def process_response(self, request, response): """ Automatically adds session cookie if old one is not available. """ response["Server"] = "https://github.com/ojarva/sso-frontend" if request.path.startswith("/csp-report") or request.path.startswith("/timesync"): log.debug("Browser from '%s' reporting CSP/timesync - skip process_response", request.remote_ip) sd.incr("login_frontend.middleware.BrowserMiddleware.process_response.skip", 1) return response # Browser from process_request is not available here. browser = get_browser_instance(request) if not browser or browser.get_auth_level() < Browser.L_STRONG: response = pubtkt_logout(request, response) if not browser: log.debug("Browser does not exist") return response cookies = browser.get_cookies() if request.COOKIES.get(Browser.C_BID_SESSION) != browser.bid_session: # No valid session ID exists. Regen it first. browser.bid_session = create_browser_uuid() browser.save() log.info("Session bid does not exist. Regenerating. bid_public=%s, bid_session=%s" % (browser.bid_public, browser.bid_session)) cookies = browser.get_cookies() if request.COOKIES.get(Browser.C_BID_PUBLIC) != browser.bid_public: # Public bid does not match. Set it again. cookies = browser.get_cookies() for cookie_name, cookie in cookies: log.debug("Setting cookie %s=%s for %s at %s" % (cookie_name, cookie, browser.bid_public, request.path)) response.set_cookie(cookie_name, **cookie) return response
def automatic_ping(request, **kwargs): """ Handles browser queries, and updates browser status when required. """ location = request.GET.get("location") if location: if hasattr(request, "browser") and request.browser: bcache.set("last-known-location-%s" % request.browser.bid_public, location, 3600) bcache.set("last-known-location-timestamp-%s" % request.browser.bid_public, time.time(), 3600) bcache.set("last-known-location-from-%s" % request.browser.bid_public, request.remote_ip, 3600) activity = request.GET.get("activity") hidden = request.GET.get("hidden") error = request.GET.get("error") client_t = request.GET.get("t") client_c = request.GET.get("c") client_r = request.GET.get("r") client_u = request.GET.get("u") if error: custom_log(request, "Ping: an error occured: %s - %s" % (location, error), level="error") custom_log(request, "Ping from %s - %s - %s - %s - %s - %s - %s" % (location, activity, hidden, client_t, client_c, client_r, client_u)) ret = {} sign_out = False if not request.browser: # TODO: check whether browser thinks it's still signed in. pass elif request.browser.forced_sign_out and not request.GET.get("forced_sign_out"): # User is not authenticated. If the browser thinks otherwise, fix that. ret["not_signed_in"] = True ret["redirect_location"] = reverse("login_frontend.views.indexview")+"?forced_sign_out=true" sign_out = True if kwargs.get("img"): #response = HttpResponse(open(settings.PROJECT_ROOT+"/static/img/clear.gif").read(), content_type="image/gif") response = HttpResponse() response.status_code = 204 response.reason_phrase = "No Content" else: response = HttpResponse(json.dumps(ret), content_type="application/json") if kwargs.get("external") and request.GET.get("location"): try: parsed = urlparse.urlparse(request.GET.get("location")) if parsed.hostname.endswith(".futurice.com"): response["Access-Control-Allow-Origin"] = "https://"+parsed.hostname except: pass if sign_out: pubtkt_logout(request, response) return response
def automatic_ping(request, **kwargs): """ Handles browser queries, and updates browser status when required. """ location = request.GET.get("location") if location: if hasattr(request, "browser") and request.browser: dcache.set("last-known-location-%s" % request.browser.bid_public, location, 3600) dcache.set( "last-known-location-timestamp-%s" % request.browser.bid_public, time.time(), 3600) dcache.set( "last-known-location-from-%s" % request.browser.bid_public, request.remote_ip, 3600) custom_log(request, "Ping from %s" % location) ret = {} sign_out = False if not request.browser: # TODO: check whether browser thinks it's still signed in. pass elif request.browser.forced_sign_out and not request.GET.get( "forced_sign_out"): # User is not authenticated. If the browser thinks otherwise, fix that. ret["not_signed_in"] = True ret["redirect_location"] = reverse( "login_frontend.views.indexview") + "?forced_sign_out=true" sign_out = True if kwargs.get("img"): #response = HttpResponse(open(settings.PROJECT_ROOT+"/static/img/clear.gif").read(), content_type="image/gif") response = HttpResponse() response.status_code = 204 response.reason_phrase = "No Content" else: response = HttpResponse(json.dumps(ret), content_type="application/json") if kwargs.get("external") and request.GET.get("location"): try: parsed = urlparse.urlparse(request.GET.get("location")) if parsed.hostname.endswith(".futurice.com"): response[ "Access-Control-Allow-Origin"] = "https://" + parsed.hostname except: pass if sign_out: pubtkt_logout(request, response) return response
def process_response(self, request, response): """ Automatically adds session cookie if old one is not available. """ response["Server"] = "https://github.com/ojarva/sso-frontend" if request.path.startswith("/csp-report") or request.path.startswith( "/timesync"): log.debug( "Browser from '%s' reporting CSP/timesync - skip process_response", request.remote_ip) sd.incr( "login_frontend.middleware.BrowserMiddleware.process_response.skip", 1) return response # Browser from process_request is not available here. browser = get_browser_instance(request) if not browser or browser.get_auth_level() < Browser.L_STRONG: response = pubtkt_logout(request, response) if not browser: log.debug("Browser does not exist") return response cookies = browser.get_cookies() if request.COOKIES.get(Browser.C_BID_SESSION) != browser.bid_session: # No valid session ID exists. Regen it first. browser.bid_session = create_browser_uuid() browser.save() log.info( "Session bid does not exist. Regenerating. bid_public=%s, bid_session=%s" % (browser.bid_public, browser.bid_session)) cookies = browser.get_cookies() if request.COOKIES.get(Browser.C_BID_PUBLIC) != browser.bid_public: # Public bid does not match. Set it again. cookies = browser.get_cookies() for cookie_name, cookie in cookies: log.debug("Setting cookie %s=%s for %s at %s" % (cookie_name, cookie, browser.bid_public, request.path)) response.set_cookie(cookie_name, **cookie) return response