code.grnet.gr Git - flowspy/blob - flowspec/views.py

   1 # Create your views here.
   2 import urllib2
   3 import socket
   4 import json
   5 from django import forms
   6 from django.views.decorators.csrf import csrf_exempt
   7 from django.core import urlresolvers
   8 from django.core import serializers
   9 from django.contrib.auth.decorators import login_required
  10 from django.contrib.auth import logout
  11 from django.http import HttpResponseRedirect, HttpResponseForbidden, HttpResponse
  12 from django.shortcuts import get_object_or_404, render_to_response
  13 from django.core.context_processors import request
  14 from django.template.context import RequestContext
  15 from django.template.loader import get_template, render_to_string
  16 from django.utils import simplejson
  17 from django.core.urlresolvers import reverse
  18 from django.contrib import messages
  19 from flowspy.accounts.models import *
  20
  21 from django.contrib.auth import authenticate, login
  22
  23 from django.forms.models import model_to_dict
  24
  25 from flowspy.flowspec.forms import *
  26 from flowspy.flowspec.models import *
  27
  28 from copy import deepcopy
  29 from flowspy.utils.decorators import shib_required
  30
  31 from django.views.decorators.cache import never_cache
  32 from django.conf import settings
  33 from django.core.mail import mail_admins, mail_managers, send_mail
  34
  35 import os
  36
  37 cwd = os.getcwd()
  38
  39
  40 LOG_FILENAME = os.path.join(cwd, 'log/celery_jobs.log')
  41
  42 #FORMAT = '%(asctime)s %(levelname)s: %(message)s'
  43 #logging.basicConfig(format=FORMAT)
  44 formatter = logging.Formatter('%(asctime)s %(levelname)s: %(message)s')
  45
  46 logger = logging.getLogger(__name__)
  47 logger.setLevel(logging.DEBUG)
  48 handler = logging.FileHandler(LOG_FILENAME)
  49 handler.setFormatter(formatter)
  50 logger.addHandler(handler)
  51
  52
  53
  54 @login_required
  55 def user_routes(request):
  56     user_routes = Route.objects.filter(applier=request.user)
  57     return render_to_response('user_routes.html', {'routes': user_routes},
  58                               context_instance=RequestContext(request))
  59
  60 def welcome(request):
  61     return render_to_response('welcome.html', context_instance=RequestContext(request))
  62
  63 @login_required
  64 @never_cache
  65 def group_routes(request):
  66     group_routes = []
  67     peer = request.user.get_profile().peer
  68     if peer:
  69        peer_members = UserProfile.objects.filter(peer=peer)
  70        users = [prof.user for prof in peer_members]
  71        group_routes = Route.objects.filter(applier__in=users)
  72     return render_to_response('user_routes.html', {'routes': group_routes},
  73                               context_instance=RequestContext(request))
  74
  75
  76 @login_required
  77 @never_cache
  78 def add_route(request):
  79     applier = request.user.pk
  80     applier_peer_networks = request.user.get_profile().peer.networks.all()
  81     if not applier_peer_networks:
  82          messages.add_message(request, messages.WARNING,
  83                              "Insufficient rights on administrative networks. Cannot add rule. Contact your administrator")
  84          return HttpResponseRedirect(reverse("group-routes"))
  85     if request.method == "GET":
  86         form = RouteForm()
  87         return render_to_response('apply.html', {'form': form, 'applier': applier},
  88                                   context_instance=RequestContext(request))
  89
  90     else:
  91         form = RouteForm(request.POST)
  92         if form.is_valid():
  93             route=form.save(commit=False)
  94             route.applier = request.user
  95             route.status = "PENDING"
  96             route.save()
  97             form.save_m2m()
  98             route.commit_add()
  99             mail_body = render_to_string("rule_add_mail.txt",
 100                                              {"route": route})
 101             mail_admins("Rule %s creation request submitted by %s" %(route.name, route.applier.username),
 102                           mail_body, fail_silently=True)
 103             logger.info(mail_body)
 104             return HttpResponseRedirect(reverse("group-routes"))
 105         else:
 106             return render_to_response('apply.html', {'form': form, 'applier':applier},
 107                                       context_instance=RequestContext(request))
 108
 109 @login_required
 110 @never_cache
 111 def edit_route(request, route_slug):
 112     applier = request.user.pk
 113     applier_peer = request.user.get_profile().peer
 114     route_edit = get_object_or_404(Route, name=route_slug)
 115     route_edit_applier_peer = route_edit.applier.get_profile().peer
 116     if applier_peer != route_edit_applier_peer:
 117         messages.add_message(request, messages.WARNING,
 118                              "Insufficient rights to edit rule %s" %(route_slug))
 119         return HttpResponseRedirect(reverse("group-routes"))
 120 #    if route_edit.status == "ADMININACTIVE" :
 121 #        messages.add_message(request, messages.WARNING,
 122 #                             "Administrator has disabled editing of rule %s" %(route_slug))
 123 #        return HttpResponseRedirect(reverse("group-routes"))
 124 #    if route_edit.status == "EXPIRED" :
 125 #        messages.add_message(request, messages.WARNING,
 126 #                             "Cannot edit the expired rule %s. Contact helpdesk to enable it" %(route_slug))
 127 #        return HttpResponseRedirect(reverse("group-routes"))
 128     if route_edit.status == "PENDING" :
 129         messages.add_message(request, messages.WARNING,
 130                              "Cannot edit a pending rule: %s." %(route_slug))
 131         return HttpResponseRedirect(reverse("group-routes"))
 132     route_original = deepcopy(route_edit)
 133     if request.POST:
 134         form = RouteForm(request.POST, instance = route_edit)
 135         if form.is_valid():
 136             route=form.save(commit=False)
 137             route.name = route_original.name
 138             route.applier = request.user
 139             route.status = "PENDING"
 140             route.save()
 141             form.save_m2m()
 142             route.commit_edit()
 143             mail_body = render_to_string("rule_edit_mail.txt",
 144                                              {"route": route})
 145             mail_admins("Rule %s edit request submitted by %s" %(route.name, route.applier.username),
 146                           mail_body, fail_silently=True)
 147             logger.info(mail_body)
 148             return HttpResponseRedirect(reverse("group-routes"))
 149         else:
 150             return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier},
 151                                       context_instance=RequestContext(request))
 152     else:
 153         dictionary = model_to_dict(route_edit, fields=[], exclude=[])
 154         #form = RouteForm(instance=route_edit)
 155         form = RouteForm(dictionary)
 156         return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier},
 157                                   context_instance=RequestContext(request))
 158
 159 @login_required
 160 @never_cache
 161 def delete_route(request, route_slug):
 162     if request.is_ajax():
 163         route = get_object_or_404(Route, name=route_slug)
 164         applier_peer = route.applier.get_profile().peer
 165         requester_peer = request.user.get_profile().peer
 166         if applier_peer == requester_peer:
 167             route.status = "PENDING"
 168             route.save()
 169             route.commit_delete()
 170             mail_body = render_to_string("rule_delete_mail.txt",
 171                                              {"route": route})
 172             mail_admins("Rule %s removal request submitted by %s" %(route.name, route.applier.username),
 173                           mail_body, fail_silently=True)
 174             logger.info(mail_body)
 175         html = "<html><body>Done</body></html>"
 176         return HttpResponse(html)
 177     else:
 178         return HttpResponseRedirect(reverse("group-routes"))
 179
 180 @login_required
 181 @never_cache
 182 def user_profile(request):
 183     user = request.user
 184     peer = request.user.get_profile().peer
 185
 186     return render_to_response('profile.html', {'user': user, 'peer':peer},
 187                                   context_instance=RequestContext(request))
 188
 189 @never_cache
 190 def user_login(request):
 191     try:
 192         error_username = None
 193         error_orgname = None
 194         error_affiliation = None
 195         error = ''
 196         username = request.META['HTTP_EPPN']
 197         if not username:
 198             error_username = True
 199         firstname = request.META['HTTP_SHIB_INETORGPERSON_GIVENNAME']
 200         lastname = request.META['HTTP_SHIB_PERSON_SURNAME']
 201         mail = request.META['HTTP_SHIB_INETORGPERSON_MAIL']
 202         organization = request.META['HTTP_SHIB_HOMEORGANIZATION']
 203         affiliation = request.META['HTTP_SHIB_EP_ENTITLEMENT']
 204         if settings.SHIB_AUTH_AFFILIATION in affiliation.split(";"):
 205             has_affiliation = True
 206         if not has_affiliation:
 207             error_affiliation = True
 208         if not organization:
 209             error_orgname = True
 210         if error_username:
 211             error = "Your idP should release the HTTP_EPPN attribute towards this service\n"
 212         if error_orgname:
 213             error = error + "Your idP should release the HTTP_SHIB_HOMEORGANIZATION attribute towards this service\n"
 214         if error_affiliation:
 215             error = error + "Your idP should release an appropriate HTTP_SHIB_EP_ENTITLEMENT attribute towards this service"
 216         if error_username or error_orgname or error_affiliation:
 217             return render_to_response('error.html', {'error': error,},
 218                                   context_instance=RequestContext(request))
 219         user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail, organization=organization, affiliation=affiliation)
 220         if user is not None:
 221             login(request, user)
 222             update_user_attributes(user, firstname=firstname, lastname=lastname, mail=mail)
 223             return HttpResponseRedirect(reverse("group-routes"))
 224                 # Redirect to a success page.
 225                 # Return a 'disabled account' error message
 226         else:
 227             error = "Something went wrong during user authentication. Contact your administrator"
 228             return render_to_response('error.html', {'error': error,},
 229                                   context_instance=RequestContext(request))
 230     except Exception as e:
 231         error = "Invalid login procedure"
 232         return render_to_response('error.html', {'error': error,},
 233                                   context_instance=RequestContext(request))
 234         # Return an 'invalid login' error message.
 235 #    return HttpResponseRedirect(reverse("user-routes"))
 236
 237 @login_required
 238 @never_cache
 239 def add_rate_limit(request):
 240     if request.method == "GET":
 241         form = ThenPlainForm()
 242         return render_to_response('add_rate_limit.html', {'form': form,},
 243                                   context_instance=RequestContext(request))
 244
 245     else:
 246         form = ThenPlainForm(request.POST)
 247         if form.is_valid():
 248             then=form.save(commit=False)
 249             then.action_value = "%sk"%then.action_value
 250             then.save()
 251             response_data = {}
 252             response_data['pk'] = "%s" %then.pk
 253             response_data['value'] = "%s:%s" %(then.action, then.action_value)
 254             return HttpResponse(simplejson.dumps(response_data), mimetype='application/json')
 255         else:
 256             return render_to_response('add_rate_limit.html', {'form': form,},
 257                                       context_instance=RequestContext(request))
 258
 259 def update_user_attributes(user, firstname, lastname, mail):
 260     user.first_name = firstname
 261     user.last_name = lastname
 262     user.email = mail
 263     user.save()
 264
 265 @login_required
 266 @never_cache
 267 def add_port(request):
 268     if request.method == "GET":
 269         form = PortPlainForm()
 270         return render_to_response('add_port.html', {'form': form,},
 271                                   context_instance=RequestContext(request))
 272
 273     else:
 274         form = PortPlainForm(request.POST)
 275         if form.is_valid():
 276             port=form.save()
 277             response_data = {}
 278             response_data['value'] = "%s" %port.pk
 279             response_data['text'] = "%s" %port.port
 280             return HttpResponse(simplejson.dumps(response_data), mimetype='application/json')
 281         else:
 282             return render_to_response('add_port.html', {'form': form,},
 283                                       context_instance=RequestContext(request))
 284
 285 @login_required
 286 @never_cache
 287 def user_logout(request):
 288     logout(request)
 289     return HttpResponseRedirect(reverse('group-routes'))
 290
 291 @never_cache
 292 def load_jscript(request, file):
 293     long_polling_timeout = int(settings.POLL_SESSION_UPDATE)*1000 + 10000
 294     return render_to_response('%s.js' % file, {'timeout': long_polling_timeout}, context_instance=RequestContext(request), mimetype="text/javascript")