Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
beat
beat.web
Commits
1c0d7c3e
Commit
1c0d7c3e
authored
May 20, 2020
by
Flavio TARSETTI
Browse files
[ui][views] Inform blocked account user of successful login attempts
Fixes
#551
parent
6fe859b8
Pipeline
#40120
passed with stage
in 14 minutes and 36 seconds
Changes
2
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
beat/web/ui/registration/templates/registration/mail.blocked_user_access_attempt.message.txt
View file @
1c0d7c3e
Dear {{ user.first_name }} {{ user.last_name }} (username:{{ user.username }}),
This is to inform you that a successful login attempt has been made on your personal
blocked
account
This is to inform you that a successful login attempt has been made on your personal account
at the Idiap Research Institute's Biometric Evaluation and Testing (BEAT) platform. If this wasn't an
action from you, we advise you to contact an admin of the platform or to re-activate your account as
explained below and change your password.
If this was a valid attempt and you actually tried to login, we remind you that your account
is currently blocked as no valid supervison is in place for you account at the moment.
is currently blocked as no valid supervison is in place for you
r
account at the moment.
This is mandatory in order to use the platform.
Please go to the following page and provide a valid supervisor who could accept your supervision request:
{{ prefix }}{% url 'blocked_user_reactivation' %}
...
...
beat/web/ui/views.py
View file @
1c0d7c3e
...
...
@@ -79,6 +79,33 @@ def index(request):
def
login
(
request
):
"""Login page"""
if
request
.
method
==
"POST"
:
authentication_match
=
False
try
:
user
=
User
.
objects
.
get
(
username
=
request
.
POST
[
"username"
])
except
User
.
DoesNotExist
:
# No specific action is required here
# Possible future step: DOS/DDOS Brute-Force attack detection
pass
else
:
authentication_match
=
user
.
check_password
(
request
.
POST
[
"password"
])
if
authentication_match
and
user
.
profile
.
status
==
Profile
.
BLOCKED
:
parsed_url
=
urlparse
(
settings
.
URL_PREFIX
)
server_address
=
"%s://%s"
%
(
parsed_url
.
scheme
,
parsed_url
.
hostname
,)
context
=
{
"user"
:
user
,
"prefix"
:
server_address
,
}
mail
.
send_email
(
"registration/mail.blocked_user_access_attempt.subject.txt"
,
"registration/mail.blocked_user_access_attempt.message.txt"
,
context
,
[
user
.
email
],
)
response
=
django_login
(
request
)
if
request
.
user
.
is_authenticated
():
path
=
request
.
GET
.
get
(
"next"
,
"/"
)
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment