def transportOwnLink(request, idService, idTransport): try: res = userServiceManager().getService(request.user, request.ip, idService, idTransport) ip, userService, iads, trans, itrans = res # @UnusedVariable # This returns a response object in fact return itrans.getLink(userService, trans, ip, request.os, request.user, webPassword(request), request) except ServiceNotReadyError as e: return errors.exceptionView(request, e) except Exception as e: logger.exception("Exception") return errors.exceptionView(request, e) # Will never reach this raise RuntimeError('Unreachable point reached!!!')
def transportOwnLink(request, idService, idTransport): try: res = userServiceManager().getService(request.user, request.os, request.ip, idService, idTransport) ip, userService, iads, trans, itrans = res # @UnusedVariable # This returns a response object in fact return itrans.getLink(userService, trans, ip, request.os, request.user, webPassword(request), request) except ServiceNotReadyError as e: return errors.exceptionView(request, e) except Exception as e: logger.exception("Exception") return errors.exceptionView(request, e) # Will never reach this raise RuntimeError('Unreachable point reached!!!')
def authCallback(request: HttpRequest, authName: str) -> HttpResponse: """ This url is provided so external SSO authenticators can get an url for redirecting back the users. This will invoke authCallback of the requested idAuth and, if this represents an authenticator that has an authCallback """ try: authenticator = Authenticator.objects.get(name=authName) params = request.GET.copy() params.update(request.POST) logger.debug('Auth callback for %s with params %s', authenticator, params.keys()) ticket = TicketStore.create({ 'params': params, 'auth': authenticator.uuid }) return HttpResponseRedirect( reverse('page.auth.callback_stage2', args=[ticket])) except Exception as e: # No authenticator found... return errors.exceptionView(request, e)
def transportOwnLink(request: 'HttpRequest', idService: str, idTransport: str): try: res = userServiceManager().getService(request.user, request.os, request.ip, idService, idTransport) ip, userService, iads, trans, itrans = res # pylint: disable=unused-variable # This returns a response object in fact if itrans and ip: return itrans.getLink(userService, trans, ip, request.os, request.user, webPassword(request), request) except ServiceNotReadyError as e: return errors.exceptionView(request, e) except Exception as e: logger.exception("Exception") return errors.exceptionView(request, e) # Will never reach this return errors.errorView(request, errors.UNKNOWN_ERROR)
def authCallback(request, authName): """ This url is provided so external SSO authenticators can get an url for redirecting back the users. This will invoke authCallback of the requested idAuth and, if this represents an authenticator that has an authCallback """ from uds.core import auths try: authenticator = Authenticator.objects.get(name=authName) params = request.GET.copy() params.update(request.POST) logger.debug('Request session:%s -> %s, %s', request.ip, request.session.keys(), request.session.session_key) params['_request'] = request # params['_session'] = request.session # params['_user'] = request.user logger.debug('Auth callback for {0} with params {1}'.format( authenticator, params.keys())) user = authenticateViaCallback(authenticator, params) os = OsDetector.getOsFromUA(request.META['HTTP_USER_AGENT']) if user is None: authLogLogin(request, authenticator, '{0}'.format(params), 'Invalid at auth callback') raise auths.Exceptions.InvalidUserException() response = HttpResponseRedirect(reverse('Index')) webLogin(request, response, user, '') # Password is unavailable in this case request.session['OS'] = os # Now we render an intermediate page, so we get Java support from user # It will only detect java, and them redirect to Java return response except auths.Exceptions.Redirect as e: return HttpResponseRedirect(request.build_absolute_uri(str(e))) except auths.Exceptions.Logout as e: return webLogout(request, request.build_absolute_uri(str(e))) except Exception as e: logger.exception('authCallback') return errors.exceptionView(request, e) # Will never reach this raise RuntimeError('Unreachable point reached!!!')
def authCallback_stage2(request: HttpRequest, ticketId: str) -> HttpResponse: try: ticket = TicketStore.get(ticketId) params: typing.Dict[str, typing.Any] = ticket['params'] auth_uuid: str = ticket['auth'] authenticator = Authenticator.objects.get(uuid=auth_uuid) params['_request'] = request # params['_session'] = request.session # params['_user'] = request.user logger.debug('Request session:%s -> %s, %s', request.ip, request.session.keys(), request.session.session_key) user = authenticateViaCallback(authenticator, params) os = OsDetector.getOsFromUA(request.META['HTTP_USER_AGENT']) if user is None: authLogLogin(request, authenticator, '{0}'.format(params), 'Invalid at auth callback') raise auths.exceptions.InvalidUserException() response = HttpResponseRedirect(reverse('page.index')) webLogin(request, response, user, '') # Password is unavailable in this case request.session['OS'] = os # Now we render an intermediate page, so we get Java support from user # It will only detect java, and them redirect to Java return response except auths.exceptions.Redirect as e: return HttpResponseRedirect( request.build_absolute_uri(str(e)) if e.args and e.args[0] else '/' ) except auths.exceptions.Logout as e: return webLogout( request, request.build_absolute_uri(str(e)) if e.args and e.args[0] else None) except Exception as e: logger.exception('authCallback') return errors.exceptionView(request, e) # Will never reach this raise RuntimeError('Unreachable point reached!!!')
def ticketAuth(request: 'HttpRequest', ticketId: str) -> HttpResponse: # pylint: disable=too-many-locals,too-many-branches,too-many-statements """ Used to authenticate an user via a ticket """ try: data = TicketStore.get(ticketId, invalidate=True) try: # Extract ticket.data from ticket.data storage, and remove it if success username = data['username'] groups = data['groups'] auth = data['auth'] realname = data['realname'] servicePool = data['servicePool'] password = cryptoManager().decrypt(data['password']) transport = data['transport'] except Exception: logger.error('Ticket stored is not valid') raise auths.exceptions.InvalidUserException() auth = Authenticator.objects.get(uuid=auth) # If user does not exists in DB, create it right now # Add user to groups, if they exists... grps: typing.List = [] for g in groups: try: grps.append(auth.groups.get(uuid=g)) except Exception: logger.debug('Group list has changed since ticket assignment') if not grps: logger.error('Ticket has no valid groups') raise Exception('Invalid ticket authentication') usr = auth.getOrCreateUser(username, realname) if usr is None or State.isActive( usr.state) is False: # If user is inactive, raise an exception raise auths.exceptions.InvalidUserException() # Add groups to user (replace existing groups) usr.groups.set(grps) # Force cookie generation webLogin(request, None, usr, password) request.user = usr # Temporarily store this user as "authenticated" user, next requests will be done using session request.session[ 'ticket'] = '1' # Store that user access is done using ticket # Override and recalc transport based on current os transport = None logger.debug("Service & transport: %s, %s", servicePool, transport) # Check if servicePool is part of the ticket if servicePool: # If service pool is in there, also is transport res = userServiceManager().getService(request.user, request.os, request.ip, 'F' + servicePool, transport, False) _, userService, _, transport, _ = res transportInstance = transport.getInstance() if transportInstance.ownLink is True: link = reverse('TransportOwnLink', args=('A' + userService.uuid, transport.uuid)) else: link = html.udsAccessLink(request, 'A' + userService.uuid, transport.uuid) request.session['launch'] = link response = HttpResponseRedirect(reverse('page.ticket.launcher')) else: response = HttpResponseRedirect(reverse('page.index')) # Now ensure uds cookie is at response getUDSCookie(request, response, True) return response except ServiceNotReadyError as e: return errors.errorView(request, errors.SERVICE_NOT_READY) except TicketStore.InvalidTicket: return errors.errorView(request, errors.RELOAD_NOT_SUPPORTED) except Authenticator.DoesNotExist: logger.error('Ticket has an non existing authenticator') return errors.errorView(request, errors.ACCESS_DENIED) except ServicePool.DoesNotExist: logger.error('Ticket has an invalid Service Pool') return errors.errorView(request, errors.SERVICE_NOT_FOUND) except Exception as e: logger.exception('Exception') return errors.exceptionView(request, e)