def log_user_in(request, user, redirect_to): # Ensure the user-originating redirection url is safe. if not is_safe_url(url=redirect_to, host=request.get_host()): redirect_to = settings.LOGIN_REDIRECT_URL if request.session.test_cookie_worked(): request.session.delete_test_cookie() clear_login_failed_attempts(request, user.username) if two_factor_auth_enabled(user) and \ not is_device_remembered(request.COOKIES.get('S2FA', ''), user): return handle_two_factor_auth(request, user, redirect_to) # Okay, security checks complete. Log the user in. auth_login(request, user) return HttpResponseRedirect(redirect_to)
def sys_sudo_mode(request): if request.method not in ('GET', 'POST'): return HttpResponseNotAllowed # here we can't use @sys_staff_required if not request.user.is_staff: raise Http404 next_page = request.GET.get('next', reverse('sys_info')) password_error = False if request.method == 'POST': password = request.POST.get('password') username = request.user.username ip = get_remote_ip(request) if password: user = authenticate(username=username, password=password) if user: update_sudo_mode_ts(request) from seahub.auth.utils import clear_login_failed_attempts clear_login_failed_attempts(request, username) return HttpResponseRedirect(next_page) password_error = True from seahub.auth.utils import get_login_failed_attempts, incr_login_failed_attempts failed_attempt = get_login_failed_attempts(username=username, ip=ip) if failed_attempt >= config.LOGIN_ATTEMPT_LIMIT: # logout user from seahub.auth import logout logout(request) return HttpResponseRedirect(reverse('auth_login')) else: incr_login_failed_attempts(username=username, ip=ip) enable_shib_login = getattr(settings, 'ENABLE_SHIB_LOGIN', False) enable_adfs_login = getattr(settings, 'ENABLE_ADFS_LOGIN', False) return render( request, 'sysadmin/sudo_mode.html', { 'password_error': password_error, 'enable_sso': enable_shib_login or enable_adfs_login, 'next': next_page, })