projects / flowspy / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Moved user update info into middleware
[flowspy] / flowspec / views.py
1 # Create your views here.
2 import urllib2
3 import socket
4 import json
5 from django import forms
6 from django.views.decorators.csrf import csrf_exempt
7 from django.core import urlresolvers
8 from django.core import serializers
9 from django.contrib.auth.decorators import login_required
10 from django.contrib.auth import logout
11 from django.http import HttpResponseRedirect, HttpResponseForbidden, HttpResponse
12 from django.shortcuts import get_object_or_404, render_to_response
13 from django.core.context_processors import request
14 from django.template.context import RequestContext
15 from django.template.loader import get_template, render_to_string
16 from django.utils import simplejson
17 from django.core.urlresolvers import reverse
18 from django.contrib import messages
19 from flowspy.accounts.models import *
20 from ipaddr import *
21
22 from django.contrib.auth import authenticate, login
23
24 from django.forms.models import model_to_dict
25
26 from flowspy.flowspec.forms import * 
27 from flowspy.flowspec.models import *
28
29 from copy import deepcopy
30 from flowspy.utils.decorators import shib_required
31
32 from django.views.decorators.cache import never_cache
33 from django.conf import settings
34 from django.core.mail import mail_admins, mail_managers, send_mail
35 import datetime
36 import os
37
38 LOG_FILENAME = os.path.join(settings.LOG_FILE_LOCATION, 'celery_jobs.log')
39 #FORMAT = '%(asctime)s %(levelname)s: %(message)s'
40 #logging.basicConfig(format=FORMAT)
41 formatter = logging.Formatter('%(asctime)s %(levelname)s %(clientip)s %(user)s: %(message)s')
42
43 logger = logging.getLogger(__name__)
44 logger.setLevel(logging.DEBUG)
45 handler = logging.FileHandler(LOG_FILENAME)
46 handler.setFormatter(formatter)
47 logger.addHandler(handler)
48
49 @login_required
50 def user_routes(request):
51     user_routes = Route.objects.filter(applier=request.user)
52     return render_to_response('user_routes.html', {'routes': user_routes},
53                               context_instance=RequestContext(request))
54
55 def welcome(request):
56     return render_to_response('welcome.html', context_instance=RequestContext(request))
57
58 @login_required
59 @never_cache
60 def group_routes(request):
61     group_routes = []
62     peer = request.user.get_profile().peer
63     if peer:
64        peer_members = UserProfile.objects.filter(peer=peer)
65        users = [prof.user for prof in peer_members]
66        group_routes = Route.objects.filter(applier__in=users)
67     return render_to_response('user_routes.html', {'routes': group_routes},
68                               context_instance=RequestContext(request))
69
70
71 @login_required
72 @never_cache
73 def add_route(request):
74     applier = request.user.pk
75     applier_peer_networks = request.user.get_profile().peer.networks.all()
76     if not applier_peer_networks:
77          messages.add_message(request, messages.WARNING,
78                              "Insufficient rights on administrative networks. Cannot add rule. Contact your administrator")
79          return HttpResponseRedirect(reverse("group-routes"))
80     if request.method == "GET":
81         form = RouteForm()
82         if not request.user.is_superuser:
83             form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True)
84         return render_to_response('apply.html', {'form': form, 'applier': applier},
85                                   context_instance=RequestContext(request))
86
87     else:
88         form = RouteForm(request.POST)
89         if form.is_valid():
90             route=form.save(commit=False)
91             route.applier = request.user
92             route.status = "PENDING"
93             route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed
94             route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed
95             route.save()
96             form.save_m2m()
97             route.commit_add()
98             requesters_address = request.META['HTTP_X_FORWARDED_FOR']
99             mail_body = render_to_string("rule_add_mail.txt",
100                                              {"route": route, "address": requesters_address})
101             send_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s creation request submitted by %s" %(route.name, route.applier.username),
102                               mail_body, settings.SERVER_EMAIL,
103                               get_peer_techc_mails(route.applier), fail_silently=True)
104             d = { 'clientip' : "%s"%requesters_address, 'user' : route.applier.username }
105             logger.info(mail_body, extra=d)
106             return HttpResponseRedirect(reverse("group-routes"))
107         else:
108             return render_to_response('apply.html', {'form': form, 'applier':applier},
109                                       context_instance=RequestContext(request))
110
111 @login_required
112 @never_cache
113 def edit_route(request, route_slug):
114     applier = request.user.pk
115     applier_peer = request.user.get_profile().peer
116     route_edit = get_object_or_404(Route, name=route_slug)
117     route_edit_applier_peer = route_edit.applier.get_profile().peer
118     if applier_peer != route_edit_applier_peer:
119         messages.add_message(request, messages.WARNING,
120                              "Insufficient rights to edit rule %s" %(route_slug))
121         return HttpResponseRedirect(reverse("group-routes"))
122 #    if route_edit.status == "ADMININACTIVE" :
123 #        messages.add_message(request, messages.WARNING,
124 #                             "Administrator has disabled editing of rule %s" %(route_slug))
125 #        return HttpResponseRedirect(reverse("group-routes"))
126 #    if route_edit.status == "EXPIRED" :
127 #        messages.add_message(request, messages.WARNING,
128 #                             "Cannot edit the expired rule %s. Contact helpdesk to enable it" %(route_slug))
129 #        return HttpResponseRedirect(reverse("group-routes"))
130     if route_edit.status == "PENDING" :
131         messages.add_message(request, messages.WARNING,
132                              "Cannot edit a pending rule: %s." %(route_slug))
133         return HttpResponseRedirect(reverse("group-routes"))
134     route_original = deepcopy(route_edit)
135     if request.POST:
136         form = RouteForm(request.POST, instance = route_edit)
137         if form.is_valid():
138             route=form.save(commit=False)
139             route.name = route_original.name
140             route.applier = request.user
141             route.status = "PENDING"
142             route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed
143             route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed
144             route.save()
145             form.save_m2m()
146             route.commit_edit()
147             requesters_address = request.META['HTTP_X_FORWARDED_FOR']
148             mail_body = render_to_string("rule_edit_mail.txt",
149                                              {"route": route, "address": requesters_address})
150             send_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s edit request submitted by %s" %(route.name, route.applier.username),
151                               mail_body, settings.SERVER_EMAIL,
152                               get_peer_techc_mails(route.applier), fail_silently=True)
153             d = { 'clientip' : requesters_address, 'user' : route.applier.username }
154             logger.info(mail_body, extra=d)
155             return HttpResponseRedirect(reverse("group-routes"))
156         else:
157             return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier},
158                                       context_instance=RequestContext(request))
159     else:
160         dictionary = model_to_dict(route_edit, fields=[], exclude=[])
161         #form = RouteForm(instance=route_edit)
162         form = RouteForm(dictionary)
163         if not request.user.is_superuser:
164             form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True)
165         return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier},
166                                   context_instance=RequestContext(request))
167
168 @login_required
169 @never_cache
170 def delete_route(request, route_slug):
171     if request.is_ajax():
172         route = get_object_or_404(Route, name=route_slug)
173         applier_peer = route.applier.get_profile().peer
174         requester_peer = request.user.get_profile().peer
175         if applier_peer == requester_peer:
176             route.status = "PENDING"
177             route.expires = datetime.date.today()
178             route.save()
179             route.commit_delete()
180             requesters_address = request.META['HTTP_X_FORWARDED_FOR']
181             mail_body = render_to_string("rule_delete_mail.txt",
182                                              {"route": route, "address": requesters_address})
183             send_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s removal request submitted by %s" %(route.name, route.applier.username),
184                               mail_body, settings.SERVER_EMAIL,
185                              get_peer_techc_mails(route.applier), fail_silently=True)
186             d = { 'clientip' : requesters_address, 'user' : route.applier.username }
187             logger.info(mail_body, extra=d)            
188         html = "<html><body>Done</body></html>"
189         return HttpResponse(html)
190     else:
191         return HttpResponseRedirect(reverse("group-routes"))
192
193 @login_required
194 @never_cache
195 def user_profile(request):
196     user = request.user
197     peer = request.user.get_profile().peer
198     
199     return render_to_response('profile.html', {'user': user, 'peer':peer},
200                                   context_instance=RequestContext(request))
201
202 @never_cache
203 def user_login(request):
204     try:
205         error_username = None
206         error_orgname = None
207         error_affiliation = None
208         error = ''
209         username = request.META['HTTP_EPPN']
210         if not username:
211             error_username = True
212         firstname = request.META['HTTP_SHIB_INETORGPERSON_GIVENNAME']
213         lastname = request.META['HTTP_SHIB_PERSON_SURNAME']
214         mail = request.META['HTTP_SHIB_INETORGPERSON_MAIL']
215         organization = request.META['HTTP_SHIB_HOMEORGANIZATION']
216         affiliation = request.META['HTTP_SHIB_EP_ENTITLEMENT']
217         if settings.SHIB_AUTH_AFFILIATION in affiliation.split(";"):
218             has_affiliation = True
219         if not has_affiliation:
220             error_affiliation = True
221         if not organization:
222             error_orgname = True
223         if error_username:
224             error = "Your idP should release the HTTP_EPPN attribute towards this service\n"
225         if error_orgname:
226             error = error + "Your idP should release the HTTP_SHIB_HOMEORGANIZATION attribute towards this service\n"
227         if error_affiliation:
228             error = error + "Your idP should release an appropriate HTTP_SHIB_EP_ENTITLEMENT attribute towards this service"
229         if error_username or error_orgname or error_affiliation:
230             return render_to_response('error.html', {'error': error,},
231                                   context_instance=RequestContext(request))
232         user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail, organization=organization, affiliation=affiliation)
233         if user is not None:
234             login(request, user)
235             return HttpResponseRedirect(reverse("group-routes"))
236                 # Redirect to a success page.
237                 # Return a 'disabled account' error message
238         else:
239             error = "Something went wrong during user authentication. Contact your administrator"
240             return render_to_response('error.html', {'error': error,},
241                                   context_instance=RequestContext(request))
242     except Exception as e:
243         error = "Invalid login procedure"
244         return render_to_response('error.html', {'error': error,},
245                                   context_instance=RequestContext(request))
246         # Return an 'invalid login' error message.
247 #    return HttpResponseRedirect(reverse("user-routes"))
248
249 @login_required
250 @never_cache
251 def add_rate_limit(request):
252     if request.method == "GET":
253         form = ThenPlainForm()
254         return render_to_response('add_rate_limit.html', {'form': form,},
255                                   context_instance=RequestContext(request))
256
257     else:
258         form = ThenPlainForm(request.POST)
259         if form.is_valid():
260             then=form.save(commit=False)
261             then.action_value = "%sk"%then.action_value
262             then.save()
263             response_data = {}
264             response_data['pk'] = "%s" %then.pk
265             response_data['value'] = "%s:%s" %(then.action, then.action_value)
266             return HttpResponse(simplejson.dumps(response_data), mimetype='application/json')
267         else:
268             return render_to_response('add_rate_limit.html', {'form': form,},
269                                       context_instance=RequestContext(request))
270
271 @login_required
272 @never_cache
273 def add_port(request):
274     if request.method == "GET":
275         form = PortPlainForm()
276         return render_to_response('add_port.html', {'form': form,},
277                                   context_instance=RequestContext(request))
278
279     else:
280         form = PortPlainForm(request.POST)
281         if form.is_valid():
282             port=form.save()
283             response_data = {}
284             response_data['value'] = "%s" %port.pk
285             response_data['text'] = "%s" %port.port
286             return HttpResponse(simplejson.dumps(response_data), mimetype='application/json')
287         else:
288             return render_to_response('add_port.html', {'form': form,},
289                                       context_instance=RequestContext(request))
290
291 @login_required
292 @never_cache
293 def user_logout(request):
294     logout(request)
295     return HttpResponseRedirect(reverse('group-routes'))
296     
297 @never_cache
298 def load_jscript(request, file):
299     long_polling_timeout = int(settings.POLL_SESSION_UPDATE)*1000 + 10000
300     return render_to_response('%s.js' % file, {'timeout': long_polling_timeout}, context_instance=RequestContext(request), mimetype="text/javascript")
301
302
303 def get_peer_techc_mails(user):
304     user_mail = user.email
305     techmails = user.get_profile().peer.techc()
306     additional_mail = "%s;%s" %(settings.HELPDESK_MAIL,settings.NOC_MAIL) 
307     if techmails:
308         mail = "%s;%s" %(techmails, additional_mail)
309     else:
310         mail = additional_mail
311     mail = "%s;%s" %(user_mail, mail)
312     mail =  mail.split(';')
313     return mail
Unnamed repository; edit this file 'description' to name the repository.