def auth_view(request):
'''
Handles the authentication from the login screen
'''
if is_already_locked(request):
return account_locked(request)
username = request.POST.get('username', '').lower()
password = request.POST.get('password', '')
user = auth.authenticate(username=username, password=password)
login_unsuccessful = user is None
AccessLog.objects.create(
user_agent=request.META.get('HTTP_USER_AGENT', '<unknown>')[:255],
ip_address=get_ip(request),
username=username,
http_accept=request.META.get('HTTP_ACCEPT', '<unknown>'),
path_info=request.META.get('PATH_INFO', '<unknown>'),
trusted=not login_unsuccessful,
)
check_request(request, login_unsuccessful)
if not login_unsuccessful:
auth.login(request, user)
return HttpResponseRedirect('/')
else:
return HttpResponseRedirect('/accounts/invalid')
def sign_up_confirmation(request, confirmation_key):
'''
Handles the sign up confirmation
'''
#Check ip has not been locked
if is_already_locked(request):
raise Http404
try:
sign_up = SignUp.objects.get(confirmation_key=confirmation_key)
except:
#Log access attempt
AccessLog.objects.create(
user_agent=request.META.get('HTTP_USER_AGENT', '<unknown>')[:255],
ip_address=get_ip(request),
username=confirmation_key,
http_accept=request.META.get('HTTP_ACCEPT', '<unknown>'),
path_info=request.META.get('PATH_INFO', '<unknown>'),
trusted=False,
)
check_request(request, True)
raise Http404
if request.method == 'POST':
return sign_up_confirmation_post(request, sign_up)
translation.activate(sign_up.language)
return render(request, 'sign_up/choose_password.html', {
'confirmation_key': confirmation_key,
})
def auth_view(request):
'''
Handles the authentication from the login screen
'''
if is_already_locked(request):
return account_locked(request)
username = request.POST.get('username', '').lower()
password = request.POST.get('password', '')
user = auth.authenticate(username=username, password=password)
login_unsuccessful = user is None
AccessLog.objects.create(
user_agent=request.META.get('HTTP_USER_AGENT', '<unknown>')[:255],
ip_address=get_ip(request),
username=username,
http_accept=request.META.get('HTTP_ACCEPT', '<unknown>'),
path_info=request.META.get('PATH_INFO', '<unknown>'),
trusted=not login_unsuccessful,
)
check_request(request, login_unsuccessful)
if login_unsuccessful:
return HttpResponseRedirect('/accounts/invalid')
target_url = request.POST.get('next', '/')
auth.login(request, user)
return HttpResponseRedirect(target_url)
def confirm_invite(request, confirmation_key):
'''
View that confirms an email invite and allows the user to choose a password
'''
#Check ip has not been locked
if is_already_locked(request):
raise Http404
try:
invite = EmailConfirmation.objects.get(confirmation_key=confirmation_key)
except:
#Log access attempt
AccessLog.objects.create(
user_agent=request.META.get('HTTP_USER_AGENT', '<unknown>')[:255],
ip_address=get_ip(request),
username=confirmation_key,
http_accept=request.META.get('HTTP_ACCEPT', '<unknown>'),
path_info=request.META.get('PATH_INFO', '<unknown>'),
trusted=False,
)
check_request(request, True)
return invalid_expired(request)
if request.method != 'POST':
#Ensure user is logged out
auth.logout(request)
template = loader.get_template('email_confirmation/confirm_invite.html')
context = RequestContext(request,{
'invite' : invite,
'person' : invite.person,
'user_who_invited_person' : invite.user_who_invited_person,
})
response = template.render(context)
return HttpResponse(response)
else:
return confirm_invite_post(request, invite)
def confirm_invite(request, confirmation_key):
'''
View that confirms an email invite and allows the user to choose a password
'''
#Check ip has not been locked
if is_already_locked(request):
raise Http404
try:
invite = EmailConfirmation.objects.get(
confirmation_key=confirmation_key)
except:
#Log access attempt
AccessLog.objects.create(
user_agent=request.META.get('HTTP_USER_AGENT', '<unknown>')[:255],
ip_address=get_ip(request),
username=confirmation_key,
http_accept=request.META.get('HTTP_ACCEPT', '<unknown>'),
path_info=request.META.get('PATH_INFO', '<unknown>'),
trusted=False,
)
check_request(request, True)
return invalid_expired(request)
if request.method != 'POST':
#Ensure user is logged out
auth.logout(request)
language = invite.person.language
translation.activate(language)
return render(
request, 'email_confirmation/confirm_invite.html', {
'invite': invite,
'person': invite.person,
'user_who_invited_person': invite.user_who_invited_person,
})
else:
return confirm_invite_post(request, invite)
def post(self, request, *args, **kwargs):
if axes_dec.is_already_locked(request):
return self.lockout_response()
self.serializer = self.get_serializer(data=self.request.data)
try:
self.serializer.is_valid(raise_exception=True)
except ValidationError:
if self.watch_login(request, False):
raise
else:
return self.lockout_response()
if self.watch_login(request, True):
self.login()
return self.get_response()
else:
return self.lockout_response()
def post(self, request, *args, **kwargs):
if axes_dec.is_already_locked(request):
return self.lockout_response()
self.serializer = self.get_serializer(data=self.request.data)
try:
self.serializer.is_valid(raise_exception=True)
except ValidationError:
if self.watch_login(request, False):
raise
else:
return self.lockout_response()
if self.watch_login(request, True):
self.login()
return self.get_response()
else:
return self.lockout_response()
def auth_view(request):
'''
Handles the authentication from the login screen
'''
if is_already_locked(request):
return account_locked(request)
username = request.POST.get('username', '').lower()
password = request.POST.get('password', '')
user = auth.authenticate(username=username, password=password)
login_unsuccessful = user is None
check_request(request, login_unsuccessful)
if login_unsuccessful:
return HttpResponseRedirect('/accounts/invalid')
target_url = request.POST.get('next', '/')
auth.login(request, user)
return HttpResponseRedirect(target_url)