def get_enterprise_customer_for_request(request): """ Get the EnterpriseCustomer associated with a particular request. """ verify_third_party_auth_dependencies() pipeline = get_partial_pipeline(request) return get_enterprise_customer_for_running_pipeline(pipeline)
def enterprise_customer_for_request(request, tpa_hint=None): """ Check all the context clues of the request to determine if the request being made is tied to a particular EnterpriseCustomer. """ if not enterprise_enabled(): return None ec = None running_pipeline = get_partial_pipeline(request) if running_pipeline: # Determine if the user is in the middle of a third-party auth pipeline, # and set the tpa_hint parameter to match if so. tpa_hint = Registry.get_from_pipeline(running_pipeline).provider_id if tpa_hint: # If we have a third-party auth provider, get the linked enterprise customer. try: ec = EnterpriseCustomer.objects.get( enterprise_customer_identity_provider__provider_id=tpa_hint) except EnterpriseCustomer.DoesNotExist: pass ec_uuid = request.GET.get('enterprise_customer') or request.COOKIES.get( settings.ENTERPRISE_CUSTOMER_COOKIE_NAME) # If we haven't obtained an EnterpriseCustomer through the other methods, check the # session cookies and URL parameters for an explicitly-passed EnterpriseCustomer. if not ec and ec_uuid: try: ec = EnterpriseCustomer.objects.get(uuid=ec_uuid) except (EnterpriseCustomer.DoesNotExist, ValueError): ec = None return ec
def enterprise_customer_for_request(request): """ Check all the context clues of the request to determine if the request being made is tied to a particular EnterpriseCustomer. """ if not enterprise_enabled(): return None ec = None sso_provider_id = request.GET.get('tpa_hint') running_pipeline = get_partial_pipeline(request) if running_pipeline: # Determine if the user is in the middle of a third-party auth pipeline, # and set the sso_provider_id parameter to match if so. sso_provider_id = Registry.get_from_pipeline( running_pipeline).provider_id if sso_provider_id: # If we have a third-party auth provider, get the linked enterprise customer. try: # FIXME: Implement an Enterprise API endpoint where we can get the EC # directly via the linked SSO provider # Check if there's an Enterprise Customer such that the linked SSO provider # has an ID equal to the ID we got from the running pipeline or from the # request tpa_hint URL parameter. ec_uuid = EnterpriseCustomer.objects.get( enterprise_customer_identity_provider__provider_id= sso_provider_id).uuid except EnterpriseCustomer.DoesNotExist: # If there is not an EnterpriseCustomer linked to this SSO provider, set # the UUID variable to be null. ec_uuid = None else: # Check if we got an Enterprise UUID passed directly as either a query # parameter, or as a value in the Enterprise cookie. ec_uuid = request.GET.get( 'enterprise_customer') or request.COOKIES.get( settings.ENTERPRISE_CUSTOMER_COOKIE_NAME) if not ec_uuid and request.user.is_authenticated(): # If there's no way to get an Enterprise UUID for the request, check to see # if there's already an Enterprise attached to the requesting user on the backend. learner_data = get_enterprise_learner_data(request.site, request.user) if learner_data: ec_uuid = learner_data[0]['enterprise_customer']['uuid'] if ec_uuid: # If we were able to obtain an EnterpriseCustomer UUID, go ahead # and use it to attempt to retrieve EnterpriseCustomer details # from the EnterpriseCustomer API. try: ec = EnterpriseApiClient().get_enterprise_customer(ec_uuid) except HttpNotFoundError: ec = None return ec
def enterprise_customer_for_request(request): """ Check all the context clues of the request to determine if the request being made is tied to a particular EnterpriseCustomer. """ if not enterprise_enabled(): return None ec = None sso_provider_id = request.GET.get('tpa_hint') running_pipeline = get_partial_pipeline(request) if running_pipeline: # Determine if the user is in the middle of a third-party auth pipeline, # and set the sso_provider_id parameter to match if so. sso_provider_id = Registry.get_from_pipeline(running_pipeline).provider_id if sso_provider_id: # If we have a third-party auth provider, get the linked enterprise customer. try: # FIXME: Implement an Enterprise API endpoint where we can get the EC # directly via the linked SSO provider # Check if there's an Enterprise Customer such that the linked SSO provider # has an ID equal to the ID we got from the running pipeline or from the # request tpa_hint URL parameter. ec_uuid = EnterpriseCustomer.objects.get( enterprise_customer_identity_provider__provider_id=sso_provider_id ).uuid except EnterpriseCustomer.DoesNotExist: # If there is not an EnterpriseCustomer linked to this SSO provider, set # the UUID variable to be null. ec_uuid = None else: # Check if we got an Enterprise UUID passed directly as either a query # parameter, or as a value in the Enterprise cookie. ec_uuid = request.GET.get('enterprise_customer') or request.COOKIES.get(settings.ENTERPRISE_CUSTOMER_COOKIE_NAME) if not ec_uuid and request.user.is_authenticated(): # If there's no way to get an Enterprise UUID for the request, check to see # if there's already an Enterprise attached to the requesting user on the backend. learner_data = get_enterprise_learner_data(request.site, request.user) if learner_data: ec_uuid = learner_data[0]['enterprise_customer']['uuid'] if ec_uuid: # If we were able to obtain an EnterpriseCustomer UUID, go ahead # and use it to attempt to retrieve EnterpriseCustomer details # from the EnterpriseCustomer API. try: ec = EnterpriseApiClient().get_enterprise_customer(ec_uuid) except HttpNotFoundError: ec = None return ec
def enterprise_customer_uuid_for_request(request): """ Check all the context clues of the request to gather a particular EnterpriseCustomer's UUID. """ sso_provider_id = request.GET.get('tpa_hint') running_pipeline = get_partial_pipeline(request) if running_pipeline: # Determine if the user is in the middle of a third-party auth pipeline, # and set the sso_provider_id parameter to match if so. sso_provider_id = Registry.get_from_pipeline( running_pipeline).provider_id if sso_provider_id: # If we have a third-party auth provider, get the linked enterprise customer. try: # FIXME: Implement an Enterprise API endpoint where we can get the EC # directly via the linked SSO provider # Check if there's an Enterprise Customer such that the linked SSO provider # has an ID equal to the ID we got from the running pipeline or from the # request tpa_hint URL parameter. enterprise_customer_uuid = EnterpriseCustomer.objects.get( enterprise_customer_identity_provider__provider_id= sso_provider_id).uuid except EnterpriseCustomer.DoesNotExist: enterprise_customer_uuid = None else: enterprise_customer_uuid = _customer_uuid_from_query_param_cookies_or_session( request) if enterprise_customer_uuid is _CACHE_MISS: if not request.user.is_authenticated: return None # If there's no way to get an Enterprise UUID for the request, check to see # if there's already an Enterprise attached to the requesting user on the backend. enterprise_customer = None learner_data = get_enterprise_learner_data_from_db(request.user) if learner_data: enterprise_customer = learner_data[0]['enterprise_customer'] enterprise_customer_uuid = enterprise_customer['uuid'] cache_enterprise(enterprise_customer) else: enterprise_customer_uuid = None # Now that we've asked the database for this users's enterprise customer data, # add it to their session (even if it's null/empty, which indicates the user # has no associated enterprise customer). add_enterprise_customer_to_session(request, enterprise_customer) return enterprise_customer_uuid
def enterprise_customer_uuid_for_request(request): """ Check all the context clues of the request to gather a particular EnterpriseCustomer's UUID. """ sso_provider_id = request.GET.get('tpa_hint') running_pipeline = get_partial_pipeline(request) if running_pipeline: # Determine if the user is in the middle of a third-party auth pipeline, # and set the sso_provider_id parameter to match if so. sso_provider_id = Registry.get_from_pipeline( running_pipeline).provider_id if sso_provider_id: # If we have a third-party auth provider, get the linked enterprise customer. try: # FIXME: Implement an Enterprise API endpoint where we can get the EC # directly via the linked SSO provider # Check if there's an Enterprise Customer such that the linked SSO provider # has an ID equal to the ID we got from the running pipeline or from the # request tpa_hint URL parameter. enterprise_customer_uuid = EnterpriseCustomer.objects.get( enterprise_customer_identity_provider__provider_id= sso_provider_id).uuid except EnterpriseCustomer.DoesNotExist: enterprise_customer_uuid = None else: # Check if we got an Enterprise UUID passed directly as either a query # parameter, or as a value in the Enterprise cookie. enterprise_customer_uuid = request.GET.get( 'enterprise_customer') or request.COOKIES.get( settings.ENTERPRISE_CUSTOMER_COOKIE_NAME) if not enterprise_customer_uuid and request.user.is_authenticated: # If there's no way to get an Enterprise UUID for the request, check to see # if there's already an Enterprise attached to the requesting user on the backend. learner_data = get_enterprise_learner_data(request.user) if learner_data: enterprise_customer_uuid = learner_data[0]['enterprise_customer'][ 'uuid'] return enterprise_customer_uuid
def post_account_consent(self, request, consent_provided): """ Interpret the account-wide form above, and save it to a UserDataSharingConsentAudit object for later retrieval. """ self.lift_quarantine(request) # Load the linked EnterpriseCustomer for this request. customer = get_enterprise_customer_for_request(request) if customer is None: # If we can't get an EnterpriseCustomer from the pipeline, then we don't really # have enough state to do anything meaningful. Just send the user to the login # screen; if they want to sign in with an Enterprise-linked SSO, they can do # so, and the pipeline will get them back here if they need to be. return redirect('signin_user') # Attempt to retrieve a user being manipulated by the third-party auth # pipeline. Return a 404 if no such user exists. social_auth = get_real_social_auth_object(request) user = getattr(social_auth, 'user', None) if user is None: raise Http404 if not consent_provided and active_provider_enforces_data_sharing( request, EnterpriseCustomer.AT_LOGIN): # Flush the session to avoid the possibility of accidental login and to abort the pipeline. # pipeline is flushed only if data sharing is enforced, in other cases let the user to login. request.session.flush() failure_url = request.POST.get('failure_url') or reverse( 'dashboard') return redirect(failure_url) enterprise_customer_user, __ = EnterpriseCustomerUser.objects.get_or_create( user_id=user.id, enterprise_customer=customer, ) platform_name = configuration_helpers.get_value( 'PLATFORM_NAME', settings.PLATFORM_NAME) messages.success( request, _('{span_start}Account created{span_end} Thank you for creating an account with {platform_name}.' ).format( platform_name=platform_name, span_start='<span>', span_end='</span>', )) if not user.is_active: messages.info( request, _('{span_start}Activate your account{span_end} Check your inbox for an activation email. ' 'You will not be able to log back into your account until you have activated it.' ).format(span_start='<span>', span_end='</span>')) UserDataSharingConsentAudit.objects.update_or_create( user=enterprise_customer_user, defaults={ 'state': (UserDataSharingConsentAudit.ENABLED if consent_provided else UserDataSharingConsentAudit.DISABLED) }) # Resume auth pipeline backend_name = get_partial_pipeline(request).get('backend') return redirect(get_complete_url(backend_name))