root / flowspec / views.py @ 26d25791
History | View | Annotate | Download (14.6 kB)
1 |
# Create your views here.
|
---|---|
2 |
import urllib2 |
3 |
import socket |
4 |
import json |
5 |
from django import forms |
6 |
from django.views.decorators.csrf import csrf_exempt |
7 |
from django.core import urlresolvers |
8 |
from django.core import serializers |
9 |
from django.contrib.auth.decorators import login_required |
10 |
from django.contrib.auth import logout |
11 |
from django.http import HttpResponseRedirect, HttpResponseForbidden, HttpResponse |
12 |
from django.shortcuts import get_object_or_404, render_to_response |
13 |
from django.core.context_processors import request |
14 |
from django.template.context import RequestContext |
15 |
from django.template.loader import get_template, render_to_string |
16 |
from django.utils import simplejson |
17 |
from django.core.urlresolvers import reverse |
18 |
from django.contrib import messages |
19 |
from flowspy.accounts.models import * |
20 |
from ipaddr import * |
21 |
|
22 |
from django.contrib.auth import authenticate, login |
23 |
|
24 |
from django.forms.models import model_to_dict |
25 |
|
26 |
from flowspy.flowspec.forms import * |
27 |
from flowspy.flowspec.models import * |
28 |
|
29 |
from copy import deepcopy |
30 |
from flowspy.utils.decorators import shib_required |
31 |
|
32 |
from django.views.decorators.cache import never_cache |
33 |
from django.conf import settings |
34 |
from django.core.mail import mail_admins, mail_managers, send_mail |
35 |
import datetime |
36 |
import os |
37 |
|
38 |
LOG_FILENAME = os.path.join(settings.LOG_FILE_LOCATION, 'celery_jobs.log')
|
39 |
#FORMAT = '%(asctime)s %(levelname)s: %(message)s'
|
40 |
#logging.basicConfig(format=FORMAT)
|
41 |
formatter = logging.Formatter('%(asctime)s %(levelname)s %(clientip)s %(user)s: %(message)s')
|
42 |
|
43 |
logger = logging.getLogger(__name__) |
44 |
logger.setLevel(logging.DEBUG) |
45 |
handler = logging.FileHandler(LOG_FILENAME) |
46 |
handler.setFormatter(formatter) |
47 |
logger.addHandler(handler) |
48 |
|
49 |
@login_required
|
50 |
def user_routes(request): |
51 |
user_routes = Route.objects.filter(applier=request.user) |
52 |
return render_to_response('user_routes.html', {'routes': user_routes}, |
53 |
context_instance=RequestContext(request)) |
54 |
|
55 |
def welcome(request): |
56 |
return render_to_response('welcome.html', context_instance=RequestContext(request)) |
57 |
|
58 |
@login_required
|
59 |
@never_cache
|
60 |
def group_routes(request): |
61 |
group_routes = [] |
62 |
peer = request.user.get_profile().peer |
63 |
if peer:
|
64 |
peer_members = UserProfile.objects.filter(peer=peer) |
65 |
users = [prof.user for prof in peer_members] |
66 |
group_routes = Route.objects.filter(applier__in=users) |
67 |
return render_to_response('user_routes.html', {'routes': group_routes}, |
68 |
context_instance=RequestContext(request)) |
69 |
|
70 |
|
71 |
@login_required
|
72 |
@never_cache
|
73 |
def add_route(request): |
74 |
applier = request.user.pk |
75 |
applier_peer_networks = request.user.get_profile().peer.networks.all() |
76 |
if not applier_peer_networks: |
77 |
messages.add_message(request, messages.WARNING, |
78 |
"Insufficient rights on administrative networks. Cannot add rule. Contact your administrator")
|
79 |
return HttpResponseRedirect(reverse("group-routes")) |
80 |
if request.method == "GET": |
81 |
form = RouteForm() |
82 |
if not request.user.is_superuser: |
83 |
form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True) |
84 |
return render_to_response('apply.html', {'form': form, 'applier': applier}, |
85 |
context_instance=RequestContext(request)) |
86 |
|
87 |
else:
|
88 |
form = RouteForm(request.POST) |
89 |
if form.is_valid():
|
90 |
route=form.save(commit=False)
|
91 |
route.applier = request.user |
92 |
route.status = "PENDING"
|
93 |
route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed
|
94 |
route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed
|
95 |
route.save() |
96 |
form.save_m2m() |
97 |
route.commit_add() |
98 |
requesters_address = request.META['HTTP_X_FORWARDED_FOR']
|
99 |
mail_body = render_to_string("rule_add_mail.txt",
|
100 |
{"route": route, "address": requesters_address}) |
101 |
send_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s creation request submitted by %s" %(route.name, route.applier.username),
|
102 |
mail_body, settings.SERVER_EMAIL, |
103 |
get_peer_techc_mails(route.applier), fail_silently=True)
|
104 |
d = { 'clientip' : "%s"%requesters_address, 'user' : route.applier.username } |
105 |
logger.info(mail_body, extra=d) |
106 |
return HttpResponseRedirect(reverse("group-routes")) |
107 |
else:
|
108 |
return render_to_response('apply.html', {'form': form, 'applier':applier}, |
109 |
context_instance=RequestContext(request)) |
110 |
|
111 |
@login_required
|
112 |
@never_cache
|
113 |
def edit_route(request, route_slug): |
114 |
applier = request.user.pk |
115 |
applier_peer = request.user.get_profile().peer |
116 |
route_edit = get_object_or_404(Route, name=route_slug) |
117 |
route_edit_applier_peer = route_edit.applier.get_profile().peer |
118 |
if applier_peer != route_edit_applier_peer:
|
119 |
messages.add_message(request, messages.WARNING, |
120 |
"Insufficient rights to edit rule %s" %(route_slug))
|
121 |
return HttpResponseRedirect(reverse("group-routes")) |
122 |
# if route_edit.status == "ADMININACTIVE" :
|
123 |
# messages.add_message(request, messages.WARNING,
|
124 |
# "Administrator has disabled editing of rule %s" %(route_slug))
|
125 |
# return HttpResponseRedirect(reverse("group-routes"))
|
126 |
# if route_edit.status == "EXPIRED" :
|
127 |
# messages.add_message(request, messages.WARNING,
|
128 |
# "Cannot edit the expired rule %s. Contact helpdesk to enable it" %(route_slug))
|
129 |
# return HttpResponseRedirect(reverse("group-routes"))
|
130 |
if route_edit.status == "PENDING" : |
131 |
messages.add_message(request, messages.WARNING, |
132 |
"Cannot edit a pending rule: %s." %(route_slug))
|
133 |
return HttpResponseRedirect(reverse("group-routes")) |
134 |
route_original = deepcopy(route_edit) |
135 |
if request.POST:
|
136 |
form = RouteForm(request.POST, instance = route_edit) |
137 |
if form.is_valid():
|
138 |
route=form.save(commit=False)
|
139 |
route.name = route_original.name |
140 |
route.applier = request.user |
141 |
route.status = "PENDING"
|
142 |
route.source = IPNetwork("%s/%s" %(IPNetwork(route.source).network.compressed, IPNetwork(route.source).prefixlen)).compressed
|
143 |
route.destination = IPNetwork("%s/%s" %(IPNetwork(route.destination).network.compressed, IPNetwork(route.destination).prefixlen)).compressed
|
144 |
route.save() |
145 |
form.save_m2m() |
146 |
route.commit_edit() |
147 |
requesters_address = request.META['HTTP_X_FORWARDED_FOR']
|
148 |
mail_body = render_to_string("rule_edit_mail.txt",
|
149 |
{"route": route, "address": requesters_address}) |
150 |
send_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s edit request submitted by %s" %(route.name, route.applier.username),
|
151 |
mail_body, settings.SERVER_EMAIL, |
152 |
get_peer_techc_mails(route.applier), fail_silently=True)
|
153 |
d = { 'clientip' : requesters_address, 'user' : route.applier.username } |
154 |
logger.info(mail_body, extra=d) |
155 |
return HttpResponseRedirect(reverse("group-routes")) |
156 |
else:
|
157 |
return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier}, |
158 |
context_instance=RequestContext(request)) |
159 |
else:
|
160 |
dictionary = model_to_dict(route_edit, fields=[], exclude=[]) |
161 |
#form = RouteForm(instance=route_edit)
|
162 |
form = RouteForm(dictionary) |
163 |
if not request.user.is_superuser: |
164 |
form.fields['then'] = forms.ModelMultipleChoiceField(queryset=ThenAction.objects.filter(action__in=settings.UI_USER_THEN_ACTIONS).order_by('action'), required=True) |
165 |
return render_to_response('apply.html', {'form': form, 'edit':True, 'applier': applier}, |
166 |
context_instance=RequestContext(request)) |
167 |
|
168 |
@login_required
|
169 |
@never_cache
|
170 |
def delete_route(request, route_slug): |
171 |
if request.is_ajax():
|
172 |
route = get_object_or_404(Route, name=route_slug) |
173 |
applier_peer = route.applier.get_profile().peer |
174 |
requester_peer = request.user.get_profile().peer |
175 |
if applier_peer == requester_peer:
|
176 |
route.status = "PENDING"
|
177 |
route.expires = datetime.date.today() |
178 |
route.save() |
179 |
route.commit_delete() |
180 |
requesters_address = request.META['HTTP_X_FORWARDED_FOR']
|
181 |
mail_body = render_to_string("rule_delete_mail.txt",
|
182 |
{"route": route, "address": requesters_address}) |
183 |
send_mail(settings.EMAIL_SUBJECT_PREFIX + "Rule %s removal request submitted by %s" %(route.name, route.applier.username),
|
184 |
mail_body, settings.SERVER_EMAIL, |
185 |
get_peer_techc_mails(route.applier), fail_silently=True)
|
186 |
d = { 'clientip' : requesters_address, 'user' : route.applier.username } |
187 |
logger.info(mail_body, extra=d) |
188 |
html = "<html><body>Done</body></html>"
|
189 |
return HttpResponse(html)
|
190 |
else:
|
191 |
return HttpResponseRedirect(reverse("group-routes")) |
192 |
|
193 |
@login_required
|
194 |
@never_cache
|
195 |
def user_profile(request): |
196 |
user = request.user |
197 |
peer = request.user.get_profile().peer |
198 |
|
199 |
return render_to_response('profile.html', {'user': user, 'peer':peer}, |
200 |
context_instance=RequestContext(request)) |
201 |
|
202 |
@never_cache
|
203 |
def user_login(request): |
204 |
try:
|
205 |
error_username = False
|
206 |
error_orgname = False
|
207 |
error_affiliation = False
|
208 |
error_mail = False
|
209 |
has_affiliation = False
|
210 |
error = ''
|
211 |
username = request.META['HTTP_EPPN']
|
212 |
if not username: |
213 |
error_username = True
|
214 |
firstname = request.META['HTTP_SHIB_INETORGPERSON_GIVENNAME']
|
215 |
lastname = request.META['HTTP_SHIB_PERSON_SURNAME']
|
216 |
mail = request.META['HTTP_SHIB_INETORGPERSON_MAIL']
|
217 |
organization = request.META['HTTP_SHIB_HOMEORGANIZATION']
|
218 |
affiliation = request.META['HTTP_SHIB_EP_ENTITLEMENT']
|
219 |
if settings.SHIB_AUTH_AFFILIATION in affiliation.split(";"): |
220 |
has_affiliation = True
|
221 |
if not has_affiliation: |
222 |
error_affiliation = True
|
223 |
if not organization: |
224 |
error_orgname = True
|
225 |
if not mail: |
226 |
error_mail = True
|
227 |
if error_username:
|
228 |
error = "Your idP should release the HTTP_EPPN attribute towards this service<br>"
|
229 |
if error_orgname:
|
230 |
error = error + "Your idP should release the HTTP_SHIB_HOMEORGANIZATION attribute towards this service<br>"
|
231 |
if error_affiliation:
|
232 |
error = error + "Your idP should release an appropriate HTTP_SHIB_EP_ENTITLEMENT attribute towards this service<br>"
|
233 |
if error_mail:
|
234 |
error = error + "Your idP should release the HTTP_SHIB_INETORGPERSON_MAIL attribute towards this service"
|
235 |
if error_username or error_orgname or error_affiliation or error_mail: |
236 |
return render_to_response('error.html', {'error': error,}, |
237 |
context_instance=RequestContext(request)) |
238 |
user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail, organization=organization, affiliation=affiliation) |
239 |
if user is not None: |
240 |
login(request, user) |
241 |
return HttpResponseRedirect(reverse("group-routes")) |
242 |
# Redirect to a success page.
|
243 |
# Return a 'disabled account' error message
|
244 |
else:
|
245 |
error = "Something went wrong during user authentication. Contact your administrator"
|
246 |
return render_to_response('error.html', {'error': error,}, |
247 |
context_instance=RequestContext(request)) |
248 |
except Exception as e: |
249 |
error = "Invalid login procedure"
|
250 |
return render_to_response('error.html', {'error': error,}, |
251 |
context_instance=RequestContext(request)) |
252 |
# Return an 'invalid login' error message.
|
253 |
# return HttpResponseRedirect(reverse("user-routes"))
|
254 |
|
255 |
@login_required
|
256 |
@never_cache
|
257 |
def add_rate_limit(request): |
258 |
if request.method == "GET": |
259 |
form = ThenPlainForm() |
260 |
return render_to_response('add_rate_limit.html', {'form': form,}, |
261 |
context_instance=RequestContext(request)) |
262 |
|
263 |
else:
|
264 |
form = ThenPlainForm(request.POST) |
265 |
if form.is_valid():
|
266 |
then=form.save(commit=False)
|
267 |
then.action_value = "%sk"%then.action_value
|
268 |
then.save() |
269 |
response_data = {} |
270 |
response_data['pk'] = "%s" %then.pk |
271 |
response_data['value'] = "%s:%s" %(then.action, then.action_value) |
272 |
return HttpResponse(simplejson.dumps(response_data), mimetype='application/json') |
273 |
else:
|
274 |
return render_to_response('add_rate_limit.html', {'form': form,}, |
275 |
context_instance=RequestContext(request)) |
276 |
|
277 |
@login_required
|
278 |
@never_cache
|
279 |
def add_port(request): |
280 |
if request.method == "GET": |
281 |
form = PortPlainForm() |
282 |
return render_to_response('add_port.html', {'form': form,}, |
283 |
context_instance=RequestContext(request)) |
284 |
|
285 |
else:
|
286 |
form = PortPlainForm(request.POST) |
287 |
if form.is_valid():
|
288 |
port=form.save() |
289 |
response_data = {} |
290 |
response_data['value'] = "%s" %port.pk |
291 |
response_data['text'] = "%s" %port.port |
292 |
return HttpResponse(simplejson.dumps(response_data), mimetype='application/json') |
293 |
else:
|
294 |
return render_to_response('add_port.html', {'form': form,}, |
295 |
context_instance=RequestContext(request)) |
296 |
|
297 |
@login_required
|
298 |
@never_cache
|
299 |
def user_logout(request): |
300 |
logout(request) |
301 |
return HttpResponseRedirect(reverse('group-routes')) |
302 |
|
303 |
@never_cache
|
304 |
def load_jscript(request, file): |
305 |
long_polling_timeout = int(settings.POLL_SESSION_UPDATE)*1000 + 10000 |
306 |
return render_to_response('%s.js' % file, {'timeout': long_polling_timeout}, context_instance=RequestContext(request), mimetype="text/javascript") |
307 |
|
308 |
|
309 |
def get_peer_techc_mails(user): |
310 |
user_mail = user.email |
311 |
techmails = user.get_profile().peer.techc() |
312 |
additional_mail = "%s;%s" %(settings.HELPDESK_MAIL,settings.NOC_MAIL)
|
313 |
if techmails:
|
314 |
mail = "%s;%s" %(techmails, additional_mail)
|
315 |
else:
|
316 |
mail = additional_mail |
317 |
mail = "%s;%s" %(user_mail, mail)
|
318 |
mail = mail.split(';')
|
319 |
return mail
|