1 # Create your views here.
5 from django import forms
6 from django.views.decorators.csrf import csrf_exempt
7 from django.core import urlresolvers
8 from django.core import serializers
9 from django.contrib.auth.decorators import login_required
10 from django.http import HttpResponseRedirect, HttpResponseForbidden, HttpResponse
11 from django.shortcuts import get_object_or_404, render_to_response
12 from django.core.context_processors import request
13 from django.template.context import RequestContext
14 from django.template.loader import get_template, render_to_string
15 from django.utils import simplejson
16 from django.core.urlresolvers import reverse
17 from django.contrib import messages
18 from flowspy.accounts.models import *
20 from django.contrib.auth import authenticate, login
22 from django.forms.models import model_to_dict
24 from flowspy.flowspec.forms import *
25 from flowspy.flowspec.models import *
27 from copy import deepcopy
28 from flowspy.utils.decorators import shib_required
31 from django.views.decorators.cache import never_cache
32 from django.conf import settings
33 from django.core.mail import mail_admins, mail_managers, send_mail
36 def days_offset(): return datetime.date.today() + datetime.timedelta(days = settings.EXPIRATION_DAYS_OFFSET)
39 def user_routes(request):
40 user_routes = Route.objects.filter(applier=request.user)
41 return render_to_response('user_routes.html', {'routes': user_routes},
42 context_instance=RequestContext(request))
45 return render_to_response('welcome.html', context_instance=RequestContext(request))
49 def group_routes(request):
51 peer = request.user.get_profile().peer
53 peer_members = UserProfile.objects.filter(peer=peer)
54 users = [prof.user for prof in peer_members]
55 group_routes = Route.objects.filter(applier__in=users)
56 return render_to_response('user_routes.html', {'routes': group_routes},
57 context_instance=RequestContext(request))
62 def add_route(request):
63 applier = request.user.pk
64 applier_peer_networks = request.user.get_profile().peer.networks.all()
65 if not applier_peer_networks:
66 messages.add_message(request, messages.WARNING,
67 "Insufficient rights on administrative networks. Cannot add rule. Contact your administrator")
68 return HttpResponseRedirect(reverse("group-routes"))
69 if request.method == "GET":
71 return render_to_response('apply.html', {'form': form, 'applier': applier},
72 context_instance=RequestContext(request))
75 form = RouteForm(request.POST)
77 route=form.save(commit=False)
78 route.applier = request.user
79 route.expires = days_offset()
80 route.status = "PENDING"
84 mail_body = render_to_string("rule_add_mail.txt",
86 mail_admins("Rule %s creation request submitted by %s" %(route.name, route.applier.username),
87 mail_body, fail_silently=True)
88 return HttpResponseRedirect(reverse("group-routes"))
90 return render_to_response('apply.html', {'form': form, 'applier':applier},
91 context_instance=RequestContext(request))
95 def add_then(request):
96 applier = request.user.pk
97 if request.method == "GET":
99 return render_to_response('apply.html', {'form': form, 'applier': applier},
100 context_instance=RequestContext(request))
103 form = RouteForm(request.POST)
105 route=form.save(commit=False)
106 route.applier = request.user
107 route.expires = days_offset()
111 return HttpResponseRedirect(reverse("group-routes"))
113 return render_to_response('apply.html', {'form': form, 'applier':applier},
114 context_instance=RequestContext(request))
118 def edit_route(request, route_slug):
119 applier = request.user.pk
120 applier_peer = request.user.get_profile().peer
121 route_edit = get_object_or_404(Route, name=route_slug)
122 route_edit_applier_peer = route_edit.applier.get_profile().peer
123 if applier_peer != route_edit_applier_peer:
124 messages.add_message(request, messages.WARNING,
125 "Insufficient rights to edit rule %s" %(route_slug))
126 return HttpResponseRedirect(reverse("group-routes"))
127 if route_edit.status == "ADMININACTIVE" :
128 messages.add_message(request, messages.WARNING,
129 "Administrator has disabled editing of rule %s" %(route_slug))
130 return HttpResponseRedirect(reverse("group-routes"))
131 if route_edit.status == "EXPIRED" :
132 messages.add_message(request, messages.WARNING,
133 "Cannot edit the expired rule %s. Contact helpdesk to enable it" %(route_slug))
134 return HttpResponseRedirect(reverse("group-routes"))
135 if route_edit.status == "PENDING" :
136 messages.add_message(request, messages.WARNING,
137 "Cannot edit a pending rule: %s." %(route_slug))
138 return HttpResponseRedirect(reverse("group-routes"))
139 route_original = deepcopy(route_edit)
141 form = RouteForm(request.POST, instance = route_edit)
143 route=form.save(commit=False)
144 route.name = route_original.name
145 route.applier = request.user
146 route.expires = route_original.expires
147 route.status = "PENDING"
151 mail_body = render_to_string("rule_edit_mail.txt",
153 mail_admins("Rule %s edit request submitted by %s" %(route.name, route.applier.username),
154 mail_body, fail_silently=True)
155 return HttpResponseRedirect(reverse("group-routes"))
157 return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier},
158 context_instance=RequestContext(request))
160 dictionary = model_to_dict(route_edit, fields=[], exclude=[])
161 #form = RouteForm(instance=route_edit)
162 form = RouteForm(dictionary)
163 return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier},
164 context_instance=RequestContext(request))
168 def delete_route(request, route_slug):
169 if request.is_ajax():
170 route = get_object_or_404(Route, name=route_slug)
171 applier_peer = route.applier.get_profile().peer
172 requester_peer = request.user.get_profile().peer
173 if applier_peer == requester_peer:
174 route.status = "PENDING"
175 route.commit_delete()
176 mail_body = render_to_string("rule_delete_mail.txt",
178 mail_admins("Rule %s removal request submitted by %s" %(route.name, route.applier.username),
179 mail_body, fail_silently=True)
180 html = "<html><body>Done</body></html>"
181 return HttpResponse(html)
183 return HttpResponseRedirect(reverse("group-routes"))
187 def user_profile(request):
189 peer = request.user.get_profile().peer
191 return render_to_response('profile.html', {'user': user, 'peer':peer},
192 context_instance=RequestContext(request))
195 def user_login(request):
197 error_username = None
199 error_affiliation = None
201 username = request.META['HTTP_EPPN']
203 error_username = True
204 firstname = request.META['HTTP_SHIB_INETORGPERSON_GIVENNAME']
205 lastname = request.META['HTTP_SHIB_PERSON_SURNAME']
206 mail = request.META['HTTP_SHIB_INETORGPERSON_MAIL']
207 organization = request.META['HTTP_SHIB_HOMEORGANIZATION']
208 affiliation = request.META['HTTP_SHIB_EP_ENTITLEMENT']
209 if settings.SHIB_AUTH_AFFILIATION in affiliation.split(";"):
210 has_affiliation = True
211 if not has_affiliation:
212 error_affiliation = True
216 error = "Your idP should release the HTTP_EPPN attribute towards this service\n"
218 error = error + "Your idP should release the HTTP_SHIB_HOMEORGANIZATION attribute towards this service\n"
219 if error_affiliation:
220 error = error + "Your idP should release an appropriate HTTP_SHIB_EP_ENTITLEMENT attribute towards this service"
221 if error_username or error_orgname or error_affiliation:
222 return render_to_response('error.html', {'error': error,},
223 context_instance=RequestContext(request))
224 user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail, organization=organization, affiliation=affiliation)
227 update_user_attributes(user, firstname=firstname, lastname=lastname, mail=mail)
228 return HttpResponseRedirect(reverse("group-routes"))
229 # Redirect to a success page.
230 # Return a 'disabled account' error message
232 error = "Something went wrong during user authentication. Contact your administrator"
233 return render_to_response('error.html', {'error': error,},
234 context_instance=RequestContext(request))
235 except Exception as e:
236 error = "Invalid login procedure"
237 return render_to_response('error.html', {'error': error,},
238 context_instance=RequestContext(request))
239 # Return an 'invalid login' error message.
240 # return HttpResponseRedirect(reverse("user-routes"))
244 def add_rate_limit(request):
245 if request.method == "GET":
246 form = ThenPlainForm()
247 return render_to_response('add_rate_limit.html', {'form': form,},
248 context_instance=RequestContext(request))
251 form = ThenPlainForm(request.POST)
253 then=form.save(commit=False)
254 then.action_value = "%sk"%then.action_value
257 response_data['pk'] = "%s" %then.pk
258 response_data['value'] = "%s:%s" %(then.action, then.action_value)
259 return HttpResponse(simplejson.dumps(response_data), mimetype='application/json')
261 return render_to_response('add_rate_limit.html', {'form': form,},
262 context_instance=RequestContext(request))
264 def update_user_attributes(user, firstname, lastname, mail):
265 user.first_name = firstname
266 user.last_name = lastname
272 def add_port(request):
273 if request.method == "GET":
274 form = PortPlainForm()
275 return render_to_response('add_port.html', {'form': form,},
276 context_instance=RequestContext(request))
279 form = PortPlainForm(request.POST)
283 response_data['value'] = "%s" %port.pk
284 response_data['text'] = "%s" %port.port
285 return HttpResponse(simplejson.dumps(response_data), mimetype='application/json')
287 return render_to_response('add_port.html', {'form': form,},
288 context_instance=RequestContext(request))
292 def user_logout(request):
293 return HttpResponseRedirect(settings.SHIB_LOGOUT_URL)
296 def load_jscript(request, file):
297 return render_to_response('%s.js' % file, context_instance=RequestContext(request), mimetype="text/javascript")