Пример #1
0
def auth_complete(request):
    from seahub.api2.utils import get_token_v1, get_token_v2
    # generate tokenv2 using information in request params
    keys = (
        'platform',
        'device_id',
        'device_name',
        'client_version',
        'platform_version',
    )
    if all(['shib_' + key in request.GET for key in keys]):
        platform = request.GET['shib_platform']
        device_id = request.GET['shib_device_id']
        device_name = request.GET['shib_device_name']
        client_version = request.GET['shib_client_version']
        platform_version = request.GET['shib_platform_version']
        token = get_token_v2(request, request.user.username, platform,
                             device_id, device_name, client_version,
                             platform_version)
    elif all(['shib_' + key not in request.GET for key in keys]):
        token = get_token_v1(request.user.username)

    resp = HttpResponseRedirect(reverse('libraries'))
    resp.set_cookie('seahub_auth', request.user.username + '@' + token.key)

    # Added by Khorkin update sudo timestamp
    if request.user.is_authenticated:
        if request.user.is_staff:
            update_sudo_mode_ts(request)

    return resp
Пример #2
0
 def _set_auth_cookie(self, request, response):
     from seahub.api2.utils import get_token_v1, get_token_v2
     # generate tokenv2 using information in request params
     keys = (
         'platform',
         'device_id',
         'device_name',
         'client_version',
         'platform_version',
     )
     if all(['shib_' + key in request.GET for key in keys]):
         platform = request.GET['shib_platform']
         device_id = request.GET['shib_device_id']
         device_name = request.GET['shib_device_name']
         client_version = request.GET['shib_client_version']
         platform_version = request.GET['shib_platform_version']
         token = get_token_v2(request, request.user.username, platform,
                              device_id, device_name, client_version,
                              platform_version)
     elif all(['shib_' + key not in request.GET for key in keys]):
         token = get_token_v1(request.user.username)
     else:
         return
     response.set_cookie('seahub_auth',
                         request.user.username + '@' + token.key)
Пример #3
0
 def _set_auth_cookie(self, request, response):
     from seahub.api2.utils import get_token_v1, get_token_v2
     # generate tokenv2 using information in request params
     if 'from_desktop' not in str(request.GET):
         return
     keys = (
         'platform',
         'device_id',
         'device_name',
         'client_version',
         'platform_version',
     )
     if all(['krb5_' + key in request.GET for key in keys]):
         platform = request.GET['krb5_platform']
         device_id = request.GET['krb5_device_id']
         device_name = request.GET['krb5_device_name']
         client_version = request.GET['krb5_client_version']
         platform_version = request.GET['krb5_platform_version']
         token = get_token_v2(request, request.user.username, platform,
                              device_id, device_name, client_version,
                              platform_version)
     elif all(['krb5_' + key not in request.GET for key in keys]):
         token = get_token_v1(request.user.username)
     else:
         return
     response.set_cookie('seahub_auth',
                         request.user.username + '@' + token.key,
                         domain=settings.SESSION_COOKIE_DOMAIN)
Пример #4
0
    def validate(self, attrs):
        login_id = attrs.get('username')
        password = attrs.get('password')

        platform = attrs.get('platform', None)
        device_id = attrs.get('device_id', None)
        device_name = attrs.get('device_name', None)
        client_version = attrs.get('client_version', None)
        platform_version = attrs.get('platform_version', None)

        v2_fields = (platform, device_id, device_name)

        # Decide the version of token we need
        if all_none(v2_fields):
            v2 = False
        elif all_not_none(v2_fields):
            v2 = True
        else:
            raise serializers.ValidationError('invalid params')

        username = Profile.objects.get_username_by_login_id(login_id)
        if username is None:
            username = login_id

        if username and password:
            user = authenticate(username=username, password=password)
            if user:
                if not user.is_active:
                    raise serializers.ValidationError('User account is disabled.')
            else:
                raise serializers.ValidationError('Unable to login with provided credentials.')
        else:
            raise serializers.ValidationError('Must include "username" and "password"')

        populate_user_permissions(user)

        if platform in DESKTOP_PLATFORMS:
            if not user.permissions.can_connect_with_desktop_clients():
                raise serializers.ValidationError('Not allowed to connect to desktop client.')
        elif platform == 'android':
            if not user.permissions.can_connect_with_android_clients():
                raise serializers.ValidationError('Not allowed to connect to android client.')
        elif platform == 'ios':
            if not user.permissions.can_connect_with_ios_clients():
                raise serializers.ValidationError('Not allowed to connect to ios client.')
        else:
            logger.info('%s: unrecognized device' % login_id)

        self._two_factor_auth(self.context['request'], user)

        # Now user is authenticated
        if v2:
            token = get_token_v2(self.context['request'], username, platform, device_id, device_name,
                                 client_version, platform_version)
        else:
            token = get_token_v1(username)
        return token.key
Пример #5
0
    def validate(self, attrs):
        username = attrs.get('username')
        password = attrs.get('password')

        platform = attrs.get('platform', None)
        device_id = attrs.get('device_id', None)
        device_name = attrs.get('device_name', None)
        client_version = attrs.get('client_version', None)
        platform_version = attrs.get('platform_version', None)

        v2_fields = (platform, device_id, device_name, client_version,
                     platform_version)

        # Decide the version of token we need
        if all_none(v2_fields):
            v2 = False
        elif all_not_none(v2_fields):
            v2 = True
        else:
            raise serializers.ValidationError('invalid params')

        # first check username and password
        if username:
            if not is_valid_username(username):
                raise serializers.ValidationError('username is not valid.')

        if username and password:
            user = authenticate(username=username, password=password)
            if user:
                if not user.is_active:
                    raise serializers.ValidationError(
                        'User account is disabled.')
            else:
                raise serializers.ValidationError(
                    'Unable to login with provided credentials.')
        else:
            raise serializers.ValidationError(
                'Must include "username" and "password"')

        # Now user is authenticated

        if v2:
            token = get_token_v2(self.context['request'], username, platform,
                                 device_id, device_name, client_version,
                                 platform_version)
        else:
            token = get_token_v1(username)
        return token.key
Пример #6
0
    def validate(self, attrs):
        username = attrs.get("username")
        password = attrs.get("password")

        platform = attrs.get("platform", None)
        device_id = attrs.get("device_id", None)
        device_name = attrs.get("device_name", None)
        client_version = attrs.get("client_version", None)
        platform_version = attrs.get("platform_version", None)

        v2_fields = (platform, device_id, device_name, client_version, platform_version)

        # Decide the version of token we need
        if all_none(v2_fields):
            v2 = False
        elif all_not_none(v2_fields):
            v2 = True
        else:
            raise serializers.ValidationError("invalid params")

        # first check username and password
        if username:
            if not is_valid_username(username):
                raise serializers.ValidationError("username is not valid.")

        if username and password:
            user = authenticate(username=username, password=password)
            if user:
                if not user.is_active:
                    raise serializers.ValidationError("User account is disabled.")
            else:
                raise serializers.ValidationError("Unable to login with provided credentials.")
        else:
            raise serializers.ValidationError('Must include "username" and "password"')

        # Now user is authenticated

        if v2:
            token = get_token_v2(
                self.context["request"], username, platform, device_id, device_name, client_version, platform_version
            )
        else:
            token = get_token_v1(username)
        return token.key
Пример #7
0
    def _set_auth_cookie(self, request, response):
        from seahub.api2.utils import get_token_v1, get_token_v2

        # generate tokenv2 using information in request params
        keys = ("platform", "device_id", "device_name", "client_version", "platform_version")
        if all(["shib_" + key in request.GET for key in keys]):
            platform = request.GET["shib_platform"]
            device_id = request.GET["shib_device_id"]
            device_name = request.GET["shib_device_name"]
            client_version = request.GET["shib_client_version"]
            platform_version = request.GET["shib_platform_version"]
            token = get_token_v2(
                request, request.user.username, platform, device_id, device_name, client_version, platform_version
            )
        elif all(["shib_" + key not in request.GET for key in keys]):
            token = get_token_v1(request.user.username)
        else:
            return
        response.set_cookie("seahub_auth", request.user.username + "@" + token.key)
Пример #8
0
    def validate(self, attrs):
        login_id = attrs.get('username')
        password = attrs.get('password')

        platform = attrs.get('platform', None)
        device_id = attrs.get('device_id', None)
        device_name = attrs.get('device_name', None)
        client_version = attrs.get('client_version', None)
        platform_version = attrs.get('platform_version', None)

        v2_fields = (platform, device_id, device_name)

        # Decide the version of token we need
        if all_none(v2_fields):
            v2 = False
        elif all_not_none(v2_fields):
            v2 = True
        else:
            raise serializers.ValidationError('invalid params')

        username = Profile.objects.get_username_by_login_id(login_id)
        if username is None:
            username = login_id

        if username and password:
            user = authenticate(username=username, password=password)
            if user:
                if not user.is_active:
                    raise serializers.ValidationError('User account is disabled.')
            else:
                raise serializers.ValidationError('Unable to login with provided credentials.')
        else:
            raise serializers.ValidationError('Must include "username" and "password"')

        self._two_factor_auth(self.context['request'], username)

        # Now user is authenticated
        if v2:
            token = get_token_v2(self.context['request'], username, platform, device_id, device_name,
                                 client_version, platform_version)
        else:
            token = get_token_v1(username)
        return token.key
Пример #9
0
 def _set_auth_cookie(self, request, response):
     from seahub.api2.utils import get_token_v1, get_token_v2
     # generate tokenv2 using information in request params
     keys = (
         'platform',
         'device_id',
         'device_name',
         'client_version',
         'platform_version',
     )
     if all(['shib_' + key in request.GET for key in keys]):
         platform = request.GET['shib_platform']
         device_id = request.GET['shib_device_id']
         device_name = request.GET['shib_device_name']
         client_version = request.GET['shib_client_version']
         platform_version = request.GET['shib_platform_version']
         token = get_token_v2(
             request, request.user.username, platform, device_id,
             device_name, client_version, platform_version)
     elif all(['shib_' + key not in request.GET for key in keys]):
         token = get_token_v1(request.user.username)
     else:
         return
     response.set_cookie('seahub_auth', request.user.username + '@' + token.key)
Пример #10
0
    def validate(self, attrs):
        login_id = attrs.get('username')
        password = attrs.get('password')

        platform = attrs.get('platform', None)
        device_id = attrs.get('device_id', None)
        device_name = attrs.get('device_name', None)
        client_version = attrs.get('client_version', None)
        platform_version = attrs.get('platform_version', None)

        v2_fields = (platform, device_id, device_name)

        # Decide the version of token we need
        if all_none(v2_fields):
            v2 = False
        elif all_not_none(v2_fields):
            v2 = True
        else:
            raise serializers.ValidationError('invalid params')

        if login_id and password:
            user = authenticate(username=login_id, password=password)
            if user:
                if not user.is_active:
                    raise serializers.ValidationError(
                        'User account is disabled.')
            else:
                """try login id/contact email/primary id"""
                # convert login id or contact email to username if any
                username = Profile.objects.convert_login_str_to_username(
                    login_id)
                # convert username to primary id if any
                p_id = ccnet_api.get_primary_id(username)
                if p_id is not None:
                    username = p_id

                user = authenticate(username=username, password=password)
                if user is None:
                    raise serializers.ValidationError(
                        'Unable to login with provided credentials.')
        else:
            raise serializers.ValidationError(
                'Must include "username" and "password"')

        self._two_factor_auth(self.context['request'], user)

        # Now user is authenticated
        if v2:
            if platform in DESKTOP_PLATFORMS:
                if not user.permissions.can_connect_with_desktop_clients():
                    raise serializers.ValidationError(
                        'Not allowed to connect to desktop client.')
            elif platform == 'android':
                if not user.permissions.can_connect_with_android_clients():
                    raise serializers.ValidationError(
                        'Not allowed to connect to android client.')
            elif platform == 'ios':
                if not user.permissions.can_connect_with_ios_clients():
                    raise serializers.ValidationError(
                        'Not allowed to connect to ios client.')
            else:
                logger.info('%s: unrecognized device' % login_id)

            token = get_token_v2(self.context['request'], user.username,
                                 platform, device_id, device_name,
                                 client_version, platform_version)
        else:
            token = get_token_v1(user.username)

        return token.key
Пример #11
0
def oauth_callback(request):
    """ Step 3: Retrieving an access token.
    The user has been redirected back from the provider to your registered
    callback URL. With this redirection comes an authorization code included
    in the redirect URL. We will use that to obtain an access token.
    """
    session = OAuth2Session(client_id=CLIENT_ID,
                            scope=SCOPE,
                            state=request.session.get('oauth_state', None),
                            redirect_uri=REDIRECT_URL)

    try:
        session.fetch_token(TOKEN_URL,
                            client_secret=CLIENT_SECRET,
                            authorization_response=request.get_full_path())

        if session._client.__dict__['token'].has_key('user_id'):
            # used for sjtu.edu.cn
            # https://xjq12311.gitbooks.io/sjtu-engtc/content/
            user_id = session._client.__dict__['token']['user_id']
            user_info_resp = session.get(USER_INFO_URL +
                                         '?user_id=%s' % user_id)
        else:
            user_info_resp = session.get(USER_INFO_URL)

    except Exception as e:
        logger.error(e)
        return render(request, 'error.html', {
            'error_msg': _('Error, please contact administrator.'),
        })

    def format_user_info(user_info_resp):

        error = False
        user_info = {}
        user_info_json = user_info_resp.json()

        for item, attr in ATTRIBUTE_MAP.items():
            required, user_attr = attr
            value = user_info_json.get(item, '')

            if value:
                # ccnet email
                if user_attr == 'email':
                    user_info[user_attr] = value if is_valid_email(str(value)) else \
                            '%s@%s' % (str(value), PROVIDER_DOMAIN)
                else:
                    user_info[user_attr] = value
            elif required:
                error = True

        return user_info, error

    user_info, error = format_user_info(user_info_resp)
    if error:
        logger.error('Required user info not found.')
        logger.error(user_info)
        return render(request, 'error.html', {
            'error_msg': _('Error, please contact administrator.'),
        })

    # seahub authenticate user
    email = user_info['email']

    try:
        User.objects.get(email=email)
    except User.DoesNotExist:
        if not config.ENABLE_SIGNUP:
            logger.error('%s not found but user registration is disabled.' %
                         email)
            return render(
                request, 'error.html', {
                    'error_msg': _('Error, please contact administrator.'),
                })

    try:
        user = auth.authenticate(remote_user=email)
    except User.DoesNotExist:
        user = None

    if not user or not user.is_active:
        logger.error('User %s not found or inactive.' % email)
        # a page for authenticate user failed
        return render(request, 'error.html',
                      {'error_msg': _(u'User %s not found.') % email})

    # User is valid.  Set request.user and persist user in the session
    # by logging the user in.
    request.user = user
    auth.login(request, user)
    user.set_unusable_password()
    user.save()

    # update user's profile
    name = user_info['name'] if user_info.has_key('name') else ''
    contact_email = user_info['contact_email'] if \
            user_info.has_key('contact_email') else ''

    profile = Profile.objects.get_profile_by_user(email)
    if not profile:
        profile = Profile(user=email)

    if name:
        profile.nickname = name.strip()
        profile.save()

    if contact_email:
        profile.contact_email = contact_email.strip()
        profile.save()

    # generate auth token for Seafile client
    keys = (
        'platform',
        'device_id',
        'device_name',
        'client_version',
        'platform_version',
    )

    if all([key in request.GET for key in keys]):
        platform = request.GET['platform']
        device_id = request.GET['device_id']
        device_name = request.GET['device_name']
        client_version = request.GET['client_version']
        platform_version = request.GET['platform_version']
        token = get_token_v2(request, request.user.username, platform,
                             device_id, device_name, client_version,
                             platform_version)
    else:
        token = get_token_v1(request.user.username)

    # redirect user to home page
    response = HttpResponseRedirect(reverse('libraries'))
    response.set_cookie('seahub_auth', email + '@' + token.key)
    return response