Revision 6a946adf

b/djangobackends/shibauthBackend.py
39 39
            peer = Peer.objects.get(domain_name=organization)
40 40
            up = UserProfile.objects.get_or_create(user=user,peer=peer)
41 41
        except:
42
            pass
42
            return False
43 43
        return user
44 44

  
45 45
    def get_user(self, user_id):
b/flowspec/models.py
128 128
                self.source = address.exploded
129 129
            except Exception:
130 130
                raise ValidationError('Invalid network address format at Source Field')
131
    
132
#    def save(self, *args, **kwargs):
133
#        edit = False
134
#        if self.pk:
135
#            #This is an edit
136
#            edit = True
137
#        super(Route, self).save(*args, **kwargs)
138
#        if not edit:
139
#            response = add.delay(self)
140
#            logger.info("Got save job id: %s" %response)
141
    
131
   
142 132
    def commit_add(self, *args, **kwargs):
143 133
        peer = self.applier.get_profile().peer.domain_name
144 134
        send_message("[%s] Adding route %s. Please wait..." %(self.applier.username, self.name), peer)
145 135
        response = add.delay(self)
146
        logger.info("Got save job id: %s" %response)
147

  
148
    def deactivate(self):
149
        self.status = "INACTIVE"
150
        self.save()
151
#    def delete(self, *args, **kwargs):
152
#        response = delete.delay(self)
153
#        logger.info("Got delete job id: %s" %response)
136
        logger.info("Got add job id: %s" %response)
154 137
        
155 138
    def commit_edit(self, *args, **kwargs):
156 139
        peer = self.applier.get_profile().peer.domain_name
......
159 142
        logger.info("Got edit job id: %s" %response)
160 143

  
161 144
    def commit_delete(self, *args, **kwargs):
145
        reason_text = ''
146
        if "reason" in kwargs:
147
            reason = kwargs['reason']
148
            reason_text = "Reason: %s. " %reason
162 149
        peer = self.applier.get_profile().peer.domain_name
163
        send_message("[%s] Removing route %s. Please wait..." %(self.applier.username, self.name), peer)
164
        response = delete.delay(self)
165
        logger.info("Got edit job id: %s" %response)
166
#    
167
#    def delete(self, *args, **kwargs):
168
#        response = delete.delay(self)
169
#        logger.info("Got delete job id: %s" %response)
150
        send_message("[%s] Removing route %s. %sPlease wait..." %(self.applier.username, self.name, reason), peer)
151
        response = delete.delay(self, reason=reason)
152
        logger.info("Got delete job id: %s" %response)
153

  
170 154
    def has_expired(self):
171 155
        today = datetime.date.today()
172 156
        if today > self.expires:
173 157
            return True
174 158
        return False
175

  
176
    def is_synced(self):      
159
    
160
    def check_sync(self):
161
        if not self.is_synced():
162
            self.status = "OUTOFSYNC"
163
            self.save()
164
    
165
    def is_synced(self):
177 166
        found = False
178 167
        get_device = PR.Retriever()
179 168
        device = get_device.fetch_device()
......
183 172
            self.status = "EXPIRED"
184 173
            self.save()
185 174
            logger.error("No routing options on device. Exception: %s" %e)
186
            return False
175
            return True
187 176
        for route in routes:
188 177
            if route.name == self.name:
189 178
                found = True
......
257 246
                    pass
258 247
                if found and self.status != "ACTIVE":
259 248
                     logger.error('Rule is applied on device but appears as offline')
260
                     found = False
261
        
249
                     self.status = "ACTIVE"
250
                     self.save()
251
                     found = True
262 252
        return found
263 253

  
264 254
    def get_then(self):
b/flowspec/tasks.py
42 42

  
43 43

  
44 44
@task
45
def delete(route, callback=None):
45
def delete(route, **kwargs):
46 46
    applier = PR.Applier(route_object=route)
47 47
    commit, response = applier.apply(operation="delete")
48
    reason_text = ''
48 49
    if commit:
49 50
        status = "INACTIVE"
51
        if "reason" in kwargs and kwargs['reason']=='EXPIRED':
52
            status = 'EXPIRED'
53
            reason_text = " Reason: %s " %status
50 54
    else:
51 55
        status = "ERROR"
52 56
    route.status = status
53 57
    route.response = response
54 58
    route.save()
55
    subtask(announce).delay("[%s] Route delete: %s - Result %s" %(route.applier, route.name, response), route.applier)
56

  
59
    subtask(announce).delay("[%s] Route removal: %s%s- Result %s" %(route.applier, route.name, reason_text, response), route.applier)
57 60

  
61
# May not work in the first place... proxy is not aware of Route models
62
@task
63
def batch_delete(routes, **kwargs):
64
    if routes:
65
        applier = PR.Applier(route_objects=routes)
66
        conf = applier.delete_routes()
67
        commit, response = applier.apply(configuration = conf)
68
        reason_text = ''
69
        if commit:
70
            status = "INACTIVE"
71
            if "reason" in kwargs and kwargs['reason']=='EXPIRED':
72
                status = 'EXPIRED'
73
                reason_text = " Reason: %s " %status
74
        else:
75
            status = "ERROR"
76
        for route in routes:
77
            route.status = status
78
            route.response = response
79
            route.save()
80
            subtask(announce).delay("[%s] Route removal: %s%s- Result %s" %(route.applier, route.name, reason_text, response), route.applier)
81
    else:
82
        return False
58 83

  
59 84
@task
60 85
def announce(messg, user):
......
69 94

  
70 95
@task
71 96
def check_sync(route_name=None, selected_routes = []):
97
    from flowspy.flowspec.models import Route, MatchPort, MatchDscp, ThenAction
72 98
    if not selected_routes:
73 99
        routes = Route.objects.all()
74 100
    else:
75 101
        routes = selected_routes
76 102
    if route_name:
77 103
        routes = routes.filter(name=route_name)
78
    for route in roures:
79
        if route.is_synced():
80
            logger.info("Route %s is synced" %route.name)
81
        else:
82
            logger.warn("Route %s is out of sync" %route.name)
104
    for route in routes:
105
        if route.has_expired() and route.status != 'EXPIRED':
106
            logger.info('Expiring route %s' %route.name)
107
            subtask(delete).delay(route, reason="EXPIRED")
108
        elif route.status != 'EXPIRED':
109
            route.check_sync()
110

  
111

  
83 112
#def delete(route):
84 113
#    
85 114
#    applier = PR.Applier(route_object=route)
b/flowspec/views.py
27 27

  
28 28
from copy import deepcopy
29 29
from flowspy.utils.decorators import shib_required
30
import datetime
30 31

  
31
def days_offset(): return datetime.now() + timedelta(days = settings.EXPIRATION_DAYS_OFFSET)
32
from django.views.decorators.cache import never_cache
33
from django.conf import settings
34

  
35

  
36
def days_offset(): return datetime.date.today() + datetime.timedelta(days = settings.EXPIRATION_DAYS_OFFSET)
32 37

  
33 38
@login_required
34 39
def user_routes(request):
......
37 42
                              context_instance=RequestContext(request))
38 43

  
39 44
@login_required
45
@never_cache
40 46
def group_routes(request):
41 47
    group_routes = []
42 48
    peer = request.user.get_profile().peer
......
49 55

  
50 56

  
51 57
@login_required
58
@never_cache
52 59
def add_route(request):
53 60
    applier = request.user.pk
61
    applier_peer_networks = request.user.get_profile().peer.networks.all()
62
    if not applier_peer_networks:
63
         messages.add_message(request, messages.WARNING,
64
                             "Insufficient rights on administrative networks. Cannot add route. Contact your administrator")
65
         return HttpResponseRedirect(reverse("group-routes"))
54 66
    if request.method == "GET":
55 67
        form = RouteForm()
56 68
        return render_to_response('apply.html', {'form': form, 'applier': applier},
......
72 84
                                      context_instance=RequestContext(request))
73 85

  
74 86
@login_required
87
@never_cache
75 88
def add_then(request):
76 89
    applier = request.user.pk
77 90
    if request.method == "GET":
......
94 107
                                      context_instance=RequestContext(request))
95 108

  
96 109
@login_required
110
@never_cache
97 111
def edit_route(request, route_slug):
98 112
    applier = request.user.pk
99 113
    applier_peer = request.user.get_profile().peer
......
127 141
                                  context_instance=RequestContext(request))
128 142

  
129 143
@login_required
144
@never_cache
130 145
def delete_route(request, route_slug):
131 146
    if request.is_ajax():
132 147
        route = get_object_or_404(Route, name=route_slug)
133 148
        applier_peer = route.applier.get_profile().peer
134 149
        requester_peer = request.user.get_profile().peer
135 150
        if applier_peer == requester_peer:
136
            route.deactivate()
151
            route.status = "PENDING"
137 152
            route.commit_delete()
138 153
        html = "<html><body>Done</body></html>"
139 154
        return HttpResponse(html)
......
141 156
        return HttpResponseRedirect(reverse("group-routes"))
142 157

  
143 158
@login_required
159
@never_cache
144 160
def user_profile(request):
145 161
    user = request.user
146 162
    peer = request.user.get_profile().peer
......
148 164
    return render_to_response('profile.html', {'user': user, 'peer':peer},
149 165
                                  context_instance=RequestContext(request))
150 166

  
151

  
167
@never_cache
152 168
def user_login(request):
153 169
    try:
154 170
        error_username = None
155 171
        error_orgname = None
172
        error_affiliation = None
173
        error = ''
156 174
        username = request.META['HTTP_EPPN']
157 175
        if not username:
158 176
            error_username = True
......
160 178
        lastname = request.META['HTTP_SHIB_PERSON_SURNAME']
161 179
        mail = request.META['HTTP_SHIB_INETORGPERSON_MAIL']
162 180
        organization = request.META['HTTP_SHIB_HOMEORGANIZATION']
181
        affiliation = request.META['HTTP_SHIB_EP_ENTITLEMENT']
182
        match = re.compile(settings.SHIB_AUTH_AFFILIATION)
183
        has_affiliation = match.search(affiliation)
184
        if not has_affiliation:
185
            error_affiliation = True
163 186
        if not organization:
164 187
            error_orgname = True
165

  
166
        if error_orgname or error_username:
167
            error = "Your idP should release the HTTP_EPPN, HTTP_SHIB_HOMEORGANIZATION attributes towards this service" 
188
        if error_username:
189
            error = "Your idP should release the HTTP_EPPN attribute towards this service\n"
190
        if error_orgname:
191
            error = error + "Your idP should release the HTTP_SHIB_HOMEORGANIZATION attribute towards this service\n"
192
        if error_affiliation:
193
            error = error + "Your idP should release an appropriate HTTP_SHIB_EP_ENTITLEMENT attribute towards this service"
194
        if error_username or error_orgname or error_affiliation:
168 195
            return render_to_response('error.html', {'error': error,},
169 196
                                  context_instance=RequestContext(request))
170
        user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail, organization=organization, affiliation=None)
197
        user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail, organization=organization, affiliation)
171 198
        if user is not None:
172 199
            login(request, user)
173 200
            return HttpResponseRedirect(reverse("group-routes"))
174 201
                # Redirect to a success page.
175 202
                # Return a 'disabled account' error message
176 203
        else:
177
            html = "<html><body>Invalid User</body></html>"
178
            return HttpResponse(html)
204
            error = "Something went wrong during user authentication. Contact your administrator"
205
            return render_to_response('error.html', {'error': error,},
206
                                  context_instance=RequestContext(request))
179 207
    except Exception as e:
180
        html = "<html><body>Invalid Login Procedure %s </body></html>" %e
181
        return HttpResponse(html)
208
        error = "Invalid login procedure"
209
        return render_to_response('error.html', {'error': error,},
210
                                  context_instance=RequestContext(request))
182 211
        # Return an 'invalid login' error message.
183 212
#    return HttpResponseRedirect(reverse("user-routes"))
184 213

  
185 214
@login_required
215
@never_cache
186 216
def add_rate_limit(request):
187 217
    if request.method == "GET":
188 218
        form = ThenPlainForm()
......
204 234
                                      context_instance=RequestContext(request))
205 235

  
206 236
@login_required
237
@never_cache
207 238
def add_port(request):
208 239
    if request.method == "GET":
209 240
        form = PortPlainForm()
......
223 254
                                      context_instance=RequestContext(request))
224 255

  
225 256
@login_required
257
@never_cache
226 258
def user_logout(request):
227 259
    return HttpResponseRedirect(settings.SHIB_LOGOUT_URL)
228 260
    
b/templates/user_routes.html
137 137
		{% ifequal route.status 'INACTIVE' %}
138 138
		<a href="{% url edit-route route.name %}" class="edit_button" id="edit_button_{{route.pk}}">Reactivate</a>
139 139
		{% else %}
140
		{% ifequal route.status 'OUTOFSYNC' %}
141
		<a href="{% url edit-route route.name %}" class="edit_button" id="edit_button_{{route.pk}}">ReSync</a>
142
		{% else %}
140 143
		-
141 144
		{% endifequal %}
145
		{% endifequal %}
142 146
		{% endifequal %}</td>
143 147
</tr>
144 148

  

Also available in: Unified diff