def pre_social_login(self, request, sociallogin): User = get_user_model() # TODO: make sure that the partnership is still in good standing or valid or whatever if sociallogin.user.pk: set_country(sociallogin.user, request) logger.info("setting connection to {}".format( sociallogin.user.profile.country)) return try: # if user exists, connect the account to the existing account and login new_login_user = User.objects.get(email=sociallogin.user.email) except User.DoesNotExist: url = reverse('sociallogin_notamember', kwargs={ 'email': urlsafe_base64_encode(sociallogin.user.email) }) raise ImmediateHttpResponse(HttpResponseRedirect(url)) sociallogin.connect(request, new_login_user) set_country(new_login_user, request) perform_login(request, new_login_user, 'none', redirect_url=sociallogin.get_redirect_url(request), signal_kwargs={"sociallogin": sociallogin})
def authenticate(self, request): super_return = super(DRFBasicAuthMixin, self).authenticate(request) if not super_return: return None user, token = super_return set_country(user, request) return user, token
def authenticate(self, request): super_return = super(EtoolsTokenAuthentication, self).authenticate(request) if not super_return: return None user, token = super_return set_country(user, request) return user, token
def process_request(self, request): # Connection needs first to be at the public schema, as this is where # the tenant metadata is stored. connection.set_schema_to_public() if not request.user: return if any(x in request.path for x in [u'workspace_inactive']): return None if request.user.is_anonymous(): # check if user is trying to reach an authentication endpoint if any(x in request.path for x in [ u'api', u'login', u'saml', u'accounts', u'monitoring', ]): return None # let them pass else: return HttpResponseRedirect(settings.LOGIN_URL) if request.user.is_superuser and not request.user.profile.country: return None if not request.user.is_superuser and \ (not request.user.profile.country or request.user.profile.country.business_area_code in settings.INACTIVE_BUSINESS_AREAS): return HttpResponseRedirect("/workspace_inactive/") try: set_country(request.user, request) except Exception: logger.info('No country found for user {}'.format(request.user)) return SimpleTemplateResponse('no_country_found.html', {'user': request.user}) # Content type can no longer be cached as public and tenant schemas # have different models. If someone wants to change this, the cache # needs to be separated between public and shared schemas. If this # cache isn't cleared, this can cause permission problems. For example, # on public, a particular model has id 14, but on the tenants it has # the id 15. if 14 is cached instead of 15, the permissions for the # wrong model will be fetched. ContentType.objects.clear_cache() # Do we have a public-specific urlconf? if hasattr( settings, 'PUBLIC_SCHEMA_URLCONF' ) and request.tenant.schema_name == get_public_schema_name(): request.urlconf = settings.PUBLIC_SCHEMA_URLCONF
def get(self, request, format=None): try: workspace = Workspace.objects.get(name=request.query_params.get('country').title()) except (Workspace.DoesNotExist, AttributeError): return Response(status=400, data={'error': 'Country not found'}) try: p = ProgrammeSynchronizer(workspace) p.sync() except BaseException as e: set_country(request.user, request) return Response(status=500, data=e) set_country(request.user, request) return Response({'success': 'Country = {}'.format(workspace.name)})
def process_request(self, request): # Connection needs first to be at the public schema, as this is where # the tenant metadata is stored. connection.set_schema_to_public() if request.user.is_anonymous(): # check if user is trying to reach an authentication endpoint if any(x in request.path for x in [ u'api', u'login', u'saml', u'accounts', ]): return None # let them pass else: return HttpResponseRedirect(settings.LOGIN_URL) if request.user.is_superuser and not request.user.profile.country: return None try: set_country(request.user, request) except Exception as exp: logger.info('No country found for user {}'.format(request.user)) return SimpleTemplateResponse('no_country_found.html', {'user': request.user}); # Content type can no longer be cached as public and tenant schemas # have different models. If someone wants to change this, the cache # needs to be separated between public and shared schemas. If this # cache isn't cleared, this can cause permission problems. For example, # on public, a particular model has id 14, but on the tenants it has # the id 15. if 14 is cached instead of 15, the permissions for the # wrong model will be fetched. ContentType.objects.clear_cache() # Do we have a public-specific urlconf? if hasattr(settings, 'PUBLIC_SCHEMA_URLCONF') and request.tenant.schema_name == get_public_schema_name(): request.urlconf = settings.PUBLIC_SCHEMA_URLCONF
def pre_social_login(self, request, sociallogin): # TODO: make sure that the partnership is still in good standing or valid or whatever if sociallogin.user.pk: set_country(sociallogin.user, request) logger.info("setting connection to {}".format(sociallogin.user.profile.country)) return try: # if user exists, connect the account to the existing account and login new_login_user = User.objects.get(email=sociallogin.user.email) except User.DoesNotExist: url = reverse('sociallogin_notamember', kwargs={'email': urlsafe_base64_encode(sociallogin.user.email)}) raise ImmediateHttpResponse(HttpResponseRedirect(url)) sociallogin.connect(request, new_login_user) set_country(new_login_user, request) perform_login( request, new_login_user, 'none', redirect_url=sociallogin.get_redirect_url(request), signal_kwargs={"sociallogin": sociallogin} )
def authenticate(self, request): jwt_value = self.get_jwt_value(request) if jwt_value is None: # no JWT token return to skip this authentication mechanism return None try: user, jwt_value = super(EToolsTenantJWTAuthentication, self).authenticate(request) except TypeError as exp: raise PermissionDenied(detail='No valid authentication provided') if not user.profile.country: raise PermissionDenied(detail='No country found for user') if user.profile.country_override and user.profile.country != user.profile.country_override: user.profile.country = user.profile.country_override user.profile.save() set_country(user, request) return user, jwt_value
def authenticate(self, request): jwt_value = self.get_jwt_value(request) if jwt_value is None: # no JWT token return to skip this authentication mechanism return None try: user, jwt_value = super(EToolsTenantJWTAuthentication, self).authenticate(request) except TypeError: raise PermissionDenied(detail='No valid authentication provided') except AuthenticationFailed: # Try again if getattr(settings, 'JWT_ALLOW_NON_EXISTENT_USERS', False): try: # try and see if the token is valid payload = jwt_decode_handler(jwt_value) except (jwt.ExpiredSignature, jwt.DecodeError): raise PermissionDenied(detail='Authentication Failed') else: # signature is valid user does not exist... setting default authenticated user user = get_user_model().objects.get( username=settings.DEFAULT_UNICEF_USER) setattr(user, 'jwt_payload', payload) else: raise PermissionDenied(detail='Authentication Failed') if not user.profile.country: raise PermissionDenied(detail='No country found for user') if user.profile.country_override and user.profile.country != user.profile.country_override: user.profile.country = user.profile.country_override user.profile.save() set_country(user, request) return user, jwt_value
def authenticate(self, request): user, token = super(EtoolsTokenAuthentication, self).authenticate(request) set_country(user, request) return user, token