projects / flowspy / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Moved flatpages to templates
[flowspy] / flowspec / views.py
1 # Create your views here.
2 import urllib2
3 import socket
4 import json
5 from django import forms
6 from django.views.decorators.csrf import csrf_exempt
7 from django.core import urlresolvers
8 from django.core import serializers
9 from django.contrib.auth.decorators import login_required
10 from django.contrib.auth import logout
11 from django.contrib.sites.models import Site
12 from django.contrib.auth.models import User
13 from django.http import HttpResponseRedirect, HttpResponseForbidden, HttpResponse
14 from django.shortcuts import get_object_or_404, render_to_response
15 from django.core.context_processors import request
16 from django.template.context import RequestContext
17 from django.template.loader import get_template, render_to_string
18 from django.utils.translation import ugettext as _
19 from django.core.urlresolvers import reverse
20 from django.contrib import messages
21 from flowspy.accounts.models import *
22 from ipaddr import *
23
24 from django.contrib.auth import authenticate, login
25
26 from django.forms.models import model_to_dict
27
28 from flowspy.flowspec.forms import * 
29 from flowspy.flowspec.models import *
30 from flowspy.peers.models import *
31
32 from registration.models import RegistrationProfile
33
34 from copy import deepcopy
35 from flowspy.utils.decorators import shib_required
36
37 from django.views.decorators.cache import never_cache
38 from django.conf import settings
39 from django.core.mail.message import EmailMessage
40 import datetime
41 import os
42
43 LOG_FILENAME = os.path.join(settings.LOG_FILE_LOCATION, 'celery_jobs.log')
44 #FORMAT = '%(asctime)s %(levelname)s: %(message)s'
45 #logging.basicConfig(format=FORMAT)
46 formatter = logging.Formatter('%(asctime)s %(levelname)s %(clientip)s %(user)s: %(message)s')
47
48 logger = logging.getLogger(__name__)
49 logger.setLevel(logging.DEBUG)
50 handler = logging.FileHandler(LOG_FILENAME)
51 handler.setFormatter(formatter)
52 logger.addHandler(handler)
53
54 @login_required
55 def user_routes(request):
56     user_routes = Route.objects.filter(applier=request.user)
57     return render_to_response('user_routes.html', {'routes': user_routes},
58                               context_instance=RequestContext(request))
59
60 def welcome(request):
61     return render_to_response('welcome.html', context_instance=RequestContext(request))
62
63 @login_required
64 @never_cache
65 def group_routes(request):
66     group_routes = []
67     peer = request.user.get_profile().peer
68     if peer:
69        peer_members = UserProfile.objects.filter(peer=peer)
70        users = [prof.user for prof in peer_members]
71        group_routes = Route.objects.filter(applier__in=users)
72     return render_to_response('user_routes.html', {'routes': group_routes},
73                               context_instance=RequestContext(request))
74
75
76 @login_required
77 @never_cache
78 def add_route(request):
79     applier = request.user.pk
80     applier_peer_networks = request.user.get_profile().peer.networks.all()
81     if not applier_peer_networks:
82          messages.add_message(request, messages.WARNING,
83                              _("Insufficient rights on administrative networks. Cannot add rule. Contact your administrator"))
84          return HttpResponseRedirect(reverse("group-routes"))
85     if request.method == "GET":
86         form = RouteForm()
87         if not request.user.is_superuser:
88             form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True)
89             form.fields['protocol'] = forms.ModelMultipleChoiceField(queryset=MatchProtocol.objects.filter(protocol__in=settings.UI_USER_PROTOCOLS).order_by('protocol'), required=False)
90         return render_to_response('apply.html', {'form': form, 'applier': applier},
91                                   context_instance=RequestContext(request))
92
93     else:
94         form = RouteForm(request.POST)
95         if form.is_valid():
96             route=form.save(commit=False)
97             route.applier = request.user
98             route.status = "PENDING"
99             route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed
100             route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed
101             route.save()
102             form.save_m2m()
103             route.commit_add()
104             requesters_address = request.META['HTTP_X_FORWARDED_FOR']
105             mail_body = render_to_string("rule_add_mail.txt",
106                                              {"route": route, "address": requesters_address})
107             user_mail = "%s" %route.applier.email
108             user_mail = user_mail.split(';')
109             send_new_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s creation request submitted by %s" %(route.name, route.applier.username),
110                               mail_body, settings.SERVER_EMAIL, user_mail,
111                               get_peer_techc_mails(route.applier))
112             d = { 'clientip' : "%s"%requesters_address, 'user' : route.applier.username }
113             logger.info(mail_body, extra=d)
114             return HttpResponseRedirect(reverse("group-routes"))
115         else:
116             return render_to_response('apply.html', {'form': form, 'applier':applier},
117                                       context_instance=RequestContext(request))
118
119 @login_required
120 @never_cache
121 def edit_route(request, route_slug):
122     applier = request.user.pk
123     applier_peer = request.user.get_profile().peer
124     route_edit = get_object_or_404(Route, name=route_slug)
125     route_edit_applier_peer = route_edit.applier.get_profile().peer
126     if applier_peer != route_edit_applier_peer:
127         messages.add_message(request, messages.WARNING,
128                              _("Insufficient rights to edit rule %s") %(route_slug))
129         return HttpResponseRedirect(reverse("group-routes"))
130 #    if route_edit.status == "ADMININACTIVE" :
131 #        messages.add_message(request, messages.WARNING,
132 #                             "Administrator has disabled editing of rule %s" %(route_slug))
133 #        return HttpResponseRedirect(reverse("group-routes"))
134 #    if route_edit.status == "EXPIRED" :
135 #        messages.add_message(request, messages.WARNING,
136 #                             "Cannot edit the expired rule %s. Contact helpdesk to enable it" %(route_slug))
137 #        return HttpResponseRedirect(reverse("group-routes"))
138     if route_edit.status == "PENDING" :
139         messages.add_message(request, messages.WARNING,
140                              _("Cannot edit a pending rule: %s.") %(route_slug))
141         return HttpResponseRedirect(reverse("group-routes"))
142     route_original = deepcopy(route_edit)
143     if request.POST:
144         form = RouteForm(request.POST, instance = route_edit)
145         if form.is_valid():
146             route=form.save(commit=False)
147             route.name = route_original.name
148             route.applier = request.user
149             route.status = "PENDING"
150             route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed
151             route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed
152             route.save()
153             form.save_m2m()
154             route.commit_edit()
155             requesters_address = request.META['HTTP_X_FORWARDED_FOR']
156             mail_body = render_to_string("rule_edit_mail.txt",
157                                              {"route": route, "address": requesters_address})
158             user_mail = "%s" %route.applier.email
159             user_mail = user_mail.split(';')
160             send_new_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s edit request submitted by %s" %(route.name, route.applier.username),
161                               mail_body, settings.SERVER_EMAIL, user_mail,
162                               get_peer_techc_mails(route.applier))
163             d = { 'clientip' : requesters_address, 'user' : route.applier.username }
164             logger.info(mail_body, extra=d)
165             return HttpResponseRedirect(reverse("group-routes"))
166         else:
167             return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier},
168                                       context_instance=RequestContext(request))
169     else:
170         dictionary = model_to_dict(route_edit, fields=[], exclude=[])
171         #form = RouteForm(instance=route_edit)
172         form = RouteForm(dictionary)
173         if not request.user.is_superuser:
174             form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True)
175             form.fields['protocol'] = forms.ModelMultipleChoiceField(queryset=MatchProtocol.objects.filter(protocol__in=settings.UI_USER_PROTOCOLS).order_by('protocol'), required=False)
176         return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier},
177                                   context_instance=RequestContext(request))
178
179 @login_required
180 @never_cache
181 def delete_route(request, route_slug):
182     if request.is_ajax():
183         route = get_object_or_404(Route, name=route_slug)
184         applier_peer = route.applier.get_profile().peer
185         requester_peer = request.user.get_profile().peer
186         if applier_peer == requester_peer:
187             route.status = "PENDING"
188             route.expires = datetime.date.today()
189             route.applier = request.user
190             route.save()
191             route.commit_delete()
192             requesters_address = request.META['HTTP_X_FORWARDED_FOR']
193             mail_body = render_to_string("rule_delete_mail.txt",
194                                              {"route": route, "address": requesters_address})
195             user_mail = "%s" %route.applier.email
196             user_mail = user_mail.split(';')
197             send_new_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s removal request submitted by %s" %(route.name, route.applier.username), 
198                               mail_body, settings.SERVER_EMAIL, user_mail,
199                              get_peer_techc_mails(route.applier))
200             d = { 'clientip' : requesters_address, 'user' : route.applier.username }
201             logger.info(mail_body, extra=d)            
202         html = "<html><body>Done</body></html>"
203         return HttpResponse(html)
204     else:
205         return HttpResponseRedirect(reverse("group-routes"))
206
207 @login_required
208 @never_cache
209 def user_profile(request):
210     user = request.user
211     peer = request.user.get_profile().peer
212     
213     return render_to_response('profile.html', {'user': user, 'peer':peer},
214                                   context_instance=RequestContext(request))
215
216 @never_cache
217 def user_login(request):
218     try:
219         error_username = False
220         error_orgname = False
221         error_entitlement = False
222         error_mail = False
223         has_entitlement = False
224         error = ''
225         username = request.META['HTTP_EPPN']
226         if not username:
227             error_username = True
228         firstname = request.META['HTTP_SHIB_INETORGPERSON_GIVENNAME']
229         lastname = request.META['HTTP_SHIB_PERSON_SURNAME']
230         mail = request.META['HTTP_SHIB_INETORGPERSON_MAIL']
231         organization = request.META['HTTP_SHIB_HOMEORGANIZATION']
232         entitlement = request.META['HTTP_SHIB_EP_ENTITLEMENT']
233         if settings.SHIB_AUTH_ENTITLEMENT in entitlement.split(";"):
234             has_entitlement = True
235         if not has_entitlement:
236             error_entitlement = True
237         if not organization:
238             error_orgname = True
239         if not mail:
240             error_mail = True
241         if error_username:
242             error = _("Your idP should release the HTTP_EPPN attribute towards this service<br>")
243         if error_orgname:
244             error = error + _("Your idP should release the HTTP_SHIB_HOMEORGANIZATION attribute towards this service<br>")
245         if error_entitlement:
246             error = error + _("Your idP should release an appropriate HTTP_SHIB_EP_ENTITLEMENT attribute towards this service<br>")
247         if error_mail:
248             error = error + _("Your idP should release the HTTP_SHIB_INETORGPERSON_MAIL attribute towards this service")
249         if error_username or error_orgname or error_entitlement or error_mail:
250             return render_to_response('error.html', {'error': error, "missing_attributes": True},
251                                   context_instance=RequestContext(request))
252         try:
253             user = User.objects.get(username__exact=username)
254             user_exists = True
255         except:
256             user_exists = False
257         user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail)
258         if user is not None:
259             try:
260                 peer = Peer.objects.get(domain_name=organization)
261                 up = UserProfile.objects.get_or_create(user=user,peer=peer)
262             except:
263                 error = _("Your organization's domain name does not match our peers' domain names<br>Please contact Helpdesk to resolve this issue")
264                 return render_to_response('error.html', {'error': error})
265             if not user_exists:
266                 user_activation_notify(user)
267             if user.is_active:
268                login(request, user)
269                return HttpResponseRedirect(reverse("group-routes"))
270             else:
271                 error = _("User account <strong>%s</strong> is pending activation. Administrators have been notified and will activate this account within the next days. <br>If this account has remained inactive for a long time contact your technical coordinator or GRNET Helpdesk") %user.username
272                 return render_to_response('error.html', {'error': error, 'inactive': True},
273                                   context_instance=RequestContext(request))
274         else:
275             error = _("Something went wrong during user authentication. Contact your administrator")
276             return render_to_response('error.html', {'error': error,},
277                                   context_instance=RequestContext(request))
278     except Exception:
279         error = _("Invalid login procedure")
280         return render_to_response('error.html', {'error': error,},
281                                   context_instance=RequestContext(request))
282         # Return an 'invalid login' error message.
283 #    return HttpResponseRedirect(reverse("user-routes"))
284
285 def user_activation_notify(user):
286     current_site = Site.objects.get_current()
287     subject = render_to_string('registration/activation_email_subject.txt',
288                                    { 'site': current_site })
289     # Email subject *must not* contain newlines
290     subject = ''.join(subject.splitlines())
291     registration_profile = RegistrationProfile.objects.create_profile(user)
292     message = render_to_string('registration/activation_email.txt',
293                                    { 'activation_key': registration_profile.activation_key,
294                                      'expiration_days': settings.ACCOUNT_ACTIVATION_DAYS,
295                                      'site': current_site,
296                                      'user': user })
297     send_new_mail(settings.EMAIL_SUBJECT_PREFIX + subject, 
298                               message, settings.SERVER_EMAIL,
299                              get_peer_techc_mails(user), [])
300
301 @login_required
302 @never_cache
303 def add_rate_limit(request):
304     if request.method == "GET":
305         form = ThenPlainForm()
306         return render_to_response('add_rate_limit.html', {'form': form,},
307                                   context_instance=RequestContext(request))
308
309     else:
310         form = ThenPlainForm(request.POST)
311         if form.is_valid():
312             then=form.save(commit=False)
313             then.action_value = "%sk"%then.action_value
314             then.save()
315             response_data = {}
316             response_data['pk'] = "%s" %then.pk
317             response_data['value'] = "%s:%s" %(then.action, then.action_value)
318             return HttpResponse(json.dumps(response_data), mimetype='application/json')
319         else:
320             return render_to_response('add_rate_limit.html', {'form': form,},
321                                       context_instance=RequestContext(request))
322
323 @login_required
324 @never_cache
325 def add_port(request):
326     if request.method == "GET":
327         form = PortPlainForm()
328         return render_to_response('add_port.html', {'form': form,},
329                                   context_instance=RequestContext(request))
330
331     else:
332         form = PortPlainForm(request.POST)
333         if form.is_valid():
334             port=form.save()
335             response_data = {}
336             response_data['value'] = "%s" %port.pk
337             response_data['text'] = "%s" %port.port
338             return HttpResponse(json.dumps(response_data), mimetype='application/json')
339         else:
340             return render_to_response('add_port.html', {'form': form,},
341                                       context_instance=RequestContext(request))
342
343 @login_required
344 @never_cache
345 def user_logout(request):
346     logout(request)
347     return HttpResponseRedirect(reverse('group-routes'))
348     
349 @never_cache
350 def load_jscript(request, file):
351     long_polling_timeout = int(settings.POLL_SESSION_UPDATE)*1000 + 10000
352     return render_to_response('%s.js' % file, {'timeout': long_polling_timeout}, context_instance=RequestContext(request), mimetype="text/javascript")
353
354
355 def get_peer_techc_mails(user):
356     mail = []
357     additional_mail = []
358     techmails_list = []
359     user_mail = "%s" %user.email
360     user_mail = user_mail.split(';')
361     techmails = user.get_profile().peer.techc_emails.all()
362     if techmails:
363         for techmail in techmails:
364             techmails_list.append(techmail.email)
365     if settings.NOTIFY_ADMIN_MAILS:
366         additional_mail = settings.NOTIFY_ADMIN_MAILS
367 #    mail.extend(user_mail)
368     mail.extend(additional_mail)
369     mail.extend(techmails_list)
370     return mail
371
372 def gettos(request):
373     return render_to_response('gettos.html', context_instance=RequestContext(request))
374
375 def getinfo(request):
376     return render_to_response('getinfo.html', context_instance=RequestContext(request))
377
378 def send_new_mail(subject, message, from_email, recipient_list, bcc_list):
379     return EmailMessage(subject, message, from_email, recipient_list, bcc_list).send()
380
Unnamed repository; edit this file 'description' to name the repository.