def login(request, election, trustee_email, trustee_secret): trustee = get_object_or_404(Trustee, election=election, email=trustee_email) if not trustee: raise PermissionDenied("Invalid election") if trustee_secret == trustee.secret: user = auth.ZeusUser(trustee) if request.zeususer.is_authenticated() and ( not request.zeususer.is_trustee or \ request.zeususer._user.pk != trustee.pk): messages.error( request, _("You need to logout from your current account " "to access this view.")) return HttpResponseRedirect(reverse('error', kwargs={'code': 403})) user.authenticate(request) election.logger.info("Trustee %r logged in", trustee.email) return HttpResponseRedirect( reverse('election_trustee_home', args=[election.uuid])) else: url = election_reverse(election, 'index') return HttpResponseRedirect(url)
def cast_done(request, election, poll): if request.zeususer.is_authenticated() and request.zeususer.is_voter: if poll.has_linked_polls: voter = request.zeususer._user next_poll = poll.next_linked_poll(voter_id=voter.voter_login_id) if next_poll: try: voter = next_poll.voters.get( voter_login_id=request.zeususer._user.voter_login_id) user = auth.ZeusUser(voter) user.authenticate(request) url = next_poll.get_booth_url(request) return HttpResponseRedirect(url) except Voter.DoesNotExist: pass request.zeususer.logout(request) fingerprint = request.GET.get('f') if not request.GET.get('f', None): raise PermissionDenied('39') vote = get_object_or_404(CastVote, fingerprint=fingerprint) return render_template(request, 'election_poll_cast_done', { 'cast_vote': vote, 'election_uuid': election.uuid, 'poll_uuid': poll.uuid })
def oauth2_login(request): poll_uuid = request.GET.get('state') try: poll = Poll.objects.get(uuid=poll_uuid) except Poll.DoesNotExist: return HttpResponseBadRequest(400) oauth2 = poll.get_oauth2_module if oauth2.can_exchange(request): oauth2.exchange(oauth2.get_exchange_url()) try: confirmed, data = oauth2.confirm_email() if confirmed: voter = Voter.objects.get(poll__uuid=poll_uuid, uuid=oauth2.voter_uuid) user = auth.ZeusUser(voter) user.authenticate(request) poll.logger.info("Poll voter '%s' logged in", voter.voter_login_id) del request.session['oauth2_voter_uuid'] del request.session['oauth2_voter_email'] return HttpResponseRedirect(poll_reverse(poll, 'index')) else: poll.logger.info( "[thirdparty] %s cannot resolve email from %r", poll.remote_login_display, data) messages.error(request, 'oauth2 user does not match voter') return HttpResponseRedirect( reverse('error', kwargs={'code': 400})) except urllib2.HTTPError, e: poll.logger.exception(e) messages.error(request, 'oauth2 error') return HttpResponseRedirect(reverse('error', kwargs={'code': 400})) pass
def process_request(self, request): setattr(request, 'zeususer', auth.ZeusUser(None)) user = auth.ZeusUser.from_request(request) setattr(request, 'zeususer', user) if user.is_admin: setattr(request, 'admin', user._user) if user.is_voter: setattr(request, 'voter', user._user) if user.is_trustee: setattr(request, 'trustee', user._user)
def voter_login(request): form = VoterLoginForm() if request.method == 'POST': form = VoterLoginForm(request.POST) if form.is_valid(): poll = form._voter.poll user = auth.ZeusUser(form._voter) user.authenticate(request) poll.logger.info("Poll voter '%s' logged in (global login view)", form._voter.voter_login_id) return HttpResponseRedirect(poll_reverse(poll, 'index')) cxt = {'form': form} return render_template(request, 'voter_login', cxt)
def voter_booth_linked_login(request, election, poll, voter_uuid): voter = request.zeususer._user linked_poll = request.GET.get('link-to', None) if not poll.has_linked_polls: raise PermissionDenied() if not linked_poll or linked_poll not in \ poll.linked_polls.values_list('uuid', flat=True): raise PermissionDenied() linked_poll = election.polls.get(uuid=linked_poll) linked_voter = linked_poll.voters.get(voter_login_id=voter.voter_login_id) user = auth.ZeusUser(linked_voter) user.authenticate(request) poll.logger.info("Poll voter '%s' logged in in linked poll '%s'", voter.voter_login_id, poll.uuid) url = linked_poll.get_booth_url(request) return HttpResponseRedirect(url)
def voter_login(request, lang=None): if lang and lang in dict(settings.LANGUAGES): translation.activate(lang) form_cls = VoterLoginForm form = VoterLoginForm() if request.method == 'POST': form = VoterLoginForm(request.POST) if form.is_valid(): poll = form._voter.poll user = auth.ZeusUser(form._voter) user.authenticate(request) poll.logger.info("Poll voter '%s' logged in (global login view)", form._voter.voter_login_id) return HttpResponseRedirect(poll_reverse(poll, 'index')) cxt = {'form': form} return render_template(request, 'voter_login', cxt)
def voter_booth_login(request, election, poll, voter_uuid, voter_secret): voter = None if poll.jwt_auth: messages.error(request, _("Poll does not support voter url login.")) return HttpResponseRedirect(reverse('error', kwargs={'code': 403})) try: voter = Voter.objects.get(poll=poll, uuid=voter_uuid) if voter.excluded_at: raise PermissionDenied('37') except Voter.DoesNotExist: raise PermissionDenied("Invalid election") if request.zeususer.is_authenticated() and request.zeususer.is_voter: return HttpResponseRedirect( reverse('election_poll_index', kwargs={ 'election_uuid': request.zeususer._user.poll.election.uuid, 'poll_uuid': request.zeususer._user.poll.uuid })) if request.zeususer.is_authenticated() and ( not request.zeususer.is_voter or \ request.zeususer._user.pk != voter.pk): messages.error( request, _("You need to logout from your current account " "to access this view.")) return HttpResponseRedirect(reverse('error', kwargs={'code': 403})) if voter.voter_password != unicode(voter_secret): raise PermissionDenied("Invalid secret") if poll.oauth2_thirdparty: oauth2 = poll.get_oauth2_module if oauth2.type_id == 'google': oauth2.set_login_hint(voter.voter_email) poll.logger.info("[thirdparty] setting thirdparty voter " + \ "session data (%s, %s)", voter.voter_email, voter.uuid) request.session['oauth2_voter_email'] = voter.voter_email request.session['oauth2_voter_uuid'] = voter.uuid url = oauth2.get_code_url() poll.logger.info("[thirdparty] code handshake from %s", url) context = {'url': url} tpl = 'voter_redirect' return render_template(request, tpl, context) elif poll.shibboleth_auth: poll.logger.info("[thirdparty] shibboleth redirect for voter (%s, %s)", voter.voter_email, voter.uuid) constraints = poll.get_shibboleth_constraints() endpoint = constraints.get('endpoint') request.session['shibboleth_voter_email'] = voter.voter_email request.session['shibboleth_voter_uuid'] = voter.uuid url = auth.make_shibboleth_login_url(endpoint) context = {'url': url} tpl = 'voter_redirect' return render_template(request, tpl, context) else: user = auth.ZeusUser(voter) user.authenticate(request) poll.logger.info("Poll voter '%s' logged in", voter.voter_login_id) return HttpResponseRedirect(poll_reverse(poll, 'index'))
def shibboleth_login(request, endpoint): voter_uuid = request.session.get('shibboleth_voter_uuid', None) email = request.session.get('shibboleth_voter_email', None) if voter_uuid is not None: del request.session['shibboleth_voter_uuid'] if email is not None: del request.session['shibboleth_voter_email'] if not all([voter_uuid, email]): messages.error(request, _('Uninitialized shibboleth session.')) return HttpResponseRedirect(reverse('error', kwargs={'code': 400})) voter = get_object_or_404(Voter, uuid=voter_uuid) assert voter.voter_email == email poll = voter.poll constraints = poll.get_shibboleth_constraints() common_fields = ['HTTP_EPPN', 'HTTP_REMOTE_USER', 'HTTP_MAIL'] meta = request.META shibboleth = {} for key, value in meta.items(): if key in common_fields: shibboleth[key.replace('HTTP_', '', 1)] = value if key.startswith('HTTP_SHIB_'): shibboleth[key.replace('HTTP_SHIB_', '', 1)] = value poll.logger.info("[thirdparty] Voter (%s, %s) shibboleth data: %r" % (voter.uuid, voter.voter_email, shibboleth)) error = False if constraints.get('endpoint') != endpoint: poll.logger.error('[thirdparty] invalid login endpoint %s', endpoint) error = 403 messages.error(request, _("Invalid shibboleth endpoint")) if not error: for key in constraints.get('required_fields'): if key not in shibboleth: error = 403 poll.logger.error('[thirdparty] %s field not found in shibboleth data', key) messages.error(request, _('Invalid shibboleth data resolved.')) idp_field_key = constraints.get('assert_idp_key') if not error and idp_field_key not in shibboleth: error = 403 poll.logger.error('[thirdparty] %s field not found in shibboleth data', idp_field_key) messages.error(request, _('Invalid shibboleth data resolved.')) idp_field = None voter_field = None voter_field_key = None if not error and idp_field_key in shibboleth: idp_field = shibboleth[idp_field_key] voter_field_key = constraints.get('assert_voter_key') voter_field = getattr(voter, 'voter_%s' % voter_field_key, None) if not error and voter_field is None: error = 403 poll.logger.error('[thirdparty] invalid assert_voter_key set %s' % voter_field_key) idp_field_arr = [] if idp_field and ":" in idp_field: idp_field_arr = [x.strip() for x in idp_field.split(":")] if (not error and not idp_field == voter_field) and (not error and voter_field not in idp_field_arr): error = 403 err_fields = [idp_field, idp_field_key, voter_field_key, voter_field] poll.logger.error('[thirdparty] assertion failed (%r=%s != %r=%s)', *err_fields) messages.error(request, _('Shibboleth voter info assertion failed.')) if error: return HttpResponseRedirect(reverse('error', kwargs={'code': error})) else: user = auth.ZeusUser(voter) user.authenticate(request) poll.logger.info("[thirdparty] Shibboleth login for %s", voter.voter_login_id) poll.logger.info("Poll voter '%s' logged in", voter.voter_login_id) return HttpResponseRedirect(poll_reverse(poll, 'index'))