summaryrefslogtreecommitdiffstats
path: root/django/sp_sso/sp_sso/views.py
blob: 34481501856cf2eeffc527fa5352323647be363e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
from django.shortcuts import render, resolve_url
from django.http import HttpResponseRedirect, HttpResponse
from django.views.decorators.csrf import csrf_exempt
from django.contrib.auth import logout as auth_logout
from django.contrib.auth import views as auth_views
from django.utils.translation import ugettext as _
from django.views.generic import FormView
from mellon.utils import get_idps

from saml.forms import RegistrationForm
from saml.utils import sso_attributes, craft_user_nickname, render_message, \
        ldap_contains_user, generate_eppn, wcs_submit

from saml.views import MSG_USERNONE, wcs_fields, wcs_multiple_fields

import urllib
import logging

logger = logging.getLogger('sp_sso.resource')

@csrf_exempt
def index(request):
    """Main view for the service provider"""
    if request.method != 'GET':
        return HttpResponse('Bad method.', status=405)
    request.session['tracking_code'] = request.GET.get('tracking_code')
    logger.info(request.GET.get('tracking_code'))
    return render(request, 'index.html', locals())

def login(request, *args, **kwargs):
    """Defers the login scheme to the identity provider thanks to mellon"""
    if any(get_idps()):
        if not 'next' in request.GET:
            return HttpResponseRedirect(resolve_url('mellon_login'))
        return HttpResponseRedirect(resolve_url('mellon_login') + '?next='
                                    + urllib.quote(request.GET.get('next')))
    return auth_views.login(request, *args, **kwargs)

def logout(request, next_page=None):
    """Defers the logout scheme to the identity provider thanks to mellon"""
    if any(get_idps()):
        return HttpResponseRedirect(resolve_url('mellon_logout'))
    auth_logout(request)
    next_page = '/login'
    return HttpResponseRedirect(next_page)

def subscribed(request):
    """Success view for the self-subscription process"""
    logger.info(u'Processing request %s',  request)
    return render_message(request, _("Subscribed."))

class Declare(FormView):
    """Self-subscription FormView

    Users allowed to self-subscribe to the Campus MUSTN'T be registered to the
    Campus LDAP directory yet. (Presence checking is performed against their
    eduPersonPrincipalName).

    Additionnally, their institution (supannEtablissement) or research unit
    (supannEntiteAffectation) MUST be declared in the Campus database.

    These restrictions are processed thanks to the `user_can_declare`
    decorator.

    """
    form_class = RegistrationForm
    template_name = 'declare_form.html'
    success_url = '/declare/subscribed/'

    def get_initial(self):
        initial = super(Declare, self).get_initial()

        if 'mellon_session' in self.request.session:
            data = self.request.session['mellon_session']
            for attribute in sso_attributes:
                if data.get(attribute):
                    attribute_element = data.get(attribute)[0]
                    initial[attribute] = attribute_element
            initial['user_nickname'] = craft_user_nickname(data)
        return initial

    def form_valid(self, form):
        pocform = 'inscription-des-membres'
        wcs = 'http://forms-condorcet.dev.entrouvert.org/'
        posturl = wcs+'/api/formdefs/'+pocform+'/submit'

        post_dict = self.request.POST
        form_adequate_data = {}
        form_adequate_data['ep_principal_name'] = post_dict.get(
            'ep_principal_name')

        if form_adequate_data['ep_principal_name'] \
                and ldap_contains_user(form_adequate_data):
            return render_message(self.request, MSG_USERNONE)
        else:
            delimiter = ','
            wcs_rest_data = {}

            for field in wcs_fields:
                sanitized_form_entry = post_dict.get(field, False)
                wcs_rest_data[field] = sanitized_form_entry

            for multiple_field in wcs_multiple_fields:
                sanitized_form_list = post_dict.getlist(multiple_field, [])
                wcs_rest_data[multiple_field] = delimiter.join(
                    sanitized_form_list)

            if post_dict.get('ep_principal_name', '') == '':
                wcs_rest_data['ep_principal_name'] = generate_eppn(
                        post_dict.get('nom',''))

            wcs_submit(wcs_rest_data, posturl)
            return super(Declare, self).form_valid(form)

declare = Declare.as_view()