1 # Copyright 2011-2012 GRNET S.A. All rights reserved.
3 # Redistribution and use in source and binary forms, with or
4 # without modification, are permitted provided that the following
7 # 1. Redistributions of source code must retain the above
8 # copyright notice, this list of conditions and the following
11 # 2. Redistributions in binary form must reproduce the above
12 # copyright notice, this list of conditions and the following
13 # disclaimer in the documentation and/or other materials
14 # provided with the distribution.
16 # THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
17 # OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19 # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
20 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
21 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
22 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
23 # USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
24 # AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
26 # ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 # POSSIBILITY OF SUCH DAMAGE.
29 # The views and conclusions contained in the software and
30 # documentation are those of the authors and should not be
31 # interpreted as representing official policies, either expressed
32 # or implied, of GRNET S.A.
34 from django.http import HttpResponseBadRequest
35 from django.utils.translation import ugettext as _
36 from django.contrib import messages
37 from django.template import RequestContext
38 from django.views.decorators.http import require_http_methods
39 from django.db.models import Q
40 from django.core.exceptions import ValidationError
41 from django.http import HttpResponseRedirect
42 from django.core.urlresolvers import reverse
43 from urlparse import urlunsplit, urlsplit
44 from django.utils.http import urlencode
46 from astakos.im.util import prepare_response, get_context, get_invitation
47 from astakos.im.views import requires_anonymous, render_response
48 from astakos.im.settings import ENABLE_LOCAL_ACCOUNT_MIGRATION, BASEURL
50 from astakos.im.models import AstakosUser, PendingThirdPartyUser
51 from astakos.im.forms import LoginForm
52 from astakos.im.activation_backends import get_backend, SimpleBackend
56 logger = logging.getLogger(__name__)
59 # these are mapped by the Shibboleth SP software
60 SHIB_EPPN = "HTTP_EPPN" # eduPersonPrincipalName
61 SHIB_NAME = "HTTP_SHIB_INETORGPERSON_GIVENNAME"
62 SHIB_SURNAME = "HTTP_SHIB_PERSON_SURNAME"
63 SHIB_CN = "HTTP_SHIB_PERSON_COMMONNAME"
64 SHIB_DISPLAYNAME = "HTTP_SHIB_INETORGPERSON_DISPLAYNAME"
65 SHIB_EP_AFFILIATION = "HTTP_SHIB_EP_AFFILIATION"
66 SHIB_SESSION_ID = "HTTP_SHIB_SESSION_ID"
67 SHIB_MAIL = "HTTP_SHIB_MAIL"
69 @require_http_methods(["GET", "POST"])
73 on_login_template='im/login.html',
74 on_signup_template='im/third_party_check_local.html',
77 extra_context = extra_context or {}
82 eppn = tokens[Tokens.SHIB_EPPN]
84 return HttpResponseBadRequest("Missing unique token in request")
86 if Tokens.SHIB_DISPLAYNAME in tokens:
87 realname = tokens[Tokens.SHIB_DISPLAYNAME]
88 elif Tokens.SHIB_CN in tokens:
89 realname = tokens[Tokens.SHIB_CN]
90 elif Tokens.SHIB_NAME in tokens and Tokens.SHIB_SURNAME in tokens:
91 realname = tokens[Tokens.SHIB_NAME] + ' ' + tokens[Tokens.SHIB_SURNAME]
93 return HttpResponseBadRequest("Missing user name in request")
95 affiliation = tokens.get(Tokens.SHIB_EP_AFFILIATION, '')
96 email = tokens.get(Tokens.SHIB_MAIL, '')
99 user = AstakosUser.objects.get(
100 provider='shibboleth',
101 third_party_identifier=eppn
104 return prepare_response(request,
106 request.GET.get('next'),
107 'renew' in request.GET)
109 message = _('Inactive account')
110 messages.add_message(request, messages.ERROR, message)
111 return render_response(on_login_template,
112 login_form = LoginForm(request=request),
113 context_instance=RequestContext(request))
114 except AstakosUser.DoesNotExist, e:
117 user, created = PendingThirdPartyUser.objects.get_or_create(
118 third_party_identifier=eppn,
119 provider='shibboleth',
122 affiliation=affiliation,
127 except BaseException, e:
129 template = on_login_template
130 extra_context['login_form'] = LoginForm(request=request)
131 messages.error(request, _('Something went wrong.'))
133 if not ENABLE_LOCAL_ACCOUNT_MIGRATION:
135 'astakos.im.target.shibboleth.signup'
137 parts = list(urlsplit(url))
138 parts[3] = urlencode({'key': user.username})
139 url = urlunsplit(parts)
140 return HttpResponseRedirect(url)
142 template = on_signup_template
143 extra_context['key'] = user.username
145 extra_context['provider']='shibboleth'
146 return render_response(
148 context_instance=get_context(request, extra_context)
151 @require_http_methods(["GET"])
156 on_creation_template='im/third_party_registration.html',
159 extra_context = extra_context or {}
160 username = request.GET.get('key')
162 return HttpResponseBadRequest(_('Missing key parameter.'))
164 pending = PendingThirdPartyUser.objects.get(username=username)
165 except BaseException, e:
167 return HttpResponseBadRequest(_('Invalid key.'))
170 d.pop('_state', None)
172 user = AstakosUser(**d)
174 backend = backend or get_backend(request)
175 except ImproperlyConfigured, e:
176 messages.error(request, e)
178 extra_context['form'] = backend.get_signup_form(
179 provider='shibboleth',
182 extra_context['provider']='shibboleth'
183 return render_response(
184 on_creation_template,
185 context_instance=get_context(request, extra_context)