def update_defaultview(request, map_id, is_global_defaultview=False):
""" Save/update a default view for a user.
:param request: request
:param map_id: NetmapView id
:return: 200 HttpResponse with view_id or related http status code.
"""
session_user = get_account(request)
if not session_user.is_admin():
return HttpResponseForbidden()
view = get_object_or_404(NetmapView, pk=map_id)
if is_global_defaultview:
if session_user.is_admin():
NetmapViewDefaultView.objects.filter(
owner=Account(pk=Account.DEFAULT_ACCOUNT)).delete()
default_view = NetmapViewDefaultView()
default_view.view = view
default_view.owner = Account(pk=Account.DEFAULT_ACCOUNT)
default_view.save()
return HttpResponse(default_view.view.viewid)
else:
return HttpResponseForbidden()
else:
if view.is_public or (session_user == view.owner):
NetmapViewDefaultView.objects.filter(owner=session_user).delete()
default_view = NetmapViewDefaultView()
default_view.view = view
default_view.owner = session_user
default_view.save()
return HttpResponse(default_view.view.viewid)
else:
return HttpResponseForbidden()
def authenticate(username, password):
'''Authenticate username and password against database.
Returns account object if user was authenticated, else None.
'''
# FIXME Log stuff?
auth = False
account = None
# Try to find the account in the database. If it's not found we can try
# LDAP.
try:
account = Account.objects.get(login__iexact=username)
except Account.DoesNotExist:
if ldapauth.available:
user = ldapauth.authenticate(username, password)
# If we authenticated, store the user in database.
if user:
account = Account(
login=user.username,
name=user.get_real_name(),
ext_sync='ldap'
)
account.set_password(password)
account.save()
# We're authenticated now
auth = True
if (account and account.ext_sync == 'ldap' and
ldapauth.available and not auth):
try:
auth = ldapauth.authenticate(username, password)
except ldapauth.NoAnswerError:
# Fallback to stored password if ldap is unavailable
auth = False
else:
if auth:
account.set_password(password)
account.save()
else:
return
if account and not auth:
auth = account.check_password(password)
if auth and account:
return account
else:
return None
def _get_global_defaultview_as_json(request):
"""Helper for fetching global default view"""
session_user = get_account(request)
try:
view = NetmapViewDefaultView.objects.get(owner=session_user)
except ObjectDoesNotExist:
try:
view = NetmapViewDefaultView.objects.get(
owner=Account(pk=Account.DEFAULT_ACCOUNT))
except ObjectDoesNotExist:
view = None
return simplejson.dumps(view.to_json_dict()) if view else 'null'
def resolve_account_admin_and_owner(request):
"""Primarily used before saving filters and filter groups.
Gets account, checks if user is admin, and sets owner to a appropriate
value.
"""
account = get_account(request)
admin = is_admin(account)
owner = Account()
if request.POST.get('owner') or not admin:
owner = account
return (account, admin, owner)
def authenticate_remote_user(request):
"""Authenticate username from http header REMOTE_USER
Returns:
:return: If the user was authenticated, an account.
If the user was blocked from logging in, False.
Otherwise, None.
:rtype: Account, False, None
"""
username = get_remote_username(request)
if not username:
return None
# We now have a username-ish
try:
account = Account.objects.get(login=username)
except Account.DoesNotExist:
# Store the remote user in the database and return the new account
account = Account(login=username,
name=username,
ext_sync='REMOTE_USER')
account.set_password(fake_password(32))
account.save()
_logger.info("Created user %s from header REMOTE_USER", account.login)
template = 'Account "{actor}" created due to REMOTE_USER HTTP header'
LogEntry.add_log_entry(account,
'create-account',
template=template,
subsystem='auth')
return account
# Bail out! Potentially evil user
if account.locked:
_logger.info("Locked user %s tried to log in", account.login)
template = 'Account "{actor}" was prevented from logging in: blocked'
LogEntry.add_log_entry(account,
'login-prevent',
template=template,
subsystem='auth')
return False
return account
def authenticate(username, password):
'''Authenticate username and password against database.
Returns account object if user was authenticated, else None.
'''
# FIXME Log stuff?
auth = False
account = None
# Try to find the account in the database. If it's not found we can try
# LDAP.
try:
account = Account.objects.get(login__iexact=username)
except Account.DoesNotExist:
if ldapauth.available:
user = ldapauth.authenticate(username, password)
# If we authenticated, store the user in database.
if user:
account = Account(
login=user.username,
name=user.get_real_name(),
ext_sync='ldap'
)
account.set_password(password)
account.save()
_handle_ldap_admin_status(user, account)
# We're authenticated now
auth = True
if account and account.locked:
_logger.info("Locked user %s tried to log in", account.login)
if (account and
account.ext_sync == 'ldap' and
ldapauth.available and
not auth and
not account.locked):
try:
auth = ldapauth.authenticate(username, password)
except ldapauth.NoAnswerError:
# Fallback to stored password if ldap is unavailable
auth = False
else:
if auth:
account.set_password(password)
account.save()
_handle_ldap_admin_status(auth, account)
else:
return
if account and not auth:
auth = account.check_password(password)
if auth and account:
return account
else:
return None