我们从Python开源项目中,提取了以下45个代码示例,用于说明如何使用django.conf.settings.LOGIN_REDIRECT_URL。
def dashboard(request): # Ideally people should... # `HTTP -X POST -d JSON http://hostname/symbolicate/` # But if they do it directly on the root it should still work, # for legacy reasons. if request.method == 'POST' and request.body: return symbolicate_json(request) absolute_url = request.build_absolute_uri() if ( absolute_url.endswith(settings.LOGIN_REDIRECT_URL) and settings.DEBUG ): # pragma: no cover return redirect('http://localhost:3000' + settings.LOGIN_REDIRECT_URL) return frontend_index_html(request)
def user_login(request): """ View for logging users in. """ redirect_to = request.POST.get(REDIRECT_FIELD_NAME, request.GET.get(REDIRECT_FIELD_NAME, '')) login_form = AuthenticationForm(request, data=request.POST) if login_form.is_valid(): # Ensure the user-originating redirection url is safe. if not is_safe_url(url=REDIRECT_FIELD_NAME, host=request.get_host()): redirect_to = settings.LOGIN_REDIRECT_URL # Okay, security check complete. Log the user in. auth_login(request, login_form.get_user()) return redirect(settings.LOGIN_REDIRECT_URL if redirect_to == '' else redirect_to) else: return render(request, 'index.html', {'login_form': login_form, 'display': 'block', 'active': 'login'})
def away(request): referer = request.META.get('HTTP_REFERER') if not referer: return redirect(settings.LOGIN_REDIRECT_URL) # ??????????, ??? ? REFERER ???????? ??? referer = urlparse(referer) if '' in (referer.scheme, referer.netloc): return redirect(settings.LOGIN_REDIRECT_URL) # ?????????, ??? ??????? ? ?????? ????? site = get_current_site(request) if not is_same_domain(referer.netloc, site.domain): return redirect(settings.LOGIN_REDIRECT_URL) url = request.GET.get('url') or resolve_url('index') return render(request, 'away/away.html', { 'url': url })
def test_login_evil_redirect(self): """ Make sure that if we give an URL other than our own host as the next parameter, it is replaced with the default LOGIN_REDIRECT_URL. """ # monkey patch SAML configuration settings.SAML_CONFIG = conf.create_conf( sp_host='sp.example.com', idp_hosts=['idp.example.com'], metadata_file='remote_metadata_one_idp.xml', ) response = self.client.get(reverse('saml2_login') + '?next=http://evil.com') url = urlparse(response['Location']) params = parse_qs(url.query) self.assertEqual(params['RelayState'], [settings.LOGIN_REDIRECT_URL, ])
def login(request, redirect_field_name=REDIRECT_FIELD_NAME, authentication_form=AuthenticationForm): redirect_to = request.POST.get(redirect_field_name, request.GET.get(redirect_field_name, '')) if request.method == "POST": if request.POST.has_key('login'): form = authentication_form(request, data=request.POST) if form.is_valid(): if form.get_user() and form.get_user().is_active: # Ensure the user-originating redirection url is safe. if not is_safe_url(url=redirect_to, host=request.get_host()): redirect_to = resolve_url(djsettings.LOGIN_REDIRECT_URL) auth_login(request, form.get_user()) Message.objects.create(type=u'????', user=request.user, action=u'????', action_ip=UserIP(request), content='???? %s'%request.user) return HttpResponseRedirect(redirect_to) else: Message.objects.create(type=u'????', user=request.POST.get('username'), action=u'????', action_ip=UserIP(request), content=u'?????? %s'%request.POST.get('username')) else: form = authentication_form(request) return render(request, 'registration/login.html', {'form':form, 'title':'????'})
def test_login_evil_redirect(self): """ Make sure that if we give an URL other than our own host as the next parameter, it is replaced with the default LOGIN_REDIRECT_URL. """ # monkey patch SAML configuration settings.SAML_CONFIG = conf.create_conf( sp_host='sp.example.com', idp_hosts=['idp.example.com'], metadata_file='remote_metadata_one_idp.xml', ) response = self.client.get(reverse('saml2_login') + '?next=http://evil.com') url = urlparse(response['Location']) params = parse_qs(url.query) self.assertEquals(params['RelayState'], [settings.LOGIN_REDIRECT_URL, ])
def assertLoginSuccess(self, response, redirect_to=None): """ Asserts response corresponds to a successful login. To check this, the response should redirect to redirect_to (default to /accounts/profile/, the default redirect after a successful login). Also CAS_PROVIDER_SESSION_KEY should be set in the client' session. By default, self.client is used. """ if redirect_to is None: redirect_to = settings.LOGIN_REDIRECT_URL self.assertRedirects( response, redirect_to, fetch_redirect_response=False, ) self.assertIn( CAS_PROVIDER_SESSION_KEY, response.wsgi_request.session, )
def test_timezone_awareness(self): url = settings.LOGIN_REDIRECT_URL mw = middleware.HorizonMiddleware() request = self.factory.get(url) request.session['django_timezone'] = 'America/Chicago' mw.process_request(request) self.assertEqual( timezone.get_current_timezone_name(), 'America/Chicago') request.session['django_timezone'] = 'Europe/Paris' mw.process_request(request) self.assertEqual(timezone.get_current_timezone_name(), 'Europe/Paris') request.session['django_timezone'] = 'UTC' mw.process_request(request) self.assertEqual(timezone.get_current_timezone_name(), 'UTC')
def get_user_home(self, user): """Returns the default URL for a particular user. This method can be used to customize where a user is sent when they log in, etc. By default it returns the value of :meth:`get_absolute_url`. An alternative function can be supplied to customize this behavior by specifying a either a URL or a function which returns a URL via the ``"user_home"`` key in ``HORIZON_CONFIG``. Each of these would be valid:: {"user_home": "/home",} # A URL {"user_home": "my_module.get_user_home",} # Path to a function {"user_home": lambda user: "/" + user.name,} # A function {"user_home": None,} # Will always return the default dashboard This can be useful if the default dashboard may not be accessible to all users. When user_home is missing from HORIZON_CONFIG, it will default to the settings.LOGIN_REDIRECT_URL value. """ user_home = self._conf['user_home'] if user_home: if callable(user_home): return user_home(user) elif isinstance(user_home, six.string_types): # Assume we've got a URL if there's a slash in it if '/' in user_home: return user_home else: mod, func = user_home.rsplit(".", 1) return getattr(import_module(mod), func)(user) # If it's not callable and not a string, it's wrong. raise ValueError('The user_home setting must be either a string ' 'or a callable object (e.g. a function).') else: return self.get_absolute_url()
def login(request, template_name='registration/login.html', redirect_field_name=REDIRECT_FIELD_NAME, authentication_form=AuthenticationForm, extra_context=None): """ Displays the login form and handles the login action. """ redirect_to = request.POST.get(redirect_field_name, request.GET.get(redirect_field_name, '')) if request.method == "POST": form = authentication_form(request, data=request.POST) if form.is_valid(): # Ensure the user-originating redirection url is safe. if not is_safe_url(url=redirect_to, host=request.get_host()): redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL) # Okay, security check complete. Log the user in. auth_login(request, form.get_user()) return HttpResponseRedirect(redirect_to) else: form = authentication_form(request) current_site = get_current_site(request) context = { 'form': form, redirect_field_name: redirect_to, 'site': current_site, 'site_name': current_site.name, } if extra_context is not None: context.update(extra_context) return TemplateResponse(request, template_name, context)
def _get_login_redirect_url(request, redirect_to): # Ensure the user-originating redirection URL is safe. if not is_safe_url(url=redirect_to, host=request.get_host()): return resolve_url(settings.LOGIN_REDIRECT_URL) return redirect_to
def login(request, template_name='registration/login.html', redirect_field_name=REDIRECT_FIELD_NAME, authentication_form=AuthenticationForm, extra_context=None, redirect_authenticated_user=False): """ Displays the login form and handles the login action. """ redirect_to = request.POST.get(redirect_field_name, request.GET.get(redirect_field_name, '')) if redirect_authenticated_user and request.user.is_authenticated: redirect_to = _get_login_redirect_url(request, redirect_to) if redirect_to == request.path: raise ValueError( "Redirection loop for authenticated user detected. Check that " "your LOGIN_REDIRECT_URL doesn't point to a login page." ) return HttpResponseRedirect(redirect_to) elif request.method == "POST": form = authentication_form(request, data=request.POST) if form.is_valid(): auth_login(request, form.get_user()) return HttpResponseRedirect(_get_login_redirect_url(request, redirect_to)) else: form = authentication_form(request) current_site = get_current_site(request) context = { 'form': form, redirect_field_name: redirect_to, 'site': current_site, 'site_name': current_site.name, } if extra_context is not None: context.update(extra_context) return TemplateResponse(request, template_name, context)
def logout(request): auth.logout(request) messages.success(request, _('You have been successfully logged out.')) return redirect(settings.LOGIN_REDIRECT_URL)
def signup(request): form = SignupForm(request.POST or None) if form.is_valid(): form.save() password = form.cleaned_data.get('password') email = form.cleaned_data.get('email') user = auth.authenticate(request=request, email=email, password=password) if user: auth.login(request, user) messages.success(request, _('User has been created')) return redirect(settings.LOGIN_REDIRECT_URL) ctx = {'form': form} return TemplateResponse(request, 'account/signup.html', ctx)
def _login_redirect_url(request, fallback_to=None): redirect_to = request.POST.get('next', request.GET.get('next', '')) if not redirect_to or not is_safe_url(url=redirect_to, host=request.get_host()): return fallback_to or django_settings.LOGIN_REDIRECT_URL return redirect_to
def dispatch(self, request, *args, **kwargs): if self.redirect_authenticated_user and self.request.user.is_authenticated: redirect_to = self.get_success_url() if redirect_to == self.request.path: raise ValueError( "Redirection loop for authenticated user detected. Check that " "your LOGIN_REDIRECT_URL doesn't point to a login page." ) return HttpResponseRedirect(redirect_to) return super(LoginView, self).dispatch(request, *args, **kwargs)
def get_success_url(self): """Ensure the user-originating redirection URL is safe.""" redirect_to = self.request.POST.get( self.redirect_field_name, self.request.GET.get(self.redirect_field_name, '') ) url_is_safe = is_safe_url( url=redirect_to, allowed_hosts=self.get_success_url_allowed_hosts(), require_https=self.request.is_secure(), ) if not url_is_safe: return resolve_url(settings.LOGIN_REDIRECT_URL) return redirect_to
def _get_login_redirect_url(self, request, redirect_to): # Ensure the user-originating redirection URL is safe. if not is_safe_url(url=redirect_to, host=request.get_host()): return resolve_url(settings.LOGIN_REDIRECT_URL) return redirect_to
def user_register(request): """ View for registering new users. If user is already authenticated view redirects to index page. """ register_form = UserRegistrationForm(request.POST) if register_form.is_valid(): register_form.save() registered_user = authenticate(username=register_form.cleaned_data['username'], password=register_form.cleaned_data['password']) auth_login(request, registered_user) return redirect(settings.LOGIN_REDIRECT_URL) return render(request, 'index.html', {'register_form': register_form, 'display': 'block', 'active': 'register'})
def redirect_if_authorized(func): """ Redirects user to the given view (identified by 'view_name' parameter) if user is authenticated. """ @wraps(func) def _decorator(request, *args, **kwargs): if request.user.is_authenticated(): return redirect(settings.LOGIN_REDIRECT_URL) else: return func(request, *args, **kwargs) return _decorator
def get_redirect_url(request, default=settings.LOGIN_REDIRECT_URL): """ ????????? ?????? ??? ????????? ?? POST, GET ??? settings """ redirect_to = request.POST.get( REDIRECT_FIELD_NAME, request.GET.get(REDIRECT_FIELD_NAME, '') ) if not is_safe_url(url=redirect_to, host=request.get_host()): redirect_to = resolve_url(default) return redirect_to
def get_success_url(self): url = self.get_redirect_url() return url or resolve_url(settings.LOGIN_REDIRECT_URL)
def post_login_response(request, new_user): response = redirect(retrieve_next(request) or settings.LOGIN_REDIRECT_URL) response.delete_cookie(REDIRECT_COOKIE_NAME) return response
def login(request, template_name='registration/login.html', redirect_field_name=REDIRECT_FIELD_NAME, authentication_form=AuthenticationForm, current_app=None, extra_context=None): """ Displays the login form and handles the login action. """ redirect_to = request.POST.get(redirect_field_name, request.GET.get(redirect_field_name, '')) if request.method == "POST": form = authentication_form(request, data=request.POST) if form.is_valid(): # Ensure the user-originating redirection url is safe. if not is_safe_url(url=redirect_to, host=request.get_host()): redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL) # Okay, security check complete. Log the user in. auth_login(request, form.get_user()) return HttpResponseRedirect(redirect_to) else: form = authentication_form(request) current_site = get_current_site(request) context = { 'form': form, redirect_field_name: redirect_to, 'site': current_site, 'site_name': current_site.name, } if extra_context is not None: context.update(extra_context) if current_app is not None: request.current_app = current_app return TemplateResponse(request, template_name, context)
def get_redirect_to(request, redirect_field_name): redirect_to = request.REQUEST.get(redirect_field_name) # Light security check -- make sure redirect_to isn't garbage. if not redirect_to or '//' in redirect_to or ' ' in redirect_to: redirect_to = settings.LOGIN_REDIRECT_URL return redirect_to
def google_login_url(redirect=settings.LOGIN_REDIRECT_URL): return escape(users.create_login_url(redirect))
def __call__(self, request, *args, **kwargs): if request.user is not None and request.user.is_authenticated(): from django.conf import settings return HttpResponseRedirect(resolve_url(self.redirect_to or settings.LOGIN_REDIRECT_URL)) return self.view_function(request, *args, **kwargs)
def get_login_redirect_url(self, request): """ Returns the default URL to redirect to after logging in. Note that URLs passed explicitly (e.g. by passing along a `next` GET parameter) take precedence over the value returned here. """ assert request.user.is_authenticated() url = getattr(settings, "LOGIN_REDIRECT_URLNAME", None) if url: warnings.warn("LOGIN_REDIRECT_URLNAME is deprecated, simply" " use LOGIN_REDIRECT_URL with a URL name", DeprecationWarning) else: url = settings.LOGIN_REDIRECT_URL return resolve_url(url)
def logout_required(fun): """ Not-logged-in decorator. Use for pages that do not require login. If a user is logged in and accessing such a page, he should be redirected to some meaningful page. """ def wrap(request, *args, **kwargs): if request.user and request.user.is_authenticated(): return redirect(settings.LOGIN_REDIRECT_URL) return fun(request, *args, **kwargs) return wrap
def dc_switch_form(request): """ Ajax page for changing current working datacenter. """ form = DcSwitch(request, request.POST, prefix='dc') if form.is_valid(): if form.save(): return redirect(form.get_referrer() or settings.LOGIN_REDIRECT_URL) else: return HttpResponse(None, status=204) return render(request, 'gui/dc/dc_switch_form.html', {'dcs_form': form})
def impersonate_user(request, user_id): if not request.user.is_staff: raise PermissionDenied request.session['impersonate_id'] = user_id return redirect(settings.LOGIN_REDIRECT_URL)
def index(request): if request.user.is_authenticated(): return redirect(settings.LOGIN_REDIRECT_URL) form = ExtendedRegistrationForm() return render(request, 'index.html', {'form': form})
def register(request): form = ExtendedRegistrationForm() if request.method == 'POST': form = ExtendedRegistrationForm(request.POST) if form.is_valid(): form.save() username = form.cleaned_data.get('username') raw_password = form.cleaned_data.get('password1') user = authenticate(username=username, password=raw_password) login(request, user) return redirect(settings.LOGIN_REDIRECT_URL) return render(request, 'registration/register.html', {'form': form})