190 lines
7.3 KiB
Python
190 lines
7.3 KiB
Python
# authentic2 - versatile identity manager
|
|
# Copyright (C) 2010-2019 Entr'ouvert
|
|
#
|
|
# This program is free software: you can redistribute it and/or modify it
|
|
# under the terms of the GNU Affero General Public License as published
|
|
# by the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Affero General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
from django.conf import settings
|
|
from django.contrib import admin
|
|
from django.contrib.auth import views as dj_auth_views
|
|
from django.contrib.auth.decorators import login_required
|
|
from django.contrib.staticfiles.views import serve
|
|
from django.urls import include, path, re_path
|
|
from django.utils.translation import gettext_lazy as _
|
|
from django.views.decorators.clickjacking import xframe_options_deny
|
|
from django.views.generic import RedirectView
|
|
from django.views.generic.base import TemplateView
|
|
from django.views.static import serve as media_serve
|
|
|
|
import authentic2.idp.saml.app_settings
|
|
import authentic2_auth_fc.urls
|
|
import authentic2_auth_oidc.urls
|
|
import authentic2_auth_saml.urls
|
|
import authentic2_idp_cas.app_settings
|
|
import authentic2_idp_oidc.urls
|
|
from authentic2.decorators import lasso_required, required, setting_enabled
|
|
|
|
from . import plugins, views
|
|
|
|
admin.autodiscover()
|
|
|
|
accounts_urlpatterns = [
|
|
re_path(
|
|
r'^activate/(?P<registration_token>[A-Za-z0-9_ -]+)/$',
|
|
views.registration_completion,
|
|
name='registration_activate',
|
|
),
|
|
path('delete/', login_required(views.AccountDeleteView.as_view()), name='delete_account'),
|
|
re_path(
|
|
r'validate-deletion/(?P<deletion_token>[\w: -]+)/$',
|
|
views.ValidateDeletionView.as_view(),
|
|
name='validate_deletion',
|
|
),
|
|
path('logged-in/', views.logged_in, name='logged-in'),
|
|
path('edit/', views.edit_profile, name='profile_edit'),
|
|
path('edit/required/', views.edit_required_profile, name='profile_required_edit'),
|
|
re_path(r'^edit/(?P<scope>[-\w]+)/$', views.edit_profile, name='profile_edit_with_scope'),
|
|
path('change-email/', views.email_change, name='email-change'),
|
|
path('change-email/verify/', views.email_change_verify, name='email-change-verify'),
|
|
path(
|
|
'consents/',
|
|
login_required(views.consents),
|
|
name='consents',
|
|
),
|
|
path(
|
|
'consents/<int:pk>/delete/',
|
|
login_required(views.consent_delete),
|
|
name='consent-delete',
|
|
),
|
|
path('', views.profile, name='account_management'),
|
|
# Password change
|
|
path('password/change/', views.password_change, name='password_change'),
|
|
path(
|
|
'password/change/done/',
|
|
dj_auth_views.PasswordChangeDoneView.as_view(),
|
|
name='password_change_done',
|
|
),
|
|
# permament redirections for views moved to root
|
|
path('register/', RedirectView.as_view(permanent=True, pattern_name='registration_register')),
|
|
path('register/complete/', RedirectView.as_view(permanent=True, pattern_name='registration_complete')),
|
|
path('register/closed/', RedirectView.as_view(permanent=True, pattern_name='registration_disallowed')),
|
|
re_path(
|
|
r'^password/reset/confirm/(?P<token>[A-Za-z0-9_ -]+)/$',
|
|
RedirectView.as_view(permanent=True, pattern_name='password_reset_confirm'),
|
|
),
|
|
path('password/reset/', RedirectView.as_view(permanent=True, pattern_name='password_reset')),
|
|
path(
|
|
'password/reset/instructions/',
|
|
RedirectView.as_view(permanent=True, pattern_name='password_reset_instructions'),
|
|
),
|
|
re_path(
|
|
r'^password/reset/.*',
|
|
RedirectView.as_view(permanent=True, pattern_name='invalid-password-reset-urls'),
|
|
),
|
|
]
|
|
|
|
urlpatterns = [
|
|
path('', views.homepage, name='auth_homepage'),
|
|
path('login/', views.login, name='auth_login'),
|
|
re_path(r'^login/token/(?P<token>[A-Za-z0-9_ -]+)/$', views.token_login, name='token_login'),
|
|
path('logout/', views.logout, name='auth_logout'),
|
|
re_path(r'^su/(?P<uuid>[A-Za-z0-9_-]+)/$', views.su, name='su'),
|
|
path('accounts/', include(accounts_urlpatterns)),
|
|
re_path(r'^admin/', admin.site.urls),
|
|
path('idp/', include('authentic2.idp.urls')),
|
|
path('manage/', include('authentic2.manager.urls')),
|
|
path('api/', include('authentic2.api_urls')),
|
|
path('continue/', views.display_message_and_continue, name='continue'),
|
|
re_path(r'^\.well-known/change-password$', RedirectView.as_view(pattern_name='password_change')),
|
|
# Registration
|
|
path('register/', views.RegistrationView.as_view(), name='registration_register'),
|
|
path('register/complete/', views.registration_complete, name='registration_complete'),
|
|
path(
|
|
'register/closed/',
|
|
TemplateView.as_view(template_name='registration/registration_closed.html'),
|
|
name='registration_disallowed',
|
|
),
|
|
re_path(
|
|
'^register/input_code/(?P<token>[A-Za-z0-9_ -]+)/$',
|
|
views.input_registration_code,
|
|
name='input_registration_code',
|
|
),
|
|
# Password reset
|
|
re_path(
|
|
r'^password/reset/confirm/(?P<token>[A-Za-z0-9_ -]+)/$',
|
|
views.password_reset_confirm,
|
|
name='password_reset_confirm',
|
|
),
|
|
path('password/reset/', views.password_reset, name='password_reset'),
|
|
path(
|
|
'password/reset/instructions/',
|
|
views.password_reset_instructions,
|
|
name='password_reset_instructions',
|
|
),
|
|
re_path(
|
|
r'^password/reset/.*',
|
|
views.old_view_redirect,
|
|
kwargs={
|
|
'to': 'password_reset',
|
|
'message': _('Your password reset link has become invalid, please reset your password again.'),
|
|
},
|
|
name='invalid-password-reset-urls',
|
|
),
|
|
]
|
|
|
|
try:
|
|
if getattr(settings, 'DISCO_SERVICE', False):
|
|
urlpatterns += [
|
|
(r'^disco_service/', include('disco_service.disco_responder')),
|
|
]
|
|
except Exception:
|
|
pass
|
|
|
|
if settings.DEBUG:
|
|
urlpatterns += [re_path(r'^static/(?P<path>.*)$', serve)]
|
|
urlpatterns += [re_path(r'^media/(?P<path>.*)$', media_serve, {'document_root': settings.MEDIA_ROOT})]
|
|
|
|
if settings.DEBUG and 'debug_toolbar' in settings.INSTALLED_APPS:
|
|
import debug_toolbar # pylint: disable=import-error
|
|
|
|
urlpatterns = [
|
|
path('__debug__/', include(debug_toolbar.urls)),
|
|
] + urlpatterns
|
|
|
|
# prevent click-jacking on authentic views
|
|
urlpatterns = required(xframe_options_deny, urlpatterns)
|
|
|
|
urlpatterns = plugins.register_plugins_urls(urlpatterns)
|
|
|
|
authentic2_idp_saml_urls = required(
|
|
(setting_enabled('ENABLE', settings=authentic2.idp.saml.app_settings), lasso_required()),
|
|
[path('idp/saml2/', include('authentic2.idp.saml.urls'))],
|
|
)
|
|
|
|
authentic2_idp_cas_urls = required(
|
|
(setting_enabled('ENABLE', settings=authentic2_idp_cas.app_settings),),
|
|
[path('idp/cas/', include('authentic2_idp_cas.urls'))],
|
|
)
|
|
|
|
urlpatterns = (
|
|
authentic2_auth_fc.urls.urlpatterns
|
|
+ authentic2_idp_oidc.urls.urlpatterns
|
|
+ authentic2_idp_cas_urls
|
|
+ authentic2_auth_oidc.urls.urlpatterns
|
|
+ authentic2_auth_saml.urls.urlpatterns
|
|
+ authentic2_idp_saml_urls
|
|
+ urlpatterns
|
|
)
|
|
|
|
handler403 = 'authentic2.views.permission_denied'
|