def logout(request, username=None):
from django.contrib.auth import logout
logout(request)
if saml.is_saml_session(request):
url = saml.logout_url(request)
else:
url = reverse("index")
messages.success(request, 'Logout was successful.')
return HttpResponseRedirect(url)
def logout(request, username=None):
from django.contrib.auth import logout
logout(request)
if saml.is_saml_session(request):
url = saml.logout_url(request)
else:
url = reverse("index")
messages.success(request, 'Logout was successful.')
return HttpResponseRedirect(url)
def saml_details(request):
redirect_to = reverse('saml_details')
saml_session = saml.is_saml_session(request)
if request.method == 'POST':
if 'login' in request.POST:
if request.user.is_authenticated():
person = request.user
institute = person.institute
if institute.saml_entityid:
redirect_to = reverse("saml_details")
url = saml.build_shib_url(request, redirect_to,
institute.saml_entityid)
return HttpResponseRedirect(url)
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
elif 'register' in request.POST:
if request.user.is_authenticated() and saml_session:
person = request.user
person = saml.add_saml_data(
person, request)
person.save()
url = reverse("saml_details")
return HttpResponseRedirect(url)
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
elif 'logout' in request.POST:
if saml_session:
url = saml.logout_url(request)
return HttpResponseRedirect(url)
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
attrs = {}
if saml_session:
attrs, _ = saml.parse_attributes(request)
saml_session = True
person = None
if request.user.is_authenticated():
person = request.user
return render_to_response('people/saml_detail.html',
{'attrs': attrs, 'saml_session': saml_session,
'person': person, },
context_instance=RequestContext(request))
def saml_login(request):
redirect_to = reverse('index')
if 'next' in request.GET:
redirect_to = request.GET['next']
error = None
saml_session = saml.is_saml_session(request)
form = saml.SAMLInstituteForm(request.POST or None)
if request.method == 'POST':
if 'login' in request.POST and form.is_valid():
institute = form.cleaned_data['institute']
url = saml.build_shib_url(request, redirect_to,
institute.saml_entityid)
return HttpResponseRedirect(url)
elif 'logout' in request.POST:
if saml_session:
url = saml.logout_url(request)
return HttpResponseRedirect(url)
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
elif request.user.is_authenticated():
error = "You are already logged in."
elif saml_session:
attrs, error = saml.parse_attributes(request)
saml_id = attrs['persistent_id']
try:
Person.objects.get(saml_id=saml_id)
# This should not happen, suggests a fault in the saml middleware
error = "Shibboleth session established " \
"but you did not get logged in. "
except Person.DoesNotExist:
email = attrs['email']
try:
Person.objects.get(email=email)
error = "Cannot log in with this shibboleth account. " \
"Please try using the Karaage login instead."
except Person.DoesNotExist:
if apps.is_installed("karaage.plugins.kgapplications"):
app_url = reverse('kg_application_new')
return HttpResponseRedirect(app_url)
else:
error = "Cannot log in with shibboleth as " \
"we do not recognise your shibboleth id."
return render(template_name='karaage/people/profile_login_saml.html',
context={
'form': form,
'error': error,
'saml_session': saml_session,
},
request=request)
def saml_details(request):
redirect_to = reverse('kg_profile_saml')
saml_session = saml.is_saml_session(request)
if request.method == 'POST':
if 'login' in request.POST:
if request.user.is_authenticated():
person = request.user
institute = person.institute
if institute.saml_entityid:
url = saml.build_shib_url(request, redirect_to,
institute.saml_entityid)
return HttpResponseRedirect(url)
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
elif 'register' in request.POST:
if request.user.is_authenticated() and saml_session:
person = request.user
person = saml.add_saml_data(person, request)
person.save()
return HttpResponseRedirect(redirect_to)
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
elif 'logout' in request.POST:
if saml_session:
url = saml.logout_url(request)
return HttpResponseRedirect(url)
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
attrs = {}
if saml_session:
attrs, _ = saml.parse_attributes(request)
saml_session = True
person = None
if request.user.is_authenticated():
person = request.user
return render(template_name='karaage/people/profile_saml.html',
context={
'attrs': attrs,
'saml_session': saml_session,
'person': person,
},
request=request)
def saml_details(request):
redirect_to = reverse('kg_profile_saml')
saml_session = saml.is_saml_session(request)
if request.method == 'POST':
if 'login' in request.POST:
if request.user.is_authenticated:
person = request.user
institute = person.institute
if institute.saml_entityid:
url = saml.build_shib_url(
request, redirect_to,
institute.saml_entityid)
return HttpResponseRedirect(url)
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
elif 'register' in request.POST:
if request.user.is_authenticated and saml_session:
person = request.user
person = saml.add_saml_data(
person, request)
person.save()
return HttpResponseRedirect(redirect_to)
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
elif 'logout' in request.POST:
if saml_session:
url = saml.logout_url(request)
return HttpResponseRedirect(url)
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
attrs = {}
if saml_session:
attrs, _ = saml.parse_attributes(request)
saml_session = True
person = None
if request.user.is_authenticated:
person = request.user
return render(
template_name='karaage/people/profile_saml.html',
context={
'attrs': attrs, 'saml_session': saml_session, 'person': person, },
request=request)
def saml_login(request):
redirect_to = reverse('index')
if 'next' in request.GET:
redirect_to = request.GET['next']
error = None
saml_session = saml.is_saml_session(request)
form = saml.SAMLInstituteForm(request.POST or None)
if request.method == 'POST':
if 'login' in request.POST and form.is_valid():
institute = form.cleaned_data['institute']
url = saml.build_shib_url(
request, redirect_to,
institute.saml_entityid)
return HttpResponseRedirect(url)
elif 'logout' in request.POST:
if saml_session:
url = saml.logout_url(request)
return HttpResponseRedirect(url)
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
elif request.user.is_authenticated():
error = "You are already logged in."
elif saml_session:
attrs, error = saml.parse_attributes(request)
saml_id = attrs['persistent_id']
try:
Person.objects.get(saml_id=saml_id)
# This should not happen, suggests a fault in the saml middleware
error = "Shibboleth session established " \
"but you did not get logged in. "
except Person.DoesNotExist:
email = attrs['email']
try:
Person.objects.get(email=email)
error = "Cannot log in with this shibboleth account. " \
"Please try using the Karaage login instead."
except Person.DoesNotExist:
if apps.is_installed("karaage.plugins.kgapplications"):
app_url = reverse('kg_application_new')
return HttpResponseRedirect(app_url)
else:
error = "Cannot log in with shibboleth as " \
"we do not recognise your shibboleth id."
return render(
template_name='karaage/people/profile_login_saml.html',
context={'form': form, 'error': error, 'saml_session': saml_session, },
request=request)
def process_request(self, request):
# AuthenticationMiddleware is required so that request.user exists.
if not hasattr(request, "user"):
raise ImproperlyConfigured(
"The Django SAML user auth middleware requires the"
" authentication middleware to be installed. Edit your"
" MIDDLEWARE_CLASSES setting to insert"
" 'django.contrib.auth.middleware.AuthenticationMiddleware'"
" before the SamlUserMiddleware class."
)
# If the user is already authenticated and that user is the user we are
# getting passed in the headers, then the correct user is already
# persisted in the session and we don't need to continue.
if request.user.is_authenticated():
return
# Is this a shib session?
if not saml.is_saml_session(request):
return
# Can we get the shib attributes we need?
attrs, error = util.parseShibAttributes(request)
# attrs, error = saml.parse_attributes(request)
if error:
return render_to_response(
"saml_error.html", {"shib_attrs": attrs}, context_instance=RequestContext(request)
)
# What is our persistent_id?
saml_id = attrs["persistent_id"]
assert saml_id
# We are seeing this user for the first time in this session, attempt
# to authenticate the user.
try:
person = Person.objects.get(saml_id=saml_id)
except Person.DoesNotExist:
return
# User is valid. Set request.user and persist user in the session
# by logging the user in.
request.user = person
# We must set the model backend here manually as we skip
# the call to auth.authenticate().
request.user.backend = "django.contrib.auth.backends.ModelBackend"
auth.login(request, person)
def process_request(self, request):
# AuthenticationMiddleware is required so that request.user exists.
if not hasattr(request, 'user'):
raise ImproperlyConfigured(
"The Django SAML user auth middleware requires the"
" authentication middleware to be installed. Edit your"
" MIDDLEWARE_CLASSES setting to insert"
" 'django.contrib.auth.middleware.AuthenticationMiddleware'"
" before the SamlUserMiddleware class.")
# If the user is already authenticated and that user is the user we are
# getting passed in the headers, then the correct user is already
# persisted in the session and we don't need to continue.
if request.user.is_authenticated():
return
# Is this a shib session?
if not saml.is_saml_session(request):
return
# Can we get the shib attributes we need?
attrs, error = saml.parse_attributes(request)
if error:
return render(template_name='saml_error.html',
context={'shib_attrs': attrs},
request=request)
# What is our persistent_id?
saml_id = attrs['persistent_id']
assert saml_id
# We are seeing this user for the first time in this session, attempt
# to authenticate the user.
try:
person = Person.objects.get(saml_id=saml_id)
except Person.DoesNotExist:
return
# User is valid. Set request.user and persist user in the session
# by logging the user in.
request.user = person
# We must set the model backend here manually as we skip
# the call to auth.authenticate().
request.user.backend = 'django.contrib.auth.backends.ModelBackend'
auth.login(request, person)
def saml_login(request):
redirect_to = reverse('kg_profile_login_saml')
if 'next' in request.REQUEST:
redirect_to = request.REQUEST['next']
error = None
saml_session = saml.is_saml_session(request)
form = saml.SAMLInstituteForm(request.POST or None)
if request.method == 'POST':
if 'login' in request.POST and form.is_valid():
institute = form.cleaned_data['institute']
url = saml.build_shib_url(
request, redirect_to,
institute.saml_entityid)
return HttpResponseRedirect(url)
elif 'logout' in request.POST:
if saml_session:
url = saml.logout_url(request)
return HttpResponseRedirect(url)
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
elif request.user.is_authenticated():
# JH fix the bug
return HttpResponseRedirect(redirect_to)
# error = "You are already logged in."
elif saml_session:
attrs, error = saml.parse_attributes(request)
saml_id = attrs['persistent_id']
try:
Person.objects.get(saml_id=saml_id)
error = "Shibboleth session established " \
"but you did not get logged in."
except Person.DoesNotExist:
error = "Cannot log in with shibboleth as " \
"we do not know your shibboleth id."
return render_to_response(
'karaage/people/profile_login_saml.html',
{'form': form, 'error': error, 'saml_session': saml_session, },
context_instance=RequestContext(request))
def view(self, request, application, label, auth, actions):
""" Django view method. """
status = None
applicant = application.applicant
attrs = []
saml_session = saml.is_saml_session(request)
# certain actions are supported regardless of what else happens
if 'cancel' in request.POST:
return "cancel"
if 'prev' in request.POST:
return 'prev'
# test for conditions where shibboleth registration not required
if applicant.saml_id is not None:
status = "You have already registered a shibboleth id."
form = None
done = True
elif application.content_type.model != 'applicant':
status = "You are already registered in the system."
form = None
done = True
elif (applicant.institute is not None and
applicant.institute.saml_entityid is None):
status = "Your institute does not have shibboleth registered."
form = None
done = True
elif Institute.objects.filter(saml_entityid__isnull=False).count() == 0:
status = "No institutes support shibboleth here."
form = None
done = True
else:
# shibboleth registration is required
# Do construct the form
form = saml.SAMLInstituteForm(request.POST or None,
initial = {'institute': applicant.institute})
done = False
status = None
# Was it a POST request?
if request.method == 'POST':
# Did the login form get posted?
if 'login' in request.POST and form.is_valid():
institute = form.cleaned_data['institute']
applicant.institute = institute
applicant.save()
# We do not set application.insitute here, that happens
# when application, if it is a ProjectApplication, is
# submitted
# if institute supports shibboleth, redirect back here via
# shibboleth, otherwise redirect directly back he.
url = base.get_url(request, application, auth, label)
if institute.saml_entityid is not None:
url = saml.build_shib_url(
request, url, institute.saml_entityid)
return HttpResponseRedirect(url)
# Did we get a register request?
elif 'register' in request.POST:
if saml_session:
applicant = _get_applicant_from_saml(request)
if applicant is not None:
application.applicant = applicant
application.save()
else:
applicant = application.applicant
applicant = saml.add_saml_data(
applicant, request)
applicant.save()
url = base.get_url(request, application, auth, label)
return HttpResponseRedirect(url)
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
# Did we get a logout request?
elif 'logout' in request.POST:
if saml_session:
url = saml.logout_url(request)
return HttpResponseRedirect(url)
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
# did we get a shib session yet?
if saml_session:
attrs, _ = saml.parse_attributes(request)
saml_session = True
# if we are done, we can proceed to next state
if request.method == 'POST':
if done:
for action in actions:
if action in request.POST:
return action
return HttpResponseBadRequest("<h1>Bad Request</h1>")
else:
status = "Please register with Shibboleth before proceeding."
# render the page
return render_to_response(
'applications/project_aed_shibboleth.html',
{'form': form, 'done': done, 'status': status,
'actions': actions, 'auth': auth, 'application': application,
'attrs': attrs, 'saml_session': saml_session,},
context_instance=RequestContext(request))
def view(self, request, application, label, roles, actions):
""" Django view method. """
status = None
applicant = application.applicant
attrs = []
saml_session = saml.is_saml_session(request)
# certain actions are supported regardless of what else happens
if 'cancel' in request.POST:
return "cancel"
if 'prev' in request.POST:
return 'prev'
# test for conditions where shibboleth registration not required
if applicant.saml_id is not None:
status = "You have already registered a shibboleth id."
form = None
done = True
elif application.content_type.model != 'applicant':
status = "You are already registered in the system."
form = None
done = True
elif (applicant.institute is not None
and applicant.institute.saml_entityid is None):
status = "Your institute does not have shibboleth registered."
form = None
done = True
elif Institute.objects.filter(
saml_entityid__isnull=False).count() == 0:
status = "No institutes support shibboleth here."
form = None
done = True
else:
# shibboleth registration is required
# Do construct the form
form = saml.SAMLInstituteForm(
request.POST or None,
initial={'institute': applicant.institute})
done = False
status = None
# Was it a POST request?
if request.method == 'POST':
# Did the login form get posted?
if 'login' in request.POST and form.is_valid():
institute = form.cleaned_data['institute']
applicant.institute = institute
applicant.save()
# We do not set application.insitute here, that happens
# when application, if it is a ProjectApplication, is
# submitted
# if institute supports shibboleth, redirect back here via
# shibboleth, otherwise redirect directly back he.
url = base.get_url(request, application, roles, label)
if institute.saml_entityid is not None:
url = saml.build_shib_url(request, url,
institute.saml_entityid)
return HttpResponseRedirect(url)
# Did we get a logout request?
elif 'logout' in request.POST:
if saml_session:
url = saml.logout_url(request)
return HttpResponseRedirect(url)
else:
return HttpResponseBadRequest("<h1>Bad Request</h1>")
# did we get a shib session yet?
if saml_session:
attrs, _ = saml.parse_attributes(request)
saml_session = True
# if we are done, we can proceed to next state
if request.method == 'POST':
if 'cancel' in request.POST:
return "cancel"
if 'prev' in request.POST:
return 'prev'
if not done:
if saml_session:
applicant = _get_applicant_from_saml(request)
if applicant is not None:
application.applicant = applicant
application.save()
else:
applicant = application.applicant
applicant = saml.add_saml_data(applicant, request)
applicant.save()
done = True
else:
status = "Please login to SAML before proceeding."
if request.method == 'POST' and done:
for action in actions:
if action in request.POST:
return action
return HttpResponseBadRequest("<h1>Bad Request</h1>")
# render the page
return render(
template_name='kgapplications/project_aed_shibboleth.html',
context={
'form': form,
'done': done,
'status': status,
'actions': actions,
'roles': roles,
'application': application,
'attrs': attrs,
'saml_session': saml_session,
},
request=request)
