def _create_or_update_ruslan_user(grs_user_record): portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD) response = portal_client.create_grs(grs_user_record, RUSLAN_USERS_DATABASE) record = grs.Record.from_dict(response) fields_1 = record.get_field('1') record_id = '' if fields_1: record_id = fields_1[0].content if not record_id: raise ValueError('record_id must be not empty') fields_100 = record.get_field('100') if not fields_100: field_100 = grs.Field('100') record.add_field(field_100) else: field_100 = fields_100[0] fields_115 = grs_user_record.get_field('115') if fields_115: exist_fields_115 = record.get_field('115') if not exist_fields_115: record.add_field(fields_115[0]) field_100.content = RUSLAN_ID_MASK[:len(record_id) * -1] + record_id portal_client.update_grs(grs_record=record, database=RUSLAN_USERS_DATABASE, id=record_id) return record
def change_email(request): try: models.RuslanUser.objects.get(user=request.user) except models.RuslanUser.DoesNotExist: return HttpResponse(u'Вы не являетесь читателем') ruslan_user = models.get_ruslan_user(request) portal_client = connection_pool.get_client(API_ADDRESS, API_USERNAME, API_PASSWORD) sru_response = portal_client.get_user(ruslan_user.username, RUSLAN_USERS_DATABASE) sru_records = humanize.get_records(sru_response) if not sru_records: return HttpResponse(u'Не найден читатель') record_content = humanize.get_record_content(sru_records[0]) grs_record = grs.Record.from_dict(record_content) if request.method == 'POST': form = forms.ChangeEmailForm(request.POST) if form.is_valid(): email_fields = grs_record.get_field(EMAIL_FIELD_TAG) if email_fields: email_fields[0].content = form.cleaned_data['email'] portal_client.update_grs( grs_record, RUSLAN_USERS_DATABASE, grs_record.get_field_value(RECORD_ID_TAG)) else: form = forms.ChangeEmailForm() current_email = grs_record.get_field_value(EMAIL_FIELD_TAG, '') return render(request, 'sso_ruslan/change_email.html', { 'form': form, 'current_email': current_email, })
def change_email(request): try: models.RuslanUser.objects.get(user=request.user) except models.RuslanUser.DoesNotExist: return HttpResponse(u'Вы не являетесь читателем') ruslan_user = models.get_ruslan_user(request) portal_client = connection_pool.get_client(API_ADDRESS, API_USERNAME, API_PASSWORD) sru_response = portal_client.get_user(ruslan_user.username, RUSLAN_USERS_DATABASE) sru_records = humanize.get_records(sru_response) if not sru_records: return HttpResponse(u'Не найден читатель') record_content = humanize.get_record_content(sru_records[0]) grs_record = grs.Record.from_dict(record_content) if request.method == 'POST': form = forms.ChangeEmailForm(request.POST) if form.is_valid(): email_fields = grs_record.get_field(EMAIL_FIELD_TAG) if email_fields: email_fields[0].content = form.cleaned_data['email'] portal_client.update_grs(grs_record, RUSLAN_USERS_DATABASE, grs_record.get_field_value(RECORD_ID_TAG)) else: form = forms.ChangeEmailForm() current_email = grs_record.get_field_value(EMAIL_FIELD_TAG, '') return render(request, 'sso_ruslan/change_email.html', { 'form': form, 'current_email': current_email, })
def _create_or_update_ruslan_user(grs_user_record): portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD) response = portal_client.create_grs(grs_user_record, RUSLAN_USERS_DATABASE) record = grs.Record.from_dict(response) fields_1 = record.get_field("1") record_id = "" if fields_1: record_id = fields_1[0].content if not record_id: raise ValueError("record_id must be not empty") fields_100 = record.get_field("100") if not fields_100: field_100 = grs.Field("100") record.add_field(field_100) else: field_100 = fields_100[0] fields_115 = grs_user_record.get_field("115") if fields_115: exist_fields_115 = record.get_field("115") if not exist_fields_115: record.add_field(fields_115[0]) field_100.content = RUSLAN_ID_MASK[: len(record_id) * -1] + record_id portal_client.update_grs(grs_record=record, database=RUSLAN_USERS_DATABASE, id=record_id) return record
def _create_or_update_ruslan_user(grs_user_record): portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD) response = portal_client.create_grs(grs_user_record, RUSLAN_USERS_DATABASE) grs_record = response.get('content', [{}])[0] record = grs.Record.from_dict(grs_record) fields_1 = record.get_field('1') record_id = '' if fields_1: record_id = fields_1[0].content if not record_id: raise ValueError('record_id must be not empty') fields_100 = record.get_field('100') if not fields_100: field_100 = grs.Field('100') record.add_field(field_100) else: field_100 = fields_100[0] field_100.content = RUSLAN_ID_MASK[:len(record_id) * -1] + record_id portal_client.update_grs(grs_record=record, database=RUSLAN_USERS_DATABASE, id=record_id) return record
def register_new_user(request, id): try: tatedu_user = models.TatEduUser.objects.get(id=id) except models.TatEduUser.DoesNotExist: return redirect("sso_tatedu:index") user_attrs = json.loads(tatedu_user.user_attrs) person_info = user_attrs.get("person_info", {}) portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD) # oid = u'777' query = u'@attrset bib-1 @attr 1=%s "%s"' % (OID_FIELD, tatedu_user.oid.replace("\\", "\\\\")) sru_response = portal_client.search(database=RUSLAN_USERS_DATABASE, query=query, start_record=1, maximum_records=1) sru_records = humanize.get_records(sru_response) reader_id = "" password = "" if not sru_records: user_grs_record = _create_grs_from_user( oid=tatedu_user.oid, email=person_info.get("email", ""), user_attrs=user_attrs ) fields_115 = user_grs_record.get_field("115") if fields_115: password = fields_115[0].content user_grs_record = _create_or_update_ruslan_user(user_grs_record) else: user_grs_record = grs.Record.from_dict(humanize.get_record_content(sru_records[0])) fields_100 = user_grs_record.get_field("100") if fields_100: reader_id = fields_100[0].content # tatedu_user.delete() user = authenticate(username=reader_id, password=password, need_check_password=False) if user: if user.is_active: login(request, user) request.session["logout_idp_url"] = LOGOUT_URL return render(request, "sso_tatedu/register_new_user.html", {"reader_id": reader_id, "password": password}) else: return _error_response( request=request, error="no_access_toke", state="", error_description=u"Ваша учетная запись не активна" ) else: return _error_response( request=request, error="no_user", state="", error_description=u"Система не может сопоставить вашу учетную запись ОЭ РТ", )
def _update_ruslan_user(record): portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD) fields_1 = record.get_field('1') record_id = '' if fields_1: record_id = fields_1[0].content if not record_id: raise ValueError('record_id must be not empty') portal_client.update_grs(grs_record=record, database=RUSLAN_USERS_DATABASE, id=record_id) return record
def authenticate(self, username=None, password="", need_check_password=True): if username: username = username.strip() if password: password = password.strip() if not username: return None portal_client = connection_pool.get_client(API_ADDRESS, API_USERNAME, API_PASSWORD) if need_check_password: try: reader_id = username.replace("\\", "\\\\").replace('"', '\\"') password = password.replace("\\", "\\\\").replace('"', '\\"') sru_response = portal_client.search( query='@attrset bib-1 @attr 1=100 "%s"' % (reader_id,), database=RUSLAN_USERS_DATABASE, maximum_records=1, ) sru_records = humanize.get_records(sru_response) if not sru_records: return None except Exception as e: logger.exception(e) return None sru_reps = portal_client.get_user(username, database=RUSLAN_USERS_DATABASE) records = humanize.get_records(sru_reps) if not records: return None # 101 - фамилия # 102 - имя # 103 - отчество grs_record = humanize.grs_to_dict(humanize.get_record_content(records[0]).get("GRSTag", [{}])) user_password = password if need_check_password and user_password != password: return None return self.get_or_create_user(username, password, grs_record)
from . import forms RUSLAN = getattr(settings, 'RUSLAN', {}) API_ADDRESS = RUSLAN.get('api_address', 'http://localhost/') API_USERNAME = RUSLAN.get('username') API_PASSWORD = RUSLAN.get('password') ON_HAND_DB = 'circ' ORDERS_DB = 'extd' HOLDINGS_BASE = 'spstu' ORG_CODES = RUSLAN.get('org_codes', {}) CAN_ORDER_BRANCHES = RUSLAN.get('can_order_branches', []) ruslan_client = connection_pool.get_client(API_ADDRESS, API_USERNAME, API_PASSWORD) @api_decorators.permission_required(['pages.create_page'], message=u'Доступ запрещен') def index(request): return api_responses.response({'status': 'ok'}) @never_cache @csrf_exempt def holdings(request): record_id = request.GET.get('recordId', '') if not record_id: return api_responses.errors_response('recordId params does not exist')
def register_new_user(request, id): try: tatedu_user = models.TatEduUser.objects.get(id=id) except models.TatEduUser.DoesNotExist: return redirect('sso_tatedu:index') user_attrs = json.loads(tatedu_user.user_attrs) person_info = user_attrs.get('person_info', {}) portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD) # oid = u'777' query = u'@attrset bib-1 @attr 1=%s "%s"' % ( OID_FIELD, tatedu_user.oid.replace('\\', '\\\\')) sru_response = portal_client.search(database=RUSLAN_USERS_DATABASE, query=query, start_record=1, maximum_records=1) sru_records = humanize.get_records(sru_response) reader_id = '' password = '' if not sru_records: user_grs_record = _create_grs_from_user(oid=tatedu_user.oid, email=person_info.get( 'email', ''), user_attrs=user_attrs) fields_115 = user_grs_record.get_field('115') if fields_115: password = fields_115[0].content user_grs_record = _create_or_update_ruslan_user(user_grs_record) else: user_grs_record = grs.Record.from_dict( humanize.get_record_content(sru_records[0])) fields_100 = user_grs_record.get_field('100') if fields_100: reader_id = fields_100[0].content # tatedu_user.delete() user = authenticate(username=reader_id, password=password, need_check_password=False) if user: if user.is_active: login(request, user) request.session['logout_idp_url'] = LOGOUT_URL return render(request, 'sso_tatedu/register_new_user.html', { 'reader_id': reader_id, 'password': password }) else: return _error_response( request=request, error='no_access_toke', state='', error_description=u'Ваша учетная запись не активна') else: return _error_response( request=request, error='no_user', state='', error_description= u'Система не может сопоставить вашу учетную запись ОЭ РТ')
def redirect_from_idp(request): error = request.GET.get("error") state = request.GET.get("state") code = request.GET.get("code") error_description = request.GET.get("error_description") if error: return _error_response(request=request, error=error, state=state, error_description=error_description) try: access_marker = _get_access_marker(code) except Exception as e: return _error_response( request=request, error="get_access_marker", state=state, error_description=u"При получении маркера возникла ошибка", exception=e, ) access_token = access_marker.get("access_token", "") if not access_token: return _error_response( request=request, error="no_access_toke", state=state, error_description=u"Авторизационный код доступа не был получен", ) try: person_info_resp = _get_person_info(access_token) # print person_info_resp # person_contacts = _get_person_contacts(oid, access_token) # person_addresses = _get_person_addresses(oid, access_token) # person_docs = _get_person_docs(oid, access_token) except Exception as e: return _error_response( request=request, error="user_info_error", error_description=u"Ошибка при получении информации из ЭО РТ", exception=e, ) if person_info_resp.get("status", "") != "success": return _error_response( request=request, error="user_info_error", error_description=u"Ошибка при получении информации из ЭО РТ " + person_info_resp.get("message"), ) # return HttpResponse(json.dumps(person_info_resp, ensure_ascii=False), content_type='application/json') person_info = person_info_resp.get("data", {}) if person_info.get("status", "") != "active": return _error_response( request=request, error="user_not_active", error_description=u"Учетная запись неактивна. Обратитесь к администратору портала ЭО", ) user_id = person_info.get("id") if not user_id: return _error_response( request=request, error="no_user_id", error_description=u"Ответ не содержит идентификатор пользователя" ) user_attrs = { "person_info": person_info, # 'person_contacts': person_contacts, # 'person_addresses': person_addresses, # 'person_docs': person_docs, } portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD) # oid = u'erf' # state = '112313' # user_attrs = esia_response # person_info = user_attrs.get('person_info', {}) # person_contacts = user_attrs.get('person_contacts', []) sru_response = portal_client.search( query=u'@attrset bib-1 @attr 1=%s "%s"' % (OID_FIELD, unicode(user_id).replace("\\", "\\\\").replace('"', '\\"')), database=RUSLAN_USERS_DATABASE, maximum_records=1, ) sru_records = humanize.get_records(sru_response) if not sru_records: tatedu_user = models.create_or_update_user(user_id, user_attrs) return register_new_user(request, tatedu_user.id) else: user_grs_record = grs.Record.from_dict(humanize.get_record_content(sru_records[0])) fields_100 = user_grs_record.get_field("100") if not fields_100: return _error_response( request=request, error="no_user", error_description=u"Система в данный момент не может произвести авторизацию", ) else: user = authenticate(username=fields_100[0].content, need_check_password=False) if user: if user.is_active: login(request, user) library_id = _get_library_id(user_grs_record) if library_id: request.session["org_id"] = library_id request.session["logout_idp_url"] = LOGOUT_URL request.session["auth_source"] = AUTH_SOURCE return redirect("index:frontend:index") else: return _error_response( request=request, error="no_access_token", state=state, error_description=u"Ваша учетная запись не активна", ) else: return _error_response( request=request, error="no_user", state=state, error_description=u"Система не может сопоставить вашу учетную запись ЭО РТ", )
def authenticate(self, username=None, password='', need_check_password=True): if username: username = username.strip() if password: password = password.strip() if not username: return None portal_client = connection_pool.get_client(API_ADDRESS, API_USERNAME, API_PASSWORD) reader_id = username.replace('\\', '\\\\').replace('"', '\\"') password = password.replace('\\', '\\\\').replace('"', '\\"') sru_response = portal_client.search( query='@attrset bib-1 @attr 1=132 "%s"' % (reader_id,), database=RUSLAN_USERS_DATABASE, maximum_records=1 ) sru_records = humanize.get_records(sru_response) if sru_records: try: record_content = humanize.get_record_content(sru_records[0]) grs_record = grs.Record.from_dict(record_content) f100 = grs_record.get_field_value('100', '') if f100: reader_id = f100.replace('\\', '\\\\').replace('"', '\\"') except Exception as e: logger.exception(e) return None if need_check_password: user_client = client.HttpClient(API_ADDRESS, username=reader_id, password=password) try: user_principal = user_client.principal() user_client.close_session() except client.UnauthorizedError: return None except UnicodeEncodeError: return None try: # reader_id = username.replace('\\', '\\\\').replace('"', '\\"') sru_response = portal_client.search( query='@attrset bib-1 @attr 1=100 "%s"' % (reader_id,), database=RUSLAN_USERS_DATABASE, maximum_records=1 ) sru_records = humanize.get_records(sru_response) if not sru_records: return None except Exception as e: logger.exception(e) return None sru_reps = portal_client.get_user(reader_id, database=RUSLAN_USERS_DATABASE) records = humanize.get_records(sru_reps) if not records: return None # 101 - фамилия # 102 - имя # 103 - отчество grs_record = grs.Record.from_dict(humanize.get_record_content(records[0])) return self.get_or_create_user(reader_id, password, grs_record, need_check_password)
from . import forms RUSLAN = getattr(settings, 'RUSLAN', {}) API_ADDRESS = RUSLAN.get('api_address', 'http://localhost/') API_USERNAME = RUSLAN.get('username') API_PASSWORD = RUSLAN.get('password') ON_HAND_DB = 'circ' ORDERS_DB = 'extd' HOLDINGS_BASE = 'spstu' ORG_CODES = RUSLAN.get('org_codes', {}) CAN_ORDER_BRANCHES = RUSLAN.get('can_order_branches', []) ruslan_client = connection_pool.get_client(API_ADDRESS, API_USERNAME, API_PASSWORD) @api_decorators.permission_required(['pages.create_page'], message=u'Доступ запрещен') def index(request): return api_responses.response({ 'status': 'ok' }) @never_cache @csrf_exempt def holdings(request): record_id = request.GET.get('recordId', '') if not record_id: return api_responses.errors_response('recordId params does not exist')
def authenticate(self, username=None, password='', need_check_password=True): if username: username = username.strip() if password: password = password.strip() if not username: return None portal_client = connection_pool.get_client(API_ADDRESS, API_USERNAME, API_PASSWORD) reader_id = username.replace('\\', '\\\\').replace('"', '\\"') password = password.replace('\\', '\\\\').replace('"', '\\"') sru_response = portal_client.search( query='@attrset bib-1 @attr 1=132 "%s"' % (reader_id, ), database=RUSLAN_USERS_DATABASE, maximum_records=1) sru_records = humanize.get_records(sru_response) if sru_records: try: record_content = humanize.get_record_content(sru_records[0]) grs_record = grs.Record.from_dict(record_content) f100 = grs_record.get_field_value('100', '') if f100: reader_id = f100.replace('\\', '\\\\').replace('"', '\\"') except Exception as e: logger.exception(e) return None if need_check_password: user_client = client.HttpClient(API_ADDRESS, username=reader_id, password=password) try: user_principal = user_client.principal() user_client.close_session() except client.UnauthorizedError: return None except UnicodeEncodeError: return None try: # reader_id = username.replace('\\', '\\\\').replace('"', '\\"') sru_response = portal_client.search( query='@attrset bib-1 @attr 1=100 "%s"' % (reader_id, ), database=RUSLAN_USERS_DATABASE, maximum_records=1) sru_records = humanize.get_records(sru_response) if not sru_records: return None except Exception as e: logger.exception(e) return None sru_reps = portal_client.get_user(reader_id, database=RUSLAN_USERS_DATABASE) records = humanize.get_records(sru_reps) if not records: return None # 101 - фамилия # 102 - имя # 103 - отчество grs_record = grs.Record.from_dict( humanize.get_record_content(records[0])) return self.get_or_create_user(reader_id, password, grs_record, need_check_password)
def redirect_from_idp(request): error = request.GET.get('error') state = request.GET.get('state') code = request.GET.get('code') error_description = request.GET.get('error_description') if error: return _error_response( request=request, error=error, state=state, error_description=error_description ) try: access_marker = _get_access_marker(code) except Exception as e: return _error_response( request=request, error='get_access_marker', state=state, error_description=u'При получении маркера возникла ошибка', exception=e ) access_token = access_marker.get('access_token', '') if not access_token: return _error_response( request=request, error='no_access_toke', state=state, error_description=u'Авторизационный код доступа не был получен' ) try: person_info_resp = _get_person_info(access_token) # print person_info_resp # person_contacts = _get_person_contacts(oid, access_token) # person_addresses = _get_person_addresses(oid, access_token) # person_docs = _get_person_docs(oid, access_token) except Exception as e: return _error_response( request=request, error='user_info_error', error_description=u'Ошибка при получении информации из ЭО РТ', exception=e ) if person_info_resp.get('status', '') != 'success': return _error_response( request=request, error='user_info_error', error_description=u'Ошибка при получении информации из ЭО РТ ' + person_info_resp.get('message') ) # print json.dumps(person_info_resp, ensure_ascii=False) person_info = person_info_resp.get('data', {}) if person_info.get('status', '') != 'active': return _error_response( request=request, error='user_not_active', error_description=u'Учетная запись неактивна. Обратитесь к администратору портала ЭО' ) user_id = person_info.get('id') if not user_id: return _error_response( request=request, error='no_user_id', error_description=u'Ответ не содержит идентификатор пользователя' ) user_attrs = { 'person_info': person_info, # 'person_contacts': person_contacts, # 'person_addresses': person_addresses, # 'person_docs': person_docs, } portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD) # oid = u'erf' # state = '112313' # user_attrs = esia_response # person_info = user_attrs.get('person_info', {}) # person_contacts = user_attrs.get('person_contacts', []) sru_response = portal_client.search( query=u'@attrset bib-1 @attr 1=%s "%s"' % ( OID_FIELD, unicode(user_id).replace('\\', '\\\\').replace('"', '\\"'),), database=RUSLAN_USERS_DATABASE, maximum_records=1 ) sru_records = humanize.get_records(sru_response) tatedu_user = models.create_or_update_user(user_id, user_attrs) if not sru_records: return register_new_user(request, tatedu_user.id) else: user_grs_record = grs.Record.from_dict(humanize.get_record_content(sru_records[0])) new_user_grs_record = _create_grs_from_user( oid=tatedu_user.oid, email=person_info.get('email', ''), user_attrs=user_attrs ) for field_value in ['505', '506', '508', '509', '510']: fields = new_user_grs_record.get_field(field_value) user_grs_record.set_field(field_value, fields) _update_ruslan_user(user_grs_record) fields_100 = user_grs_record.get_field('100') if not fields_100: return _error_response( request=request, error='no_user', state=state, error_description=u'Система в данный момент не может произвести авторизацию' ) else: user = authenticate(username=fields_100[0].content, need_check_password=False) if user: if user.is_active: login(request, user) library_id = _get_library_id(user_grs_record) if library_id: request.session['org_id'] = library_id request.session['logout_idp_url'] = LOGOUT_URL request.session['auth_source'] = AUTH_SOURCE return redirect('index:frontend:index') else: return _error_response( request=request, error='no_access_token', state=state, error_description=u'Ваша учетная запись не активна' ) else: return _error_response( request=request, error='no_user', state=state, error_description=u'Система не может сопоставить вашу учетную запись ЭО РТ' )
def register_new_user(request, id): try: esia_user = models.EsiaUser.objects.get(id=id) except models.EsiaUser.DoesNotExist: return redirect('sso_esia:index') user_attrs = json.loads(esia_user.user_attrs) person_contacts = user_attrs.get('person_contacts', []) portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD) # oid = u'777' query = u'@attrset bib-1 @attr 1=403 "%s"' % (esia_user.oid.replace('\\', '\\\\')) sru_response = portal_client.search(database=RUSLAN_USERS_DATABASE, query=query, start_record=1, maximum_records=1) sru_records = humanize.get_records(sru_response) reader_id = '' password = '' if not sru_records: user_grs_record = _create_grs_from_esia( oid=esia_user.oid, email=(_find_contacts_attr('EML', person_contacts) or [''])[0], user_attrs=user_attrs ) fields_115 = user_grs_record.get_field('115') if fields_115: password = fields_115[0].content user_grs_record = _create_or_update_ruslan_user(user_grs_record) else: user_grs_record = grs.Record.from_dict(humanize.get_record_content(sru_records[0])) fields_100 = user_grs_record.get_field('100') if fields_100: reader_id = fields_100[0].content esia_user.delete() user = authenticate(username=reader_id, password=password, need_check_password=False) if user: if user.is_active: login(request, user) return render(request, 'esia_sso/register_new_user.html', { 'reader_id': reader_id, 'password': password }) else: return _error_response( request=request, error='no_access_toke', state='', error_description=u'Ваша учетная запись не активна' ) else: return _error_response( request=request, error='no_user', state='', error_description=u'Система не может сопоставить вашу учетную запись ЕСИА' )
def ask_for_exist_reader(request, id): try: esia_user = models.EsiaUser.objects.get(id=id) except models.EsiaUser.DoesNotExist: return redirect('sso_esia:index') portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD) if request.method == 'POST': ruslan_auth_form = forms.RuslanAuthForm(request.POST) if ruslan_auth_form.is_valid(): reader_id = ruslan_auth_form.cleaned_data['reader_id'].replace('\\', '\\\\').replace('"', '\\"') password = ruslan_auth_form.cleaned_data['password'].replace('\\', '\\\\').replace('"', '\\"') sru_response = portal_client.search( query='@attrset bib-1 @attr 1=100 "%s"' % (reader_id,), database=RUSLAN_USERS_DATABASE, maximum_records=1 ) sru_records = humanize.get_records(sru_response) if not sru_records: ruslan_auth_form.add_error('reader_id', u'Идентификатор читателя не найден') else: sru_response = portal_client.search( query='@attrset bib-1 @and @attr 1=100 "%s" @attr 1=115 "%s"' % (reader_id, password), database=RUSLAN_USERS_DATABASE, maximum_records=1 ) sru_records = humanize.get_records(sru_response) if not sru_records: ruslan_auth_form.add_error('reader_id', u'Неверный пароль') else: user_record = humanize.get_record_content(sru_records[0]) user_grs_record = grs.Record.from_dict(user_record) fields_403 = user_grs_record.get_field('403') if fields_403: if fields_403[0].content != esia_user.oid: ruslan_auth_form.add_error( 'reader_id', u'Идентификатор читателя уже связан с учетной записью ЕСИА' ) else: user_grs_record.add_field(grs.Field('403', esia_user.oid)) portal_client.update_grs( grs_record=user_grs_record, database=RUSLAN_USERS_DATABASE, id=reader_id ) esia_user.delete() user = authenticate( username=ruslan_auth_form.cleaned_data['reader_id'], password=ruslan_auth_form.cleaned_data['password'] ) if user: if user.is_active: login(request, user) return redirect('index:frontend:index') else: return _error_response( request=request, error='no_access_toke', state='', error_description=u'Ваша учетная запись читателя не активна' ) else: return _error_response( request=request, error='no_user', state='', error_description=u'Система не может сопоставить вашу учетную запись ЕСИА' ) else: ruslan_auth_form = forms.RuslanAuthForm() return render(request, 'esia_sso/ask_for_exist_reader.html', { 'ruslan_auth_form': ruslan_auth_form, 'esia_id': id })
def redirect_from_idp(request): error = request.GET.get('error') state = request.GET.get('state') error_description = request.GET.get('error_description') if error: return _error_response( request=request, error=error, state=state, error_description=error_description ) code = request.GET.get('code') state = request.GET.get('state') try: access_marker = _get_access_marker(code) except Exception as e: return _error_response( request=request, error='get_access_marker', state=state, error_description=u'При получении маркера возникла ошибка', exception=e ) access_token = access_marker.get('access_token', '') if not access_token: return _error_response( request=request, error='no_access_toke', state=state, error_description=u'Авторизационный код доступа не был получен' ) try: oid = _get_oid(access_token) except Exception as e: return _error_response( request=request, error='get_oid', state=state, error_description=u'Ошибка при получении oid', exception=e ) if not oid: return _error_response( request=request, error='no_oid', state=state, error_description=u'oid не был получен' ) try: person_info = _get_person_info(oid, access_token) person_contacts = _get_person_contacts(oid, access_token) person_addresses = _get_person_addresses(oid, access_token) except Exception as e: return _error_response( request=request, error='user_info_error', state=state, error_description=u'Ошибка при получении информации из ЕСИА', exception=e ) user_attrs = { 'person_info': person_info, 'person_contacts': person_contacts, 'person_addresses': person_addresses } portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD) #oid = u'erf' #state = '112313' #user_attrs = esia_response # person_info = user_attrs.get('person_info', {}) # person_contacts = user_attrs.get('person_contacts', []) sru_response = portal_client.search( query='@attrset bib-1 @attr 1=403 "%s"' % (oid.replace('\\', '\\\\').replace('"', '\\"'),), database=RUSLAN_USERS_DATABASE, maximum_records=1 ) sru_records = humanize.get_records(sru_response) if not sru_records: esia_user = models.create_or_update_esia_user(oid, user_attrs) return redirect('sso_esia:ask_for_exist_reader', id=esia_user.id) else: user_grs_record = grs.Record.from_dict(humanize.get_record_content(sru_records[0])) fields_100 = user_grs_record.get_field('100') if not fields_100: return _error_response( request=request, error='no_user', state=state, error_description=u'Система в данный момент не может произвести авторизацию' ) else: user = authenticate(username=fields_100[0].content, need_check_password=False) if user: if user.is_active: login(request, user) request.session['logout_idp_url'] = 'https://esia-portal1.test.gosuslugi.ru/profile/user/saml/Logout' return redirect('index:frontend:index') else: return _error_response( request=request, error='no_access_toke', state=state, error_description=u'Ваша учетная запись не активна' ) else: return _error_response( request=request, error='no_user', state=state, error_description=u'Система не может сопоставить вашу учетную запись ЕСИА' )
def redirect_from_idp(request): error = request.GET.get('error') state = request.GET.get('state') code = request.GET.get('code') error_description = request.GET.get('error_description') if error: return _error_response(request=request, error=error, state=state, error_description=error_description) try: access_marker = _get_access_marker(code) except Exception as e: return _error_response( request=request, error='get_access_marker', state=state, error_description=u'При получении маркера возникла ошибка', exception=e) access_token = access_marker.get('access_token', '') if not access_token: return _error_response( request=request, error='no_access_toke', state=state, error_description=u'Авторизационный код доступа не был получен') try: oid = _get_oid(access_token) except Exception as e: return _error_response(request=request, error='get_oid', state=state, error_description=u'Ошибка при получении oid', exception=e) if not oid: return _error_response(request=request, error='no_oid', state=state, error_description=u'oid не был получен') try: person_info = _get_person_info(oid, access_token) person_contacts = _get_person_contacts(oid, access_token) person_addresses = _get_person_addresses(oid, access_token) person_docs = _get_person_docs(oid, access_token) except Exception as e: return _error_response( request=request, error='user_info_error', state=state, error_description=u'Ошибка при получении информации из ЕСИА', exception=e) user_attrs = { 'person_info': person_info, 'person_contacts': person_contacts, 'person_addresses': person_addresses, 'person_docs': person_docs, } portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD) # oid = u'erf' # state = '112313' # user_attrs = esia_response # person_info = user_attrs.get('person_info', {}) # person_contacts = user_attrs.get('person_contacts', []) sru_response = portal_client.search( query='@attrset bib-1 @attr 1=403 "%s"' % (oid.replace('\\', '\\\\').replace('"', '\\"'), ), database=RUSLAN_USERS_DATABASE, maximum_records=1) sru_records = humanize.get_records(sru_response) if not sru_records: esia_user = models.create_or_update_esia_user(oid, user_attrs) return redirect('sso_esia:ask_for_exist_reader', id=esia_user.id) else: user_grs_record = grs.Record.from_dict( humanize.get_record_content(sru_records[0])) fields_100 = user_grs_record.get_field('100') if not fields_100: return _error_response( request=request, error='no_user', state=state, error_description= u'Система в данный момент не может произвести авторизацию') else: user = authenticate(username=fields_100[0].content, need_check_password=False) if user: if user.is_active: login(request, user) request.session[ 'logout_idp_url'] = 'https://esia.gosuslugi.ru/idp/ext/Logout?client_id=%s&redirect_url=http://%s' % ( ESIA_SSO_CLIENT_ID, SITE_DOMAIN) return redirect('index:frontend:index') else: return _error_response( request=request, error='no_access_toke', state=state, error_description=u'Ваша учетная запись не активна') else: return _error_response( request=request, error='no_user', state=state, error_description= u'Система не может сопоставить вашу учетную запись ЕСИА')
def redirect_from_idp(request): error = request.GET.get('error') state = request.GET.get('state') code = request.GET.get('code') error_description = request.GET.get('error_description') if error: return _error_response(request=request, error=error, state=state, error_description=error_description) try: access_marker = _get_access_marker(code) except Exception as e: return _error_response( request=request, error='get_access_marker', state=state, error_description=u'При получении маркера возникла ошибка', exception=e) access_token = access_marker.get('access_token', '') if not access_token: return _error_response( request=request, error='no_access_toke', state=state, error_description=u'Авторизационный код доступа не был получен') try: person_info_resp = _get_person_info(access_token) # print person_info_resp # person_contacts = _get_person_contacts(oid, access_token) # person_addresses = _get_person_addresses(oid, access_token) # person_docs = _get_person_docs(oid, access_token) except Exception as e: return _error_response( request=request, error='user_info_error', error_description=u'Ошибка при получении информации из ЭО РТ', exception=e) if person_info_resp.get('status', '') != 'success': return _error_response( request=request, error='user_info_error', error_description=u'Ошибка при получении информации из ЭО РТ ' + person_info_resp.get('message')) # print json.dumps(person_info_resp, ensure_ascii=False) person_info = person_info_resp.get('data', {}) if person_info.get('status', '') != 'active': return _error_response( request=request, error='user_not_active', error_description= u'Учетная запись неактивна. Обратитесь к администратору портала ЭО' ) user_id = person_info.get('id') if not user_id: return _error_response( request=request, error='no_user_id', error_description=u'Ответ не содержит идентификатор пользователя') user_attrs = { 'person_info': person_info, # 'person_contacts': person_contacts, # 'person_addresses': person_addresses, # 'person_docs': person_docs, } portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD) # oid = u'erf' # state = '112313' # user_attrs = esia_response # person_info = user_attrs.get('person_info', {}) # person_contacts = user_attrs.get('person_contacts', []) sru_response = portal_client.search( query=u'@attrset bib-1 @attr 1=%s "%s"' % ( OID_FIELD, unicode(user_id).replace('\\', '\\\\').replace('"', '\\"'), ), database=RUSLAN_USERS_DATABASE, maximum_records=1) sru_records = humanize.get_records(sru_response) tatedu_user = models.create_or_update_user(user_id, user_attrs) if not sru_records: return register_new_user(request, tatedu_user.id) else: user_grs_record = grs.Record.from_dict( humanize.get_record_content(sru_records[0])) new_user_grs_record = _create_grs_from_user(oid=tatedu_user.oid, email=person_info.get( 'email', ''), user_attrs=user_attrs) for field_value in ['505', '506', '508', '509', '510']: fields = new_user_grs_record.get_field(field_value) user_grs_record.set_field(field_value, fields) _update_ruslan_user(user_grs_record) fields_100 = user_grs_record.get_field('100') if not fields_100: return _error_response( request=request, error='no_user', state=state, error_description= u'Система в данный момент не может произвести авторизацию') else: user = authenticate(username=fields_100[0].content, need_check_password=False) if user: if user.is_active: login(request, user) library_id = _get_library_id(user_grs_record) if library_id: request.session['org_id'] = library_id request.session['logout_idp_url'] = LOGOUT_URL request.session['auth_source'] = AUTH_SOURCE return redirect('index:frontend:index') else: return _error_response( request=request, error='no_access_token', state=state, error_description=u'Ваша учетная запись не активна') else: return _error_response( request=request, error='no_user', state=state, error_description= u'Система не может сопоставить вашу учетную запись ЭО РТ')
def ask_for_exist_reader(request, id): try: esia_user = models.EsiaUser.objects.get(id=id) except models.EsiaUser.DoesNotExist: return redirect('sso_esia:index') portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD) if request.method == 'POST': ruslan_auth_form = forms.RuslanAuthForm(request.POST) if ruslan_auth_form.is_valid(): reader_id = ruslan_auth_form.cleaned_data['reader_id'].replace( '\\', '\\\\').replace('"', '\\"') password = ruslan_auth_form.cleaned_data['password'].replace( '\\', '\\\\').replace('"', '\\"') sru_response = portal_client.search( query='@attrset bib-1 @attr 1=100 "%s"' % (reader_id, ), database=RUSLAN_USERS_DATABASE, maximum_records=1) sru_records = humanize.get_records(sru_response) if not sru_records: ruslan_auth_form.add_error( 'reader_id', u'Идентификатор читателя не найден') else: sru_response = portal_client.search( query= '@attrset bib-1 @and @attr 1=100 "%s" @attr 1=115 "%s"' % (reader_id, password), database=RUSLAN_USERS_DATABASE, maximum_records=1) sru_records = humanize.get_records(sru_response) if not sru_records: ruslan_auth_form.add_error('reader_id', u'Неверный пароль') else: user_record = humanize.get_record_content(sru_records[0]) user_grs_record = grs.Record.from_dict(user_record) fields_403 = user_grs_record.get_field('403') if fields_403: if fields_403[0].content != esia_user.oid: ruslan_auth_form.add_error( 'reader_id', u'Идентификатор читателя уже связан с учетной записью ЕСИА' ) else: user_grs_record.add_field( grs.Field('403', esia_user.oid)) portal_client.update_grs( grs_record=user_grs_record, database=RUSLAN_USERS_DATABASE, id=reader_id) esia_user.delete() user = authenticate( username=ruslan_auth_form. cleaned_data['reader_id'], password=ruslan_auth_form.cleaned_data['password']) if user: if user.is_active: login(request, user) return redirect('index:frontend:index') else: return _error_response( request=request, error='no_access_toke', state='', error_description= u'Ваша учетная запись читателя не активна') else: return _error_response( request=request, error='no_user', state='', error_description= u'Система не может сопоставить вашу учетную запись ЕСИА' ) else: ruslan_auth_form = forms.RuslanAuthForm() return render(request, 'esia_sso/ask_for_exist_reader.html', { 'ruslan_auth_form': ruslan_auth_form, 'esia_id': id })
def register_new_user(request, id): try: esia_user = models.EsiaUser.objects.get(id=id) except models.EsiaUser.DoesNotExist: return redirect('sso_esia:index') user_attrs = json.loads(esia_user.user_attrs) person_contacts = user_attrs.get('person_contacts', []) portal_client = connection_pool.get_client(RUSLAN_API_ADDRESS, RUSLAN_API_USERNAME, RUSLAN_API_PASSWORD) # oid = u'777' query = u'@attrset bib-1 @attr 1=403 "%s"' % (esia_user.oid.replace( '\\', '\\\\')) sru_response = portal_client.search(database=RUSLAN_USERS_DATABASE, query=query, start_record=1, maximum_records=1) sru_records = humanize.get_records(sru_response) reader_id = '' password = '' if not sru_records: user_grs_record = _create_grs_from_esia( oid=esia_user.oid, email=(_find_contacts_attr('EML', person_contacts) or [''])[0], user_attrs=user_attrs) fields_115 = user_grs_record.get_field('115') if fields_115: password = fields_115[0].content user_grs_record = _create_or_update_ruslan_user(user_grs_record) else: user_grs_record = grs.Record.from_dict( humanize.get_record_content(sru_records[0])) fields_100 = user_grs_record.get_field('100') if fields_100: reader_id = fields_100[0].content esia_user.delete() user = authenticate(username=reader_id, password=password, need_check_password=False) if user: if user.is_active: login(request, user) return render(request, 'esia_sso/register_new_user.html', { 'reader_id': reader_id, 'password': password }) else: return _error_response( request=request, error='no_access_toke', state='', error_description=u'Ваша учетная запись не активна') else: return _error_response( request=request, error='no_user', state='', error_description= u'Система не может сопоставить вашу учетную запись ЕСИА')