From a7a828bb4687000a9f135ca9ab6c60cb93e909eb Mon Sep 17 00:00:00 2001
From: Serghei Mihai <smihai@entrouvert.com>
Date: Wed, 20 May 2015 18:37:25 +0200
Subject: [PATCH] retreive use first and last names from ssl certificated
 during registration

---
 src/authentic2_beid/__init__.py          |  5 +++-
 src/authentic2_beid/registration_urls.py |  8 +++++++
 src/authentic2_beid/urls.py              |  5 +++-
 src/authentic2_beid/util.py              |  7 ++++--
 src/authentic2_beid/views.py             | 29 +++++++++++++++++++++++-
 5 files changed, 49 insertions(+), 5 deletions(-)
 create mode 100644 src/authentic2_beid/registration_urls.py

diff --git a/src/authentic2_beid/__init__.py b/src/authentic2_beid/__init__.py
index 10320dc..7b3c833 100644
--- a/src/authentic2_beid/__init__.py
+++ b/src/authentic2_beid/__init__.py
@@ -4,7 +4,10 @@ class Plugin(object):
 
     def get_before_urls(self):
         from django.conf.urls import url, patterns, include
-        return patterns('', url('accounts/beid/', include(__name__ + '.urls')))
+        return patterns('',
+                        url('accounts/', include(__name__ + '.registration_urls')),
+                        url('accounts/beid/', include(__name__ + '.urls'))
+        )
 
     def get_apps(self):
         return [__name__]
diff --git a/src/authentic2_beid/registration_urls.py b/src/authentic2_beid/registration_urls.py
new file mode 100644
index 0000000..7ab6252
--- /dev/null
+++ b/src/authentic2_beid/registration_urls.py
@@ -0,0 +1,8 @@
+from django.conf.urls import patterns, url
+
+from .views import *
+
+urlpatterns = patterns('',
+    url(r'^activate/(?P<registration_token>[a-zA-Z0-9:-_]+)/$',
+        beid_activate, name='beid_activate'),
+)
diff --git a/src/authentic2_beid/urls.py b/src/authentic2_beid/urls.py
index 5910660..faeb0e5 100644
--- a/src/authentic2_beid/urls.py
+++ b/src/authentic2_beid/urls.py
@@ -8,5 +8,8 @@ urlpatterns = patterns('',
         name='beid_signin'),
     url(r'^add', add_beid, name='add_beid'),
     url(r'^delete/(?P<certificate_pk>\d+)/$',
-        delete_beid, name='delete_beid')
+        delete_beid, name='delete_beid'),
+    url(r'^activate/(?P<registration_token>[\w:-]+)/$',
+        registration_completion, name='beid_registration_activate'),
+    url(r'^x509/(?P<registration_token>[\w:-]+)/$', x509, name='x509'),
 )
diff --git a/src/authentic2_beid/util.py b/src/authentic2_beid/util.py
index 8d213bd..9b16cf9 100644
--- a/src/authentic2_beid/util.py
+++ b/src/authentic2_beid/util.py
@@ -1,4 +1,5 @@
 from authentic2.auth2_auth.auth2_ssl.util import SSLInfo as BaseSSLInfo
+from authentic2.auth2_auth.auth2_ssl.util import explode_dn
 
 from . import app_settings
 
@@ -9,8 +10,10 @@ class SSLInfo(BaseSSLInfo):
         ssl_headers = [(k[5:], v) for k, v in request.META.iteritems() if k.startswith('HTTP_SS')]
         self.read_env(dict(ssl_headers))
 
-
-
 def get_x509_url(request):
     return 'https://%s:%s' % (request.get_host(),
                     app_settings.AUTH_PORT)
+
+def get_user_names(dn):
+    data = dict(explode_dn(dn))
+    return data['GN'].split(' ', 1)
diff --git a/src/authentic2_beid/views.py b/src/authentic2_beid/views.py
index a637083..63eb571 100644
--- a/src/authentic2_beid/views.py
+++ b/src/authentic2_beid/views.py
@@ -5,12 +5,16 @@ from django.template.loader import render_to_string
 from django.template import RequestContext
 from django.contrib.auth import authenticate, login
 from django.contrib import messages
+from django.core.urlresolvers import reverse
+from django.http import HttpResponseRedirect
 
 from authentic2.auth2_auth.auth2_ssl import models
 from authentic2.utils import continue_to_next_url, redirect, redirect_to_login
 
+from authentic2.registration_backend.views import valid_token, RegistrationCompletionView
+
 from .backends import BeIDBackend
-from .util import SSLInfo
+from .util import SSLInfo, get_x509_url, get_user_names
 
 logger = logging.getLogger(__name__)
 
@@ -66,3 +70,26 @@ def delete_beid(request, certificate_pk):
         messages.error(request, _('No BeID card associated to this account'))
     return redirect(request, 'account_management',
             fragment='a2-beid-certificate-profile')
+
+def x509(request, registration_token):
+    ssl_info = SSLInfo(request)
+    request.session['subject_dn'] = ssl_info.subject_dn
+    return redirect(request, 'beid_registration_activate',
+                    kwargs={'registration_token': registration_token})
+
+def beid_activate(request, registration_token):
+    return HttpResponseRedirect(get_x509_url(request) + reverse('x509',
+                        kwargs={'registration_token': registration_token}))
+
+
+
+class BeIDRegistrationCompletionView(RegistrationCompletionView):
+
+    def get_form_kwargs(self, **kwargs):
+        kw = super(BeIDRegistrationCompletionView, self).get_form_kwargs(**kwargs)
+        # get first and last names from certificate and fill the form
+        f_name, l_name = get_user_names(self.request.session['subject_dn'])
+        kw['initial'].update({'first_name': f_name, 'last_name': l_name})
+        return kw
+
+registration_completion = valid_token(BeIDRegistrationCompletionView.as_view())