def mozilla_browserid_verify(request):
"""Custom BrowserID verifier for mozilla addresses."""
home_url = reverse('crashstats.home',
args=(settings.DEFAULT_PRODUCT,))
form = BrowserIDForm(request.POST)
if form.is_valid():
assertion = form.cleaned_data['assertion']
audience = get_audience(request)
result = verify(assertion, audience)
if not settings.ALLOWED_PERSONA_EMAILS: # pragma: no cover
raise ValueError(
"No emails set up in `settings.ALLOWED_PERSONA_EMAILS`"
)
if result:
if result['email'] in settings.ALLOWED_PERSONA_EMAILS:
user = auth.authenticate(assertion=assertion,
audience=audience)
auth.login(request, user)
messages.success(
request,
'You have successfully logged in.'
)
else:
messages.error(
request,
"You logged in as %s but you don't have sufficient "
"privileges." % result['email']
)
else:
messages.error(
request,
"Login failed"
)
return redirect(home_url)
def mozilla_browserid_verify(request):
"""Custom BrowserID verifier for mozilla addresses."""
form = BrowserIDForm(request.POST)
if form.is_valid():
assertion = form.cleaned_data['assertion']
audience = get_audience(request)
result = verify(assertion, audience)
try:
_ok_assertion = False
_is_contributor = False
if result:
_domain = result['email'].split('@')[-1]
if _domain in settings.ALLOWED_BID:
_ok_assertion = True
elif is_vouched(result['email']):
_ok_assertion = True
_is_contributor = True
if _ok_assertion:
user = auth.authenticate(
assertion=assertion,
audience=audience
)
auth.login(request, user)
# if _is_contributor:
# try:
# profile = user.get_profile()
# if not profile.contributor:
# profile.contributor = True
# profile.save()
# except UserProfile.DoesNotExist:
# profile = UserProfile.objects.create(
# user=user,
# contributor=True
# )
if auth.models.User.objects.count() == 1:
auth.models.User.objects.update(is_superuser=True,
is_staff=True);
return redirect(request.POST.get('next',
settings.LOGIN_REDIRECT_URL))
elif result:
messages.error(
request,
'Hmmm. Are you sure you\'re a vouched mozillian?'
)
except BadStatusCodeError:
logging.error('Unable to call out to mozillians',
exc_info=True)
messages.error(
request,
'Email (%s) authenticated but unable to connect to '
'Mozillians to see if are vouched. ' %
result['email']
)
return redirect(settings.LOGIN_REDIRECT_URL_FAILURE)
def mozilla_browserid_verify(request):
"""Custom BrowserID verifier for mozilla addresses."""
home_url = reverse('crashstats.home',
args=(settings.DEFAULT_PRODUCT,))
goto_url = request.POST.get('goto', None) or home_url
form = BrowserIDForm(request.POST)
if form.is_valid():
assertion = form.cleaned_data['assertion']
audience = get_audience(request)
result = verify(assertion, audience)
for name in ('LDAP_BIND_DN', 'LDAP_BIND_PASSWORD', 'LDAP_GROUP_NAMES'):
if not getattr(settings, name, None): # pragma: no cover
raise ValueError(
"Not configured `settings.%s`" % name
)
if result:
allowed = in_allowed_group(result['email'])
debug_email_addresses = getattr(
settings,
'DEBUG_LDAP_EMAIL_ADDRESSES',
[]
)
if debug_email_addresses and not settings.DEBUG:
raise SuspiciousOperation(
"Can't debug login when NOT in DEBUG mode"
)
if allowed or result['email'] in debug_email_addresses:
if allowed:
logging.info('%r is in an allowed group', result['email'])
else:
logging.info('%r allowed for debugging', result['email'])
user = auth.authenticate(assertion=assertion,
audience=audience)
auth.login(request, user)
messages.success(
request,
'You have successfully logged in.'
)
else:
if not allowed:
logging.info('%r NOT in an allowed group', result['email'])
messages.error(
request,
"You logged in as %s but you don't have sufficient "
"privileges." % result['email']
)
else:
messages.error(
request,
"Login failed"
)
return redirect(goto_url)
def mozilla_browserid_verify(request):
"""Custom BrowserID verifier for mozilla addresses."""
form = BrowserIDForm(request.POST)
if form.is_valid():
assertion = form.cleaned_data['assertion']
audience = get_audience(request)
result = verify(assertion, audience)
if result and result['email'].split('@')[-1] in settings.ALLOWED_BID:
user = auth.authenticate(assertion=assertion, audience=audience)
auth.login(request, user)
return redirect(settings.LOGIN_REDIRECT_URL)
return redirect(settings.LOGIN_REDIRECT_URL_FAILURE)
def mozilla_browserid_verify(request):
"""Custom BrowserID verifier for mozilla addresses."""
form = BrowserIDForm(request.POST)
if form.is_valid():
assertion = form.cleaned_data['assertion']
audience = get_audience(request)
result = verify(assertion, audience)
try:
_ok_assertion = False
_is_contributor = False
if result:
_domain = result['email'].split('@')[-1]
if _domain in settings.ALLOWED_BID:
_ok_assertion = True
elif is_vouched(result['email']):
_ok_assertion = True
_is_contributor = True
if _ok_assertion:
user = auth.authenticate(assertion=assertion,
audience=audience)
auth.login(request, user)
# if _is_contributor:
# try:
# profile = user.get_profile()
# if not profile.contributor:
# profile.contributor = True
# profile.save()
# except UserProfile.DoesNotExist:
# profile = UserProfile.objects.create(
# user=user,
# contributor=True
# )
if auth.models.User.objects.count() == 1:
auth.models.User.objects.update(is_superuser=True,
is_staff=True)
return redirect(
request.POST.get('next', settings.LOGIN_REDIRECT_URL))
elif result:
messages.error(
request, 'Hmmm. Are you sure you\'re a vouched mozillian?')
except BadStatusCodeError:
logging.error('Unable to call out to mozillians', exc_info=True)
messages.error(
request, 'Email (%s) authenticated but unable to connect to '
'Mozillians to see if are vouched. ' % result['email'])
return redirect(settings.LOGIN_REDIRECT_URL_FAILURE)
def mozilla_browserid_verify(request):
"""Custom BrowserID verifier for mozilla addresses."""
home_url = reverse('crashstats.home', args=(settings.DEFAULT_PRODUCT, ))
form = BrowserIDForm(request.POST)
if form.is_valid():
assertion = form.cleaned_data['assertion']
audience = get_audience(request)
result = verify(assertion, audience)
for name in ('LDAP_BIND_DN', 'LDAP_BIND_PASSWORD', 'LDAP_GROUP_NAMES'):
if not getattr(settings, name, None): # pragma: no cover
raise ValueError("Not configured `settings.%s`" % name)
if result:
allowed = in_allowed_group(result['email'])
debug_email_addresses = getattr(settings,
'DEBUG_LDAP_EMAIL_ADDRESSES', [])
if debug_email_addresses and not settings.DEBUG:
raise SuspiciousOperation(
"Can't debug login when NOT in DEBUG mode")
if allowed or result['email'] in debug_email_addresses:
if allowed:
logging.info('%r is in an allowed group', result['email'])
else:
logging.info('%r allowed for debugging', result['email'])
user = auth.authenticate(assertion=assertion,
audience=audience)
auth.login(request, user)
messages.success(request, 'You have successfully logged in.')
else:
if not allowed:
logging.info('%r NOT in an allowed group', result['email'])
messages.error(
request,
"You logged in as %s but you don't have sufficient "
"privileges." % result['email'])
else:
messages.error(request, "Login failed")
return redirect(home_url)
