def transportOwnLink(request, idService, idTransport):
try:
res = userServiceManager().getService(request.user, request.ip, idService, idTransport)
ip, userService, iads, trans, itrans = res # @UnusedVariable
# This returns a response object in fact
return itrans.getLink(userService, trans, ip, request.os, request.user, webPassword(request), request)
except ServiceNotReadyError as e:
return errors.exceptionView(request, e)
except Exception as e:
logger.exception("Exception")
return errors.exceptionView(request, e)
# Will never reach this
raise RuntimeError('Unreachable point reached!!!')
def transportOwnLink(request, idService, idTransport):
try:
res = userServiceManager().getService(request.user, request.os, request.ip, idService, idTransport)
ip, userService, iads, trans, itrans = res # @UnusedVariable
# This returns a response object in fact
return itrans.getLink(userService, trans, ip, request.os, request.user, webPassword(request), request)
except ServiceNotReadyError as e:
return errors.exceptionView(request, e)
except Exception as e:
logger.exception("Exception")
return errors.exceptionView(request, e)
# Will never reach this
raise RuntimeError('Unreachable point reached!!!')
def authCallback(request: HttpRequest, authName: str) -> HttpResponse:
"""
This url is provided so external SSO authenticators can get an url for
redirecting back the users.
This will invoke authCallback of the requested idAuth and, if this represents
an authenticator that has an authCallback
"""
try:
authenticator = Authenticator.objects.get(name=authName)
params = request.GET.copy()
params.update(request.POST)
logger.debug('Auth callback for %s with params %s', authenticator,
params.keys())
ticket = TicketStore.create({
'params': params,
'auth': authenticator.uuid
})
return HttpResponseRedirect(
reverse('page.auth.callback_stage2', args=[ticket]))
except Exception as e:
# No authenticator found...
return errors.exceptionView(request, e)
def transportOwnLink(request: 'HttpRequest', idService: str, idTransport: str):
try:
res = userServiceManager().getService(request.user, request.os,
request.ip, idService,
idTransport)
ip, userService, iads, trans, itrans = res # pylint: disable=unused-variable
# This returns a response object in fact
if itrans and ip:
return itrans.getLink(userService, trans, ip, request.os,
request.user, webPassword(request), request)
except ServiceNotReadyError as e:
return errors.exceptionView(request, e)
except Exception as e:
logger.exception("Exception")
return errors.exceptionView(request, e)
# Will never reach this
return errors.errorView(request, errors.UNKNOWN_ERROR)
def authCallback(request, authName):
"""
This url is provided so external SSO authenticators can get an url for
redirecting back the users.
This will invoke authCallback of the requested idAuth and, if this represents
an authenticator that has an authCallback
"""
from uds.core import auths
try:
authenticator = Authenticator.objects.get(name=authName)
params = request.GET.copy()
params.update(request.POST)
logger.debug('Request session:%s -> %s, %s', request.ip,
request.session.keys(), request.session.session_key)
params['_request'] = request
# params['_session'] = request.session
# params['_user'] = request.user
logger.debug('Auth callback for {0} with params {1}'.format(
authenticator, params.keys()))
user = authenticateViaCallback(authenticator, params)
os = OsDetector.getOsFromUA(request.META['HTTP_USER_AGENT'])
if user is None:
authLogLogin(request, authenticator, '{0}'.format(params),
'Invalid at auth callback')
raise auths.Exceptions.InvalidUserException()
response = HttpResponseRedirect(reverse('Index'))
webLogin(request, response, user,
'') # Password is unavailable in this case
request.session['OS'] = os
# Now we render an intermediate page, so we get Java support from user
# It will only detect java, and them redirect to Java
return response
except auths.Exceptions.Redirect as e:
return HttpResponseRedirect(request.build_absolute_uri(str(e)))
except auths.Exceptions.Logout as e:
return webLogout(request, request.build_absolute_uri(str(e)))
except Exception as e:
logger.exception('authCallback')
return errors.exceptionView(request, e)
# Will never reach this
raise RuntimeError('Unreachable point reached!!!')
def authCallback_stage2(request: HttpRequest, ticketId: str) -> HttpResponse:
try:
ticket = TicketStore.get(ticketId)
params: typing.Dict[str, typing.Any] = ticket['params']
auth_uuid: str = ticket['auth']
authenticator = Authenticator.objects.get(uuid=auth_uuid)
params['_request'] = request
# params['_session'] = request.session
# params['_user'] = request.user
logger.debug('Request session:%s -> %s, %s', request.ip,
request.session.keys(), request.session.session_key)
user = authenticateViaCallback(authenticator, params)
os = OsDetector.getOsFromUA(request.META['HTTP_USER_AGENT'])
if user is None:
authLogLogin(request, authenticator, '{0}'.format(params),
'Invalid at auth callback')
raise auths.exceptions.InvalidUserException()
response = HttpResponseRedirect(reverse('page.index'))
webLogin(request, response, user,
'') # Password is unavailable in this case
request.session['OS'] = os
# Now we render an intermediate page, so we get Java support from user
# It will only detect java, and them redirect to Java
return response
except auths.exceptions.Redirect as e:
return HttpResponseRedirect(
request.build_absolute_uri(str(e)) if e.args and e.args[0] else '/'
)
except auths.exceptions.Logout as e:
return webLogout(
request,
request.build_absolute_uri(str(e))
if e.args and e.args[0] else None)
except Exception as e:
logger.exception('authCallback')
return errors.exceptionView(request, e)
# Will never reach this
raise RuntimeError('Unreachable point reached!!!')
def ticketAuth(request: 'HttpRequest', ticketId: str) -> HttpResponse: # pylint: disable=too-many-locals,too-many-branches,too-many-statements
"""
Used to authenticate an user via a ticket
"""
try:
data = TicketStore.get(ticketId, invalidate=True)
try:
# Extract ticket.data from ticket.data storage, and remove it if success
username = data['username']
groups = data['groups']
auth = data['auth']
realname = data['realname']
servicePool = data['servicePool']
password = cryptoManager().decrypt(data['password'])
transport = data['transport']
except Exception:
logger.error('Ticket stored is not valid')
raise auths.exceptions.InvalidUserException()
auth = Authenticator.objects.get(uuid=auth)
# If user does not exists in DB, create it right now
# Add user to groups, if they exists...
grps: typing.List = []
for g in groups:
try:
grps.append(auth.groups.get(uuid=g))
except Exception:
logger.debug('Group list has changed since ticket assignment')
if not grps:
logger.error('Ticket has no valid groups')
raise Exception('Invalid ticket authentication')
usr = auth.getOrCreateUser(username, realname)
if usr is None or State.isActive(
usr.state) is False: # If user is inactive, raise an exception
raise auths.exceptions.InvalidUserException()
# Add groups to user (replace existing groups)
usr.groups.set(grps)
# Force cookie generation
webLogin(request, None, usr, password)
request.user = usr # Temporarily store this user as "authenticated" user, next requests will be done using session
request.session[
'ticket'] = '1' # Store that user access is done using ticket
# Override and recalc transport based on current os
transport = None
logger.debug("Service & transport: %s, %s", servicePool, transport)
# Check if servicePool is part of the ticket
if servicePool:
# If service pool is in there, also is transport
res = userServiceManager().getService(request.user, request.os,
request.ip,
'F' + servicePool, transport,
False)
_, userService, _, transport, _ = res
transportInstance = transport.getInstance()
if transportInstance.ownLink is True:
link = reverse('TransportOwnLink',
args=('A' + userService.uuid, transport.uuid))
else:
link = html.udsAccessLink(request, 'A' + userService.uuid,
transport.uuid)
request.session['launch'] = link
response = HttpResponseRedirect(reverse('page.ticket.launcher'))
else:
response = HttpResponseRedirect(reverse('page.index'))
# Now ensure uds cookie is at response
getUDSCookie(request, response, True)
return response
except ServiceNotReadyError as e:
return errors.errorView(request, errors.SERVICE_NOT_READY)
except TicketStore.InvalidTicket:
return errors.errorView(request, errors.RELOAD_NOT_SUPPORTED)
except Authenticator.DoesNotExist:
logger.error('Ticket has an non existing authenticator')
return errors.errorView(request, errors.ACCESS_DENIED)
except ServicePool.DoesNotExist:
logger.error('Ticket has an invalid Service Pool')
return errors.errorView(request, errors.SERVICE_NOT_FOUND)
except Exception as e:
logger.exception('Exception')
return errors.exceptionView(request, e)
