def login(request, election, trustee_email, trustee_secret):
trustee = get_object_or_404(Trustee,
election=election,
email=trustee_email)
if not trustee:
raise PermissionDenied("Invalid election")
if trustee_secret == trustee.secret:
user = auth.ZeusUser(trustee)
if request.zeususer.is_authenticated() and (
not request.zeususer.is_trustee or \
request.zeususer._user.pk != trustee.pk):
messages.error(
request,
_("You need to logout from your current account "
"to access this view."))
return HttpResponseRedirect(reverse('error', kwargs={'code': 403}))
user.authenticate(request)
election.logger.info("Trustee %r logged in", trustee.email)
return HttpResponseRedirect(
reverse('election_trustee_home', args=[election.uuid]))
else:
url = election_reverse(election, 'index')
return HttpResponseRedirect(url)
def cast_done(request, election, poll):
if request.zeususer.is_authenticated() and request.zeususer.is_voter:
if poll.has_linked_polls:
voter = request.zeususer._user
next_poll = poll.next_linked_poll(voter_id=voter.voter_login_id)
if next_poll:
try:
voter = next_poll.voters.get(
voter_login_id=request.zeususer._user.voter_login_id)
user = auth.ZeusUser(voter)
user.authenticate(request)
url = next_poll.get_booth_url(request)
return HttpResponseRedirect(url)
except Voter.DoesNotExist:
pass
request.zeususer.logout(request)
fingerprint = request.GET.get('f')
if not request.GET.get('f', None):
raise PermissionDenied('39')
vote = get_object_or_404(CastVote, fingerprint=fingerprint)
return render_template(request, 'election_poll_cast_done', {
'cast_vote': vote,
'election_uuid': election.uuid,
'poll_uuid': poll.uuid
})
def oauth2_login(request):
poll_uuid = request.GET.get('state')
try:
poll = Poll.objects.get(uuid=poll_uuid)
except Poll.DoesNotExist:
return HttpResponseBadRequest(400)
oauth2 = poll.get_oauth2_module
if oauth2.can_exchange(request):
oauth2.exchange(oauth2.get_exchange_url())
try:
confirmed, data = oauth2.confirm_email()
if confirmed:
voter = Voter.objects.get(poll__uuid=poll_uuid,
uuid=oauth2.voter_uuid)
user = auth.ZeusUser(voter)
user.authenticate(request)
poll.logger.info("Poll voter '%s' logged in",
voter.voter_login_id)
del request.session['oauth2_voter_uuid']
del request.session['oauth2_voter_email']
return HttpResponseRedirect(poll_reverse(poll, 'index'))
else:
poll.logger.info(
"[thirdparty] %s cannot resolve email from %r",
poll.remote_login_display, data)
messages.error(request, 'oauth2 user does not match voter')
return HttpResponseRedirect(
reverse('error', kwargs={'code': 400}))
except urllib2.HTTPError, e:
poll.logger.exception(e)
messages.error(request, 'oauth2 error')
return HttpResponseRedirect(reverse('error', kwargs={'code': 400}))
pass
def process_request(self, request):
setattr(request, 'zeususer', auth.ZeusUser(None))
user = auth.ZeusUser.from_request(request)
setattr(request, 'zeususer', user)
if user.is_admin:
setattr(request, 'admin', user._user)
if user.is_voter:
setattr(request, 'voter', user._user)
if user.is_trustee:
setattr(request, 'trustee', user._user)
def voter_login(request):
form = VoterLoginForm()
if request.method == 'POST':
form = VoterLoginForm(request.POST)
if form.is_valid():
poll = form._voter.poll
user = auth.ZeusUser(form._voter)
user.authenticate(request)
poll.logger.info("Poll voter '%s' logged in (global login view)",
form._voter.voter_login_id)
return HttpResponseRedirect(poll_reverse(poll, 'index'))
cxt = {'form': form}
return render_template(request, 'voter_login', cxt)
def voter_booth_linked_login(request, election, poll, voter_uuid):
voter = request.zeususer._user
linked_poll = request.GET.get('link-to', None)
if not poll.has_linked_polls:
raise PermissionDenied()
if not linked_poll or linked_poll not in \
poll.linked_polls.values_list('uuid', flat=True):
raise PermissionDenied()
linked_poll = election.polls.get(uuid=linked_poll)
linked_voter = linked_poll.voters.get(voter_login_id=voter.voter_login_id)
user = auth.ZeusUser(linked_voter)
user.authenticate(request)
poll.logger.info("Poll voter '%s' logged in in linked poll '%s'",
voter.voter_login_id, poll.uuid)
url = linked_poll.get_booth_url(request)
return HttpResponseRedirect(url)
def voter_login(request, lang=None):
if lang and lang in dict(settings.LANGUAGES):
translation.activate(lang)
form_cls = VoterLoginForm
form = VoterLoginForm()
if request.method == 'POST':
form = VoterLoginForm(request.POST)
if form.is_valid():
poll = form._voter.poll
user = auth.ZeusUser(form._voter)
user.authenticate(request)
poll.logger.info("Poll voter '%s' logged in (global login view)",
form._voter.voter_login_id)
return HttpResponseRedirect(poll_reverse(poll, 'index'))
cxt = {'form': form}
return render_template(request, 'voter_login', cxt)
def voter_booth_login(request, election, poll, voter_uuid, voter_secret):
voter = None
if poll.jwt_auth:
messages.error(request, _("Poll does not support voter url login."))
return HttpResponseRedirect(reverse('error', kwargs={'code': 403}))
try:
voter = Voter.objects.get(poll=poll, uuid=voter_uuid)
if voter.excluded_at:
raise PermissionDenied('37')
except Voter.DoesNotExist:
raise PermissionDenied("Invalid election")
if request.zeususer.is_authenticated() and request.zeususer.is_voter:
return HttpResponseRedirect(
reverse('election_poll_index',
kwargs={
'election_uuid':
request.zeususer._user.poll.election.uuid,
'poll_uuid': request.zeususer._user.poll.uuid
}))
if request.zeususer.is_authenticated() and (
not request.zeususer.is_voter or \
request.zeususer._user.pk != voter.pk):
messages.error(
request,
_("You need to logout from your current account "
"to access this view."))
return HttpResponseRedirect(reverse('error', kwargs={'code': 403}))
if voter.voter_password != unicode(voter_secret):
raise PermissionDenied("Invalid secret")
if poll.oauth2_thirdparty:
oauth2 = poll.get_oauth2_module
if oauth2.type_id == 'google':
oauth2.set_login_hint(voter.voter_email)
poll.logger.info("[thirdparty] setting thirdparty voter " + \
"session data (%s, %s)",
voter.voter_email, voter.uuid)
request.session['oauth2_voter_email'] = voter.voter_email
request.session['oauth2_voter_uuid'] = voter.uuid
url = oauth2.get_code_url()
poll.logger.info("[thirdparty] code handshake from %s", url)
context = {'url': url}
tpl = 'voter_redirect'
return render_template(request, tpl, context)
elif poll.shibboleth_auth:
poll.logger.info("[thirdparty] shibboleth redirect for voter (%s, %s)",
voter.voter_email, voter.uuid)
constraints = poll.get_shibboleth_constraints()
endpoint = constraints.get('endpoint')
request.session['shibboleth_voter_email'] = voter.voter_email
request.session['shibboleth_voter_uuid'] = voter.uuid
url = auth.make_shibboleth_login_url(endpoint)
context = {'url': url}
tpl = 'voter_redirect'
return render_template(request, tpl, context)
else:
user = auth.ZeusUser(voter)
user.authenticate(request)
poll.logger.info("Poll voter '%s' logged in", voter.voter_login_id)
return HttpResponseRedirect(poll_reverse(poll, 'index'))
def shibboleth_login(request, endpoint):
voter_uuid = request.session.get('shibboleth_voter_uuid', None)
email = request.session.get('shibboleth_voter_email', None)
if voter_uuid is not None:
del request.session['shibboleth_voter_uuid']
if email is not None:
del request.session['shibboleth_voter_email']
if not all([voter_uuid, email]):
messages.error(request, _('Uninitialized shibboleth session.'))
return HttpResponseRedirect(reverse('error',
kwargs={'code': 400}))
voter = get_object_or_404(Voter, uuid=voter_uuid)
assert voter.voter_email == email
poll = voter.poll
constraints = poll.get_shibboleth_constraints()
common_fields = ['HTTP_EPPN', 'HTTP_REMOTE_USER', 'HTTP_MAIL']
meta = request.META
shibboleth = {}
for key, value in meta.items():
if key in common_fields:
shibboleth[key.replace('HTTP_', '', 1)] = value
if key.startswith('HTTP_SHIB_'):
shibboleth[key.replace('HTTP_SHIB_', '', 1)] = value
poll.logger.info("[thirdparty] Voter (%s, %s) shibboleth data: %r" % (voter.uuid, voter.voter_email, shibboleth))
error = False
if constraints.get('endpoint') != endpoint:
poll.logger.error('[thirdparty] invalid login endpoint %s', endpoint)
error = 403
messages.error(request, _("Invalid shibboleth endpoint"))
if not error:
for key in constraints.get('required_fields'):
if key not in shibboleth:
error = 403
poll.logger.error('[thirdparty] %s field not found in shibboleth data', key)
messages.error(request, _('Invalid shibboleth data resolved.'))
idp_field_key = constraints.get('assert_idp_key')
if not error and idp_field_key not in shibboleth:
error = 403
poll.logger.error('[thirdparty] %s field not found in shibboleth data', idp_field_key)
messages.error(request, _('Invalid shibboleth data resolved.'))
idp_field = None
voter_field = None
voter_field_key = None
if not error and idp_field_key in shibboleth:
idp_field = shibboleth[idp_field_key]
voter_field_key = constraints.get('assert_voter_key')
voter_field = getattr(voter, 'voter_%s' % voter_field_key, None)
if not error and voter_field is None:
error = 403
poll.logger.error('[thirdparty] invalid assert_voter_key set %s' % voter_field_key)
idp_field_arr = []
if idp_field and ":" in idp_field:
idp_field_arr = [x.strip() for x in idp_field.split(":")]
if (not error and not idp_field == voter_field) and (not error and voter_field not in idp_field_arr):
error = 403
err_fields = [idp_field, idp_field_key, voter_field_key, voter_field]
poll.logger.error('[thirdparty] assertion failed (%r=%s != %r=%s)', *err_fields)
messages.error(request, _('Shibboleth voter info assertion failed.'))
if error:
return HttpResponseRedirect(reverse('error',
kwargs={'code': error}))
else:
user = auth.ZeusUser(voter)
user.authenticate(request)
poll.logger.info("[thirdparty] Shibboleth login for %s", voter.voter_login_id)
poll.logger.info("Poll voter '%s' logged in", voter.voter_login_id)
return HttpResponseRedirect(poll_reverse(poll, 'index'))
