2019-02-27 00:45:00 +00:00
|
|
|
|
# ~*~ coding: utf-8 ~*~
|
2019-02-27 12:55:28 +00:00
|
|
|
|
#
|
2019-02-27 00:45:00 +00:00
|
|
|
|
|
|
|
|
|
from __future__ import unicode_literals
|
|
|
|
|
import os
|
2019-10-30 05:18:11 +00:00
|
|
|
|
import datetime
|
2019-02-27 00:45:00 +00:00
|
|
|
|
from django.core.cache import cache
|
|
|
|
|
from django.contrib.auth import login as auth_login, logout as auth_logout
|
2019-02-27 12:55:28 +00:00
|
|
|
|
from django.http import HttpResponse
|
2019-02-27 00:45:00 +00:00
|
|
|
|
from django.shortcuts import reverse, redirect
|
|
|
|
|
from django.utils.decorators import method_decorator
|
|
|
|
|
from django.utils.translation import ugettext as _
|
|
|
|
|
from django.views.decorators.cache import never_cache
|
|
|
|
|
from django.views.decorators.csrf import csrf_protect
|
|
|
|
|
from django.views.decorators.debug import sensitive_post_parameters
|
2019-10-30 05:18:11 +00:00
|
|
|
|
from django.views.generic.base import TemplateView, RedirectView
|
2019-02-27 00:45:00 +00:00
|
|
|
|
from django.views.generic.edit import FormView
|
|
|
|
|
from django.conf import settings
|
2019-11-05 10:46:29 +00:00
|
|
|
|
from django.urls import reverse_lazy
|
2020-09-16 09:45:52 +00:00
|
|
|
|
from django.contrib.auth import BACKEND_SESSION_KEY
|
2019-02-27 00:45:00 +00:00
|
|
|
|
|
2019-10-30 05:18:11 +00:00
|
|
|
|
from common.utils import get_request_ip, get_object_or_none
|
2019-02-27 12:55:28 +00:00
|
|
|
|
from users.utils import (
|
2020-03-12 08:24:38 +00:00
|
|
|
|
redirect_user_first_login_or_index
|
2019-02-27 12:55:28 +00:00
|
|
|
|
)
|
2020-08-12 07:54:06 +00:00
|
|
|
|
from ..const import RSA_PRIVATE_KEY, RSA_PUBLIC_KEY
|
2020-07-24 07:47:01 +00:00
|
|
|
|
from .. import mixins, errors, utils
|
|
|
|
|
from ..forms import get_user_login_form_cls
|
2019-02-27 00:45:00 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
__all__ = [
|
2019-11-05 10:46:29 +00:00
|
|
|
|
'UserLoginView', 'UserLogoutView',
|
2019-10-30 05:18:11 +00:00
|
|
|
|
'UserLoginGuardView', 'UserLoginWaitConfirmView',
|
2021-04-29 04:21:39 +00:00
|
|
|
|
'FlashPasswdTooSimpleMsgView', 'FlashPasswdHasExpiredMsgView',
|
|
|
|
|
'FlashPasswdNeedUpdateMsgView'
|
2019-02-27 00:45:00 +00:00
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@method_decorator(sensitive_post_parameters(), name='dispatch')
|
|
|
|
|
@method_decorator(csrf_protect, name='dispatch')
|
|
|
|
|
@method_decorator(never_cache, name='dispatch')
|
2019-11-05 10:46:29 +00:00
|
|
|
|
class UserLoginView(mixins.AuthMixin, FormView):
|
2019-02-27 00:45:00 +00:00
|
|
|
|
key_prefix_captcha = "_LOGIN_INVALID_{}"
|
2019-11-05 10:46:29 +00:00
|
|
|
|
redirect_field_name = 'next'
|
2021-01-17 07:28:22 +00:00
|
|
|
|
template_name = 'authentication/login.html'
|
2020-03-12 08:24:38 +00:00
|
|
|
|
|
2019-02-27 00:45:00 +00:00
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
|
|
|
if request.user.is_staff:
|
2021-02-26 09:33:11 +00:00
|
|
|
|
first_login_url = redirect_user_first_login_or_index(
|
|
|
|
|
request, self.redirect_field_name
|
2019-02-27 00:45:00 +00:00
|
|
|
|
)
|
2021-02-26 09:33:11 +00:00
|
|
|
|
return redirect(first_login_url)
|
2019-02-27 00:45:00 +00:00
|
|
|
|
request.session.set_test_cookie()
|
|
|
|
|
return super().get(request, *args, **kwargs)
|
|
|
|
|
|
|
|
|
|
def form_valid(self, form):
|
|
|
|
|
if not self.request.session.test_cookie_worked():
|
|
|
|
|
return HttpResponse(_("Please enable cookies and try again."))
|
2021-03-22 10:00:06 +00:00
|
|
|
|
# https://docs.djangoproject.com/en/3.1/topics/http/sessions/#setting-test-cookies
|
|
|
|
|
self.request.session.delete_test_cookie()
|
|
|
|
|
|
2019-11-05 10:46:29 +00:00
|
|
|
|
try:
|
2020-08-12 07:54:06 +00:00
|
|
|
|
self.check_user_auth(decrypt_passwd=True)
|
2019-11-05 10:46:29 +00:00
|
|
|
|
except errors.AuthFailedError as e:
|
2020-10-27 10:43:41 +00:00
|
|
|
|
e = self.check_is_block(raise_exception=False) or e
|
2019-11-05 10:46:29 +00:00
|
|
|
|
form.add_error(None, e.msg)
|
|
|
|
|
ip = self.get_request_ip()
|
|
|
|
|
cache.set(self.key_prefix_captcha.format(ip), 1, 3600)
|
2020-07-24 07:47:01 +00:00
|
|
|
|
form_cls = get_user_login_form_cls(captcha=True)
|
|
|
|
|
new_form = form_cls(data=form.data)
|
2019-11-11 02:58:11 +00:00
|
|
|
|
new_form._errors = form.errors
|
|
|
|
|
context = self.get_context_data(form=new_form)
|
2021-04-09 06:42:51 +00:00
|
|
|
|
self.request.session.set_test_cookie()
|
2019-11-05 10:46:29 +00:00
|
|
|
|
return self.render_to_response(context)
|
2021-04-28 11:25:30 +00:00
|
|
|
|
except (errors.PasswdTooSimple, errors.PasswordRequireResetError, errors.PasswdNeedUpdate) as e:
|
2020-08-05 08:04:05 +00:00
|
|
|
|
return redirect(e.url)
|
2020-08-12 07:54:06 +00:00
|
|
|
|
self.clear_rsa_key()
|
2019-10-30 05:18:11 +00:00
|
|
|
|
return self.redirect_to_guard_view()
|
2019-02-27 00:45:00 +00:00
|
|
|
|
|
2019-11-05 10:46:29 +00:00
|
|
|
|
def redirect_to_guard_view(self):
|
|
|
|
|
guard_url = reverse('authentication:login-guard')
|
|
|
|
|
args = self.request.META.get('QUERY_STRING', '')
|
2019-11-06 06:40:41 +00:00
|
|
|
|
if args:
|
2019-11-05 10:46:29 +00:00
|
|
|
|
guard_url = "%s?%s" % (guard_url, args)
|
|
|
|
|
return redirect(guard_url)
|
2019-10-25 11:20:28 +00:00
|
|
|
|
|
2019-02-27 00:45:00 +00:00
|
|
|
|
def get_form_class(self):
|
|
|
|
|
ip = get_request_ip(self.request)
|
|
|
|
|
if cache.get(self.key_prefix_captcha.format(ip)):
|
2020-07-24 07:47:01 +00:00
|
|
|
|
return get_user_login_form_cls(captcha=True)
|
2019-02-27 00:45:00 +00:00
|
|
|
|
else:
|
2020-07-24 07:47:01 +00:00
|
|
|
|
return get_user_login_form_cls()
|
2019-02-27 00:45:00 +00:00
|
|
|
|
|
2020-08-12 07:54:06 +00:00
|
|
|
|
def clear_rsa_key(self):
|
|
|
|
|
self.request.session[RSA_PRIVATE_KEY] = None
|
|
|
|
|
self.request.session[RSA_PUBLIC_KEY] = None
|
|
|
|
|
|
2019-02-27 00:45:00 +00:00
|
|
|
|
def get_context_data(self, **kwargs):
|
2020-06-30 09:12:38 +00:00
|
|
|
|
# 生成加解密密钥对,public_key传递给前端,private_key存入session中供解密使用
|
2020-08-12 07:54:06 +00:00
|
|
|
|
rsa_private_key = self.request.session.get(RSA_PRIVATE_KEY)
|
|
|
|
|
rsa_public_key = self.request.session.get(RSA_PUBLIC_KEY)
|
2020-07-29 09:46:43 +00:00
|
|
|
|
if not all((rsa_private_key, rsa_public_key)):
|
|
|
|
|
rsa_private_key, rsa_public_key = utils.gen_key_pair()
|
|
|
|
|
rsa_public_key = rsa_public_key.replace('\n', '\\n')
|
2020-08-12 07:54:06 +00:00
|
|
|
|
self.request.session[RSA_PRIVATE_KEY] = rsa_private_key
|
|
|
|
|
self.request.session[RSA_PUBLIC_KEY] = rsa_public_key
|
2020-07-29 09:46:43 +00:00
|
|
|
|
|
2021-03-10 03:21:12 +00:00
|
|
|
|
forgot_password_url = reverse('authentication:forgot-password')
|
|
|
|
|
has_other_auth_backend = settings.AUTHENTICATION_BACKENDS[0] != settings.AUTH_BACKEND_MODEL
|
|
|
|
|
if has_other_auth_backend and settings.FORGOT_PASSWORD_URL:
|
|
|
|
|
forgot_password_url = settings.FORGOT_PASSWORD_URL
|
|
|
|
|
|
2019-02-27 00:45:00 +00:00
|
|
|
|
context = {
|
|
|
|
|
'demo_mode': os.environ.get("DEMO_MODE"),
|
|
|
|
|
'AUTH_OPENID': settings.AUTH_OPENID,
|
2021-01-17 07:28:22 +00:00
|
|
|
|
'AUTH_CAS': settings.AUTH_CAS,
|
2020-09-30 03:37:11 +00:00
|
|
|
|
'rsa_public_key': rsa_public_key,
|
2021-03-10 03:21:12 +00:00
|
|
|
|
'forgot_password_url': forgot_password_url
|
2019-02-27 00:45:00 +00:00
|
|
|
|
}
|
|
|
|
|
kwargs.update(context)
|
|
|
|
|
return super().get_context_data(**kwargs)
|
|
|
|
|
|
|
|
|
|
|
2019-11-05 10:46:29 +00:00
|
|
|
|
class UserLoginGuardView(mixins.AuthMixin, RedirectView):
|
2019-10-25 11:20:28 +00:00
|
|
|
|
redirect_field_name = 'next'
|
2019-11-05 10:46:29 +00:00
|
|
|
|
login_url = reverse_lazy('authentication:login')
|
|
|
|
|
login_otp_url = reverse_lazy('authentication:login-otp')
|
|
|
|
|
login_confirm_url = reverse_lazy('authentication:login-wait-confirm')
|
|
|
|
|
|
|
|
|
|
def format_redirect_url(self, url):
|
|
|
|
|
args = self.request.META.get('QUERY_STRING', '')
|
|
|
|
|
if args and self.query_string:
|
|
|
|
|
url = "%s?%s" % (url, args)
|
|
|
|
|
return url
|
2019-10-25 11:20:28 +00:00
|
|
|
|
|
2021-03-09 04:18:04 +00:00
|
|
|
|
def login_it(self, user):
|
|
|
|
|
auth_login(self.request, user)
|
|
|
|
|
# 如果设置了自动登录,那需要设置 session_id cookie 的有效期
|
|
|
|
|
if self.request.session.get('auto_login'):
|
|
|
|
|
age = self.request.session.get_expiry_age()
|
|
|
|
|
self.request.session.set_expiry(age)
|
|
|
|
|
|
2019-10-25 11:20:28 +00:00
|
|
|
|
def get_redirect_url(self, *args, **kwargs):
|
2019-11-08 12:17:25 +00:00
|
|
|
|
try:
|
|
|
|
|
user = self.check_user_auth_if_need()
|
|
|
|
|
self.check_user_mfa_if_need(user)
|
|
|
|
|
self.check_user_login_confirm_if_need(user)
|
2020-04-20 02:37:07 +00:00
|
|
|
|
except (errors.CredentialError, errors.SessionEmptyError):
|
2019-11-05 10:46:29 +00:00
|
|
|
|
return self.format_redirect_url(self.login_url)
|
2019-11-08 12:17:25 +00:00
|
|
|
|
except errors.MFARequiredError:
|
2019-11-05 10:46:29 +00:00
|
|
|
|
return self.format_redirect_url(self.login_otp_url)
|
2019-11-08 12:17:25 +00:00
|
|
|
|
except errors.LoginConfirmBaseError:
|
|
|
|
|
return self.format_redirect_url(self.login_confirm_url)
|
2020-03-12 08:24:38 +00:00
|
|
|
|
except errors.MFAUnsetError as e:
|
|
|
|
|
return e.url
|
2020-08-05 08:04:05 +00:00
|
|
|
|
except errors.PasswdTooSimple as e:
|
|
|
|
|
return e.url
|
2019-02-27 00:45:00 +00:00
|
|
|
|
else:
|
2021-03-09 04:18:04 +00:00
|
|
|
|
self.login_it(user)
|
2020-01-03 07:26:38 +00:00
|
|
|
|
self.send_auth_signal(success=True, user=user)
|
|
|
|
|
self.clear_auth_mark()
|
2019-11-08 12:17:25 +00:00
|
|
|
|
url = redirect_user_first_login_or_index(
|
|
|
|
|
self.request, self.redirect_field_name
|
2019-02-27 00:45:00 +00:00
|
|
|
|
)
|
2019-11-08 12:17:25 +00:00
|
|
|
|
return url
|
2019-02-27 00:45:00 +00:00
|
|
|
|
|
|
|
|
|
|
2019-10-25 11:20:28 +00:00
|
|
|
|
class UserLoginWaitConfirmView(TemplateView):
|
|
|
|
|
template_name = 'authentication/login_wait_confirm.html'
|
|
|
|
|
|
|
|
|
|
def get_context_data(self, **kwargs):
|
2019-11-15 10:55:35 +00:00
|
|
|
|
from tickets.models import Ticket
|
2020-12-29 16:19:59 +00:00
|
|
|
|
from tickets.const import TICKET_DETAIL_URL
|
2019-11-07 10:06:58 +00:00
|
|
|
|
ticket_id = self.request.session.get("auth_ticket_id")
|
|
|
|
|
if not ticket_id:
|
|
|
|
|
ticket = None
|
2019-10-30 05:18:11 +00:00
|
|
|
|
else:
|
2021-03-17 06:17:53 +00:00
|
|
|
|
ticket = Ticket.all().filter(pk=ticket_id).first()
|
2019-10-30 05:18:11 +00:00
|
|
|
|
context = super().get_context_data(**kwargs)
|
2019-11-07 10:06:58 +00:00
|
|
|
|
if ticket:
|
|
|
|
|
timestamp_created = datetime.datetime.timestamp(ticket.date_created)
|
2020-12-29 16:19:59 +00:00
|
|
|
|
ticket_detail_url = TICKET_DETAIL_URL.format(id=ticket_id)
|
2019-10-30 05:18:11 +00:00
|
|
|
|
msg = _("""Wait for <b>{}</b> confirm, You also can copy link to her/him <br/>
|
2019-11-07 10:06:58 +00:00
|
|
|
|
Don't close this page""").format(ticket.assignees_display)
|
2019-10-30 05:18:11 +00:00
|
|
|
|
else:
|
|
|
|
|
timestamp_created = 0
|
2019-11-07 10:06:58 +00:00
|
|
|
|
ticket_detail_url = ''
|
|
|
|
|
msg = _("No ticket found")
|
2019-10-30 05:18:11 +00:00
|
|
|
|
context.update({
|
|
|
|
|
"msg": msg,
|
|
|
|
|
"timestamp": timestamp_created,
|
2019-11-07 10:06:58 +00:00
|
|
|
|
"ticket_detail_url": ticket_detail_url
|
2019-10-30 05:18:11 +00:00
|
|
|
|
})
|
|
|
|
|
return context
|
2019-10-25 11:20:28 +00:00
|
|
|
|
|
|
|
|
|
|
2019-02-27 00:45:00 +00:00
|
|
|
|
@method_decorator(never_cache, name='dispatch')
|
|
|
|
|
class UserLogoutView(TemplateView):
|
|
|
|
|
template_name = 'flash_message_standalone.html'
|
|
|
|
|
|
2020-09-16 09:45:52 +00:00
|
|
|
|
def get_backend_logout_url(self):
|
|
|
|
|
backend = self.request.session.get(BACKEND_SESSION_KEY, '')
|
|
|
|
|
if 'OIDC' in backend:
|
2020-04-26 12:36:17 +00:00
|
|
|
|
return settings.AUTH_OPENID_AUTH_LOGOUT_URL_NAME
|
2020-09-16 09:45:52 +00:00
|
|
|
|
elif 'CAS' in backend:
|
|
|
|
|
return settings.CAS_LOGOUT_URL_NAME
|
2020-04-26 12:36:17 +00:00
|
|
|
|
return None
|
2020-03-12 08:24:38 +00:00
|
|
|
|
|
2019-02-27 00:45:00 +00:00
|
|
|
|
def get(self, request, *args, **kwargs):
|
2020-03-12 08:24:38 +00:00
|
|
|
|
backend_logout_url = self.get_backend_logout_url()
|
|
|
|
|
if backend_logout_url:
|
|
|
|
|
return redirect(backend_logout_url)
|
2020-04-21 16:22:24 +00:00
|
|
|
|
|
2020-04-26 12:36:17 +00:00
|
|
|
|
auth_logout(request)
|
2019-02-27 00:45:00 +00:00
|
|
|
|
response = super().get(request, *args, **kwargs)
|
|
|
|
|
return response
|
|
|
|
|
|
|
|
|
|
def get_context_data(self, **kwargs):
|
|
|
|
|
context = {
|
|
|
|
|
'title': _('Logout success'),
|
|
|
|
|
'messages': _('Logout success, return login page'),
|
2021-04-29 04:21:39 +00:00
|
|
|
|
'interval': 3,
|
2019-02-27 12:55:28 +00:00
|
|
|
|
'redirect_url': reverse('authentication:login'),
|
2019-02-27 00:45:00 +00:00
|
|
|
|
'auto_redirect': True,
|
|
|
|
|
}
|
|
|
|
|
kwargs.update(context)
|
|
|
|
|
return super().get_context_data(**kwargs)
|
|
|
|
|
|
|
|
|
|
|
2020-08-05 08:04:05 +00:00
|
|
|
|
@method_decorator(never_cache, name='dispatch')
|
|
|
|
|
class FlashPasswdTooSimpleMsgView(TemplateView):
|
|
|
|
|
template_name = 'flash_message_standalone.html'
|
2019-02-27 00:45:00 +00:00
|
|
|
|
|
2020-08-05 08:04:05 +00:00
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
|
|
|
context = {
|
|
|
|
|
'title': _('Please change your password'),
|
|
|
|
|
'messages': _('Your password is too simple, please change it for security'),
|
2021-04-29 04:21:39 +00:00
|
|
|
|
'interval': 3,
|
2020-08-05 08:04:05 +00:00
|
|
|
|
'redirect_url': request.GET.get('redirect_url'),
|
|
|
|
|
'auto_redirect': True,
|
|
|
|
|
}
|
|
|
|
|
return self.render_to_response(context)
|
2020-12-09 10:17:10 +00:00
|
|
|
|
|
|
|
|
|
|
2021-04-28 11:25:30 +00:00
|
|
|
|
@method_decorator(never_cache, name='dispatch')
|
|
|
|
|
class FlashPasswdNeedUpdateMsgView(TemplateView):
|
|
|
|
|
template_name = 'flash_message_standalone.html'
|
|
|
|
|
|
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
|
|
|
context = {
|
|
|
|
|
'title': _('Please change your password'),
|
2021-04-29 04:21:39 +00:00
|
|
|
|
'messages': _('You should to change your password before login'),
|
|
|
|
|
'interval': 3,
|
2021-04-28 11:25:30 +00:00
|
|
|
|
'redirect_url': request.GET.get('redirect_url'),
|
|
|
|
|
'auto_redirect': True,
|
2021-04-29 04:21:39 +00:00
|
|
|
|
'confirm_button': _('Confirm')
|
2021-04-28 11:25:30 +00:00
|
|
|
|
}
|
|
|
|
|
return self.render_to_response(context)
|
|
|
|
|
|
|
|
|
|
|
2020-12-09 10:17:10 +00:00
|
|
|
|
@method_decorator(never_cache, name='dispatch')
|
|
|
|
|
class FlashPasswdHasExpiredMsgView(TemplateView):
|
|
|
|
|
template_name = 'flash_message_standalone.html'
|
|
|
|
|
|
|
|
|
|
def get(self, request, *args, **kwargs):
|
|
|
|
|
context = {
|
|
|
|
|
'title': _('Please change your password'),
|
|
|
|
|
'messages': _('Your password has expired, please reset before logging in'),
|
2021-04-29 04:21:39 +00:00
|
|
|
|
'interval': 3,
|
2020-12-09 10:17:10 +00:00
|
|
|
|
'redirect_url': request.GET.get('redirect_url'),
|
|
|
|
|
'auto_redirect': True,
|
2021-04-29 04:21:39 +00:00
|
|
|
|
'confirm_button': _('Confirm')
|
2020-12-09 10:17:10 +00:00
|
|
|
|
}
|
|
|
|
|
return self.render_to_response(context)
|