1 # Create your views here.
5 from django import forms
6 from django.views.decorators.csrf import csrf_exempt
7 from django.core import urlresolvers
8 from django.core import serializers
9 from django.contrib.auth.decorators import login_required
10 from django.contrib.auth import logout
11 from django.http import HttpResponseRedirect, HttpResponseForbidden, HttpResponse
12 from django.shortcuts import get_object_or_404, render_to_response
13 from django.core.context_processors import request
14 from django.template.context import RequestContext
15 from django.template.loader import get_template, render_to_string
16 from django.utils import simplejson
17 from django.core.urlresolvers import reverse
18 from django.contrib import messages
19 from flowspy.accounts.models import *
21 from django.contrib.auth import authenticate, login
23 from django.forms.models import model_to_dict
25 from flowspy.flowspec.forms import *
26 from flowspy.flowspec.models import *
28 from copy import deepcopy
29 from flowspy.utils.decorators import shib_required
31 from django.views.decorators.cache import never_cache
32 from django.conf import settings
33 from django.core.mail import mail_admins, mail_managers, send_mail
37 LOG_FILENAME = os.path.join(settings.LOG_FILE_LOCATION, 'celery_jobs.log')
38 #FORMAT = '%(asctime)s %(levelname)s: %(message)s'
39 #logging.basicConfig(format=FORMAT)
40 formatter = logging.Formatter('%(asctime)s %(levelname)s %(clientip)s %(user)s: %(message)s')
42 logger = logging.getLogger(__name__)
43 logger.setLevel(logging.DEBUG)
44 handler = logging.FileHandler(LOG_FILENAME)
45 handler.setFormatter(formatter)
46 logger.addHandler(handler)
49 def user_routes(request):
50 user_routes = Route.objects.filter(applier=request.user)
51 return render_to_response('user_routes.html', {'routes': user_routes},
52 context_instance=RequestContext(request))
55 return render_to_response('welcome.html', context_instance=RequestContext(request))
59 def group_routes(request):
61 peer = request.user.get_profile().peer
63 peer_members = UserProfile.objects.filter(peer=peer)
64 users = [prof.user for prof in peer_members]
65 group_routes = Route.objects.filter(applier__in=users)
66 return render_to_response('user_routes.html', {'routes': group_routes},
67 context_instance=RequestContext(request))
72 def add_route(request):
73 applier = request.user.pk
74 applier_peer_networks = request.user.get_profile().peer.networks.all()
75 if not applier_peer_networks:
76 messages.add_message(request, messages.WARNING,
77 "Insufficient rights on administrative networks. Cannot add rule. Contact your administrator")
78 return HttpResponseRedirect(reverse("group-routes"))
79 if request.method == "GET":
81 return render_to_response('apply.html', {'form': form, 'applier': applier},
82 context_instance=RequestContext(request))
85 form = RouteForm(request.POST)
87 route=form.save(commit=False)
88 route.applier = request.user
89 route.status = "PENDING"
93 requesters_address = request.META['HTTP_X_FORWARDED_FOR']
94 mail_body = render_to_string("rule_add_mail.txt",
95 {"route": route, "address": requesters_address})
96 send_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s creation request submitted by %s" %(route.name, route.applier.username),
97 mail_body, settings.SERVER_EMAIL,
98 get_peer_techc_mails(route.applier), fail_silently=True)
99 d = { 'clientip' : "%s"%requesters_address, 'user' : route.applier.username }
100 logger.info(mail_body, extra=d)
101 return HttpResponseRedirect(reverse("group-routes"))
103 return render_to_response('apply.html', {'form': form, 'applier':applier},
104 context_instance=RequestContext(request))
108 def edit_route(request, route_slug):
109 applier = request.user.pk
110 applier_peer = request.user.get_profile().peer
111 route_edit = get_object_or_404(Route, name=route_slug)
112 route_edit_applier_peer = route_edit.applier.get_profile().peer
113 if applier_peer != route_edit_applier_peer:
114 messages.add_message(request, messages.WARNING,
115 "Insufficient rights to edit rule %s" %(route_slug))
116 return HttpResponseRedirect(reverse("group-routes"))
117 # if route_edit.status == "ADMININACTIVE" :
118 # messages.add_message(request, messages.WARNING,
119 # "Administrator has disabled editing of rule %s" %(route_slug))
120 # return HttpResponseRedirect(reverse("group-routes"))
121 # if route_edit.status == "EXPIRED" :
122 # messages.add_message(request, messages.WARNING,
123 # "Cannot edit the expired rule %s. Contact helpdesk to enable it" %(route_slug))
124 # return HttpResponseRedirect(reverse("group-routes"))
125 if route_edit.status == "PENDING" :
126 messages.add_message(request, messages.WARNING,
127 "Cannot edit a pending rule: %s." %(route_slug))
128 return HttpResponseRedirect(reverse("group-routes"))
129 route_original = deepcopy(route_edit)
131 form = RouteForm(request.POST, instance = route_edit)
133 route=form.save(commit=False)
134 route.name = route_original.name
135 route.applier = request.user
136 route.status = "PENDING"
140 requesters_address = request.META['HTTP_X_FORWARDED_FOR']
141 mail_body = render_to_string("rule_edit_mail.txt",
142 {"route": route, "address": requesters_address})
143 send_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s edit request submitted by %s" %(route.name, route.applier.username),
144 mail_body, settings.SERVER_EMAIL,
145 get_peer_techc_mails(route.applier), fail_silently=True)
146 d = { 'clientip' : requesters_address, 'user' : route.applier.username }
147 logger.info(mail_body, extra=d)
148 return HttpResponseRedirect(reverse("group-routes"))
150 return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier},
151 context_instance=RequestContext(request))
153 dictionary = model_to_dict(route_edit, fields=[], exclude=[])
154 #form = RouteForm(instance=route_edit)
155 form = RouteForm(dictionary)
156 return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier},
157 context_instance=RequestContext(request))
161 def delete_route(request, route_slug):
162 if request.is_ajax():
163 route = get_object_or_404(Route, name=route_slug)
164 applier_peer = route.applier.get_profile().peer
165 requester_peer = request.user.get_profile().peer
166 if applier_peer == requester_peer:
167 route.status = "PENDING"
169 route.commit_delete()
170 requesters_address = request.META['HTTP_X_FORWARDED_FOR']
171 mail_body = render_to_string("rule_delete_mail.txt",
172 {"route": route, "address": requesters_address})
173 send_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s removal request submitted by %s" %(route.name, route.applier.username),
174 mail_body, settings.SERVER_EMAIL,
175 get_peer_techc_mails(route.applier), fail_silently=True)
176 d = { 'clientip' : requesters_address, 'user' : route.applier.username }
177 logger.info(mail_body, extra=d)
178 html = "<html><body>Done</body></html>"
179 return HttpResponse(html)
181 return HttpResponseRedirect(reverse("group-routes"))
185 def user_profile(request):
187 peer = request.user.get_profile().peer
189 return render_to_response('profile.html', {'user': user, 'peer':peer},
190 context_instance=RequestContext(request))
193 def user_login(request):
195 error_username = None
197 error_affiliation = None
199 username = request.META['HTTP_EPPN']
201 error_username = True
202 firstname = request.META['HTTP_SHIB_INETORGPERSON_GIVENNAME']
203 lastname = request.META['HTTP_SHIB_PERSON_SURNAME']
204 mail = request.META['HTTP_SHIB_INETORGPERSON_MAIL']
205 organization = request.META['HTTP_SHIB_HOMEORGANIZATION']
206 affiliation = request.META['HTTP_SHIB_EP_ENTITLEMENT']
207 if settings.SHIB_AUTH_AFFILIATION in affiliation.split(";"):
208 has_affiliation = True
209 if not has_affiliation:
210 error_affiliation = True
214 error = "Your idP should release the HTTP_EPPN attribute towards this service\n"
216 error = error + "Your idP should release the HTTP_SHIB_HOMEORGANIZATION attribute towards this service\n"
217 if error_affiliation:
218 error = error + "Your idP should release an appropriate HTTP_SHIB_EP_ENTITLEMENT attribute towards this service"
219 if error_username or error_orgname or error_affiliation:
220 return render_to_response('error.html', {'error': error,},
221 context_instance=RequestContext(request))
222 user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail, organization=organization, affiliation=affiliation)
225 update_user_attributes(user, firstname=firstname, lastname=lastname, mail=mail)
226 return HttpResponseRedirect(reverse("group-routes"))
227 # Redirect to a success page.
228 # Return a 'disabled account' error message
230 error = "Something went wrong during user authentication. Contact your administrator"
231 return render_to_response('error.html', {'error': error,},
232 context_instance=RequestContext(request))
233 except Exception as e:
234 error = "Invalid login procedure"
235 return render_to_response('error.html', {'error': error,},
236 context_instance=RequestContext(request))
237 # Return an 'invalid login' error message.
238 # return HttpResponseRedirect(reverse("user-routes"))
242 def add_rate_limit(request):
243 if request.method == "GET":
244 form = ThenPlainForm()
245 return render_to_response('add_rate_limit.html', {'form': form,},
246 context_instance=RequestContext(request))
249 form = ThenPlainForm(request.POST)
251 then=form.save(commit=False)
252 then.action_value = "%sk"%then.action_value
255 response_data['pk'] = "%s" %then.pk
256 response_data['value'] = "%s:%s" %(then.action, then.action_value)
257 return HttpResponse(simplejson.dumps(response_data), mimetype='application/json')
259 return render_to_response('add_rate_limit.html', {'form': form,},
260 context_instance=RequestContext(request))
262 def update_user_attributes(user, firstname, lastname, mail):
263 user.first_name = firstname
264 user.last_name = lastname
270 def add_port(request):
271 if request.method == "GET":
272 form = PortPlainForm()
273 return render_to_response('add_port.html', {'form': form,},
274 context_instance=RequestContext(request))
277 form = PortPlainForm(request.POST)
281 response_data['value'] = "%s" %port.pk
282 response_data['text'] = "%s" %port.port
283 return HttpResponse(simplejson.dumps(response_data), mimetype='application/json')
285 return render_to_response('add_port.html', {'form': form,},
286 context_instance=RequestContext(request))
290 def user_logout(request):
292 return HttpResponseRedirect(reverse('group-routes'))
295 def load_jscript(request, file):
296 long_polling_timeout = int(settings.POLL_SESSION_UPDATE)*1000 + 10000
297 return render_to_response('%s.js' % file, {'timeout': long_polling_timeout}, context_instance=RequestContext(request), mimetype="text/javascript")
300 def get_peer_techc_mails(user):
301 user_mail = user.email
302 techmails = user.get_profile().peer.techc()
303 additional_mail = "%s;%s" %(settings.HELPDESK_MAIL,settings.NOC_MAIL)
305 mail = "%s;%s" %(techmails, additional_mail)
307 mail = additional_mail
308 mail = "%s;%s" %(user_mail, mail)
309 mail = mail.split(';')