Revision b969de46 flowspec/views.py
b/flowspec/views.py | ||
---|---|---|
27 | 27 |
|
28 | 28 |
from flowspy.flowspec.forms import * |
29 | 29 |
from flowspy.flowspec.models import * |
30 |
from flowspy.peers.models import * |
|
31 |
|
|
30 | 32 |
from registration.models import RegistrationProfile |
31 | 33 |
|
32 | 34 |
from copy import deepcopy |
... | ... | |
213 | 215 |
try: |
214 | 216 |
error_username = False |
215 | 217 |
error_orgname = False |
216 |
error_affiliation = False
|
|
218 |
error_entitlement = False
|
|
217 | 219 |
error_mail = False |
218 |
has_affiliation = False
|
|
220 |
has_entitlement = False
|
|
219 | 221 |
error = '' |
220 | 222 |
username = request.META['HTTP_EPPN'] |
221 | 223 |
if not username: |
... | ... | |
224 | 226 |
lastname = request.META['HTTP_SHIB_PERSON_SURNAME'] |
225 | 227 |
mail = request.META['HTTP_SHIB_INETORGPERSON_MAIL'] |
226 | 228 |
organization = request.META['HTTP_SHIB_HOMEORGANIZATION'] |
227 |
affiliation = request.META['HTTP_SHIB_EP_ENTITLEMENT']
|
|
228 |
if settings.SHIB_AUTH_AFFILIATION in affiliation.split(";"):
|
|
229 |
has_affiliation = True
|
|
230 |
if not has_affiliation:
|
|
231 |
error_affiliation = True
|
|
229 |
entitlement = request.META['HTTP_SHIB_EP_ENTITLEMENT']
|
|
230 |
if settings.SHIB_AUTH_ENTITLEMENT in entitlement.split(";"):
|
|
231 |
has_entitlement = True
|
|
232 |
if not has_entitlement:
|
|
233 |
error_entitlement = True
|
|
232 | 234 |
if not organization: |
233 | 235 |
error_orgname = True |
234 | 236 |
if not mail: |
... | ... | |
237 | 239 |
error = "Your idP should release the HTTP_EPPN attribute towards this service<br>" |
238 | 240 |
if error_orgname: |
239 | 241 |
error = error + "Your idP should release the HTTP_SHIB_HOMEORGANIZATION attribute towards this service<br>" |
240 |
if error_affiliation:
|
|
242 |
if error_entitlement:
|
|
241 | 243 |
error = error + "Your idP should release an appropriate HTTP_SHIB_EP_ENTITLEMENT attribute towards this service<br>" |
242 | 244 |
if error_mail: |
243 | 245 |
error = error + "Your idP should release the HTTP_SHIB_INETORGPERSON_MAIL attribute towards this service" |
244 |
if error_username or error_orgname or error_affiliation or error_mail:
|
|
246 |
if error_username or error_orgname or error_entitlement or error_mail:
|
|
245 | 247 |
return render_to_response('error.html', {'error': error, "missing_attributes": True}, |
246 | 248 |
context_instance=RequestContext(request)) |
247 | 249 |
try: |
... | ... | |
249 | 251 |
user_exists = True |
250 | 252 |
except: |
251 | 253 |
user_exists = False |
252 |
user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail, organization=organization, affiliation=affiliation)
|
|
254 |
user = authenticate(username=username, firstname=firstname, lastname=lastname, mail=mail) |
|
253 | 255 |
if user is not None: |
256 |
try: |
|
257 |
peer = Peer.objects.get(domain_name=organization) |
|
258 |
up = UserProfile.objects.get_or_create(user=user,peer=peer) |
|
259 |
except: |
|
260 |
error = "Your organization's domain name does not match our peers' domain names<br>Please contact Helpdesk to resolve this issue" |
|
261 |
return render_to_response('error.html', {'error': error}) |
|
254 | 262 |
if not user_exists: |
255 | 263 |
user_activation_notify(user) |
256 | 264 |
if user.is_active: |
... | ... | |
286 | 294 |
send_new_mail(settings.EMAIL_SUBJECT_PREFIX + subject, |
287 | 295 |
message, settings.SERVER_EMAIL, |
288 | 296 |
get_peer_techc_mails(user), []) |
289 |
|
|
297 |
|
|
290 | 298 |
@login_required |
291 | 299 |
@never_cache |
292 | 300 |
def add_rate_limit(request): |
Also available in: Unified diff