from django.contrib.auth import authenticate
from django.contrib import messages
from django.utils.translation import ugettext as _
+from django.views.decorators.csrf import csrf_exempt
+from django.views.decorators.http import require_http_methods
-from astakos.im.util import prepare_response
+from astakos.im.util import prepare_response, get_query
from astakos.im.views import requires_anonymous
from astakos.im.models import AstakosUser
from astakos.im.forms import LoginForm
+from astakos.im.settings import RATELIMIT_RETRIES_ALLOWED
+from ratelimit.decorators import ratelimit
+
+retries = RATELIMIT_RETRIES_ALLOWED-1
+rate = str(retries)+'/m'
+
+@require_http_methods(["GET", "POST"])
+@csrf_exempt
@requires_anonymous
+@ratelimit(field='username', method='POST', rate=rate)
def login(request, on_failure='im/login.html'):
"""
on_failure: the template name to render on login failure
"""
- form = LoginForm(data=request.POST)
- next = request.POST.get('next')
+ was_limited = getattr(request, 'limited', False)
+ form = LoginForm(data=request.POST, was_limited=was_limited, request=request)
+ next = get_query(request).get('next', '')
if not form.is_valid():
return render_to_response(on_failure,
- {'form':form,
+ {'login_form':form,
'next':next},
context_instance=RequestContext(request))
# get the user from the cash
elif not user.is_active:
message = _('Inactive account')
if message:
- messages.add_message(request, message.ERROR, message)
+ messages.add_message(request, messages.ERROR, message)
return render_to_response(on_failure,
{'form':form},
context_instance=RequestContext(request))