def get_enterprise_customer_for_request(request):
"""
Get the EnterpriseCustomer associated with a particular request.
"""
verify_third_party_auth_dependencies()
pipeline = get_partial_pipeline(request)
return get_enterprise_customer_for_running_pipeline(pipeline)
def enterprise_customer_for_request(request, tpa_hint=None):
"""
Check all the context clues of the request to determine if
the request being made is tied to a particular EnterpriseCustomer.
"""
if not enterprise_enabled():
return None
ec = None
running_pipeline = get_partial_pipeline(request)
if running_pipeline:
# Determine if the user is in the middle of a third-party auth pipeline,
# and set the tpa_hint parameter to match if so.
tpa_hint = Registry.get_from_pipeline(running_pipeline).provider_id
if tpa_hint:
# If we have a third-party auth provider, get the linked enterprise customer.
try:
ec = EnterpriseCustomer.objects.get(
enterprise_customer_identity_provider__provider_id=tpa_hint)
except EnterpriseCustomer.DoesNotExist:
pass
ec_uuid = request.GET.get('enterprise_customer') or request.COOKIES.get(
settings.ENTERPRISE_CUSTOMER_COOKIE_NAME)
# If we haven't obtained an EnterpriseCustomer through the other methods, check the
# session cookies and URL parameters for an explicitly-passed EnterpriseCustomer.
if not ec and ec_uuid:
try:
ec = EnterpriseCustomer.objects.get(uuid=ec_uuid)
except (EnterpriseCustomer.DoesNotExist, ValueError):
ec = None
return ec
def enterprise_customer_for_request(request):
"""
Check all the context clues of the request to determine if
the request being made is tied to a particular EnterpriseCustomer.
"""
if not enterprise_enabled():
return None
ec = None
sso_provider_id = request.GET.get('tpa_hint')
running_pipeline = get_partial_pipeline(request)
if running_pipeline:
# Determine if the user is in the middle of a third-party auth pipeline,
# and set the sso_provider_id parameter to match if so.
sso_provider_id = Registry.get_from_pipeline(
running_pipeline).provider_id
if sso_provider_id:
# If we have a third-party auth provider, get the linked enterprise customer.
try:
# FIXME: Implement an Enterprise API endpoint where we can get the EC
# directly via the linked SSO provider
# Check if there's an Enterprise Customer such that the linked SSO provider
# has an ID equal to the ID we got from the running pipeline or from the
# request tpa_hint URL parameter.
ec_uuid = EnterpriseCustomer.objects.get(
enterprise_customer_identity_provider__provider_id=
sso_provider_id).uuid
except EnterpriseCustomer.DoesNotExist:
# If there is not an EnterpriseCustomer linked to this SSO provider, set
# the UUID variable to be null.
ec_uuid = None
else:
# Check if we got an Enterprise UUID passed directly as either a query
# parameter, or as a value in the Enterprise cookie.
ec_uuid = request.GET.get(
'enterprise_customer') or request.COOKIES.get(
settings.ENTERPRISE_CUSTOMER_COOKIE_NAME)
if not ec_uuid and request.user.is_authenticated():
# If there's no way to get an Enterprise UUID for the request, check to see
# if there's already an Enterprise attached to the requesting user on the backend.
learner_data = get_enterprise_learner_data(request.site, request.user)
if learner_data:
ec_uuid = learner_data[0]['enterprise_customer']['uuid']
if ec_uuid:
# If we were able to obtain an EnterpriseCustomer UUID, go ahead
# and use it to attempt to retrieve EnterpriseCustomer details
# from the EnterpriseCustomer API.
try:
ec = EnterpriseApiClient().get_enterprise_customer(ec_uuid)
except HttpNotFoundError:
ec = None
return ec
def enterprise_customer_for_request(request):
"""
Check all the context clues of the request to determine if
the request being made is tied to a particular EnterpriseCustomer.
"""
if not enterprise_enabled():
return None
ec = None
sso_provider_id = request.GET.get('tpa_hint')
running_pipeline = get_partial_pipeline(request)
if running_pipeline:
# Determine if the user is in the middle of a third-party auth pipeline,
# and set the sso_provider_id parameter to match if so.
sso_provider_id = Registry.get_from_pipeline(running_pipeline).provider_id
if sso_provider_id:
# If we have a third-party auth provider, get the linked enterprise customer.
try:
# FIXME: Implement an Enterprise API endpoint where we can get the EC
# directly via the linked SSO provider
# Check if there's an Enterprise Customer such that the linked SSO provider
# has an ID equal to the ID we got from the running pipeline or from the
# request tpa_hint URL parameter.
ec_uuid = EnterpriseCustomer.objects.get(
enterprise_customer_identity_provider__provider_id=sso_provider_id
).uuid
except EnterpriseCustomer.DoesNotExist:
# If there is not an EnterpriseCustomer linked to this SSO provider, set
# the UUID variable to be null.
ec_uuid = None
else:
# Check if we got an Enterprise UUID passed directly as either a query
# parameter, or as a value in the Enterprise cookie.
ec_uuid = request.GET.get('enterprise_customer') or request.COOKIES.get(settings.ENTERPRISE_CUSTOMER_COOKIE_NAME)
if not ec_uuid and request.user.is_authenticated():
# If there's no way to get an Enterprise UUID for the request, check to see
# if there's already an Enterprise attached to the requesting user on the backend.
learner_data = get_enterprise_learner_data(request.site, request.user)
if learner_data:
ec_uuid = learner_data[0]['enterprise_customer']['uuid']
if ec_uuid:
# If we were able to obtain an EnterpriseCustomer UUID, go ahead
# and use it to attempt to retrieve EnterpriseCustomer details
# from the EnterpriseCustomer API.
try:
ec = EnterpriseApiClient().get_enterprise_customer(ec_uuid)
except HttpNotFoundError:
ec = None
return ec
def enterprise_customer_uuid_for_request(request):
"""
Check all the context clues of the request to gather a particular EnterpriseCustomer's UUID.
"""
sso_provider_id = request.GET.get('tpa_hint')
running_pipeline = get_partial_pipeline(request)
if running_pipeline:
# Determine if the user is in the middle of a third-party auth pipeline,
# and set the sso_provider_id parameter to match if so.
sso_provider_id = Registry.get_from_pipeline(
running_pipeline).provider_id
if sso_provider_id:
# If we have a third-party auth provider, get the linked enterprise customer.
try:
# FIXME: Implement an Enterprise API endpoint where we can get the EC
# directly via the linked SSO provider
# Check if there's an Enterprise Customer such that the linked SSO provider
# has an ID equal to the ID we got from the running pipeline or from the
# request tpa_hint URL parameter.
enterprise_customer_uuid = EnterpriseCustomer.objects.get(
enterprise_customer_identity_provider__provider_id=
sso_provider_id).uuid
except EnterpriseCustomer.DoesNotExist:
enterprise_customer_uuid = None
else:
enterprise_customer_uuid = _customer_uuid_from_query_param_cookies_or_session(
request)
if enterprise_customer_uuid is _CACHE_MISS:
if not request.user.is_authenticated:
return None
# If there's no way to get an Enterprise UUID for the request, check to see
# if there's already an Enterprise attached to the requesting user on the backend.
enterprise_customer = None
learner_data = get_enterprise_learner_data_from_db(request.user)
if learner_data:
enterprise_customer = learner_data[0]['enterprise_customer']
enterprise_customer_uuid = enterprise_customer['uuid']
cache_enterprise(enterprise_customer)
else:
enterprise_customer_uuid = None
# Now that we've asked the database for this users's enterprise customer data,
# add it to their session (even if it's null/empty, which indicates the user
# has no associated enterprise customer).
add_enterprise_customer_to_session(request, enterprise_customer)
return enterprise_customer_uuid
def enterprise_customer_uuid_for_request(request):
"""
Check all the context clues of the request to gather a particular EnterpriseCustomer's UUID.
"""
sso_provider_id = request.GET.get('tpa_hint')
running_pipeline = get_partial_pipeline(request)
if running_pipeline:
# Determine if the user is in the middle of a third-party auth pipeline,
# and set the sso_provider_id parameter to match if so.
sso_provider_id = Registry.get_from_pipeline(
running_pipeline).provider_id
if sso_provider_id:
# If we have a third-party auth provider, get the linked enterprise customer.
try:
# FIXME: Implement an Enterprise API endpoint where we can get the EC
# directly via the linked SSO provider
# Check if there's an Enterprise Customer such that the linked SSO provider
# has an ID equal to the ID we got from the running pipeline or from the
# request tpa_hint URL parameter.
enterprise_customer_uuid = EnterpriseCustomer.objects.get(
enterprise_customer_identity_provider__provider_id=
sso_provider_id).uuid
except EnterpriseCustomer.DoesNotExist:
enterprise_customer_uuid = None
else:
# Check if we got an Enterprise UUID passed directly as either a query
# parameter, or as a value in the Enterprise cookie.
enterprise_customer_uuid = request.GET.get(
'enterprise_customer') or request.COOKIES.get(
settings.ENTERPRISE_CUSTOMER_COOKIE_NAME)
if not enterprise_customer_uuid and request.user.is_authenticated:
# If there's no way to get an Enterprise UUID for the request, check to see
# if there's already an Enterprise attached to the requesting user on the backend.
learner_data = get_enterprise_learner_data(request.user)
if learner_data:
enterprise_customer_uuid = learner_data[0]['enterprise_customer'][
'uuid']
return enterprise_customer_uuid
def post_account_consent(self, request, consent_provided):
"""
Interpret the account-wide form above, and save it to a UserDataSharingConsentAudit object for later retrieval.
"""
self.lift_quarantine(request)
# Load the linked EnterpriseCustomer for this request.
customer = get_enterprise_customer_for_request(request)
if customer is None:
# If we can't get an EnterpriseCustomer from the pipeline, then we don't really
# have enough state to do anything meaningful. Just send the user to the login
# screen; if they want to sign in with an Enterprise-linked SSO, they can do
# so, and the pipeline will get them back here if they need to be.
return redirect('signin_user')
# Attempt to retrieve a user being manipulated by the third-party auth
# pipeline. Return a 404 if no such user exists.
social_auth = get_real_social_auth_object(request)
user = getattr(social_auth, 'user', None)
if user is None:
raise Http404
if not consent_provided and active_provider_enforces_data_sharing(
request, EnterpriseCustomer.AT_LOGIN):
# Flush the session to avoid the possibility of accidental login and to abort the pipeline.
# pipeline is flushed only if data sharing is enforced, in other cases let the user to login.
request.session.flush()
failure_url = request.POST.get('failure_url') or reverse(
'dashboard')
return redirect(failure_url)
enterprise_customer_user, __ = EnterpriseCustomerUser.objects.get_or_create(
user_id=user.id,
enterprise_customer=customer,
)
platform_name = configuration_helpers.get_value(
'PLATFORM_NAME', settings.PLATFORM_NAME)
messages.success(
request,
_('{span_start}Account created{span_end} Thank you for creating an account with {platform_name}.'
).format(
platform_name=platform_name,
span_start='<span>',
span_end='</span>',
))
if not user.is_active:
messages.info(
request,
_('{span_start}Activate your account{span_end} Check your inbox for an activation email. '
'You will not be able to log back into your account until you have activated it.'
).format(span_start='<span>', span_end='</span>'))
UserDataSharingConsentAudit.objects.update_or_create(
user=enterprise_customer_user,
defaults={
'state':
(UserDataSharingConsentAudit.ENABLED
if consent_provided else UserDataSharingConsentAudit.DISABLED)
})
# Resume auth pipeline
backend_name = get_partial_pipeline(request).get('backend')
return redirect(get_complete_url(backend_name))
