import datetime import time from django.http import JsonResponse from django.shortcuts import redirect, render from django.urls import reverse from ipware import get_client_ip from django.conf import settings from user.forms import MasterSignInForm from user.models import LoginLog, Master, UserLog from user.utils import check_robot, get_settings from django.contrib.auth.models import User, Group, Permission from django.contrib.auth import authenticate, login, logout from django.contrib.auth.decorators import login_required from django.contrib.sessions.models import Session # Create your views here. def master_login(request): # user_controller = user_control(request) # if not user_controller['has_perm']: # return redirect(user_controller['redirect_uri']) site_settings = get_settings(request) if site_settings.page_name in ["", None, "None"]: site_settings.page_name = "login" ip, _=get_client_ip(request) next_addr = request.GET.get("next") if next_addr is None: next_addr = "/master/" if request.user.is_authenticated: logout(request) form = MasterSignInForm() page_adr = f"{site_settings.theme_name}/login.html" base_adr = f"{site_settings.theme_name}/base_auth.html" return render(request, page_adr, locals()) def master_login_submit(request): # user_controller = user_control(request) # if not user_controller['has_perm']: # return JsonResponse({"error": True, "message": user_controller['message'], "redirect_url":user_controller.get('redirect_uri')}, status=user_controller['redirect_code']) next_addr = request.GET.get("next") if next_addr is None: next_addr = "/master/" if request.user.is_authenticated: logout(request) ip, _=get_client_ip(request) if request.method == 'POST': result = check_robot(request) if result['success']: password = request.POST.get('password') username = request.POST.get('username') try: master = Master.objects.get(user__username=username) if master.incorrect_num > 2 and master.incorrect_time > time.time() - (15*60): return JsonResponse({"error":True, "message":'not allowed to login', "errors":{}},status=400) except Exception: return JsonResponse({"error":True, "message":'username or password is incorrect', "errors":{}},status=400) user = master.user if f_user := authenticate(username=username, password=password): now = datetime.datetime.now() if not settings.DEBUG: for s in Session.objects.filter(expire_date__gt=now): if s.get_decoded().get('_auth_user_id') == str(f_user.id): s.expire_date = now s.save() login(request, f_user) master.incorrect_num = 0 master.save() LoginLog.objects.create(user=f_user, ip=ip) UserLog.objects.create(user=f_user, desc="login to site", ip=ip) return JsonResponse({"error":False, "message":"login to site", "data":{"next_addr":next_addr}, "errors":{}},status=200) else: LoginLog.objects.create(user=user, ip=ip, success=False, failure="incorrect password") master.incorrect_num += 1 master.incorrect_time = time.time() master.save() return JsonResponse({"error":True, "message":'username or password is incorrect', "errors":{}},status=400) else: return JsonResponse({"error":True, "message":"please select checkbox: you are not robot", "errors":{}},status=400) return render(request, "blank.html") def logout_user(request): user = request.user ip, _=get_client_ip(request) if user.is_authenticated: logout(request) # messages.success(request, 'با موفقیت از پنل کاربری خود خارج شدید.') UserLog.objects.create( user=user, desc="خروج از سایت", ip=ip) return redirect(settings.LOGOUT_REDIRECT_URL)