Commit 1c8cd555 authored by Samuel GAIST's avatar Samuel GAIST

Merge branch '551_blocked_accounts_login_attempts' into 'master'

Notify blocked account user of a successful login attempt and re-activation account steps

Closes #551

See merge request !331
parents ee15fdd5 1c0d7c3e
Pipeline #40130 passed with stages
in 16 minutes and 58 seconds
Dear {{ user.first_name }} {{ user.last_name }} (username:{{ user.username }}),
This is to inform you that a successful login attempt has been made on your personal account
at the Idiap Research Institute's Biometric Evaluation and Testing (BEAT) platform. If this wasn't an
action from you, we advise you to contact an admin of the platform or to re-activate your account as
explained below and change your password.
If this was a valid attempt and you actually tried to login, we remind you that your account
is currently blocked as no valid supervison is in place for your account at the moment.
This is mandatory in order to use the platform.
Please go to the following page and provide a valid supervisor who could accept your supervision request:
{{ prefix }}{% url 'blocked_user_reactivation' %}
BEAT Administrators at the Idiap Research Institute
......@@ -79,6 +79,33 @@ def index(request):
def login(request):
"""Login page"""
if request.method == "POST":
authentication_match = False
try:
user = User.objects.get(username=request.POST["username"])
except User.DoesNotExist:
# No specific action is required here
# Possible future step: DOS/DDOS Brute-Force attack detection
pass
else:
authentication_match = user.check_password(request.POST["password"])
if authentication_match and user.profile.status == Profile.BLOCKED:
parsed_url = urlparse(settings.URL_PREFIX)
server_address = "%s://%s" % (parsed_url.scheme, parsed_url.hostname,)
context = {
"user": user,
"prefix": server_address,
}
mail.send_email(
"registration/mail.blocked_user_access_attempt.subject.txt",
"registration/mail.blocked_user_access_attempt.message.txt",
context,
[user.email],
)
response = django_login(request)
if request.user.is_authenticated():
path = request.GET.get("next", "/")
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment