Revision 6a946adf
b/djangobackends/shibauthBackend.py | ||
---|---|---|
39 | 39 |
peer = Peer.objects.get(domain_name=organization) |
40 | 40 |
up = UserProfile.objects.get_or_create(user=user,peer=peer) |
41 | 41 |
except: |
42 |
pass
|
|
42 |
return False
|
|
43 | 43 |
return user |
44 | 44 |
|
45 | 45 |
def get_user(self, user_id): |
b/flowspec/models.py | ||
---|---|---|
128 | 128 |
self.source = address.exploded |
129 | 129 |
except Exception: |
130 | 130 |
raise ValidationError('Invalid network address format at Source Field') |
131 |
|
|
132 |
# def save(self, *args, **kwargs): |
|
133 |
# edit = False |
|
134 |
# if self.pk: |
|
135 |
# #This is an edit |
|
136 |
# edit = True |
|
137 |
# super(Route, self).save(*args, **kwargs) |
|
138 |
# if not edit: |
|
139 |
# response = add.delay(self) |
|
140 |
# logger.info("Got save job id: %s" %response) |
|
141 |
|
|
131 |
|
|
142 | 132 |
def commit_add(self, *args, **kwargs): |
143 | 133 |
peer = self.applier.get_profile().peer.domain_name |
144 | 134 |
send_message("[%s] Adding route %s. Please wait..." %(self.applier.username, self.name), peer) |
145 | 135 |
response = add.delay(self) |
146 |
logger.info("Got save job id: %s" %response) |
|
147 |
|
|
148 |
def deactivate(self): |
|
149 |
self.status = "INACTIVE" |
|
150 |
self.save() |
|
151 |
# def delete(self, *args, **kwargs): |
|
152 |
# response = delete.delay(self) |
|
153 |
# logger.info("Got delete job id: %s" %response) |
|
136 |
logger.info("Got add job id: %s" %response) |
|
154 | 137 |
|
155 | 138 |
def commit_edit(self, *args, **kwargs): |
156 | 139 |
peer = self.applier.get_profile().peer.domain_name |
... | ... | |
159 | 142 |
logger.info("Got edit job id: %s" %response) |
160 | 143 |
|
161 | 144 |
def commit_delete(self, *args, **kwargs): |
145 |
reason_text = '' |
|
146 |
if "reason" in kwargs: |
|
147 |
reason = kwargs['reason'] |
|
148 |
reason_text = "Reason: %s. " %reason |
|
162 | 149 |
peer = self.applier.get_profile().peer.domain_name |
163 |
send_message("[%s] Removing route %s. Please wait..." %(self.applier.username, self.name), peer) |
|
164 |
response = delete.delay(self) |
|
165 |
logger.info("Got edit job id: %s" %response) |
|
166 |
# |
|
167 |
# def delete(self, *args, **kwargs): |
|
168 |
# response = delete.delay(self) |
|
169 |
# logger.info("Got delete job id: %s" %response) |
|
150 |
send_message("[%s] Removing route %s. %sPlease wait..." %(self.applier.username, self.name, reason), peer) |
|
151 |
response = delete.delay(self, reason=reason) |
|
152 |
logger.info("Got delete job id: %s" %response) |
|
153 |
|
|
170 | 154 |
def has_expired(self): |
171 | 155 |
today = datetime.date.today() |
172 | 156 |
if today > self.expires: |
173 | 157 |
return True |
174 | 158 |
return False |
175 |
|
|
176 |
def is_synced(self): |
|
159 |
|
|
160 |
def check_sync(self): |
|
161 |
if not self.is_synced(): |
|
162 |
self.status = "OUTOFSYNC" |
|
163 |
self.save() |
|
164 |
|
|
165 |
def is_synced(self): |
|
177 | 166 |
found = False |
178 | 167 |
get_device = PR.Retriever() |
179 | 168 |
device = get_device.fetch_device() |
... | ... | |
183 | 172 |
self.status = "EXPIRED" |
184 | 173 |
self.save() |
185 | 174 |
logger.error("No routing options on device. Exception: %s" %e) |
186 |
return False
|
|
175 |
return True
|
|
187 | 176 |
for route in routes: |
188 | 177 |
if route.name == self.name: |
189 | 178 |
found = True |
... | ... | |
257 | 246 |
pass |
258 | 247 |
if found and self.status != "ACTIVE": |
259 | 248 |
logger.error('Rule is applied on device but appears as offline') |
260 |
found = False |
|
261 |
|
|
249 |
self.status = "ACTIVE" |
|
250 |
self.save() |
|
251 |
found = True |
|
262 | 252 |
return found |
263 | 253 |
|
264 | 254 |
def get_then(self): |
b/flowspec/tasks.py | ||
---|---|---|
42 | 42 |
|
43 | 43 |
|
44 | 44 |
@task |
45 |
def delete(route, callback=None):
|
|
45 |
def delete(route, **kwargs):
|
|
46 | 46 |
applier = PR.Applier(route_object=route) |
47 | 47 |
commit, response = applier.apply(operation="delete") |
48 |
reason_text = '' |
|
48 | 49 |
if commit: |
49 | 50 |
status = "INACTIVE" |
51 |
if "reason" in kwargs and kwargs['reason']=='EXPIRED': |
|
52 |
status = 'EXPIRED' |
|
53 |
reason_text = " Reason: %s " %status |
|
50 | 54 |
else: |
51 | 55 |
status = "ERROR" |
52 | 56 |
route.status = status |
53 | 57 |
route.response = response |
54 | 58 |
route.save() |
55 |
subtask(announce).delay("[%s] Route delete: %s - Result %s" %(route.applier, route.name, response), route.applier) |
|
56 |
|
|
59 |
subtask(announce).delay("[%s] Route removal: %s%s- Result %s" %(route.applier, route.name, reason_text, response), route.applier) |
|
57 | 60 |
|
61 |
# May not work in the first place... proxy is not aware of Route models |
|
62 |
@task |
|
63 |
def batch_delete(routes, **kwargs): |
|
64 |
if routes: |
|
65 |
applier = PR.Applier(route_objects=routes) |
|
66 |
conf = applier.delete_routes() |
|
67 |
commit, response = applier.apply(configuration = conf) |
|
68 |
reason_text = '' |
|
69 |
if commit: |
|
70 |
status = "INACTIVE" |
|
71 |
if "reason" in kwargs and kwargs['reason']=='EXPIRED': |
|
72 |
status = 'EXPIRED' |
|
73 |
reason_text = " Reason: %s " %status |
|
74 |
else: |
|
75 |
status = "ERROR" |
|
76 |
for route in routes: |
|
77 |
route.status = status |
|
78 |
route.response = response |
|
79 |
route.save() |
|
80 |
subtask(announce).delay("[%s] Route removal: %s%s- Result %s" %(route.applier, route.name, reason_text, response), route.applier) |
|
81 |
else: |
|
82 |
return False |
|
58 | 83 |
|
59 | 84 |
@task |
60 | 85 |
def announce(messg, user): |
... | ... | |
69 | 94 |
|
70 | 95 |
@task |
71 | 96 |
def check_sync(route_name=None, selected_routes = []): |
97 |
from flowspy.flowspec.models import Route, MatchPort, MatchDscp, ThenAction |
|
72 | 98 |
if not selected_routes: |
73 | 99 |
routes = Route.objects.all() |
74 | 100 |
else: |
75 | 101 |
routes = selected_routes |
76 | 102 |
if route_name: |
77 | 103 |
routes = routes.filter(name=route_name) |
78 |
for route in roures: |
|
79 |
if route.is_synced(): |
|
80 |
logger.info("Route %s is synced" %route.name) |
|
81 |
else: |
|
82 |
logger.warn("Route %s is out of sync" %route.name) |
|
104 |
for route in routes: |
|
105 |
if route.has_expired() and route.status != 'EXPIRED': |
|
106 |
logger.info('Expiring route %s' %route.name) |
|
107 |
subtask(delete).delay(route, reason="EXPIRED") |
|
108 |
elif route.status != 'EXPIRED': |
|
109 |
route.check_sync() |
|
110 |
|
|
111 |
|
|
83 | 112 |
#def delete(route): |
84 | 113 |
# |
85 | 114 |
# applier = PR.Applier(route_object=route) |
b/flowspec/views.py | ||
---|---|---|
27 | 27 |
|
28 | 28 |
from copy import deepcopy |
29 | 29 |
from flowspy.utils.decorators import shib_required |
30 |
import datetime |
|
30 | 31 |
|
31 |
def days_offset(): return datetime.now() + timedelta(days = settings.EXPIRATION_DAYS_OFFSET) |
|
32 |
from django.views.decorators.cache import never_cache |
|
33 |
from django.conf import settings |
|
34 |
|
|
35 |
|
|
36 |
def days_offset(): return datetime.date.today() + datetime.timedelta(days = settings.EXPIRATION_DAYS_OFFSET) |
|
32 | 37 |
|
33 | 38 |
@login_required |
34 | 39 |
def user_routes(request): |
... | ... | |
37 | 42 |
context_instance=RequestContext(request)) |
38 | 43 |
|
39 | 44 |
@login_required |
45 |
@never_cache |
|
40 | 46 |
def group_routes(request): |
41 | 47 |
group_routes = [] |
42 | 48 |
peer = request.user.get_profile().peer |
... | ... | |
49 | 55 |
|
50 | 56 |
|
51 | 57 |
@login_required |
58 |
@never_cache |
|
52 | 59 |
def add_route(request): |
53 | 60 |
applier = request.user.pk |
61 |
applier_peer_networks = request.user.get_profile().peer.networks.all() |
|
62 |
if not applier_peer_networks: |
|
63 |
messages.add_message(request, messages.WARNING, |
|
64 |
"Insufficient rights on administrative networks. Cannot add route. Contact your administrator") |
|
65 |
return HttpResponseRedirect(reverse("group-routes")) |
|
54 | 66 |
if request.method == "GET": |
55 | 67 |
form = RouteForm() |
56 | 68 |
return render_to_response('apply.html', {'form': form, 'applier': applier}, |
... | ... | |
72 | 84 |
context_instance=RequestContext(request)) |
73 | 85 |
|
74 | 86 |
@login_required |
87 |
@never_cache |
|
75 | 88 |
def add_then(request): |
76 | 89 |
applier = request.user.pk |
77 | 90 |
if request.method == "GET": |
... | ... | |
94 | 107 |
context_instance=RequestContext(request)) |
95 | 108 |
|
96 | 109 |
@login_required |
110 |
@never_cache |
|
97 | 111 |
def edit_route(request, route_slug): |
98 | 112 |
applier = request.user.pk |
99 | 113 |
applier_peer = request.user.get_profile().peer |
... | ... | |
127 | 141 |
context_instance=RequestContext(request)) |
128 | 142 |
|
129 | 143 |
@login_required |
144 |
@never_cache |
|
130 | 145 |
def delete_route(request, route_slug): |
131 | 146 |
if request.is_ajax(): |
132 | 147 |
route = get_object_or_404(Route, name=route_slug) |
133 | 148 |
applier_peer = route.applier.get_profile().peer |
134 | 149 |
requester_peer = request.user.get_profile().peer |
135 | 150 |
if applier_peer == requester_peer: |
136 |
route.deactivate()
|
|
151 |
route.status = "PENDING"
|
|
137 | 152 |
route.commit_delete() |
138 | 153 |
html = "<html><body>Done</body></html>" |
139 | 154 |
return HttpResponse(html) |
... | ... | |
141 | 156 |
return HttpResponseRedirect(reverse("group-routes")) |
142 | 157 |
|
143 | 158 |
@login_required |
159 |
@never_cache |
|
144 | 160 |
def user_profile(request): |
145 | 161 |
user = request.user |
146 | 162 |
peer = request.user.get_profile().peer |
... | ... | |
148 | 164 |
return render_to_response('profile.html', {'user': user, 'peer':peer}, |
149 | 165 |
context_instance=RequestContext(request)) |
150 | 166 |
|
151 |
|
|
167 |
@never_cache |
|
152 | 168 |
def user_login(request): |
153 | 169 |
try: |
154 | 170 |
error_username = None |
155 | 171 |
error_orgname = None |
172 |
error_affiliation = None |
|
173 |
error = '' |
|
156 | 174 |
username = request.META['HTTP_EPPN'] |
157 | 175 |
if not username: |
158 | 176 |
error_username = True |
... | ... | |
160 | 178 |
lastname = request.META['HTTP_SHIB_PERSON_SURNAME'] |
161 | 179 |
mail = request.META['HTTP_SHIB_INETORGPERSON_MAIL'] |
162 | 180 |
organization = request.META['HTTP_SHIB_HOMEORGANIZATION'] |
181 |
affiliation = request.META['HTTP_SHIB_EP_ENTITLEMENT'] |
|
182 |
match = re.compile(settings.SHIB_AUTH_AFFILIATION) |
|
183 |
has_affiliation = match.search(affiliation) |
|
184 |
if not has_affiliation: |
|
185 |
error_affiliation = True |
|
163 | 186 |
if not organization: |
164 | 187 |
error_orgname = True |
165 |
|
|
166 |
if error_orgname or error_username: |
|
167 |
error = "Your idP should release the HTTP_EPPN, HTTP_SHIB_HOMEORGANIZATION attributes towards this service" |
|
188 |
if error_username: |
|
189 |
error = "Your idP should release the HTTP_EPPN attribute towards this service\n" |
|
190 |
if error_orgname: |
|
191 |
error = error + "Your idP should release the HTTP_SHIB_HOMEORGANIZATION attribute towards this service\n" |
|
192 |
if error_affiliation: |
|
193 |
error = error + "Your idP should release an appropriate HTTP_SHIB_EP_ENTITLEMENT attribute towards this service" |
|
194 |
if error_username or error_orgname or error_affiliation: |
|
168 | 195 |
return render_to_response('error.html', {'error': error,}, |
169 | 196 |
context_instance=RequestContext(request)) |
170 |
user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail, organization=organization, affiliation=None)
|
|
197 |
user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail, organization=organization, affiliation) |
|
171 | 198 |
if user is not None: |
172 | 199 |
login(request, user) |
173 | 200 |
return HttpResponseRedirect(reverse("group-routes")) |
174 | 201 |
# Redirect to a success page. |
175 | 202 |
# Return a 'disabled account' error message |
176 | 203 |
else: |
177 |
html = "<html><body>Invalid User</body></html>" |
|
178 |
return HttpResponse(html) |
|
204 |
error = "Something went wrong during user authentication. Contact your administrator" |
|
205 |
return render_to_response('error.html', {'error': error,}, |
|
206 |
context_instance=RequestContext(request)) |
|
179 | 207 |
except Exception as e: |
180 |
html = "<html><body>Invalid Login Procedure %s </body></html>" %e |
|
181 |
return HttpResponse(html) |
|
208 |
error = "Invalid login procedure" |
|
209 |
return render_to_response('error.html', {'error': error,}, |
|
210 |
context_instance=RequestContext(request)) |
|
182 | 211 |
# Return an 'invalid login' error message. |
183 | 212 |
# return HttpResponseRedirect(reverse("user-routes")) |
184 | 213 |
|
185 | 214 |
@login_required |
215 |
@never_cache |
|
186 | 216 |
def add_rate_limit(request): |
187 | 217 |
if request.method == "GET": |
188 | 218 |
form = ThenPlainForm() |
... | ... | |
204 | 234 |
context_instance=RequestContext(request)) |
205 | 235 |
|
206 | 236 |
@login_required |
237 |
@never_cache |
|
207 | 238 |
def add_port(request): |
208 | 239 |
if request.method == "GET": |
209 | 240 |
form = PortPlainForm() |
... | ... | |
223 | 254 |
context_instance=RequestContext(request)) |
224 | 255 |
|
225 | 256 |
@login_required |
257 |
@never_cache |
|
226 | 258 |
def user_logout(request): |
227 | 259 |
return HttpResponseRedirect(settings.SHIB_LOGOUT_URL) |
228 | 260 |
|
b/templates/user_routes.html | ||
---|---|---|
137 | 137 |
{% ifequal route.status 'INACTIVE' %} |
138 | 138 |
<a href="{% url edit-route route.name %}" class="edit_button" id="edit_button_{{route.pk}}">Reactivate</a> |
139 | 139 |
{% else %} |
140 |
{% ifequal route.status 'OUTOFSYNC' %} |
|
141 |
<a href="{% url edit-route route.name %}" class="edit_button" id="edit_button_{{route.pk}}">ReSync</a> |
|
142 |
{% else %} |
|
140 | 143 |
- |
141 | 144 |
{% endifequal %} |
145 |
{% endifequal %} |
|
142 | 146 |
{% endifequal %}</td> |
143 | 147 |
</tr> |
144 | 148 |
|
Also available in: Unified diff