Commit 1b4a089c authored by Daniel STAN's avatar Daniel STAN

protect password dans les views

parent 8c92ff4c
......@@ -23,6 +23,7 @@
import ldap
from django.contrib.auth.models import Group, User
from django.contrib.auth.backends import ModelBackend
from django.views.decorators.debug import sensitive_variables
# Pour se connecter à la base ldap
import lc_ldap.shortcuts
......@@ -98,6 +99,7 @@ class LDAPUserBackend(ModelBackend):
supports_anonymous_user = False
@sensitive_variables('password')
def authenticate(self, username=None, password=None):
"""Authentifie l'utilisateur sur la base LDAP. Crée un
utilisateur django s'il n'existe pas encore."""
......
......@@ -3,6 +3,7 @@
from django.conf.urls import include, patterns, url
from intranet import settings
import django.contrib.auth.views
from django.views.decorators.debug import sensitive_post_parameters
from django.contrib import admin
admin.autodiscover()
......@@ -14,7 +15,9 @@ if settings.CAS_ENABLED:
login_url = url(r'^login$', 'django_cas_ng.views.login', name="login")
logout_url = url(r'^logout$', 'django_cas_ng.views.logout', name="logout")
else:
login_url = url('^login', django.contrib.auth.views.login, {'template_name': 'login.html'}, name="login")
login_view = django.contrib.auth.views.login
login_view = sensitive_post_parameters('password')(login_view)
login_url = url('^login', login_view, {'template_name': 'login.html'}, name="login")
#login_url = url('^login', protect(django.contrib.auth.views.login), {'template_name': 'login.html'}, name="login")
logout_url = url('^logout', 'django.contrib.auth.views.logout_then_login', name ="logout")
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment