| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798 |
- from django.core.urlresolvers import reverse
- from django.shortcuts import redirect
- from django.template import RequestContext
- from django.utils import timezone
- from django.utils.translation import ugettext as _
- from misago.admin import site
- from misago.banning.decorators import block_banned
- from misago.forms.layouts import FormLayout
- from misago.messages import Message
- from misago.security import get_random_string
- import misago.security.auth as auth
- from misago.security.auth import AuthException, auth_admin, auth_forum, sign_user_in
- from misago.security.decorators import *
- from misago.security.models import SignInAttempt
- from misago.sessions.models import Token
- from forms import SignInForm
- @block_banned
- @block_authenticated
- @block_jammed
- def signin(request):
- message = request.messages.get_message('security')
- if request.method == 'POST':
- form = SignInForm(
- request.POST,
- show_remember_me=not request.firewall.admin and request.settings['remember_me_allow'],
- request=request
- )
- if form.is_valid():
- try:
- # Configure correct auth and redirect links
- if request.firewall.admin:
- auth_method = auth_admin
- success_redirect = reverse(site.get_admin_index())
- else:
- auth_method = auth_forum
- success_redirect = reverse('index')
-
- # Authenticate user
- user = auth_method(
- request,
- form.cleaned_data['user_email'],
- form.cleaned_data['user_password'],
- )
-
- sign_user_in(request, user)
-
- remember_me_token = False
- if not request.firewall.admin and request.settings['remember_me_allow'] and form.cleaned_data['user_remember_me']:
- remember_me_token = get_random_string(42)
- remember_me = Token(
- id=remember_me_token,
- user=user,
- created=timezone.now(),
- accessed=timezone.now(),
- )
- remember_me.save()
- if remember_me_token:
- request.cookie_jar.set('TOKEN', remember_me_token, True)
- request.messages.set_flash(Message(request, 'security/signed_in', extra={'user': user}), 'success', 'security')
- return redirect(success_redirect)
- except AuthException as e:
- message = Message(request, e.type, extra={'user':e.user, 'ban':e.ban})
- message.type = 'error'
- # If not in Admin, register failed attempt
- if not request.firewall.admin and e.type == auth.CREDENTIALS:
- SignInAttempt.objects.register_attempt(request.session.get_ip(request))
- # Have we jammed our account?
- if SignInAttempt.objects.is_jammed(request.settings, request.session.get_ip(request)):
- request.jam.expires = timezone.now()
- return redirect(reverse('sign_in'))
- else:
- message = Message(request, form.non_field_errors()[0])
- message.type = 'error'
- else:
- form = SignInForm(
- show_remember_me=not request.firewall.admin and request.settings['remember_me_allow'],
- request=request
- )
- return request.theme.render_to_response('signin.html',
- {
- 'message': message,
- 'form': FormLayout(form),
- 'hide_signin': True,
- },
- context_instance=RequestContext(request));
- @block_guest
- @check_csrf
- def signout(request):
- user = request.user
- request.session.sign_out(request)
- request.messages.set_flash(Message(request, 'security/signed_out', extra={'user': user}), 'info', 'security')
- if request.firewall.admin:
- return redirect(reverse(site.get_admin_index()))
- return redirect(reverse('index'))
-
|
