|
0
|
1 |
import base64 |
|
|
2 |
try: |
|
|
3 |
from functools import wraps |
|
|
4 |
except ImportError: |
|
29
|
5 |
from django.utils.functional import wraps # Python 2.4 fallback. |
|
0
|
6 |
|
|
|
7 |
from django import http, template |
|
|
8 |
from django.conf import settings |
|
|
9 |
from django.contrib.auth.models import User |
|
|
10 |
from django.contrib.auth import authenticate, login |
|
|
11 |
from django.shortcuts import render_to_response |
|
|
12 |
from django.utils.translation import ugettext_lazy, ugettext as _ |
|
|
13 |
|
|
|
14 |
ERROR_MESSAGE = ugettext_lazy("Please enter a correct username and password. Note that both fields are case-sensitive.") |
|
|
15 |
LOGIN_FORM_KEY = 'this_is_the_login_form' |
|
|
16 |
|
|
|
17 |
def _display_login_form(request, error_message=''): |
|
|
18 |
request.session.set_test_cookie() |
|
|
19 |
return render_to_response('admin/login.html', { |
|
|
20 |
'title': _('Log in'), |
|
|
21 |
'app_path': request.get_full_path(), |
|
|
22 |
'error_message': error_message |
|
|
23 |
}, context_instance=template.RequestContext(request)) |
|
|
24 |
|
|
|
25 |
def staff_member_required(view_func): |
|
|
26 |
""" |
|
|
27 |
Decorator for views that checks that the user is logged in and is a staff |
|
|
28 |
member, displaying the login page if necessary. |
|
|
29 |
""" |
|
|
30 |
def _checklogin(request, *args, **kwargs): |
|
29
|
31 |
if request.user.is_active and request.user.is_staff: |
|
0
|
32 |
# The user is valid. Continue to the admin page. |
|
|
33 |
return view_func(request, *args, **kwargs) |
|
|
34 |
|
|
|
35 |
assert hasattr(request, 'session'), "The Django admin requires session middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.contrib.sessions.middleware.SessionMiddleware'." |
|
|
36 |
|
|
|
37 |
# If this isn't already the login page, display it. |
|
|
38 |
if LOGIN_FORM_KEY not in request.POST: |
|
|
39 |
if request.POST: |
|
|
40 |
message = _("Please log in again, because your session has expired.") |
|
|
41 |
else: |
|
|
42 |
message = "" |
|
|
43 |
return _display_login_form(request, message) |
|
|
44 |
|
|
|
45 |
# Check that the user accepts cookies. |
|
|
46 |
if not request.session.test_cookie_worked(): |
|
|
47 |
message = _("Looks like your browser isn't configured to accept cookies. Please enable cookies, reload this page, and try again.") |
|
|
48 |
return _display_login_form(request, message) |
|
|
49 |
else: |
|
|
50 |
request.session.delete_test_cookie() |
|
|
51 |
|
|
|
52 |
# Check the password. |
|
|
53 |
username = request.POST.get('username', None) |
|
|
54 |
password = request.POST.get('password', None) |
|
|
55 |
user = authenticate(username=username, password=password) |
|
|
56 |
if user is None: |
|
|
57 |
message = ERROR_MESSAGE |
|
|
58 |
if '@' in username: |
|
|
59 |
# Mistakenly entered e-mail address instead of username? Look it up. |
|
|
60 |
users = list(User.objects.filter(email=username)) |
|
|
61 |
if len(users) == 1 and users[0].check_password(password): |
|
|
62 |
message = _("Your e-mail address is not your username. Try '%s' instead.") % users[0].username |
|
|
63 |
else: |
|
|
64 |
# Either we cannot find the user, or if more than 1 |
|
|
65 |
# we cannot guess which user is the correct one. |
|
|
66 |
message = _("Usernames cannot contain the '@' character.") |
|
|
67 |
return _display_login_form(request, message) |
|
|
68 |
|
|
|
69 |
# The user data is correct; log in the user in and continue. |
|
|
70 |
else: |
|
|
71 |
if user.is_active and user.is_staff: |
|
|
72 |
login(request, user) |
|
|
73 |
return http.HttpResponseRedirect(request.get_full_path()) |
|
|
74 |
else: |
|
|
75 |
return _display_login_form(request, ERROR_MESSAGE) |
|
|
76 |
|
|
|
77 |
return wraps(view_func)(_checklogin) |