1 # Create your views here.
5 from django import forms
6 from django.views.decorators.csrf import csrf_exempt
7 from django.core import urlresolvers
8 from django.core import serializers
9 from django.contrib.auth.decorators import login_required
10 from django.contrib.auth import logout
11 from django.http import HttpResponseRedirect, HttpResponseForbidden, HttpResponse
12 from django.shortcuts import get_object_or_404, render_to_response
13 from django.core.context_processors import request
14 from django.template.context import RequestContext
15 from django.template.loader import get_template, render_to_string
16 from django.utils import simplejson
17 from django.core.urlresolvers import reverse
18 from django.contrib import messages
19 from flowspy.accounts.models import *
22 from django.contrib.auth import authenticate, login
24 from django.forms.models import model_to_dict
26 from flowspy.flowspec.forms import *
27 from flowspy.flowspec.models import *
29 from copy import deepcopy
30 from flowspy.utils.decorators import shib_required
32 from django.views.decorators.cache import never_cache
33 from django.conf import settings
34 from django.core.mail import mail_admins, mail_managers, send_mail
38 LOG_FILENAME = os.path.join(settings.LOG_FILE_LOCATION, 'celery_jobs.log')
39 #FORMAT = '%(asctime)s %(levelname)s: %(message)s'
40 #logging.basicConfig(format=FORMAT)
41 formatter = logging.Formatter('%(asctime)s %(levelname)s %(clientip)s %(user)s: %(message)s')
43 logger = logging.getLogger(__name__)
44 logger.setLevel(logging.DEBUG)
45 handler = logging.FileHandler(LOG_FILENAME)
46 handler.setFormatter(formatter)
47 logger.addHandler(handler)
50 def user_routes(request):
51 user_routes = Route.objects.filter(applier=request.user)
52 return render_to_response('user_routes.html', {'routes': user_routes},
53 context_instance=RequestContext(request))
56 return render_to_response('welcome.html', context_instance=RequestContext(request))
60 def group_routes(request):
62 peer = request.user.get_profile().peer
64 peer_members = UserProfile.objects.filter(peer=peer)
65 users = [prof.user for prof in peer_members]
66 group_routes = Route.objects.filter(applier__in=users)
67 return render_to_response('user_routes.html', {'routes': group_routes},
68 context_instance=RequestContext(request))
73 def add_route(request):
74 applier = request.user.pk
75 applier_peer_networks = request.user.get_profile().peer.networks.all()
76 if not applier_peer_networks:
77 messages.add_message(request, messages.WARNING,
78 "Insufficient rights on administrative networks. Cannot add rule. Contact your administrator")
79 return HttpResponseRedirect(reverse("group-routes"))
80 if request.method == "GET":
82 if not request.user.is_superuser:
83 form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True)
84 return render_to_response('apply.html', {'form': form, 'applier': applier},
85 context_instance=RequestContext(request))
88 form = RouteForm(request.POST)
90 route=form.save(commit=False)
91 route.applier = request.user
92 route.status = "PENDING"
93 route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed
94 route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed
98 requesters_address = request.META['HTTP_X_FORWARDED_FOR']
99 mail_body = render_to_string("rule_add_mail.txt",
100 {"route": route, "address": requesters_address})
101 send_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s creation request submitted by %s" %(route.name, route.applier.username),
102 mail_body, settings.SERVER_EMAIL,
103 get_peer_techc_mails(route.applier), fail_silently=True)
104 d = { 'clientip' : "%s"%requesters_address, 'user' : route.applier.username }
105 logger.info(mail_body, extra=d)
106 return HttpResponseRedirect(reverse("group-routes"))
108 return render_to_response('apply.html', {'form': form, 'applier':applier},
109 context_instance=RequestContext(request))
113 def edit_route(request, route_slug):
114 applier = request.user.pk
115 applier_peer = request.user.get_profile().peer
116 route_edit = get_object_or_404(Route, name=route_slug)
117 route_edit_applier_peer = route_edit.applier.get_profile().peer
118 if applier_peer != route_edit_applier_peer:
119 messages.add_message(request, messages.WARNING,
120 "Insufficient rights to edit rule %s" %(route_slug))
121 return HttpResponseRedirect(reverse("group-routes"))
122 # if route_edit.status == "ADMININACTIVE" :
123 # messages.add_message(request, messages.WARNING,
124 # "Administrator has disabled editing of rule %s" %(route_slug))
125 # return HttpResponseRedirect(reverse("group-routes"))
126 # if route_edit.status == "EXPIRED" :
127 # messages.add_message(request, messages.WARNING,
128 # "Cannot edit the expired rule %s. Contact helpdesk to enable it" %(route_slug))
129 # return HttpResponseRedirect(reverse("group-routes"))
130 if route_edit.status == "PENDING" :
131 messages.add_message(request, messages.WARNING,
132 "Cannot edit a pending rule: %s." %(route_slug))
133 return HttpResponseRedirect(reverse("group-routes"))
134 route_original = deepcopy(route_edit)
136 form = RouteForm(request.POST, instance = route_edit)
138 route=form.save(commit=False)
139 route.name = route_original.name
140 route.applier = request.user
141 route.status = "PENDING"
142 route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed
143 route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed
147 requesters_address = request.META['HTTP_X_FORWARDED_FOR']
148 mail_body = render_to_string("rule_edit_mail.txt",
149 {"route": route, "address": requesters_address})
150 send_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s edit request submitted by %s" %(route.name, route.applier.username),
151 mail_body, settings.SERVER_EMAIL,
152 get_peer_techc_mails(route.applier), fail_silently=True)
153 d = { 'clientip' : requesters_address, 'user' : route.applier.username }
154 logger.info(mail_body, extra=d)
155 return HttpResponseRedirect(reverse("group-routes"))
157 return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier},
158 context_instance=RequestContext(request))
160 dictionary = model_to_dict(route_edit, fields=[], exclude=[])
161 #form = RouteForm(instance=route_edit)
162 form = RouteForm(dictionary)
163 if not request.user.is_superuser:
164 form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True)
165 return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier},
166 context_instance=RequestContext(request))
170 def delete_route(request, route_slug):
171 if request.is_ajax():
172 route = get_object_or_404(Route, name=route_slug)
173 applier_peer = route.applier.get_profile().peer
174 requester_peer = request.user.get_profile().peer
175 if applier_peer == requester_peer:
176 route.status = "PENDING"
177 route.expires = datetime.date.today()
179 route.commit_delete()
180 requesters_address = request.META['HTTP_X_FORWARDED_FOR']
181 mail_body = render_to_string("rule_delete_mail.txt",
182 {"route": route, "address": requesters_address})
183 send_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s removal request submitted by %s" %(route.name, route.applier.username),
184 mail_body, settings.SERVER_EMAIL,
185 get_peer_techc_mails(route.applier), fail_silently=True)
186 d = { 'clientip' : requesters_address, 'user' : route.applier.username }
187 logger.info(mail_body, extra=d)
188 html = "<html><body>Done</body></html>"
189 return HttpResponse(html)
191 return HttpResponseRedirect(reverse("group-routes"))
195 def user_profile(request):
197 peer = request.user.get_profile().peer
199 return render_to_response('profile.html', {'user': user, 'peer':peer},
200 context_instance=RequestContext(request))
203 def user_login(request):
205 error_username = None
207 error_affiliation = None
209 username = request.META['HTTP_EPPN']
211 error_username = True
212 firstname = request.META['HTTP_SHIB_INETORGPERSON_GIVENNAME']
213 lastname = request.META['HTTP_SHIB_PERSON_SURNAME']
214 mail = request.META['HTTP_SHIB_INETORGPERSON_MAIL']
215 organization = request.META['HTTP_SHIB_HOMEORGANIZATION']
216 affiliation = request.META['HTTP_SHIB_EP_ENTITLEMENT']
217 if settings.SHIB_AUTH_AFFILIATION in affiliation.split(";"):
218 has_affiliation = True
219 if not has_affiliation:
220 error_affiliation = True
224 error = "Your idP should release the HTTP_EPPN attribute towards this service\n"
226 error = error + "Your idP should release the HTTP_SHIB_HOMEORGANIZATION attribute towards this service\n"
227 if error_affiliation:
228 error = error + "Your idP should release an appropriate HTTP_SHIB_EP_ENTITLEMENT attribute towards this service"
229 if error_username or error_orgname or error_affiliation:
230 return render_to_response('error.html', {'error': error,},
231 context_instance=RequestContext(request))
232 user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail, organization=organization, affiliation=affiliation)
235 return HttpResponseRedirect(reverse("group-routes"))
236 # Redirect to a success page.
237 # Return a 'disabled account' error message
239 error = "Something went wrong during user authentication. Contact your administrator"
240 return render_to_response('error.html', {'error': error,},
241 context_instance=RequestContext(request))
242 except Exception as e:
243 error = "Invalid login procedure"
244 return render_to_response('error.html', {'error': error,},
245 context_instance=RequestContext(request))
246 # Return an 'invalid login' error message.
247 # return HttpResponseRedirect(reverse("user-routes"))
251 def add_rate_limit(request):
252 if request.method == "GET":
253 form = ThenPlainForm()
254 return render_to_response('add_rate_limit.html', {'form': form,},
255 context_instance=RequestContext(request))
258 form = ThenPlainForm(request.POST)
260 then=form.save(commit=False)
261 then.action_value = "%sk"%then.action_value
264 response_data['pk'] = "%s" %then.pk
265 response_data['value'] = "%s:%s" %(then.action, then.action_value)
266 return HttpResponse(simplejson.dumps(response_data), mimetype='application/json')
268 return render_to_response('add_rate_limit.html', {'form': form,},
269 context_instance=RequestContext(request))
273 def add_port(request):
274 if request.method == "GET":
275 form = PortPlainForm()
276 return render_to_response('add_port.html', {'form': form,},
277 context_instance=RequestContext(request))
280 form = PortPlainForm(request.POST)
284 response_data['value'] = "%s" %port.pk
285 response_data['text'] = "%s" %port.port
286 return HttpResponse(simplejson.dumps(response_data), mimetype='application/json')
288 return render_to_response('add_port.html', {'form': form,},
289 context_instance=RequestContext(request))
293 def user_logout(request):
295 return HttpResponseRedirect(reverse('group-routes'))
298 def load_jscript(request, file):
299 long_polling_timeout = int(settings.POLL_SESSION_UPDATE)*1000 + 10000
300 return render_to_response('%s.js' % file, {'timeout': long_polling_timeout}, context_instance=RequestContext(request), mimetype="text/javascript")
303 def get_peer_techc_mails(user):
304 user_mail = user.email
305 techmails = user.get_profile().peer.techc()
306 additional_mail = "%s;%s" %(settings.HELPDESK_MAIL,settings.NOC_MAIL)
308 mail = "%s;%s" %(techmails, additional_mail)
310 mail = additional_mail
311 mail = "%s;%s" %(user_mail, mail)
312 mail = mail.split(';')