authentic/src/authentic2/urls.py

# authentic2 - versatile identity manager
# Copyright (C) 2010-2019 Entr'ouvert
#
# This program is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

from django.conf import settings
from django.conf.urls import include, url
from django.contrib import admin
from django.contrib.auth import views as dj_auth_views
from django.contrib.auth.decorators import login_required
from django.contrib.staticfiles.views import serve
from django.utils.translation import ugettext_lazy as _
from django.views.decorators.clickjacking import xframe_options_deny
from django.views.generic.base import TemplateView
from django.views.static import serve as media_serve

import authentic2.idp.saml.app_settings
import authentic2_auth_fc.urls
import authentic2_auth_oidc.urls
import authentic2_auth_saml.urls
import authentic2_idp_cas.app_settings
import authentic2_idp_oidc.urls
from authentic2.decorators import lasso_required, required, setting_enabled

from . import plugins, views

admin.autodiscover()

accounts_urlpatterns = [
    url(
        r'^activate/(?P<registration_token>[A-Za-z0-9_ -]+)/$',
        views.registration_completion,
        name='registration_activate',
    ),
    url(r'^register/$', views.RegistrationView.as_view(), name='registration_register'),
    url(r'^register/complete/$', views.registration_complete, name='registration_complete'),
    url(
        r'^register/closed/$',
        TemplateView.as_view(template_name='registration/registration_closed.html'),
        name='registration_disallowed',
    ),
    url(r'^delete/$', login_required(views.DeleteView.as_view()), name='delete_account'),
    url(
        r'validate-deletion/(?P<deletion_token>[\w: -]+)/$',
        views.ValidateDeletionView.as_view(),
        name='validate_deletion',
    ),
    url(r'^logged-in/$', views.logged_in, name='logged-in'),
    url(r'^edit/$', views.edit_profile, name='profile_edit'),
    url(r'^edit/required/$', views.edit_required_profile, name='profile_required_edit'),
    url(r'^edit/(?P<scope>[-\w]+)/$', views.edit_profile, name='profile_edit_with_scope'),
    url(r'^change-email/$', views.email_change, name='email-change'),
    url(r'^change-email/verify/$', views.email_change_verify, name='email-change-verify'),
    url(
        r'^authorizations/$',
        login_required(views.authorized_oauth_services),
        name='authorized-oauth-services',
    ),
    url(r'^$', views.profile, name='account_management'),
    # Password change
    url(r'^password/change/$', views.password_change, name='password_change'),
    url(
        r'^password/change/done/$',
        dj_auth_views.PasswordChangeDoneView.as_view(),
        name='password_change_done',
    ),
    # Password reset
    url(
        r'^password/reset/confirm/(?P<token>[A-Za-z0-9_ -]+)/$',
        views.password_reset_confirm,
        name='password_reset_confirm',
    ),
    url(r'^password/reset/$', views.password_reset, name='password_reset'),
    url(
        r'^password/reset/instructions/$',
        views.password_reset_instructions,
        name='password_reset_instructions',
    ),
    url(
        r'^password/reset/.*',
        views.old_view_redirect,
        kwargs={
            'to': 'password_reset',
            'message': _('Your password reset link has become invalid, please reset your password again.'),
        },
        name='invalid-password-reset-urls',
    ),
]

urlpatterns = [
    url(r'^$', views.homepage, name='auth_homepage'),
    url(r'^login/$', views.login, name='auth_login'),
    url(r'^logout/$', views.logout, name='auth_logout'),
    url(r'^su/(?P<uuid>[A-Za-z0-9_-]+)/$', views.su, name='su'),
    url(r'^accounts/', include(accounts_urlpatterns)),
    url(r'^admin/', admin.site.urls),
    url(r'^idp/', include('authentic2.idp.urls')),
    url(r'^manage/', include('authentic2.manager.urls')),
    url(r'^api/', include('authentic2.api_urls')),
    url(r'^continue/$', views.display_message_and_continue, name='continue'),
]

try:
    if getattr(settings, 'DISCO_SERVICE', False):
        urlpatterns += [
            (r'^disco_service/', include('disco_service.disco_responder')),
        ]
except Exception:
    pass

if settings.DEBUG:
    urlpatterns += [url(r'^static/(?P<path>.*)$', serve)]
    urlpatterns += [url(r'^media/(?P<path>.*)$', media_serve, {'document_root': settings.MEDIA_ROOT})]

if settings.DEBUG and 'debug_toolbar' in settings.INSTALLED_APPS:
    import debug_toolbar

    urlpatterns = [
        url(r'^__debug__/', include(debug_toolbar.urls)),
    ] + urlpatterns

# prevent click-jacking on authentic views
urlpatterns = required(xframe_options_deny, urlpatterns)

urlpatterns = plugins.register_plugins_urls(urlpatterns)

authentic2_idp_saml_urls = required(
    (setting_enabled('ENABLE', settings=authentic2.idp.saml.app_settings), lasso_required()),
    [url(r'^idp/saml2/', include('authentic2.idp.saml.urls'))],
)

authentic2_idp_cas_urls = required(
    (setting_enabled('ENABLE', settings=authentic2_idp_cas.app_settings),),
    [url(r'^idp/cas/', include('authentic2_idp_cas.urls'))],
)

urlpatterns = (
    authentic2_auth_fc.urls.urlpatterns
    + authentic2_idp_oidc.urls.urlpatterns
    + authentic2_idp_cas_urls
    + authentic2_auth_oidc.urls.urlpatterns
    + authentic2_auth_saml.urls.urlpatterns
    + authentic2_idp_saml_urls
    + urlpatterns
)