def login(request): if request.GET.get(REDIRECT_FIELD_NAME): next_path = request.GET[REDIRECT_FIELD_NAME] else: next_path = settings.LOGIN_REDIRECT_URL # fullfill domain for tequila, and for security reasons if next_path and next_path[0] == '/': next_path = next_path[1:] next_path = request.get_host() + '/' + next_path if request.is_secure(): next_path = 'https://' + next_path else: next_path = 'http://' + next_path if request.user.is_authenticated: return HttpResponseRedirect(next_path) try: server_url = settings.TEQUILA_SERVER_URL except AttributeError: server_url = "" try: additional_params = settings.TEQUILA_CONFIG_ADDITIONAL except AttributeError: additional_params = None try: allows_needed = settings.TEQUILA_CONFIG_ALLOW except AttributeError: allows_needed = None try: service_name = settings.TEQUILA_SERVICE_NAME except AttributeError: service_name = 'Unknown application' try: strong_authentication = settings.TEQUILA_STRONG_AUTHENTICATION except AttributeError: strong_authentication = False tequila_client = TequilaClient( EPFLConfig( server_url=server_url, additional_params=additional_params, redirect_to=next_path, allows=allows_needed, service=service_name, allow_guests=True, strong_authentication=strong_authentication, )) request.session.set_test_cookie() return HttpResponseRedirect(tequila_client.login_url())
def authenticate(self, request, token=None, auth_check=None): """ The username passed as ``remote_user`` is considered trusted. This method simply returns the ``User`` object with the given username, creating a new ``User`` object if ``create_unknown_user`` is ``True``. Returns None if ``create_unknown_user`` is ``False`` and a ``User`` object with the given username is not found in the database. """ tequila_key = token if not tequila_key: return user = None try: allowedrequesthosts = settings.TEQUILA_ALLOWED_REQUEST_HOSTS except AttributeError: allowedrequesthosts = None if self.tequila_server_url: user_attributes = TequilaClient( EPFLConfig(server_url=self.tequila_server_url)).get_attributes( tequila_key, allowedrequesthosts, auth_check) else: user_attributes = TequilaClient(EPFLConfig()).get_attributes( tequila_key, allowedrequesthosts, auth_check) # username has a tricky format, fix it if user_attributes.get('username'): u_name = user_attributes['username'] if u_name.find(","): u_name = u_name.split(",")[0] if u_name.find("@"): u_name = u_name.split("@")[0] user_attributes['username'] = u_name # Note that this could be accomplished in one try-except clause, # but instead we use get_or_create when creating unknown users since # it has built-in safeguards for multiple threads. if self.create_unknown_user: # fetching a unique user, it should be the user.profile.sciper if available user, created = self.get_user_from_db(user_attributes, create=True) if created: user = self.configure_user(user) else: user, created = self.get_user_from_db(user_attributes, create=False) if user: # updates data in all cases self.update_attributes_from_tequila(user, user_attributes) if self.user_can_authenticate(user): # all good ! return user
def authenticate(self, request, token=None): """ The username passed as ``remote_user`` is considered trusted. This method simply returns the ``User`` object with the given username, creating a new ``User`` object if ``create_unknown_user`` is ``True``. Returns None if ``create_unknown_user`` is ``False`` and a ``User`` object with the given username is not found in the database. """ tequila_key = token if not tequila_key: return user = None if self.tequila_server_url: user_attributes = TequilaClient( EPFLConfig(server_url=self.tequila_server_url)).get_attributes( tequila_key) else: user_attributes = TequilaClient( EPFLConfig()).get_attributes(tequila_key) # Give de possibility to choose a cusom value for the local username field custom_username_field = getattr(settings, 'TEQUILA_CUSTOM_USERNAME_ATTRIBUTE', 'username') username = user_attributes[custom_username_field] # keep only the first username, not the user@unit or the multiple users if username.find(","): username = username.split(",")[0] if username.find("@"): username = username.split("@")[0] # Note that this could be accomplished in one try-except clause, # but instead we use get_or_create when creating unknown users since # it has built-in safeguards for multiple threads. if self.create_unknown_user: user, created = User.objects.get_or_create( **{User.USERNAME_FIELD: username}) if created: user = self.configure_user(user) else: try: user = User.objects.get(**{User.USERNAME_FIELD: username}) except User.DoesNotExist: pass if user: # updates data in all cases self.update_attributes_from_tequila(user, user_attributes) if self.user_can_authenticate(user): # all good ! return user
def authenticate(self, tequila_key): """ The username passed as ``remote_user`` is considered trusted. This method simply returns the ``User`` object with the given username, creating a new ``User`` object if ``create_unknown_user`` is ``True``. Returns None if ``create_unknown_user`` is ``False`` and a ``User`` object with the given username is not found in the database. """ if not tequila_key: return user = None if self.tequila_server_url: user_attributes = TequilaClient( EPFLConfig(server_url=self.tequila_server_url)).get_attributes( tequila_key) else: user_attributes = TequilaClient( EPFLConfig()).get_attributes(tequila_key) username = user_attributes['username'] #keep only the first username, not the user@unit or the multiple users if username.find(","): username = username.split(",")[0] if username.find("@"): username = username.split("@")[0] # Note that this could be accomplished in one try-except clause, but # instead we use get_or_create when creating unknown users since it has # built-in safeguards for multiple threads. if self.create_unknown_user: user, created = User.objects.get_or_create(username=username) if created: user = self.configure_user(user) else: try: user = User.objects.get(username=username) except User.DoesNotExist: pass if user: self.update_attributes_from_tequila(user, user_attributes) return user
def auth_user(self, username, password, req=None): """Authenticate user-supplied USERNAME and PASSWORD. Return None if authentication failed, or the email address of the person if the authentication was successful. In order to do this you may perhaps have to keep a translation table between usernames and email addresses. Raise InvenioWebAccessExternalAuthError in case of external troubles. """ """step done after we come back from the tequila process. we should have the tequila key as username, and password should be at None """ try: tequila_client = TequilaClient(EPFLConfig(allow_guests=True)) user_attributes = tequila_client.get_attributes(username) return user_attributes['email'] except: # if we cannot get the user attributes, take it as a fail return None