projects / flowspy / blob
? search:


1502e6123df5510f163140541cfeb27838a43ad1
[flowspy] / flowspec / views.py
1 # Create your views here.
2 import urllib2
3 import socket
4 import json
5 from django import forms
6 from django.views.decorators.csrf import csrf_exempt
7 from django.core import urlresolvers
8 from django.core import serializers
9 from django.contrib.auth.decorators import login_required
10 from django.contrib.auth import logout
11 from django.contrib.sites.models import Site
12 from django.contrib.auth.models import User
13 from django.http import HttpResponseRedirect, HttpResponseForbidden, HttpResponse
14 from django.shortcuts import get_object_or_404, render_to_response
15 from django.core.context_processors import request
16 from django.template.context import RequestContext
17 from django.template.loader import get_template, render_to_string
18 from django.core.urlresolvers import reverse
19 from django.contrib import messages
20 from flowspy.accounts.models import *
21 from ipaddr import *
22
23 from django.contrib.auth import authenticate, login
24
25 from django.forms.models import model_to_dict
26
27 from flowspy.flowspec.forms import * 
28 from flowspy.flowspec.models import *
29 from flowspy.peers.models import *
30
31 from registration.models import RegistrationProfile
32
33 from copy import deepcopy
34 from flowspy.utils.decorators import shib_required
35
36 from django.views.decorators.cache import never_cache
37 from django.conf import settings
38 from django.core.mail.message import EmailMessage
39 import datetime
40 import os
41
42 LOG_FILENAME = os.path.join(settings.LOG_FILE_LOCATION, 'celery_jobs.log')
43 #FORMAT = '%(asctime)s %(levelname)s: %(message)s'
44 #logging.basicConfig(format=FORMAT)
45 formatter = logging.Formatter('%(asctime)s %(levelname)s %(clientip)s %(user)s: %(message)s')
46
47 logger = logging.getLogger(__name__)
48 logger.setLevel(logging.DEBUG)
49 handler = logging.FileHandler(LOG_FILENAME)
50 handler.setFormatter(formatter)
51 logger.addHandler(handler)
52
53 @login_required
54 def user_routes(request):
55     user_routes = Route.objects.filter(applier=request.user)
56     return render_to_response('user_routes.html', {'routes': user_routes},
57                               context_instance=RequestContext(request))
58
59 def welcome(request):
60     return render_to_response('welcome.html', context_instance=RequestContext(request))
61
62 @login_required
63 @never_cache
64 def group_routes(request):
65     group_routes = []
66     peer = request.user.get_profile().peer
67     if peer:
68        peer_members = UserProfile.objects.filter(peer=peer)
69        users = [prof.user for prof in peer_members]
70        group_routes = Route.objects.filter(applier__in=users)
71     return render_to_response('user_routes.html', {'routes': group_routes},
72                               context_instance=RequestContext(request))
73
74
75 @login_required
76 @never_cache
77 def add_route(request):
78     applier = request.user.pk
79     applier_peer_networks = request.user.get_profile().peer.networks.all()
80     if not applier_peer_networks:
81          messages.add_message(request, messages.WARNING,
82                              "Insufficient rights on administrative networks. Cannot add rule. Contact your administrator")
83          return HttpResponseRedirect(reverse("group-routes"))
84     if request.method == "GET":
85         form = RouteForm()
86         if not request.user.is_superuser:
87             form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True)
88             form.fields['protocol'] = forms.ModelMultipleChoiceField(queryset=MatchProtocol.objects.filter(protocol__in=settings.UI_USER_PROTOCOLS).order_by('protocol'), required=False)
89         return render_to_response('apply.html', {'form': form, 'applier': applier},
90                                   context_instance=RequestContext(request))
91
92     else:
93         form = RouteForm(request.POST)
94         if form.is_valid():
95             route=form.save(commit=False)
96             route.applier = request.user
97             route.status = "PENDING"
98             route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed
99             route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed
100             route.save()
101             form.save_m2m()
102             route.commit_add()
103             requesters_address = request.META['HTTP_X_FORWARDED_FOR']
104             mail_body = render_to_string("rule_add_mail.txt",
105                                              {"route": route, "address": requesters_address})
106             user_mail = "%s" %route.applier.email
107             user_mail = user_mail.split(';')
108             send_new_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s creation request submitted by %s" %(route.name, route.applier.username),
109                               mail_body, settings.SERVER_EMAIL, user_mail,
110                               get_peer_techc_mails(route.applier))
111             d = { 'clientip' : "%s"%requesters_address, 'user' : route.applier.username }
112             logger.info(mail_body, extra=d)
113             return HttpResponseRedirect(reverse("group-routes"))
114         else:
115             return render_to_response('apply.html', {'form': form, 'applier':applier},
116                                       context_instance=RequestContext(request))
117
118 @login_required
119 @never_cache
120 def edit_route(request, route_slug):
121     applier = request.user.pk
122     applier_peer = request.user.get_profile().peer
123     route_edit = get_object_or_404(Route, name=route_slug)
124     route_edit_applier_peer = route_edit.applier.get_profile().peer
125     if applier_peer != route_edit_applier_peer:
126         messages.add_message(request, messages.WARNING,
127                              "Insufficient rights to edit rule %s" %(route_slug))
128         return HttpResponseRedirect(reverse("group-routes"))
129 #    if route_edit.status == "ADMININACTIVE" :
130 #        messages.add_message(request, messages.WARNING,
131 #                             "Administrator has disabled editing of rule %s" %(route_slug))
132 #        return HttpResponseRedirect(reverse("group-routes"))
133 #    if route_edit.status == "EXPIRED" :
134 #        messages.add_message(request, messages.WARNING,
135 #                             "Cannot edit the expired rule %s. Contact helpdesk to enable it" %(route_slug))
136 #        return HttpResponseRedirect(reverse("group-routes"))
137     if route_edit.status == "PENDING" :
138         messages.add_message(request, messages.WARNING,
139                              "Cannot edit a pending rule: %s." %(route_slug))
140         return HttpResponseRedirect(reverse("group-routes"))
141     route_original = deepcopy(route_edit)
142     if request.POST:
143         form = RouteForm(request.POST, instance = route_edit)
144         if form.is_valid():
145             route=form.save(commit=False)
146             route.name = route_original.name
147             route.applier = request.user
148             route.status = "PENDING"
149             route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed
150             route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed
151             route.save()
152             form.save_m2m()
153             route.commit_edit()
154             requesters_address = request.META['HTTP_X_FORWARDED_FOR']
155             mail_body = render_to_string("rule_edit_mail.txt",
156                                              {"route": route, "address": requesters_address})
157             user_mail = "%s" %route.applier.email
158             user_mail = user_mail.split(';')
159             send_new_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s edit request submitted by %s" %(route.name, route.applier.username),
160                               mail_body, settings.SERVER_EMAIL, user_mail,
161                               get_peer_techc_mails(route.applier))
162             d = { 'clientip' : requesters_address, 'user' : route.applier.username }
163             logger.info(mail_body, extra=d)
164             return HttpResponseRedirect(reverse("group-routes"))
165         else:
166             return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier},
167                                       context_instance=RequestContext(request))
168     else:
169         dictionary = model_to_dict(route_edit, fields=[], exclude=[])
170         #form = RouteForm(instance=route_edit)
171         form = RouteForm(dictionary)
172         if not request.user.is_superuser:
173             form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True)
174             form.fields['protocol'] = forms.ModelMultipleChoiceField(queryset=MatchProtocol.objects.filter(protocol__in=settings.UI_USER_PROTOCOLS).order_by('protocol'), required=False)
175         return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier},
176                                   context_instance=RequestContext(request))
177
178 @login_required
179 @never_cache
180 def delete_route(request, route_slug):
181     if request.is_ajax():
182         route = get_object_or_404(Route, name=route_slug)
183         applier_peer = route.applier.get_profile().peer
184         requester_peer = request.user.get_profile().peer
185         if applier_peer == requester_peer:
186             route.status = "PENDING"
187             route.expires = datetime.date.today()
188             route.applier = request.user
189             route.save()
190             route.commit_delete()
191             requesters_address = request.META['HTTP_X_FORWARDED_FOR']
192             mail_body = render_to_string("rule_delete_mail.txt",
193                                              {"route": route, "address": requesters_address})
194             user_mail = "%s" %route.applier.email
195             user_mail = user_mail.split(';')
196             send_new_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s removal request submitted by %s" %(route.name, route.applier.username), 
197                               mail_body, settings.SERVER_EMAIL, user_mail,
198                              get_peer_techc_mails(route.applier))
199             d = { 'clientip' : requesters_address, 'user' : route.applier.username }
200             logger.info(mail_body, extra=d)            
201         html = "<html><body>Done</body></html>"
202         return HttpResponse(html)
203     else:
204         return HttpResponseRedirect(reverse("group-routes"))
205
206 @login_required
207 @never_cache
208 def user_profile(request):
209     user = request.user
210     peer = request.user.get_profile().peer
211     
212     return render_to_response('profile.html', {'user': user, 'peer':peer},
213                                   context_instance=RequestContext(request))
214
215 @never_cache
216 def user_login(request):
217     try:
218         error_username = False
219         error_orgname = False
220         error_entitlement = False
221         error_mail = False
222         has_entitlement = False
223         error = ''
224         username = request.META['HTTP_EPPN']
225         if not username:
226             error_username = True
227         firstname = request.META['HTTP_SHIB_INETORGPERSON_GIVENNAME']
228         lastname = request.META['HTTP_SHIB_PERSON_SURNAME']
229         mail = request.META['HTTP_SHIB_INETORGPERSON_MAIL']
230         organization = request.META['HTTP_SHIB_HOMEORGANIZATION']
231         entitlement = request.META['HTTP_SHIB_EP_ENTITLEMENT']
232         if settings.SHIB_AUTH_ENTITLEMENT in entitlement.split(";"):
233             has_entitlement = True
234         if not has_entitlement:
235             error_entitlement = True
236         if not organization:
237             error_orgname = True
238         if not mail:
239             error_mail = True
240         if error_username:
241             error = "Your idP should release the HTTP_EPPN attribute towards this service<br>"
242         if error_orgname:
243             error = error + "Your idP should release the HTTP_SHIB_HOMEORGANIZATION attribute towards this service<br>"
244         if error_entitlement:
245             error = error + "Your idP should release an appropriate HTTP_SHIB_EP_ENTITLEMENT attribute towards this service<br>"
246         if error_mail:
247             error = error + "Your idP should release the HTTP_SHIB_INETORGPERSON_MAIL attribute towards this service"
248         if error_username or error_orgname or error_entitlement or error_mail:
249             return render_to_response('error.html', {'error': error, "missing_attributes": True},
250                                   context_instance=RequestContext(request))
251         try:
252             user = User.objects.get(username__exact=username)
253             user_exists = True
254         except:
255             user_exists = False
256         user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail)
257         if user is not None:
258             try:
259                 peer = Peer.objects.get(domain_name=organization)
260                 up = UserProfile.objects.get_or_create(user=user,peer=peer)
261             except:
262                 error = "Your organization's domain name does not match our peers' domain names<br>Please contact Helpdesk to resolve this issue"
263                 return render_to_response('error.html', {'error': error})
264             if not user_exists:
265                 user_activation_notify(user)
266             if user.is_active:
267                login(request, user)
268                return HttpResponseRedirect(reverse("group-routes"))
269             else:
270                 error = "User account <strong>%s</strong> is pending activation. Administrators have been notified and will activate this account within the next days. <br>If this account has remained inactive for a long time contact your technical coordinator or GRNET Helpdesk" %user.username
271                 return render_to_response('error.html', {'error': error, 'inactive': True},
272                                   context_instance=RequestContext(request))
273         else:
274             error = "Something went wrong during user authentication. Contact your administrator"
275             return render_to_response('error.html', {'error': error,},
276                                   context_instance=RequestContext(request))
277     except Exception:
278         error = "Invalid login procedure"
279         return render_to_response('error.html', {'error': error,},
280                                   context_instance=RequestContext(request))
281         # Return an 'invalid login' error message.
282 #    return HttpResponseRedirect(reverse("user-routes"))
283
284 def user_activation_notify(user):
285     current_site = Site.objects.get_current()
286     subject = render_to_string('registration/activation_email_subject.txt',
287                                    { 'site': current_site })
288     # Email subject *must not* contain newlines
289     subject = ''.join(subject.splitlines())
290     registration_profile = RegistrationProfile.objects.create_profile(user)
291     message = render_to_string('registration/activation_email.txt',
292                                    { 'activation_key': registration_profile.activation_key,
293                                      'expiration_days': settings.ACCOUNT_ACTIVATION_DAYS,
294                                      'site': current_site,
295                                      'user': user })
296     send_new_mail(settings.EMAIL_SUBJECT_PREFIX + subject, 
297                               message, settings.SERVER_EMAIL,
298                              get_peer_techc_mails(user), [])
299
300 @login_required
301 @never_cache
302 def add_rate_limit(request):
303     if request.method == "GET":
304         form = ThenPlainForm()
305         return render_to_response('add_rate_limit.html', {'form': form,},
306                                   context_instance=RequestContext(request))
307
308     else:
309         form = ThenPlainForm(request.POST)
310         if form.is_valid():
311             then=form.save(commit=False)
312             then.action_value = "%sk"%then.action_value
313             then.save()
314             response_data = {}
315             response_data['pk'] = "%s" %then.pk
316             response_data['value'] = "%s:%s" %(then.action, then.action_value)
317             return HttpResponse(json.dumps(response_data), mimetype='application/json')
318         else:
319             return render_to_response('add_rate_limit.html', {'form': form,},
320                                       context_instance=RequestContext(request))
321
322 @login_required
323 @never_cache
324 def add_port(request):
325     if request.method == "GET":
326         form = PortPlainForm()
327         return render_to_response('add_port.html', {'form': form,},
328                                   context_instance=RequestContext(request))
329
330     else:
331         form = PortPlainForm(request.POST)
332         if form.is_valid():
333             port=form.save()
334             response_data = {}
335             response_data['value'] = "%s" %port.pk
336             response_data['text'] = "%s" %port.port
337             return HttpResponse(json.dumps(response_data), mimetype='application/json')
338         else:
339             return render_to_response('add_port.html', {'form': form,},
340                                       context_instance=RequestContext(request))
341
342 @login_required
343 @never_cache
344 def user_logout(request):
345     logout(request)
346     return HttpResponseRedirect(reverse('group-routes'))
347     
348 @never_cache
349 def load_jscript(request, file):
350     long_polling_timeout = int(settings.POLL_SESSION_UPDATE)*1000 + 10000
351     return render_to_response('%s.js' % file, {'timeout': long_polling_timeout}, context_instance=RequestContext(request), mimetype="text/javascript")
352
353
354 def get_peer_techc_mails(user):
355     mail = []
356     additional_mail = []
357     techmails_list = []
358     user_mail = "%s" %user.email
359     user_mail = user_mail.split(';')
360     techmails = user.get_profile().peer.techc_emails.all()
361     if techmails:
362         for techmail in techmails:
363             techmails_list.append(techmail.email)
364     if settings.NOTIFY_ADMIN_MAILS:
365         additional_mail = settings.NOTIFY_ADMIN_MAILS
366 #    mail.extend(user_mail)
367     mail.extend(additional_mail)
368     mail.extend(techmails_list)
369     return mail
370
371
372 def send_new_mail(subject, message, from_email, recipient_list, bcc_list):
373     return EmailMessage(subject, message, from_email, recipient_list, bcc_list).send()
374
Unnamed repository; edit this file 'description' to name the repository.