def login(request, template_name="lfs/checkout/login.html"): """Displays a form to login or register/login the user within the check out process. The form's post request goes to lfs.customer.views.login where all the logic happens - see there for more. """ # If the user is already authenticate we don't want to show this view at all if request.user.is_authenticated(): return HttpResponseRedirect(reverse("lfs_checkout")) shop = lfs.core.utils.get_default_shop(request) # If only anonymous checkout allowed we don't want to show this view at all. if shop.checkout_type == CHECKOUT_TYPE_ANON: return HttpResponseRedirect(reverse("lfs_checkout")) # Using Djangos default AuthenticationForm login_form = CustomerAuthenticationForm() register_form = RegisterForm() if request.POST.get("action") == "login": login_form = CustomerAuthenticationForm(data=request.POST) login_form.fields["username"].label = _(u"E-Mail") if login_form.is_valid(): from django.contrib.auth import login login(request, login_form.get_user()) return lfs.core.utils.set_message_cookie(reverse("lfs_checkout"), msg=_(u"You have been logged in.")) elif request.POST.get("action") == "register": register_form = RegisterForm(data=request.POST) if register_form.is_valid(): email = register_form.data.get("email") password = register_form.data.get("password_1") # Create user user = User.objects.create_user( username=create_unique_username(email), email=email, password=password) # Notify lfs.core.signals.customer_added.send(sender=user) # Log in user from django.contrib.auth import authenticate user = authenticate(username=email, password=password) from django.contrib.auth import login login(request, user) return lfs.core.utils.set_message_cookie(reverse("lfs_checkout"), msg=_(u"You have been registered and logged in.")) return render(request, template_name, { "login_form": login_form, "register_form": register_form, "anonymous_checkout": shop.checkout_type != CHECKOUT_TYPE_AUTH, })
def login(request, template_name="lfs/customer/login.html"): """Custom view to login or register/login a user. The reason to use a custom login method are: * validate checkout type * integration of register and login form It uses Django's standard AuthenticationForm, though. """ # shop = lfs.core.utils.get_default_shop(request) # If only anonymous checkout is allowed this view doesn't exists :) # if shop.checkout_type == CHECKOUT_TYPE_ANON: # raise Http404() login_form = CustomerAuthenticationForm() login_form.fields["username"].label = _(u"E-Mail") RegisterForm = lfs.core.utils.import_symbol(REGISTER_FORM) register_form = RegisterForm() if request.POST.get("action") == "login": login_form = CustomerAuthenticationForm(data=request.POST) login_form.fields["username"].label = _(u"E-Mail") if login_form.is_valid(): redirect_to = request.POST.get("next") # Light security check -- make sure redirect_to isn't garbage. if not redirect_to or '//' in redirect_to or ' ' in redirect_to: redirect_to = reverse("lfs_shop_view") from django.contrib.auth import login login(request, login_form.get_user()) return lfs.core.utils.set_message_cookie( redirect_to, msg=_(u"You have been logged in.")) elif request.POST.get("action") == "register": register_form = RegisterForm(data=request.POST) if register_form.is_valid(): # !!!SPLICE: register_form is a form that gets validated after # submission. Data retrieval should be from # cleaned_data so that values are tagged as trusted # email = register_form.data.get("email") # password = register_form.data.get("password_1") email = register_form.cleaned_data.get("email") password = register_form.cleaned_data.get("password_1") # Create user user = User.objects.create_user( username=create_unique_username(email), email=email, password=password) # !!!SPLICE: Update user's taint here and save again. # We have to have a separate step here # because during registration, user.id has # not yet been established. As such, user # will never get tainted unless we set it here. set_current_user_id(user.pk) # UNCOMMENT FOR ROW-LEVEL TAINT # user.taints = to_int(TaintSource.current_user_taint) # CELL-LEVEL TAINT user.username_taint = to_int(TaintSource.current_user_taint) user.email_taint = to_int(TaintSource.current_user_taint) user.password_taint = to_int(TaintSource.current_user_taint) user.save() # Create customer customer = customer_utils.get_or_create_customer(request) customer.user = user customer.save() # Notify lfs.core.signals.customer_added.send(sender=user) # Log in user from django.contrib.auth import authenticate user = authenticate(username=email, password=password) from django.contrib.auth import login login(request, user, backend='lfs.customer.auth.EmailBackend') redirect_to = request.POST.get("next") if not redirect_to or '//' in redirect_to or ' ' in redirect_to: redirect_to = reverse("lfs_shop_view") return lfs.core.utils.set_message_cookie( redirect_to, msg=_(u"You have been registered and logged in.")) # Get next_url next_url = (request.POST if request.method == 'POST' else request.GET).get("next") if next_url is None: next_url = request.META.get("HTTP_REFERER") if next_url is None: next_url = reverse("lfs_shop_view") # Get just the path of the url. See django.contrib.auth.views.login for more next_url = urlparse(next_url) next_url = next_url[2] try: login_form_errors = login_form.errors["__all__"] except KeyError: login_form_errors = None return render( request, template_name, { "login_form": login_form, "login_form_errors": login_form_errors, "register_form": register_form, "next_url": next_url, })
def login(request, template_name="lfs/customer/login.html"): """Custom view to login or register/login a user. The reason to use a custom login method are: * validate checkout type * integration of register and login form It uses Django's standard AuthenticationForm, though. """ # shop = lfs.core.utils.get_default_shop(request) # If only anonymous checkout is allowed this view doesn't exists :) # if shop.checkout_type == CHECKOUT_TYPE_ANON: # raise Http404() login_form = CustomerAuthenticationForm() login_form.fields["username"].label = _(u"E-Mail") RegisterForm = lfs.core.utils.import_symbol(REGISTER_FORM) register_form = RegisterForm() if request.POST.get("action") == "login": login_form = CustomerAuthenticationForm(data=request.POST) login_form.fields["username"].label = _(u"E-Mail") if login_form.is_valid(): redirect_to = request.POST.get("next") # Light security check -- make sure redirect_to isn't garbage. if not redirect_to or '//' in redirect_to or ' ' in redirect_to: redirect_to = reverse("lfs_shop_view") from django.contrib.auth import login login(request, login_form.get_user()) return lfs.core.utils.set_message_cookie( redirect_to, msg=_(u"You have been logged in.")) elif request.POST.get("action") == "register": register_form = RegisterForm(data=request.POST) if register_form.is_valid(): email = register_form.data.get("email") password = register_form.data.get("password_1") # Create user user = User.objects.create_user( username=create_unique_username(email), email=email, password=password) # Create customer customer = customer_utils.get_or_create_customer(request) customer.user = user customer.save() # Notify lfs.core.signals.customer_added.send(sender=user) # Log in user from django.contrib.auth import authenticate user = authenticate(username=email, password=password) from django.contrib.auth import login login(request, user, backend='lfs.customer.auth.EmailBackend') redirect_to = request.POST.get("next") if not redirect_to or '//' in redirect_to or ' ' in redirect_to: redirect_to = reverse("lfs_shop_view") return lfs.core.utils.set_message_cookie( redirect_to, msg=_(u"You have been registered and logged in.")) # Get next_url next_url = (request.POST if request.method == 'POST' else request.GET).get("next") if next_url is None: next_url = request.META.get("HTTP_REFERER") if next_url is None: next_url = reverse("lfs_shop_view") # Get just the path of the url. See django.contrib.auth.views.login for more next_url = urlparse(next_url) next_url = next_url[2] try: login_form_errors = login_form.errors["__all__"] except KeyError: login_form_errors = None return render(request, template_name, { "login_form": login_form, "login_form_errors": login_form_errors, "register_form": register_form, "next_url": next_url, })
def login(request, template_name="lfs/customer/login.html"): """Custom view to login or register/login a user. The reason to use a custom login method are: * validate checkout type * integration of register and login form It uses Django's standard AuthenticationForm, though. """ # shop = lfs.core.utils.get_default_shop(request) # If only anonymous checkout is allowed this view doesn't exists :) # if shop.checkout_type == CHECKOUT_TYPE_ANON: # raise Http404() login_form = CustomerAuthenticationForm() login_form.fields["username"].label = _(u"E-Mail") register_form = RegisterForm() if request.POST.get("action") == "login": login_form = CustomerAuthenticationForm(data=request.POST) login_form.fields["username"].label = _(u"E-Mail") if login_form.is_valid(): redirect_to = request.POST.get("next") # Light security check -- make sure redirect_to isn't garbage. if not redirect_to or "//" in redirect_to or " " in redirect_to: redirect_to = reverse("lfs_shop_view") from django.contrib.auth import login login(request, login_form.get_user()) return lfs.core.utils.set_message_cookie(redirect_to, msg=_(u"You have been logged in.")) elif request.POST.get("action") == "register": register_form = RegisterForm(data=request.POST) if register_form.is_valid(): email = register_form.data.get("email") password = register_form.data.get("password_1") # Create user user = User.objects.create_user(username=create_unique_username(email), email=email, password=password) # Create customer customer = customer_utils.get_or_create_customer(request) customer.user = user # Notify lfs.core.signals.customer_added.send(sender=user) # Log in user from django.contrib.auth import authenticate user = authenticate(username=email, password=password) from django.contrib.auth import login login(request, user) redirect_to = request.POST.get("next") if not redirect_to or "//" in redirect_to or " " in redirect_to: redirect_to = reverse("lfs_shop_view") return lfs.core.utils.set_message_cookie(redirect_to, msg=_(u"You have been registered and logged in.")) # Get next_url next_url = (request.POST if request.method == "POST" else request.GET).get("next") if next_url is None: next_url = request.META.get("HTTP_REFERER") if next_url is None: next_url = reverse("lfs_shop_view") # Get just the path of the url. See django.contrib.auth.views.login for more next_url = urlparse(next_url) next_url = next_url[2] try: login_form_errors = login_form.errors["__all__"] except KeyError: login_form_errors = None return render_to_response( template_name, RequestContext( request, { "login_form": login_form, "login_form_errors": login_form_errors, "register_form": register_form, "next_url": next_url, }, ), )
def login(request, template_name="lfs/customer/login.html"): """Custom view to login or register/login a user. The reason to use a custom login method are: * validate checkout type * integration of register and login form It uses Django's standard AuthenticationForm, though. """ # shop = lfs.core.utils.get_default_shop(request) # If only anonymous checkout is allowed this view doesn't exists :) # if shop.checkout_type == CHECKOUT_TYPE_ANON: # raise Http404() login_form = CustomerAuthenticationForm() login_form.fields["username"].label = u'用户名' register_form = RegisterForm() if request.POST.get("action") == "login": login_form = CustomerAuthenticationForm(data=request.POST) if login_form.is_valid(): redirect_to = request.POST.get("next") # Light security check -- make sure redirect_to isn't garbage. if not redirect_to or '//' in redirect_to or ' ' in redirect_to: redirect_to = reverse("lfs_shop_view") from django.contrib.auth import login login(request, login_form.get_user()) return lfs.core.utils.set_message_cookie( redirect_to, msg=_(u"You have been logged in.")) if request.POST.get("action") == "register": register_form = RegisterForm(data=request.POST) if register_form.is_valid(): username = register_form.data.get("username") tel = register_form.data.get("tel") password = register_form.data.get("password_1") # Create user user = User.objects.create_user( username=create_unique_username(username), password=password) # Create customer customer = customer_utils.get_or_create_customer(request) customer.user = user Customer.objects.filter() # Notify # 在此处增加邮箱验证 或者手机验证 # Log in user from django.contrib.auth import authenticate user = authenticate(username=username, password=password) from django.contrib.auth import login login(request, user) redirect_to = request.POST.get("next") Customer.objects.filter(user=user).update(tel=tel, nickname=username) if not redirect_to or '//' in redirect_to or ' ' in redirect_to: redirect_to = reverse("lfs_shop_view") return lfs.core.utils.set_message_cookie( redirect_to, msg=_(u"You have been registered and logged in.")) # Get next_url next_url = request.REQUEST.get("next") if next_url is None: next_url = request.META.get("HTTP_REFERER") if next_url is None: next_url = reverse("lfs_shop_view") # Get just the path of the url. See django.contrib.auth.views.login for more next_url = urlparse(next_url) next_url = next_url[2] try: login_form_errors = login_form.errors["__all__"] except KeyError: login_form_errors = None return render_to_response( template_name, RequestContext( request, { "login_form": login_form, "login_form_errors": login_form_errors, "register_form": register_form, "next_url": next_url, }))