   {'form': form},
                               ))
    else:
        # setup the form. We are entering with a GET to the page.
        if settings.DEBUG:
            print("setting up sms.login_optional_sms form")
        form = AuthenticationSMSForm
    return render_to_response('accounts/login_sms.html',
                              context_instance=RequestContext(
                                  request,
                                  {'form': form},
                              ))
示例#4
0
def login_optional_sms(request):
    """
    One screen Login with SMS
    :param request:
    :return:

    Prompt for: email, password.
    Offer "Send Pin Code" and "Login" Submit buttons

    Test email and password. Check for MFA setting.
    If MFA is enabled and Login button used with no Pin Code then fail validation
    If User and Password are correct and no MFA then allow login

    If User and Password and MFA and Pin Code then allow Login

    Else fail validation


    """

    if settings.DEBUG:
        print("in accounts.views.sms.login_optional_sms")

    if request.method == 'POST':
        # handle the form input
        if settings.DEBUG:
            print("in the POST")
        form = AuthenticationSMSForm(request.POST)

        # check for Login Method:
        # 1. = Login
        # 2. = Send Pin Code
        if request.POST['login'].lower() == 'send pin code':
            if settings.DEBUG:
                print("Sending Code to %s" % (request.POST['email']))

            try:
                u = User.objects.get(email = request.POST['email'])
            except User.DoesNotExist:
                messages.error(request, "Something went wrong.")
                form = AuthenticationSMSForm(request.POST)
                form.email = request.POST['email']
                return render_to_response('accounts/login_sms.html',
                                          {'form': form},
                                            RequestContext(request))
            mfa_required = u.mfa
            email_address = u.email

            if u.is_active:
                form = AuthenticationSMSForm()
                form.email = email_address

                if mfa_required:
                    ValidSMSCode.objects.create(user=u)
                    messages.success(request, "A text message was sent to your mobile phone.")
                else:
                    messages.success(request, "Your account is active. Continue Login.")
            return render_to_response('accounts/login_sms.html',
                                      RequestContext(request,{'form': form} ))

        elif request.POST['login'].lower() == 'login':
            if settings.DEBUG:
                print("in login step")

        if form.is_valid:
            if settings.DEBUG:
                print("Valid form received")
            # print "Authenticate"
            email = form.cleaned_data.get['email']
            password = form.cleaned_data.get['password']
            sms_code = form.cleaned_data.get['sms_code']
            if not validate_sms(username=email, smscode=sms_code):
                messages.error(request, "Invalid Access Code.")
                return render_to_response('accounts/login_sms.html',
                                          {'form': AuthenticationSMSForm()},
                                            RequestContext(request))

            user=authenticate(username=email, password=password)

            if user is not None:

                if user.is_active:
                    django_login(request, user)
                    return HttpResponseRedirect(reverse('home'))
                else:

                    messages.error(request, "Your account is not active.")
                    return HttpResponseRedirect(reverse('sms_code'))
            else:
                messages.error(request, "Invalid username or password.")
                return render_to_response('accounts/login.html',
                                          {'form': AuthenticationForm()},
                              RequestContext(request))

        else:
            # form is not valid
            form.email = form.cleaned_data['email']
            form.password = form.cleaned_data['password']
            render_to_response('accounts/login_sms.html',
                              context_instance = RequestContext(request, {'form':form},))
    else:
        # setup the form. We are entering with a GET to the page.
        if settings.DEBUG:
            print("setting up sms.login_optional_sms form")
        form = AuthenticationSMSForm
    return render_to_response('accounts/login_sms.html',
                              context_instance = RequestContext(request, {'form':form},))