Special handling for login failure messages

[astakos] / snf-astakos-app / astakos / im / target / shibboleth.py

# Copyright 2011-2012 GRNET S.A. All rights reserved.
# 
# Redistribution and use in source and binary forms, with or
# without modification, are permitted provided that the following
# conditions are met:
# 
#   1. Redistributions of source code must retain the above
#      copyright notice, this list of conditions and the following
#      disclaimer.
# 
#   2. Redistributions in binary form must reproduce the above
#      copyright notice, this list of conditions and the following
#      disclaimer in the documentation and/or other materials
#      provided with the distribution.
# 
# THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
# OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
# AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
# ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
# 
# The views and conclusions contained in the software and
# documentation are those of the authors and should not be
# interpreted as representing official policies, either expressed
# or implied, of GRNET S.A.

from django.http import HttpResponseBadRequest
from django.utils.translation import ugettext as _
from django.contrib import messages
from django.template import RequestContext
from django.views.decorators.http import require_http_methods
from django.db.models import Q
from django.core.exceptions import ValidationError
from django.http import HttpResponseRedirect
from django.core.urlresolvers import reverse
from urlparse import urlunsplit, urlsplit
from django.utils.http import urlencode

from astakos.im.util import prepare_response, get_context, get_invitation
from astakos.im.views import requires_anonymous, render_response
from astakos.im.settings import ENABLE_LOCAL_ACCOUNT_MIGRATION, BASEURL

from astakos.im.models import AstakosUser, PendingThirdPartyUser
from astakos.im.forms import LoginForm
from astakos.im.activation_backends import get_backend, SimpleBackend

import logging

logger = logging.getLogger(__name__)

class Tokens:
    # these are mapped by the Shibboleth SP software
    SHIB_EPPN = "HTTP_EPPN" # eduPersonPrincipalName
    SHIB_NAME = "HTTP_SHIB_INETORGPERSON_GIVENNAME"
    SHIB_SURNAME = "HTTP_SHIB_PERSON_SURNAME"
    SHIB_CN = "HTTP_SHIB_PERSON_COMMONNAME"
    SHIB_DISPLAYNAME = "HTTP_SHIB_INETORGPERSON_DISPLAYNAME"
    SHIB_EP_AFFILIATION = "HTTP_SHIB_EP_AFFILIATION"
    SHIB_SESSION_ID = "HTTP_SHIB_SESSION_ID"
    SHIB_MAIL = "HTTP_SHIB_MAIL"

@require_http_methods(["GET", "POST"])
@requires_anonymous
def login(
    request,
    login_template='im/login.html',
    signup_template='im/third_party_check_local.html',
    extra_context=None
):
    extra_context = extra_context or {}

    tokens = request.META
    
    try:
        eppn = tokens.get(Tokens.SHIB_EPPN)
        if not eppn:
            raise KeyError(_('Missing unique token in request'))
        if Tokens.SHIB_DISPLAYNAME in tokens:
            realname = tokens[Tokens.SHIB_DISPLAYNAME]
        elif Tokens.SHIB_CN in tokens:
            realname = tokens[Tokens.SHIB_CN]
        elif Tokens.SHIB_NAME in tokens and Tokens.SHIB_SURNAME in tokens:
            realname = tokens[Tokens.SHIB_NAME] + ' ' + tokens[Tokens.SHIB_SURNAME]
        else:
            raise KeyError(_('Missing user name in request'))
    except KeyError, e:
        extra_context['login_form'] = LoginForm(request=request)
        messages.error(request, e)
        return render_response(
            login_template,
            context_instance=get_context(request, extra_context)
        )
    
    affiliation = tokens.get(Tokens.SHIB_EP_AFFILIATION, '')
    email = tokens.get(Tokens.SHIB_MAIL, '')
    
    try:
        user = AstakosUser.objects.get(
            provider='shibboleth',
            third_party_identifier=eppn
        )
        if user.is_active:
            return prepare_response(request,
                                    user,
                                    request.GET.get('next'),
                                    'renew' in request.GET)
        elif not user.activation_sent:
            message = _('Your request is pending activation')
            messages.error(request, message)
        else:
            url = reverse('send_activation', kwargs={'user_id':user.id})
            message = _('You have not followed the activation link. \
            <a href="%s">Provide new email?</a>' % url)
            messages.error(request, message)
        return render_response(login_template,
                               login_form = LoginForm(request=request),
                               context_instance=RequestContext(request))
    except AstakosUser.DoesNotExist, e:
        # First time
        try:
            user, created = PendingThirdPartyUser.objects.get_or_create(
                third_party_identifier=eppn,
                provider='shibboleth',
                defaults=dict(
                    realname=realname,
                    affiliation=affiliation,
                    email=email
                )
            )
            user.save()
        except BaseException, e:
            logger.exception(e)
            template = login_template
            extra_context['login_form'] = LoginForm(request=request)
            messages.error(request, _('Something went wrong.'))
        else:
            if not ENABLE_LOCAL_ACCOUNT_MIGRATION:
                url = reverse(
                    'astakos.im.target.shibboleth.signup'
                )
                parts = list(urlsplit(url))
                parts[3] = urlencode({'key': user.username})
                url = urlunsplit(parts)
                return HttpResponseRedirect(url)
            else:
                template = signup_template
                extra_context['key'] = user.username
        
        extra_context['provider']='shibboleth'
        return render_response(
            template,
            context_instance=get_context(request, extra_context)
        )

@require_http_methods(["GET"])
@requires_anonymous
def signup(
    request,
    backend=None,
    on_creation_template='im/third_party_registration.html',
    extra_context=None
):
    extra_context = extra_context or {}
    username = request.GET.get('key')
    if not username:
        return HttpResponseBadRequest(_('Missing key parameter.'))
    try:
        pending = PendingThirdPartyUser.objects.get(username=username)
    except BaseException, e:
        logger.exception(e)
        return HttpResponseBadRequest(_('Invalid key.'))
    else:
        d = pending.__dict__
        d.pop('_state', None)
        d.pop('id', None)
        user = AstakosUser(**d)
        try:
            backend = backend or get_backend(request)
        except ImproperlyConfigured, e:
            messages.error(request, e)
        else:
            extra_context['form'] = backend.get_signup_form(
                provider='shibboleth',
                instance=user
            )
    extra_context['provider']='shibboleth'
    return render_response(
            on_creation_template,
            context_instance=get_context(request, extra_context)
    )