def login(request, template="im/third_party_check_local.html", extra_context=None): init_third_party_session(request) extra_context = extra_context or {} tokens = request.META third_party_key = get_pending_key(request) shibboleth_headers = {} for token in dir(Tokens): if token == token.upper(): shibboleth_headers[token] = request.META.get(getattr(Tokens, token), "NOT_SET") # also include arbitrary shibboleth headers for key in request.META.keys(): if key.startswith("HTTP_SHIB_"): shibboleth_headers[key.replace("HTTP_", "")] = request.META.get(key) # log shibboleth headers # TODO: info -> debug logger.info("shibboleth request: %r" % shibboleth_headers) try: eppn = tokens.get(Tokens.SHIB_EPPN, None) user_id = tokens.get(Tokens.SHIB_REMOTE_USER) fullname, first_name, last_name, email = None, None, None, None if global_settings.DEBUG and not eppn: user_id = getattr(global_settings, "SHIBBOLETH_TEST_REMOTE_USER", None) eppn = getattr(global_settings, "SHIBBOLETH_TEST_EPPN", None) fullname = getattr(global_settings, "SHIBBOLETH_TEST_FULLNAME", None) if not user_id: raise KeyError( _(astakos_messages.SHIBBOLETH_MISSING_USER_ID) % {"domain": settings.BASE_HOST, "contact_email": settings.CONTACT_EMAIL} ) if Tokens.SHIB_DISPLAYNAME in tokens: fullname = tokens[Tokens.SHIB_DISPLAYNAME] elif Tokens.SHIB_CN in tokens: fullname = tokens[Tokens.SHIB_CN] if Tokens.SHIB_NAME in tokens: first_name = tokens[Tokens.SHIB_NAME] if Tokens.SHIB_SURNAME in tokens: last_name = tokens[Tokens.SHIB_SURNAME] if fullname: splitted = fullname.split(" ", 1) if len(splitted) == 2: first_name, last_name = splitted fullname = "%s %s" % (first_name, last_name) if not any([first_name, last_name]) and settings.SHIBBOLETH_REQUIRE_NAME_INFO: raise KeyError(_(astakos_messages.SHIBBOLETH_MISSING_NAME)) except KeyError, e: # invalid shibboleth headers, redirect to login, display message logger.exception(e) messages.error(request, e.message) return HttpResponseRedirect(login_url(request))
def login( request, template='im/third_party_check_local.html', extra_context=None): init_third_party_session(request) extra_context = extra_context or {} tokens = request.META third_party_key = get_pending_key(request) shibboleth_headers = {} for token in dir(Tokens): if token == token.upper(): shibboleth_headers[token] = request.META.get(getattr(Tokens, token), 'NOT_SET') # also include arbitrary shibboleth headers for key in request.META.keys(): if key.startswith('HTTP_SHIB_'): shibboleth_headers[key.replace('HTTP_', '')] = \ request.META.get(key) # log shibboleth headers # TODO: info -> debug logger.info("shibboleth request: %r" % shibboleth_headers) try: eppn = tokens.get(Tokens.SHIB_EPPN) if global_settings.DEBUG and not eppn: eppn = getattr(global_settings, 'SHIBBOLETH_TEST_EPPN', None) realname = getattr(global_settings, 'SHIBBOLETH_TEST_REALNAME', None) if not eppn: raise KeyError(_(astakos_messages.SHIBBOLETH_MISSING_EPPN) % { 'domain': settings.BASE_HOST, 'contact_email': settings.CONTACT_EMAIL }) if Tokens.SHIB_DISPLAYNAME in tokens: realname = tokens[Tokens.SHIB_DISPLAYNAME] elif Tokens.SHIB_CN in tokens: realname = tokens[Tokens.SHIB_CN] elif Tokens.SHIB_NAME in tokens and Tokens.SHIB_SURNAME in tokens: realname = tokens[Tokens.SHIB_NAME] + ' ' + tokens[Tokens.SHIB_SURNAME] else: if settings.SHIBBOLETH_REQUIRE_NAME_INFO: raise KeyError(_(astakos_messages.SHIBBOLETH_MISSING_NAME)) else: realname = '' except KeyError, e: # invalid shibboleth headers, redirect to login, display message messages.error(request, e.message) return HttpResponseRedirect(login_url(request))
def login(request, template='im/third_party_check_local.html', extra_context=None): init_third_party_session(request) extra_context = extra_context or {} tokens = request.META third_party_key = get_pending_key(request) shibboleth_headers = {} for token in dir(Tokens): if token == token.upper(): shibboleth_headers[token] = request.META.get(getattr(Tokens, token), 'NOT_SET') # also include arbitrary shibboleth headers for key in request.META.keys(): if key.startswith('HTTP_SHIB_'): shibboleth_headers[key.replace('HTTP_', '')] = \ request.META.get(key) # log shibboleth headers # TODO: info -> debug logger.info("shibboleth request: %r" % shibboleth_headers) try: eppn = tokens.get(Tokens.SHIB_EPPN, None) user_id = tokens.get(Tokens.SHIB_REMOTE_USER) fullname, first_name, last_name, email = None, None, None, None if global_settings.DEBUG and not eppn: user_id = getattr(global_settings, 'SHIBBOLETH_TEST_REMOTE_USER', None) eppn = getattr(global_settings, 'SHIBBOLETH_TEST_EPPN', None) fullname = getattr(global_settings, 'SHIBBOLETH_TEST_FULLNAME', None) if not user_id: raise KeyError(_(astakos_messages.SHIBBOLETH_MISSING_USER_ID) % { 'domain': settings.BASE_HOST, 'contact_email': settings.CONTACT_EMAIL }) if Tokens.SHIB_DISPLAYNAME in tokens: fullname = tokens[Tokens.SHIB_DISPLAYNAME] elif Tokens.SHIB_CN in tokens: fullname = tokens[Tokens.SHIB_CN] if Tokens.SHIB_NAME in tokens: first_name = tokens[Tokens.SHIB_NAME] if Tokens.SHIB_SURNAME in tokens: last_name = tokens[Tokens.SHIB_SURNAME] if fullname: splitted = fullname.split(' ', 1) if len(splitted) == 2: first_name, last_name = splitted fullname = '%s %s' % (first_name, last_name) if not any([first_name, last_name]) and \ settings.SHIBBOLETH_REQUIRE_NAME_INFO: raise KeyError(_(astakos_messages.SHIBBOLETH_MISSING_NAME)) except KeyError, e: # invalid shibboleth headers, redirect to login, display message logger.exception(e) messages.error(request, e.message) return HttpResponseRedirect(login_url(request))
def handle_third_party_login(request, provider_module, identifier, provider_info=None, affiliation=None, third_party_key=None): if not provider_info: provider_info = {} if not affiliation: affiliation = provider_module.title() next_redirect = request.GET.get('next', request.session.get('next_url', None)) if 'next_url' in request.session: del request.session['next_url'] third_party_request_params = get_third_party_session_params(request) from_login = third_party_request_params.get('from_login', False) switch_from = third_party_request_params.get('switch_from', False) provider_data = {'affiliation': affiliation, 'info': provider_info} provider = auth.get_provider(provider_module, request.user, identifier, **provider_data) # an existing user accessed the view if request.user.is_authenticated(): if request.user.has_auth_provider(provider.module, identifier=identifier): return HttpResponseRedirect(reverse('edit_profile')) if provider.verified_exists(): provider.log("add failed (identifier exists to another user)") messages.error(request, provider.get_add_exists_msg) return HttpResponseRedirect(reverse('edit_profile')) # automatically add identifier provider to user if not switch_from and not provider.get_add_policy: # TODO: handle existing uuid message separately provider.log("user cannot add provider") messages.error(request, provider.get_add_failed_msg) return HttpResponseRedirect(reverse('edit_profile')) user = request.user if switch_from: existing_provider = \ request.user.auth_providers.active().get( pk=int(switch_from), module=provider_module).settings # this is not a provider removal so we don't not use # provider.remove_from_user. Use low level access to the provider # db instance. if not provider.verified_exists(): if provider.get_add_policy: existing_provider._instance.delete() existing_provider.log("removed") provider.add_to_user() provider.log("added") else: messages.error(request, provider.get_add_exists_msg) return HttpResponseRedirect(reverse('edit_profile')) messages.success(request, provider.get_switch_success_msg) return HttpResponseRedirect(reverse('edit_profile')) provider.add_to_user() provider.log("added") provider = user.get_auth_provider(provider_module, identifier) messages.success(request, provider.get_added_msg) return HttpResponseRedirect(reverse('edit_profile')) # astakos user exists ? try: user = AstakosUser.objects.get_auth_provider_user( provider_module, identifier=identifier, user__email_verified=True, ) except AstakosUser.DoesNotExist: # TODO: add a message ? redirec to login ? if astakos_messages.AUTH_PROVIDER_SIGNUP_FROM_LOGIN: messages.warning(request, astakos_messages.AUTH_PROVIDER_SIGNUP_FROM_LOGIN) raise if not third_party_key: third_party_key = get_pending_key(request) provider = user.get_auth_provider(provider_module, identifier) if user.is_active: if not provider.get_login_policy: messages.error(request, provider.get_login_disabled_msg) return HttpResponseRedirect(reverse('login')) # authenticate user response = prepare_response(request, user, next_redirect, 'renew' in request.GET) messages.success(request, provider.get_login_success_msg) add_pending_auth_provider(request, third_party_key, provider) response.set_cookie('astakos_last_login_method', provider_module) return response else: message = user.get_inactive_message(provider_module, identifier) messages.error(request, message) return HttpResponseRedirect(login_url(request))
def handle_third_party_login(request, provider_module, identifier, provider_info=None, affiliation=None, third_party_key=None): if not provider_info: provider_info = {} if not affiliation: affiliation = provider_module.title() next_redirect = request.GET.get( 'next', request.session.get('next_url', None)) if 'next_url' in request.session: del request.session['next_url'] third_party_request_params = get_third_party_session_params(request) from_login = third_party_request_params.get('from_login', False) switch_from = third_party_request_params.get('switch_from', False) provider_data = { 'affiliation': affiliation, 'info': provider_info } provider = auth.get_provider(provider_module, request.user, identifier, **provider_data) # an existing user accessed the view if request.user.is_authenticated(): if request.user.has_auth_provider(provider.module, identifier=identifier): return HttpResponseRedirect(reverse('edit_profile')) if provider.verified_exists(): provider.log("add failed (identifier exists to another user)") messages.error(request, provider.get_add_exists_msg) return HttpResponseRedirect(reverse('edit_profile')) # automatically add identifier provider to user if not switch_from and not provider.get_add_policy: # TODO: handle existing uuid message separately provider.log("user cannot add provider") messages.error(request, provider.get_add_failed_msg) return HttpResponseRedirect(reverse('edit_profile')) user = request.user if switch_from: existing_provider = \ request.user.auth_providers.active().get( pk=int(switch_from), module=provider_module).settings # this is not a provider removal so we don't not use # provider.remove_from_user. Use low level access to the provider # db instance. if not provider.verified_exists(): if provider.get_add_policy: existing_provider._instance.delete() existing_provider.log("removed") provider.add_to_user() provider.log("added") else: messages.error(request, provider.get_add_exists_msg) return HttpResponseRedirect(reverse('edit_profile')) messages.success(request, provider.get_switch_success_msg) return HttpResponseRedirect(reverse('edit_profile')) provider.add_to_user() provider.log("added") provider = user.get_auth_provider(provider_module, identifier) messages.success(request, provider.get_added_msg) return HttpResponseRedirect(reverse('edit_profile')) # astakos user exists ? try: user = AstakosUser.objects.get_auth_provider_user( provider_module, identifier=identifier, user__email_verified=True, ) except AstakosUser.DoesNotExist: # TODO: add a message ? redirec to login ? if astakos_messages.AUTH_PROVIDER_SIGNUP_FROM_LOGIN: messages.warning(request, astakos_messages.AUTH_PROVIDER_SIGNUP_FROM_LOGIN) raise if not third_party_key: third_party_key = get_pending_key(request) provider = user.get_auth_provider(provider_module, identifier) if user.is_active: if not provider.get_login_policy: messages.error(request, provider.get_login_disabled_msg) return HttpResponseRedirect(reverse('login')) # authenticate user response = prepare_response(request, user, next_redirect, 'renew' in request.GET) messages.success(request, provider.get_login_success_msg) add_pending_auth_provider(request, third_party_key, provider) response.set_cookie('astakos_last_login_method', provider_module) return response else: message = user.get_inactive_message(provider_module, identifier) messages.error(request, message) return HttpResponseRedirect(login_url(request))