Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# (c) 2018-2020 

2# MPIB <https://www.mpib-berlin.mpg.de/>, 

3# MPI-CBS <https://www.cbs.mpg.de/>, 

4# MPIP <http://www.psych.mpg.de/> 

5# 

6# This file is part of Castellum. 

7# 

8# Castellum is free software; you can redistribute it and/or modify it 

9# under the terms of the GNU Affero General Public License as published 

10# by the Free Software Foundation; either version 3 of the License, or 

11# (at your option) any later version. 

12# 

13# Castellum is distributed in the hope that it will be useful, but 

14# WITHOUT ANY WARRANTY; without even the implied warranty of 

15# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 

16# Affero General Public License for more details. 

17# 

18# You should have received a copy of the GNU Affero General Public 

19# License along with Castellum. If not, see 

20# <http://www.gnu.org/licenses/>. 

21 

22from django.conf import settings 

23from django.contrib.auth.forms import AuthenticationForm as BaseAuthenticationForm 

24from django.contrib.auth.forms import UserCreationForm 

25 

26from .models import User 

27 

28 

29class UserCreationAdminForm(UserCreationForm): 

30 class Meta(UserCreationForm.Meta): 

31 model = User 

32 

33 def __init__(self, *args, **kwargs): 

34 super().__init__(*args, **kwargs) 

35 self.fields['password1'].required = False 

36 self.fields['password2'].required = False 

37 

38 def save(self, commit=True): 

39 if not self.cleaned_data["password1"]: 

40 self.cleaned_data["password1"] = None 

41 return super().save(commit=commit) 

42 

43 

44class AuthenticationForm(BaseAuthenticationForm): 

45 """Block demo users in production setups. 

46 

47 We want demo users in dev and demo setups. But in production they 

48 are a major security issue. 

49 

50 Creating demo users is already blocked in production. As an 

51 additional safeguard, we block login with the demo password in case 

52 ``settings.PRODUCTION`` was set after the user had already been 

53 created. 

54 """ 

55 

56 def clean(self): 

57 cleaned_data = super().clean() 

58 password = cleaned_data['password'] 

59 if settings.PRODUCTION and password == User.DEMO_PASSWORD: 

60 raise self.get_invalid_login_error() 

61 return cleaned_data