Commit 1c0d7c3e authored by Flavio TARSETTI's avatar Flavio TARSETTI

[ui][views] Inform blocked account user of successful login attempts

Fixes #551
parent 6fe859b8
Pipeline #40120 passed with stage
in 14 minutes and 36 seconds
Dear {{ user.first_name }} {{ user.last_name }} (username:{{ user.username }}),
This is to inform you that a successful login attempt has been made on your personal blocked account
This is to inform you that a successful login attempt has been made on your personal account
at the Idiap Research Institute's Biometric Evaluation and Testing (BEAT) platform. If this wasn't an
action from you, we advise you to contact an admin of the platform or to re-activate your account as
explained below and change your password.
If this was a valid attempt and you actually tried to login, we remind you that your account
is currently blocked as no valid supervison is in place for you account at the moment.
is currently blocked as no valid supervison is in place for your account at the moment.
This is mandatory in order to use the platform.
Please go to the following page and provide a valid supervisor who could accept your supervision request:
{{ prefix }}{% url 'blocked_user_reactivation' %}
......
......@@ -79,6 +79,33 @@ def index(request):
def login(request):
"""Login page"""
if request.method == "POST":
authentication_match = False
try:
user = User.objects.get(username=request.POST["username"])
except User.DoesNotExist:
# No specific action is required here
# Possible future step: DOS/DDOS Brute-Force attack detection
pass
else:
authentication_match = user.check_password(request.POST["password"])
if authentication_match and user.profile.status == Profile.BLOCKED:
parsed_url = urlparse(settings.URL_PREFIX)
server_address = "%s://%s" % (parsed_url.scheme, parsed_url.hostname,)
context = {
"user": user,
"prefix": server_address,
}
mail.send_email(
"registration/mail.blocked_user_access_attempt.subject.txt",
"registration/mail.blocked_user_access_attempt.message.txt",
context,
[user.email],
)
response = django_login(request)
if request.user.is_authenticated():
path = request.GET.get("next", "/")
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment