def authenticated(
request,
template='im/third_party_check_local.html',
extra_context=None
):
if extra_context is None:
extra_context = {}
if request.GET.get('error', None):
return HttpResponseRedirect(reverse('edit_profile'))
# TODO: Handle errors, e.g. error=access_denied
try:
consumer = oauth.Consumer(key=OAUTH_CONSUMER_KEY,
secret=OAUTH_CONSUMER_SECRET)
client = oauth.Client(consumer)
code = request.GET.get('code', None)
params = {
'code': code,
'client_id': settings.GOOGLE_CLIENT_ID,
'client_secret': settings.GOOGLE_SECRET,
'redirect_uri': get_redirect_uri(),
'grant_type': 'authorization_code'
}
get_token_url = "%s" % (request_token_url,)
resp, content = client.request(get_token_url, "POST",
body=urllib.urlencode(params))
token = json.loads(content).get('access_token', None)
resp, content = client.request("%s?access_token=%s" %
(access_token_url, token), "GET")
access_token_data = json.loads(content)
except Exception:
messages.error(request, _('Invalid Google response. Please '
'contact support'))
return HttpResponseRedirect(reverse('edit_profile'))
if not access_token_data.get('user_id', None):
messages.error(request, _('Invalid Google response. Please contact '
' support'))
return HttpResponseRedirect(reverse('edit_profile'))
userid = access_token_data['user_id']
provider_info = access_token_data
affiliation = 'Google.com'
try:
return handle_third_party_login(request, 'google', userid,
provider_info, affiliation)
except AstakosUser.DoesNotExist:
third_party_key = get_pending_key(request)
user_info = {'affiliation': affiliation}
return handle_third_party_signup(request, userid, 'google',
third_party_key,
provider_info,
user_info,
template,
extra_context)
def authenticated(
request,
template='im/third_party_check_local.html',
extra_context=None):
if extra_context is None:
extra_context = {}
consumer = oauth.Consumer(settings.TWITTER_TOKEN,
settings.TWITTER_SECRET)
client = oauth.Client(consumer)
if request.GET.get('denied'):
return HttpResponseRedirect(reverse('edit_profile'))
if not 'request_token' in request.session:
messages.error(request, 'Twitter handshake failed')
return HttpResponseRedirect(reverse('edit_profile'))
token = oauth.Token(request.session['request_token']['oauth_token'],
request.session['request_token']['oauth_token_secret'])
client = oauth.Client(consumer, token)
# Step 2. Request the authorized access token from Twitter.
parts = list(urlsplit(access_token_url))
params = dict(parse_qsl(parts[3], keep_blank_values=True))
oauth_verifier = request.GET.get('oauth_verifier')
params['oauth_verifier'] = oauth_verifier
parts[3] = urlencode(params)
parameterized_url = urlunsplit(parts)
resp, content = client.request(parameterized_url, "GET")
if resp['status'] != '200':
try:
del request.session['request_token']
except:
pass
messages.error(request, 'Invalid Twitter response')
logger.error("Invalid twitter response %s", resp)
return HttpResponseRedirect(reverse('edit_profile'))
access_token = dict(cgi.parse_qsl(content))
userid = access_token['user_id']
username = access_token.get('screen_name', userid)
provider_info = {'screen_name': username}
affiliation = 'Twitter.com'
try:
return handle_third_party_login(request, 'twitter', userid,
provider_info, affiliation)
except AstakosUser.DoesNotExist, e:
third_party_key = get_pending_key(request)
user_info = {'affiliation': affiliation}
return handle_third_party_signup(request, userid, 'twitter',
third_party_key,
provider_info,
user_info,
template,
extra_context)
def authenticated(request,
template='im/third_party_check_local.html',
extra_context=None):
if extra_context is None:
extra_context = {}
consumer = oauth.Consumer(settings.TWITTER_TOKEN,
settings.TWITTER_SECRET)
client = oauth.Client(consumer)
if request.GET.get('denied'):
return HttpResponseRedirect(reverse('edit_profile'))
if not 'request_token' in request.session:
messages.error(request, 'Twitter handshake failed')
return HttpResponseRedirect(reverse('edit_profile'))
token = oauth.Token(request.session['request_token']['oauth_token'],
request.session['request_token']['oauth_token_secret'])
client = oauth.Client(consumer, token)
# Step 2. Request the authorized access token from Twitter.
parts = list(urlsplit(access_token_url))
params = dict(parse_qsl(parts[3], keep_blank_values=True))
oauth_verifier = request.GET.get('oauth_verifier')
params['oauth_verifier'] = oauth_verifier
parts[3] = urlencode(params)
parameterized_url = urlunsplit(parts)
resp, content = client.request(parameterized_url, "GET")
if resp['status'] != '200':
try:
del request.session['request_token']
except:
pass
messages.error(request, 'Invalid Twitter response')
logger.error("Invalid twitter response %s", resp)
return HttpResponseRedirect(reverse('edit_profile'))
access_token = dict(cgi.parse_qsl(content))
userid = access_token['user_id']
username = access_token.get('screen_name', userid)
provider_info = {'screen_name': username}
affiliation = 'Twitter.com'
try:
return handle_third_party_login(request, 'twitter', userid,
provider_info, affiliation)
except AstakosUser.DoesNotExist, e:
third_party_key = get_pending_key(request)
user_info = {'affiliation': affiliation}
return handle_third_party_signup(request, userid, 'twitter',
third_party_key,
provider_info,
user_info,
template,
extra_context)
def authenticated(request,
template='im/third_party_check_local.html',
extra_context=None):
if extra_context is None:
extra_context = {}
if request.GET.get('error', None):
return HttpResponseRedirect(reverse('edit_profile'))
# TODO: Handle errors, e.g. error=access_denied
try:
oauth = OAuth2Session(settings.GOOGLE_CLIENT_ID,
redirect_uri=get_redirect_uri(),
scope=token_scope)
code = request.GET.get('code', None)
token = oauth.fetch_token(request_token_url,
code=code,
client_secret=settings.GOOGLE_SECRET)
access_token = token.get('access_token', None)
# Simply validating the token should return user_id
# This probably does not need to be performed via the oauth.request
# method
resp = oauth.request(url="%s?access_token=%s" %
(access_token_url, access_token),
method="GET")
access_token_data = json.loads(resp.content)
except Exception as e:
logger.exception(e)
messages.error(request,
_('Invalid Google response. Please '
'contact support'))
return HttpResponseRedirect(reverse('edit_profile'))
if not access_token_data.get('user_id', None):
messages.error(
request, _('Invalid Google response. Please contact '
' support'))
return HttpResponseRedirect(reverse('edit_profile'))
userid = access_token_data['user_id']
provider_info = access_token_data
affiliation = 'Google.com'
user_info = {'affiliation': affiliation}
try:
return handle_third_party_login(request,
'google',
userid,
provider_info,
affiliation,
user_info=user_info)
except AstakosUser.DoesNotExist:
third_party_key = get_pending_key(request)
return handle_third_party_signup(request, userid, 'google',
third_party_key, provider_info,
user_info, template, extra_context)
def authenticated(request,
template='im/third_party_check_local.html',
extra_context=None):
if extra_context is None:
extra_context = {}
if request.GET.get('error', None):
return HttpResponseRedirect(reverse('edit_profile'))
# TODO: Handle errors, e.g. error=access_denied
try:
consumer = oauth.Consumer(key=OAUTH_CONSUMER_KEY,
secret=OAUTH_CONSUMER_SECRET)
client = oauth.Client(consumer)
code = request.GET.get('code', None)
params = {
'code': code,
'client_id': settings.GOOGLE_CLIENT_ID,
'client_secret': settings.GOOGLE_SECRET,
'redirect_uri': get_redirect_uri(),
'grant_type': 'authorization_code'
}
get_token_url = "%s" % (request_token_url, )
resp, content = client.request(get_token_url,
"POST",
body=urllib.urlencode(params))
token = json.loads(content).get('access_token', None)
resp, content = client.request(
"%s?access_token=%s" % (access_token_url, token), "GET")
access_token_data = json.loads(content)
except Exception:
messages.error(request,
_('Invalid Google response. Please '
'contact support'))
return HttpResponseRedirect(reverse('edit_profile'))
if not access_token_data.get('user_id', None):
messages.error(
request, _('Invalid Google response. Please contact '
' support'))
return HttpResponseRedirect(reverse('edit_profile'))
userid = access_token_data['user_id']
provider_info = access_token_data
affiliation = 'Google.com'
try:
return handle_third_party_login(request, 'google', userid,
provider_info, affiliation)
except AstakosUser.DoesNotExist:
third_party_key = get_pending_key(request)
user_info = {'affiliation': affiliation}
return handle_third_party_signup(request, userid, 'google',
third_party_key, provider_info,
user_info, template, extra_context)
def authenticated(request, template="im/third_party_check_local.html", extra_context=None):
if extra_context is None:
extra_context = {}
consumer = oauth.Consumer(settings.LINKEDIN_TOKEN, settings.LINKEDIN_SECRET)
client = oauth.Client(consumer)
if request.GET.get("denied"):
return HttpResponseRedirect(reverse("edit_profile"))
if not "request_token" in request.session:
messages.error(request, "linkedin handshake failed")
return HttpResponseRedirect(reverse("edit_profile"))
token = oauth.Token(
request.session["request_token"]["oauth_token"], request.session["request_token"]["oauth_token_secret"]
)
token.set_verifier(request.GET.get("oauth_verifier"))
client = oauth.Client(consumer, token)
resp, content = client.request(access_token_url, "POST")
if resp["status"] != "200":
try:
del request.session["request_token"]
except:
pass
messages.error(request, "Invalid linkedin token response")
return HttpResponseRedirect(reverse("edit_profile"))
access_token = dict(cgi.parse_qsl(content))
token = oauth.Token(access_token["oauth_token"], access_token["oauth_token_secret"])
client = oauth.Client(consumer, token)
resp, content = client.request(
"http://api.linkedin.com/v1/people/~:(id,first-name,last-name,industry,email-address)?format=json", "GET"
)
if resp["status"] != "200":
try:
del request.session["request_token"]
except:
pass
messages.error(request, "Invalid linkedin profile response")
return HttpResponseRedirect(reverse("edit_profile"))
profile_data = json.loads(content)
userid = profile_data["id"]
username = profile_data.get("emailAddress", None)
realname = profile_data.get("firstName", "") + " " + profile_data.get("lastName", "")
provider_info = profile_data
affiliation = "LinkedIn.com"
try:
return handle_third_party_login(request, "linkedin", userid, provider_info, affiliation)
except AstakosUser.DoesNotExist, e:
third_party_key = get_pending_key(request)
user_info = {"affiliation": affiliation, "realname": realname}
return handle_third_party_signup(
request, userid, "linkedin", third_party_key, provider_info, user_info, template, extra_context
)
def authenticated(
request,
template='im/third_party_check_local.html',
extra_context=None
):
if extra_context is None:
extra_context = {}
if request.GET.get('error', None):
return HttpResponseRedirect(reverse('edit_profile'))
# TODO: Handle errors, e.g. error=access_denied
try:
oauth = OAuth2Session(settings.GOOGLE_CLIENT_ID,
redirect_uri=get_redirect_uri(),
scope=token_scope)
code = request.GET.get('code', None)
token = oauth.fetch_token(request_token_url, code=code,
client_secret=settings.GOOGLE_SECRET)
access_token = token.get('access_token', None)
# Simply validating the token should return user_id
# This probably does not need to be performed via the oauth.request
# method
resp = oauth.request(url="%s?access_token=%s" %
(access_token_url, access_token), method="GET")
access_token_data = json.loads(resp.content)
except Exception as e:
logger.exception(e)
messages.error(request, _('Invalid Google response. Please '
'contact support'))
return HttpResponseRedirect(reverse('edit_profile'))
if not access_token_data.get('user_id', None):
messages.error(request, _('Invalid Google response. Please contact '
' support'))
return HttpResponseRedirect(reverse('edit_profile'))
userid = access_token_data['user_id']
provider_info = access_token_data
affiliation = 'Google.com'
user_info = {'affiliation': affiliation}
try:
return handle_third_party_login(request, 'google', userid,
provider_info, affiliation,
user_info=user_info)
except AstakosUser.DoesNotExist:
third_party_key = get_pending_key(request)
return handle_third_party_signup(request, userid, 'google',
third_party_key,
provider_info,
user_info,
template,
extra_context)
def add(request, template_name='im/auth/ldap_add.html'):
provider = auth.get_provider('ldap', request.user)
# Check that provider's policy allows to add provider to account
if not provider.get_add_policy:
messages.error(request, provider.get_add_disabled_msg)
return HttpResponseRedirect(reverse('edit_profile'))
if request.method == "GET":
return render_response(template_name,
login_form=LDAPLoginForm(request=request),
context_instance=get_context(
request, provider=LDAP_PROVIDER))
form = LDAPLoginForm(data=request.POST, request=request)
if form.is_valid():
provider = auth.get_provider('ldap', request.user)
user = form.ldap_user_cache
provider_info = dict(user.ldap_user.attrs)
try:
user_info = populate_user_attributes(provider, provider_info)
user_id = user_info.pop('identifier')
except (ValueError, KeyError):
logger.exception(
"Failed to map attributes from LDAP provider."
" Provider attributes: %s", provider_info)
msg = 'Invalid LDAP response. Please contact support.'
messages.error(request, msg)
return HttpResponseRedirect(reverse('login'))
affiliation = 'LDAP' # TODO: Add LDAP server name?
user_info['affiliation'] = affiliation
provider_info = dict([(k, smart_unicode(v, errors="ignore"))
for k, v in provider_info.items()
if k in provider.get_provider_info_attributes()])
if hasattr(user, 'group_names') and provider.get_policy('mirror_groups'):
groups = [
Group.objects.get_or_create(name=group_name)[0]
for group_name in user.group_names
]
user_info['groups'] = groups
return handle_third_party_login(request,
provider_module="ldap",
identifier=user_id,
provider_info=provider_info,
affiliation=affiliation,
user_info=user_info)
else:
return render_response(template_name,
form=LDAPLoginForm(request=request),
context_instance=get_context(
request, provider=LDAP_PROVIDER))
def add(request, template_name='im/auth/ldap_add.html'):
provider = auth.get_provider('ldap', request.user)
# Check that provider's policy allows to add provider to account
if not provider.get_add_policy:
messages.error(request, provider.get_add_disabled_msg)
return HttpResponseRedirect(reverse('edit_profile'))
if request.method == "GET":
return render_response(
template_name,
login_form=LDAPLoginForm(request=request),
context_instance=get_context(request, provider=LDAP_PROVIDER)
)
form = LDAPLoginForm(data=request.POST,
request=request)
if form.is_valid():
provider = auth.get_provider('ldap', request.user)
user = form.ldap_user_cache
provider_info = dict(user.ldap_user.attrs)
try:
user_info = populate_user_attributes(provider, provider_info)
user_id = user_info.pop('identifier')
except (ValueError, KeyError):
logger.exception("Failed to map attributes from LDAP provider."
" Provider attributes: %s", provider_info)
msg = 'Invalid LDAP response. Please contact support.'
messages.error(request, msg)
return HttpResponseRedirect(reverse('login'))
affiliation = 'LDAP' # TODO: Add LDAP server name?
user_info['affiliation'] = affiliation
provider_info = dict([(k, smart_unicode(v, errors="ignore"))
for k, v in provider_info.items()
if k in provider.get_provider_info_attributes()])
if hasattr(user, 'group_names') and provider.get_policy('mirror_groups'):
groups = [Group.objects.get_or_create(name=group_name)[0]
for group_name in user.group_names]
user_info['groups'] = groups
return handle_third_party_login(request, provider_module="ldap",
identifier=user_id,
provider_info=provider_info,
affiliation=affiliation,
user_info=user_info)
else:
return render_response(
template_name,
form=LDAPLoginForm(request=request),
context_instance=get_context(request, provider=LDAP_PROVIDER)
)
def authenticated(request,
template='im/third_party_check_local.html',
extra_context=None):
if extra_context is None:
extra_context = {}
if request.GET.get('denied'):
return HttpResponseRedirect(reverse('edit_profile'))
if 'request_token' not in request.session:
messages.error(request, 'Twitter handshake failed')
return HttpResponseRedirect(reverse('edit_profile'))
oauth_verifier = request.GET.get('oauth_verifier')
resource_owner_key = request.session['request_token'].get('oauth_token')
resource_owner_secret = request.session['request_token']\
.get('oauth_token_secret')
oauth = OAuth1(settings.TWITTER_TOKEN,
client_secret=settings.TWITTER_SECRET,
resource_owner_key=resource_owner_key,
resource_owner_secret=resource_owner_secret,
verifier=oauth_verifier)
resp = requests.post(url=access_token_url, auth=oauth)
if resp.status_code != 200:
try:
del request.session['request_token']
except:
pass
messages.error(request, 'Invalid Twitter response')
logger.error("Invalid twitter response (code: %d) %s",
resp.status_code, resp.content)
return HttpResponseRedirect(reverse('edit_profile'))
access_token = dict(parse_qsl(resp.content))
userid = access_token['user_id']
username = access_token.get('screen_name', userid)
provider_info = {'screen_name': username}
affiliation = 'Twitter.com'
user_info = {'affiliation': affiliation}
try:
return handle_third_party_login(request, 'twitter', userid,
provider_info, affiliation,
user_info=user_info)
except AstakosUser.DoesNotExist:
third_party_key = get_pending_key(request)
return handle_third_party_signup(request, userid, 'twitter',
third_party_key,
provider_info,
user_info,
template,
extra_context)
def authenticated(request,
template='im/third_party_check_local.html',
extra_context=None):
if extra_context is None:
extra_context = {}
if request.GET.get('denied'):
return HttpResponseRedirect(reverse('edit_profile'))
if 'request_token' not in request.session:
messages.error(request, 'Twitter handshake failed')
return HttpResponseRedirect(reverse('edit_profile'))
oauth_verifier = request.GET.get('oauth_verifier')
resource_owner_key = request.session['request_token'].get('oauth_token')
resource_owner_secret = request.session['request_token']\
.get('oauth_token_secret')
oauth = OAuth1(settings.TWITTER_TOKEN,
client_secret=settings.TWITTER_SECRET,
resource_owner_key=resource_owner_key,
resource_owner_secret=resource_owner_secret,
verifier=oauth_verifier)
resp = requests.post(url=access_token_url, auth=oauth)
if resp.status_code != 200:
try:
del request.session['request_token']
except:
pass
messages.error(request, 'Invalid Twitter response')
logger.error("Invalid twitter response (code: %d) %s",
resp.status_code, resp.content)
return HttpResponseRedirect(reverse('edit_profile'))
access_token = dict(parse_qsl(resp.content))
userid = access_token['user_id']
username = access_token.get('screen_name', userid)
provider_info = {'screen_name': username}
affiliation = 'Twitter.com'
user_info = {'affiliation': affiliation}
try:
return handle_third_party_login(request,
'twitter',
userid,
provider_info,
affiliation,
user_info=user_info)
except AstakosUser.DoesNotExist:
third_party_key = get_pending_key(request)
return handle_third_party_signup(request, userid, 'twitter',
third_party_key, provider_info,
user_info, template, extra_context)
except KeyError, e:
# invalid shibboleth headers, redirect to login, display message
logger.exception(e)
messages.error(request, e.message)
return HttpResponseRedirect(login_url(request))
if settings.SHIBBOLETH_MIGRATE_EPPN:
migrate_eppn_to_remote_id(eppn, user_id)
affiliation = tokens.get(Tokens.SHIB_EP_AFFILIATION, 'Shibboleth')
email = tokens.get(Tokens.SHIB_MAIL, '')
provider_info = {'eppn': eppn, 'email': email, 'name': fullname,
'headers': shibboleth_headers, 'user_id': user_id}
try:
return handle_third_party_login(request, 'shibboleth',
user_id, provider_info,
affiliation, third_party_key)
except AstakosUser.DoesNotExist, e:
third_party_key = get_pending_key(request)
user_info = {'affiliation': affiliation,
'first_name': first_name,
'last_name': last_name,
'email': email}
return handle_third_party_signup(request, user_id, 'shibboleth',
third_party_key,
provider_info,
user_info,
template,
extra_context)
def authenticated(request,
template='im/third_party_check_local.html',
extra_context=None):
if extra_context is None:
extra_context = {}
consumer = oauth.Consumer(settings.LINKEDIN_TOKEN,
settings.LINKEDIN_SECRET)
client = oauth.Client(consumer)
if request.GET.get('denied'):
return HttpResponseRedirect(reverse('edit_profile'))
if not 'request_token' in request.session:
messages.error(request, 'linkedin handshake failed')
return HttpResponseRedirect(reverse('edit_profile'))
token = oauth.Token(request.session['request_token']['oauth_token'],
request.session['request_token']['oauth_token_secret'])
token.set_verifier(request.GET.get('oauth_verifier'))
client = oauth.Client(consumer, token)
resp, content = client.request(access_token_url, "POST")
if resp['status'] != '200':
try:
del request.session['request_token']
except:
pass
messages.error(request, 'Invalid linkedin token response')
return HttpResponseRedirect(reverse('edit_profile'))
access_token = dict(cgi.parse_qsl(content))
token = oauth.Token(access_token['oauth_token'],
access_token['oauth_token_secret'])
client = oauth.Client(consumer, token)
resp, content = client.request(
"http://api.linkedin.com/v1/people/~:(id,first-name,last-name,industry,email-address)?format=json",
"GET")
if resp['status'] != '200':
try:
del request.session['request_token']
except:
pass
messages.error(request, 'Invalid linkedin profile response')
return HttpResponseRedirect(reverse('edit_profile'))
profile_data = json.loads(content)
userid = profile_data['id']
username = profile_data.get('emailAddress', None)
realname = profile_data.get('firstName', '') + ' ' + profile_data.get(
'lastName', '')
provider_info = profile_data
affiliation = 'LinkedIn.com'
try:
return handle_third_party_login(request, 'linkedin', userid,
provider_info, affiliation)
except AstakosUser.DoesNotExist, e:
third_party_key = get_pending_key(request)
user_info = {'affiliation': affiliation, 'realname': realname}
return handle_third_party_signup(request, userid, 'linkedin',
third_party_key, provider_info,
user_info, template, extra_context)
else:
realname = ''
except KeyError, e:
# invalid shibboleth headers, redirect to login, display message
messages.error(request, e.message)
return HttpResponseRedirect(login_url(request))
affiliation = tokens.get(Tokens.SHIB_EP_AFFILIATION, 'Shibboleth')
email = tokens.get(Tokens.SHIB_MAIL, '')
eppn_info = tokens.get(Tokens.SHIB_EPPN)
provider_info = {'eppn': eppn_info, 'email': email, 'name': realname,
'headers': shibboleth_headers}
userid = eppn
try:
return handle_third_party_login(request, 'shibboleth',
eppn, provider_info,
affiliation, third_party_key)
except AstakosUser.DoesNotExist, e:
third_party_key = get_pending_key(request)
user_info = {'affiliation': affiliation, 'realname': realname}
return handle_third_party_signup(request, userid, 'shibboleth',
third_party_key,
provider_info,
user_info,
template,
extra_context)
def login(request,
template_name="im/login.html",
on_failure='im/login.html',
signup_template="/im/third_party_check_local.html",
extra_context=None):
"""
on_failure: the template name to render on login failure
"""
if request.method == 'GET':
return handle_get_to_login_view(request,
primary_provider=LDAP_PROVIDER,
login_form=LDAPLoginForm(request),
template_name=template_name,
extra_context=extra_context)
# 'limited' attribute is used by recapatcha
was_limited = getattr(request, 'limited', False)
next = get_query(request).get('next', '')
third_party_token = get_query(request).get('key', False)
form = LDAPLoginForm(data=request.POST,
was_limited=was_limited,
request=request)
provider = LDAP_PROVIDER
if not form.is_valid():
if third_party_token:
messages.info(request, provider.get_login_to_add_msg)
return render_to_response(on_failure, {
'login_form': form,
'next': next,
'key': third_party_token
},
context_instance=get_context(
request, primary_provider=LDAP_PROVIDER))
# get the user from the cache
user = form.ldap_user_cache
provider = auth.get_provider('ldap', user)
affiliation = 'LDAP'
provider_info = dict(user.ldap_user.attrs)
try:
user_info = populate_user_attributes(provider, provider_info)
user_id = user_info.pop('identifier')
except (ValueError, KeyError):
logger.exception(
"Failed to map attributes from LDAP provider."
" Provider attributes: %s", provider_info)
msg = 'Invalid LDAP response. Please contact support.'
messages.error(request, msg)
return HttpResponseRedirect(reverse('login'))
provider_info = dict([(k, smart_unicode(v, errors="ignore"))
for k, v in provider_info.items()
if k in provider.get_provider_info_attributes()])
user_info['affiliation'] = affiliation
if hasattr(user, 'group_names') and provider.get_policy('mirror_groups'):
groups = [
Group.objects.get_or_create(name=group_name)[0]
for group_name in user.group_names
]
user_info['groups'] = groups
try:
return handle_third_party_login(request,
provider_module="ldap",
identifier=user_id,
provider_info=provider_info,
affiliation=affiliation,
user_info=user_info)
except AstakosUser.DoesNotExist:
third_party_key = get_pending_key(request)
return handle_third_party_signup(request, user_id, 'ldap',
third_party_key, provider_info,
user_info, signup_template,
extra_context)
if fullname:
splitted = fullname.split(" ", 1)
if len(splitted) == 2:
first_name, last_name = splitted
fullname = "%s %s" % (first_name, last_name)
if not any([first_name, last_name]) and settings.SHIBBOLETH_REQUIRE_NAME_INFO:
raise KeyError(_(astakos_messages.SHIBBOLETH_MISSING_NAME))
except KeyError, e:
# invalid shibboleth headers, redirect to login, display message
logger.exception(e)
messages.error(request, e.message)
return HttpResponseRedirect(login_url(request))
if settings.SHIBBOLETH_MIGRATE_EPPN:
migrate_eppn_to_remote_id(eppn, user_id)
affiliation = tokens.get(Tokens.SHIB_EP_AFFILIATION, "Shibboleth")
email = tokens.get(Tokens.SHIB_MAIL, "")
provider_info = {"eppn": eppn, "email": email, "name": fullname, "headers": shibboleth_headers, "user_id": user_id}
try:
return handle_third_party_login(request, "shibboleth", user_id, provider_info, affiliation, third_party_key)
except AstakosUser.DoesNotExist, e:
third_party_key = get_pending_key(request)
user_info = {"affiliation": affiliation, "first_name": first_name, "last_name": last_name, "email": email}
return handle_third_party_signup(
request, user_id, "shibboleth", third_party_key, provider_info, user_info, template, extra_context
)
def authenticated(request,
template='im/third_party_check_local.html',
extra_context=None):
if extra_context is None:
extra_context = {}
if request.GET.get('denied'):
return HttpResponseRedirect(reverse('edit_profile'))
if 'request_token' not in request.session:
messages.error(request, 'linkedin handshake failed')
return HttpResponseRedirect(reverse('edit_profile'))
resource_owner_key = request.session['request_token'].get('oauth_token')
resource_owner_secret = request.session['request_token']\
.get('oauth_token_secret')
oauth_verifier = request.GET.get('oauth_verifier')
oauth = OAuth1(settings.LINKEDIN_TOKEN,
client_secret=settings.LINKEDIN_SECRET,
resource_owner_key=resource_owner_key,
resource_owner_secret=resource_owner_secret,
verifier=oauth_verifier)
resp = requests.post(access_token_url, auth=oauth)
if resp.status_code != 200:
try:
del request.session['request_token']
except:
pass
logger.error(
"Invalid LinkedIn response while getting access token " +
"(code: %d) %s", resp.status_code, resp.content)
messages.error(request, 'Invalid LinkedIn token response')
return HttpResponseRedirect(reverse('edit_profile'))
access_token = dict(parse_qsl(resp.content))
resource_owner_key = access_token.get('oauth_token')
resource_owner_secret = access_token.get('oauth_token_secret')
oauth = OAuth1(settings.LINKEDIN_TOKEN,
client_secret=settings.LINKEDIN_SECRET,
resource_owner_key=resource_owner_key,
resource_owner_secret=resource_owner_secret)
_url = ("http://api.linkedin.com/v1/people/~:(id,first-name,last-name,"
"industry,email-address)?format=json")
resp = requests.get(_url, auth=oauth)
if resp.status_code != 200:
try:
del request.session['request_token']
except:
pass
messages.error(request, 'Invalid LinkedIn profile response')
logger.error(
"Invalid LinkedIn response while getting user info " +
"(code: %d) %s", resp.status_code, resp.content)
return HttpResponseRedirect(reverse('edit_profile'))
profile_data = json.loads(resp.content)
userid = profile_data['id']
# username = profile_data.get('emailAddress', None)
realname = profile_data.get('firstName', '') + ' ' + profile_data.get(
'lastName', '')
provider_info = profile_data
affiliation = 'LinkedIn.com'
user_info = {'affiliation': affiliation, 'realname': realname}
try:
return handle_third_party_login(request,
'linkedin',
userid,
provider_info,
affiliation,
user_info=user_info)
except AstakosUser.DoesNotExist:
third_party_key = get_pending_key(request)
return handle_third_party_signup(request, userid, 'linkedin',
third_party_key, provider_info,
user_info, template, extra_context)
def authenticated(
request,
template='im/third_party_check_local.html',
extra_context=None
):
if extra_context is None:
extra_context = {}
if request.GET.get('denied'):
return HttpResponseRedirect(reverse('edit_profile'))
if 'request_token' not in request.session:
messages.error(request, 'linkedin handshake failed')
return HttpResponseRedirect(reverse('edit_profile'))
resource_owner_key = request.session['request_token'].get('oauth_token')
resource_owner_secret = request.session['request_token']\
.get('oauth_token_secret')
oauth_verifier = request.GET.get('oauth_verifier')
oauth = OAuth1(settings.LINKEDIN_TOKEN,
client_secret=settings.LINKEDIN_SECRET,
resource_owner_key=resource_owner_key,
resource_owner_secret=resource_owner_secret,
verifier=oauth_verifier)
resp = requests.post(access_token_url, auth=oauth)
if resp.status_code != 200:
try:
del request.session['request_token']
except:
pass
logger.error("Invalid LinkedIn response while getting access token " +
"(code: %d) %s", resp.status_code, resp.content)
messages.error(request, 'Invalid LinkedIn token response')
return HttpResponseRedirect(reverse('edit_profile'))
access_token = dict(parse_qsl(resp.content))
resource_owner_key = access_token.get('oauth_token')
resource_owner_secret = access_token.get('oauth_token_secret')
oauth = OAuth1(settings.LINKEDIN_TOKEN,
client_secret=settings.LINKEDIN_SECRET,
resource_owner_key=resource_owner_key,
resource_owner_secret=resource_owner_secret)
_url = ("http://api.linkedin.com/v1/people/~:(id,first-name,last-name,"
"industry,email-address)?format=json")
resp = requests.get(_url, auth=oauth)
if resp.status_code != 200:
try:
del request.session['request_token']
except:
pass
messages.error(request, 'Invalid LinkedIn profile response')
logger.error("Invalid LinkedIn response while getting user info " +
"(code: %d) %s", resp.status_code, resp.content)
return HttpResponseRedirect(reverse('edit_profile'))
profile_data = json.loads(resp.content)
userid = profile_data['id']
# username = profile_data.get('emailAddress', None)
realname = profile_data.get('firstName', '') + ' ' + profile_data.get(
'lastName', '')
provider_info = profile_data
affiliation = 'LinkedIn.com'
user_info = {'affiliation': affiliation, 'realname': realname}
try:
return handle_third_party_login(request, 'linkedin', userid,
provider_info, affiliation,
user_info=user_info)
except AstakosUser.DoesNotExist:
third_party_key = get_pending_key(request)
return handle_third_party_signup(request, userid, 'linkedin',
third_party_key,
provider_info,
user_info,
template,
extra_context)
def login(request, template_name="im/login.html", on_failure='im/login.html',
signup_template="/im/third_party_check_local.html",
extra_context=None):
"""
on_failure: the template name to render on login failure
"""
if request.method == 'GET':
return handle_get_to_login_view(request,
primary_provider=LDAP_PROVIDER,
login_form=LDAPLoginForm(request),
template_name=template_name,
extra_context=extra_context)
# 'limited' attribute is used by recapatcha
was_limited = getattr(request, 'limited', False)
next = get_query(request).get('next', '')
third_party_token = get_query(request).get('key', False)
form = LDAPLoginForm(data=request.POST,
was_limited=was_limited,
request=request)
provider = LDAP_PROVIDER
if not form.is_valid():
if third_party_token:
messages.info(request, provider.get_login_to_add_msg)
return render_to_response(
on_failure,
{'login_form': form,
'next': next,
'key': third_party_token},
context_instance=get_context(request,
primary_provider=LDAP_PROVIDER))
# get the user from the cache
user = form.ldap_user_cache
provider = auth.get_provider('ldap', user)
affiliation = 'LDAP'
provider_info = dict(user.ldap_user.attrs)
try:
user_info = populate_user_attributes(provider, provider_info)
user_id = user_info.pop('identifier')
except (ValueError, KeyError):
logger.exception("Failed to map attributes from LDAP provider."
" Provider attributes: %s", provider_info)
msg = 'Invalid LDAP response. Please contact support.'
messages.error(request, msg)
return HttpResponseRedirect(reverse('login'))
provider_info = dict([(k, smart_unicode(v, errors="ignore"))
for k, v in provider_info.items()
if k in provider.get_provider_info_attributes()])
user_info['affiliation'] = affiliation
if hasattr(user, 'group_names') and provider.get_policy('mirror_groups'):
groups = [Group.objects.get_or_create(name=group_name)[0]
for group_name in user.group_names]
user_info['groups'] = groups
try:
return handle_third_party_login(request, provider_module="ldap",
identifier=user_id,
provider_info=provider_info,
affiliation=affiliation,
user_info=user_info)
except AstakosUser.DoesNotExist:
third_party_key = get_pending_key(request)
return handle_third_party_signup(request, user_id, 'ldap',
third_party_key,
provider_info,
user_info,
signup_template,
extra_context)
def authenticated(
request,
template='im/third_party_check_local.html',
extra_context=None
):
if extra_context is None:
extra_context = {}
consumer = oauth.Consumer(settings.LINKEDIN_TOKEN,
settings.LINKEDIN_SECRET)
client = oauth.Client(consumer)
if request.GET.get('denied'):
return HttpResponseRedirect(reverse('edit_profile'))
if not 'request_token' in request.session:
messages.error(request, 'linkedin handshake failed')
return HttpResponseRedirect(reverse('edit_profile'))
token = oauth.Token(request.session['request_token']['oauth_token'],
request.session['request_token']['oauth_token_secret'])
token.set_verifier(request.GET.get('oauth_verifier'))
client = oauth.Client(consumer, token)
resp, content = client.request(access_token_url, "POST")
if resp['status'] != '200':
try:
del request.session['request_token']
except:
pass
messages.error(request, 'Invalid linkedin token response')
return HttpResponseRedirect(reverse('edit_profile'))
access_token = dict(cgi.parse_qsl(content))
token = oauth.Token(access_token['oauth_token'],
access_token['oauth_token_secret'])
client = oauth.Client(consumer, token)
_url = ("http://api.linkedin.com/v1/people/~:(id,first-name,last-name,"
"industry,email-address)?format=json")
resp, content = client.request(_url, "GET")
if resp['status'] != '200':
try:
del request.session['request_token']
except:
pass
messages.error(request, 'Invalid linkedin profile response')
return HttpResponseRedirect(reverse('edit_profile'))
profile_data = json.loads(content)
userid = profile_data['id']
username = profile_data.get('emailAddress', None)
realname = profile_data.get('firstName', '') + ' ' + profile_data.get(
'lastName', '')
provider_info = profile_data
affiliation = 'LinkedIn.com'
try:
return handle_third_party_login(request, 'linkedin', userid,
provider_info, affiliation)
except AstakosUser.DoesNotExist, e:
third_party_key = get_pending_key(request)
user_info = {'affiliation': affiliation, 'realname': realname}
return handle_third_party_signup(request, userid, 'linkedin',
third_party_key,
provider_info,
user_info,
template,
extra_context)
