def add(request, template_name='im/auth/ldap_add.html'): provider = auth.get_provider('ldap', request.user) # Check that provider's policy allows to add provider to account if not provider.get_add_policy: messages.error(request, provider.get_add_disabled_msg) return HttpResponseRedirect(reverse('edit_profile')) if request.method == "GET": return render_response(template_name, login_form=LDAPLoginForm(request=request), context_instance=get_context( request, provider=LDAP_PROVIDER)) form = LDAPLoginForm(data=request.POST, request=request) if form.is_valid(): provider = auth.get_provider('ldap', request.user) user = form.ldap_user_cache provider_info = dict(user.ldap_user.attrs) try: user_info = populate_user_attributes(provider, provider_info) user_id = user_info.pop('identifier') except (ValueError, KeyError): logger.exception( "Failed to map attributes from LDAP provider." " Provider attributes: %s", provider_info) msg = 'Invalid LDAP response. Please contact support.' messages.error(request, msg) return HttpResponseRedirect(reverse('login')) affiliation = 'LDAP' # TODO: Add LDAP server name? user_info['affiliation'] = affiliation provider_info = dict([(k, smart_unicode(v, errors="ignore")) for k, v in provider_info.items() if k in provider.get_provider_info_attributes()]) if hasattr(user, 'group_names') and provider.get_policy('mirror_groups'): groups = [ Group.objects.get_or_create(name=group_name)[0] for group_name in user.group_names ] user_info['groups'] = groups return handle_third_party_login(request, provider_module="ldap", identifier=user_id, provider_info=provider_info, affiliation=affiliation, user_info=user_info) else: return render_response(template_name, form=LDAPLoginForm(request=request), context_instance=get_context( request, provider=LDAP_PROVIDER))
def add(request, template_name='im/auth/ldap_add.html'): provider = auth.get_provider('ldap', request.user) # Check that provider's policy allows to add provider to account if not provider.get_add_policy: messages.error(request, provider.get_add_disabled_msg) return HttpResponseRedirect(reverse('edit_profile')) if request.method == "GET": return render_response( template_name, login_form=LDAPLoginForm(request=request), context_instance=get_context(request, provider=LDAP_PROVIDER) ) form = LDAPLoginForm(data=request.POST, request=request) if form.is_valid(): provider = auth.get_provider('ldap', request.user) user = form.ldap_user_cache provider_info = dict(user.ldap_user.attrs) try: user_info = populate_user_attributes(provider, provider_info) user_id = user_info.pop('identifier') except (ValueError, KeyError): logger.exception("Failed to map attributes from LDAP provider." " Provider attributes: %s", provider_info) msg = 'Invalid LDAP response. Please contact support.' messages.error(request, msg) return HttpResponseRedirect(reverse('login')) affiliation = 'LDAP' # TODO: Add LDAP server name? user_info['affiliation'] = affiliation provider_info = dict([(k, smart_unicode(v, errors="ignore")) for k, v in provider_info.items() if k in provider.get_provider_info_attributes()]) if hasattr(user, 'group_names') and provider.get_policy('mirror_groups'): groups = [Group.objects.get_or_create(name=group_name)[0] for group_name in user.group_names] user_info['groups'] = groups return handle_third_party_login(request, provider_module="ldap", identifier=user_id, provider_info=provider_info, affiliation=affiliation, user_info=user_info) else: return render_response( template_name, form=LDAPLoginForm(request=request), context_instance=get_context(request, provider=LDAP_PROVIDER) )
def resource_usage(request): resources_meta = presentation.RESOURCES current_usage = quotas.get_user_quotas(request.user) current_usage = json.dumps(current_usage['system']) resource_catalog, resource_groups = _resources_catalog(for_usage=True) if resource_catalog is False: # on fail resource_groups contains the result object result = resource_groups messages.error( request, 'Unable to retrieve system resources: %s' % result.reason) resource_catalog = json.dumps(resource_catalog) resource_groups = json.dumps(resource_groups) resources_order = json.dumps(resources_meta.get('resources_order')) return render_response( 'im/resource_usage.html', context_instance=get_context(request), resource_catalog=resource_catalog, resource_groups=resource_groups, resources_order=resources_order, current_usage=current_usage, token_cookie_name=settings.COOKIE_NAME, usage_update_interval=settings.USAGE_UPDATE_INTERVAL)
def login(request, template_name='im/login.html', extra_context=None): """ Renders login page. **Arguments** ``template_name`` A custom login template to use. This is optional; if not specified, this will default to ``im/login.html``. ``extra_context`` An dictionary of variables to add to the template context. """ extra_context = extra_context or {} third_party_token = request.GET.get('key', False) if third_party_token: messages.info(request, astakos_messages.AUTH_PROVIDER_LOGIN_TO_ADD) if request.user.is_authenticated(): return HttpResponseRedirect(reverse('landing')) return render_response(template_name, login_form=LoginForm(request=request), context_instance=get_context( request, extra_context))
def resource_usage(request): resources_meta = presentation.RESOURCES current_usage = quotas.get_user_quotas(request.user) current_usage = json.dumps(current_usage['system']) resource_catalog, resource_groups = _resources_catalog() if resource_catalog is False: # on fail resource_groups contains the result object result = resource_groups messages.error(request, 'Unable to retrieve system resources: %s' % result.reason) resource_catalog = json.dumps(resource_catalog) resource_groups = json.dumps(resource_groups) resources_order = json.dumps(resources_meta.get('resources_order')) return render_response('im/resource_usage.html', context_instance=get_context(request), resource_catalog=resource_catalog, resource_groups=resource_groups, resources_order=resources_order, current_usage=current_usage, token_cookie_name=settings.COOKIE_NAME, usage_update_interval= settings.USAGE_UPDATE_INTERVAL)
def login(request, template_name='im/login.html', extra_context=None): """ Renders login page. **Arguments** ``template_name`` A custom login template to use. This is optional; if not specified, this will default to ``im/login.html``. ``extra_context`` An dictionary of variables to add to the template context. """ extra_context = extra_context or {} third_party_token = request.GET.get('key', False) if third_party_token: messages.info(request, astakos_messages.AUTH_PROVIDER_LOGIN_TO_ADD) if request.user.is_authenticated(): return HttpResponseRedirect(reverse('landing')) return render_response( template_name, login_form=LoginForm(request=request), context_instance=get_context(request, extra_context) )
def handle_get_to_login_view(request, primary_provider, login_form, template_name="im/login.html", extra_context=None): """Common handling of a GET request to a login view. Handle a GET request to a login view either by redirecting the user to landing page in case the user is authenticated, or by rendering the login template with the 'primary_provider' correctly set. """ extra_context = extra_context or {} third_party_token = request.GET.get('key', False) if third_party_token: messages.info(request, astakos_messages.AUTH_PROVIDER_LOGIN_TO_ADD) if request.user.is_authenticated(): return HttpResponseRedirect(reverse('landing')) extra_context['primary_provider'] = primary_provider return render_response(template_name, login_form=login_form, context_instance=get_context( request, extra_context))
def handle_get_to_login_view(request, primary_provider, login_form, template_name="im/login.html", extra_context=None): """Common handling of a GET request to a login view. Handle a GET request to a login view either by redirecting the user to landing page in case the user is authenticated, or by rendering the login template with the 'primary_provider' correctly set. """ extra_context = extra_context or {} third_party_token = request.GET.get('key', False) if third_party_token: messages.info(request, astakos_messages.AUTH_PROVIDER_LOGIN_TO_ADD) if request.user.is_authenticated(): return HttpResponseRedirect(reverse('landing')) extra_context['primary_provider'] = primary_provider return render_response( template_name, login_form=login_form, context_instance=get_context(request, extra_context) )
def resource_usage(request): resources_meta = presentation.RESOURCES # resolve uuids of projects the user consumes quota from user = request.user quota_filters = Q(usage_min__gt=0, limit__gt=0) quota_uuids = map( lambda k: k[1], quotas.get_users_quotas_counters([user], flt=quota_filters)[0].keys(), ) # resolve uuids of projects the user is member to user_memberships = request.user.projectmembership_set.actually_accepted() membership_uuids = [m.project.uuid for m in user_memberships] # merge uuids uuids = set(quota_uuids + membership_uuids) uuid_refs = map(quotas.project_ref, uuids) user_quotas = quotas.get_user_quotas(request.user, sources=uuid_refs) projects = Project.objects.filter(uuid__in=uuids) user_projects = projects_api.get_projects_details(projects) resource_catalog, resource_groups = _resources_catalog() if resource_catalog is False: # on fail resource_groups contains the result object result = resource_groups messages.error( request, 'Unable to retrieve system resources: %s' % result.reason) # Exclude projects that are terminated *and* the user has no active # resources (usage>0) non_terminated_projects = [ p["id"] for p in user_projects if p["state"] != "terminated" ] user_quotas = dict([(p_id, p_quotas) for (p_id, p_quotas) in user_quotas.items() if p_id in non_terminated_projects or filter(lambda x: x["usage"] > 0, p_quotas.values()) ]) resource_catalog = json.dumps(resource_catalog) resource_groups = json.dumps(resource_groups) resources_order = json.dumps(resources_meta.get('resources_order')) projects_details = json.dumps(user_projects, default=_dthandler) user_quotas = json.dumps(user_quotas) interval = settings.USAGE_UPDATE_INTERVAL return render_response('im/resource_usage.html', context_instance=get_context(request), resource_catalog=resource_catalog, resource_groups=resource_groups, resources_order=resources_order, projects_details=projects_details, user_quotas=user_quotas, token_cookie_name=settings.COOKIE_NAME, usage_update_interval=interval)
def resource_usage(request): resources_meta = presentation.RESOURCES # resolve uuids of projects the user consumes quota from user = request.user quota_filters = Q(usage_min__gt=0, limit__gt=0) quota_uuids = map(lambda k: k[1], quotas.get_users_quotas_counters([user], flt=quota_filters)[0].keys(),) # resolve uuids of projects the user is member to user_memberships = request.user.projectmembership_set.actually_accepted() membership_uuids = [m.project.uuid for m in user_memberships] # merge uuids uuids = set(quota_uuids + membership_uuids) uuid_refs = map(quotas.project_ref, uuids) user_quotas = quotas.get_user_quotas(request.user, sources=uuid_refs) projects = Project.objects.filter(uuid__in=uuids) user_projects = projects_api.get_projects_details(projects) resource_catalog, resource_groups = _resources_catalog() if resource_catalog is False: # on fail resource_groups contains the result object result = resource_groups messages.error(request, 'Unable to retrieve system resources: %s' % result.reason) # Exclude projects that are terminated *and* the user has no active # resources (usage>0) non_terminated_projects = [p["id"] for p in user_projects if p["state"] != "terminated"] user_quotas = dict([(p_id, p_quotas) for (p_id, p_quotas) in user_quotas.items() if p_id in non_terminated_projects or filter(lambda x: x["usage"] > 0, p_quotas.values())]) resource_catalog = json.dumps(resource_catalog) resource_groups = json.dumps(resource_groups) resources_order = json.dumps(resources_meta.get('resources_order')) projects_details = json.dumps(user_projects, default=_dthandler) user_quotas = json.dumps(user_quotas) interval = settings.USAGE_UPDATE_INTERVAL return render_response('im/resource_usage.html', context_instance=get_context(request), resource_catalog=resource_catalog, resource_groups=resource_groups, resources_order=resources_order, projects_details=projects_details, user_quotas=user_quotas, token_cookie_name=settings.COOKIE_NAME, usage_update_interval=interval)
def _approval_terms_post(request, template_name, terms, extra_context): next = restrict_next(request.POST.get('next'), domain=settings.COOKIE_DOMAIN) if not next: next = reverse('index') form = SignApprovalTermsForm(request.POST, instance=request.user) if not form.is_valid(): return render_response(template_name, terms=terms, approval_terms_form=form, context_instance=get_context( request, extra_context)) user = form.save() return HttpResponseRedirect(next)
def feedback(request, template_name='im/feedback.html', email_template_name='im/feedback_mail.txt', extra_context=None): """ Allows a user to send feedback. In case of GET request renders a form for providing the feedback information. In case of POST sends an email to support team. If the user isn't logged in, redirects to settings.LOGIN_URL. **Arguments** ``template_name`` A custom template to use. This is optional; if not specified, this will default to ``im/feedback.html``. ``extra_context`` An dictionary of variables to add to the template context. **Template:** im/signup.html or ``template_name`` keyword argument. **Settings:** * LOGIN_URL: login uri """ extra_context = extra_context or {} if request.method == 'GET': form = FeedbackForm() if request.method == 'POST': if not request.user: return HttpResponse('Unauthorized', status=401) form = FeedbackForm(request.POST) if form.is_valid(): msg = form.cleaned_data['feedback_msg'] data = form.cleaned_data['feedback_data'] send_feedback(msg, data, request.user, email_template_name) message = _(astakos_messages.FEEDBACK_SENT) messages.success(request, message) return HttpResponseRedirect(reverse('feedback')) return render_response(template_name, feedback_form=form, context_instance=get_context( request, extra_context))
def feedback(request, template_name='im/feedback.html', email_template_name='im/feedback_mail.txt', extra_context=None): """ Allows a user to send feedback. In case of GET request renders a form for providing the feedback information. In case of POST sends an email to support team. If the user isn't logged in, redirects to settings.LOGIN_URL. **Arguments** ``template_name`` A custom template to use. This is optional; if not specified, this will default to ``im/feedback.html``. ``extra_context`` An dictionary of variables to add to the template context. **Template:** im/signup.html or ``template_name`` keyword argument. **Settings:** * LOGIN_URL: login uri """ extra_context = extra_context or {} if request.method == 'GET': form = FeedbackForm() if request.method == 'POST': if not request.user: return HttpResponse('Unauthorized', status=401) form = FeedbackForm(request.POST) if form.is_valid(): msg = form.cleaned_data['feedback_msg'] data = form.cleaned_data['feedback_data'] send_feedback(msg, data, request.user, email_template_name) message = _(astakos_messages.FEEDBACK_SENT) messages.success(request, message) return HttpResponseRedirect(reverse('feedback')) return render_response(template_name, feedback_form=form, context_instance=get_context(request, extra_context))
def _approval_terms_post(request, template_name, terms, extra_context): next = restrict_next( request.POST.get('next'), domain=settings.COOKIE_DOMAIN ) if not next: next = reverse('index') form = SignApprovalTermsForm(request.POST, instance=request.user) if not form.is_valid(): return render_response(template_name, terms=terms, approval_terms_form=form, context_instance=get_context(request, extra_context)) user = form.save() return HttpResponseRedirect(next)
def request_change_email(request, email_to_new_template_name='registration/email_change_email_new_email.txt', form_template_name='registration/email_change_form.html', extra_context=None): extra_context = extra_context or {} if not settings.EMAILCHANGE_ENABLED: raise PermissionDenied if not request.user.is_authenticated(): path = quote(request.get_full_path()) url = request.build_absolute_uri(reverse('index')) return HttpResponseRedirect(url + '?next=' + path) # clean up expired email changes if request.user.email_change_is_pending(): change = request.user.emailchanges.get() if change.activation_key_expired(): change.delete() return HttpResponseRedirect(reverse('email_change')) form = EmailChangeForm(request.POST or None) if request.method == 'POST' and form.is_valid(): new_email = request.POST['new_email_address'] try: change_user_email( user=request.user, new_email=new_email, email_to_new_template_name=email_to_new_template_name, ) msg = _(astakos_messages.EMAIL_CHANGE_REGISTERED) messages.success(request, msg) return HttpResponseRedirect(reverse('edit_profile')) except ValidationError: pass if request.user.email_change_is_pending(): messages.warning(request, astakos_messages.PENDING_EMAIL_CHANGE_REQUEST) return render_response( form_template_name, form=form, context_instance=get_context(request, extra_context) )
def change_email(request, activation_key=None, email_template_name='registration/email_change_email.txt', form_template_name='registration/email_change_form.html', confirm_template_name='registration/email_change_done.html', extra_context=None): extra_context = extra_context or {} if not settings.EMAILCHANGE_ENABLED: raise PermissionDenied if activation_key: try: try: email_change = EmailChange.objects.get( activation_key=activation_key) except EmailChange.DoesNotExist: transaction.rollback() logger.error( "[change-email] Invalid or used activation " "code, %s", activation_key) raise Http404 if (request.user.is_authenticated() and \ request.user == email_change.user) or not \ request.user.is_authenticated(): user = EmailChange.objects.change_email(activation_key) msg = _(astakos_messages.EMAIL_CHANGED) messages.success(request, msg) transaction.commit() return HttpResponseRedirect(reverse('edit_profile')) else: logger.error("[change-email] Access from invalid user, %s %s", email_change.user, request.user.log_display) transaction.rollback() raise PermissionDenied except ValueError, e: messages.error(request, e) transaction.rollback() return HttpResponseRedirect(reverse('index')) return render_response( confirm_template_name, modified_user=user if 'user' in locals() else None, context_instance=get_context(request, extra_context))
def api_access(request, template_name='im/api_access.html', extra_context=None): """ API access view. """ context = {} url = get_public_endpoint(settings.astakos_services, 'identity') context['services'] = Component.catalog() context['token_url'] = url context['user'] = request.user context['client_url'] = settings.API_CLIENT_URL if extra_context: context.update(extra_context) context_instance = get_context(request, context) return render_response(template_name, context_instance=context_instance)
def change_email(request, activation_key=None, email_template_name='registration/email_change_email.txt', form_template_name='registration/email_change_form.html', confirm_template_name='registration/email_change_done.html', extra_context=None): extra_context = extra_context or {} if not settings.EMAILCHANGE_ENABLED: raise PermissionDenied if activation_key: try: try: email_change = EmailChange.objects.get( activation_key=activation_key) except EmailChange.DoesNotExist: logger.error("[change-email] Invalid or used activation " "code, %s", activation_key) raise Http404 if ( request.user.is_authenticated() and request.user == email_change.user or not request.user.is_authenticated() ): user = EmailChange.objects.change_email(activation_key) msg = _(astakos_messages.EMAIL_CHANGED) messages.success(request, msg) transaction.commit() return HttpResponseRedirect(reverse('edit_profile')) else: logger.error("[change-email] Access from invalid user, %s %s", email_change.user, request.user.log_display) raise PermissionDenied except ValueError, e: messages.error(request, e) transaction.rollback() return HttpResponseRedirect(reverse('index')) return render_response(confirm_template_name, modified_user=user if 'user' in locals() else None, context_instance=get_context(request, extra_context))
def login(request, template_name="im/login.html", on_failure='im/login.html', signup_template="/im/third_party_check_local.html", extra_context=None): """ on_failure: the template name to render on login failure """ if request.method == 'GET': return handle_get_to_login_view(request, primary_provider=LDAP_PROVIDER, login_form=LDAPLoginForm(request), template_name=template_name, extra_context=extra_context) # 'limited' attribute is used by recapatcha was_limited = getattr(request, 'limited', False) next = get_query(request).get('next', '') third_party_token = get_query(request).get('key', False) form = LDAPLoginForm(data=request.POST, was_limited=was_limited, request=request) provider = LDAP_PROVIDER if not form.is_valid(): if third_party_token: messages.info(request, provider.get_login_to_add_msg) return render_to_response(on_failure, { 'login_form': form, 'next': next, 'key': third_party_token }, context_instance=get_context( request, primary_provider=LDAP_PROVIDER)) # get the user from the cache user = form.ldap_user_cache provider = auth.get_provider('ldap', user) affiliation = 'LDAP' provider_info = dict(user.ldap_user.attrs) try: user_info = populate_user_attributes(provider, provider_info) user_id = user_info.pop('identifier') except (ValueError, KeyError): logger.exception( "Failed to map attributes from LDAP provider." " Provider attributes: %s", provider_info) msg = 'Invalid LDAP response. Please contact support.' messages.error(request, msg) return HttpResponseRedirect(reverse('login')) provider_info = dict([(k, smart_unicode(v, errors="ignore")) for k, v in provider_info.items() if k in provider.get_provider_info_attributes()]) user_info['affiliation'] = affiliation if hasattr(user, 'group_names') and provider.get_policy('mirror_groups'): groups = [ Group.objects.get_or_create(name=group_name)[0] for group_name in user.group_names ] user_info['groups'] = groups try: return handle_third_party_login(request, provider_module="ldap", identifier=user_id, provider_info=provider_info, affiliation=affiliation, user_info=user_info) except AstakosUser.DoesNotExist: third_party_key = get_pending_key(request) return handle_third_party_signup(request, user_id, 'ldap', third_party_key, provider_info, user_info, signup_template, extra_context)
def invite(request, template_name='im/invitations.html', extra_context=None): """ Allows a user to invite somebody else. In case of GET request renders a form for providing the invitee information. In case of POST checks whether the user has not run out of invitations and then sends an invitation email to singup to the service. The number of the user invitations is going to be updated only if the email has been successfully sent. If the user isn't logged in, redirects to settings.LOGIN_URL. **Arguments** ``template_name`` A custom template to use. This is optional; if not specified, this will default to ``im/invitations.html``. ``extra_context`` An dictionary of variables to add to the template context. **Template:** im/invitations.html or ``template_name`` keyword argument. **Settings:** The view expectes the following settings are defined: * LOGIN_URL: login uri """ extra_context = extra_context or {} status = None message = None form = InvitationForm() inviter = request.user if request.method == 'POST': form = InvitationForm(request.POST) if inviter.invitations > 0: if form.is_valid(): email = form.cleaned_data.get('username') realname = form.cleaned_data.get('realname') invite_func(inviter, email, realname) message = _(astakos_messages.INVITATION_SENT) % locals() messages.success(request, message) else: message = _(astakos_messages.MAX_INVITATION_NUMBER_REACHED) messages.error(request, message) sent = [{ 'email': inv.username, 'realname': inv.realname, 'is_consumed': inv.is_consumed } for inv in request.user.invitations_sent.all()] kwargs = {'inviter': inviter, 'sent': sent} context = get_context(request, extra_context, **kwargs) return render_response(template_name, invitation_form=form, context_instance=context)
request.user.save() # existing providers user_providers = request.user.get_enabled_auth_providers() user_disabled_providers = request.user.get_disabled_auth_providers() # providers that user can add user_available_providers = request.user.get_available_auth_providers() extra_context['services'] = Component.catalog().values() return render_response(template_name, profile_form=form, user_providers=user_providers, user_disabled_providers=user_disabled_providers, user_available_providers=user_available_providers, context_instance=get_context( request, extra_context)) @transaction.commit_on_success @require_http_methods(["GET", "POST"]) @cookie_fix def signup(request, template_name='im/signup.html', on_success='index', extra_context=None, activation_backend=None): """ Allows a user to create a local account. In case of GET request renders a form for entering the user information. In case of POST handles the signup.
def how_it_works(request): return render_response('im/how_it_works.html', context_instance=get_context(request))
def signup(request, template_name='im/signup.html', on_success='index', extra_context=None, activation_backend=None): """ Allows a user to create a local account. In case of GET request renders a form for entering the user information. In case of POST handles the signup. The user activation will be delegated to the backend specified by the ``activation_backend`` keyword argument if present, otherwise to the ``astakos.im.activation_backends.InvitationBackend`` if settings.ASTAKOS_INVITATIONS_ENABLED is True or ``astakos.im.activation_backends.SimpleBackend`` if not (see activation_backends); Upon successful user creation, if ``next`` url parameter is present the user is redirected there otherwise renders the same page with a success message. On unsuccessful creation, renders ``template_name`` with an error message. **Arguments** ``template_name`` A custom template to render. This is optional; if not specified, this will default to ``im/signup.html``. ``extra_context`` An dictionary of variables to add to the template context. ``on_success`` Resolvable view name to redirect on registration success. **Template:** im/signup.html or ``template_name`` keyword argument. """ extra_context = extra_context or {} if request.user.is_authenticated(): logger.info("%s already signed in, redirect to index", request.user.log_display) return HttpResponseRedirect(reverse('index')) provider = get_query(request).get('provider', 'local') if not auth.get_provider(provider).get_create_policy: logger.error("%s provider not available for signup", provider) raise PermissionDenied instance = None # user registered using third party provider third_party_token = request.REQUEST.get('third_party_token', None) unverified = None if third_party_token: # retreive third party entry. This was created right after the initial # third party provider handshake. pending = get_object_or_404(PendingThirdPartyUser, token=third_party_token) provider = pending.provider # clone third party instance into the corresponding AstakosUser instance = pending.get_user_instance() get_unverified = AstakosUserAuthProvider.objects.unverified # check existing unverified entries unverified = get_unverified(pending.provider, identifier=pending.third_party_identifier) if unverified and request.method == 'GET': messages.warning(request, unverified.get_pending_registration_msg) if unverified.user.moderated: messages.warning(request, unverified.get_pending_resend_activation_msg) else: messages.warning(request, unverified.get_pending_moderation_msg) # prepare activation backend based on current request if not activation_backend: activation_backend = activation_backends.get_backend() form_kwargs = {'instance': instance, 'request': request} if third_party_token: form_kwargs['third_party_token'] = third_party_token form = activation_backend.get_signup_form( provider, None, **form_kwargs) if request.method == 'POST': form = activation_backend.get_signup_form( provider, request.POST, **form_kwargs) if form.is_valid(): user = form.save(commit=False) # delete previously unverified accounts if AstakosUser.objects.user_exists(user.email): AstakosUser.objects.get_by_identifier(user.email).delete() # store_user so that user auth providers get initialized form.store_user(user, request) result = activation_backend.handle_registration(user) if result.status == \ activation_backend.Result.PENDING_MODERATION: # user should be warned that his account is not active yet status = messages.WARNING else: status = messages.SUCCESS message = result.message activation_backend.send_result_notifications(result, user) # commit user entry transaction.commit() if user and user.is_active: # activation backend directly activated the user # log him in next = request.POST.get('next', '') response = prepare_response(request, user, next=next) return response messages.add_message(request, status, message) return HttpResponseRedirect(reverse(on_success)) return render_response(template_name, signup_form=form, third_party_token=third_party_token, provider=provider, context_instance=get_context(request, extra_context))
request.user.save() # existing providers user_providers = request.user.get_enabled_auth_providers() user_disabled_providers = request.user.get_disabled_auth_providers() # providers that user can add user_available_providers = request.user.get_available_auth_providers() extra_context['services'] = Component.catalog().values() return render_response(template_name, profile_form=form, user_providers=user_providers, user_disabled_providers=user_disabled_providers, user_available_providers=user_available_providers, context_instance=get_context(request, extra_context)) @transaction.atomic @require_http_methods(["GET", "POST"]) @cookie_fix def signup(request, template_name='im/signup.html', on_success='index', extra_context=None, activation_backend=None): """ Allows a user to create a local account. In case of GET request renders a form for entering the user information. In case of POST handles the signup. The user activation will be delegated to the backend specified by the ``activation_backend`` keyword argument if present, otherwise to the
def login(request, template_name="im/login.html", on_failure='im/login.html', signup_template="/im/third_party_check_local.html", extra_context=None): """ on_failure: the template name to render on login failure """ if request.method == 'GET': return handle_get_to_login_view(request, primary_provider=LDAP_PROVIDER, login_form=LDAPLoginForm(request), template_name=template_name, extra_context=extra_context) # 'limited' attribute is used by recapatcha was_limited = getattr(request, 'limited', False) next = get_query(request).get('next', '') third_party_token = get_query(request).get('key', False) form = LDAPLoginForm(data=request.POST, was_limited=was_limited, request=request) provider = LDAP_PROVIDER if not form.is_valid(): if third_party_token: messages.info(request, provider.get_login_to_add_msg) return render_to_response( on_failure, {'login_form': form, 'next': next, 'key': third_party_token}, context_instance=get_context(request, primary_provider=LDAP_PROVIDER)) # get the user from the cache user = form.ldap_user_cache provider = auth.get_provider('ldap', user) affiliation = 'LDAP' provider_info = dict(user.ldap_user.attrs) try: user_info = populate_user_attributes(provider, provider_info) user_id = user_info.pop('identifier') except (ValueError, KeyError): logger.exception("Failed to map attributes from LDAP provider." " Provider attributes: %s", provider_info) msg = 'Invalid LDAP response. Please contact support.' messages.error(request, msg) return HttpResponseRedirect(reverse('login')) provider_info = dict([(k, smart_unicode(v, errors="ignore")) for k, v in provider_info.items() if k in provider.get_provider_info_attributes()]) user_info['affiliation'] = affiliation if hasattr(user, 'group_names') and provider.get_policy('mirror_groups'): groups = [Group.objects.get_or_create(name=group_name)[0] for group_name in user.group_names] user_info['groups'] = groups try: return handle_third_party_login(request, provider_module="ldap", identifier=user_id, provider_info=provider_info, affiliation=affiliation, user_info=user_info) except AstakosUser.DoesNotExist: third_party_key = get_pending_key(request) return handle_third_party_signup(request, user_id, 'ldap', third_party_key, provider_info, user_info, signup_template, extra_context)
def invite(request, template_name='im/invitations.html', extra_context=None): """ Allows a user to invite somebody else. In case of GET request renders a form for providing the invitee information. In case of POST checks whether the user has not run out of invitations and then sends an invitation email to singup to the service. The number of the user invitations is going to be updated only if the email has been successfully sent. If the user isn't logged in, redirects to settings.LOGIN_URL. **Arguments** ``template_name`` A custom template to use. This is optional; if not specified, this will default to ``im/invitations.html``. ``extra_context`` An dictionary of variables to add to the template context. **Template:** im/invitations.html or ``template_name`` keyword argument. **Settings:** The view expectes the following settings are defined: * LOGIN_URL: login uri """ extra_context = extra_context or {} status = None message = None form = InvitationForm() inviter = request.user if request.method == 'POST': form = InvitationForm(request.POST) if inviter.invitations > 0: if form.is_valid(): email = form.cleaned_data.get('username') realname = form.cleaned_data.get('realname') invite_func(inviter, email, realname) message = _(astakos_messages.INVITATION_SENT) % locals() messages.success(request, message) else: message = _(astakos_messages.MAX_INVITATION_NUMBER_REACHED) messages.error(request, message) sent = [{'email': inv.username, 'realname': inv.realname, 'is_consumed': inv.is_consumed} for inv in request.user.invitations_sent.all()] kwargs = {'inviter': inviter, 'sent': sent} context = get_context(request, extra_context, **kwargs) return render_response(template_name, invitation_form=form, context_instance=context)
def landing(request): context = {'services': Component.catalog(orderfor='dashboard')} return render_response( 'im/landing.html', context_instance=get_context(request), **context)
except Exception, e: transaction.rollback() raise else: transaction.commit() else: message = _(astakos_messages.MAX_INVITATION_NUMBER_REACHED) messages.error(request, message) sent = [{ 'email': inv.username, 'realname': inv.realname, 'is_consumed': inv.is_consumed } for inv in request.user.invitations_sent.all()] kwargs = {'inviter': inviter, 'sent': sent} context = get_context(request, extra_context, **kwargs) return render_response(template_name, invitation_form=form, context_instance=context) @require_http_methods(["GET", "POST"]) @required_auth_methods_assigned() @login_required @cookie_fix @signed_terms_required def api_access_config(request, template_name='im/api_access_config.html', content_type='text/plain', extra_context=None, filename='.kamakirc'):
def landing(request): context = {'services': Component.catalog(orderfor='dashboard')} return render_response('im/landing.html', context_instance=get_context(request), **context)
def login(request, template_name="im/login.html", on_failure='im/login.html', extra_context=None): """ on_failure: the template name to render on login failure """ if request.method == 'GET': extra_context = extra_context or {} third_party_token = request.GET.get('key', False) if third_party_token: messages.info(request, astakos_messages.AUTH_PROVIDER_LOGIN_TO_ADD) if request.user.is_authenticated(): return HttpResponseRedirect(reverse('landing')) extra_context["primary_provider"] = LOCAL_PROVIDER return render_response( template_name, login_form=LoginForm(request=request), context_instance=get_context(request, extra_context) ) was_limited = getattr(request, 'limited', False) form = LoginForm(data=request.POST, was_limited=was_limited, request=request) next = get_query(request).get('next', '') third_party_token = get_query(request).get('key', False) provider = auth.get_provider('local') if not form.is_valid(): if third_party_token: messages.info(request, provider.get_login_to_add_msg) return render_to_response( on_failure, {'login_form': form, 'next': next, 'key': third_party_token}, context_instance=get_context(request, primary_provider=LOCAL_PROVIDER)) # get the user from the cache user = form.user_cache provider = auth.get_provider('local', user) if not provider.get_login_policy: message = provider.get_login_disabled_msg messages.error(request, message) return HttpResponseRedirect(reverse('login')) message = None if not user: message = provider.get_authentication_failed_msg elif not user.is_active: message = user.get_inactive_message('local') elif not user.has_auth_provider('local'): # valid user logged in with no auth providers set, add local provider # and let him log in if not user.get_available_auth_providers(): user.add_auth_provider('local') else: message = _(astakos_messages.NO_LOCAL_AUTH) if message: messages.error(request, message) return render_to_response(on_failure, {'login_form': form}, context_instance=RequestContext(request)) response = prepare_response(request, user, next) if third_party_token: # use requests to assign the account he just authenticated with with # a third party provider account try: request.user.add_pending_auth_provider(third_party_token) except PendingThirdPartyUser.DoesNotExist: provider = auth.get_provider('local', request.user) messages.error(request, provider.get_add_failed_msg) provider = user.get_auth_provider('local') messages.success(request, provider.get_login_success_msg) response.set_cookie('astakos_last_login_method', 'local') provider.update_last_login_at() return response