示例#1
0
    def login(request):
        """Log in.
        Uses the `code` and `redir` query parameters."""

        # Check if we have the auth code
        auth_code = request.GET.get('code')
        print('\n\nauth_code', auth_code)
        if auth_code is None:
            return Response({"message": "{?code} is required"}, status=400)

        # Check we have redir param
        # Change done by KARAN
        redir = request.META['HTTP_HOST'] + '/login'
        print('redir', redir)
        if redir is None:
            return Response({"message": "{?redir} is required"}, status=400)

        perform_login(auth_code, redir, request)
        try:
            faculty_object = FacultyUser.objects.get(user=request.user)
            return redirect('faculty_home')
        except FacultyUser.DoesNotExist:
            try:
                student_object = StudentUser.objects.get(user=request.user)
                return redirect('student_profile')
            except StudentUser.DoesNotExist:
                return redirect('home')
        now = datetime.datetime.now()
        html = "<html><body>It is now %s.</body></html>" % now
        return HttpResponse(html)
示例#2
0
    def login(request):
        """Log in.
        Uses the `code` and `redir` query parameters."""

        # Check if we have the auth code
        auth_code = request.GET.get('code')
        if auth_code is None:
            return Response({"message": "{?code} is required"}, status=400)

        # Check we have redir param
        redir = request.GET.get('redir')
        if redir is None:
            return Response({"message": "{?redir} is required"}, status=400)

        return perform_login(auth_code, redir, request)
示例#3
0
    def pass_login(request):
        """
        Login using institute email address and password.
        """

        # Check if we have the username
        username = request.GET.get('username')
        if username is None:
            return Response({"message": "{?username} is required"}, status=400)

        # Check if we have the password
        password = request.GET.get('password')
        if password is None:
            return Response({"message": "{?password} is required"}, status=400)

        if User.objects.filter(username=username).first() is None:
            return Response({"message": "no user with {} found".format(username)}, status=404)

        return perform_login(request)
示例#4
0
    def pass_login(request):
        """DANGEROUS: Password Log in.
        Uses the `username` and `password` query parameters."""

        # Check if we have the username
        username = request.GET.get('username')
        if username is None:
            return Response({"message": "{?username} is required"}, status=400)

        # Check if we have the password
        password = request.GET.get('password')
        if password is None:
            return Response({"message": "{?password} is required"}, status=400)

        # Make a new session
        session = requests.Session()

        # Get constants
        URL = settings.SSO_LOGIN_URL
        REDIR = settings.SSO_DEFAULT_REDIR

        # Get a CSRF token and update referer
        response = session.get(URL, verify=not settings.SSO_BAD_CERT)
        csrf = response.cookies['csrftoken']
        session.headers.update({'referer': URL})

        # Make POST data
        data = {
            "csrfmiddlewaretoken": csrf,
            "next": URL,
            "username": username,
            "password": password,
        }

        # Authenticate
        response = session.post(URL, data=data, verify=not settings.SSO_BAD_CERT)
        if not response.history:
            return Response({"message": "Bad username or password"}, status=403)

        # If the user has not authenticated in the past
        if "?code=" not in response.url:
            # Get the authorize page
            response = session.get(response.url, verify=not settings.SSO_BAD_CERT)
            csrf = response.cookies['csrftoken']

            # Grant all SSO permissions
            data = {
                "csrfmiddlewaretoken": csrf,
                "redirect_uri": REDIR,
                "scope": "basic profile picture ldap sex phone program secondary_emails insti_address",
                "client_id": settings.SSO_CLIENT_ID,
                "state": "",
                "response_type": "code",
                "scopes_array": [
                    "profile", "picture", "ldap", "sex", "phone",
                    "program", "secondary_emails", "insti_address"
                ],
                "allow": "Authorize"
            }
            response = session.post(response.url, data, verify=not settings.SSO_BAD_CERT)

        # Get our auth code
        auth_code = response.url.split("?code=", 1)[1]

        return perform_login(auth_code, REDIR, request)