tetaneutral.net
/
djadhere


			
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889
							from django.contrib.auth.decorators import login_required
from django.shortcuts import get_object_or_404, redirect, render
from django.contrib import messages
from django.core.exceptions import PermissionDenied
from django.conf import settings
from django.http import HttpResponse, HttpResponseBadRequest
from django.views.decorators.http import require_POST
from django.views.decorators.csrf import csrf_exempt
from django.contrib.auth import authenticate, get_user_model
from django.contrib.auth.views import LoginView
from django.contrib.auth import login as auth_login

from services.models import IPResource
from djadhere.utils import get_active_filter
from .forms import UserForm, ProfileForm

from ipaddress import ip_address, IPv6Address
from services.utils.ip_conversion import ipv6_to_ipv4


def login(request):
    def try_authenticate_from_ip():
        x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
        if x_forwarded_for:
            ip = x_forwarded_for.split(',')[0]
        else:
            ip = request.META.get('REMOTE_ADDR')
        try:
            ip = ip_address(ip)
        except ValueError:
            return
        try:
            if type(ip) == IPv6Address:
                ip = ipv6_to_ipv4(ip)
            ip = IPResource.objects.get(ip=ip.exploded)
        except (IPResource.DoesNotExist, ValueError):
            return
        allocation = ip.allocations.filter(get_active_filter()).first()
        if not allocation:
            return
        user = allocation.service.adhesion.user
        if not user: # corporation
            return
        if user.is_superuser: # superusers must enter password
            return
        auth_login(request, user, backend='django.contrib.auth.backends.ModelBackend')
    try_authenticate_from_ip()
    return LoginView.as_view(redirect_authenticated_user=True)(request)


@login_required
def profile(request):
    user_form = UserForm(request.POST or None, instance=request.user)
    profile_form = ProfileForm(request.POST or None, instance=request.user.profile)
    forms = [user_form, profile_form]
    if request.method == 'POST' and all(form.is_valid() for form in forms):
        for form in forms:
            form.save()
        messages.success(request, 'Profil mis à jour avec succès !')
        return redirect('profile')
    return render(request, 'accounts/profile.html', {
        'user_form': user_form,
        'profile_form': profile_form,
    })


@require_POST
@csrf_exempt
def auth_api(request, token):
    # token could not be None due to url regex
    if token != getattr(settings, 'AUTH_API_TOKEN', None):
        raise PermissionDenied
    username = request.POST.get('username')
    if not username:
        return HttpResponseBadRequest()
    password = request.POST.get('password')
    if password:
        user = authenticate(username=username, password=password)
        if user is None:
            return HttpResponse('<h1>401 Unauthorized</h1>', status=401)
    else:
        user = get_object_or_404(get_user_model(), username=username)
    required_groups = request.POST.get('groups')
    if required_groups and not user.is_superuser: # skip groups check for superusers
        required_groups = set(required_groups.split(' '))
        user_groups = set(map(lambda g: g.name, user.groups.all()))
        if required_groups - user_groups:
            return HttpResponse('<h1>401 Unauthorized</h1>', status=401)
    return HttpResponse()