|
1 import base64 |
|
2 try: |
|
3 from functools import wraps |
|
4 except ImportError: |
|
5 from django.utils.functional import wraps # Python 2.3, 2.4 fallback. |
|
6 |
|
7 from django import http, template |
|
8 from django.conf import settings |
|
9 from django.contrib.auth.models import User |
|
10 from django.contrib.auth import authenticate, login |
|
11 from django.shortcuts import render_to_response |
|
12 from django.utils.translation import ugettext_lazy, ugettext as _ |
|
13 |
|
14 ERROR_MESSAGE = ugettext_lazy("Please enter a correct username and password. Note that both fields are case-sensitive.") |
|
15 LOGIN_FORM_KEY = 'this_is_the_login_form' |
|
16 |
|
17 def _display_login_form(request, error_message=''): |
|
18 request.session.set_test_cookie() |
|
19 return render_to_response('admin/login.html', { |
|
20 'title': _('Log in'), |
|
21 'app_path': request.get_full_path(), |
|
22 'error_message': error_message |
|
23 }, context_instance=template.RequestContext(request)) |
|
24 |
|
25 def staff_member_required(view_func): |
|
26 """ |
|
27 Decorator for views that checks that the user is logged in and is a staff |
|
28 member, displaying the login page if necessary. |
|
29 """ |
|
30 def _checklogin(request, *args, **kwargs): |
|
31 if request.user.is_authenticated() and request.user.is_staff: |
|
32 # The user is valid. Continue to the admin page. |
|
33 return view_func(request, *args, **kwargs) |
|
34 |
|
35 assert hasattr(request, 'session'), "The Django admin requires session middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.contrib.sessions.middleware.SessionMiddleware'." |
|
36 |
|
37 # If this isn't already the login page, display it. |
|
38 if LOGIN_FORM_KEY not in request.POST: |
|
39 if request.POST: |
|
40 message = _("Please log in again, because your session has expired.") |
|
41 else: |
|
42 message = "" |
|
43 return _display_login_form(request, message) |
|
44 |
|
45 # Check that the user accepts cookies. |
|
46 if not request.session.test_cookie_worked(): |
|
47 message = _("Looks like your browser isn't configured to accept cookies. Please enable cookies, reload this page, and try again.") |
|
48 return _display_login_form(request, message) |
|
49 else: |
|
50 request.session.delete_test_cookie() |
|
51 |
|
52 # Check the password. |
|
53 username = request.POST.get('username', None) |
|
54 password = request.POST.get('password', None) |
|
55 user = authenticate(username=username, password=password) |
|
56 if user is None: |
|
57 message = ERROR_MESSAGE |
|
58 if '@' in username: |
|
59 # Mistakenly entered e-mail address instead of username? Look it up. |
|
60 users = list(User.objects.filter(email=username)) |
|
61 if len(users) == 1 and users[0].check_password(password): |
|
62 message = _("Your e-mail address is not your username. Try '%s' instead.") % users[0].username |
|
63 else: |
|
64 # Either we cannot find the user, or if more than 1 |
|
65 # we cannot guess which user is the correct one. |
|
66 message = _("Usernames cannot contain the '@' character.") |
|
67 return _display_login_form(request, message) |
|
68 |
|
69 # The user data is correct; log in the user in and continue. |
|
70 else: |
|
71 if user.is_active and user.is_staff: |
|
72 login(request, user) |
|
73 return http.HttpResponseRedirect(request.get_full_path()) |
|
74 else: |
|
75 return _display_login_form(request, ERROR_MESSAGE) |
|
76 |
|
77 return wraps(view_func)(_checklogin) |