def max_login(self, session):
""" Logs a user in if their password matches using MAX
Args:
session: Session object from flask
Returns:
A JsonResponse containing the user information or details on which error occurred, such as whether a
type was wrong, something wasn't implemented, invalid keys were provided, login was denied, or a
different, unexpected error occurred.
"""
try:
safe_dictionary = RequestDictionary(self.request)
ticket = safe_dictionary.get_value("ticket")
service = safe_dictionary.get_value('service')
# Call MAX's serviceValidate endpoint and retrieve the response
max_dict = get_max_dict(ticket, service)
if 'cas:authenticationSuccess' not in max_dict[
'cas:serviceResponse']:
raise ValueError(
"The Max CAS endpoint was unable to locate your session "
"using the ticket/service combination you provided.")
cas_attrs = max_dict['cas:serviceResponse'][
'cas:authenticationSuccess']['cas:attributes']
# Grab MAX ID to see if a service account is being logged in
max_id_components = cas_attrs['maxAttribute:MAX-ID'].split('_')
service_account_flag = (len(max_id_components) > 1
and max_id_components[0].lower() == 's')
# Grab the email and list of groups from MAX's response
email = cas_attrs['maxAttribute:Email-Address']
try:
sess = GlobalDB.db().session
user = sess.query(User).filter(
func.lower(User.email) == func.lower(email)).one_or_none()
# If the user does not exist, create them since they are allowed to access the site because they got
# past the above group membership checks
if user is None:
user = User()
user.email = email
set_user_name(user, cas_attrs)
set_max_perms(user, cas_attrs['maxAttribute:GroupList'],
service_account_flag)
sess.add(user)
sess.commit()
except MultipleResultsFound:
raise ValueError("An error occurred during login.")
return self.create_session_and_response(session, user)
# Catch any specifically raised errors or any other errors that may have happened and return them cleanly.
# We add the error parameter here because this endpoint needs to provide better feedback, and to avoid changing
# the default behavior of the JsonResponse class globally.
except (TypeError, KeyError, NotImplementedError) as e:
# Return a 400 with appropriate message
return JsonResponse.error(e, StatusCode.CLIENT_ERROR, error=str(e))
except ValueError as e:
# Return a 401 for login denied
return JsonResponse.error(e,
StatusCode.LOGIN_REQUIRED,
error=str(e))
except Exception as e:
# Return 500
return JsonResponse.error(e,
StatusCode.INTERNAL_ERROR,
error=str(e))
def max_login(self, session):
""" Logs a user in if their password matches using MAX
Args:
session: Session object from flask
Returns:
A JsonResponse containing the user information or details on which error occurred, such as whether a
type was wrong, something wasn't implemented, invalid keys were provided, login was denied, or a
different, unexpected error occurred.
"""
try:
safe_dictionary = RequestDictionary(self.request)
ticket = safe_dictionary.get_value("ticket")
service = safe_dictionary.get_value('service')
# Call MAX's serviceValidate endpoint and retrieve the response
max_dict = get_max_dict(ticket, service)
if 'cas:authenticationSuccess' not in max_dict['cas:serviceResponse']:
raise ValueError("The Max CAS endpoint was unable to locate your session "
"using the ticket/service combination you provided.")
cas_attrs = max_dict['cas:serviceResponse']['cas:authenticationSuccess']['cas:attributes']
# Grab MAX ID to see if a service account is being logged in
max_id_components = cas_attrs['maxAttribute:MAX-ID'].split('_')
service_account_flag = (len(max_id_components) > 1 and max_id_components[0].lower() == 's')
# Grab the email and list of groups from MAX's response
email = cas_attrs['maxAttribute:Email-Address']
try:
sess = GlobalDB.db().session
user = sess.query(User).filter(func.lower(User.email) == func.lower(email)).one_or_none()
# If the user does not exist, create them since they are allowed to access the site because they got
# past the above group membership checks
if user is None:
user = User()
user.email = email
set_user_name(user, cas_attrs)
set_max_perms(user, cas_attrs['maxAttribute:GroupList'], service_account_flag)
sess.add(user)
sess.commit()
except MultipleResultsFound:
raise ValueError("An error occurred during login.")
return self.create_session_and_response(session, user)
# Catch any specifically raised errors or any other errors that may have happened and return them cleanly.
# We add the error parameter here because this endpoint needs to provide better feedback, and to avoid changing
# the default behavior of the JsonResponse class globally.
except (TypeError, KeyError, NotImplementedError) as e:
# Return a 400 with appropriate message
return JsonResponse.error(e, StatusCode.CLIENT_ERROR, error=str(e))
except ValueError as e:
# Return a 401 for login denied
return JsonResponse.error(e, StatusCode.LOGIN_REQUIRED, error=str(e))
except Exception as e:
# Return 500
return JsonResponse.error(e, StatusCode.INTERNAL_ERROR, error=str(e))
def max_login(self, session):
"""
Logs a user in if their password matches
arguments:
session -- (Session) object from flask
return the response object
"""
try:
safe_dictionary = RequestDictionary(self.request)
# Obtain POST content
ticket = safe_dictionary.get_value("ticket")
service = safe_dictionary.get_value('service')
# Call MAX's serviceValidate endpoint and retrieve the response
max_dict = get_max_dict(ticket, service)
if 'cas:authenticationSuccess' not in max_dict['cas:serviceResponse']:
raise ValueError("You have failed to login successfully with MAX")
cas_attrs = max_dict['cas:serviceResponse']['cas:authenticationSuccess']['cas:attributes']
# Grab the email and list of groups from MAX's response
email = cas_attrs['maxAttribute:Email-Address']
try:
sess = GlobalDB.db().session
user = sess.query(User).filter(func.lower(User.email) == func.lower(email)).one_or_none()
# If the user does not exist, create them since they are allowed to access the site because they got
# past the above group membership checks
if user is None:
user = User()
first_name = cas_attrs['maxAttribute:First-Name']
middle_name = cas_attrs['maxAttribute:Middle-Name']
last_name = cas_attrs['maxAttribute:Last-Name']
user.email = email
# Check for None first so the condition can short-circuit without
# having to worry about calling strip() on a None object
if middle_name is None or middle_name.strip() == '':
user.name = first_name + " " + last_name
else:
user.name = first_name + " " + middle_name[0] + ". " + last_name
set_max_perms(user, cas_attrs['maxAttribute:GroupList'])
sess.add(user)
sess.commit()
except MultipleResultsFound:
raise ValueError("An error occurred during login.")
return self.create_session_and_response(session, user)
except (TypeError, KeyError, NotImplementedError) as e:
# Return a 400 with appropriate message
return JsonResponse.error(e, StatusCode.CLIENT_ERROR)
except ValueError as e:
# Return a 401 for login denied
return JsonResponse.error(e, StatusCode.LOGIN_REQUIRED)
except Exception as e:
# Return 500
return JsonResponse.error(e, StatusCode.INTERNAL_ERROR)
def max_login(self,session):
"""
Logs a user in if their password matches
arguments:
session -- (Session) object from flask
return the reponse object
"""
try:
safeDictionary = RequestDictionary(self.request)
# Obtain POST content
ticket = safeDictionary.getValue("ticket")
service = safeDictionary.getValue('service')
parent_group = CONFIG_BROKER['parent_group']
# Call MAX's serviceValidate endpoint and retrieve the response
max_dict = self.get_max_dict(ticket, service)
if not 'cas:authenticationSuccess' in max_dict['cas:serviceResponse']:
raise ValueError("You have failed to login successfully with MAX")
# Grab the email and list of groups from MAX's response
email = max_dict['cas:serviceResponse']['cas:authenticationSuccess']['cas:attributes']['maxAttribute:Email-Address']
group_list_all = max_dict['cas:serviceResponse']['cas:authenticationSuccess']['cas:attributes']['maxAttribute:GroupList'].split(',')
group_list = [g for g in group_list_all if g.startswith(parent_group)]
cgac_group = [g for g in group_list if g.startswith(parent_group+"-CGAC_")]
# Deny access if they are not aligned with an agency
if not cgac_group:
raise ValueError("You have logged in with MAX but do not have permission to access the broker.")
try:
sess = GlobalDB.db().session
user = sess.query(User).filter(func.lower(User.email) == func.lower(email)).one_or_none()
# If the user does not exist, create them since they are allowed to access the site because they got
# past the above group membership checks
if user is None:
user = User()
first_name = max_dict["cas:serviceResponse"]['cas:authenticationSuccess']['cas:attributes'][
'maxAttribute:First-Name']
middle_name = max_dict["cas:serviceResponse"]['cas:authenticationSuccess']['cas:attributes'][
'maxAttribute:Middle-Name']
last_name = max_dict["cas:serviceResponse"]['cas:authenticationSuccess']['cas:attributes'][
'maxAttribute:Last-Name']
user.email = email
# Check for None first so the condition can short-circuit without
# having to worry about calling strip() on a None object
if middle_name is None or middle_name.strip() == '':
user.name = first_name + " " + last_name
else:
user.name = first_name + " " + middle_name[0] + ". " + last_name
user.user_status_id = user.user_status_id = USER_STATUS_DICT['approved']
sess.add(user)
sess.commit()
# update user's cgac based on their current membership
# If part of the SYS agency, use that as the cgac otherwise use the first agency provided
if [g for g in cgac_group if g.endswith("SYS")]:
user.cgac_code = "SYS"
else:
user.cgac_code = cgac_group[0][-3:]
self.grant_highest_permission(sess, user, group_list, cgac_group[0])
except MultipleResultsFound:
raise ValueError("An error occurred during login.")
return self.create_session_and_response(session, user)
except (TypeError, KeyError, NotImplementedError) as e:
# Return a 400 with appropriate message
return JsonResponse.error(e,StatusCode.CLIENT_ERROR)
except ValueError as e:
# Return a 401 for login denied
return JsonResponse.error(e,StatusCode.LOGIN_REQUIRED)
except Exception as e:
# Return 500
return JsonResponse.error(e,StatusCode.INTERNAL_ERROR)
return self.response
def max_login(self, session):
"""
Logs a user in if their password matches
arguments:
session -- (Session) object from flask
return the response object
"""
try:
safe_dictionary = RequestDictionary(self.request)
# Obtain POST content
ticket = safe_dictionary.get_value("ticket")
service = safe_dictionary.get_value('service')
# Call MAX's serviceValidate endpoint and retrieve the response
max_dict = get_max_dict(ticket, service)
if 'cas:authenticationSuccess' not in max_dict[
'cas:serviceResponse']:
raise ValueError(
"You have failed to login successfully with MAX")
cas_attrs = max_dict['cas:serviceResponse'][
'cas:authenticationSuccess']['cas:attributes']
# Grab the email and list of groups from MAX's response
email = cas_attrs['maxAttribute:Email-Address']
try:
sess = GlobalDB.db().session
user = sess.query(User).filter(
func.lower(User.email) == func.lower(email)).one_or_none()
# If the user does not exist, create them since they are allowed to access the site because they got
# past the above group membership checks
if user is None:
user = User()
first_name = cas_attrs['maxAttribute:First-Name']
middle_name = cas_attrs['maxAttribute:Middle-Name']
last_name = cas_attrs['maxAttribute:Last-Name']
user.email = email
# Check for None first so the condition can short-circuit without
# having to worry about calling strip() on a None object
if middle_name is None or middle_name.strip() == '':
user.name = first_name + " " + last_name
else:
user.name = first_name + " " + middle_name[
0] + ". " + last_name
set_max_perms(user, cas_attrs['maxAttribute:GroupList'])
sess.add(user)
sess.commit()
except MultipleResultsFound:
raise ValueError("An error occurred during login.")
return self.create_session_and_response(session, user)
except (TypeError, KeyError, NotImplementedError) as e:
# Return a 400 with appropriate message
return JsonResponse.error(e, StatusCode.CLIENT_ERROR)
except ValueError as e:
# Return a 401 for login denied
return JsonResponse.error(e, StatusCode.LOGIN_REQUIRED)
except Exception as e:
# Return 500
return JsonResponse.error(e, StatusCode.INTERNAL_ERROR)
