def authenticated( request, template='im/third_party_check_local.html', extra_context=None ): if extra_context is None: extra_context = {} if request.GET.get('error', None): return HttpResponseRedirect(reverse('edit_profile')) # TODO: Handle errors, e.g. error=access_denied try: consumer = oauth.Consumer(key=OAUTH_CONSUMER_KEY, secret=OAUTH_CONSUMER_SECRET) client = oauth.Client(consumer) code = request.GET.get('code', None) params = { 'code': code, 'client_id': settings.GOOGLE_CLIENT_ID, 'client_secret': settings.GOOGLE_SECRET, 'redirect_uri': get_redirect_uri(), 'grant_type': 'authorization_code' } get_token_url = "%s" % (request_token_url,) resp, content = client.request(get_token_url, "POST", body=urllib.urlencode(params)) token = json.loads(content).get('access_token', None) resp, content = client.request("%s?access_token=%s" % (access_token_url, token), "GET") access_token_data = json.loads(content) except Exception: messages.error(request, _('Invalid Google response. Please ' 'contact support')) return HttpResponseRedirect(reverse('edit_profile')) if not access_token_data.get('user_id', None): messages.error(request, _('Invalid Google response. Please contact ' ' support')) return HttpResponseRedirect(reverse('edit_profile')) userid = access_token_data['user_id'] provider_info = access_token_data affiliation = 'Google.com' try: return handle_third_party_login(request, 'google', userid, provider_info, affiliation) except AstakosUser.DoesNotExist: third_party_key = get_pending_key(request) user_info = {'affiliation': affiliation} return handle_third_party_signup(request, userid, 'google', third_party_key, provider_info, user_info, template, extra_context)
def authenticated( request, template='im/third_party_check_local.html', extra_context=None): if extra_context is None: extra_context = {} consumer = oauth.Consumer(settings.TWITTER_TOKEN, settings.TWITTER_SECRET) client = oauth.Client(consumer) if request.GET.get('denied'): return HttpResponseRedirect(reverse('edit_profile')) if not 'request_token' in request.session: messages.error(request, 'Twitter handshake failed') return HttpResponseRedirect(reverse('edit_profile')) token = oauth.Token(request.session['request_token']['oauth_token'], request.session['request_token']['oauth_token_secret']) client = oauth.Client(consumer, token) # Step 2. Request the authorized access token from Twitter. parts = list(urlsplit(access_token_url)) params = dict(parse_qsl(parts[3], keep_blank_values=True)) oauth_verifier = request.GET.get('oauth_verifier') params['oauth_verifier'] = oauth_verifier parts[3] = urlencode(params) parameterized_url = urlunsplit(parts) resp, content = client.request(parameterized_url, "GET") if resp['status'] != '200': try: del request.session['request_token'] except: pass messages.error(request, 'Invalid Twitter response') logger.error("Invalid twitter response %s", resp) return HttpResponseRedirect(reverse('edit_profile')) access_token = dict(cgi.parse_qsl(content)) userid = access_token['user_id'] username = access_token.get('screen_name', userid) provider_info = {'screen_name': username} affiliation = 'Twitter.com' try: return handle_third_party_login(request, 'twitter', userid, provider_info, affiliation) except AstakosUser.DoesNotExist, e: third_party_key = get_pending_key(request) user_info = {'affiliation': affiliation} return handle_third_party_signup(request, userid, 'twitter', third_party_key, provider_info, user_info, template, extra_context)
def authenticated(request, template='im/third_party_check_local.html', extra_context=None): if extra_context is None: extra_context = {} consumer = oauth.Consumer(settings.TWITTER_TOKEN, settings.TWITTER_SECRET) client = oauth.Client(consumer) if request.GET.get('denied'): return HttpResponseRedirect(reverse('edit_profile')) if not 'request_token' in request.session: messages.error(request, 'Twitter handshake failed') return HttpResponseRedirect(reverse('edit_profile')) token = oauth.Token(request.session['request_token']['oauth_token'], request.session['request_token']['oauth_token_secret']) client = oauth.Client(consumer, token) # Step 2. Request the authorized access token from Twitter. parts = list(urlsplit(access_token_url)) params = dict(parse_qsl(parts[3], keep_blank_values=True)) oauth_verifier = request.GET.get('oauth_verifier') params['oauth_verifier'] = oauth_verifier parts[3] = urlencode(params) parameterized_url = urlunsplit(parts) resp, content = client.request(parameterized_url, "GET") if resp['status'] != '200': try: del request.session['request_token'] except: pass messages.error(request, 'Invalid Twitter response') logger.error("Invalid twitter response %s", resp) return HttpResponseRedirect(reverse('edit_profile')) access_token = dict(cgi.parse_qsl(content)) userid = access_token['user_id'] username = access_token.get('screen_name', userid) provider_info = {'screen_name': username} affiliation = 'Twitter.com' try: return handle_third_party_login(request, 'twitter', userid, provider_info, affiliation) except AstakosUser.DoesNotExist, e: third_party_key = get_pending_key(request) user_info = {'affiliation': affiliation} return handle_third_party_signup(request, userid, 'twitter', third_party_key, provider_info, user_info, template, extra_context)
def authenticated(request, template='im/third_party_check_local.html', extra_context=None): if extra_context is None: extra_context = {} if request.GET.get('error', None): return HttpResponseRedirect(reverse('edit_profile')) # TODO: Handle errors, e.g. error=access_denied try: oauth = OAuth2Session(settings.GOOGLE_CLIENT_ID, redirect_uri=get_redirect_uri(), scope=token_scope) code = request.GET.get('code', None) token = oauth.fetch_token(request_token_url, code=code, client_secret=settings.GOOGLE_SECRET) access_token = token.get('access_token', None) # Simply validating the token should return user_id # This probably does not need to be performed via the oauth.request # method resp = oauth.request(url="%s?access_token=%s" % (access_token_url, access_token), method="GET") access_token_data = json.loads(resp.content) except Exception as e: logger.exception(e) messages.error(request, _('Invalid Google response. Please ' 'contact support')) return HttpResponseRedirect(reverse('edit_profile')) if not access_token_data.get('user_id', None): messages.error( request, _('Invalid Google response. Please contact ' ' support')) return HttpResponseRedirect(reverse('edit_profile')) userid = access_token_data['user_id'] provider_info = access_token_data affiliation = 'Google.com' user_info = {'affiliation': affiliation} try: return handle_third_party_login(request, 'google', userid, provider_info, affiliation, user_info=user_info) except AstakosUser.DoesNotExist: third_party_key = get_pending_key(request) return handle_third_party_signup(request, userid, 'google', third_party_key, provider_info, user_info, template, extra_context)
def authenticated(request, template='im/third_party_check_local.html', extra_context=None): if extra_context is None: extra_context = {} if request.GET.get('error', None): return HttpResponseRedirect(reverse('edit_profile')) # TODO: Handle errors, e.g. error=access_denied try: consumer = oauth.Consumer(key=OAUTH_CONSUMER_KEY, secret=OAUTH_CONSUMER_SECRET) client = oauth.Client(consumer) code = request.GET.get('code', None) params = { 'code': code, 'client_id': settings.GOOGLE_CLIENT_ID, 'client_secret': settings.GOOGLE_SECRET, 'redirect_uri': get_redirect_uri(), 'grant_type': 'authorization_code' } get_token_url = "%s" % (request_token_url, ) resp, content = client.request(get_token_url, "POST", body=urllib.urlencode(params)) token = json.loads(content).get('access_token', None) resp, content = client.request( "%s?access_token=%s" % (access_token_url, token), "GET") access_token_data = json.loads(content) except Exception: messages.error(request, _('Invalid Google response. Please ' 'contact support')) return HttpResponseRedirect(reverse('edit_profile')) if not access_token_data.get('user_id', None): messages.error( request, _('Invalid Google response. Please contact ' ' support')) return HttpResponseRedirect(reverse('edit_profile')) userid = access_token_data['user_id'] provider_info = access_token_data affiliation = 'Google.com' try: return handle_third_party_login(request, 'google', userid, provider_info, affiliation) except AstakosUser.DoesNotExist: third_party_key = get_pending_key(request) user_info = {'affiliation': affiliation} return handle_third_party_signup(request, userid, 'google', third_party_key, provider_info, user_info, template, extra_context)
def authenticated(request, template="im/third_party_check_local.html", extra_context=None): if extra_context is None: extra_context = {} consumer = oauth.Consumer(settings.LINKEDIN_TOKEN, settings.LINKEDIN_SECRET) client = oauth.Client(consumer) if request.GET.get("denied"): return HttpResponseRedirect(reverse("edit_profile")) if not "request_token" in request.session: messages.error(request, "linkedin handshake failed") return HttpResponseRedirect(reverse("edit_profile")) token = oauth.Token( request.session["request_token"]["oauth_token"], request.session["request_token"]["oauth_token_secret"] ) token.set_verifier(request.GET.get("oauth_verifier")) client = oauth.Client(consumer, token) resp, content = client.request(access_token_url, "POST") if resp["status"] != "200": try: del request.session["request_token"] except: pass messages.error(request, "Invalid linkedin token response") return HttpResponseRedirect(reverse("edit_profile")) access_token = dict(cgi.parse_qsl(content)) token = oauth.Token(access_token["oauth_token"], access_token["oauth_token_secret"]) client = oauth.Client(consumer, token) resp, content = client.request( "http://api.linkedin.com/v1/people/~:(id,first-name,last-name,industry,email-address)?format=json", "GET" ) if resp["status"] != "200": try: del request.session["request_token"] except: pass messages.error(request, "Invalid linkedin profile response") return HttpResponseRedirect(reverse("edit_profile")) profile_data = json.loads(content) userid = profile_data["id"] username = profile_data.get("emailAddress", None) realname = profile_data.get("firstName", "") + " " + profile_data.get("lastName", "") provider_info = profile_data affiliation = "LinkedIn.com" try: return handle_third_party_login(request, "linkedin", userid, provider_info, affiliation) except AstakosUser.DoesNotExist, e: third_party_key = get_pending_key(request) user_info = {"affiliation": affiliation, "realname": realname} return handle_third_party_signup( request, userid, "linkedin", third_party_key, provider_info, user_info, template, extra_context )
def authenticated( request, template='im/third_party_check_local.html', extra_context=None ): if extra_context is None: extra_context = {} if request.GET.get('error', None): return HttpResponseRedirect(reverse('edit_profile')) # TODO: Handle errors, e.g. error=access_denied try: oauth = OAuth2Session(settings.GOOGLE_CLIENT_ID, redirect_uri=get_redirect_uri(), scope=token_scope) code = request.GET.get('code', None) token = oauth.fetch_token(request_token_url, code=code, client_secret=settings.GOOGLE_SECRET) access_token = token.get('access_token', None) # Simply validating the token should return user_id # This probably does not need to be performed via the oauth.request # method resp = oauth.request(url="%s?access_token=%s" % (access_token_url, access_token), method="GET") access_token_data = json.loads(resp.content) except Exception as e: logger.exception(e) messages.error(request, _('Invalid Google response. Please ' 'contact support')) return HttpResponseRedirect(reverse('edit_profile')) if not access_token_data.get('user_id', None): messages.error(request, _('Invalid Google response. Please contact ' ' support')) return HttpResponseRedirect(reverse('edit_profile')) userid = access_token_data['user_id'] provider_info = access_token_data affiliation = 'Google.com' user_info = {'affiliation': affiliation} try: return handle_third_party_login(request, 'google', userid, provider_info, affiliation, user_info=user_info) except AstakosUser.DoesNotExist: third_party_key = get_pending_key(request) return handle_third_party_signup(request, userid, 'google', third_party_key, provider_info, user_info, template, extra_context)
def authenticated(request, template='im/third_party_check_local.html', extra_context=None): if extra_context is None: extra_context = {} if request.GET.get('denied'): return HttpResponseRedirect(reverse('edit_profile')) if 'request_token' not in request.session: messages.error(request, 'Twitter handshake failed') return HttpResponseRedirect(reverse('edit_profile')) oauth_verifier = request.GET.get('oauth_verifier') resource_owner_key = request.session['request_token'].get('oauth_token') resource_owner_secret = request.session['request_token']\ .get('oauth_token_secret') oauth = OAuth1(settings.TWITTER_TOKEN, client_secret=settings.TWITTER_SECRET, resource_owner_key=resource_owner_key, resource_owner_secret=resource_owner_secret, verifier=oauth_verifier) resp = requests.post(url=access_token_url, auth=oauth) if resp.status_code != 200: try: del request.session['request_token'] except: pass messages.error(request, 'Invalid Twitter response') logger.error("Invalid twitter response (code: %d) %s", resp.status_code, resp.content) return HttpResponseRedirect(reverse('edit_profile')) access_token = dict(parse_qsl(resp.content)) userid = access_token['user_id'] username = access_token.get('screen_name', userid) provider_info = {'screen_name': username} affiliation = 'Twitter.com' user_info = {'affiliation': affiliation} try: return handle_third_party_login(request, 'twitter', userid, provider_info, affiliation, user_info=user_info) except AstakosUser.DoesNotExist: third_party_key = get_pending_key(request) return handle_third_party_signup(request, userid, 'twitter', third_party_key, provider_info, user_info, template, extra_context)
else: realname = '' except KeyError, e: # invalid shibboleth headers, redirect to login, display message messages.error(request, e.message) return HttpResponseRedirect(login_url(request)) affiliation = tokens.get(Tokens.SHIB_EP_AFFILIATION, 'Shibboleth') email = tokens.get(Tokens.SHIB_MAIL, '') eppn_info = tokens.get(Tokens.SHIB_EPPN) provider_info = {'eppn': eppn_info, 'email': email, 'name': realname, 'headers': shibboleth_headers} userid = eppn try: return handle_third_party_login(request, 'shibboleth', eppn, provider_info, affiliation, third_party_key) except AstakosUser.DoesNotExist, e: third_party_key = get_pending_key(request) user_info = {'affiliation': affiliation, 'realname': realname} return handle_third_party_signup(request, userid, 'shibboleth', third_party_key, provider_info, user_info, template, extra_context)
def login(request, template_name="im/login.html", on_failure='im/login.html', signup_template="/im/third_party_check_local.html", extra_context=None): """ on_failure: the template name to render on login failure """ if request.method == 'GET': return handle_get_to_login_view(request, primary_provider=LDAP_PROVIDER, login_form=LDAPLoginForm(request), template_name=template_name, extra_context=extra_context) # 'limited' attribute is used by recapatcha was_limited = getattr(request, 'limited', False) next = get_query(request).get('next', '') third_party_token = get_query(request).get('key', False) form = LDAPLoginForm(data=request.POST, was_limited=was_limited, request=request) provider = LDAP_PROVIDER if not form.is_valid(): if third_party_token: messages.info(request, provider.get_login_to_add_msg) return render_to_response(on_failure, { 'login_form': form, 'next': next, 'key': third_party_token }, context_instance=get_context( request, primary_provider=LDAP_PROVIDER)) # get the user from the cache user = form.ldap_user_cache provider = auth.get_provider('ldap', user) affiliation = 'LDAP' provider_info = dict(user.ldap_user.attrs) try: user_info = populate_user_attributes(provider, provider_info) user_id = user_info.pop('identifier') except (ValueError, KeyError): logger.exception( "Failed to map attributes from LDAP provider." " Provider attributes: %s", provider_info) msg = 'Invalid LDAP response. Please contact support.' messages.error(request, msg) return HttpResponseRedirect(reverse('login')) provider_info = dict([(k, smart_unicode(v, errors="ignore")) for k, v in provider_info.items() if k in provider.get_provider_info_attributes()]) user_info['affiliation'] = affiliation if hasattr(user, 'group_names') and provider.get_policy('mirror_groups'): groups = [ Group.objects.get_or_create(name=group_name)[0] for group_name in user.group_names ] user_info['groups'] = groups try: return handle_third_party_login(request, provider_module="ldap", identifier=user_id, provider_info=provider_info, affiliation=affiliation, user_info=user_info) except AstakosUser.DoesNotExist: third_party_key = get_pending_key(request) return handle_third_party_signup(request, user_id, 'ldap', third_party_key, provider_info, user_info, signup_template, extra_context)
def authenticated(request, template='im/third_party_check_local.html', extra_context=None): if extra_context is None: extra_context = {} if request.GET.get('denied'): return HttpResponseRedirect(reverse('edit_profile')) if 'request_token' not in request.session: messages.error(request, 'linkedin handshake failed') return HttpResponseRedirect(reverse('edit_profile')) resource_owner_key = request.session['request_token'].get('oauth_token') resource_owner_secret = request.session['request_token']\ .get('oauth_token_secret') oauth_verifier = request.GET.get('oauth_verifier') oauth = OAuth1(settings.LINKEDIN_TOKEN, client_secret=settings.LINKEDIN_SECRET, resource_owner_key=resource_owner_key, resource_owner_secret=resource_owner_secret, verifier=oauth_verifier) resp = requests.post(access_token_url, auth=oauth) if resp.status_code != 200: try: del request.session['request_token'] except: pass logger.error( "Invalid LinkedIn response while getting access token " + "(code: %d) %s", resp.status_code, resp.content) messages.error(request, 'Invalid LinkedIn token response') return HttpResponseRedirect(reverse('edit_profile')) access_token = dict(parse_qsl(resp.content)) resource_owner_key = access_token.get('oauth_token') resource_owner_secret = access_token.get('oauth_token_secret') oauth = OAuth1(settings.LINKEDIN_TOKEN, client_secret=settings.LINKEDIN_SECRET, resource_owner_key=resource_owner_key, resource_owner_secret=resource_owner_secret) _url = ("http://api.linkedin.com/v1/people/~:(id,first-name,last-name," "industry,email-address)?format=json") resp = requests.get(_url, auth=oauth) if resp.status_code != 200: try: del request.session['request_token'] except: pass messages.error(request, 'Invalid LinkedIn profile response') logger.error( "Invalid LinkedIn response while getting user info " + "(code: %d) %s", resp.status_code, resp.content) return HttpResponseRedirect(reverse('edit_profile')) profile_data = json.loads(resp.content) userid = profile_data['id'] # username = profile_data.get('emailAddress', None) realname = profile_data.get('firstName', '') + ' ' + profile_data.get( 'lastName', '') provider_info = profile_data affiliation = 'LinkedIn.com' user_info = {'affiliation': affiliation, 'realname': realname} try: return handle_third_party_login(request, 'linkedin', userid, provider_info, affiliation, user_info=user_info) except AstakosUser.DoesNotExist: third_party_key = get_pending_key(request) return handle_third_party_signup(request, userid, 'linkedin', third_party_key, provider_info, user_info, template, extra_context)
def authenticated( request, template='im/third_party_check_local.html', extra_context=None ): if extra_context is None: extra_context = {} consumer = oauth.Consumer(settings.LINKEDIN_TOKEN, settings.LINKEDIN_SECRET) client = oauth.Client(consumer) if request.GET.get('denied'): return HttpResponseRedirect(reverse('edit_profile')) if not 'request_token' in request.session: messages.error(request, 'linkedin handshake failed') return HttpResponseRedirect(reverse('edit_profile')) token = oauth.Token(request.session['request_token']['oauth_token'], request.session['request_token']['oauth_token_secret']) token.set_verifier(request.GET.get('oauth_verifier')) client = oauth.Client(consumer, token) resp, content = client.request(access_token_url, "POST") if resp['status'] != '200': try: del request.session['request_token'] except: pass messages.error(request, 'Invalid linkedin token response') return HttpResponseRedirect(reverse('edit_profile')) access_token = dict(cgi.parse_qsl(content)) token = oauth.Token(access_token['oauth_token'], access_token['oauth_token_secret']) client = oauth.Client(consumer, token) _url = ("http://api.linkedin.com/v1/people/~:(id,first-name,last-name," "industry,email-address)?format=json") resp, content = client.request(_url, "GET") if resp['status'] != '200': try: del request.session['request_token'] except: pass messages.error(request, 'Invalid linkedin profile response') return HttpResponseRedirect(reverse('edit_profile')) profile_data = json.loads(content) userid = profile_data['id'] username = profile_data.get('emailAddress', None) realname = profile_data.get('firstName', '') + ' ' + profile_data.get( 'lastName', '') provider_info = profile_data affiliation = 'LinkedIn.com' try: return handle_third_party_login(request, 'linkedin', userid, provider_info, affiliation) except AstakosUser.DoesNotExist, e: third_party_key = get_pending_key(request) user_info = {'affiliation': affiliation, 'realname': realname} return handle_third_party_signup(request, userid, 'linkedin', third_party_key, provider_info, user_info, template, extra_context)
def authenticated( request, template='im/third_party_check_local.html', extra_context=None ): if extra_context is None: extra_context = {} if request.GET.get('denied'): return HttpResponseRedirect(reverse('edit_profile')) if 'request_token' not in request.session: messages.error(request, 'linkedin handshake failed') return HttpResponseRedirect(reverse('edit_profile')) resource_owner_key = request.session['request_token'].get('oauth_token') resource_owner_secret = request.session['request_token']\ .get('oauth_token_secret') oauth_verifier = request.GET.get('oauth_verifier') oauth = OAuth1(settings.LINKEDIN_TOKEN, client_secret=settings.LINKEDIN_SECRET, resource_owner_key=resource_owner_key, resource_owner_secret=resource_owner_secret, verifier=oauth_verifier) resp = requests.post(access_token_url, auth=oauth) if resp.status_code != 200: try: del request.session['request_token'] except: pass logger.error("Invalid LinkedIn response while getting access token " + "(code: %d) %s", resp.status_code, resp.content) messages.error(request, 'Invalid LinkedIn token response') return HttpResponseRedirect(reverse('edit_profile')) access_token = dict(parse_qsl(resp.content)) resource_owner_key = access_token.get('oauth_token') resource_owner_secret = access_token.get('oauth_token_secret') oauth = OAuth1(settings.LINKEDIN_TOKEN, client_secret=settings.LINKEDIN_SECRET, resource_owner_key=resource_owner_key, resource_owner_secret=resource_owner_secret) _url = ("http://api.linkedin.com/v1/people/~:(id,first-name,last-name," "industry,email-address)?format=json") resp = requests.get(_url, auth=oauth) if resp.status_code != 200: try: del request.session['request_token'] except: pass messages.error(request, 'Invalid LinkedIn profile response') logger.error("Invalid LinkedIn response while getting user info " + "(code: %d) %s", resp.status_code, resp.content) return HttpResponseRedirect(reverse('edit_profile')) profile_data = json.loads(resp.content) userid = profile_data['id'] # username = profile_data.get('emailAddress', None) realname = profile_data.get('firstName', '') + ' ' + profile_data.get( 'lastName', '') provider_info = profile_data affiliation = 'LinkedIn.com' user_info = {'affiliation': affiliation, 'realname': realname} try: return handle_third_party_login(request, 'linkedin', userid, provider_info, affiliation, user_info=user_info) except AstakosUser.DoesNotExist: third_party_key = get_pending_key(request) return handle_third_party_signup(request, userid, 'linkedin', third_party_key, provider_info, user_info, template, extra_context)
def authenticated(request, template='im/third_party_check_local.html', extra_context=None): if extra_context is None: extra_context = {} consumer = oauth.Consumer(settings.LINKEDIN_TOKEN, settings.LINKEDIN_SECRET) client = oauth.Client(consumer) if request.GET.get('denied'): return HttpResponseRedirect(reverse('edit_profile')) if not 'request_token' in request.session: messages.error(request, 'linkedin handshake failed') return HttpResponseRedirect(reverse('edit_profile')) token = oauth.Token(request.session['request_token']['oauth_token'], request.session['request_token']['oauth_token_secret']) token.set_verifier(request.GET.get('oauth_verifier')) client = oauth.Client(consumer, token) resp, content = client.request(access_token_url, "POST") if resp['status'] != '200': try: del request.session['request_token'] except: pass messages.error(request, 'Invalid linkedin token response') return HttpResponseRedirect(reverse('edit_profile')) access_token = dict(cgi.parse_qsl(content)) token = oauth.Token(access_token['oauth_token'], access_token['oauth_token_secret']) client = oauth.Client(consumer, token) resp, content = client.request( "http://api.linkedin.com/v1/people/~:(id,first-name,last-name,industry,email-address)?format=json", "GET") if resp['status'] != '200': try: del request.session['request_token'] except: pass messages.error(request, 'Invalid linkedin profile response') return HttpResponseRedirect(reverse('edit_profile')) profile_data = json.loads(content) userid = profile_data['id'] username = profile_data.get('emailAddress', None) realname = profile_data.get('firstName', '') + ' ' + profile_data.get( 'lastName', '') provider_info = profile_data affiliation = 'LinkedIn.com' try: return handle_third_party_login(request, 'linkedin', userid, provider_info, affiliation) except AstakosUser.DoesNotExist, e: third_party_key = get_pending_key(request) user_info = {'affiliation': affiliation, 'realname': realname} return handle_third_party_signup(request, userid, 'linkedin', third_party_key, provider_info, user_info, template, extra_context)
except KeyError, e: # invalid shibboleth headers, redirect to login, display message logger.exception(e) messages.error(request, e.message) return HttpResponseRedirect(login_url(request)) if settings.SHIBBOLETH_MIGRATE_EPPN: migrate_eppn_to_remote_id(eppn, user_id) affiliation = tokens.get(Tokens.SHIB_EP_AFFILIATION, 'Shibboleth') email = tokens.get(Tokens.SHIB_MAIL, '') provider_info = {'eppn': eppn, 'email': email, 'name': fullname, 'headers': shibboleth_headers, 'user_id': user_id} try: return handle_third_party_login(request, 'shibboleth', user_id, provider_info, affiliation, third_party_key) except AstakosUser.DoesNotExist, e: third_party_key = get_pending_key(request) user_info = {'affiliation': affiliation, 'first_name': first_name, 'last_name': last_name, 'email': email} return handle_third_party_signup(request, user_id, 'shibboleth', third_party_key, provider_info, user_info, template, extra_context)
def login(request, template_name="im/login.html", on_failure='im/login.html', signup_template="/im/third_party_check_local.html", extra_context=None): """ on_failure: the template name to render on login failure """ if request.method == 'GET': return handle_get_to_login_view(request, primary_provider=LDAP_PROVIDER, login_form=LDAPLoginForm(request), template_name=template_name, extra_context=extra_context) # 'limited' attribute is used by recapatcha was_limited = getattr(request, 'limited', False) next = get_query(request).get('next', '') third_party_token = get_query(request).get('key', False) form = LDAPLoginForm(data=request.POST, was_limited=was_limited, request=request) provider = LDAP_PROVIDER if not form.is_valid(): if third_party_token: messages.info(request, provider.get_login_to_add_msg) return render_to_response( on_failure, {'login_form': form, 'next': next, 'key': third_party_token}, context_instance=get_context(request, primary_provider=LDAP_PROVIDER)) # get the user from the cache user = form.ldap_user_cache provider = auth.get_provider('ldap', user) affiliation = 'LDAP' provider_info = dict(user.ldap_user.attrs) try: user_info = populate_user_attributes(provider, provider_info) user_id = user_info.pop('identifier') except (ValueError, KeyError): logger.exception("Failed to map attributes from LDAP provider." " Provider attributes: %s", provider_info) msg = 'Invalid LDAP response. Please contact support.' messages.error(request, msg) return HttpResponseRedirect(reverse('login')) provider_info = dict([(k, smart_unicode(v, errors="ignore")) for k, v in provider_info.items() if k in provider.get_provider_info_attributes()]) user_info['affiliation'] = affiliation if hasattr(user, 'group_names') and provider.get_policy('mirror_groups'): groups = [Group.objects.get_or_create(name=group_name)[0] for group_name in user.group_names] user_info['groups'] = groups try: return handle_third_party_login(request, provider_module="ldap", identifier=user_id, provider_info=provider_info, affiliation=affiliation, user_info=user_info) except AstakosUser.DoesNotExist: third_party_key = get_pending_key(request) return handle_third_party_signup(request, user_id, 'ldap', third_party_key, provider_info, user_info, signup_template, extra_context)