def max_login(self, session):
"""
Logs a user in if their password matches
arguments:
session -- (Session) object from flask
return the response object
"""
try:
safe_dictionary = RequestDictionary(self.request)
# Obtain POST content
ticket = safe_dictionary.get_value("ticket")
service = safe_dictionary.get_value('service')
# Call MAX's serviceValidate endpoint and retrieve the response
max_dict = get_max_dict(ticket, service)
if 'cas:authenticationSuccess' not in max_dict['cas:serviceResponse']:
raise ValueError("You have failed to login successfully with MAX")
cas_attrs = max_dict['cas:serviceResponse']['cas:authenticationSuccess']['cas:attributes']
# Grab the email and list of groups from MAX's response
email = cas_attrs['maxAttribute:Email-Address']
try:
sess = GlobalDB.db().session
user = sess.query(User).filter(func.lower(User.email) == func.lower(email)).one_or_none()
# If the user does not exist, create them since they are allowed to access the site because they got
# past the above group membership checks
if user is None:
user = User()
first_name = cas_attrs['maxAttribute:First-Name']
middle_name = cas_attrs['maxAttribute:Middle-Name']
last_name = cas_attrs['maxAttribute:Last-Name']
user.email = email
# Check for None first so the condition can short-circuit without
# having to worry about calling strip() on a None object
if middle_name is None or middle_name.strip() == '':
user.name = first_name + " " + last_name
else:
user.name = first_name + " " + middle_name[0] + ". " + last_name
set_max_perms(user, cas_attrs['maxAttribute:GroupList'])
sess.add(user)
sess.commit()
except MultipleResultsFound:
raise ValueError("An error occurred during login.")
return self.create_session_and_response(session, user)
except (TypeError, KeyError, NotImplementedError) as e:
# Return a 400 with appropriate message
return JsonResponse.error(e, StatusCode.CLIENT_ERROR)
except ValueError as e:
# Return a 401 for login denied
return JsonResponse.error(e, StatusCode.LOGIN_REQUIRED)
except Exception as e:
# Return 500
return JsonResponse.error(e, StatusCode.INTERNAL_ERROR)
def max_login(self,session):
"""
Logs a user in if their password matches
arguments:
session -- (Session) object from flask
return the reponse object
"""
try:
safeDictionary = RequestDictionary(self.request)
# Obtain POST content
ticket = safeDictionary.getValue("ticket")
service = safeDictionary.getValue('service')
parent_group = CONFIG_BROKER['parent_group']
# Call MAX's serviceValidate endpoint and retrieve the response
max_dict = self.get_max_dict(ticket, service)
if not 'cas:authenticationSuccess' in max_dict['cas:serviceResponse']:
raise ValueError("You have failed to login successfully with MAX")
# Grab the email and list of groups from MAX's response
email = max_dict['cas:serviceResponse']['cas:authenticationSuccess']['cas:attributes']['maxAttribute:Email-Address']
group_list_all = max_dict['cas:serviceResponse']['cas:authenticationSuccess']['cas:attributes']['maxAttribute:GroupList'].split(',')
group_list = [g for g in group_list_all if g.startswith(parent_group)]
cgac_group = [g for g in group_list if g.startswith(parent_group+"-CGAC_")]
# Deny access if they are not aligned with an agency
if not cgac_group:
raise ValueError("You have logged in with MAX but do not have permission to access the broker.")
try:
sess = GlobalDB.db().session
user = sess.query(User).filter(func.lower(User.email) == func.lower(email)).one_or_none()
# If the user does not exist, create them since they are allowed to access the site because they got
# past the above group membership checks
if user is None:
user = User()
first_name = max_dict["cas:serviceResponse"]['cas:authenticationSuccess']['cas:attributes'][
'maxAttribute:First-Name']
middle_name = max_dict["cas:serviceResponse"]['cas:authenticationSuccess']['cas:attributes'][
'maxAttribute:Middle-Name']
last_name = max_dict["cas:serviceResponse"]['cas:authenticationSuccess']['cas:attributes'][
'maxAttribute:Last-Name']
user.email = email
# Check for None first so the condition can short-circuit without
# having to worry about calling strip() on a None object
if middle_name is None or middle_name.strip() == '':
user.name = first_name + " " + last_name
else:
user.name = first_name + " " + middle_name[0] + ". " + last_name
user.user_status_id = user.user_status_id = USER_STATUS_DICT['approved']
sess.add(user)
sess.commit()
# update user's cgac based on their current membership
# If part of the SYS agency, use that as the cgac otherwise use the first agency provided
if [g for g in cgac_group if g.endswith("SYS")]:
user.cgac_code = "SYS"
else:
user.cgac_code = cgac_group[0][-3:]
self.grant_highest_permission(sess, user, group_list, cgac_group[0])
except MultipleResultsFound:
raise ValueError("An error occurred during login.")
return self.create_session_and_response(session, user)
except (TypeError, KeyError, NotImplementedError) as e:
# Return a 400 with appropriate message
return JsonResponse.error(e,StatusCode.CLIENT_ERROR)
except ValueError as e:
# Return a 401 for login denied
return JsonResponse.error(e,StatusCode.LOGIN_REQUIRED)
except Exception as e:
# Return 500
return JsonResponse.error(e,StatusCode.INTERNAL_ERROR)
return self.response
def max_login(self, session):
"""
Logs a user in if their password matches
arguments:
session -- (Session) object from flask
return the response object
"""
try:
safe_dictionary = RequestDictionary(self.request)
# Obtain POST content
ticket = safe_dictionary.get_value("ticket")
service = safe_dictionary.get_value('service')
# Call MAX's serviceValidate endpoint and retrieve the response
max_dict = get_max_dict(ticket, service)
if 'cas:authenticationSuccess' not in max_dict[
'cas:serviceResponse']:
raise ValueError(
"You have failed to login successfully with MAX")
cas_attrs = max_dict['cas:serviceResponse'][
'cas:authenticationSuccess']['cas:attributes']
# Grab the email and list of groups from MAX's response
email = cas_attrs['maxAttribute:Email-Address']
try:
sess = GlobalDB.db().session
user = sess.query(User).filter(
func.lower(User.email) == func.lower(email)).one_or_none()
# If the user does not exist, create them since they are allowed to access the site because they got
# past the above group membership checks
if user is None:
user = User()
first_name = cas_attrs['maxAttribute:First-Name']
middle_name = cas_attrs['maxAttribute:Middle-Name']
last_name = cas_attrs['maxAttribute:Last-Name']
user.email = email
# Check for None first so the condition can short-circuit without
# having to worry about calling strip() on a None object
if middle_name is None or middle_name.strip() == '':
user.name = first_name + " " + last_name
else:
user.name = first_name + " " + middle_name[
0] + ". " + last_name
set_max_perms(user, cas_attrs['maxAttribute:GroupList'])
sess.add(user)
sess.commit()
except MultipleResultsFound:
raise ValueError("An error occurred during login.")
return self.create_session_and_response(session, user)
except (TypeError, KeyError, NotImplementedError) as e:
# Return a 400 with appropriate message
return JsonResponse.error(e, StatusCode.CLIENT_ERROR)
except ValueError as e:
# Return a 401 for login denied
return JsonResponse.error(e, StatusCode.LOGIN_REQUIRED)
except Exception as e:
# Return 500
return JsonResponse.error(e, StatusCode.INTERNAL_ERROR)