This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/passbook/core/views/authentication.py

185 lines
6.9 KiB
Python
Raw Normal View History

2018-11-11 12:41:48 +00:00
"""Core views"""
from logging import getLogger
from typing import Dict
from django.contrib import messages
2018-12-13 17:02:08 +00:00
from django.contrib.auth import logout
2018-11-23 08:44:30 +00:00
from django.contrib.auth.mixins import LoginRequiredMixin, UserPassesTestMixin
2018-11-11 12:41:48 +00:00
from django.http import HttpRequest, HttpResponse
from django.shortcuts import redirect, reverse
2018-11-11 12:41:48 +00:00
from django.utils.translation import ugettext as _
2018-11-23 08:44:30 +00:00
from django.views import View
2018-11-11 12:41:48 +00:00
from django.views.generic import FormView
2018-12-13 17:02:08 +00:00
from passbook.core.auth.mfa import MultiFactorAuthenticator
from passbook.core.forms.authentication import LoginForm, SignUpForm
2018-12-10 13:49:15 +00:00
from passbook.core.models import Invitation, User
2018-12-10 13:21:42 +00:00
from passbook.core.signals import invitation_used, user_signed_up
2018-11-11 12:41:48 +00:00
from passbook.lib.config import CONFIG
LOGGER = getLogger(__name__)
class LoginView(UserPassesTestMixin, FormView):
"""Allow users to sign in"""
template_name = 'login/form.html'
form_class = LoginForm
success_url = '.'
# Allow only not authenticated users to login
def test_func(self):
2018-12-09 20:07:38 +00:00
return self.request.user.is_authenticated is False
def handle_no_permission(self):
if 'next' in self.request.GET:
return redirect(self.request.GET.get('next'))
return redirect(reverse('passbook_core:overview'))
2018-11-11 12:41:48 +00:00
def get_context_data(self, **kwargs):
kwargs['config'] = CONFIG.get('passbook')
kwargs['is_login'] = True
kwargs['title'] = _('Log in to your account')
kwargs['primary_action'] = _('Log in')
kwargs['show_sign_up_notice'] = CONFIG.y('passbook.sign_up.enabled')
kwargs['show_password_forget_notice'] = CONFIG.y('passbook.password_reset.enabled')
2018-11-11 12:41:48 +00:00
return super().get_context_data(**kwargs)
def get_user(self, uid_value) -> User:
"""Find user instance. Returns None if no user was found."""
for search_field in CONFIG.y('passbook.uid_fields'):
users = User.objects.filter(**{search_field: uid_value})
if users.exists():
return users.first()
return None
def form_valid(self, form: LoginForm) -> HttpResponse:
"""Form data is valid"""
pre_user = self.get_user(form.cleaned_data.get('uid_field'))
if not pre_user:
# No user found
2018-11-23 08:44:30 +00:00
return self.invalid_login(self.request)
2018-12-13 17:02:08 +00:00
if MultiFactorAuthenticator.SESSION_FACTOR in self.request.session:
del self.request.session[MultiFactorAuthenticator.SESSION_FACTOR]
self.request.session[MultiFactorAuthenticator.SESSION_PENDING_USER] = pre_user.pk
return redirect(reverse('passbook_core:mfa'))
2018-11-11 12:41:48 +00:00
2018-11-23 08:44:30 +00:00
def invalid_login(self, request: HttpRequest, disabled_user: User = None) -> HttpResponse:
2018-11-11 12:41:48 +00:00
"""Handle login for disabled users/invalid login attempts"""
2018-11-23 08:44:30 +00:00
messages.error(request, _('Failed to authenticate.'))
return self.render_to_response(self.get_context_data())
class LogoutView(LoginRequiredMixin, View):
"""Log current user out"""
def dispatch(self, request):
"""Log current user out"""
logout(request)
messages.success(request, _("You've successfully been logged out."))
return redirect(reverse('passbook_core:auth-login'))
class SignUpView(UserPassesTestMixin, FormView):
2018-12-10 13:21:42 +00:00
"""Sign up new user, optionally consume one-use invitation link."""
template_name = 'login/form.html'
form_class = SignUpForm
success_url = '.'
2018-12-10 13:49:15 +00:00
# Invitation insatnce, if invitation link was used
2018-12-10 13:21:42 +00:00
_invitation = None
# Instance of newly created user
_user = None
# Allow only not authenticated users to login
def test_func(self):
return self.request.user.is_authenticated is False
def handle_no_permission(self):
return redirect(reverse('passbook_core:overview'))
def dispatch(self, request, *args, **kwargs):
2018-12-10 13:21:42 +00:00
"""Check if sign-up is enabled or invitation link given"""
allowed = False
2018-12-10 13:21:42 +00:00
if 'invitation' in request.GET:
2018-12-10 13:49:15 +00:00
invitations = Invitation.objects.filter(uuid=request.GET.get('invitation'))
2018-12-10 13:21:42 +00:00
allowed = invitations.exists()
if allowed:
2018-12-10 13:21:42 +00:00
self._invitation = invitations.first()
if CONFIG.y('passbook.sign_up.enabled'):
allowed = True
if not allowed:
messages.error(request, _('Sign-ups are currently disabled.'))
return redirect(reverse('passbook_core:auth-login'))
return super().dispatch(request, *args, **kwargs)
2018-12-10 13:49:15 +00:00
def get_initial(self):
if self._invitation:
initial = {}
if self._invitation.fixed_username:
initial['username'] = self._invitation.fixed_username
if self._invitation.fixed_email:
initial['email'] = self._invitation.fixed_email
2018-12-10 13:49:15 +00:00
return initial
return super().get_initial()
def get_context_data(self, **kwargs):
kwargs['config'] = CONFIG.get('passbook')
kwargs['is_login'] = True
kwargs['title'] = _('Sign Up')
kwargs['primary_action'] = _('Sign up')
return super().get_context_data(**kwargs)
def form_valid(self, form: SignUpForm) -> HttpResponse:
"""Create user"""
self._user = SignUpView.create_user(form.cleaned_data, self.request)
2018-12-10 13:21:42 +00:00
self.consume_invitation()
messages.success(self.request, _("Successfully signed up!"))
LOGGER.debug("Successfully signed up %s",
form.cleaned_data.get('email'))
return redirect(reverse('passbook_core:auth-login'))
2018-12-10 13:21:42 +00:00
def consume_invitation(self):
"""Consume invitation if an invitation was used"""
if self._invitation:
invitation_used.send(
sender=self,
request=self.request,
2018-12-10 13:21:42 +00:00
invitation=self._invitation,
user=self._user)
2018-12-10 13:21:42 +00:00
self._invitation.delete()
@staticmethod
def create_user(data: Dict, request: HttpRequest = None) -> User:
"""Create user from data
Args:
2018-12-10 13:26:10 +00:00
data: Dictionary as returned by SignUpForm's cleaned_data
request: Optional current request.
Returns:
The user created
Raises:
SignalException: if any signals raise an exception. This also deletes the created user.
"""
# Create user
new_user = User.objects.create_user(
username=data.get('username'),
email=data.get('email'),
first_name=data.get('first_name'),
last_name=data.get('last_name'),
)
new_user.is_active = True
new_user.set_password(data.get('password'))
new_user.save()
request.user = new_user
# Send signal for other auth sources
user_signed_up.send(
sender=SignUpView,
user=new_user,
request=request)
# TODO: Implement Verification, via email or others
# if needs_confirmation:
# Create Account Confirmation UUID
# AccountConfirmation.objects.create(user=new_user)
return new_user