Revision a196eb7e astakos/im/target/shibboleth.py
b/astakos/im/target/shibboleth.py | ||
---|---|---|
32 | 32 |
# or implied, of GRNET S.A. |
33 | 33 |
|
34 | 34 |
from django.http import HttpResponseBadRequest |
35 |
from django.core.urlresolvers import reverse |
|
35 | 36 |
from django.contrib.auth import authenticate |
36 |
from django.contrib import messages |
|
37 | 37 |
|
38 |
from astakos.im.target.util import prepare_response, requires_anonymous |
|
39 |
from astakos.im.util import get_or_create_user, get_context |
|
40 |
from astakos.im.models import AstakosUser, Invitation |
|
41 |
from astakos.im.views import render_response, create_user |
|
42 |
from astakos.im.backends import get_backend |
|
43 |
from astakos.im.forms import LocalUserCreationForm, ThirdPartyUserCreationForm |
|
38 |
from astakos.im.target.util import prepare_response |
|
39 |
from astakos.im.util import get_or_create_user |
|
44 | 40 |
|
45 | 41 |
class Tokens: |
46 | 42 |
# these are mapped by the Shibboleth SP software |
... | ... | |
52 | 48 |
SHIB_EP_AFFILIATION = "HTTP_SHIB_EP_AFFILIATION" |
53 | 49 |
SHIB_SESSION_ID = "HTTP_SHIB_SESSION_ID" |
54 | 50 |
|
55 |
@requires_anonymous |
|
56 |
def login(request): |
|
57 |
# store invitation code and email |
|
58 |
request.session['email'] = request.GET.get('email') |
|
59 |
request.session['invitation_code'] = request.GET.get('code') |
|
60 | 51 |
|
52 |
def login(request): |
|
61 | 53 |
tokens = request.META |
62 | 54 |
|
63 | 55 |
try: |
... | ... | |
76 | 68 |
|
77 | 69 |
affiliation = tokens.get(Tokens.SHIB_EP_AFFILIATION, '') |
78 | 70 |
|
79 |
next = request.GET.get('next') |
|
80 |
# check first if user with that identifier is registered |
|
81 |
user = None |
|
82 |
email = request.session.pop('email') |
|
83 |
|
|
84 |
if email: |
|
85 |
# signup mode |
|
86 |
if not reserved_screen_name(eppn): |
|
87 |
try: |
|
88 |
user = AstakosUser.objects.get(email = email) |
|
89 |
except AstakosUser.DoesNotExist, e: |
|
90 |
# register a new user |
|
91 |
first_name, space, last_name = realname.partition(' ') |
|
92 |
post_data = {'provider':'Shibboleth', 'first_name':first_name, |
|
93 |
'last_name':last_name, 'affiliation':affiliation, |
|
94 |
'third_party_identifier':eppn} |
|
95 |
form = ThirdPartyUserCreationForm({'email':email}) |
|
96 |
return create_user(request, form, backend, post_data, next, template_name, extra_context) |
|
97 |
else: |
|
98 |
status = messages.ERROR |
|
99 |
message = '%s@shibboleth is already registered' % eppn |
|
100 |
messages.add_message(request, messages.ERROR, message) |
|
101 |
else: |
|
102 |
# login mode |
|
103 |
if user and user.is_active: |
|
104 |
#in order to login the user we must call authenticate first |
|
105 |
user = authenticate(email=user.email, auth_token=user.auth_token) |
|
106 |
return prepare_response(request, user, next) |
|
107 |
elif user and not user.is_active: |
|
108 |
messages.add_message(request, messages.ERROR, 'Inactive account: %s' % user.email) |
|
109 |
return render_response(template_name, |
|
110 |
form = LocalUserCreationForm(), |
|
111 |
context_instance=get_context(request, extra_context)) |
|
112 |
|
|
113 |
def reserved_identifier(identifier): |
|
114 |
try: |
|
115 |
AstakosUser.objects.get(provider='Shibboleth', |
|
116 |
third_party_identifier=identifier) |
|
117 |
return True |
|
118 |
except AstakosUser.DoesNotExist, e: |
|
119 |
return False |
|
71 |
user = get_or_create_user(eppn, realname=realname, affiliation=affiliation, provider='shibboleth', level=0) |
|
72 |
# in order to login the user we must call authenticate first |
|
73 |
user = authenticate(email=user.email, auth_token=user.auth_token) |
|
74 |
return prepare_response(request, |
|
75 |
user, |
|
76 |
request.GET.get('next'), |
|
77 |
'renew' in request.GET) |
Also available in: Unified diff