def _create_or_update_ruslan_user(grs_user_record):
portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS,
RUSLAN_API_USERNAME,
RUSLAN_API_PASSWORD)
response = portal_client.create_grs(grs_user_record, RUSLAN_USERS_DATABASE)
record = grs.Record.from_dict(response)
fields_1 = record.get_field('1')
record_id = ''
if fields_1:
record_id = fields_1[0].content
if not record_id:
raise ValueError('record_id must be not empty')
fields_100 = record.get_field('100')
if not fields_100:
field_100 = grs.Field('100')
record.add_field(field_100)
else:
field_100 = fields_100[0]
fields_115 = grs_user_record.get_field('115')
if fields_115:
exist_fields_115 = record.get_field('115')
if not exist_fields_115:
record.add_field(fields_115[0])
field_100.content = RUSLAN_ID_MASK[:len(record_id) * -1] + record_id
portal_client.update_grs(grs_record=record,
database=RUSLAN_USERS_DATABASE,
id=record_id)
return record
def change_email(request):
try:
models.RuslanUser.objects.get(user=request.user)
except models.RuslanUser.DoesNotExist:
return HttpResponse(u'Вы не являетесь читателем')
ruslan_user = models.get_ruslan_user(request)
portal_client = connection_pool.get_client(API_ADDRESS, API_USERNAME,
API_PASSWORD)
sru_response = portal_client.get_user(ruslan_user.username,
RUSLAN_USERS_DATABASE)
sru_records = humanize.get_records(sru_response)
if not sru_records:
return HttpResponse(u'Не найден читатель')
record_content = humanize.get_record_content(sru_records[0])
grs_record = grs.Record.from_dict(record_content)
if request.method == 'POST':
form = forms.ChangeEmailForm(request.POST)
if form.is_valid():
email_fields = grs_record.get_field(EMAIL_FIELD_TAG)
if email_fields:
email_fields[0].content = form.cleaned_data['email']
portal_client.update_grs(
grs_record, RUSLAN_USERS_DATABASE,
grs_record.get_field_value(RECORD_ID_TAG))
else:
form = forms.ChangeEmailForm()
current_email = grs_record.get_field_value(EMAIL_FIELD_TAG, '')
return render(request, 'sso_ruslan/change_email.html', {
'form': form,
'current_email': current_email,
})
def change_email(request):
try:
models.RuslanUser.objects.get(user=request.user)
except models.RuslanUser.DoesNotExist:
return HttpResponse(u'Вы не являетесь читателем')
ruslan_user = models.get_ruslan_user(request)
portal_client = connection_pool.get_client(API_ADDRESS, API_USERNAME, API_PASSWORD)
sru_response = portal_client.get_user(ruslan_user.username, RUSLAN_USERS_DATABASE)
sru_records = humanize.get_records(sru_response)
if not sru_records:
return HttpResponse(u'Не найден читатель')
record_content = humanize.get_record_content(sru_records[0])
grs_record = grs.Record.from_dict(record_content)
if request.method == 'POST':
form = forms.ChangeEmailForm(request.POST)
if form.is_valid():
email_fields = grs_record.get_field(EMAIL_FIELD_TAG)
if email_fields:
email_fields[0].content = form.cleaned_data['email']
portal_client.update_grs(grs_record, RUSLAN_USERS_DATABASE, grs_record.get_field_value(RECORD_ID_TAG))
else:
form = forms.ChangeEmailForm()
current_email = grs_record.get_field_value(EMAIL_FIELD_TAG, '')
return render(request, 'sso_ruslan/change_email.html', {
'form': form,
'current_email': current_email,
})
def _create_or_update_ruslan_user(grs_user_record):
portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD)
response = portal_client.create_grs(grs_user_record, RUSLAN_USERS_DATABASE)
record = grs.Record.from_dict(response)
fields_1 = record.get_field("1")
record_id = ""
if fields_1:
record_id = fields_1[0].content
if not record_id:
raise ValueError("record_id must be not empty")
fields_100 = record.get_field("100")
if not fields_100:
field_100 = grs.Field("100")
record.add_field(field_100)
else:
field_100 = fields_100[0]
fields_115 = grs_user_record.get_field("115")
if fields_115:
exist_fields_115 = record.get_field("115")
if not exist_fields_115:
record.add_field(fields_115[0])
field_100.content = RUSLAN_ID_MASK[: len(record_id) * -1] + record_id
portal_client.update_grs(grs_record=record, database=RUSLAN_USERS_DATABASE, id=record_id)
return record
def _create_or_update_ruslan_user(grs_user_record):
portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD)
response = portal_client.create_grs(grs_user_record, RUSLAN_USERS_DATABASE)
grs_record = response.get('content', [{}])[0]
record = grs.Record.from_dict(grs_record)
fields_1 = record.get_field('1')
record_id = ''
if fields_1:
record_id = fields_1[0].content
if not record_id:
raise ValueError('record_id must be not empty')
fields_100 = record.get_field('100')
if not fields_100:
field_100 = grs.Field('100')
record.add_field(field_100)
else:
field_100 = fields_100[0]
field_100.content = RUSLAN_ID_MASK[:len(record_id) * -1] + record_id
portal_client.update_grs(grs_record=record, database=RUSLAN_USERS_DATABASE, id=record_id)
return record
def register_new_user(request, id):
try:
tatedu_user = models.TatEduUser.objects.get(id=id)
except models.TatEduUser.DoesNotExist:
return redirect("sso_tatedu:index")
user_attrs = json.loads(tatedu_user.user_attrs)
person_info = user_attrs.get("person_info", {})
portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD)
# oid = u'777'
query = u'@attrset bib-1 @attr 1=%s "%s"' % (OID_FIELD, tatedu_user.oid.replace("\\", "\\\\"))
sru_response = portal_client.search(database=RUSLAN_USERS_DATABASE, query=query, start_record=1, maximum_records=1)
sru_records = humanize.get_records(sru_response)
reader_id = ""
password = ""
if not sru_records:
user_grs_record = _create_grs_from_user(
oid=tatedu_user.oid, email=person_info.get("email", ""), user_attrs=user_attrs
)
fields_115 = user_grs_record.get_field("115")
if fields_115:
password = fields_115[0].content
user_grs_record = _create_or_update_ruslan_user(user_grs_record)
else:
user_grs_record = grs.Record.from_dict(humanize.get_record_content(sru_records[0]))
fields_100 = user_grs_record.get_field("100")
if fields_100:
reader_id = fields_100[0].content
# tatedu_user.delete()
user = authenticate(username=reader_id, password=password, need_check_password=False)
if user:
if user.is_active:
login(request, user)
request.session["logout_idp_url"] = LOGOUT_URL
return render(request, "sso_tatedu/register_new_user.html", {"reader_id": reader_id, "password": password})
else:
return _error_response(
request=request, error="no_access_toke", state="", error_description=u"Ваша учетная запись не активна"
)
else:
return _error_response(
request=request,
error="no_user",
state="",
error_description=u"Система не может сопоставить вашу учетную запись ОЭ РТ",
)
def _update_ruslan_user(record):
portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD)
fields_1 = record.get_field('1')
record_id = ''
if fields_1:
record_id = fields_1[0].content
if not record_id:
raise ValueError('record_id must be not empty')
portal_client.update_grs(grs_record=record, database=RUSLAN_USERS_DATABASE, id=record_id)
return record
def authenticate(self, username=None, password="", need_check_password=True):
if username:
username = username.strip()
if password:
password = password.strip()
if not username:
return None
portal_client = connection_pool.get_client(API_ADDRESS, API_USERNAME, API_PASSWORD)
if need_check_password:
try:
reader_id = username.replace("\\", "\\\\").replace('"', '\\"')
password = password.replace("\\", "\\\\").replace('"', '\\"')
sru_response = portal_client.search(
query='@attrset bib-1 @attr 1=100 "%s"' % (reader_id,),
database=RUSLAN_USERS_DATABASE,
maximum_records=1,
)
sru_records = humanize.get_records(sru_response)
if not sru_records:
return None
except Exception as e:
logger.exception(e)
return None
sru_reps = portal_client.get_user(username, database=RUSLAN_USERS_DATABASE)
records = humanize.get_records(sru_reps)
if not records:
return None
# 101 - фамилия
# 102 - имя
# 103 - отчество
grs_record = humanize.grs_to_dict(humanize.get_record_content(records[0]).get("GRSTag", [{}]))
user_password = password
if need_check_password and user_password != password:
return None
return self.get_or_create_user(username, password, grs_record)
def _update_ruslan_user(record):
portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS,
RUSLAN_API_USERNAME,
RUSLAN_API_PASSWORD)
fields_1 = record.get_field('1')
record_id = ''
if fields_1:
record_id = fields_1[0].content
if not record_id:
raise ValueError('record_id must be not empty')
portal_client.update_grs(grs_record=record,
database=RUSLAN_USERS_DATABASE,
id=record_id)
return record
from . import forms
RUSLAN = getattr(settings, 'RUSLAN', {})
API_ADDRESS = RUSLAN.get('api_address', 'http://localhost/')
API_USERNAME = RUSLAN.get('username')
API_PASSWORD = RUSLAN.get('password')
ON_HAND_DB = 'circ'
ORDERS_DB = 'extd'
HOLDINGS_BASE = 'spstu'
ORG_CODES = RUSLAN.get('org_codes', {})
CAN_ORDER_BRANCHES = RUSLAN.get('can_order_branches', [])
ruslan_client = connection_pool.get_client(API_ADDRESS, API_USERNAME,
API_PASSWORD)
@api_decorators.permission_required(['pages.create_page'],
message=u'Доступ запрещен')
def index(request):
return api_responses.response({'status': 'ok'})
@never_cache
@csrf_exempt
def holdings(request):
record_id = request.GET.get('recordId', '')
if not record_id:
return api_responses.errors_response('recordId params does not exist')
def register_new_user(request, id):
try:
tatedu_user = models.TatEduUser.objects.get(id=id)
except models.TatEduUser.DoesNotExist:
return redirect('sso_tatedu:index')
user_attrs = json.loads(tatedu_user.user_attrs)
person_info = user_attrs.get('person_info', {})
portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS,
RUSLAN_API_USERNAME,
RUSLAN_API_PASSWORD)
# oid = u'777'
query = u'@attrset bib-1 @attr 1=%s "%s"' % (
OID_FIELD, tatedu_user.oid.replace('\\', '\\\\'))
sru_response = portal_client.search(database=RUSLAN_USERS_DATABASE,
query=query,
start_record=1,
maximum_records=1)
sru_records = humanize.get_records(sru_response)
reader_id = ''
password = ''
if not sru_records:
user_grs_record = _create_grs_from_user(oid=tatedu_user.oid,
email=person_info.get(
'email', ''),
user_attrs=user_attrs)
fields_115 = user_grs_record.get_field('115')
if fields_115:
password = fields_115[0].content
user_grs_record = _create_or_update_ruslan_user(user_grs_record)
else:
user_grs_record = grs.Record.from_dict(
humanize.get_record_content(sru_records[0]))
fields_100 = user_grs_record.get_field('100')
if fields_100:
reader_id = fields_100[0].content
# tatedu_user.delete()
user = authenticate(username=reader_id,
password=password,
need_check_password=False)
if user:
if user.is_active:
login(request, user)
request.session['logout_idp_url'] = LOGOUT_URL
return render(request, 'sso_tatedu/register_new_user.html', {
'reader_id': reader_id,
'password': password
})
else:
return _error_response(
request=request,
error='no_access_toke',
state='',
error_description=u'Ваша учетная запись не активна')
else:
return _error_response(
request=request,
error='no_user',
state='',
error_description=
u'Система не может сопоставить вашу учетную запись ОЭ РТ')
def redirect_from_idp(request):
error = request.GET.get("error")
state = request.GET.get("state")
code = request.GET.get("code")
error_description = request.GET.get("error_description")
if error:
return _error_response(request=request, error=error, state=state, error_description=error_description)
try:
access_marker = _get_access_marker(code)
except Exception as e:
return _error_response(
request=request,
error="get_access_marker",
state=state,
error_description=u"При получении маркера возникла ошибка",
exception=e,
)
access_token = access_marker.get("access_token", "")
if not access_token:
return _error_response(
request=request,
error="no_access_toke",
state=state,
error_description=u"Авторизационный код доступа не был получен",
)
try:
person_info_resp = _get_person_info(access_token)
# print person_info_resp
# person_contacts = _get_person_contacts(oid, access_token)
# person_addresses = _get_person_addresses(oid, access_token)
# person_docs = _get_person_docs(oid, access_token)
except Exception as e:
return _error_response(
request=request,
error="user_info_error",
error_description=u"Ошибка при получении информации из ЭО РТ",
exception=e,
)
if person_info_resp.get("status", "") != "success":
return _error_response(
request=request,
error="user_info_error",
error_description=u"Ошибка при получении информации из ЭО РТ " + person_info_resp.get("message"),
)
# return HttpResponse(json.dumps(person_info_resp, ensure_ascii=False), content_type='application/json')
person_info = person_info_resp.get("data", {})
if person_info.get("status", "") != "active":
return _error_response(
request=request,
error="user_not_active",
error_description=u"Учетная запись неактивна. Обратитесь к администратору портала ЭО",
)
user_id = person_info.get("id")
if not user_id:
return _error_response(
request=request, error="no_user_id", error_description=u"Ответ не содержит идентификатор пользователя"
)
user_attrs = {
"person_info": person_info,
# 'person_contacts': person_contacts,
# 'person_addresses': person_addresses,
# 'person_docs': person_docs,
}
portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD)
# oid = u'erf'
# state = '112313'
# user_attrs = esia_response
# person_info = user_attrs.get('person_info', {})
# person_contacts = user_attrs.get('person_contacts', [])
sru_response = portal_client.search(
query=u'@attrset bib-1 @attr 1=%s "%s"'
% (OID_FIELD, unicode(user_id).replace("\\", "\\\\").replace('"', '\\"')),
database=RUSLAN_USERS_DATABASE,
maximum_records=1,
)
sru_records = humanize.get_records(sru_response)
if not sru_records:
tatedu_user = models.create_or_update_user(user_id, user_attrs)
return register_new_user(request, tatedu_user.id)
else:
user_grs_record = grs.Record.from_dict(humanize.get_record_content(sru_records[0]))
fields_100 = user_grs_record.get_field("100")
if not fields_100:
return _error_response(
request=request,
error="no_user",
error_description=u"Система в данный момент не может произвести авторизацию",
)
else:
user = authenticate(username=fields_100[0].content, need_check_password=False)
if user:
if user.is_active:
login(request, user)
library_id = _get_library_id(user_grs_record)
if library_id:
request.session["org_id"] = library_id
request.session["logout_idp_url"] = LOGOUT_URL
request.session["auth_source"] = AUTH_SOURCE
return redirect("index:frontend:index")
else:
return _error_response(
request=request,
error="no_access_token",
state=state,
error_description=u"Ваша учетная запись не активна",
)
else:
return _error_response(
request=request,
error="no_user",
state=state,
error_description=u"Система не может сопоставить вашу учетную запись ЭО РТ",
)
def authenticate(self, username=None, password='', need_check_password=True):
if username:
username = username.strip()
if password:
password = password.strip()
if not username:
return None
portal_client = connection_pool.get_client(API_ADDRESS, API_USERNAME, API_PASSWORD)
reader_id = username.replace('\\', '\\\\').replace('"', '\\"')
password = password.replace('\\', '\\\\').replace('"', '\\"')
sru_response = portal_client.search(
query='@attrset bib-1 @attr 1=132 "%s"' % (reader_id,),
database=RUSLAN_USERS_DATABASE,
maximum_records=1
)
sru_records = humanize.get_records(sru_response)
if sru_records:
try:
record_content = humanize.get_record_content(sru_records[0])
grs_record = grs.Record.from_dict(record_content)
f100 = grs_record.get_field_value('100', '')
if f100:
reader_id = f100.replace('\\', '\\\\').replace('"', '\\"')
except Exception as e:
logger.exception(e)
return None
if need_check_password:
user_client = client.HttpClient(API_ADDRESS, username=reader_id, password=password)
try:
user_principal = user_client.principal()
user_client.close_session()
except client.UnauthorizedError:
return None
except UnicodeEncodeError:
return None
try:
# reader_id = username.replace('\\', '\\\\').replace('"', '\\"')
sru_response = portal_client.search(
query='@attrset bib-1 @attr 1=100 "%s"' % (reader_id,),
database=RUSLAN_USERS_DATABASE,
maximum_records=1
)
sru_records = humanize.get_records(sru_response)
if not sru_records:
return None
except Exception as e:
logger.exception(e)
return None
sru_reps = portal_client.get_user(reader_id, database=RUSLAN_USERS_DATABASE)
records = humanize.get_records(sru_reps)
if not records:
return None
# 101 - фамилия
# 102 - имя
# 103 - отчество
grs_record = grs.Record.from_dict(humanize.get_record_content(records[0]))
return self.get_or_create_user(reader_id, password, grs_record, need_check_password)
from . import forms
RUSLAN = getattr(settings, 'RUSLAN', {})
API_ADDRESS = RUSLAN.get('api_address', 'http://localhost/')
API_USERNAME = RUSLAN.get('username')
API_PASSWORD = RUSLAN.get('password')
ON_HAND_DB = 'circ'
ORDERS_DB = 'extd'
HOLDINGS_BASE = 'spstu'
ORG_CODES = RUSLAN.get('org_codes', {})
CAN_ORDER_BRANCHES = RUSLAN.get('can_order_branches', [])
ruslan_client = connection_pool.get_client(API_ADDRESS, API_USERNAME, API_PASSWORD)
@api_decorators.permission_required(['pages.create_page'], message=u'Доступ запрещен')
def index(request):
return api_responses.response({
'status': 'ok'
})
@never_cache
@csrf_exempt
def holdings(request):
record_id = request.GET.get('recordId', '')
if not record_id:
return api_responses.errors_response('recordId params does not exist')
def authenticate(self,
username=None,
password='',
need_check_password=True):
if username:
username = username.strip()
if password:
password = password.strip()
if not username:
return None
portal_client = connection_pool.get_client(API_ADDRESS, API_USERNAME,
API_PASSWORD)
reader_id = username.replace('\\', '\\\\').replace('"', '\\"')
password = password.replace('\\', '\\\\').replace('"', '\\"')
sru_response = portal_client.search(
query='@attrset bib-1 @attr 1=132 "%s"' % (reader_id, ),
database=RUSLAN_USERS_DATABASE,
maximum_records=1)
sru_records = humanize.get_records(sru_response)
if sru_records:
try:
record_content = humanize.get_record_content(sru_records[0])
grs_record = grs.Record.from_dict(record_content)
f100 = grs_record.get_field_value('100', '')
if f100:
reader_id = f100.replace('\\', '\\\\').replace('"', '\\"')
except Exception as e:
logger.exception(e)
return None
if need_check_password:
user_client = client.HttpClient(API_ADDRESS,
username=reader_id,
password=password)
try:
user_principal = user_client.principal()
user_client.close_session()
except client.UnauthorizedError:
return None
except UnicodeEncodeError:
return None
try:
# reader_id = username.replace('\\', '\\\\').replace('"', '\\"')
sru_response = portal_client.search(
query='@attrset bib-1 @attr 1=100 "%s"' % (reader_id, ),
database=RUSLAN_USERS_DATABASE,
maximum_records=1)
sru_records = humanize.get_records(sru_response)
if not sru_records:
return None
except Exception as e:
logger.exception(e)
return None
sru_reps = portal_client.get_user(reader_id,
database=RUSLAN_USERS_DATABASE)
records = humanize.get_records(sru_reps)
if not records:
return None
# 101 - фамилия
# 102 - имя
# 103 - отчество
grs_record = grs.Record.from_dict(
humanize.get_record_content(records[0]))
return self.get_or_create_user(reader_id, password, grs_record,
need_check_password)
def redirect_from_idp(request):
error = request.GET.get('error')
state = request.GET.get('state')
code = request.GET.get('code')
error_description = request.GET.get('error_description')
if error:
return _error_response(
request=request,
error=error,
state=state,
error_description=error_description
)
try:
access_marker = _get_access_marker(code)
except Exception as e:
return _error_response(
request=request,
error='get_access_marker',
state=state,
error_description=u'При получении маркера возникла ошибка',
exception=e
)
access_token = access_marker.get('access_token', '')
if not access_token:
return _error_response(
request=request,
error='no_access_toke',
state=state,
error_description=u'Авторизационный код доступа не был получен'
)
try:
person_info_resp = _get_person_info(access_token)
# print person_info_resp
# person_contacts = _get_person_contacts(oid, access_token)
# person_addresses = _get_person_addresses(oid, access_token)
# person_docs = _get_person_docs(oid, access_token)
except Exception as e:
return _error_response(
request=request,
error='user_info_error',
error_description=u'Ошибка при получении информации из ЭО РТ',
exception=e
)
if person_info_resp.get('status', '') != 'success':
return _error_response(
request=request,
error='user_info_error',
error_description=u'Ошибка при получении информации из ЭО РТ ' + person_info_resp.get('message')
)
# print json.dumps(person_info_resp, ensure_ascii=False)
person_info = person_info_resp.get('data', {})
if person_info.get('status', '') != 'active':
return _error_response(
request=request,
error='user_not_active',
error_description=u'Учетная запись неактивна. Обратитесь к администратору портала ЭО'
)
user_id = person_info.get('id')
if not user_id:
return _error_response(
request=request,
error='no_user_id',
error_description=u'Ответ не содержит идентификатор пользователя'
)
user_attrs = {
'person_info': person_info,
# 'person_contacts': person_contacts,
# 'person_addresses': person_addresses,
# 'person_docs': person_docs,
}
portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD)
# oid = u'erf'
# state = '112313'
# user_attrs = esia_response
# person_info = user_attrs.get('person_info', {})
# person_contacts = user_attrs.get('person_contacts', [])
sru_response = portal_client.search(
query=u'@attrset bib-1 @attr 1=%s "%s"' % (
OID_FIELD, unicode(user_id).replace('\\', '\\\\').replace('"', '\\"'),),
database=RUSLAN_USERS_DATABASE,
maximum_records=1
)
sru_records = humanize.get_records(sru_response)
tatedu_user = models.create_or_update_user(user_id, user_attrs)
if not sru_records:
return register_new_user(request, tatedu_user.id)
else:
user_grs_record = grs.Record.from_dict(humanize.get_record_content(sru_records[0]))
new_user_grs_record = _create_grs_from_user(
oid=tatedu_user.oid,
email=person_info.get('email', ''),
user_attrs=user_attrs
)
for field_value in ['505', '506', '508', '509', '510']:
fields = new_user_grs_record.get_field(field_value)
user_grs_record.set_field(field_value, fields)
_update_ruslan_user(user_grs_record)
fields_100 = user_grs_record.get_field('100')
if not fields_100:
return _error_response(
request=request,
error='no_user',
state=state,
error_description=u'Система в данный момент не может произвести авторизацию'
)
else:
user = authenticate(username=fields_100[0].content, need_check_password=False)
if user:
if user.is_active:
login(request, user)
library_id = _get_library_id(user_grs_record)
if library_id:
request.session['org_id'] = library_id
request.session['logout_idp_url'] = LOGOUT_URL
request.session['auth_source'] = AUTH_SOURCE
return redirect('index:frontend:index')
else:
return _error_response(
request=request,
error='no_access_token',
state=state,
error_description=u'Ваша учетная запись не активна'
)
else:
return _error_response(
request=request,
error='no_user',
state=state,
error_description=u'Система не может сопоставить вашу учетную запись ЭО РТ'
)
def register_new_user(request, id):
try:
esia_user = models.EsiaUser.objects.get(id=id)
except models.EsiaUser.DoesNotExist:
return redirect('sso_esia:index')
user_attrs = json.loads(esia_user.user_attrs)
person_contacts = user_attrs.get('person_contacts', [])
portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD)
# oid = u'777'
query = u'@attrset bib-1 @attr 1=403 "%s"' % (esia_user.oid.replace('\\', '\\\\'))
sru_response = portal_client.search(database=RUSLAN_USERS_DATABASE, query=query, start_record=1, maximum_records=1)
sru_records = humanize.get_records(sru_response)
reader_id = ''
password = ''
if not sru_records:
user_grs_record = _create_grs_from_esia(
oid=esia_user.oid,
email=(_find_contacts_attr('EML', person_contacts) or [''])[0],
user_attrs=user_attrs
)
fields_115 = user_grs_record.get_field('115')
if fields_115:
password = fields_115[0].content
user_grs_record = _create_or_update_ruslan_user(user_grs_record)
else:
user_grs_record = grs.Record.from_dict(humanize.get_record_content(sru_records[0]))
fields_100 = user_grs_record.get_field('100')
if fields_100:
reader_id = fields_100[0].content
esia_user.delete()
user = authenticate(username=reader_id, password=password, need_check_password=False)
if user:
if user.is_active:
login(request, user)
return render(request, 'esia_sso/register_new_user.html', {
'reader_id': reader_id,
'password': password
})
else:
return _error_response(
request=request,
error='no_access_toke',
state='',
error_description=u'Ваша учетная запись не активна'
)
else:
return _error_response(
request=request,
error='no_user',
state='',
error_description=u'Система не может сопоставить вашу учетную запись ЕСИА'
)
def ask_for_exist_reader(request, id):
try:
esia_user = models.EsiaUser.objects.get(id=id)
except models.EsiaUser.DoesNotExist:
return redirect('sso_esia:index')
portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD)
if request.method == 'POST':
ruslan_auth_form = forms.RuslanAuthForm(request.POST)
if ruslan_auth_form.is_valid():
reader_id = ruslan_auth_form.cleaned_data['reader_id'].replace('\\', '\\\\').replace('"', '\\"')
password = ruslan_auth_form.cleaned_data['password'].replace('\\', '\\\\').replace('"', '\\"')
sru_response = portal_client.search(
query='@attrset bib-1 @attr 1=100 "%s"' % (reader_id,),
database=RUSLAN_USERS_DATABASE,
maximum_records=1
)
sru_records = humanize.get_records(sru_response)
if not sru_records:
ruslan_auth_form.add_error('reader_id', u'Идентификатор читателя не найден')
else:
sru_response = portal_client.search(
query='@attrset bib-1 @and @attr 1=100 "%s" @attr 1=115 "%s"' % (reader_id, password),
database=RUSLAN_USERS_DATABASE,
maximum_records=1
)
sru_records = humanize.get_records(sru_response)
if not sru_records:
ruslan_auth_form.add_error('reader_id', u'Неверный пароль')
else:
user_record = humanize.get_record_content(sru_records[0])
user_grs_record = grs.Record.from_dict(user_record)
fields_403 = user_grs_record.get_field('403')
if fields_403:
if fields_403[0].content != esia_user.oid:
ruslan_auth_form.add_error(
'reader_id',
u'Идентификатор читателя уже связан с учетной записью ЕСИА'
)
else:
user_grs_record.add_field(grs.Field('403', esia_user.oid))
portal_client.update_grs(
grs_record=user_grs_record,
database=RUSLAN_USERS_DATABASE,
id=reader_id
)
esia_user.delete()
user = authenticate(
username=ruslan_auth_form.cleaned_data['reader_id'],
password=ruslan_auth_form.cleaned_data['password']
)
if user:
if user.is_active:
login(request, user)
return redirect('index:frontend:index')
else:
return _error_response(
request=request,
error='no_access_toke',
state='',
error_description=u'Ваша учетная запись читателя не активна'
)
else:
return _error_response(
request=request,
error='no_user',
state='',
error_description=u'Система не может сопоставить вашу учетную запись ЕСИА'
)
else:
ruslan_auth_form = forms.RuslanAuthForm()
return render(request, 'esia_sso/ask_for_exist_reader.html', {
'ruslan_auth_form': ruslan_auth_form,
'esia_id': id
})
def redirect_from_idp(request):
error = request.GET.get('error')
state = request.GET.get('state')
error_description = request.GET.get('error_description')
if error:
return _error_response(
request=request,
error=error,
state=state,
error_description=error_description
)
code = request.GET.get('code')
state = request.GET.get('state')
try:
access_marker = _get_access_marker(code)
except Exception as e:
return _error_response(
request=request,
error='get_access_marker',
state=state,
error_description=u'При получении маркера возникла ошибка',
exception=e
)
access_token = access_marker.get('access_token', '')
if not access_token:
return _error_response(
request=request,
error='no_access_toke',
state=state,
error_description=u'Авторизационный код доступа не был получен'
)
try:
oid = _get_oid(access_token)
except Exception as e:
return _error_response(
request=request,
error='get_oid',
state=state,
error_description=u'Ошибка при получении oid',
exception=e
)
if not oid:
return _error_response(
request=request,
error='no_oid',
state=state,
error_description=u'oid не был получен'
)
try:
person_info = _get_person_info(oid, access_token)
person_contacts = _get_person_contacts(oid, access_token)
person_addresses = _get_person_addresses(oid, access_token)
except Exception as e:
return _error_response(
request=request,
error='user_info_error',
state=state,
error_description=u'Ошибка при получении информации из ЕСИА',
exception=e
)
user_attrs = {
'person_info': person_info,
'person_contacts': person_contacts,
'person_addresses': person_addresses
}
portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD)
#oid = u'erf'
#state = '112313'
#user_attrs = esia_response
# person_info = user_attrs.get('person_info', {})
# person_contacts = user_attrs.get('person_contacts', [])
sru_response = portal_client.search(
query='@attrset bib-1 @attr 1=403 "%s"' % (oid.replace('\\', '\\\\').replace('"', '\\"'),),
database=RUSLAN_USERS_DATABASE,
maximum_records=1
)
sru_records = humanize.get_records(sru_response)
if not sru_records:
esia_user = models.create_or_update_esia_user(oid, user_attrs)
return redirect('sso_esia:ask_for_exist_reader', id=esia_user.id)
else:
user_grs_record = grs.Record.from_dict(humanize.get_record_content(sru_records[0]))
fields_100 = user_grs_record.get_field('100')
if not fields_100:
return _error_response(
request=request,
error='no_user',
state=state,
error_description=u'Система в данный момент не может произвести авторизацию'
)
else:
user = authenticate(username=fields_100[0].content, need_check_password=False)
if user:
if user.is_active:
login(request, user)
request.session['logout_idp_url'] = 'https://esia-portal1.test.gosuslugi.ru/profile/user/saml/Logout'
return redirect('index:frontend:index')
else:
return _error_response(
request=request,
error='no_access_toke',
state=state,
error_description=u'Ваша учетная запись не активна'
)
else:
return _error_response(
request=request,
error='no_user',
state=state,
error_description=u'Система не может сопоставить вашу учетную запись ЕСИА'
)
def redirect_from_idp(request):
error = request.GET.get('error')
state = request.GET.get('state')
code = request.GET.get('code')
error_description = request.GET.get('error_description')
if error:
return _error_response(request=request,
error=error,
state=state,
error_description=error_description)
try:
access_marker = _get_access_marker(code)
except Exception as e:
return _error_response(
request=request,
error='get_access_marker',
state=state,
error_description=u'При получении маркера возникла ошибка',
exception=e)
access_token = access_marker.get('access_token', '')
if not access_token:
return _error_response(
request=request,
error='no_access_toke',
state=state,
error_description=u'Авторизационный код доступа не был получен')
try:
oid = _get_oid(access_token)
except Exception as e:
return _error_response(request=request,
error='get_oid',
state=state,
error_description=u'Ошибка при получении oid',
exception=e)
if not oid:
return _error_response(request=request,
error='no_oid',
state=state,
error_description=u'oid не был получен')
try:
person_info = _get_person_info(oid, access_token)
person_contacts = _get_person_contacts(oid, access_token)
person_addresses = _get_person_addresses(oid, access_token)
person_docs = _get_person_docs(oid, access_token)
except Exception as e:
return _error_response(
request=request,
error='user_info_error',
state=state,
error_description=u'Ошибка при получении информации из ЕСИА',
exception=e)
user_attrs = {
'person_info': person_info,
'person_contacts': person_contacts,
'person_addresses': person_addresses,
'person_docs': person_docs,
}
portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS,
RUSLAN_API_USERNAME,
RUSLAN_API_PASSWORD)
# oid = u'erf'
# state = '112313'
# user_attrs = esia_response
# person_info = user_attrs.get('person_info', {})
# person_contacts = user_attrs.get('person_contacts', [])
sru_response = portal_client.search(
query='@attrset bib-1 @attr 1=403 "%s"' %
(oid.replace('\\', '\\\\').replace('"', '\\"'), ),
database=RUSLAN_USERS_DATABASE,
maximum_records=1)
sru_records = humanize.get_records(sru_response)
if not sru_records:
esia_user = models.create_or_update_esia_user(oid, user_attrs)
return redirect('sso_esia:ask_for_exist_reader', id=esia_user.id)
else:
user_grs_record = grs.Record.from_dict(
humanize.get_record_content(sru_records[0]))
fields_100 = user_grs_record.get_field('100')
if not fields_100:
return _error_response(
request=request,
error='no_user',
state=state,
error_description=
u'Система в данный момент не может произвести авторизацию')
else:
user = authenticate(username=fields_100[0].content,
need_check_password=False)
if user:
if user.is_active:
login(request, user)
request.session[
'logout_idp_url'] = 'https://esia.gosuslugi.ru/idp/ext/Logout?client_id=%s&redirect_url=http://%s' % (
ESIA_SSO_CLIENT_ID, SITE_DOMAIN)
return redirect('index:frontend:index')
else:
return _error_response(
request=request,
error='no_access_toke',
state=state,
error_description=u'Ваша учетная запись не активна')
else:
return _error_response(
request=request,
error='no_user',
state=state,
error_description=
u'Система не может сопоставить вашу учетную запись ЕСИА')
def redirect_from_idp(request):
error = request.GET.get('error')
state = request.GET.get('state')
code = request.GET.get('code')
error_description = request.GET.get('error_description')
if error:
return _error_response(request=request,
error=error,
state=state,
error_description=error_description)
try:
access_marker = _get_access_marker(code)
except Exception as e:
return _error_response(
request=request,
error='get_access_marker',
state=state,
error_description=u'При получении маркера возникла ошибка',
exception=e)
access_token = access_marker.get('access_token', '')
if not access_token:
return _error_response(
request=request,
error='no_access_toke',
state=state,
error_description=u'Авторизационный код доступа не был получен')
try:
person_info_resp = _get_person_info(access_token)
# print person_info_resp
# person_contacts = _get_person_contacts(oid, access_token)
# person_addresses = _get_person_addresses(oid, access_token)
# person_docs = _get_person_docs(oid, access_token)
except Exception as e:
return _error_response(
request=request,
error='user_info_error',
error_description=u'Ошибка при получении информации из ЭО РТ',
exception=e)
if person_info_resp.get('status', '') != 'success':
return _error_response(
request=request,
error='user_info_error',
error_description=u'Ошибка при получении информации из ЭО РТ ' +
person_info_resp.get('message'))
# print json.dumps(person_info_resp, ensure_ascii=False)
person_info = person_info_resp.get('data', {})
if person_info.get('status', '') != 'active':
return _error_response(
request=request,
error='user_not_active',
error_description=
u'Учетная запись неактивна. Обратитесь к администратору портала ЭО'
)
user_id = person_info.get('id')
if not user_id:
return _error_response(
request=request,
error='no_user_id',
error_description=u'Ответ не содержит идентификатор пользователя')
user_attrs = {
'person_info': person_info,
# 'person_contacts': person_contacts,
# 'person_addresses': person_addresses,
# 'person_docs': person_docs,
}
portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS,
RUSLAN_API_USERNAME,
RUSLAN_API_PASSWORD)
# oid = u'erf'
# state = '112313'
# user_attrs = esia_response
# person_info = user_attrs.get('person_info', {})
# person_contacts = user_attrs.get('person_contacts', [])
sru_response = portal_client.search(
query=u'@attrset bib-1 @attr 1=%s "%s"' % (
OID_FIELD,
unicode(user_id).replace('\\', '\\\\').replace('"', '\\"'),
),
database=RUSLAN_USERS_DATABASE,
maximum_records=1)
sru_records = humanize.get_records(sru_response)
tatedu_user = models.create_or_update_user(user_id, user_attrs)
if not sru_records:
return register_new_user(request, tatedu_user.id)
else:
user_grs_record = grs.Record.from_dict(
humanize.get_record_content(sru_records[0]))
new_user_grs_record = _create_grs_from_user(oid=tatedu_user.oid,
email=person_info.get(
'email', ''),
user_attrs=user_attrs)
for field_value in ['505', '506', '508', '509', '510']:
fields = new_user_grs_record.get_field(field_value)
user_grs_record.set_field(field_value, fields)
_update_ruslan_user(user_grs_record)
fields_100 = user_grs_record.get_field('100')
if not fields_100:
return _error_response(
request=request,
error='no_user',
state=state,
error_description=
u'Система в данный момент не может произвести авторизацию')
else:
user = authenticate(username=fields_100[0].content,
need_check_password=False)
if user:
if user.is_active:
login(request, user)
library_id = _get_library_id(user_grs_record)
if library_id:
request.session['org_id'] = library_id
request.session['logout_idp_url'] = LOGOUT_URL
request.session['auth_source'] = AUTH_SOURCE
return redirect('index:frontend:index')
else:
return _error_response(
request=request,
error='no_access_token',
state=state,
error_description=u'Ваша учетная запись не активна')
else:
return _error_response(
request=request,
error='no_user',
state=state,
error_description=
u'Система не может сопоставить вашу учетную запись ЭО РТ')
def ask_for_exist_reader(request, id):
try:
esia_user = models.EsiaUser.objects.get(id=id)
except models.EsiaUser.DoesNotExist:
return redirect('sso_esia:index')
portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS,
RUSLAN_API_USERNAME,
RUSLAN_API_PASSWORD)
if request.method == 'POST':
ruslan_auth_form = forms.RuslanAuthForm(request.POST)
if ruslan_auth_form.is_valid():
reader_id = ruslan_auth_form.cleaned_data['reader_id'].replace(
'\\', '\\\\').replace('"', '\\"')
password = ruslan_auth_form.cleaned_data['password'].replace(
'\\', '\\\\').replace('"', '\\"')
sru_response = portal_client.search(
query='@attrset bib-1 @attr 1=100 "%s"' % (reader_id, ),
database=RUSLAN_USERS_DATABASE,
maximum_records=1)
sru_records = humanize.get_records(sru_response)
if not sru_records:
ruslan_auth_form.add_error(
'reader_id', u'Идентификатор читателя не найден')
else:
sru_response = portal_client.search(
query=
'@attrset bib-1 @and @attr 1=100 "%s" @attr 1=115 "%s"' %
(reader_id, password),
database=RUSLAN_USERS_DATABASE,
maximum_records=1)
sru_records = humanize.get_records(sru_response)
if not sru_records:
ruslan_auth_form.add_error('reader_id', u'Неверный пароль')
else:
user_record = humanize.get_record_content(sru_records[0])
user_grs_record = grs.Record.from_dict(user_record)
fields_403 = user_grs_record.get_field('403')
if fields_403:
if fields_403[0].content != esia_user.oid:
ruslan_auth_form.add_error(
'reader_id',
u'Идентификатор читателя уже связан с учетной записью ЕСИА'
)
else:
user_grs_record.add_field(
grs.Field('403', esia_user.oid))
portal_client.update_grs(
grs_record=user_grs_record,
database=RUSLAN_USERS_DATABASE,
id=reader_id)
esia_user.delete()
user = authenticate(
username=ruslan_auth_form.
cleaned_data['reader_id'],
password=ruslan_auth_form.cleaned_data['password'])
if user:
if user.is_active:
login(request, user)
return redirect('index:frontend:index')
else:
return _error_response(
request=request,
error='no_access_toke',
state='',
error_description=
u'Ваша учетная запись читателя не активна')
else:
return _error_response(
request=request,
error='no_user',
state='',
error_description=
u'Система не может сопоставить вашу учетную запись ЕСИА'
)
else:
ruslan_auth_form = forms.RuslanAuthForm()
return render(request, 'esia_sso/ask_for_exist_reader.html', {
'ruslan_auth_form': ruslan_auth_form,
'esia_id': id
})
def register_new_user(request, id):
try:
esia_user = models.EsiaUser.objects.get(id=id)
except models.EsiaUser.DoesNotExist:
return redirect('sso_esia:index')
user_attrs = json.loads(esia_user.user_attrs)
person_contacts = user_attrs.get('person_contacts', [])
portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS,
RUSLAN_API_USERNAME,
RUSLAN_API_PASSWORD)
# oid = u'777'
query = u'@attrset bib-1 @attr 1=403 "%s"' % (esia_user.oid.replace(
'\\', '\\\\'))
sru_response = portal_client.search(database=RUSLAN_USERS_DATABASE,
query=query,
start_record=1,
maximum_records=1)
sru_records = humanize.get_records(sru_response)
reader_id = ''
password = ''
if not sru_records:
user_grs_record = _create_grs_from_esia(
oid=esia_user.oid,
email=(_find_contacts_attr('EML', person_contacts) or [''])[0],
user_attrs=user_attrs)
fields_115 = user_grs_record.get_field('115')
if fields_115:
password = fields_115[0].content
user_grs_record = _create_or_update_ruslan_user(user_grs_record)
else:
user_grs_record = grs.Record.from_dict(
humanize.get_record_content(sru_records[0]))
fields_100 = user_grs_record.get_field('100')
if fields_100:
reader_id = fields_100[0].content
esia_user.delete()
user = authenticate(username=reader_id,
password=password,
need_check_password=False)
if user:
if user.is_active:
login(request, user)
return render(request, 'esia_sso/register_new_user.html', {
'reader_id': reader_id,
'password': password
})
else:
return _error_response(
request=request,
error='no_access_toke',
state='',
error_description=u'Ваша учетная запись не активна')
else:
return _error_response(
request=request,
error='no_user',
state='',
error_description=
u'Система не может сопоставить вашу учетную запись ЕСИА')
