Exemplo n.º 1
0
 def clean(self):
     if self.cleaned_data.get('is_shibboleth_login_required'):
         try:
             Institution.is_valid_email_address(
                 self.cleaned_data.get('email'))
         except InvalidInstitutionalEmailAddress as e:
             raise forms.ValidationError(str(e))
Exemplo n.º 2
0
 def test_invalid_institutional_identity_provider(self):
     with self.assertRaises(InvalidInstitutionalIndentityProvider) as e:
         Institution.is_valid_identity_provider(
             'https://idp.invalid-identity-provider.ac.uk/shibboleth'
         )
     self.assertEqual(
         str(e.exception), 'Identity provider is not supported.'
     )
Exemplo n.º 3
0
 def clean(self):
     cleaned_data = super().clean()
     is_shibboleth_login_required = cleaned_data.get(
         'is_shibboleth_login_required')
     email = cleaned_data.get('email')
     if is_shibboleth_login_required:
         try:
             Institution.is_valid_email_address(email)
         except InvalidInstitution as e:
             raise forms.ValidationError(str(e))
Exemplo n.º 4
0
def create_institution(user,
                       domain='dfva.cr',
                       name="test institution",
                       institution_unit='QA'):
    save_model = Institution(user=user,
                             name=name,
                             active=True,
                             domain=domain,
                             institution_unit=institution_unit)
    create_certiticate(domain, save_model)
    save_model.save()

    return save_model
Exemplo n.º 5
0
 def institution_get_or_create(self, i, row):
     try:
         Institution(finess=row['finess']).clean_fields()
     except ValidationError as e:
         if 'finess' in e.message_dict:
             self.errors[i + 1] = dict(row=row,
                                       message='FINESS invalide {}'.format(
                                           row['finess']))
             return
     return Institution.objects.get_or_create(finess=row['finess'])[0]
Exemplo n.º 6
0
 def test_parse_support_email_from_user_email(self):
     """
     Ensure the correct support email address is returned.
     """
     institution = Institution.objects.create(
         name='Example University',
         base_domain='example.ac.uk',
         support_email='*****@*****.**',
     )
     test_cases = {
         "*****@*****.**": institution.support_email,
         "*****@*****.**": settings.DEFAULT_SUPPORT_EMAIL
     }
     for user_email, support_email in test_cases.items():
         result = Institution.parse_support_email_from_user_email(user_email)
         self.assertEqual(result, support_email)
Exemplo n.º 7
0
def user_created_notification(user):
    """
    Notify support that a user has created an account. 
    """
    subject = _('{company_name} User Account Created'.format(
        company_name=settings.COMPANY_NAME))
    support_email = Institution.parse_support_email_from_user_email(user.email)
    context = {
        'first_name': user.first_name,
        'last_name': user.last_name,
        'university': user.profile.institution.name,
        'reason': user.reason_for_account,
        'to': support_email,
    }
    text_template_path = 'notifications/user/created.txt'
    html_template_path = 'notifications/user/created.html'
    email_user(subject, context, text_template_path, html_template_path)
Exemplo n.º 8
0
def project_created_notification(project):
    """
    Notify support that a new project has been created.
    """
    subject = _('{company_name} Project Created'.format(
        company_name=settings.COMPANY_NAME))
    support_email = Institution.parse_support_email_from_user_email(
        project.tech_lead.email)
    context = {
        'code': project.code,
        'university': project.tech_lead.profile.institution.name,
        'technical_lead': project.tech_lead,
        'title': project.title,
        'to': support_email,
    }
    text_template_path = 'notifications/project/created.txt'
    html_template_path = 'notifications/project/created.html'
    email_user(subject, context, text_template_path, html_template_path)
Exemplo n.º 9
0
 def test_valid_institutional_identity_provider(self):
     self.assertTrue(
         Institution.is_valid_identity_provider(
             'https://idp.bangor.ac.uk/shibboleth'))
Exemplo n.º 10
0
 def test_invalid_institutional_email_address(self):
     with self.assertRaises(InvalidInstitutionalEmailAddress) as e:
         Institution.is_valid_email_address('*****@*****.**')
     self.assertEqual(str(e.exception),
                      'Email address domain is not supported.')
Exemplo n.º 11
0
 def test_valid_institutional_email_address(self):
     self.assertTrue(
         Institution.is_valid_email_address('*****@*****.**'))
Exemplo n.º 12
0
def test_institution_str():
    assert str(Institution(finess=310000000)) == '310000000'
Exemplo n.º 13
0
def test_institution_finess():
    Institution(finess=310000000, origin='o').full_clean()

    with pytest.raises(ValidationError):
        Institution(finess=30999999, origin='o').full_clean()
Exemplo n.º 14
0
    def process_request(self, request):
        # The identity of external collaborators is managed within the django application.
        # Therefore, exclude the external collaborator login form from the SCW Remote User
        # Middleware.
        if request.path.startswith(reverse('external-login')):
            return

        # AuthenticationMiddleware is required so that request.user exists.
        if not hasattr(request, 'user'):
            raise ImproperlyConfigured(
                "The Django remote user auth middleware requires the authentication middleware to "
                " be installed. Edit your MIDDLEWARE setting to insert "
                "'django.contrib.auth.middleware.AuthenticationMiddleware' "
                "before the RemoteUserMiddleware class.")

        # Prevent the user from logging in if the django application requires the user to
        # reauthenticate with their shibboleth identity provider.
        # This will require the user to close their browser.
        if request.session.get(
                settings.SHIBBOLETH_FORCE_REAUTH_SESSION_KEY) == True:
            return

        # Locate the required headers.
        try:
            username = request.META[self.header]
            identity_provider = request.META['Shib-Identity-Provider']
        except KeyError:
            # If the required headers do not exist then return, leaving request.user set to
            # AnonymousUser by the AuthenticationMiddleware.
            return

        # If we got an empty value for REMOTE USER header, it's an anonymous user.
        if not username:
            if self.force_logout_if_no_header and request.user.is_authenticated:
                self._remove_invalid_user(request)
            return

        # Ensure the Shib-Identity-Provider is supported / valid.
        try:
            Institution.is_valid_identity_provider(identity_provider)
        except InvalidIndentityProvider:
            return

        # The REMOTE USER header may return the authenticated user's email address or username.
        email_regex = r'(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)'
        if not re.match(email_regex, username):
            # Must append the institutions base domain to the username.
            institution = Institution.objects.get(
                identity_provider=identity_provider)
            username = '******'.join([username, institution.base_domain])

        # If the user is already authenticated and that user is the user we are getting passed in
        # the headers, then the correct user is already persisted in the session and we don't need
        # to continue.
        if request.user.is_authenticated:
            if request.user.username == self.clean_username(username, request):
                return
            else:
                self._remove_invalid_user(request)

        # Make sure we have all required Shibboleth elements before proceeding.
        shib_meta, error = ShibbolethRemoteUserMiddleware.parse_attributes(
            request)

        # Add parsed attributes to the session.
        request.session['shib'] = shib_meta
        request.session['shib']['username'] = username  # Override

        if error:
            raise ShibbolethValidationError(
                'All required Shibboleth elements not found. %s' % shib_meta)

        # We are seeing this user for the first time in this session, attempt to authenticate
        # the user.
        user = auth.authenticate(remote_user=username, shib_meta=shib_meta)
        if user:
            # Set request.user and persist user in the session by logging the user in.
            request.user = user
            auth.login(request, user)
        else:
            # Redirect the user to apply for an account.
            url_name = resolve(request.path_info).url_name
            if url_name != 'register':
                return HttpResponseRedirect(reverse('register'))