Mercurial > public > sg101
comparison accounts/views.py @ 690:988782c6ce6c
For #48, rework blocking code to use fail2ban.
| author | Brian Neal <bgneal@gmail.com> |
|---|---|
| date | Sun, 01 Sep 2013 00:15:42 -0500 |
| parents | 89b240fe9297 |
| children | 81e0be69b3a5 |
comparison
equal
deleted
inserted
replaced
| 689:a8dc08cc5db4 | 690:988782c6ce6c |
|---|---|
| 1 """ | 1 """ |
| 2 Views for the accounts application. | 2 Views for the accounts application. |
| 3 | 3 |
| 4 """ | 4 """ |
| 5 import datetime | |
| 6 import json | 5 import json |
| 7 import logging | 6 import logging |
| 8 | 7 |
| 9 from django.shortcuts import render | 8 from django.shortcuts import render |
| 10 from django.template import RequestContext | 9 from django.template import RequestContext |
| 16 from django.contrib.auth import login | 15 from django.contrib.auth import login |
| 17 | 16 |
| 18 from accounts.models import PendingUser | 17 from accounts.models import PendingUser |
| 19 from accounts.forms import RegisterForm, ForgotUsernameForm | 18 from accounts.forms import RegisterForm, ForgotUsernameForm |
| 20 from accounts import create_new_user | 19 from accounts import create_new_user |
| 21 from antispam.decorators import rate_limit | 20 from antispam.decorators import log_auth_failures |
| 22 | 21 |
| 22 | |
| 23 logger = logging.getLogger('auth') | |
| 23 | 24 |
| 24 ####################################################################### | 25 ####################################################################### |
| 25 | 26 |
| 26 @rate_limit(count=10, interval=datetime.timedelta(minutes=1)) | 27 @log_auth_failures('Register') |
| 27 def register(request): | 28 def register(request): |
| 28 if request.user.is_authenticated(): | 29 if request.user.is_authenticated(): |
| 29 return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL) | 30 return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL) |
| 30 | 31 |
| 31 if request.method == 'POST': | 32 if request.method == 'POST': |
| 58 | 59 |
| 59 ip = request.META.get('REMOTE_ADDR', '?') | 60 ip = request.META.get('REMOTE_ADDR', '?') |
| 60 try: | 61 try: |
| 61 pending_user = PendingUser.objects.get(username = username) | 62 pending_user = PendingUser.objects.get(username = username) |
| 62 except PendingUser.DoesNotExist: | 63 except PendingUser.DoesNotExist: |
| 63 logging.error('Accounts register_confirm [%s]: user does not exist: %s', ip, username) | 64 logger.error('Accounts register_confirm [%s]: user does not exist: %s', ip, username) |
| 64 return render(request, | 65 return render(request, |
| 65 'accounts/register_failure.html', | 66 'accounts/register_failure.html', |
| 66 {'username': username}) | 67 {'username': username}) |
| 67 | 68 |
| 68 if pending_user.key != key: | 69 if pending_user.key != key: |
| 69 logging.error('Accounts register_confirm [%s]: key error: %s', ip, username) | 70 logger.error('Accounts register_confirm [%s]: key error: %s', ip, username) |
| 70 return render(request, | 71 return render(request, |
| 71 'accounts/register_failure.html', | 72 'accounts/register_failure.html', |
| 72 {'username': username}) | 73 {'username': username}) |
| 73 | 74 |
| 74 create_new_user(pending_user, ip) | 75 create_new_user(pending_user, ip) |
| 77 'accounts/register_success.html', | 78 'accounts/register_success.html', |
| 78 {'username': username}) | 79 {'username': username}) |
| 79 | 80 |
| 80 ####################################################################### | 81 ####################################################################### |
| 81 | 82 |
| 82 @rate_limit(count=10, interval=datetime.timedelta(minutes=1), | 83 @log_auth_failures |
| 83 lockout=datetime.timedelta(minutes=2)) | |
| 84 def login_ajax(request): | 84 def login_ajax(request): |
| 85 """ | 85 """ |
| 86 This view function handles a login via AJAX. | 86 This view function handles a login via AJAX. |
| 87 | 87 |
| 88 """ | 88 """ |