Changeset 2577
- Timestamp:
- 03/12/10 10:58:51 (5 months ago)
- Location:
- branches/0.9/pylucid_project
- Files:
-
- 4 modified
-
media/PyLucid/sha.js (modified) (8 diffs)
-
media/PyLucid/shared_sha_tools.js (modified) (1 diff)
-
pylucid_plugins/auth/templates/auth/sha_form.html (modified) (13 diffs)
-
pylucid_plugins/auth/views.py (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/0.9/pylucid_project/media/PyLucid/sha.js
r2002 r2577 1 1 /* 2 2 * A JavaScript implementation of the Secure Hash Algorithm, SHA-1, as defined 3 * in FIPS PUB180-14 * Version 2. 1a Copyright Paul Johnston 2000 - 2002.3 * in FIPS 180-1 4 * Version 2.2 Copyright Paul Johnston 2000 - 2009. 5 5 * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet 6 6 * Distributed under the BSD License … … 14 14 var hexcase = 0; /* hex output format. 0 - lowercase; 1 - uppercase */ 15 15 var b64pad = ""; /* base-64 pad character. "=" for strict RFC compliance */ 16 var chrsz = 8; /* bits per input character. 8 - ASCII; 16 - Unicode */17 16 18 17 /* … … 20 19 * They take string arguments and return either hex or base-64 encoded strings 21 20 */ 22 function hex_sha1(s){return binb2hex(core_sha1(str2binb(s),s.length * chrsz));} 23 function b64_sha1(s){return binb2b64(core_sha1(str2binb(s),s.length * chrsz));} 24 function str_sha1(s){return binb2str(core_sha1(str2binb(s),s.length * chrsz));} 25 function hex_hmac_sha1(key, data){ return binb2hex(core_hmac_sha1(key, data));} 26 function b64_hmac_sha1(key, data){ return binb2b64(core_hmac_sha1(key, data));} 27 function str_hmac_sha1(key, data){ return binb2str(core_hmac_sha1(key, data));} 21 function hex_sha1(s) { return rstr2hex(rstr_sha1(str2rstr_utf8(s))); } 22 function b64_sha1(s) { return rstr2b64(rstr_sha1(str2rstr_utf8(s))); } 23 function any_sha1(s, e) { return rstr2any(rstr_sha1(str2rstr_utf8(s)), e); } 24 function hex_hmac_sha1(k, d) 25 { return rstr2hex(rstr_hmac_sha1(str2rstr_utf8(k), str2rstr_utf8(d))); } 26 function b64_hmac_sha1(k, d) 27 { return rstr2b64(rstr_hmac_sha1(str2rstr_utf8(k), str2rstr_utf8(d))); } 28 function any_hmac_sha1(k, d, e) 29 { return rstr2any(rstr_hmac_sha1(str2rstr_utf8(k), str2rstr_utf8(d)), e); } 28 30 29 31 /* … … 32 34 function sha1_vm_test() 33 35 { 34 return hex_sha1("abc") == "a9993e364706816aba3e25717850c26c9cd0d89d"; 36 return hex_sha1("abc").toLowerCase() == "a9993e364706816aba3e25717850c26c9cd0d89d"; 37 } 38 39 /* 40 * Calculate the SHA1 of a raw string 41 */ 42 function rstr_sha1(s) 43 { 44 return binb2rstr(binb_sha1(rstr2binb(s), s.length * 8)); 45 } 46 47 /* 48 * Calculate the HMAC-SHA1 of a key and some data (raw strings) 49 */ 50 function rstr_hmac_sha1(key, data) 51 { 52 var bkey = rstr2binb(key); 53 if(bkey.length > 16) bkey = binb_sha1(bkey, key.length * 8); 54 55 var ipad = Array(16), opad = Array(16); 56 for(var i = 0; i < 16; i++) 57 { 58 ipad[i] = bkey[i] ^ 0x36363636; 59 opad[i] = bkey[i] ^ 0x5C5C5C5C; 60 } 61 62 var hash = binb_sha1(ipad.concat(rstr2binb(data)), 512 + data.length * 8); 63 return binb2rstr(binb_sha1(opad.concat(hash), 512 + 160)); 64 } 65 66 /* 67 * Convert a raw string to a hex string 68 */ 69 function rstr2hex(input) 70 { 71 try { hexcase } catch(e) { hexcase=0; } 72 var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef"; 73 var output = ""; 74 var x; 75 for(var i = 0; i < input.length; i++) 76 { 77 x = input.charCodeAt(i); 78 output += hex_tab.charAt((x >>> 4) & 0x0F) 79 + hex_tab.charAt( x & 0x0F); 80 } 81 return output; 82 } 83 84 /* 85 * Convert a raw string to a base-64 string 86 */ 87 function rstr2b64(input) 88 { 89 try { b64pad } catch(e) { b64pad=''; } 90 var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; 91 var output = ""; 92 var len = input.length; 93 for(var i = 0; i < len; i += 3) 94 { 95 var triplet = (input.charCodeAt(i) << 16) 96 | (i + 1 < len ? input.charCodeAt(i+1) << 8 : 0) 97 | (i + 2 < len ? input.charCodeAt(i+2) : 0); 98 for(var j = 0; j < 4; j++) 99 { 100 if(i * 8 + j * 6 > input.length * 8) output += b64pad; 101 else output += tab.charAt((triplet >>> 6*(3-j)) & 0x3F); 102 } 103 } 104 return output; 105 } 106 107 /* 108 * Convert a raw string to an arbitrary string encoding 109 */ 110 function rstr2any(input, encoding) 111 { 112 var divisor = encoding.length; 113 var remainders = Array(); 114 var i, q, x, quotient; 115 116 /* Convert to an array of 16-bit big-endian values, forming the dividend */ 117 var dividend = Array(Math.ceil(input.length / 2)); 118 for(i = 0; i < dividend.length; i++) 119 { 120 dividend[i] = (input.charCodeAt(i * 2) << 8) | input.charCodeAt(i * 2 + 1); 121 } 122 123 /* 124 * Repeatedly perform a long division. The binary array forms the dividend, 125 * the length of the encoding is the divisor. Once computed, the quotient 126 * forms the dividend for the next step. We stop when the dividend is zero. 127 * All remainders are stored for later use. 128 */ 129 while(dividend.length > 0) 130 { 131 quotient = Array(); 132 x = 0; 133 for(i = 0; i < dividend.length; i++) 134 { 135 x = (x << 16) + dividend[i]; 136 q = Math.floor(x / divisor); 137 x -= q * divisor; 138 if(quotient.length > 0 || q > 0) 139 quotient[quotient.length] = q; 140 } 141 remainders[remainders.length] = x; 142 dividend = quotient; 143 } 144 145 /* Convert the remainders to the output string */ 146 var output = ""; 147 for(i = remainders.length - 1; i >= 0; i--) 148 output += encoding.charAt(remainders[i]); 149 150 /* Append leading zero equivalents */ 151 var full_length = Math.ceil(input.length * 8 / 152 (Math.log(encoding.length) / Math.log(2))) 153 for(i = output.length; i < full_length; i++) 154 output = encoding[0] + output; 155 156 return output; 157 } 158 159 /* 160 * Encode a string as utf-8. 161 * For efficiency, this assumes the input is valid utf-16. 162 */ 163 function str2rstr_utf8(input) 164 { 165 var output = ""; 166 var i = -1; 167 var x, y; 168 169 while(++i < input.length) 170 { 171 /* Decode utf-16 surrogate pairs */ 172 x = input.charCodeAt(i); 173 y = i + 1 < input.length ? input.charCodeAt(i + 1) : 0; 174 if(0xD800 <= x && x <= 0xDBFF && 0xDC00 <= y && y <= 0xDFFF) 175 { 176 x = 0x10000 + ((x & 0x03FF) << 10) + (y & 0x03FF); 177 i++; 178 } 179 180 /* Encode output as utf-8 */ 181 if(x <= 0x7F) 182 output += String.fromCharCode(x); 183 else if(x <= 0x7FF) 184 output += String.fromCharCode(0xC0 | ((x >>> 6 ) & 0x1F), 185 0x80 | ( x & 0x3F)); 186 else if(x <= 0xFFFF) 187 output += String.fromCharCode(0xE0 | ((x >>> 12) & 0x0F), 188 0x80 | ((x >>> 6 ) & 0x3F), 189 0x80 | ( x & 0x3F)); 190 else if(x <= 0x1FFFFF) 191 output += String.fromCharCode(0xF0 | ((x >>> 18) & 0x07), 192 0x80 | ((x >>> 12) & 0x3F), 193 0x80 | ((x >>> 6 ) & 0x3F), 194 0x80 | ( x & 0x3F)); 195 } 196 return output; 197 } 198 199 /* 200 * Encode a string as utf-16 201 */ 202 function str2rstr_utf16le(input) 203 { 204 var output = ""; 205 for(var i = 0; i < input.length; i++) 206 output += String.fromCharCode( input.charCodeAt(i) & 0xFF, 207 (input.charCodeAt(i) >>> 8) & 0xFF); 208 return output; 209 } 210 211 function str2rstr_utf16be(input) 212 { 213 var output = ""; 214 for(var i = 0; i < input.length; i++) 215 output += String.fromCharCode((input.charCodeAt(i) >>> 8) & 0xFF, 216 input.charCodeAt(i) & 0xFF); 217 return output; 218 } 219 220 /* 221 * Convert a raw string to an array of big-endian words 222 * Characters >255 have their high-byte silently ignored. 223 */ 224 function rstr2binb(input) 225 { 226 var output = Array(input.length >> 2); 227 for(var i = 0; i < output.length; i++) 228 output[i] = 0; 229 for(var i = 0; i < input.length * 8; i += 8) 230 output[i>>5] |= (input.charCodeAt(i / 8) & 0xFF) << (24 - i % 32); 231 return output; 232 } 233 234 /* 235 * Convert an array of big-endian words to a string 236 */ 237 function binb2rstr(input) 238 { 239 var output = ""; 240 for(var i = 0; i < input.length * 32; i += 8) 241 output += String.fromCharCode((input[i>>5] >>> (24 - i % 32)) & 0xFF); 242 return output; 35 243 } 36 244 … … 38 246 * Calculate the SHA-1 of an array of big-endian words, and a bit length 39 247 */ 40 function core_sha1(x, len)248 function binb_sha1(x, len) 41 249 { 42 250 /* append padding */ … … 62 270 { 63 271 if(j < 16) w[j] = x[i + j]; 64 else w[j] = rol(w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16], 1);65 var t = safe_add(safe_add( rol(a, 5), sha1_ft(j, b, c, d)),272 else w[j] = bit_rol(w[j-3] ^ w[j-8] ^ w[j-14] ^ w[j-16], 1); 273 var t = safe_add(safe_add(bit_rol(a, 5), sha1_ft(j, b, c, d)), 66 274 safe_add(safe_add(e, w[j]), sha1_kt(j))); 67 275 e = d; 68 276 d = c; 69 c = rol(b, 30);277 c = bit_rol(b, 30); 70 278 b = a; 71 279 a = t; … … 104 312 105 313 /* 106 * Calculate the HMAC-SHA1 of a key and some data107 */108 function core_hmac_sha1(key, data)109 {110 var bkey = str2binb(key);111 if(bkey.length > 16) bkey = core_sha1(bkey, key.length * chrsz);112 113 var ipad = Array(16), opad = Array(16);114 for(var i = 0; i < 16; i++)115 {116 ipad[i] = bkey[i] ^ 0x36363636;117 opad[i] = bkey[i] ^ 0x5C5C5C5C;118 }119 120 var hash = core_sha1(ipad.concat(str2binb(data)), 512 + data.length * chrsz);121 return core_sha1(opad.concat(hash), 512 + 160);122 }123 124 /*125 314 * Add integers, wrapping at 2^32. This uses 16-bit operations internally 126 315 * to work around bugs in some JS interpreters. … … 136 325 * Bitwise rotate a 32-bit number to the left. 137 326 */ 138 function rol(num, cnt)327 function bit_rol(num, cnt) 139 328 { 140 329 return (num << cnt) | (num >>> (32 - cnt)); 141 330 } 142 143 /*144 * Convert an 8-bit or 16-bit string to an array of big-endian words145 * In 8-bit function, characters >255 have their hi-byte silently ignored.146 */147 function str2binb(str)148 {149 var bin = Array();150 var mask = (1 << chrsz) - 1;151 for(var i = 0; i < str.length * chrsz; i += chrsz)152 bin[i>>5] |= (str.charCodeAt(i / chrsz) & mask) << (32 - chrsz - i%32);153 return bin;154 }155 156 /*157 * Convert an array of big-endian words to a string158 */159 function binb2str(bin)160 {161 var str = "";162 var mask = (1 << chrsz) - 1;163 for(var i = 0; i < bin.length * 32; i += chrsz)164 str += String.fromCharCode((bin[i>>5] >>> (32 - chrsz - i%32)) & mask);165 return str;166 }167 168 /*169 * Convert an array of big-endian words to a hex string.170 */171 function binb2hex(binarray)172 {173 var hex_tab = hexcase ? "0123456789ABCDEF" : "0123456789abcdef";174 var str = "";175 for(var i = 0; i < binarray.length * 4; i++)176 {177 str += hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8+4)) & 0xF) +178 hex_tab.charAt((binarray[i>>2] >> ((3 - i%4)*8 )) & 0xF);179 }180 return str;181 }182 183 /*184 * Convert an array of big-endian words to a base-64 string185 */186 function binb2b64(binarray)187 {188 var tab = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";189 var str = "";190 for(var i = 0; i < binarray.length * 4; i += 3)191 {192 var triplet = (((binarray[i >> 2] >> 8 * (3 - i %4)) & 0xFF) << 16)193 | (((binarray[i+1 >> 2] >> 8 * (3 - (i+1)%4)) & 0xFF) << 8 )194 | ((binarray[i+2 >> 2] >> 8 * (3 - (i+2)%4)) & 0xFF);195 for(var j = 0; j < 4; j++)196 {197 if(i * 8 + j * 6 > binarray.length * 32) str += b64pad;198 else str += tab.charAt((triplet >> 6*(3-j)) & 0x3F);199 }200 }201 return str;202 } -
branches/0.9/pylucid_project/media/PyLucid/shared_sha_tools.js
r2572 r2577 16 16 // build the SHA hexdigest from the given string. Return false is anything is wrong. 17 17 try { 18 log("sha_hexdigest( " + txt + "):");18 log("sha_hexdigest('" + txt + "'):"); 19 19 SHA_hexdigest = hex_sha1(txt); // from: sha.js 20 20 len = SHA_hexdigest.length; -
branches/0.9/pylucid_project/pylucid_plugins/auth/templates/auth/sha_form.html
r2572 r2577 17 17 var SALT_LEN={{ salt_len }}; 18 18 var HASH_LEN={{ hash_len }}; 19 var salt="";20 var challenge="{{ challenge }}";21 19 var challenge="{{ challenge }}"; // changed via ajax, after wrong login 20 var salt=""; // get via ajax 21 22 22 try { 23 23 jQuery(document); … … 31 31 return false; 32 32 } 33 34 35 36 37 38 39 40 41 33 if (!hex_sha1) { 34 alert("sha.js not loaded.\n(hex_sha1 not defined)"); 35 return false; 36 } 37 if (!sha_hexdigest) { 38 alert("Wrong shared_sha_tools.js loaded! Please update your media files\n(sha_hexdigest not defined)"); 39 return false; 40 } 41 42 42 // unhide form 43 43 $("#login_form").css("display", "block").slideDown(); 44 44 $("#load_info").slideUp(); 45 45 46 $("#id_username").focus(); 46 47 // TODO: Add a client side random value??? 48 // Math.random(); 49 // http://docs.jquery.com/Tutorials:Mouse_Position 50 47 51 48 // remove old page_msg, if exist 52 $("#page_msg").slideUp(); 53 49 log("is_ajax: '{{ is_ajax }}'"); 50 if ("{{ is_ajax }}" == "True") { 51 $("#page_msg").slideUp(); 52 } 53 54 54 $("#id_username").change(function() { 55 55 // if the username change, we must get a new salt from server. … … 60 60 return false; 61 61 }); 62 62 63 63 $("#id_password").change(function() { 64 64 $("#js_page_msg").slideUp(); // hide old messages 65 65 }); 66 66 67 67 $("#login_form").submit(function() { 68 68 log("check login form."); 69 try { 69 try { 70 70 var username = $("#id_username").val(); 71 71 log("username:" + username); 72 72 73 73 if (username.length<2) { 74 74 log("username to short, current len:" + username.length); … … 77 77 return false; 78 78 } 79 79 80 80 var password = $("#id_password").val(); 81 81 log("password:" + password); 82 82 83 83 if (password.length<8) { 84 84 log("password to short, current len:" + password.length); … … 91 91 return false; 92 92 } 93 93 94 94 if (salt=="") { 95 95 page_msg_info("{% trans 'Get the hash salt value from server...' %}"); 96 var post_data = {"username": username}; 97 log("get user salt from server, send POST:" + $.param(post_data)); 96 98 response = $.ajax({ 97 99 async: false, 98 100 type: "POST", 99 101 url: "{{ get_salt_url }}", 100 data: {"username": username},102 data: post_data, 101 103 dataType: "text", 102 104 success: function(data, textStatus, XMLHttpRequest){ … … 114 116 return false; 115 117 } 116 118 119 log("shapass = sha_hexdigest(salt + password):"); 117 120 shapass = sha_hexdigest(salt + password); 118 log("shapass - sha_hexdigest(salt + password):" + shapass);119 121 if (shapass == false) { return false; } 120 122 if (shapass.length!=HASH_LEN) { … … 122 124 return false; 123 125 } 124 126 125 127 // split SHA-Passwort 126 128 sha_a = shapass.substr(0, HASH_LEN/2); // sha_a never send to the server 127 129 sha_b = shapass.substr(HASH_LEN/2, HASH_LEN/2); 128 130 log("substr: sha_a:|"+sha_a+"| sha_b:|"+sha_b+"|"); 129 130 // build SHA-1 from challenge and sha_a 131 sha_a2 = sha_hexdigest(challenge + sha_a) 132 log("sha_a2 - sha_hexdigest(challenge '"+challenge+"' + sha_a): " + sha_a2); 131 132 // // Generate 'cnonce' a client side random value 133 // var cnonce = ""; 134 // cnonce += new Date().getTime(); 135 // cnonce += Math.random(); 136 // cnonce += $(window).height(); 137 // cnonce += $(window).width(); 138 // log("generated cnonce:"); 139 // cnonce = sha_hexdigest(cnonce); 140 141 log("sha_a2 = sha_hexdigest(challenge + sha_a):"); 142 sha_a2 = sha_hexdigest(challenge + sha_a); 133 143 if (sha_a2 == false) { return false; } 134 144 135 145 // display SHA values 136 146 $("#sha_values_block").css("display", "block").slideDown(); 137 $("#id_password").val(""); // 'delete' plaintext password 147 $("#id_password").val(""); // 'delete' plaintext password 138 148 $("#password_block").slideUp(); 139 149 $("#id_sha_a2").val(sha_a2); 140 150 $("#id_sha_b").val(sha_b); 141 151 152 var post_data = {"username": username, "sha_a2": sha_a2, "sha_b": sha_b} 153 log("auth user, send POST:" + $.param(post_data)); 142 154 page_msg_info("{% trans 'Send SHA-1 values to the server...' %}"); 143 155 response = $.ajax({ … … 145 157 type: "POST", 146 158 url: "{{ sha_auth_url }}", 147 data: {"username": username, "sha_a2": sha_a2, "sha_b": sha_b},159 data: post_data, 148 160 dataType: "text", 149 161 success: function(data, textStatus, XMLHttpRequest){ … … 170 182 return false 171 183 } 172 184 173 185 // we get a new challenge and a error message from server 174 186 challenge = msg.substr(0, msg.indexOf(";")); 175 187 msg = msg.substr(msg.indexOf(";")+1); 176 188 177 189 log("new challenge:" + challenge); 178 190 page_msg_error(msg); 179 191 180 192 $("#password_block").css("display", "block").slideDown(); 181 193 $("#sha_values_block").slideUp("slow"); … … 183 195 $("#id_sha_b").val(""); 184 196 $("#id_password").focus(); 185 197 186 198 return false; 187 199 } catch (e) { … … 191 203 } 192 204 }); 205 206 log("test sha.js"); 207 var digits="0123456789"; 208 var ascii_lowercase = "abcdefghijklmnopqrstuvwxyz".toLowerCase(); 209 var ascii_uppercase = ascii_lowercase.toUpperCase(); 210 var test_string = " " + digits + ascii_lowercase + ascii_uppercase; 211 var test_sha = sha_hexdigest(test_string); 212 var should_be = "5b415e2e5421a30b798c9b46638fcd7b58ff4d53".toLowerCase() 213 if (test_sha != should_be) { 214 var msg = "sha.js test failed!\n'" + test_sha + "' != '" + should_be + "'"; 215 log(msg); 216 alert("Internal Error:\n" + msg); 217 return false; 218 } 219 log("sha.js is ok"); 193 220 }); 194 221 </script> … … 205 232 </fieldset> 206 233 </noscript> 234 235 <p id="load_info">loading...</p> 207 236 208 237 <form method="post" action="" name="login" id="login_form"> … … 223 252 <input id="submit_button" type="submit" value="{% trans 'Log in' %}" /> 224 253 </form> 254 {% comment %} 255 TODO: Reimplement the passwort reset 225 256 {% if pass_reset_link %} 226 257 <a href="{{ pass_reset_link }}">{% trans 'Request a password reset.' %}</a> 227 258 {% endif %} 259 {% endcomment %} 228 260 </fieldset> 229 261 {% endblock %} -
branches/0.9/pylucid_project/pylucid_plugins/auth/views.py
r2572 r2577 20 20 from django.conf import settings 21 21 from django.template import RequestContext 22 from django.contrib.sites.models import Site23 22 from django.http import HttpResponse, HttpResponseRedirect, HttpResponseBadRequest 24 23 from django.utils.translation import ugettext as _ 25 24 from django.template.loader import render_to_string 26 from django.core.exceptions import ObjectDoesNotExist27 28 25 29 26 from pylucid_project.apps.pylucid.shortcuts import render_pylucid_response 30 from pylucid_project.apps.pylucid.models import LogEntry, BanEntry, UserProfile 31 27 from pylucid_project.apps.pylucid.models import LogEntry 32 28 from pylucid_project.utils import crypt 33 29 34 from pylucid_project.pylucid_plugins.auth.forms import WrongUserError, UsernameForm, ShaLoginForm 35 from pylucid_plugins.auth.preference_forms import AuthPreferencesForm36 37 38 # DEBUG is usefull for debugging password reset. It send no email, it puts the 39 # email text direclty into the CMS page.30 # auth own stuff 31 from forms import WrongUserError, UsernameForm, ShaLoginForm 32 from preference_forms import AuthPreferencesForm 33 34 35 # DEBUG is usefull for debugging. It send always the same challenge "12345" 40 36 #DEBUG = True 41 37 DEBUG = False 42 # IMPORTANT: 43 # Should realy only use for debugging!!! 38 # IMPORTANT: Should really only use for debugging!!! 44 39 if DEBUG: 45 40 import warnings 46 warnings.warn("Debug mode in auth plugin is on! ", UserWarning)41 warnings.warn("Debug mode in auth plugin is on! print statements would be used!") 47 42 48 43 49 44 def _get_challenge(request): 50 45 """ create a new challenge, add it to session and return it""" 51 # Create a new random salt value for the password challenge: 52 challenge = crypt.get_new_salt() 46 if DEBUG: 47 challenge = "12345" 48 print("use DEBUG challenge: %r" % challenge) 49 else: 50 # Create a new random salt value for the password challenge: 51 challenge = crypt.get_new_salt() 53 52 54 53 # For later comparing with form data … … 168 167 sha_b = form.cleaned_data["sha_b"] 169 168 169 if DEBUG: 170 print( 171 "authenticate %r with: challenge: %r, sha_checksum: %r, sha_a2: %r, sha_b: %r" % ( 172 user1, challenge, sha_checksum, sha_a2, sha_b 173 ) 174 ) 175 170 176 # authenticate with: 171 177 # pylucid.system.auth_backends.SiteSHALoginAuthBackend … … 202 208 user_profile = form.get_user_profile() 203 209 except WrongUserError, err: 210 msg = "can't get userprofile: %s" % err 211 if DEBUG: 212 print(msg) 204 213 if settings.DEBUG: 205 request.page_msg.error( err)214 request.page_msg.error(msg) 206 215 207 216 if user_profile is None: # Wrong user? 208 217 username = request.POST["username"] 218 msg = "Username %r is wrong: %r" % (username, form.errors) 219 if DEBUG: 220 print(msg) 209 221 if settings.DEBUG: 210 request.page_msg.error( "Wrong user %r !" % username)222 request.page_msg.error(msg) 211 223 salt = crypt.get_pseudo_salt(username) 212 224 else: 213 225 salt = user_profile.sha_login_salt 214 226 227 if DEBUG: 228 print("send salt %r to client." % salt) 229 215 230 return HttpResponse(salt, content_type="text/plain") 216 231 217 232 218 233 def _login_view(request, next_url): 234 if DEBUG: 235 print("auth debug mode is on!") 236 219 237 if request.method != 'GET': 220 238 debug_msg = "request method %r wrong, only GET allowed" % request.method … … 232 250 233 251 context = { 252 "is_ajax": request.is_ajax(), 234 253 "challenge": challenge, 235 254 "salt_len": crypt.SALT_LEN, … … 258 277 """ 259 278 action = request.GET["auth"] 260 261 262 263 264 279 265 280 if action == "login":
