Example #1
0
def mozilla_browserid_verify(request):
    """Custom BrowserID verifier for mozilla addresses."""
    home_url = reverse('crashstats.home',
                       args=(settings.DEFAULT_PRODUCT,))
    form = BrowserIDForm(request.POST)
    if form.is_valid():
        assertion = form.cleaned_data['assertion']
        audience = get_audience(request)
        result = verify(assertion, audience)
        if not settings.ALLOWED_PERSONA_EMAILS:  # pragma: no cover
            raise ValueError(
                "No emails set up in `settings.ALLOWED_PERSONA_EMAILS`"
            )

        if result:
            if result['email'] in settings.ALLOWED_PERSONA_EMAILS:
                user = auth.authenticate(assertion=assertion,
                                         audience=audience)
                auth.login(request, user)
                messages.success(
                    request,
                    'You have successfully logged in.'
                )
            else:
                messages.error(
                    request,
                    "You logged in as %s but you don't have sufficient "
                    "privileges." % result['email']
                )
    else:
        messages.error(
            request,
            "Login failed"
        )
    return redirect(home_url)
Example #2
0
def mozilla_browserid_verify(request):
    """Custom BrowserID verifier for mozilla addresses."""
    form = BrowserIDForm(request.POST)
    if form.is_valid():
        assertion = form.cleaned_data['assertion']
        audience = get_audience(request)
        result = verify(assertion, audience)
        try:
            _ok_assertion = False
            _is_contributor = False
            if result:
                _domain = result['email'].split('@')[-1]
                if _domain in settings.ALLOWED_BID:
                    _ok_assertion = True
                elif is_vouched(result['email']):
                    _ok_assertion = True
                    _is_contributor = True

            if _ok_assertion:
                user = auth.authenticate(
                    assertion=assertion,
                    audience=audience
                )
                auth.login(request, user)
                # if _is_contributor:
                #     try:
                #         profile = user.get_profile()
                #         if not profile.contributor:
                #             profile.contributor = True
                #             profile.save()
                #     except UserProfile.DoesNotExist:
                #         profile = UserProfile.objects.create(
                #             user=user,
                #             contributor=True
                #         )

                if auth.models.User.objects.count() == 1:
                    auth.models.User.objects.update(is_superuser=True,
                                                    is_staff=True);

                return redirect(request.POST.get('next',
                                                 settings.LOGIN_REDIRECT_URL))
            elif result:
                messages.error(
                    request,
                    'Hmmm. Are you sure you\'re a vouched mozillian?'
                )
        except BadStatusCodeError:
            logging.error('Unable to call out to mozillians',
                          exc_info=True)
            messages.error(
                request,
                'Email (%s) authenticated but unable to connect to '
                'Mozillians to see if are vouched. ' %
                result['email']
            )

    return redirect(settings.LOGIN_REDIRECT_URL_FAILURE)
Example #3
0
def mozilla_browserid_verify(request):
    """Custom BrowserID verifier for mozilla addresses."""
    home_url = reverse('crashstats.home',
                       args=(settings.DEFAULT_PRODUCT,))
    goto_url = request.POST.get('goto', None) or home_url
    form = BrowserIDForm(request.POST)
    if form.is_valid():
        assertion = form.cleaned_data['assertion']
        audience = get_audience(request)
        result = verify(assertion, audience)

        for name in ('LDAP_BIND_DN', 'LDAP_BIND_PASSWORD', 'LDAP_GROUP_NAMES'):
            if not getattr(settings, name, None):  # pragma: no cover
                raise ValueError(
                    "Not configured `settings.%s`" % name
                )

        if result:
            allowed = in_allowed_group(result['email'])
            debug_email_addresses = getattr(
                settings,
                'DEBUG_LDAP_EMAIL_ADDRESSES',
                []
            )
            if debug_email_addresses and not settings.DEBUG:
                raise SuspiciousOperation(
                    "Can't debug login when NOT in DEBUG mode"
                )
            if allowed or result['email'] in debug_email_addresses:
                if allowed:
                    logging.info('%r is in an allowed group', result['email'])
                else:
                    logging.info('%r allowed for debugging', result['email'])
                user = auth.authenticate(assertion=assertion,
                                         audience=audience)
                auth.login(request, user)
                messages.success(
                    request,
                    'You have successfully logged in.'
                )
            else:
                if not allowed:
                    logging.info('%r NOT in an allowed group', result['email'])
                messages.error(
                    request,
                    "You logged in as %s but you don't have sufficient "
                    "privileges." % result['email']
                )
    else:
        messages.error(
            request,
            "Login failed"
        )
    return redirect(goto_url)
Example #4
0
def mozilla_browserid_verify(request):
    """Custom BrowserID verifier for mozilla addresses."""
    form = BrowserIDForm(request.POST)
    if form.is_valid():
        assertion = form.cleaned_data['assertion']
        audience = get_audience(request)
        result = verify(assertion, audience)
        if result and result['email'].split('@')[-1] in settings.ALLOWED_BID:
            user = auth.authenticate(assertion=assertion, audience=audience)
            auth.login(request, user)
            return redirect(settings.LOGIN_REDIRECT_URL)
    return redirect(settings.LOGIN_REDIRECT_URL_FAILURE)
Example #5
0
def mozilla_browserid_verify(request):
    """Custom BrowserID verifier for mozilla addresses."""
    form = BrowserIDForm(request.POST)
    if form.is_valid():
        assertion = form.cleaned_data['assertion']
        audience = get_audience(request)
        result = verify(assertion, audience)
        try:
            _ok_assertion = False
            _is_contributor = False
            if result:
                _domain = result['email'].split('@')[-1]
                if _domain in settings.ALLOWED_BID:
                    _ok_assertion = True
                elif is_vouched(result['email']):
                    _ok_assertion = True
                    _is_contributor = True

            if _ok_assertion:
                user = auth.authenticate(assertion=assertion,
                                         audience=audience)
                auth.login(request, user)
                # if _is_contributor:
                #     try:
                #         profile = user.get_profile()
                #         if not profile.contributor:
                #             profile.contributor = True
                #             profile.save()
                #     except UserProfile.DoesNotExist:
                #         profile = UserProfile.objects.create(
                #             user=user,
                #             contributor=True
                #         )

                if auth.models.User.objects.count() == 1:
                    auth.models.User.objects.update(is_superuser=True,
                                                    is_staff=True)

                return redirect(
                    request.POST.get('next', settings.LOGIN_REDIRECT_URL))
            elif result:
                messages.error(
                    request, 'Hmmm. Are you sure you\'re a vouched mozillian?')
        except BadStatusCodeError:
            logging.error('Unable to call out to mozillians', exc_info=True)
            messages.error(
                request, 'Email (%s) authenticated but unable to connect to '
                'Mozillians to see if are vouched. ' % result['email'])

    return redirect(settings.LOGIN_REDIRECT_URL_FAILURE)
Example #6
0
def mozilla_browserid_verify(request):
    """Custom BrowserID verifier for mozilla addresses."""
    home_url = reverse('crashstats.home', args=(settings.DEFAULT_PRODUCT, ))
    form = BrowserIDForm(request.POST)
    if form.is_valid():
        assertion = form.cleaned_data['assertion']
        audience = get_audience(request)
        result = verify(assertion, audience)

        for name in ('LDAP_BIND_DN', 'LDAP_BIND_PASSWORD', 'LDAP_GROUP_NAMES'):
            if not getattr(settings, name, None):  # pragma: no cover
                raise ValueError("Not configured `settings.%s`" % name)

        if result:
            allowed = in_allowed_group(result['email'])
            debug_email_addresses = getattr(settings,
                                            'DEBUG_LDAP_EMAIL_ADDRESSES', [])
            if debug_email_addresses and not settings.DEBUG:
                raise SuspiciousOperation(
                    "Can't debug login when NOT in DEBUG mode")
            if allowed or result['email'] in debug_email_addresses:
                if allowed:
                    logging.info('%r is in an allowed group', result['email'])
                else:
                    logging.info('%r allowed for debugging', result['email'])
                user = auth.authenticate(assertion=assertion,
                                         audience=audience)
                auth.login(request, user)
                messages.success(request, 'You have successfully logged in.')
            else:
                if not allowed:
                    logging.info('%r NOT in an allowed group', result['email'])
                messages.error(
                    request,
                    "You logged in as %s but you don't have sufficient "
                    "privileges." % result['email'])
    else:
        messages.error(request, "Login failed")
    return redirect(home_url)