code.grnet.gr Git - flowspy/blob - flowspec/views.py

   1 # Create your views here.
   2 import urllib2
   3 import socket
   4 import json
   5 from django import forms
   6 from django.views.decorators.csrf import csrf_exempt
   7 from django.core import urlresolvers
   8 from django.core import serializers
   9 from django.contrib.auth.decorators import login_required
  10 from django.http import HttpResponseRedirect, HttpResponseForbidden, HttpResponse
  11 from django.shortcuts import get_object_or_404, render_to_response
  12 from django.core.context_processors import request
  13 from django.template.context import RequestContext
  14 from django.template.loader import get_template, render_to_string
  15 from django.utils import simplejson
  16 from django.core.urlresolvers import reverse
  17 from django.contrib import messages
  18 from flowspy.accounts.models import *
  19
  20 from django.contrib.auth import authenticate, login
  21
  22 from django.forms.models import model_to_dict
  23
  24 from flowspy.flowspec.forms import *
  25 from flowspy.flowspec.models import *
  26
  27 from copy import deepcopy
  28 from flowspy.utils.decorators import shib_required
  29 import datetime
  30
  31 from django.views.decorators.cache import never_cache
  32 from django.conf import settings
  33 from django.core.mail import mail_admins, mail_managers, send_mail
  34
  35
  36 def days_offset(): return datetime.date.today() + datetime.timedelta(days = settings.EXPIRATION_DAYS_OFFSET)
  37
  38 @login_required
  39 def user_routes(request):
  40     user_routes = Route.objects.filter(applier=request.user)
  41     return render_to_response('user_routes.html', {'routes': user_routes},
  42                               context_instance=RequestContext(request))
  43
  44 def welcome(request):
  45     return render_to_response('welcome.html', context_instance=RequestContext(request))
  46
  47 @login_required
  48 @never_cache
  49 def group_routes(request):
  50     group_routes = []
  51     peer = request.user.get_profile().peer
  52     if peer:
  53        peer_members = UserProfile.objects.filter(peer=peer)
  54        users = [prof.user for prof in peer_members]
  55        group_routes = Route.objects.filter(applier__in=users)
  56     return render_to_response('user_routes.html', {'routes': group_routes},
  57                               context_instance=RequestContext(request))
  58
  59
  60 @login_required
  61 @never_cache
  62 def add_route(request):
  63     applier = request.user.pk
  64     applier_peer_networks = request.user.get_profile().peer.networks.all()
  65     if not applier_peer_networks:
  66          messages.add_message(request, messages.WARNING,
  67                              "Insufficient rights on administrative networks. Cannot add rule. Contact your administrator")
  68          return HttpResponseRedirect(reverse("group-routes"))
  69     if request.method == "GET":
  70         form = RouteForm()
  71         return render_to_response('apply.html', {'form': form, 'applier': applier},
  72                                   context_instance=RequestContext(request))
  73
  74     else:
  75         form = RouteForm(request.POST)
  76         if form.is_valid():
  77             route=form.save(commit=False)
  78             route.applier = request.user
  79             route.expires = days_offset()
  80             route.status = "PENDING"
  81             route.save()
  82             form.save_m2m()
  83             route.commit_add()
  84             mail_body = render_to_string("rule_add_mail.txt",
  85                                              {"route": route})
  86             mail_admins("Rule %s creation request submitted by %s" %(route.name, route.applier.username),
  87                           mail_body, fail_silently=True)
  88             return HttpResponseRedirect(reverse("group-routes"))
  89         else:
  90             return render_to_response('apply.html', {'form': form, 'applier':applier},
  91                                       context_instance=RequestContext(request))
  92
  93 @login_required
  94 @never_cache
  95 def add_then(request):
  96     applier = request.user.pk
  97     if request.method == "GET":
  98         form = RouteForm()
  99         return render_to_response('apply.html', {'form': form, 'applier': applier},
 100                                   context_instance=RequestContext(request))
 101
 102     else:
 103         form = RouteForm(request.POST)
 104         if form.is_valid():
 105             route=form.save(commit=False)
 106             route.applier = request.user
 107             route.expires = days_offset()
 108             route.save()
 109             form.save_m2m()
 110             route.commit_add()
 111             return HttpResponseRedirect(reverse("group-routes"))
 112         else:
 113             return render_to_response('apply.html', {'form': form, 'applier':applier},
 114                                       context_instance=RequestContext(request))
 115
 116 @login_required
 117 @never_cache
 118 def edit_route(request, route_slug):
 119     applier = request.user.pk
 120     applier_peer = request.user.get_profile().peer
 121     route_edit = get_object_or_404(Route, name=route_slug)
 122     route_edit_applier_peer = route_edit.applier.get_profile().peer
 123     if applier_peer != route_edit_applier_peer:
 124         messages.add_message(request, messages.WARNING,
 125                              "Insufficient rights to edit rule %s" %(route_slug))
 126         return HttpResponseRedirect(reverse("group-routes"))
 127     if route_edit.status == "ADMININACTIVE" :
 128         messages.add_message(request, messages.WARNING,
 129                              "Administrator has disabled editing of rule %s" %(route_slug))
 130         return HttpResponseRedirect(reverse("group-routes"))
 131     if route_edit.status == "EXPIRED" :
 132         messages.add_message(request, messages.WARNING,
 133                              "Cannot edit the expired rule %s. Contact helpdesk to enable it" %(route_slug))
 134         return HttpResponseRedirect(reverse("group-routes"))
 135     if route_edit.status == "PENDING" :
 136         messages.add_message(request, messages.WARNING,
 137                              "Cannot edit a pending rule: %s." %(route_slug))
 138         return HttpResponseRedirect(reverse("group-routes"))
 139     route_original = deepcopy(route_edit)
 140     if request.POST:
 141         form = RouteForm(request.POST, instance = route_edit)
 142         if form.is_valid():
 143             route=form.save(commit=False)
 144             route.name = route_original.name
 145             route.applier = request.user
 146             route.expires = route_original.expires
 147             route.status = "PENDING"
 148             route.save()
 149             form.save_m2m()
 150             route.commit_edit()
 151             mail_body = render_to_string("rule_edit_mail.txt",
 152                                              {"route": route})
 153             mail_admins("Rule %s edit request submitted by %s" %(route.name, route.applier.username),
 154                           mail_body, fail_silently=True)
 155             return HttpResponseRedirect(reverse("group-routes"))
 156         else:
 157             return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier},
 158                                       context_instance=RequestContext(request))
 159     else:
 160         dictionary = model_to_dict(route_edit, fields=[], exclude=[])
 161         #form = RouteForm(instance=route_edit)
 162         form = RouteForm(dictionary)
 163         return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier},
 164                                   context_instance=RequestContext(request))
 165
 166 @login_required
 167 @never_cache
 168 def delete_route(request, route_slug):
 169     if request.is_ajax():
 170         route = get_object_or_404(Route, name=route_slug)
 171         applier_peer = route.applier.get_profile().peer
 172         requester_peer = request.user.get_profile().peer
 173         if applier_peer == requester_peer:
 174             route.status = "PENDING"
 175             route.commit_delete()
 176             mail_body = render_to_string("rule_delete_mail.txt",
 177                                              {"route": route})
 178             mail_admins("Rule %s removal request submitted by %s" %(route.name, route.applier.username),
 179                           mail_body, fail_silently=True)
 180         html = "<html><body>Done</body></html>"
 181         return HttpResponse(html)
 182     else:
 183         return HttpResponseRedirect(reverse("group-routes"))
 184
 185 @login_required
 186 @never_cache
 187 def user_profile(request):
 188     user = request.user
 189     peer = request.user.get_profile().peer
 190
 191     return render_to_response('profile.html', {'user': user, 'peer':peer},
 192                                   context_instance=RequestContext(request))
 193
 194 @never_cache
 195 def user_login(request):
 196     try:
 197         error_username = None
 198         error_orgname = None
 199         error_affiliation = None
 200         error = ''
 201         username = request.META['HTTP_EPPN']
 202         if not username:
 203             error_username = True
 204         firstname = request.META['HTTP_SHIB_INETORGPERSON_GIVENNAME']
 205         lastname = request.META['HTTP_SHIB_PERSON_SURNAME']
 206         mail = request.META['HTTP_SHIB_INETORGPERSON_MAIL']
 207         organization = request.META['HTTP_SHIB_HOMEORGANIZATION']
 208         affiliation = request.META['HTTP_SHIB_EP_ENTITLEMENT']
 209         if settings.SHIB_AUTH_AFFILIATION in affiliation.split(";"):
 210             has_affiliation = True
 211         if not has_affiliation:
 212             error_affiliation = True
 213         if not organization:
 214             error_orgname = True
 215         if error_username:
 216             error = "Your idP should release the HTTP_EPPN attribute towards this service\n"
 217         if error_orgname:
 218             error = error + "Your idP should release the HTTP_SHIB_HOMEORGANIZATION attribute towards this service\n"
 219         if error_affiliation:
 220             error = error + "Your idP should release an appropriate HTTP_SHIB_EP_ENTITLEMENT attribute towards this service"
 221         if error_username or error_orgname or error_affiliation:
 222             return render_to_response('error.html', {'error': error,},
 223                                   context_instance=RequestContext(request))
 224         user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail, organization=organization, affiliation=affiliation)
 225         if user is not None:
 226             login(request, user)
 227             update_user_attributes(user, firstname=firstname, lastname=lastname, mail=mail)
 228             return HttpResponseRedirect(reverse("group-routes"))
 229                 # Redirect to a success page.
 230                 # Return a 'disabled account' error message
 231         else:
 232             error = "Something went wrong during user authentication. Contact your administrator"
 233             return render_to_response('error.html', {'error': error,},
 234                                   context_instance=RequestContext(request))
 235     except Exception as e:
 236         error = "Invalid login procedure"
 237         return render_to_response('error.html', {'error': error,},
 238                                   context_instance=RequestContext(request))
 239         # Return an 'invalid login' error message.
 240 #    return HttpResponseRedirect(reverse("user-routes"))
 241
 242 @login_required
 243 @never_cache
 244 def add_rate_limit(request):
 245     if request.method == "GET":
 246         form = ThenPlainForm()
 247         return render_to_response('add_rate_limit.html', {'form': form,},
 248                                   context_instance=RequestContext(request))
 249
 250     else:
 251         form = ThenPlainForm(request.POST)
 252         if form.is_valid():
 253             then=form.save(commit=False)
 254             then.action_value = "%sk"%then.action_value
 255             then.save()
 256             response_data = {}
 257             response_data['pk'] = "%s" %then.pk
 258             response_data['value'] = "%s:%s" %(then.action, then.action_value)
 259             return HttpResponse(simplejson.dumps(response_data), mimetype='application/json')
 260         else:
 261             return render_to_response('add_rate_limit.html', {'form': form,},
 262                                       context_instance=RequestContext(request))
 263
 264 def update_user_attributes(user, firstname, lastname, mail):
 265     user.first_name = firstname
 266     user.last_name = lastname
 267     user.email = mail
 268     user.save()
 269
 270 @login_required
 271 @never_cache
 272 def add_port(request):
 273     if request.method == "GET":
 274         form = PortPlainForm()
 275         return render_to_response('add_port.html', {'form': form,},
 276                                   context_instance=RequestContext(request))
 277
 278     else:
 279         form = PortPlainForm(request.POST)
 280         if form.is_valid():
 281             port=form.save()
 282             response_data = {}
 283             response_data['value'] = "%s" %port.pk
 284             response_data['text'] = "%s" %port.port
 285             return HttpResponse(simplejson.dumps(response_data), mimetype='application/json')
 286         else:
 287             return render_to_response('add_port.html', {'form': form,},
 288                                       context_instance=RequestContext(request))
 289
 290 @login_required
 291 @never_cache
 292 def user_logout(request):
 293     return HttpResponseRedirect(settings.SHIB_LOGOUT_URL)
 294
 295 @never_cache
 296 def load_jscript(request, file):
 297     return render_to_response('%s.js' % file, context_instance=RequestContext(request), mimetype="text/javascript")