Revision dd5f8f4d snf-astakos-app/astakos/im/target/shibboleth.py
| b/snf-astakos-app/astakos/im/target/shibboleth.py | ||
|---|---|---|
| 45 | 45 |
|
| 46 | 46 |
from urlparse import urlunsplit, urlsplit |
| 47 | 47 |
|
| 48 |
from astakos.im.util import prepare_response, get_context |
|
| 48 |
from astakos.im.util import prepare_response, get_context, login_url
|
|
| 49 | 49 |
from astakos.im.views import ( |
| 50 | 50 |
requires_anonymous, render_response, requires_auth_provider) |
| 51 | 51 |
from astakos.im.settings import ENABLE_LOCAL_ACCOUNT_MIGRATION, BASEURL |
| ... | ... | |
| 54 | 54 |
from astakos.im.activation_backends import get_backend, SimpleBackend |
| 55 | 55 |
from astakos.im import auth_providers |
| 56 | 56 |
from astakos.im import settings |
| 57 |
from astakos.im.target import add_pending_auth_provider, get_pending_key, \ |
|
| 58 |
handle_third_party_signup |
|
| 57 | 59 |
|
| 58 | 60 |
import astakos.im.messages as astakos_messages |
| 59 |
|
|
| 60 | 61 |
import logging |
| 61 | 62 |
|
| 62 | 63 |
logger = logging.getLogger(__name__) |
| 63 | 64 |
|
| 65 |
|
|
| 64 | 66 |
class Tokens: |
| 65 | 67 |
# these are mapped by the Shibboleth SP software |
| 66 | 68 |
SHIB_EPPN = "HTTP_EPPN" # eduPersonPrincipalName |
| ... | ... | |
| 72 | 74 |
SHIB_SESSION_ID = "HTTP_SHIB_SESSION_ID" |
| 73 | 75 |
SHIB_MAIL = "HTTP_SHIB_MAIL" |
| 74 | 76 |
|
| 77 |
|
|
| 75 | 78 |
@requires_auth_provider('shibboleth', login=True)
|
| 76 | 79 |
@require_http_methods(["GET", "POST"]) |
| 77 | 80 |
def login( |
| ... | ... | |
| 82 | 85 |
extra_context = extra_context or {}
|
| 83 | 86 |
|
| 84 | 87 |
tokens = request.META |
| 88 |
third_party_key = get_pending_key(request) |
|
| 85 | 89 |
|
| 86 | 90 |
try: |
| 87 | 91 |
eppn = tokens.get(Tokens.SHIB_EPPN) |
| ... | ... | |
| 101 | 105 |
raise KeyError(_(astakos_messages.SHIBBOLETH_MISSING_NAME)) |
| 102 | 106 |
else: |
| 103 | 107 |
realname = '' |
| 108 |
|
|
| 104 | 109 |
except KeyError, e: |
| 105 | 110 |
# invalid shibboleth headers, redirect to login, display message |
| 106 | 111 |
messages.error(request, e.message) |
| 107 |
return HttpResponseRedirect(reverse('login'))
|
|
| 112 |
return HttpResponseRedirect(login_url(request))
|
|
| 108 | 113 |
|
| 109 | 114 |
affiliation = tokens.get(Tokens.SHIB_EP_AFFILIATION, '') |
| 110 | 115 |
email = tokens.get(Tokens.SHIB_MAIL, '') |
| 111 | 116 |
provider_info = {'eppn': eppn, 'email': email, 'name': realname}
|
| 117 |
userid = eppn |
|
| 112 | 118 |
|
| 113 | 119 |
# an existing user accessed the view |
| 114 | 120 |
if request.user.is_authenticated(): |
| 121 |
|
|
| 115 | 122 |
if request.user.has_auth_provider('shibboleth', identifier=eppn):
|
| 116 | 123 |
return HttpResponseRedirect(reverse('edit_profile'))
|
| 117 | 124 |
|
| ... | ... | |
| 136 | 143 |
identifier=eppn |
| 137 | 144 |
) |
| 138 | 145 |
if user.is_active: |
| 146 |
|
|
| 139 | 147 |
# authenticate user |
| 140 | 148 |
response = prepare_response(request, |
| 141 | 149 |
user, |
| 142 | 150 |
request.GET.get('next'),
|
| 143 | 151 |
'renew' in request.GET) |
| 144 | 152 |
messages.success(request, _(astakos_messages.LOGIN_SUCCESS)) |
| 153 |
add_pending_auth_provider(request, third_party_key) |
|
| 145 | 154 |
response.set_cookie('astakos_last_login_method', 'local')
|
| 146 | 155 |
return response |
| 147 | 156 |
else: |
| 148 | 157 |
message = user.get_inactive_message() |
| 149 | 158 |
messages.error(request, message) |
| 150 |
return HttpResponseRedirect(reverse('login'))
|
|
| 159 |
return HttpResponseRedirect(login_url(request))
|
|
| 151 | 160 |
|
| 152 | 161 |
except AstakosUser.DoesNotExist, e: |
| 153 |
provider = auth_providers.get_provider('shibboleth')
|
|
| 154 |
if not provider.is_available_for_create(): |
|
| 155 |
messages.error(request, |
|
| 156 |
_(astakos_messages.AUTH_PROVIDER_INVALID_LOGIN)) |
|
| 157 |
return HttpResponseRedirect(reverse('login'))
|
|
| 158 |
|
|
| 159 |
# eppn not stored in astakos models, create pending profile |
|
| 160 |
user, created = PendingThirdPartyUser.objects.get_or_create( |
|
| 161 |
third_party_identifier=eppn, |
|
| 162 |
provider='shibboleth' |
|
| 163 |
) |
|
| 164 |
# update pending user |
|
| 165 |
user.realname = realname |
|
| 166 |
user.affiliation = affiliation |
|
| 167 |
user.email = email |
|
| 168 |
user.info = json.dumps(provider_info) |
|
| 169 |
user.generate_token() |
|
| 170 |
user.save() |
|
| 171 |
|
|
| 172 |
extra_context['provider'] = 'shibboleth' |
|
| 173 |
extra_context['provider_title'] = provider.get_title_display |
|
| 174 |
extra_context['token'] = user.token |
|
| 175 |
extra_context['signup_url'] = reverse('signup') + \
|
|
| 176 |
"?third_party_token=%s" % user.token |
|
| 177 |
extra_context['add_url'] = reverse('index') + \
|
|
| 178 |
"?key=%s#other-login-methods" % user.token |
|
| 179 |
extra_context['can_create'] = provider.is_available_for_create() |
|
| 180 |
extra_context['can_add'] = provider.is_available_for_add() |
|
| 181 |
|
|
| 182 |
|
|
| 183 |
return render_response( |
|
| 184 |
template, |
|
| 185 |
context_instance=get_context(request, extra_context) |
|
| 186 |
) |
|
| 162 |
user_info = {'affiliation': affiliation, 'realname': realname}
|
|
| 163 |
return handle_third_party_signup(request, userid, 'shibboleth', |
|
| 164 |
third_party_key, |
|
| 165 |
provider_info, |
|
| 166 |
user_info, |
|
| 167 |
template, |
|
| 168 |
extra_context) |
|
| 187 | 169 |
|
Also available in: Unified diff