def login(request, template="im/third_party_check_local.html", extra_context=None):
init_third_party_session(request)
extra_context = extra_context or {}
tokens = request.META
third_party_key = get_pending_key(request)
shibboleth_headers = {}
for token in dir(Tokens):
if token == token.upper():
shibboleth_headers[token] = request.META.get(getattr(Tokens, token), "NOT_SET")
# also include arbitrary shibboleth headers
for key in request.META.keys():
if key.startswith("HTTP_SHIB_"):
shibboleth_headers[key.replace("HTTP_", "")] = request.META.get(key)
# log shibboleth headers
# TODO: info -> debug
logger.info("shibboleth request: %r" % shibboleth_headers)
try:
eppn = tokens.get(Tokens.SHIB_EPPN, None)
user_id = tokens.get(Tokens.SHIB_REMOTE_USER)
fullname, first_name, last_name, email = None, None, None, None
if global_settings.DEBUG and not eppn:
user_id = getattr(global_settings, "SHIBBOLETH_TEST_REMOTE_USER", None)
eppn = getattr(global_settings, "SHIBBOLETH_TEST_EPPN", None)
fullname = getattr(global_settings, "SHIBBOLETH_TEST_FULLNAME", None)
if not user_id:
raise KeyError(
_(astakos_messages.SHIBBOLETH_MISSING_USER_ID)
% {"domain": settings.BASE_HOST, "contact_email": settings.CONTACT_EMAIL}
)
if Tokens.SHIB_DISPLAYNAME in tokens:
fullname = tokens[Tokens.SHIB_DISPLAYNAME]
elif Tokens.SHIB_CN in tokens:
fullname = tokens[Tokens.SHIB_CN]
if Tokens.SHIB_NAME in tokens:
first_name = tokens[Tokens.SHIB_NAME]
if Tokens.SHIB_SURNAME in tokens:
last_name = tokens[Tokens.SHIB_SURNAME]
if fullname:
splitted = fullname.split(" ", 1)
if len(splitted) == 2:
first_name, last_name = splitted
fullname = "%s %s" % (first_name, last_name)
if not any([first_name, last_name]) and settings.SHIBBOLETH_REQUIRE_NAME_INFO:
raise KeyError(_(astakos_messages.SHIBBOLETH_MISSING_NAME))
except KeyError, e:
# invalid shibboleth headers, redirect to login, display message
logger.exception(e)
messages.error(request, e.message)
return HttpResponseRedirect(login_url(request))
def login(
request,
template='im/third_party_check_local.html',
extra_context=None):
init_third_party_session(request)
extra_context = extra_context or {}
tokens = request.META
third_party_key = get_pending_key(request)
shibboleth_headers = {}
for token in dir(Tokens):
if token == token.upper():
shibboleth_headers[token] = request.META.get(getattr(Tokens,
token),
'NOT_SET')
# also include arbitrary shibboleth headers
for key in request.META.keys():
if key.startswith('HTTP_SHIB_'):
shibboleth_headers[key.replace('HTTP_', '')] = \
request.META.get(key)
# log shibboleth headers
# TODO: info -> debug
logger.info("shibboleth request: %r" % shibboleth_headers)
try:
eppn = tokens.get(Tokens.SHIB_EPPN)
if global_settings.DEBUG and not eppn:
eppn = getattr(global_settings, 'SHIBBOLETH_TEST_EPPN', None)
realname = getattr(global_settings, 'SHIBBOLETH_TEST_REALNAME',
None)
if not eppn:
raise KeyError(_(astakos_messages.SHIBBOLETH_MISSING_EPPN) % {
'domain': settings.BASE_HOST,
'contact_email': settings.CONTACT_EMAIL
})
if Tokens.SHIB_DISPLAYNAME in tokens:
realname = tokens[Tokens.SHIB_DISPLAYNAME]
elif Tokens.SHIB_CN in tokens:
realname = tokens[Tokens.SHIB_CN]
elif Tokens.SHIB_NAME in tokens and Tokens.SHIB_SURNAME in tokens:
realname = tokens[Tokens.SHIB_NAME] + ' ' + tokens[Tokens.SHIB_SURNAME]
else:
if settings.SHIBBOLETH_REQUIRE_NAME_INFO:
raise KeyError(_(astakos_messages.SHIBBOLETH_MISSING_NAME))
else:
realname = ''
except KeyError, e:
# invalid shibboleth headers, redirect to login, display message
messages.error(request, e.message)
return HttpResponseRedirect(login_url(request))
def login(request,
template='im/third_party_check_local.html',
extra_context=None):
init_third_party_session(request)
extra_context = extra_context or {}
tokens = request.META
third_party_key = get_pending_key(request)
shibboleth_headers = {}
for token in dir(Tokens):
if token == token.upper():
shibboleth_headers[token] = request.META.get(getattr(Tokens,
token),
'NOT_SET')
# also include arbitrary shibboleth headers
for key in request.META.keys():
if key.startswith('HTTP_SHIB_'):
shibboleth_headers[key.replace('HTTP_', '')] = \
request.META.get(key)
# log shibboleth headers
# TODO: info -> debug
logger.info("shibboleth request: %r" % shibboleth_headers)
try:
eppn = tokens.get(Tokens.SHIB_EPPN, None)
user_id = tokens.get(Tokens.SHIB_REMOTE_USER)
fullname, first_name, last_name, email = None, None, None, None
if global_settings.DEBUG and not eppn:
user_id = getattr(global_settings, 'SHIBBOLETH_TEST_REMOTE_USER',
None)
eppn = getattr(global_settings, 'SHIBBOLETH_TEST_EPPN', None)
fullname = getattr(global_settings, 'SHIBBOLETH_TEST_FULLNAME',
None)
if not user_id:
raise KeyError(_(astakos_messages.SHIBBOLETH_MISSING_USER_ID) % {
'domain': settings.BASE_HOST,
'contact_email': settings.CONTACT_EMAIL
})
if Tokens.SHIB_DISPLAYNAME in tokens:
fullname = tokens[Tokens.SHIB_DISPLAYNAME]
elif Tokens.SHIB_CN in tokens:
fullname = tokens[Tokens.SHIB_CN]
if Tokens.SHIB_NAME in tokens:
first_name = tokens[Tokens.SHIB_NAME]
if Tokens.SHIB_SURNAME in tokens:
last_name = tokens[Tokens.SHIB_SURNAME]
if fullname:
splitted = fullname.split(' ', 1)
if len(splitted) == 2:
first_name, last_name = splitted
fullname = '%s %s' % (first_name, last_name)
if not any([first_name, last_name]) and \
settings.SHIBBOLETH_REQUIRE_NAME_INFO:
raise KeyError(_(astakos_messages.SHIBBOLETH_MISSING_NAME))
except KeyError, e:
# invalid shibboleth headers, redirect to login, display message
logger.exception(e)
messages.error(request, e.message)
return HttpResponseRedirect(login_url(request))
def handle_third_party_login(request,
provider_module,
identifier,
provider_info=None,
affiliation=None,
third_party_key=None):
if not provider_info:
provider_info = {}
if not affiliation:
affiliation = provider_module.title()
next_redirect = request.GET.get('next',
request.session.get('next_url', None))
if 'next_url' in request.session:
del request.session['next_url']
third_party_request_params = get_third_party_session_params(request)
from_login = third_party_request_params.get('from_login', False)
switch_from = third_party_request_params.get('switch_from', False)
provider_data = {'affiliation': affiliation, 'info': provider_info}
provider = auth.get_provider(provider_module, request.user, identifier,
**provider_data)
# an existing user accessed the view
if request.user.is_authenticated():
if request.user.has_auth_provider(provider.module,
identifier=identifier):
return HttpResponseRedirect(reverse('edit_profile'))
if provider.verified_exists():
provider.log("add failed (identifier exists to another user)")
messages.error(request, provider.get_add_exists_msg)
return HttpResponseRedirect(reverse('edit_profile'))
# automatically add identifier provider to user
if not switch_from and not provider.get_add_policy:
# TODO: handle existing uuid message separately
provider.log("user cannot add provider")
messages.error(request, provider.get_add_failed_msg)
return HttpResponseRedirect(reverse('edit_profile'))
user = request.user
if switch_from:
existing_provider = \
request.user.auth_providers.active().get(
pk=int(switch_from), module=provider_module).settings
# this is not a provider removal so we don't not use
# provider.remove_from_user. Use low level access to the provider
# db instance.
if not provider.verified_exists():
if provider.get_add_policy:
existing_provider._instance.delete()
existing_provider.log("removed")
provider.add_to_user()
provider.log("added")
else:
messages.error(request, provider.get_add_exists_msg)
return HttpResponseRedirect(reverse('edit_profile'))
messages.success(request, provider.get_switch_success_msg)
return HttpResponseRedirect(reverse('edit_profile'))
provider.add_to_user()
provider.log("added")
provider = user.get_auth_provider(provider_module, identifier)
messages.success(request, provider.get_added_msg)
return HttpResponseRedirect(reverse('edit_profile'))
# astakos user exists ?
try:
user = AstakosUser.objects.get_auth_provider_user(
provider_module,
identifier=identifier,
user__email_verified=True,
)
except AstakosUser.DoesNotExist:
# TODO: add a message ? redirec to login ?
if astakos_messages.AUTH_PROVIDER_SIGNUP_FROM_LOGIN:
messages.warning(request,
astakos_messages.AUTH_PROVIDER_SIGNUP_FROM_LOGIN)
raise
if not third_party_key:
third_party_key = get_pending_key(request)
provider = user.get_auth_provider(provider_module, identifier)
if user.is_active:
if not provider.get_login_policy:
messages.error(request, provider.get_login_disabled_msg)
return HttpResponseRedirect(reverse('login'))
# authenticate user
response = prepare_response(request, user, next_redirect, 'renew'
in request.GET)
messages.success(request, provider.get_login_success_msg)
add_pending_auth_provider(request, third_party_key, provider)
response.set_cookie('astakos_last_login_method', provider_module)
return response
else:
message = user.get_inactive_message(provider_module, identifier)
messages.error(request, message)
return HttpResponseRedirect(login_url(request))
def handle_third_party_login(request, provider_module, identifier,
provider_info=None, affiliation=None,
third_party_key=None):
if not provider_info:
provider_info = {}
if not affiliation:
affiliation = provider_module.title()
next_redirect = request.GET.get(
'next', request.session.get('next_url', None))
if 'next_url' in request.session:
del request.session['next_url']
third_party_request_params = get_third_party_session_params(request)
from_login = third_party_request_params.get('from_login', False)
switch_from = third_party_request_params.get('switch_from', False)
provider_data = {
'affiliation': affiliation,
'info': provider_info
}
provider = auth.get_provider(provider_module, request.user, identifier,
**provider_data)
# an existing user accessed the view
if request.user.is_authenticated():
if request.user.has_auth_provider(provider.module,
identifier=identifier):
return HttpResponseRedirect(reverse('edit_profile'))
if provider.verified_exists():
provider.log("add failed (identifier exists to another user)")
messages.error(request, provider.get_add_exists_msg)
return HttpResponseRedirect(reverse('edit_profile'))
# automatically add identifier provider to user
if not switch_from and not provider.get_add_policy:
# TODO: handle existing uuid message separately
provider.log("user cannot add provider")
messages.error(request, provider.get_add_failed_msg)
return HttpResponseRedirect(reverse('edit_profile'))
user = request.user
if switch_from:
existing_provider = \
request.user.auth_providers.active().get(
pk=int(switch_from), module=provider_module).settings
# this is not a provider removal so we don't not use
# provider.remove_from_user. Use low level access to the provider
# db instance.
if not provider.verified_exists():
if provider.get_add_policy:
existing_provider._instance.delete()
existing_provider.log("removed")
provider.add_to_user()
provider.log("added")
else:
messages.error(request, provider.get_add_exists_msg)
return HttpResponseRedirect(reverse('edit_profile'))
messages.success(request, provider.get_switch_success_msg)
return HttpResponseRedirect(reverse('edit_profile'))
provider.add_to_user()
provider.log("added")
provider = user.get_auth_provider(provider_module, identifier)
messages.success(request, provider.get_added_msg)
return HttpResponseRedirect(reverse('edit_profile'))
# astakos user exists ?
try:
user = AstakosUser.objects.get_auth_provider_user(
provider_module,
identifier=identifier,
user__email_verified=True,
)
except AstakosUser.DoesNotExist:
# TODO: add a message ? redirec to login ?
if astakos_messages.AUTH_PROVIDER_SIGNUP_FROM_LOGIN:
messages.warning(request,
astakos_messages.AUTH_PROVIDER_SIGNUP_FROM_LOGIN)
raise
if not third_party_key:
third_party_key = get_pending_key(request)
provider = user.get_auth_provider(provider_module, identifier)
if user.is_active:
if not provider.get_login_policy:
messages.error(request, provider.get_login_disabled_msg)
return HttpResponseRedirect(reverse('login'))
# authenticate user
response = prepare_response(request, user, next_redirect,
'renew' in request.GET)
messages.success(request, provider.get_login_success_msg)
add_pending_auth_provider(request, third_party_key, provider)
response.set_cookie('astakos_last_login_method', provider_module)
return response
else:
message = user.get_inactive_message(provider_module, identifier)
messages.error(request, message)
return HttpResponseRedirect(login_url(request))
